fabrikate-cloud-native
An opinionated open platform cloud native Fabrikate stack for operating Kubernetes clusters.
It includes:
Cluster Maintainance (via fabrikate-kured)
- Kured: Automatic node reboot when OS is patched.
Metrics Monitoring (via fabrikate-prometheus-grafana)
- Prometheus Metrics aggregation
- Grafana Visualization with Kubernetes monitoring dashboards preconfigured
Log Management (via fabrikate-elasticsearch-fluentd-kibana)
- Fluentd: Collection and forwarding
- Elasticsearch: Aggregation and query execution
- Kibana: Full text query UI and visualization
Service Mesh (via fabrikate-istio)
- Istio: Connect, secure, control, and observe services.
- CertManager: For retrieving SSL certs
Distributed Tracing (via fabrikate-jaeger)
- Jaeger: Distributed transaction, latency, and dependency tracing
Running
mkdir -p fabrikated && cd fabrikated
fab add cloud-native --source https://github.com/grimesjm/fabrikate-cloud-native
fab install
fab generate prod aws
kubectl apply --recursive -f .
Untested
Set NAME and INGRESS_DOMAIN to give the certificate resource a name and a domain to control and run certs/apply.sh
Notes
- Set
slack-hook-urlfor Kured set this in config/prod.yaml and/or config/dev.yaml - Set email for cert-manager - set in config/common.yaml
Does not work yet, need a newer version of the Kured container
If you have any one off pods such as Jobs or Cronjobs that are expensive in CPU or time, Add the following selectors to the pod:
"metadata": {
"labels": {
"runtime" : "long",
"cost" : "expensive"
}
}
This will prevent us from rebooting a recently patched node while the pod is running.
TODO
- Run kube-bench
- Set pod security policies
- Verify PV/PVC's
- Feed prometheus alert-manager slack config