Managed Kubernetes Public Documentation Portal
Description
Trustnest Managed Kubernetes (k8saas) is a service of the Thales Digital Platform (TDP).
K8saas aims to provide a service to run applications in development and production while minimizing operational costs while respecting high security constraints.
References
- Artificial Intelligence: MYDATAMODEL
- Drone Operation: ScaleFlyt
- Thales Corporate Engineering Environment: TDP Software Factory
- New intelligent planning tool for shipyards: Refit Optimizer
- Real-Time Data Integration and Processing Nexus for Adaptive C2 Systems: Sensor Hub
- Extend elasticsearch/opensearch capability with Trustnest Knowledge Search
Getting Started
First ask for a cluster creation using Thales postit portal. If you are not familiar with this new portal, please let yourself be guided here
Then look at our GETTING STARTED documentation.
tip
You want to use k8saas from example ? --> discover multiple hello worlds projects like using WAF, SSO, persistent storage and more...
Features
Self-Service
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Add service account to your namespace | GA | ✅ | ✅ | ✅ |
Add your namespaces with HNS | GA | ✅ | ✅ | ✅ |
Provide access to your team | GA | ✅ | ✅ | ✅ |
Onboarding: ask for further privileges | GA | ✅ | ✅ | ✅ |
Setting Grafana Alerting | GA | ✅ | ✅ | ✅ |
Simplified services for application exposition | GA | ✅ | ✅ | ✅ |
Stop & Start your AKS cluster | EA | ✅ | ✅ | ✅ |
Use Gitops to deploy your workload | EA | ❌ | ❌ | ✅ |
Observability
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Cluster Monitoring with Grafana | GA | ✅ | ✅ | ✅ |
Centralized and dedicated log with Log analytics | GA | ✅ | ✅ | ✅ |
Role Base access report | Deprecated | ❌ | ❌ | ❌ |
Security
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Automatic AKS Operating System Nodes upgrade | Deprecated | ❌ | ❌ | ❌ |
Automatic Backup with Velero | GA | ✅ | ✅ | ✅ |
BSS helper | GA | ✅ | ✅ | ✅ |
Enforcing Policies with OPA Gatekeeper | GA | ✅ | ✅ | ✅ |
Managed Network Security Groups | GA | ✅ | ✅ | ✅ |
Trusted image registries | GA | ❌ | ❌ | ✅ |
Pod to Pod Encryption with Linkerd | GA | ✅ | ✅ | ✅ |
Web application firewall with ModSecurity | GA | ✅ | ✅ | ✅ |
Corporate Add-on
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Access to corporate add-on application from RIE | GA | ✅ | ✅ | ✅ |
Access to corporate add-on application from TNAP | GA | ✅ | ✅ | ✅ |
Corporate Add-on | GA | ✅ | ✅ | ✅ |
Exposing your corporate add-on application using Thales private domain | GA | ✅ | ✅ | ✅ |
Confidential Add-on
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Data encryption with Confidential Addon (by Ciphertrust) | EA | ❌ | ❌ | ✅ |
Access Management
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Built-in roles base access with Thales identity | GA | ✅ | ✅ | ✅ |
Built-in SSO for Thales employees (Oauth2) | Deprecated | ❌ | ❌ | ❌ |
Private application exposition with Nginx | GA | ✅ | ✅ | ✅ |
SSO New Generation with Pomerium | GA | ✅ | ✅ | ✅ |
TLS Certificate generation with Let's encrypt | GA | ✅ | ✅ | ✅ |
Workload Identity integration | Explorer | ✅ | ✅ | ✅ |
Performance
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Available Azure Region | GA | ✅ | ✅ | ✅ |
GPU for compute-intensive workloads | Explorer | ✅ | ✅ | ✅ |
Prioritize your workloads with priorityClassName | GA | ✅ | ✅ | ✅ |
Supported AKS VM types | GA | ✅ | ✅ | ✅ |
Azure NAT Gateway Support | EA | ❌ | ❌ | ✅ |
Storages
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Persist data for your applications | GA | ✅ | ✅ | ✅ |
Cost Optimization
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Cost Optimization Feature | EA | ✅ | ✅ | ✅ |
Dynamically scale your workload with Keda | Explorer | ❌ | ❌ | ✅ |
Estimate and monitor your cloud spending. | GA | ✅ | ✅ | ✅ |
Scheduled AKS Scaling | EA | ✅ | ✅ | ✅ |
Use spot Instances | Explorer | ❌ | ❌ | ✅ |
Customization
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Additional Windows Node pool | EA | ❌ | ❌ | ✅ |
Bring your own DNS domain | GA | ❌ | ❌ | ✅ |
Deploy CustomResourceDefinition,ClusterRole and Operators | EA | ❌ | ❌ | ✅ |
Advanced Observability Stack
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Transversal Observability Stack and Log sink | Explorer | ❌ | ❌ | ✅ |
EA:Early Access, GA:General Availability
Tutorial & Learning Section
Access to k8saas
- Access to k8saas from any device
- Get k8saas technical account (aka service account kubeconfig) #Deprecated from Copernic 3.8
- K8SaaS Service account by Trustnest IAM
- Use Azure/kubelogin with k8saas
Develop with k8saas
Write a Dockerfile
From Docker to Kubernetes / Use Kubernetes patterns
- Create your first Helm Charts
- Setup pod requests, limits and QoS
- Secure your containers with Thales Container Base Images
- Import your own certificate
- Specifying a Disruption Budget for your Application
- Using Sops to encrypt and manage secrets
- Discover the Kubernetes Networking concept
Use CI/CD with k8saas
- Use a Service account to deploy in a CI/CD
- Reuse default CI/CD pipeline - app-sample #Outdated
- Secure Deployment With Coverity
Integrate k8saas with other trustnest services
Integrate k8saas with other cloud services
Use Project Pack (explorer)
Professional & Managed Services
- Vulnerability Management
- Understand the support organization & ticketing SLA
- Get the k8saas service status
- Discover the next breaking changes
- Raise a ticket to the support
Explore k8saas community
- Thales Innersource - Hello world using WAF, SSO, persistent storage and more...
- Warp10/SensX - GeoMap Series
- Punch Platform - real-time custom parsing
How to find out more about k8saas ?
- Have a look at our BLOG
- Product Owner contact
- 24/5 support