Docs update

This commit is contained in:
Stefan Reimer 2023-09-05 12:01:00 +01:00
parent 2f5f07ecb1
commit 5081d24000

View File

@ -4,12 +4,12 @@ KubeZero is a Kubernetes distribution providing an integrated container platform
# Design philosophy # Design philosophy
- Cloud provider agnostic, bare-metal/self-hosted
- Focus on security and simplicity over feature creep - Focus on security and simplicity over feature creep
- No vendor lock in, most components are optional and could be easily exchanged - No vendor lock in, most components are optional and could be easily changed as needed
- Organic Open Source / open and permissive licenses over closed-source solutions
- No premium services / subscriptions required - No premium services / subscriptions required
- Staying up to date and contributing back to upstream projects, like alpine-cloud-images and others - Staying up to date and contributing back to upstream projects, like alpine-cloud-images and others
- Cloud provider agnostic, bare-metal/self-hosted
- Organic Open Source / open and permissive licenses over closed-source solutions
- Corgi approved :dog: - Corgi approved :dog:
@ -28,15 +28,15 @@ KubeZero is distributed as a collection of versioned Helm charts, allowing custo
gantt gantt
title KubeZero Support Timeline title KubeZero Support Timeline
dateFormat YYYY-MM-DD dateFormat YYYY-MM-DD
section 1.24
beta :124b, 2022-11-14, 2022-12-31
release :after 124b, 2023-06-01
section 1.25 section 1.25
beta :125b, 2023-03-01, 2023-03-31 beta :125b, 2023-03-01, 2023-03-31
release :after 125b, 2023-08-01 release :after 125b, 2023-08-01
section 1.26 section 1.26
beta :126b, 2023-06-01, 2023-06-30 beta :126b, 2023-06-01, 2023-06-30
release :after 126b, 2023-10-01 release :after 126b, 2023-11-01
section 1.27
beta :127b, 2023-09-01, 2023-09-30
release :after 127b, 2024-02-01
``` ```
[Upstream release policy](https://kubernetes.io/releases/) [Upstream release policy](https://kubernetes.io/releases/)
@ -44,14 +44,20 @@ gantt
# Components # Components
## OS ## OS
- all nodes are based on Alpine V3.17 - all compute nodes are running on Alpine V3.18
- 2 GB encrypted root file system - 2 GB encrypted root file system
- no 3rd party dependencies at boot ( other than container registries ) - no external dependencies at boot time, apart from container registries
- minimal attack surface - minimal attack surface
- extremely small memory footprint / overhead - extremely small memory footprint / overhead
- cri-o container runtime incl. AppArmor support
## Container runtime ## GitOps
- cri-o rather than Docker for improved security and performance - cli / cmd line install
- optional full ArgoCD support and integration
## Featured workloads
- rootless CI/CD build platform to build containers as part of a CI pipeline, using podman / fuse device plugin support
- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron
## Control plane ## Control plane
- all Kubernetes components compiled against Alpine OS using `buildmode=pie` - all Kubernetes components compiled against Alpine OS using `buildmode=pie`
@ -59,11 +65,6 @@ gantt
- access to control plane from within the VPC only by default ( VPN access required for Admin tasks ) - access to control plane from within the VPC only by default ( VPN access required for Admin tasks )
- controller nodes are used for various platform admin controllers / operators to reduce costs and noise on worker nodes - controller nodes are used for various platform admin controllers / operators to reduce costs and noise on worker nodes
## GitOps
- cli / cmd line install
- optional full ArgoCD support and integration
- fuse device plugin support to build containers as part of a CI pipeline leveraging rootless podman build agents
## AWS integrations ## AWS integrations
- IAM roles for service accounts allowing each pod to assume individual IAM roles - IAM roles for service accounts allowing each pod to assume individual IAM roles
- access to meta-data services is blocked all workload containers on all nodes - access to meta-data services is blocked all workload containers on all nodes