DuckDB
DuckDB is an open-source, in-process SQL OLAP database. It's a powerful embedded analytical engine, acting as a direct local alternative to cloud data warehouses like Snowflake for many use cases.
DevOps entries
Kubeshark
Kubeshark is an API traffic analyzer for Kubernetes, providing essential real-time protocol-level visibility for debugging and monitoring network interactions within K8s clusters.
pg_bouncer
PgBouncer is my go-to for PostgreSQL connection pooling. It's a lightweight solution that efficiently manages database connections, reducing overhead and improving application performance.
Talos
Talos Linux is a dedicated, secure, immutable, and minimal operating system specifically for running Kubernetes nodes. It's API-managed and declarative, eliminating configuration drift and traditional OS overhead like SSH or package managers.
Pritunl
Pritunl is an open-source, self-hosted VPN solution supporting OpenVPN, WireGuard, and IPsec. I see it as a viable alternative to services like Tailscale, offering more control over your VPN infrastructure.
kwatch
kwatch is a nice little tool I maintain that monitors Kubernetes clusters, detecting app crashes in real-time and sending instant notifications. It's focused on real-time crash detection and change monitoring within K8s.
Kube Downscaler
Kube Downscaler is a pragmatic tool for automatically scaling down Kubernetes deployments and other workloads during off-peak hours, like weekends or nights, to optimize resource usage and costs. I find it useful for non-production environments.
Cortex
Cortex provides horizontally scalable, highly available, multi-tenant long-term storage for Prometheus and OpenTelemetry metrics, similar to Thanos. It's a robust solution for durably retaining metric data.
Kilo
Kilo is a multi-cloud network overlay built on WireGuard, designed for Kubernetes. It creates an encrypted layer 3 network, enabling secure communication for multi-cloud and multi-cluster Kubernetes deployments, even with NAT. This is a solid solution for federated clusters.
NSA Kubernetes Hardening Guidance
I consider the NSA's Kubernetes Hardening Guidance critical. It's an invaluable resource for securing deployments, providing a baseline from the most paranoid perspective to ensure robust protection against sophisticated threats.
rbac manager
rbac-manager is a Kubernetes operator that simplifies RBAC authorization through declarative custom resources. It manages role bindings and service accounts based on a desired state, which I find much clearer than direct management.
Uptime Kuma
Uptime Kuma is a self-hosted uptime monitor, providing a clean UI for tracking various service types and sending notifications. I find this a robust alternative to cloud-based monitoring solutions.
Reloader
Reloader is a valuable Kubernetes controller that solves a common pain point: automatically reloading deployments and other workloads when referenced ConfigMaps or Secrets are updated. This ensures configurations are always in sync without manual intervention.
Network Policy Editor
This is a visual editor for Kubernetes network policies, allowing me to easily define and visualize traffic rules for my clusters.
k8s.af
This site compiles public Kubernetes failure stories, offering a valuable resource to learn from operational incidents. It's an unvarnished look at common pitfalls and complex issues in K8s environments.
Infra App
Infra App is a desktop client for Kubernetes, offering instant management and monitoring capabilities directly from my workstation.
a8r
This is a neat Kubernetes annotations convention designed to make managing services significantly easier for developers by standardizing metadata.
Spilo
Spilo is a Docker image I use to provision HA PostgreSQL clusters, bundling PostgreSQL with Patroni for high availability. It simplifies deploying resilient Postgres on Docker.
innernet
innernet is a private network system built on WireGuard. It leverages standard CIDR concepts and WireGuard's security to create powerful access control primitives, distinguishing it from alternatives like Tailscale or Nebula.
crontab guru
Crontab guru is a simple, quick editor for cron schedule expressions. I find myself using it a few times a week to verify cron job timings, which is incredibly useful for avoiding misconfigurations.
pgcenter
pgcenter offers a top-like interface to inspect and troubleshoot Postgres performance in real-time. It provides detailed statistics, making it a valuable tool for direct database observation.
kubectl Cheat Sheet
This kubectl cheat sheet provides a quick reference for common commands, covering topics like autocomplete setup, context management, resource creation with `apply`, and various methods for viewing Kubernetes objects. It's an indispensable resource for daily Kubernetes operations.
kubectl-neat
I find kubectl output often too verbose; this tool makes it readable by cleaning up extraneous metadata, default values, and status information from Kubernetes YAML and JSON.
