Kubernetes Platform Toolkit

karina is an open-source toolkit for building platforms, which includes:

• Integrated Production Runtime for monitoring, logging, multi-tenancy, auth, policy, secrets, DBaaS and CICD.
  • Docker Registry (Harbor)
  • Authentication (Dex, Oauth Proxy)
  • Authorization & Policy Enforcement (Open Policy Agent and Gatekeeper)
  • Certificate Management (cert-manager)
  • Secret Management (Sealed Secrets, Vault)
  • CI/CD (Tekton, ArgoCD, Flux, kpack, keptn)
  • Database as a Service (postgres-operator, rabbitmq-operator, redis-operator)
  • Logging (ElasticSearch, Filebeat, Packetbeat, Auditbeat, Kibana)
  • Monitoring (Grafana, Prometheus, Thanos, Karma, Canary Checker)
  • Multi-Tenancy (Namespace Configurator Cluster Quotas, Kiosk)
• Cluster Provisioning framework for Kind, vSphere and Cluster API (Coming Soon)
• Operations focused CLI for health checks, backup and restore, rolling updates, logging, etc..

karina leverages a number of other standalone operators built by flanksource:

• kommons as high-level library wrapping client-go
• canary-checker for multi-cluster synthetic monitoring of pod scheduling, docker pulls, DNS, ICMP, LDAP, Postgres, HTTP, etc..
• template-operator for building re-usable CRD's similar to crossplane's XRD
• platform-operator for multi-tenancy support
• git-operator for deploying GitOps tools like Flux and exposing REST interfaces onto of Git.

Design Principles

• Batteries Included - Most components require just a version to enable and are pre-configured with ingress, LDAP and TLS (managed by cert-manager) due to a shared infrastructure model that includes information such as top-level wild card domain, LDAP/S3 connection details, etc.
• Escape Hatches for when the defaults don't work for you, easily use kustomize patches to configure resource limits, labels, annotations and anything else on any object managed by karina.
• Integrated, but independent - karina works best when used to provision a Kubernetes cluster and then deploy and test a production runtime, but each function can also be used independently, i.e you can run karina e2e tests in an environment that wasn't provisioned or deployed by karina.

Comparisons

To see how karina compares to other tools in the ecosystem see comparisons

Community & FAQs

Please join the flanksource Slack workspace.

Contributing

Please follow the guideline below when contributing to this project

• Conventional commits