Project is designed to allow you compose the Kubernetes infrastructure that fits your needs. Refer to the pillar example to learn how to enable/disable and customize features.
Kubernetes applications demonstration and troubleshooting.
| HTTP Troubleshooting | microservices demo |
|---|---|
| httpbin | microservices-demo |
 |
 |
| Server side HTTP requests troubleshooting tool | Sock shop microservices architecture demo |
| Identity & Access Management server | Autentication proxy | Autentication proxy sidecar injector |
|---|---|---|
| keycloak | keycloak-gatekeeper | proxyinjector |
 |
|
 |
| Single Sign-on service | Provide Authn and Authz to services that do not support OIDC/SAML | Injects Keycloak Gatekeeper as sidecar to annotated deployments |
Solutions for Function as a Service.
| Messaging | |
|---|---|
| NATS | |
 |
|
| High speed non-persistent messaging | |
Solutions for Function as a Service.
| Simple Serverless platform | Advanced Serverless platform | Fast Serverless platform | Datascience oriented Serverless platform |
|---|---|---|---|
| Kubeless | OpenFaaS | Fission | Nuclio |
 |
 |
 |
 |
| Python, Node, Java, Go, Ruby, .Net core, Berlina Trigger support: NATS, Kafka, Cronjob, Kinesis and HTTP | Any Trigger support: NATS, NATS Streamin, Kafka, Cronjob, Kinesis, Redis, MQTT, SQS, CloudEvents... | Python, Node, Java, Go, Ruby, Binary/Scripts, Php 7, .NET 2.0, .NET, Perl Trigger support: NATS Streaming, Kafka | Python, Node, Java, Go, .Net core, Bianry Trigger support:NATS, Kafka, Cronjob, Kinesis, RabbitMQ, v3ioStream, MQTT, EventHub and HTTP |
Solutions for continuous security audit.
| Threat detection engine | Workload security assessment |
|---|---|
| Falco | Kube-Scan |
 |
 |
| Detects unexpected applicaton behavioir and alerts on theats at runtime. | Scans the kubernetes workload and score the security of Kubernetes pods. |
Solutions for software factory.
>| Continuous integration | Continuous Deployment | Container image registry | ||||
|---|---|---|---|---|---|---|
| Concourse | Jenkins | Argo | Tekton | Spinnaker | Argo CD | Harbor |
 |
 |
 |
 |
 |
|
 |
| Cloud Native Continuous Integration | Classic Continuous Integration | Cloud Native Workflow engine | Cloud Native Continuous Delivery | Cloud Native workflow engine for Kubernetes | Cloud Native GitOps engine for Kubernetes | Secure image and Charts repository |
Solutions for monitoring, logging and tracing.
| kube-dashboard | kube-prometheus | EFK | Weave Scope | Vistio | |||||
|---|---|---|---|---|---|---|---|---|---|
| Dashboard | Prometheus-Operator | Grafana | Prometheus | Node Exporter | Kibana | Elasticsearch | Fluentd | Weave Scope | Vistio |
 |
 |
 |
|
 |
 |
 |
 |
|
 |
| Cluster administration and monitoring | Prometheus platform orchestration | Metrics visualisation | Metrics collection | Metrics export | Logs visualisation | Logs aggregation | Logs shipping | Network visualisation | Istio mesh visualisation |
Solutions to access hosted applications and cluster services.
| Application endpoint | Cluster endpoint | ||||
|---|---|---|---|---|---|
| Istio Ingress & Egress Gateway | Traefik Ingress | Nginx Ingress | Contour Ingress | HApoxy | Envoy |
|
 |
 |
 |
 |
 |
| Proxy & Reverse proxy | Reverse proxy | Reverse proxy | Reverse proxy | Reverse proxy | Reverse proxy |
Solutions to provide storage persistence to stateful applications.
| Backup & Recovery | Distributed storage | S3 compatible storage | Distributed database | |||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Velero | Rook | Rook-Ceph | Rook-EdgeFS | Longhorn | OpenEBS Cstor/Jiva | OpenEBS Mayastor | Portworx | Minio | Rook-CockroachDB | Rook-YugabyteDB |
 |
 |
 |
 |
 |
 |
|
 |
 |
 |
 |
| Kubernetes cluster and workload backup & restore | Storage infrastructure management | Local Block, Object and File storage | Geo-Distributed Block, Object and File storage | Local Block storage | Local Block storage | Local NVME/NVMF Block storage | Geo-Distributed Block and File storage | Object storage | Distributed SQL database | Distributed SQL database |
Solution to manage micro-services interconnexions and service discovery at scale.
| Service Mesh | Service Discovery | |
|---|---|---|
| Istio | Envoy | CoreDNS |
|
|
 |
| Meshed pod control plane management | Meshed pod data plane | Dynamic name resolution |
Solutions to manage container networking and traffic policies.
| Library | Plugin | ||||
|---|---|---|---|---|---|
| CNI | Flannel | Calico | Canal | Cilium | Weave net |
 |
 |
 |
 |
 |
|
| Network library | L2 vxlan without security policy | L3 BGP with security policy (iptables) | L2 vxlan with security policy (iptables) | L2 vxlan with security policy (BPF) | L2 vxlan with security policy (iptables) |
Solutions to run containerized applications.
| Build and run | Run only | ||
|---|---|---|---|
| Docker | Containerd | Cri-O | |
 |
 |
 |
|
Solutions to control and protect the cluster exchange on the Web.
| Protection machines | Server management | ||
|---|---|---|---|
| UFW | IP Tables | Tinyproxy | Cloudflare |
 |
|
 |
 |
| Simplified iptables administration | Stateful network firewall | Outboud web filtering | DDOS web protection |
Cloud infrastructure providers.
| IaaS | ||
|---|---|---|
| Scaleway | Hetzner | Azure |
 |
 |
 |
| Low-cost Atom & ARM server | Low-cost Xeon server | Xeon server |
Managed DNS services.
| Name resolution | |
|---|---|
| Cloudflare | OVH |
|
 |
| API driven DNS service with DDOS protection | API driven DNS service |
Tools to instanciate the various cluster components
| Server orchestration | Server management | Container orchestration |
|---|---|---|
| Terraform | SaltStack | Kubernetes |
 |
 |
|
| Create and prepare server for Salt Kubernetes installation | Install Kubernetes cluster and addons | Deploy and manage contairized application |