// the find
gocrane/crane
Crane is a FinOps Platform for Cloud Resource Analytics and Economics in Kubernetes clusters. The goal is not only to help users to manage cloud cost easier but also ensure the quality of applications.
Crane is a Kubernetes-native FinOps platform from Tencent that combines cost visibility, workload rightsizing recommendations, prediction-driven autoscaling, and QoS enforcement into one operator. It targets platform teams running large Kubernetes clusters who want to reduce cloud spend without babysitting every workload manually. The scope is ambitious — maybe too ambitious for a single project to do well.
The EffectiveHPA controller is the most interesting piece: it uses time-series prediction (DSP algorithm with autocorrelation-based period detection) to scale ahead of traffic rather than reacting to it, which is a genuine improvement over vanilla HPA. The recommendation framework is pluggable and ships working recommenders for CPU/memory requests and idle workloads out of the box — not just dashboards, but actual `kubectl`-applicable patches. The colocation QoS engine with cgroup-level CPU throttling and interference detection is more sophisticated than most open-source alternatives, using eBPF and cadvisor for per-pod signal collection. The project is a CNCF certified FinOps solution and has a real multi-cloud pricing exporter (Fadvisor) that feeds Prometheus, so cost data lives alongside your existing metrics.
The roadmap doc is dated 2022 and the last meaningful commit activity has slowed significantly — the repo looks maintained but not actively developed, which matters a lot for something touching node-level cgroups and scheduling. The community is heavily Chinese-language (WeChat groups, APAC-only community calls, Chinese-first documentation), which will be a friction point for teams outside that ecosystem. Hardcoded TLS keys checked into the repo under `deploy/keys/` is an embarrassing security mistake that should disqualify this from any serious production consideration without auditing what else got missed. The QoS ensurance and colocation features require Linux-only DaemonSet components with privileged access, so you can't evaluate them in most dev environments — the gap between 'read the docs' and 'actually running it' is wide.