GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → zalando-incubator → Kubernetes On Aws

zalando-incubator / Kubernetes On Aws

Licence: mit
Deploying Kubernetes on AWS with CloudFormation and Ubuntu

Programming Languages

go
31211 projects - #10 most used programming language

Labels

kubernetesawscloudkubernetes-cluster

Projects that are alternatives of or similar to Kubernetes On Aws

Awsweeper
A tool for cleaning your AWS account
Stars: ✭ 331 (-35.98%)
Mutual labels:  aws, cloud
Terratag
Terratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources
Stars: ✭ 385 (-25.53%)
Mutual labels:  aws, cloud
Cloud Custodian
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Stars: ✭ 3,926 (+659.38%)
Mutual labels:  aws, cloud
Adapt
ReactJS for your infrastructure. Create and deploy full-stack apps to any infrastructure using the power of React.
Stars: ✭ 317 (-38.68%)
Mutual labels:  aws, cloud
Terracognita
Reads from existing Cloud Providers (reverse Terraform) and generates your infrastructure as code on Terraform configuration
Stars: ✭ 452 (-12.57%)
Mutual labels:  aws, cloud
Aws Sdk Ruby
The official AWS SDK for Ruby.
Stars: ✭ 3,328 (+543.71%)
Mutual labels:  aws, cloud
Cipi
An Open Source Control Panel for your Cloud! Deploy and manage LEMP apps in one click!
Stars: ✭ 376 (-27.27%)
Mutual labels:  aws, cloud
Leapp
Leapp is the tool to access your cloud; It securely stores your access information and generates temporary credential sets to access your cloud ecosystem from your local machine.
Stars: ✭ 306 (-40.81%)
Mutual labels:  aws, cloud
Jmeter Ec2
Automates running Apache JMeter on Amazon EC2
Stars: ✭ 448 (-13.35%)
Mutual labels:  aws, cloud
Midway
🍔 A Node.js Serverless Framework for front-end/full-stack developers. Build the application for next decade. Works on AWS, Alibaba Cloud, Tencent Cloud and traditional VM/Container. Super easy integrate with React and Vue. 🌈
Stars: ✭ 5,080 (+882.59%)
Mutual labels:  aws, cloud
Docker Android
Android in docker solution with noVNC supported and video recording
Stars: ✭ 4,042 (+681.82%)
Mutual labels:  aws, cloud
Fastocloud
Self-hosted IPTV/NVR/CCTV/Video service (Community version)
Stars: ✭ 464 (-10.25%)
Mutual labels:  aws, cloud
My Links
Knowledge seeks no man
Stars: ✭ 311 (-39.85%)
Mutual labels:  aws, cloud
Kube Ingress Aws Controller
Configures AWS Application Load Balancers according to Kubernetes Ingress resources
Stars: ✭ 326 (-36.94%)
Mutual labels:  aws, cloud
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+782.21%)
Mutual labels:  aws, cloud
Trailscraper
A command-line tool to get valuable information out of AWS CloudTrail
Stars: ✭ 352 (-31.91%)
Mutual labels:  aws, cloud
Ccat
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Stars: ✭ 300 (-41.97%)
Mutual labels:  aws, cloud
K3sup
bootstrap Kubernetes with k3s over SSH < 1 min 🚀
Stars: ✭ 4,012 (+676.02%)
Mutual labels:  cloud, kubernetes-cluster
Howtheyaws
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world use Amazon Web Services (AWS)
Stars: ✭ 389 (-24.76%)
Mutual labels:  aws, cloud
Terraformer
CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
Stars: ✭ 6,316 (+1121.66%)
Mutual labels:  aws, cloud
View All Similar Projects ➔

================= Kubernetes on AWS

WORK IN PROGRESS

This repo contains configuration templates to provision Kubernetes_ clusters on AWS using Cloud Formation and Ubuntu Linux_.

Many values are parameterized and values are not always visible. We're focusing on solving our own, specific/Zalando use case. However, we are open to ideas from the community at large about potentially turning this idea into a project that provides universal/general value to others. Please contact us via our Issues Tracker with your thoughts and suggestions.

Configuration in this repository initially was based on kube-aws_, but now depends on four components which aren't all yet open sourced:

  • Cluster Registry to keep desired cluster states (e.g. used config channel and version)
  • Cluster Lifecycle Manager_ to provision the cluster's Cloud Formation stack and apply Kubernetes manifests for system components
  • Cluster Lifecycle Controller that handles rolling updates from inside the cluster, for example node termination
  • Authnz Webhook to validate OAuth tokens and authorize access

Lean more about Zalando's cloud native journey by reading the Zalando Case Study on kubernetes.io. Please watch our meetup talk "Kubernetes on AWS at Europe's Leading Online Fashion Platform" on YouTube to learn how we run Kubernetes on AWS in production. See our Running Kubernetes in Production on AWS document_ for details on the setup.

