Merge branch 'readme-details' into 'master'

initial - a bit too long description of current status - right after list of features

See merge request kubernetes/argocd-apps!275

README.md

@@ -1,22 +1,42 @@
-# Welcome to **K8id.io** — Kubernetes Aid
+# Welcome to **K8id.org** - The home of Kubernetes Aid
 
-**K8id.io** is a Kubernetes management suite, offering a way to setup and operate K8s clusters, following gitops and
+**K8id** is a Kubernetes management suite, offering a way to setup and operate K8s clusters, following gitops and
 automation principles.
 
-K8id offers:
+K8id feature goals:
 
 - Setup of k8s clusters on physical servers (on-premise or at e.g. [Hetzner.com](https://hetzner.com)) and in cloud
   providers like Azure AKS, Amazon AWS or Google GCE
 - Auto-scaling for all cloud k8s clusters and easy manual scale-up for physical servers
 - Manage an ever-growing list of Open Source k8s applications (see `argocd-helm-charts/` folder for a list)
-- Build advanced, customized Prometheus monitoring, using just a per-cluster config file
+- Build advanced, customized Prometheus monitoring, using just a per-cluster config file, with automated handling of trivial alerts, like disk filling.
 - Gitops setup - ALL changes in cluster, is done via Git AND we detect if anyone adds anything in cluster or modifies existing resources, without doing it through Git.
 - Regular application updates with security and bug fixes, ready to be issued to your cluster(s) at will
 - Air-gapped operation of your clusters, to ensure operational stability
+- Cluster security - ensuring least priviledge between applications in your clusters, via resource limits and per-namespace/pod firewalling.
 - Backup, recovery and live-migration of applications or entire clusters
 - Major cluster upgrades, via a shadow Kubernetes setup utilizing the recovery and live-migration features
 - Supply chain attack protection and discovery - and security scans of all software used in cluster
 
+An operations team, typicly has 2 hugely important tasks:
+
+1. Developing a setup that enables as high availability for the companies applications as possible.
+   This is a very difficult task, and it constantly evolves, as the software used in the setup, evolves.
+
+2. Increasing the velocity of the application teams, by assisting them with improving how their application operates in production.
+
+Even with Kubernetes, there is a lot of work to be done, to pick the right solutions for each feature you need - and it is our experience that 95% of what one team needs, is the EXACT same most of the other teams need.
+
+**K8id** aims to be a constantly evolving solution for 1. - enabling the collaboration of operations teams across the world, to increase the velocity of every operations team, so they can focus on 2. - while everyone gets to enjoy a highly available and secure operations setup.
+
+Quite often its very difficult to find enough who can to do this work, and especially since EVERY other company, is building a replica of what you are building to solve 1. This is even WHY Kubernetes was started, to help enable collaboration between companies on a shared goal.
+
+**K8id** is being developed by https://Obmondo.com - where we build the solutions our customers need, and share the work with everyone, via this project. We feel this is the only way, We ever have a chance of actually delivering the features that every operations team should have - without needing to have a subject matter expert at hand for everything.
+
+The fact that we help many customers operate their k8s clusters, also enables us to hire more k8s experts than is normally available - and we can offer them a job where they get time to work on the challenges that interest them, to a much higher degree - because we focus on one thing - furthering this project and delivering value to the customers that sponsor it, via their subscriptions and development tasks they ask of us.
+
+https://Obmondo.com offers low cost subscriptions, where we monitor your clusters and handle your alerts 24/7/365 - enabling teams to not have to worry about who is on vacation, or sick - as we are there to back them up if they need it.
+
 ## Setup of Kubernetes clusters
 
 Mirror this repo and the `kubernetes-config` repo into a Git platform of your choice, and follow the `README` file in
@@ -29,13 +49,15 @@ All customizations happens in your `kubernetes-config` repo.
 
 ## support
 
-Besides the community support, the primary developers of this project offers support via services on https://obmondo.com - where you can opt to have us react to your alerts, and/or help you with developing new features or other tasks on clusters, setup using this project.
+Besides the community support, the primary developers of this project offers support via services on https://obmondo.com - where you can opt to have us observe your world - and react to your alerts, and/or help you with developing new features or other tasks on clusters, setup using this project.
 
 There are ZERO vendor lockin - so any subscription you sign - can be cancelled at any time - you only pay for 1 month at a time.
 
+With a subscription we will be there, to ensure your smooth operations, in timeso f sickness and employee shortages - and able to scale your development efforts on k8id if needed.
+
 ## License
 
-**K8id.io** is licensed under the GPLv3 license, as we believe this is the best way to protect against the patent
+**K8id** is licensed under the GPLv3 license, as we believe this is the best way to protect against the patent
 attacks we see hurting the industry; where companies submit code that uses technology they have patented, and then turn
 and litigate companies that use the software.
 
@@ -76,6 +98,8 @@ You can also adjust your settings for Prometheus per-cluster - in your kubernete
 
 We currently have CI support for Gitlab and Github actions.
 
+TODO: Implement Robusta to automate handling of trivial tasks, like increasing size of a PVC (and running disk cleanup scripts first to try and avoid it), or scaling up instead.
+
 ## Regular application updates with security and bug fixes, ready to be issued to your cluster(s) at will
 
 We update this repository with updated versions of the applications, and improvements - which if you have a subscription with https://Obmondo.com you will get automaticly, or you can just git pull, to get.
@@ -88,6 +112,11 @@ We maintain a copy of everything needed to setup your cluster (or do full recove
 
 TODO: maintain copy of all used docker images and override images on all charts used to use that instead.
 
+## Cluster security - ensuring least priviledge between applications in your clusters, via resource limits and per-namespace/pod firewalling.
+
+We use Calico and NetworkPolicy objects, to firewall each pod, so they cannot access anything in the cluster, that they do not need to.
+This protects against a pod compromise and WHEN we block traffic from a pod, it triggers an event in the namespace, so the application developers can see what happened AND it enables us to detect Pod compromises and alert.
+
 ## Backup, recovery and live-migration of applications or entire clusters
 
 We use Velero to do regular backups of cluster and PVC data.