Show HN: Wozz – 开源 Kubernetes 成本检查器和集群审计工具

1作者: wozzio6 个月前
URL: <a href="https:&#x2F;&#x2F;github.com&#x2F;WozzHQ&#x2F;wozz" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;WozzHQ&#x2F;wozz</a> Hi HN, 我构建了 Wozz,一个开源的 CLI 和 GitHub Action,用于在合并之前捕获昂贵的 Kubernetes 配置。 **动机** 我注意到大多数云成本工具(如 Kubecost)只会 30 天后才显示账单。到那时,过度配置的 sidecar 或巨大的 Java 堆内存就已经投入生产了。我想要一个像资源请求的单元测试一样的东西,在 PR 中阻止“手误”错误,而不是等待账单。 **工作原理** Wozz 以两种模式运行: * **在 CI/CD 中(Linter):** 它解析你的清单(deployment.yaml 等)的 git diff,计算成本增量(请求 × 副本),如果更改超过阈值(例如,+50 美元/月),则发布评论。它还会检查 HorizontalPodAutoscaler 限制,以标记最坏情况下的扩展风险。 * **在本地(Auditor):** 它扫描你当前的 kubecontext,以比较保留的请求与实际的实时使用情况(kubectl top)。这有助于找到“睡眠保险”差距——开发人员请求 4GB RAM 只是为了安全起见,但应用程序只使用了 200MB。 **实现细节** * **技术栈:** TypeScript/Node.js。 * **计算:** 它使用可配置的混合费率(例如,0.04 美元/GB/小时)来确定性地估算成本,而不是查询 AWS 成本 API(这需要敏感的凭据并且速度很慢)。 * **隐私:** 它 100% 在本地或你的 runner 中运行。不会将任何清单或密钥发送到任何外部服务器。 **仓库** <a href="https:&#x2F;&#x2F;github.com&#x2F;WozzHQ&#x2F;wozz" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;WozzHQ&#x2F;wozz</a> **反馈** 我目前正在使用静态混合费率进行成本计算,以保持工具的快速和无状态。我很好奇这种近似值对于你们团队的防护措施是否足够准确,或者你们是否严格要求实时 Spot Instance 定价才能信任这样的工具?
查看原文
URL: <a href="https:&#x2F;&#x2F;github.com&#x2F;WozzHQ&#x2F;wozz" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;WozzHQ&#x2F;wozz</a><p>Hi HN,<p>I built Wozz, an open-source CLI and GitHub Action to catch expensive Kubernetes configs before they merge.<p>The Motivation I noticed that most cloud cost tools (like Kubecost) only show you the bill 30 days later. By then, the over-provisioned sidecar or massive Java heap is already in production. I wanted something that acts like a unit test for resource requests blocking fat finger mistakes in the PR rather than waiting for the bill.<p>How it works Wozz runs in two modes:<p>In CI&#x2F;CD (The Linter): It parses the git diff of your manifests (deployment.yaml, etc.), calculates the cost delta (requests × replicas), and posts a comment if the change exceeds a threshold (e.g., +$50&#x2F;mo). It also checks HorizontalPodAutoscaler limits to flag worst-case scaling risks.<p>Locally (The Auditor): It scans your current kubecontext to compare reserved requests vs. actual live usage (kubectl top). This helps find the &quot;Sleep Insurance&quot; gap—where devs request 4GB RAM just to be safe, but the app only uses 200MB.<p>Implementation Details<p>Stack: TypeScript&#x2F;Node.js.<p>Math: Instead of querying AWS Cost APIs (which requires sensitive creds and is slow), it uses a configurable Blended Rate (e.g., $0.04&#x2F;GB&#x2F;hr) to estimate costs deterministically.<p>Privacy: It runs 100% locally or in your runner. No manifests or secrets are sent to any external server.<p>Repo <a href="https:&#x2F;&#x2F;github.com&#x2F;WozzHQ&#x2F;wozz" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;WozzHQ&#x2F;wozz</a><p>Feedback I’m currently using a static Blended Rate for the cost math to keep the tool fast and stateless. I’m curious if this approximation is accurate enough for your team&#x27;s guardrails, or if you strictly require real-time Spot Instance pricing to trust a tool like this?