Kubernetes is hard--or is it? This repo is a collection of multi-platform images and container resource definitions for managing a software-dev organization using Kubernetes. These tools make it easy. Contents:
| Directory | Description |
|---|---|
| ansible | build your own cluster (Kubernetes or Swarm) |
| images | images which are published to Docker Hub |
| k8s | container resources in kubernetes yaml format |
| lib/build | build makefile and tools |
| services | non-clustered docker-compose services |
| ssl | PKI certificate tools (deprecated by k8s) |
| stacks | container resources in docker-compose format |
Find images at docker hub/instantlinux. Each image is scanned by trivy to ensure they contain no known CVE vulnerabilities before promotion to Docker Hub.
Find a lot more details about the Kubernetes bare-metal installer in k8s/README.
The cluster-deployment tools here include helm charts and ansible playbooks to spin up bare-metal or VM master/worker nodes, and a Makefile to add several additional features.
- Direct-attached SSD local storage pools
- Dashboard
- Non-default namespace with its own service account (full permissions within namespace, limited read-only in kube-system namespaces)
- Keycloak for OpenID / OAuth2 user authentication / authorization
- Helm3
- Mozilla sops with encryption (to keep credentials in local git repo)
- Encryption for internal etcd
- MFA using Authelia and Google Authenticator
- Calico or flannel networking
- ingress-nginx
- Local-volume sync
- Pod security policies
- Automatic certificate issuing/renewal with Letsencrypt
- PostgreSQL-operator from CrunchyData
Developer infrastructure
| Service | Version | Notes |
|---|---|---|
| artifactory | ** | binary repo |
| gitlab | ** | CI server and git repo |
| admin-git |  |
sync git repo across swarm |
| jira | ** | ticket tracking |
| mariadb-galera |  |
automatic cluster setup |
| nexus | ** | binary repo with docker registry |
| python-builder |  |
CI testing for python |
| python-wsgi |  |
WSGI runtime for python flask apps |
| wordpress | ** |
Networking and support
| Service | Version | Notes |
|---|---|---|
| authelia | ** | single-signon multi-factor auth |
| cloud | ** | nextcloud, private sync like Apple iCloud |
| data-sync |  |
poor-man's SAN for persistent storage |
| duplicati |  |
backups |
| ez-ipupdate |  |
Dynamic DNS client |
| haproxy-keepalived |  |
load balancer |
| guacamole | ** | authenticated remote-desktop server |
| logspout | ** | central logging for Docker |
| mysqldump |  |
per-database alternative to xtrabackup |
| nagios |  |
Nagios Core v4 for monitoring |
| nagiosql |  |
NagiosQL for configuring Nagios Core v4 |
| nut-upsd |  |
Network UPS Tools |
| openldap |  |
OpenLDAP authentication server |
| restic | ** | backups |
| rsyslogd |  |
logger in a 13MB image |
| samba |  |
file server |
| samba-dc |  |
Active-Directory compatible domain controller |
| secondshot |  |
rsnapshot-based backups |
| splunk | ** | the free version |
| Service | Version | Notes |
|---|---|---|
| blacklist |  |
a local rbldnsd for spam control |
| dovecot |  |
imapd server |
| postfix |  |
compact general-purpose image in 11MB |
| postfix-python |  |
postfix with spam-control scripts |
| rainloop | ** | webmail imapd-client server |
| spamassassin |  |
spam control daemon |
Entertainment
| Service | Version | Notes |
|---|---|---|
| davite |  |
party-invites manager like eVite |
| mt-daapd |  |
iTunes server |
| mythtv-backend |  |
MythTV backend |
| weewx |  |
Weather station software (Davis VantagePro2 etc.) |
| wxcam-upload |  |
Upload webcam images to Weather Underground |
Thank you to the following contributors!
- Mike Neir
- Chad Hedstrom - personal site
- Sean Mollet
- Juan Manuel Carrillo Moreno - personal site
- nicxvan
- Frank Riley
- Devin Bayer
- Daniel Muller
- Brian Hechinger
Contents created 2017-23 under Apache 2.0 License by Rich Braun.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent