Update docs

Quickstart.md

@@ -34,11 +34,18 @@ Cloudbender creates a kubezero config file, which incl. all outputs from the Clo
 ## Deploy KubeZero Helm chart
 `./deploy.sh`
 
-The deploy script will handle the initial bootstrap process up to point of installing advanced services like Istio or Prometheus.  
-It will take about 10min to reach the point of being able to install these advanced services.
+The deploy script will handle the initial bootstrap process as well as the roll out of advanced components like Prometheus, Istio and ElasticSearch/Kibana in various phases.
+
+It will take about 10 to 15 minutes for ArgoCD to roll out all the services...
+
+
+# Own apps
+- Add your own application to ArgoCD via the cli
+
+# Troubleshooting
 
 ## Verify ArgoCD
-At this stage we there is no support for any kind of Ingress yet. To reach the Argo API port forward from localhost via:  
+To reach the Argo API port forward from localhost via:  
 `kubectl port-forward svc/kubezero-argocd-server -n argocd 8080:443`
 
 Next download the argo-cd cli, details for different OS see https://argoproj.github.io/argo-cd/cli_installation/  
@@ -46,37 +53,5 @@ Next download the argo-cd cli, details for different OS see https://argoproj.git
 Finally login into argo-cd via `argocd login localhost:8080` using the *admin* user and the password set in values.yaml earlier.
 
 List all Argo applications via: `argocd app list`.  
-Currently it is very likely that you need to manually trigger sync runs for `cert-manager`as well as `kiam`.  
-eg. `argocd app cert-manager sync`
 
 
-# Only proceed any further if all Argo Applications show healthy !!
-
-## WIP not yet integrated into KubeZero
-
-### Istio
-Istio is currently pinned to version 1.4.X as this is the last version supporting installation via helm charts. 
-
-Until Istio is integrated into KubeZero as well as upgraded to 1.6 we have to install manually.  
-
-- adjust values.yaml
-- update domain in `ingress-certificate.yaml`
-- update.sh
-- deploy.sh
-
-### Logging
-To deploy fluentbit only required adjustment is the `fluentd_host=<LOG_HOST>` in the kustomization.yaml.
-
-- deploy namespace for logging via deploy.sh
-- deploy fluentbit via `kubectl apply -k fluentbit`
-
-### Prometheus / Grafana
-Only adjustment required is the ingress routing config in istio-service.yaml. Adjust as needed before executing:  
-`deploy.sh`
-
-### EFS CSI
-- add the EFS fs-ID from the worker cloudformation output into values.yaml and the efs-pv.yaml
-- `./deploy.sh`
-
-# Demo / own apps
-- Add your own application to ArgoCD via the cli

README.md

@@ -14,44 +14,50 @@ All chosen components are 100% organic OpenSource.
 - Work within each community / give back
 
 
-# Components
+## General
+- Container runtime cri-o rather than Docker for improved security and performance
 
-## Network / CNI
-- Calico using VxLAN as default backend
 
-## Certificate management
-- cert-manager incl. a local self-signed cluster CA
+## Control plane
+- support for single node control plane for small clusters / test environments to reduce costs
+- access to control plane from within the VPC only by default ( VPN access required for Admin tasks )
+- controller nodes are used for various platform admin controllers / operators to reduce costs and noise on worker nodes
+- integrated ArgoCD Gitops controller
 
-## Metrics / Alerting
-- Prometheus / Grafana
+## AWS IAM access control
+- Kiam allowing IAM roles per pod
+- IAM roles are assumed / requested and cached on controller nodes for improved security
+- blocking access to meta-data service on all nodes
+- IAM roles are maintained/ automated and tracked via CFN templates
 
-## Logging
-- Fluent-bit 
-- Fluentd
-- ElasticSearch
-- Kibana
-
-## Dashboard 
-- see ArgoCD
+## Network
+- Calico using VxLAN incl. increased MTU
+- allows way more containers per worker
+- isolates container traffic from VPC by using VxLAN overlay
+- no restrictions on IP space / sizing from the underlying VPC architecture
 
 ## Storage
-- EBS external CSI storage provider
-- EFS external CSI storage provider
-- LocalVolumes
-- LocalPath
+- flexible EBS support incl. zone awareness
+- EFS support via automated EFS provisioning for worker groups via CFN templates
+- local storage provider for latency sensitive high performance workloads
 
-## Ingress 
-- AWS Network Loadbalancer
-- Istio providing Public and Private Envoy proxies
-- HTTP(s) and TCP support
-- Real client source IPs available
+## Ingress
+- AWS Network Loadbalancer and Istio Ingress controllers
+- No additional costs per exposed service
+- Automated SSL Certificate handling via cert-manager incl. renewal etc.
+- support for TCP services
+- Client source IP available to workloads via HTTP header
+- optional full service mesh
 
-## Service Mesh ( optional )
-
-
-# KubeZero vs. EKS
-
-## Controller nodes used for various admin controllers
-
-## KIAM incl. blocked access to meta-data service
+## Metrics
+- Prometheus support for all components
+- automated service discovery allowing instant access to common workload metrics
+- Preconfigured community maintained Grafana dashboards for common services
+- Preconfigured community maintained Alerts
 
+## Logging
+- all container logs are enhanced with Kubernetes metadata to provide context for each message
+- flexible ElasticSearch setup via ECK operator to ease maintenance and reduce required admin knowledge, incl automated backups to S3
+- Kibana allowing easy search and dashboards for all logs, incl. pre configured index templates and index management to reduce costs
+- fluentd central log ingress service allowing additional parsing and queuing to improved reliability
+- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via SSL to fluentd