An opinionated open platform cloud native Fabrikate stack for operating Kubernetes clusters.
It includes:
Cluster Maintainance (via fabrikate-kured)
- Kured: Automatic node reboot when OS is patched.
Metrics Monitoring (via fabrikate-prometheus-grafana)
- Prometheus Metrics aggregation
- Grafana Visualization with Kubernetes monitoring dashboards preconfigured
Log Management (via fabrikate-elasticsearch-fluentd-kibana)
- Fluentd: Collection and forwarding
- Elasticsearch: Aggregation and query execution
- Kibana: Full text query UI and visualization
Service Mesh (via fabrikate-istio)
- Istio: Connect, secure, control, and observe services.
- CertManager: For retrieving SSL certs
Distributed Tracing (via fabrikate-jaeger)
- Jaeger: Distributed transaction, latency, and dependency tracing
mkdir -p fabrikated && cd fabrikated
fab add cloud-native --source https://github.com/grimesjm/fabrikate-cloud-native
fab install
fab generate prod aws
kubectl apply --recursive -f .
Set NAME
and INGRESS_DOMAIN
to give the certificate resource a name and a domain to control and run certs/apply.sh
- Set
slack-hook-url
for Kured set this in config/prod.yaml and/or config/dev.yaml - Set email for cert-manager - set in config/common.yaml
If you have any one off pods such as Jobs or Cronjobs that are expensive in CPU or time, Add the following selectors to the pod:
"metadata": {
"labels": {
"runtime" : "long",
"cost" : "expensive"
}
}
This will prevent us from rebooting a recently patched node while the pod is running.
- Run kube-bench
- Set pod security policies
- Verify PV/PVC's
- Feed prometheus alert-manager slack config