Managed Kubernetes Public Documentation Portal

Description

K8saas aims to provide a service to run applications in development and production while minimizing operational costs while respecting high security constraints.

References

• Artificial Intelligence: MYDATAMODEL
• Drone Operation: ScaleFlyt
• Thales Corporate Engineering Environment: TDP Software Factory
• New intelligent planning tool for shipyards: Refit Optimizer
• Real-Time Data Integration and Processing Nexus for Adaptive C2 Systems: Sensor Hub
• Extend elasticsearch/opensearch capability with Trustnest Knowledge Search

Getting Started

First ask for a cluster creation using Thales postit portal.

If you are not familiar with this new portal, please let yourself be guided here_

Then look at our GETTING STARTED documentation.

tip

You want to use k8saas from example ? --> discover multiple hello worlds projects like using WAF, SSO, persistent storage and more...

Features

Self-Service

Features	Maturity	Discover	Innovate	Industrialize
Add service account to your namespace	GA	✅	✅	✅
Add your namespaces with HNS	GA	✅	✅	✅
Provide access to your team	GA	✅	✅	✅
Onboarding: ask for further privileges	GA	✅	✅	✅
Setting Grafana Alerting	GA	✅	✅	✅
Simplified services for application exposition	GA	✅	✅	✅
Stop & Start your AKS cluster	EA	✅	✅	✅
Use Gitops to deploy your workload	EA	❌	❌	✅
Manage Nodepool	Soon	❌	❌	❌
Manage Cluster	Soon	❌	❌	❌

Observability

Features	Maturity	Discover	Innovate	Industrialize
Cluster Monitoring with Grafana	GA	✅	✅	✅
Datadog dual shipping	SOON	❌	❌	✅
Centralized Monitoring for AKS	Soon	❌	❌	✅

Security

Features	Maturity	Discover	Innovate	Industrialize
Automatic AKS Operating System Nodes upgrade	Deprecated	❌	❌	❌
Automatic AKS upgrade	EA	✅	✅	✅
Automatic Backup with Velero	GA	✅	✅	✅
BSS helper	GA	✅	✅	✅
Enforcing Policies with OPA Gatekeeper	GA	✅	✅	✅
Managed Network Security Groups	GA	✅	✅	✅
Pod to Pod Encryption with Linkerd	GA	✅	✅	✅
Trusted image registries	GA	❌	❌	✅
Web application firewall with ModSecurity	GA	✅	✅	✅

Corporate Add-on

Features	Maturity	Discover	Innovate	Industrialize
Access to corporate add-on application from RIE	GA	✅	✅	✅
Access to corporate add-on application from TNAP	GA	✅	✅	✅
Corporate Add-on	GA	✅	✅	✅
Exposing your corporate add-on application using Thales private domain	GA	✅	✅	✅

Confidential Add-on

Features	Maturity	Discover	Innovate	Industrialize
Data encryption with Confidential Addon (by Ciphertrust)	EA	❌	❌	✅

Access Management

Features	Maturity	Discover	Innovate	Industrialize
Built-in roles base access with Thales identity	GA	✅	✅	✅
Built-in SSO for Thales employees (Oauth2)	Deprecated	❌	❌	❌
Private application exposition with Nginx	GA	✅	✅	✅
SSO New Generation with Pomerium	GA	✅	✅	✅
TLS Certificate generation with Let's encrypt	GA	✅	✅	✅
Workload Identity integration	Explorer	✅	✅	✅

Performance

Features	Maturity	Discover	Innovate	Industrialize
Available Azure Region	GA	✅	✅	✅
GPU for compute-intensive workloads	Explorer	✅	✅	✅
Prioritize your workloads with priorityClassName	GA	✅	✅	✅
Supported AKS VM types	GA	✅	✅	✅
Azure NAT Gateway Support	EA	❌	❌	✅
SPLIT AKS nodepool	SOON	❌	✅	✅

Storages

Features	Maturity	Discover	Innovate	Industrialize
Persist data for your applications	GA	✅	✅	✅

Cost Optimization

Features	Maturity	Discover	Innovate	Industrialize
Cost Optimization Feature	EA	✅	✅	✅
Dynamically scale your workload with Keda	Explorer	❌	❌	✅
Estimate and monitor your cloud spending.	GA	✅	✅	✅
Use spot Instances	Explorer	❌	❌	✅

Customization

Features	Maturity	Discover	Innovate	Industrialize
Additional Windows Node pool	EA	❌	❌	✅
Bring your own DNS domain	GA	❌	❌	✅
Deploy CustomResourceDefinition,ClusterRole and Operators	EA	❌	❌	✅

Network

Features	Maturity	Discover	Innovate	Industrialize
Azure CNI Overlay	Explorer	❌	❌	✅

EA:Early Access, GA:General Availability, SOON: feature is released but not available for production

Tutorial & Learning Section

Access to k8saas

• Access to k8saas from any device
• Get k8saas technical account (aka service account kubeconfig) #Deprecated from Copernic 3.8
• K8SaaS Service account by Trustnest IAM
• Use Azure/kubelogin with k8saas

Develop with k8saas

• Kubernetes alternatives to docker commands
• Use k8saas with Visual Studio Code & Bridge to Kubernetes

Write a Dockerfile

• Best practices 1 from jkutner

From Docker to Kubernetes / Use Kubernetes patterns

• Create your first Helm Charts
• Setup pod requests, limits and QoS
• Secure your containers with Thales Container Base Images
• Import your own certificate
• Specifying a Disruption Budget for your Application
• Using Sops to encrypt and manage secrets
• Discover the Kubernetes Networking concept

Use CI/CD with k8saas

• Use a Service account to deploy in a CI/CD
• Reuse default CI/CD pipeline - app-sample #Outdated
• Secure Deployment With Coverity

Integrate k8saas with other trustnest services

• Use Trustnest Software Factory with k8saas

Integrate k8saas with other cloud services

• Use k8saas with azure bastion
• Use k8saas with a managed database

Use Project Pack (explorer)

• Installation of a Web Application with k8saas and DBaas

Professional & Managed Services

• Vulnerability Management
• Understand the support organization & ticketing SLA
• Get the k8saas service status
• Discover the next breaking changes
• Raise a ticket to the support

Explore k8saas community

• Thales Innersource - Hello world using WAF, SSO, persistent storage and more...
• Warp10/SensX - GeoMap Series
• Punch Platform - real-time custom parsing

How to find out more about k8saas ?

• Have a look at our BLOG
• Product Owner contact
• 24/5 support

Contribution Guide

• Artifactory documentation
• Follow k8saas Code Quality Process
• Python projects documentation

Troubleshooting

• Alert Referential
• Azure roundTripper error after MFA
• Back-off pulling image registry.thalesdigital.io
• Cert Manager