Skip to content

Latest commit

 

History

History
120 lines (99 loc) · 8.42 KB

README.md

File metadata and controls

120 lines (99 loc) · 8.42 KB

Practical Docker Tools

Kubernetes is hard--or is it? This repo is a collection of multi-platform images and container resource definitions for managing a software-dev organization using Kubernetes. These tools make it easy. Contents:

Directory Description
ansible build your own cluster (Kubernetes or Swarm)
images images which are published to Docker Hub
k8s container resources in kubernetes yaml format
lib/build build makefile and tools
services non-clustered docker-compose services
ssl PKI certificate tools (deprecated by k8s)
stacks container resources in docker-compose format

Find images at docker hub/instantlinux. Each image is scanned by trivy to ensure they contain no known CVE vulnerabilities before promotion to Docker Hub.

Find a lot more details about the Kubernetes bare-metal installer in k8s/README.

Kubernetes capabilities

The cluster-deployment tools here include helm charts and ansible playbooks to spin up bare-metal or VM master/worker nodes, and a Makefile to add several additional features.

  • Direct-attached SSD local storage pools
  • Dashboard
  • Non-default namespace with its own service account (full permissions within namespace, limited read-only in kube-system namespaces)
  • Keycloak for OpenID / OAuth2 user authentication / authorization
  • Vaultwarden, a self-hosted Bitwarden-compatible password manager
  • Helm3
  • Mozilla sops with encryption (to keep credentials in local git repo)
  • Encryption for internal etcd
  • MFA using Authelia and Google Authenticator
  • Calico or flannel networking
  • ingress-nginx
  • Local-volume sync
  • Pod security policies
  • Automatic certificate issuing/renewal with Letsencrypt
  • PostgreSQL-operator from CrunchyData

Resource definitions

Developer infrastructure

Service Version Notes
artifactory ** binary repo
gitea ** git repo
admin-git sync git repo across swarm
jira ** ticket tracking
mariadb-galera automatic cluster setup
nexus ** binary repo with docker registry
python-builder CI testing for python
python-wsgi WSGI runtime for python flask apps
wordpress **

Networking and support

Service Version Notes
authelia ** single-signon multi-factor auth
cloud ** nextcloud, private sync like Apple iCloud
data-sync poor-man's SAN for persistent storage
duplicati backups
ez-ipupdate Dynamic DNS client
haproxy-keepalived load balancer
guacamole ** authenticated remote-desktop server
logspout ** central logging for Docker
mysqldump per-database alternative to xtrabackup
nagios Nagios Core v4 for monitoring
nagiosql NagiosQL for configuring Nagios Core v4
nut-upsd Network UPS Tools
openldap OpenLDAP authentication server
restic ** backups
rsyslogd logger in a 13MB image
samba file server
samba-dc Active-Directory compatible domain controller
secondshot rsnapshot-based backups
splunk ** the free version

Email

Service Version Notes
blacklist a local rbldnsd for spam control
dovecot imapd server
postfix compact general-purpose image in 11MB
postfix-python postfix with spam-control scripts
rainloop ** webmail imapd-client server
spamassassin spam control daemon

Entertainment

Service Version Notes
davite party-invites manager like eVite
mt-daapd iTunes server
mythtv-backend MythTV backend
weewx Weather station software (Davis VantagePro2 etc.)
wxcam-upload Upload webcam images to Weather Underground

Credits

Thank you to the following contributors!

Contents created 2017-23 under Apache 2.0 License by Rich Braun.