Kubernetes is hard--or is it? This repo is a collection of multi-platform images and container resource definitions for managing a software-dev organization using Kubernetes. These tools make it easy. Contents:
Directory | Description |
---|---|
ansible | build your own cluster (Kubernetes or Swarm) |
images | images which are published to Docker Hub |
k8s | container resources in kubernetes yaml format |
lib/build | build makefile and tools |
services | non-clustered docker-compose services |
ssl | PKI certificate tools (deprecated by k8s) |
stacks | container resources in docker-compose format |
Find images at docker hub/instantlinux. Each image is scanned by trivy to ensure they contain no known CVE vulnerabilities before promotion to Docker Hub.
Find a lot more details about the Kubernetes bare-metal installer in k8s/README.
The cluster-deployment tools here include helm charts and ansible playbooks to spin up bare-metal or VM master/worker nodes, and a Makefile to add several additional features.
- Direct-attached SSD local storage pools
- Dashboard
- Non-default namespace with its own service account (full permissions within namespace, limited read-only in kube-system namespaces)
- Keycloak for OpenID / OAuth2 user authentication / authorization
- Vaultwarden, a self-hosted Bitwarden-compatible password manager
- Helm3
- Mozilla sops with encryption (to keep credentials in local git repo)
- Encryption for internal etcd
- MFA using Authelia and Google Authenticator
- Calico or flannel networking
- ingress-nginx
- Local-volume sync
- Pod security policies
- Automatic certificate issuing/renewal with Letsencrypt
- PostgreSQL-operator from CrunchyData
Developer infrastructure
Networking and support
Service | Version | Notes |
---|---|---|
authelia | ** | single-signon multi-factor auth |
cloud | ** | nextcloud, private sync like Apple iCloud |
data-sync | poor-man's SAN for persistent storage | |
duplicati | backups | |
ez-ipupdate | Dynamic DNS client | |
haproxy-keepalived | load balancer | |
guacamole | ** | authenticated remote-desktop server |
logspout | ** | central logging for Docker |
mysqldump | per-database alternative to xtrabackup | |
nagios | Nagios Core v4 for monitoring | |
nagiosql | NagiosQL for configuring Nagios Core v4 | |
nut-upsd | Network UPS Tools | |
openldap | OpenLDAP authentication server | |
restic | ** | backups |
rsyslogd | logger in a 13MB image | |
samba | file server | |
samba-dc | Active-Directory compatible domain controller | |
secondshot | rsnapshot-based backups | |
splunk | ** | the free version |
Entertainment
Thank you to the following contributors!
- Mike Neir
- Chad Hedstrom - personal site
- Sean Mollet
- Juan Manuel Carrillo Moreno - personal site
- nicxvan
- Frank Riley
- Devin Bayer
- Daniel Muller
- Brian Hechinger
Contents created 2017-23 under Apache 2.0 License by Rich Braun.