From 794dd737b51cbc2b37c864ef2af4f8cf7b927478 Mon Sep 17 00:00:00 2001 From: Klavs Klavsen Date: Mon, 11 Apr 2022 08:40:31 +0200 Subject: [PATCH] initial - a bit too long description of current status - right after list of features --- README.md | 41 ++++++++++++++++++---- README-operations.md => operations-tips.md | 0 2 files changed, 35 insertions(+), 6 deletions(-) rename README-operations.md => operations-tips.md (100%) diff --git a/README.md b/README.md index 282fc8b98..2fc62e2d0 100644 --- a/README.md +++ b/README.md @@ -1,22 +1,42 @@ -# Welcome to **K8id.io** — Kubernetes Aid +# Welcome to **K8id.org** - The home of Kubernetes Aid -**K8id.io** is a Kubernetes management suite, offering a way to setup and operate K8s clusters, following gitops and +**K8id** is a Kubernetes management suite, offering a way to setup and operate K8s clusters, following gitops and automation principles. -K8id offers: +K8id feature goals: - Setup of k8s clusters on physical servers (on-premise or at e.g. [Hetzner.com](https://hetzner.com)) and in cloud providers like Azure AKS, Amazon AWS or Google GCE - Auto-scaling for all cloud k8s clusters and easy manual scale-up for physical servers - Manage an ever-growing list of Open Source k8s applications (see `argocd-helm-charts/` folder for a list) -- Build advanced, customized Prometheus monitoring, using just a per-cluster config file +- Build advanced, customized Prometheus monitoring, using just a per-cluster config file, with automated handling of trivial alerts, like disk filling. - Gitops setup - ALL changes in cluster, is done via Git AND we detect if anyone adds anything in cluster or modifies existing resources, without doing it through Git. - Regular application updates with security and bug fixes, ready to be issued to your cluster(s) at will - Air-gapped operation of your clusters, to ensure operational stability +- Cluster security - ensuring least priviledge between applications in your clusters, via resource limits and per-namespace/pod firewalling. - Backup, recovery and live-migration of applications or entire clusters - Major cluster upgrades, via a shadow Kubernetes setup utilizing the recovery and live-migration features - Supply chain attack protection and discovery - and security scans of all software used in cluster +An operations team, typicly has 2 hugely important tasks: + +1. Developing a setup that enables as high availability for the companies applications as possible. + This is a very difficult task, and it constantly evolves, as the software used in the setup, evolves. + +2. Increasing the velocity of the application teams, by assisting them with improving how their application operates in production. + +Even with Kubernetes, there is a lot of work to be done, to pick the right solutions for each feature you need - and it is our experience that 95% of what one team needs, is the EXACT same most of the other teams need. + +**K8id** aims to be a constantly evolving solution for 1. - enabling the collaboration of operations teams across the world, to increase the velocity of every operations team, so they can focus on 2. - while everyone gets to enjoy a highly available and secure operations setup. + +Quite often its very difficult to find enough who can to do this work, and especially since EVERY other company, is building a replica of what you are building to solve 1. This is even WHY Kubernetes was started, to help enable collaboration between companies on a shared goal. + +**K8id** is being developed by https://Obmondo.com - where we build the solutions our customers need, and share the work with everyone, via this project. We feel this is the only way, We ever have a chance of actually delivering the features that every operations team should have - without needing to have a subject matter expert at hand for everything. + +The fact that we help many customers operate their k8s clusters, also enables us to hire more k8s experts than is normally available - and we can offer them a job where they get time to work on the challenges that interest them, to a much higher degree - because we focus on one thing - furthering this project and delivering value to the customers that sponsor it, via their subscriptions and development tasks they ask of us. + +https://Obmondo.com offers low cost subscriptions, where we monitor your clusters and handle your alerts 24/7/365 - enabling teams to not have to worry about who is on vacation, or sick - as we are there to back them up if they need it. + ## Setup of Kubernetes clusters Mirror this repo and the `kubernetes-config` repo into a Git platform of your choice, and follow the `README` file in @@ -29,13 +49,15 @@ All customizations happens in your `kubernetes-config` repo. ## support -Besides the community support, the primary developers of this project offers support via services on https://obmondo.com - where you can opt to have us react to your alerts, and/or help you with developing new features or other tasks on clusters, setup using this project. +Besides the community support, the primary developers of this project offers support via services on https://obmondo.com - where you can opt to have us observe your world - and react to your alerts, and/or help you with developing new features or other tasks on clusters, setup using this project. There are ZERO vendor lockin - so any subscription you sign - can be cancelled at any time - you only pay for 1 month at a time. +With a subscription we will be there, to ensure your smooth operations, in timeso f sickness and employee shortages - and able to scale your development efforts on k8id if needed. + ## License -**K8id.io** is licensed under the GPLv3 license, as we believe this is the best way to protect against the patent +**K8id** is licensed under the GPLv3 license, as we believe this is the best way to protect against the patent attacks we see hurting the industry; where companies submit code that uses technology they have patented, and then turn and litigate companies that use the software. @@ -76,6 +98,8 @@ You can also adjust your settings for Prometheus per-cluster - in your kubernete We currently have CI support for Gitlab and Github actions. +TODO: Implement Robusta to automate handling of trivial tasks, like increasing size of a PVC (and running disk cleanup scripts first to try and avoid it), or scaling up instead. + ## Regular application updates with security and bug fixes, ready to be issued to your cluster(s) at will We update this repository with updated versions of the applications, and improvements - which if you have a subscription with https://Obmondo.com you will get automaticly, or you can just git pull, to get. @@ -88,6 +112,11 @@ We maintain a copy of everything needed to setup your cluster (or do full recove TODO: maintain copy of all used docker images and override images on all charts used to use that instead. +## Cluster security - ensuring least priviledge between applications in your clusters, via resource limits and per-namespace/pod firewalling. + +We use Calico and NetworkPolicy objects, to firewall each pod, so they cannot access anything in the cluster, that they do not need to. +This protects against a pod compromise and WHEN we block traffic from a pod, it triggers an event in the namespace, so the application developers can see what happened AND it enables us to detect Pod compromises and alert. + ## Backup, recovery and live-migration of applications or entire clusters We use Velero to do regular backups of cluster and PVC data. diff --git a/README-operations.md b/operations-tips.md similarity index 100% rename from README-operations.md rename to operations-tips.md