Cost & FinOps.

Shows the monthly cost delta of a Terraform/OpenTofu diff before you apply it, posted as a PR comment. Covers AWS, GCP, Azure resource pricing. The feedback loop is: write the IaC change → open a PR → immediately see "this adds $47/month". Prevents the classic "accidentally provisioned three NAT gateways" class of surprise. Free for self-hosted use.

CNCF standard for Kubernetes cost allocation: attributes cloud spend to namespaces, deployments, labels, and teams in real time. Reads cloud billing APIs to get node prices; allocates shared costs (cluster overhead, shared namespaces) configurable by policy. Exposes a REST API and a web UI. The OSS answer to Kubecost without the enterprise upsell. Runs as a container alongside your Prometheus stack.

Cloud-agnostic asset inventory and cost explorer: connects to AWS, GCP, Azure, OCI, and others; renders a web dashboard of all resources grouped by service, region, and tag. Surfaces forgotten resources (unused EIPs, idle NAT gateways, orphaned volumes) and estimated monthly cost without requiring cloud cost-explorer access or billing permissions beyond read-only describe calls. Self-hosted, single binary.

Rules engine for cloud resource governance: define YAML policies like "tag all untagged EC2 instances", "stop dev instances on weekends", "delete S3 buckets with no access in 90 days", "alert if any resource costs over $500/month." Runs as a CLI, Lambda, or Kubernetes CronJob. Multi-cloud (AWS, GCP, Azure). Mature, CNCF-hosted. The OSS answer to "how do we enforce tagging and cost policies at scale."

Reads VPA (Vertical Pod Autoscaler) recommendations and surfaces them in a web dashboard: "your payments service should request 200m CPU / 256Mi memory, not the 1 CPU / 2Gi you declared." Makes right-sizing actionable — you see the recommendation, click copy, paste into your Helm values. Reduces both over-provisioning waste and OOMKill risk from under-provisioning. Requires VPA CRDs installed in the cluster.