Features

  • Highly available master nodes (ASG) behind ELB
  • Worker Auto Scaling Group with node pools support
  • Flannel overlay networking
  • Cluster autoscaling (using cluster-autoscaler_)
  • Kubernetes DNS with node-local dnsmasq as daemonset and CoreDNS resolver for cluster.local domain running in the same pod.
  • Route53 DNS integration via External DNS_
  • AWS IAM integration via kube2iam_, AWS OIDC IAM_
  • Standard components are installed: dashboard, node exporter, kube-state-metrics, see also cluster/manifests_ directory
  • Webhook authentication and authorization (roles "ReadOnly", "PowerUser", "Manual", "Emergency", "Administrator")
  • Emergency Access via internal emergency-access-service, that grant roles "Manual" and "Emergency" with 4 eyes principle and audit logging
  • Log shipping via Scalyr
  • Full Ingress support with ALB/NLB and TLS integration via kube-ingress-aws-controller_ and HTTP routing via skipper_
  • Enhanced usability with managed stacks and blue green deployments via stackset-controller_ and skipper_
  • Fabric API Gateway, which can be used in combination with stackset-controller
  • Static Egress IPs to route through NAT Gateways with Elastic IPs via kube-static-egress-controller_
  • Horizontal Pod Autoscaling with scaling by request per second, SQS queue size or others via kube-metrics-adapter_
  • Vertical Pod Autoscaling to scale for example Prometheus
  • EFS support
  • GPU support
  • ETCD backup via Kubernetes cronjob and etcdctl snapshot and upload to S3
  • Monitoring via Prometheus and OpenTracing_
  • Fully automated cluster updates via Cluster Lifecycle Manager_
  • Automated downscaling for test clusters with kube-downscaler_
  • Fallback node pools
  • Spot node pool integration
  • automated PDB creation with pdb-controller_

Notes

  • Node and user authentication is done via tokens (using the webhook feature)
  • SSL client-cert authentication is disabled
  • Many values are hardcoded
  • Secrets (e.g. shared token) are not KMS-encrypted in the cluster

Assumptions

  • The AWS account has one or more hosted zones in Route53 including a proper SSL cert (you can use the free ACM service)
  • The VPC has at least one public subnet per AZ (either AWS default VPC setup or public subnet named "dmz--")
  • The VPC is in region eu-central-1 or eu-west-1
  • etcd cluster is available via DNS discovery (SRV records) at etcd.
  • OAuth Token Info_ is available to validate user tokens

Directory Structure

  • cluster/cluster.yaml: Cloud Formation template files for the cluster (will be applied by Cluster Lifecycle Manager_)
  • cluster/config-defaults.yaml: Default values for different kind of use that can be overriden by values from our cluster-registry (will be applied by Cluster Lifecycle Manager_)
  • cluster/etcd-cluster.yaml: Senza Cloud Formation to deploy ETCD
  • cluster/manifests: Kubernetes manifests for system components (will be applied by Cluster Lifecycle Manager_)
  • cluster/node-pools: Cloud Formation template files and userdata (cloud-init) for ContainerLinux node-pools (will be applied by Cluster Lifecycle Manager_)
  • docs: extracts from internal Zalando documentation (https://kubernetes-on-aws.readthedocs.io/)

.. _Kubernetes: http://kubernetes.io .. _CoreOS Container Linux: https://coreos.com/os/docs/latest .. _kube-aws: https://github.com/coreos/coreos-kubernetes/tree/master/multi-node/aws .. _Senza Cloud Formation tool: https://github.com/zalando-stups/senza .. _OAuth Token Info: http://planb.readthedocs.io/en/latest/intro.html#token-info .. _Cluster Lifecycle Manager: https://github.com/zalando-incubator/cluster-lifecycle-manager .. _External DNS: https://github.com/kubernetes-incubator/external-dns .. _kube2iam: https://github.com/jtblin/kube2iam .. _kube-aws-iam-controller: https://github.com/zalando-incubator/kube-aws-iam-controller .. _AWS OIDC IAM: https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/ .. _cluster-autoscaler: https://github.com/kubernetes/autoscaler .. _Running Kubernetes in Production on AWS document: https://kubernetes-on-aws.readthedocs.io/en/latest/admin-guide/kubernetes-in-production.html .. _"Kubernetes on AWS at Europe's Leading Online Fashion Platform" on YouTube: https://www.youtube.com/watch?time_continue=2671&v=XmnhzEoengI .. _kube-ingress-aws-controller: https://github.com/zalando-incubator/kube-ingress-aws-controller .. _skipper: https://github.com/zalando/skipper .. _stackset-controller: https://github.com/zalando-incubator/stackset-controller .. _Fabric API Gateway: https://github.com/zalando-incubator/fabric-gateway .. _kube-static-egress-controller: https://github.com/szuecs/kube-static-egress-controller .. _kube-metrics-adapter: https://github.com/zalando-incubator/kube-metrics-adapter .. _Zalando Case Study on kubernetes.io: https://kubernetes.io/case-studies/zalando/ .. _cluster/manifests: https://github.com/zalando-incubator/kubernetes-on-aws/tree/dev/cluster/manifests .. _kube-downscaler: https://github.com/hjacobs/kube-downscaler .. _pdb-controller: https://github.com/mikkeloscar/pdb-controller .. _OpenTracing: https://opentracing.io

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].