KubeZero - ZeroDownTime Kubernetes Platform
Go to file
Stefan Reimer 1b6167297f fix: multus fixes 2021-12-21 23:38:11 +01:00
charts fix: multus fixes 2021-12-21 23:38:11 +01:00
containers/admin fix: multus fixes 2021-12-21 23:38:11 +01:00
docs chore: update upgrade docs 2021-07-22 16:33:09 +02:00
scripts chore: migrate all nodelabel selectors from master to control-plane 2021-12-08 17:29:53 +01:00
.gitignore chore: some cleanup, new tools script to check cgroup memory limits 2021-04-14 16:06:29 +02:00
.helmdocsignore CI/CD tools update 2021-01-21 10:53:53 +00:00
.versionrc chore: checkin diffs to sync desktop 2021-05-12 16:32:33 +02:00
CHANGELOG.md More documentation updates 2021-01-26 14:04:47 +00:00
LICENSE.md Initial commit 2020-05-01 14:57:31 +01:00
Makefile Minor cleanup 2021-01-27 12:20:11 +00:00
README.md feat: new 1.21 kubeadm flow 2021-11-27 14:02:23 +01:00
cliff.toml fix: various minor tweaks and updates 2021-08-25 16:02:21 +02:00

README.md

KubeZero - Zero Down Time Kubernetes platform

KubeZero is a Kubernetes distribution providing an integrated container platform so you can focus on your applications.

Design philosophy

  • Cloud provider agnostic, bare-metal/self-hosted
  • No vendor lock in, most components are optional and could be exchanged
  • Organic Open Source / open and permissive licenses over closed-source solutions
  • No premium services / subscriptions required
  • Staying and contributing back to upstream projects as much as possible
  • Corgi approved 🐶

Architecture

aws_architecture

Version / Support Matrix

KubeZero releases track the same minor version of Kubernetes.
Any 1.20.X-Y release of Kubezero supports any Kubernetes cluster 1.20.X.

KubeZero is distributed as a collection of versioned Helm charts, allowing custom upgrade schedules and module versions as needed.

KubeZero Version Kubernetes Version EOL
v1.21.0-alpha v1.21 28 Feb 2022
v1.20.8 v1.20 30 Nov 2021
v1.19 v1.19 Jul 2021
v1.18 v1.18 Apr 2021
v1.17 v1.17 Jan 2021
v1.16 v1.16 Nov 2020

Upstream release policy

Components

Container runtime

  • cri-o rather than Docker for improved security and performance

Control plane

  • support for single node control plane for small clusters / test environments to reduce costs
  • access to control plane from within the VPC only by default ( VPN access required for Admin tasks )
  • controller nodes are used for various platform admin controllers / operators to reduce costs and noise on worker nodes

GitOps

  • cli / cmd line install
  • optional full ArgoCD support and integration

AWS integrations

  • IAM roles for service accounts allowing each pod to assume individual IAM roles
  • access to meta-data services is blocked all workload containers on all nodes
  • system IAM roles are maintained via CloudBender automation

Network

  • Calico using VxLAN incl. increased MTU
  • allows flexible / more containers per worker node compated to eg. AWS VPC CNI
  • isolates container traffic from VPC by using VxLAN overlay
  • no restrictions on IP space / sizing from the underlying VPC architecture

Storage

  • flexible EBS support incl. zone awareness
  • EFS support via automated EFS provisioning for worker groups via CloudBender automation
  • local storage provider (OpenEBS LVM) for latency sensitive high performance workloads

Ingress

  • AWS Network Loadbalancer and Istio Ingress controllers
  • optional rate limiting support
  • No additional costs per exposed service
  • Automated SSL Certificate handling via cert-manager incl. renewal etc.
  • support for TCP services
  • Client source IP available to workloads via HTTP header
  • optional full service mesh

Metrics

  • Prometheus support for all components
  • automated service discovery allowing instant access to common workload metrics
  • pre-configured Grafana dashboards and alerts
  • Alertmanager events via SNSAlertHub to Slack, Google, Matrix, etc.

Logging

  • all container logs are enhanced with Kubernetes and AWS metadata to provide context for each message
  • flexible ElasticSearch setup, leveraging the ECK operator, for easy maintenance & minimal admin knowledge required, incl. automated backups to S3
  • Kibana allowing easy search and dashboards for all logs, incl. pre configured index templates and index management
  • fluentd-concerter service providing queuing during highload as well as additional parsing options
  • lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter