DevOps&SRE Library

agent-vault

An open-source credential broker by Infisical that sits between your agents and the APIs they call. Agents should not possess credentials. Agent Vault eliminates credential exfiltration risk with brokered access.

https://github.com/Infisical/agent-vault

quarkdown

Quarkdown is a modern Markdown-based typesetting system designed for versatility. It allows a single project to compile seamlessly into a print-ready book, academic paper, knowledge base, or interactive presentation. All through an incredibly powerful Turing-complete extension of Markdown, ensuring your ideas flow automatically into paper.

https://github.com/iamgio/quarkdown

goshs

goshs is a single-binary file server built for the moments when you need more than Python's SimpleHTTPServer but don't want to configure Apache. HTTP/S, WebDAV, SFTP, SMB, LDAP/S, basic auth, share links, DNS/SMTP callbacks, NTLM hash capture + cracking — all from one command.

https://github.com/patrickhener/goshs

otelite

Lightweight OpenTelemetry receiver and dashboard for local development Otelite is a single-binary observability tool that receives OpenTelemetry data (logs, traces, metrics) and provides a web dashboard and terminal UI for viewing it. Designed for local LLM development with minimal resource usage (<100MB memory, <5% CPU), it starts in seconds and requires no external dependencies.

https://github.com/planetf1/otelite

otel-cardinality-processor

An OpenTelemetry Collector processor that catches metric cardinality explosions before they reach your TSDB.

https://github.com/YElayyat/otel-cardinality-processor

How we built a real-world evaluation platform for autonomous SRE agents at scale

Bits AI SRE is Datadog’s autonomous agent for investigating production incidents. It reasons across metrics, logs, traces, infrastructure metadata, network telemetry, monitor configuration, and more to determine, triage, and remediate the root cause of an issue.

https://www.datadoghq.com/blog/engineering/bits-ai-eval-platform

Реклама. Рекламодатель ООО «Авито Тех». erid: 2Vtzqx6K4Ns

Эх, захотелось… Но пока работаем с тем, что есть в SRE-реальности ↖️ Ребята с подкаста «В SREду на кухне» посвятили бюджету ошибок целый выпуск — вместе с Кириллом Борисовым, тимлидом из VK, они обсудили: 🔸 что такое Error budget и можно ли жить без него;  🔸 как объяснить бизнесу его необходимость; 🔸как его считать; 🔸 почему идеальная надёжность — это опасная иллюзия и миф; 🔸 как метрики помогают упростить расчёт. Смотрим и слушаем по ссылкам: 📱 YouTube 📱 VK 📱 Rutube #sre

sish

Open source SSH tunneling for HTTP(S), WS(S), TCP, aliases, and SNI. If you like the simplicity of serveo/ngrok-style sharing but want to use plain SSH and run your own infrastructure, sish is built for that.

https://github.com/antoniomika/sish

x509-certificate-exporter

A Prometheus exporter for certificates focusing on expiration monitoring, written in Go. Designed to monitor Kubernetes clusters from inside, it can also be used as a standalone exporter.

https://github.com/enix/x509-certificate-exporter

cpg

Cilium Policy Generator -- because writing CiliumNetworkPolicies by hand in a default-deny cluster is nobody's idea of a good Friday night.

https://github.com/SoulKyu/cpg

kloudlite

Kloudlite provides cloud-based development workspaces with live service connectivity. Think Telepresence meets cloud IDEs — but with per-developer environment ownership, instant environment switching, and cross-team collaboration built in.

https://github.com/kloudlite/kloudlite

aibrix

Cost-efficient and pluggable Infrastructure components for GenAI inference

https://github.com/vllm-project/aibrix

warden

The open-source egress gateway for AI agents — every API call is authenticated, authorized, and audited. No credentials ever reach the agent.

https://github.com/stephnangue/warden

ing-switch: Migrate from Ingress NGINX to Traefik or Gateway API in Minutes, Not Days https://blog.kubesimplify.com/ing-switch-migrate-from-ingress-nginx-to-traefik-or-gateway-api-in-minutes-not-days

Mastering KEDA on GKE: A Deep Dive into Event-Driven Autoscaling

Event Driven Scaling and How to Fix It When It Breaks

https://saeed.hashnode.dev/keda-on-gke

Hardware-Backed TLS Certificates with cert-manager and YubiHSM 2

Your cert-manager CA key is one kubectl get secret away from being stolen. It's a base64-encoded blob sitting in etcd, and anyone with the right RBAC can read it, copy it, and use it to sign certificates for any service in your cluster.

https://charles.dev/blog/yubihsm-cert-manager

Building eBPF-Based Bandwidth Limiting in AWS Network Policy Agent — Why Vibe Coding Isn’t Enough https://medium.com/@jayanthvn_55441/building-ebpf-based-bandwidth-limiting-in-aws-network-policy-agent-why-vibe-coding-isnt-enough-f8c6681aa278

Lazy-Pulling Container Images: A Deep Dive Into OCI Seekability

From DEFLATE dependency chains to FUSE mounts: how few competing approaches make container layers randomly accessible, and what they all require you to change on every node.

https://blog.zmalik.dev/p/lazy-pulling-container-images-a-deep

chainplane

A Kubernetes operator for deploying and managing blockchain full nodes. Supports 102 chains with built-in health monitoring, snapshot bootstrapping, and automatic recovery.

https://github.com/tazhate/chainplane