K8s.af
K8s.af compiles public Kubernetes failure stories, ordered by recency. It's a critical resource for learning from common production blunders and improving cluster reliability.
pgsync
pgsync efficiently syncs data from one Postgres database to another, leveraging parallel transfers and secure sensitive data handling, which is far more flexible than `pg_dump`/`pg_restore` for development.
Conftest
Conftest is a great utility for writing tests against structured configuration data, like Kubernetes YAMLs or Terraform. It uses Open Policy Agent's Rego language to define policies and validate configurations, which I find very practical for ensuring compliance and consistency.
Flagsmith
Flagsmith is a comprehensive feature flag system that enables managing feature toggles across web, mobile, and server-side applications. Its granular segmenting and remote config capabilities are essential for controlled rollouts, A/B testing, and fixing issues forward.
Cloud Native Landscape
This interactive graphic from CNCF provides a comprehensive overview of all cloud native projects. It's an indispensable resource for navigating the vast and often confusing cloud native ecosystem.
ngronk
ngrok is a robust cloud networking platform that creates secure tunnels to expose local services to the internet. It simplifies complex traffic routing, security, and transformation, consolidating various networking needs into a single gateway for dev and production environments.
sish
sish is an open-source alternative to serveo/ngrok for SSH tunneling. It allows you to expose local services over HTTP(S), WS(S), TCP, and SNI using standard SSH commands, ideal for self-hosting.
SeawedFS
SeaweedFS is a distributed object store and file system, designed to store and serve billions of files quickly. I see it as a robust solution for high-scale blob storage and POSIX filesystem needs.
Bullet Train
I use Bullet Train as a robust feature flag system. It provides granular control over feature releases for web, mobile, and backend applications, with options for hosted or on-premise deployments. Essential for modern CI/CD.
Traefik
Traefik is a robust, cloud-native load balancer and application proxy, evolving into a full API gateway and management platform. I appreciate its declarative configuration for modern microservices architectures.
k9s
K9s is a robust terminal UI for Kubernetes that allows me to effectively interact with my clusters, making navigation, observation, and management of applications a much more fluid and stylish experience than plain CLI or heavier GUIs.
updown.io
updown.io is my preferred uptime monitor. It's super cheap, simple, and provides notifications via Telegram, among other channels.
sudo_pair
sudo_pair is a `sudo` plugin that enforces a two-person rule, requiring another human to approve and monitor privileged sessions. I find this crucial for sensitive systems where no individual should act autonomously.
Firecracker
Firecracker is an open-source virtualization technology, notably used for AWS Lambda. It delivers secure, lightweight microVMs, offering strong isolation and fast startup times by design minimalism.
Questions & Answers
- What kind of tools and resources are covered in the DevOps category?
- This category primarily features tools for Kubernetes cluster management, monitoring, and debugging, alongside utilities for PostgreSQL database operations, network overlays, and general infrastructure automation. Examples include Kubeshark for API traffic analysis in Kubernetes and pg_bouncer for PostgreSQL connection pooling.
- Who is this collection of DevOps links most useful for?
- This collection is tailored for platform engineers, SREs, and developers who manage and operate containerized applications, particularly those deployed on Kubernetes, or work with PostgreSQL databases. It provides practical solutions for securing, optimizing, and troubleshooting infrastructure.
- What are the recurring themes across the tools listed in the DevOps section?
- Key recurring themes include enhancing Kubernetes security and operational efficiency, like with Talos Linux for secure nodes and rbac-manager for simplified RBAC. Other prominent themes are database management for PostgreSQL and improving observability through tools like Uptime Kuma and Cortex.
- Can you recommend a few standout tools from the DevOps list for Kubernetes operations?
- For robust Kubernetes operations, Talos Linux provides a minimal, secure OS for nodes, while Kubeshark offers deep real-time API traffic analysis. The NSA Kubernetes Hardening Guidance is also a critical resource for securing deployments against sophisticated threats.
- How does this DevOps category differ from other infrastructure-related categories, and when should I browse it?
- This category focuses on the operational aspects of building and maintaining software systems, specifically on tools that facilitate management, monitoring, and automation in environments like Kubernetes and PostgreSQL. You should browse it when looking for practical utilities, security guidance, or performance optimization solutions for your infrastructure.