fabrikate-cloud-native
An opinionated open platform cloud native Fabrikate stack for operating Kubernetes clusters.
It includes:
fabrikate-kured)
Cluster Maintainance (via- Kured: Automatic node reboot when OS is patched.
fabrikate-prometheus-grafana)
Metrics Monitoring (via- Prometheus Metrics aggregation
- Grafana Visualization with Kubernetes monitoring dashboards preconfigured
fabrikate-elasticsearch-fluentd-kibana)
Log Management (via- Fluentd: Collection and forwarding
- Elasticsearch: Aggregation and query execution
- Kibana: Full text query UI and visualization
fabrikate-istio)
Service Mesh (via- Istio: Connect, secure, control, and observe services.
- CertManager: For retrieving SSL certs
fabrikate-jaeger)
Distributed Tracing (via- Jaeger: Distributed transaction, latency, and dependency tracing
Running
mkdir -p fabrikated && cd fabrikated
fab add cloud-native --source https://github.com/grimesjm/fabrikate-cloud-native
fab install
fab generate prod aws
kubectl apply --recursive -f .
Untested
Set NAME
and INGRESS_DOMAIN
to give the certificate resource a name and a domain to control and run certs/apply.sh
Notes
- Set
slack-hook-url
for Kured set this in config/prod.yaml and/or config/dev.yaml - Set email for cert-manager - set in config/common.yaml
Does not work yet, need a newer version of the Kured container
If you have any one off pods such as Jobs or Cronjobs that are expensive in CPU or time, Add the following selectors to the pod:
"metadata": {
"labels": {
"runtime" : "long",
"cost" : "expensive"
}
}
This will prevent us from rebooting a recently patched node while the pod is running.
TODO
- Run kube-bench
- Set pod security policies
- Verify PV/PVC's
- Feed prometheus alert-manager slack config