Is My Agentless K8s Cost Auditor a Good Approach?

I've been consulting in the Kubernetes space and noticed a recurring issue: clients really want visibility into costs, but security teams often reject tools like Kubecost due to lengthy review processes. To tackle this, I created an alternative solution. Instead of using an agent, my approach involves a bash script that runs locally with your kubectl credentials. It collects resource configurations, usage metrics, and node capacities, while anonymizing pod names with SHA256 hashes. The output is a .tar.gz file that you fully control.

Here's what I've found while testing across approximately 20 clusters:
- Memory limits are often 5-10 times higher than actual usage, which is very common.
- Some pods lack resource requests, leading to possible scheduling issues.
- There are still orphaned load balancers and storage from apps that have been deleted.

For anonymization, I'm implementing a process where pod names, namespaces, and images are hashed, while preserving resource metrics and removing sensitive data like secrets and env vars.

I have a few questions for anyone interested in this solution:
1. Would your security team accept this method?
2. Am I missing anything? What else needs to be anonymized?
3. Are there other waste patterns I should look to detect?
4. Would a GitHub Action be beneficial for CI/CD integration?

For anyone looking to try it out, you can run the script and send the output to [email protected] for a free detailed analysis (first 20 testers). You can find my code on GitHub and more info on my website.