The DevOps ecosystem can feel overwhelming—countless tools promise better automation, faster deployments, and improved reliability. Over the years, I’ve tried many tools and put together a set that I find particularly useful and well-made for everyday platform engineering and DevOps tasks.

Below is my curated list of the best DevOps tools across the entire delivery lifecycle—from local development to production operations, security, policy enforcement, observability, and cost management.

1. Development Environments

Tilt – Unified Local Development for Kubernetes and Docker Compose

Tilt is a powerful local development toolkit that automates builds and live reloads. While teams use it primarily with Kubernetes, Tilt also works seamlessly with docker-compose.

Use cases:

PoC/MVP phase: Tilt + docker-compose for a lightweight, fast local setup.
Scaling phase: Tilt + kind (Kubernetes-in-Docker) for realistic cluster testing.

2. Application Configuration & Packaging

ytt – Elegant Configuration for Internal Applications

From the Carvel suite by VMware, ytt makes template-driven YAML management both powerful and enjoyable. It’s ideal for internal services where you control the full configuration lifecycle. You can also override Helm template outputs when needed—giving you fine-grained control without modifying upstream charts.

Helm – Standard for Third-Party Apps (Reluctantly)

Helm can feel heavy and opinionated for internal use, but most third-party apps are delivered as Helm charts. When using GitOps tools like Argo CD, Helm is often used only as a templating tool (helm template) rather than for full release management.

Optional alternative: kapp (Carvel) can apply Helm template outputs cleanly, but GitOps workflows often make it optional.

3. Core Platform Layer

Kubernetes

Kubernetes remains the backbone of modern infrastructure. Its ecosystem, tooling, and community make it a safe, future-proof choice for orchestrating containerized applications.

4. GitOps & Continuous Delivery

Argo CD

Argo CD enables declarative deployments, application health monitoring, and automated synchronization—fully driven from Git as the single source of truth.

Key benefits:

Permissions management: Control who can deploy what directly from Git.
History and auditing: Track changes over time and rollback if needed.
Rich UI: Inspect differences between Git and the cluster, and rollback deployments manually.

5. Infrastructure as Code & Cloud Provisioning

Terraform

Terraform is the go-to tool for provisioning core infrastructure like networking, GKE clusters, and managed services. It’s multi-cloud, predictable, and widely adopted.

Crossplane

Crossplane enables developers to provision resources declaratively in Kubernetes. It complements Terraform by letting developers self-service resources safely.

6. Cost Visibility & Optimization

Kubecost / OpenCost

These tools provide transparent cost allocation for Kubernetes workloads, allowing you to break down costs by namespace, team, or workload.

Infracost

When using Terraform, Infracost provides real-time cost estimates directly in your workflow, helping prevent unexpected cloud bills.

7. Secrets Management

Vault + External Secrets Operator

Vault provides secure storage, dynamic secrets, and centralized access control. Combined with the External Secrets Operator, it integrates with Kubernetes to inject secrets into pods declaratively and securely.

8. Task Automation

Task – Modern Make Replacement

Task is a cross-platform alternative to Make, with dependency management and environment variable support. Use it for local automation, CI/CD scripts, or scaffolding projects.

9. Observability & Monitoring

Grafana Stack: Prometheus / Mimir / Grafana / Loki / Tempo / Alloy

A full open-source observability ecosystem:

Prometheus / Mimir: Metrics collection
Loki: Logs aggregation
Tempo: Distributed tracing
Grafana: Unified visualization
Alloy: Modern collector/agent

Covers the full spectrum of monitoring and troubleshooting needs.

10. Security, Compliance & Runtime Protection

SBOM & Vulnerability Scanning

Syft: Generates Software Bill of Materials (SBOMs)
Grype: Scans SBOMs or container images for vulnerabilities

While Trivy is also a solid tool, it is less specialized for a two-step workflow (SBOM generation + scanning). Keeping a separate SBOM provides better traceability and compliance, which is crucial for security audits and regulatory requirements.

Runtime Security

Falco & Falcosidekick: Monitors syscalls for suspicious runtime behavior
Kubescape: Checks manifests and clusters against NSA, MITRE, and CIS benchmarks
Kyverno: Enforces Kubernetes policies declaratively

11. Messaging, Eventing & Autoscaling

NATS

Lightweight, high-performance messaging system ideal for event-driven microservices. Enables loosely coupled communication between services.

KEDA

Enables event-driven autoscaling in Kubernetes, scaling workloads based on metrics or message queues. Works great with NATS for precise scaling.

12. Networking & Security

Cilium

Leverages eBPF for advanced networking, security, and observability. Becoming the standard CNI add-on for Kubernetes clusters.

Hubble

Built on Cilium, Hubble provides deep visibility into network flows, service-to-service communication, and policy enforcement.

Conclusion

DevOps isn’t just about tools—but the right tools make a huge difference. This stack covers every stage:

Development workflows: Tilt, kind, docker-compose
Configuration & packaging: ytt, Helm
GitOps & CD: Argo CD
Infrastructure & provisioning: Terraform, Crossplane
Secrets management: Vault + External Secrets Operator
Task automation: Task
Observability: Grafana stack
Security & compliance: Syft, Grype, Falco, Kubescape, Kyverno
Messaging & autoscaling: NATS, KEDA
Networking: Cilium + Hubble

Adopting these tools thoughtfully can reduce complexity, improve productivity, enhance security, and maintain full visibility across your infrastructure.