A reference implementation of a production-like Kubernetes cluster for development environments.
| Info | Badge |
|---|---|
| License |  |
| Build |  |
| FOSSA |  |
The general purpose of this repository is to act as a reference implementation of kubernetes infrastructure, application deployment, management, and monitoring via GitOps workflows. All changes beyond the initial initialization of the cluster should be performed via GitOps, which provides end-to-end traceability and is entirely reproducible. A cluster can be destroyed and recreated with minimal intervention and return to a fully usable state.
Some general guidelines:
- full traceability through GitOps workflows
- single source of truth for infrastructure and cluster state
- clusters should be secure by default
- completely self-service
- use git workflows for change control management, if desired
- use Cloud Native Computing Foundation (CNCF) projects where possible
This repository works in combination with the following repositories to meet the aforementioned goals:
| Name | Purpose | Repository |
|---|---|---|
| terraform-org | infrastructure as code | https://github.com/deavon-and-tiffany/terraform-org |
| helm | helm charts | https://github.com/deavon-and-tiffany/helm-charts |
| deployments (this repository) | deployment manifests for clusters | https://github.com/deavon-and-tiffany/kube-deployments |
This deployment supports the following systems:
| Name | Purpose | Documentation |
|---|---|---|
| prometheus (cncf) | metrics collection and time series | https://www.prometheus.io |
| fluent-bit (cncf) | light weight log processor and forwarder | https://fluentbit.io |
| flux (cncf) | gitops operator for kubernetes | https://fluxcd.io |
| grafana | metrics visualization | https://www.grafana.org |
| elasticsearch | json-based search and analytics (logging) | https://www.elastic.co/products/elasticsearch |
| kibana | visualization for elasticsearch (logging) | https://www.elastic.co/products/kibana |
| minio | emulation for cloud native object storage | https://min.io |
| istio | service mesh and gateway | https://istio.io |
| sealed secrets | encrypted secrets via gitops | https://github.com/bitnami-labs/sealed-secrets |
| velero | kubernetes backup, migration, and restore | https://velero.io |
Continuous Delivery of Containers:
- Commits are applied to a git repository for an application
- Application is built within a ci/cd pipeline that publishes images to an OCI-complaint registry, such as Docker Registry
- The updated image is detected by an agent operating in the cluster (flux)
- The agent updates the image version within Kubernetes manifests and commits the change to this repository
- The agent detects any commits made to this repository and applies any modified manifests
- The agent records the current state using a git tag associated with the commit that was applied.
Continuous Delivery of Helm Charts:
- Helm chart version is updated in a helm repository, such as our example repository
- Change is detected by an agent operating in the cluster (helm-operator)
- The agent updates the chart version within Kubernetes manifests (HelmRelease) and commits the change to this repository
- The agent detects any commits made to this repository and applies any modified manifests
Copyright (c) 2020. Deavon McCaffery and Tiffany Wang See LICENSE for details.
Notice:
Logical diagrams are taken from the fabulous Flux CNCF project. Special thanks goes to the maintainers and contributors.
For a list of all open source dependencies, see NOTICE.
