Potentially useful tech tools
CLI things
- https://dev.to/lissy93/cli-tools-you-cant-live-without-57f6
- https://github.com/tldr-pages/tldr
- https://charm.sh/apps/
- https://github.com/charmbracelet The Charm apps look amazing, you can build an app served by ssh? And the choice menus look so pretty :O
Autodetect config issues
Kryptoslogic telltale
Security host monitoring with a free tier
Open source
Generic docs for open source docs
Homelab
- Immich
- Photoprism?
- Tailscale
Socials
- https://posty.1sland.social/
Security
Not yet tried
- https://github.com/nozaq/terraform-aws-secure-baseline
- https://github.com/9rnt/poro
- https://twitter.com/liam_galvin/status/1559471247783870464?t=wTpsoGtxkGjse3SghctQYQ&s=03 (Trivy for AWS accounts)
- https://github.com/raspbernetes/k8s-security-policies # CIS Policies for OPA!
- https://github.com/chaos-mesh/chaos-mesh
- https://www.hackread.com/free-best-osint-tools-2021/
- https://github.com/inguardians/peirates
- https://github.com/awslabs/assisted-log-enabler-for-aws
- Securing your AWS landscape
Talk to your company’s lawyers before using most of these, lol
Tried
https://github.com/brompwnie/botb
Tried to break out of some containers in the EKS clusters of VanMoof with this, but not much worked :/
https://github.com/aquasecurity/kube-bench
Benchmarking tool for the CIS recommendations matching of a K8s cluster. Somewhat useful results, but not too impressive
https://github.com/derailed/popeye
Pretty legit CLI tool (derailed has also made k9s). Findings were decent and actionable, though the RBAC seems to have been subpar somehow because it failed to list all resource types
DevOps generic
- https://github.com/boz/kail
- https://github.com/aquasecurity/tfsec
- https://github.com/falcosecurity/falco
- https://github.com/roshan8/slo-tracker
- https://codeberg.org/hjacobs/kube-downscaler
- aws-nuke
https://goteleport.com/kubernetes-access/
Reverse SSH tunnel. Talked to them at Kubecon: Vendors I talked to at Kubecon When asked in VanMoof about this my response was:
The cloud team are aware of Teleport and similar implementations. We do not have a conclusive answer yet, but are leaning towards avoiding SSH as much as possible.
Longer answer:
I personally like the design behind the tool, and I spent quite some time talking to their team in Kubecon. I however hope to not need it. This is because SSH workflows by definition serve to mutate a running system and mutating in an IaC world is really not what we should be doing.P.S If you’re talking about SSHing to Nodes (instead of Pods), that’s ofc completely out of the question, but I don’t think you are
Pricing and cost
- https://aws.amazon.com/blogs/containers/aws-and-kubecost-collaborate-to-deliver-cost-monitoring-for-eks-customers/
- infracost.io
- Goldilocks
Internal tooling
airplane.dev
Policies
Tool for policy testing, meant for running in CI Looks interesting, but would need manual work to write stuff, or to find good pools of existing tests as a base to extend
Focus optimizing
https://www.centered.app/g/freakin-nerds
I’ve been using this for months, and it’s been working great for me
Monitoring
Pretty cool, ultrafast open source monitoring tool with plenty of builtin integrations
- https://github.com/slok/sloth
- https://sloth.dev/usage/cli/
- https://sloth.dev/introduction/dashboards/
SLO Tracking in Prometheus format. Has Grafana dashboards too. I’ve heard heavy criticisms of how many recording rules it generates tho
Green stuff
- https://github.com/thegreenwebfoundation/lighthouse-plugin-greenhouse
- https://www.thegreenwebfoundation.org/directory/