kube-reqsizer
credentials-operator
kube-reqsizer | credentials-operator | |
---|---|---|
13 | 6 | |
195 | 54 | |
- | - | |
2.8 | 8.5 | |
3 months ago | 8 days ago | |
Go | Go | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kube-reqsizer
- Monthly 'Shameless Self Promotion' thread - 2023/04
-
DevOps Engineer here looking for something interesting to work on.
If your'e interested in open-source, I'd love to collaborate on doing some open source devops tools on free time. One of my latest ones is: https://github.com/jatalocks/kube-reqsizer
-
Kube-Reqsizer - open source VPA alternative for scaling your workloads
Hey r/kubernetes!Just wanted to share a personal project that might help some of you if you ever encounter this problem, or if you have better suggestions. A few months ago, I've starting developing Kube-Reqsizer. The problem I'm tackling here is Node under-utilization and its effect on cluster autoscaling.
- One way to manage #Kubernetes costs is to optimize resource usage by carefully planning and configuring resource limits and requests for each application; Ensuring that all resources are well-spent on idle or underutilized containers
- Monthly 'Shameless Self Promotion' thread - 2023/01
-
Ask r/kubernetes: What are you working on this week?
Working on a controller to optimize pod requests. This is supposed to work with HPA and provide a simple VPA alternative https://github.com/jatalocks/kube-reqsizer
- GitHub - jatalocks/kube-reqsizer: A Kubernetes controller for automatically optimizing pod requests based on their continuous usage. VPA alternative that can work with HPA.
- Kubernetes projects
- Weekly: Share your victories thread
credentials-operator
-
Otterize launches open-source, declarative IAM permissions for workloads on AWS EKS clusters
No more! The open-source intents-operator and credentials-operator enable you to achieve the same, except without all that work: do it all from Kubernetes, declaratively, and just-in-time, through the magic of IBAC (intent-based access control).
-
How to have SSL certificates for all my home lab Kubernetes apps?
Otterize Credential Operator ( https://github.com/otterize/credentials-operator ) helps you automatically provision credentials as Kubernetes secrets (using a self-hosted SPIRE or a free SaaS solution). You can use pod annotations to determine the certificate's domain names (as well as many other properties). I think it is a straightforward approach to managing trust, especially for a relatively small cluster where you manage everything. (Full disclosure: I am one of the contributors to this project)
-
Ask r/kubernetes: What are you working on this week?
Have you taken a look at using SPIRE to create the TLS certificates and attesting about the workload identity? You could couple SPIRE server with the Otterize SPIRE integration operator to declaratively generate TLS certificates. This could be easier to deploy than a service mesh and sidecars, depending on your use case - what the clients are and what the servers are.
-
How to authenticate microservices?
You could create JWT or mTLS-based identities, and then verify those in your middleware. If you are on Kubernetes, you might try using SPIRE together with the SPIRE integration operator to automatically issue identities as Kubernetes secrets, which you could then use to connect between services.
-
Who defines secret management / certificate management in your company
In practice, the technical part is implemented by the DevOps/platform team. The way in which you declare and get access to these secrets varies, but can be one of the cloud provider secret managers (e.g. AWS Secret Manager), Hashicorp Vault, or if you're on Kubernetes, could be something like cert-manager, Hashicorp Vault sidecars, or SPIRE coupled with the Otterize SPIRE integration.
-
How to automate certificate renewal with Azure Key vault?
If this seems a bit complicated, you could use SPIRE server to issue certificates and Otterize SPIRE integration operator to renew them in Kubernetes and update Secrets.
What are some alternatives?
terrakube - Open source IaC Automation and Collaboration Software.
bouncer - JWT-based authentication and authorization service
Chalice-PynamoDB-Docker-Starter-Kit - A starter kit with some boilerplate code for getting started making low-cost serverless applications in Python on AWS with a great local development setup via Docker Compose
kustomize-kcl - Kustomzie KCL Function
gimlet - The Flux-based Internal Developer Platform
EKSCTL-Example-Configurations - Some sample configurations for EKSCTL.io to help understand how best to use it and increase adoption
OnlineOrNot - The CLI for OnlineOrNot
playwright-testing
win2s3 - Windows to S3 Backup, Restore, Point in Time, and File Permissions
dyrectorio - dyrector.io is a self-hosted continuous delivery & deployment platform with version management.
Helm-Chart-Boilerplates - Example implementations of the universal helm charts
Universal-Kubernetes-Helm-Charts - Some universal helm charts used for deploying services onto Kubernetes. All-in-one best-practices