Managed Kubernetes Public Documentation Portal
Description
K8saas aims to provide a service to run applications in development and production while minimizing operational costs while respecting high security constraints.
References
- Artificial Intelligence: MYDATAMODEL
- Drone Operation: ScaleFlyt
- Thales Corporate Engineering Environment: TDP Software Factory
- New intelligent planning tool for shipyards: Refit Optimizer
- Real-Time Data Integration and Processing Nexus for Adaptive C2 Systems: Sensor Hub
- Extend elasticsearch/opensearch capability with Trustnest Knowledge Search
Getting Started
First ask for a cluster creation using Thales postit portal.
If you are not familiar with this new portal, please let yourself be guided here_
Then look at our GETTING STARTED documentation.
tip
You want to use k8saas from example ? --> discover multiple hello worlds projects like using WAF, SSO, persistent storage and more...
Features
Self-Service
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Add service account to your namespace | GA | ✅ | ✅ | ✅ |
| Add your namespaces with HNS | GA | ✅ | ✅ | ✅ |
| Provide access to your team | GA | ✅ | ✅ | ✅ |
| Onboarding: ask for further privileges | GA | ✅ | ✅ | ✅ |
| Setting Grafana Alerting | GA | ✅ | ✅ | ✅ |
| Simplified services for application exposition | GA | ✅ | ✅ | ✅ |
| Stop & Start your AKS cluster | EA | ✅ | ✅ | ✅ |
| Use Gitops to deploy your workload | EA | ❌ | ❌ | ✅ |
| Manage Nodepool | Soon | ❌ | ❌ | ❌ |
| Manage Cluster | Soon | ❌ | ❌ | ❌ |
Observability
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Cluster Monitoring with Grafana | GA | ✅ | ✅ | ✅ |
| Datadog dual shipping | SOON | ❌ | ❌ | ✅ |
| Centralized Monitoring for AKS | Soon | ❌ | ❌ | ✅ |
Security
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Automatic AKS upgrade | EA | ✅ | ✅ | ✅ |
| Automatic Backup with Velero | GA | ✅ | ✅ | ✅ |
| BSS helper | GA | ✅ | ✅ | ✅ |
| Enforcing Policies with OPA Gatekeeper | GA | ✅ | ✅ | ✅ |
| Managed Network Security Groups | GA | ✅ | ✅ | ✅ |
| Pod to Pod Encryption with Linkerd | GA | ✅ | ✅ | ✅ |
| Trusted image registries | GA | ❌ | ❌ | ✅ |
| Web application firewall with ModSecurity | GA | ✅ | ✅ | ✅ |
Corporate Add-on
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Access to corporate add-on application from RIE | GA | ✅ | ✅ | ✅ |
| Access to corporate add-on application from TNAP | GA | ✅ | ✅ | ✅ |
| Corporate Add-on | GA | ✅ | ✅ | ✅ |
| Exposing your corporate add-on application using Thales private domain | GA | ✅ | ✅ | ✅ |
Confidential Add-on
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Data encryption with Confidential Addon (by Ciphertrust) | EA | ❌ | ❌ | ✅ |
Access Management
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Built-in roles base access with Thales identity | GA | ✅ | ✅ | ✅ |
| Private application exposition with Nginx | GA | ✅ | ✅ | ✅ |
| SSO New Generation with Pomerium | GA | ✅ | ✅ | ✅ |
| TLS Certificate generation with Let's encrypt | GA | ✅ | ✅ | ✅ |
| Workload Identity integration | Explorer | ✅ | ✅ | ✅ |
Performance
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Available Azure Region | GA | ✅ | ✅ | ✅ |
| GPU for compute-intensive workloads | Explorer | ✅ | ✅ | ✅ |
| Prioritize your workloads with priorityClassName | GA | ✅ | ✅ | ✅ |
| Supported AKS VM types | GA | ✅ | ✅ | ✅ |
| Azure NAT Gateway Support | EA | ❌ | ❌ | ✅ |
| SPLIT AKS nodepool | SOON | ❌ | ✅ | ✅ |
Storages
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Persist data for your applications | GA | ✅ | ✅ | ✅ |
Cost Optimization
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Cost Optimization Feature | EA | ✅ | ✅ | ✅ |
| Dynamically scale your workload with Keda | Explorer | ❌ | ❌ | ✅ |
| Estimate and monitor your cloud spending. | GA | ✅ | ✅ | ✅ |
| Use spot Instances | Explorer | ❌ | ❌ | ✅ |
Customization
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Additional Windows Node pool | EA | ❌ | ❌ | ✅ |
| Bring your own DNS domain | GA | ❌ | ❌ | ✅ |
| Deploy CustomResourceDefinition,ClusterRole and Operators | EA | ❌ | ❌ | ✅ |
Network
| Features | Maturity | Discover | Innovate | Industrialize |
|---|---|---|---|---|
| Azure CNI Overlay | Explorer | ❌ | ❌ | ✅ |
EA:Early Access, GA:General Availability, SOON: feature is released but not available for production
Tutorial & Learning Section
Access to k8saas
- Access to k8saas from any device
- K8SaaS Service account by Trustnest IAM
- Use Azure/kubelogin with k8saas
Develop with k8saas
- Kubernetes alternatives to docker commands
- Use k8saas with Visual Studio Code & Bridge to Kubernetes
- Exec a pod with a shell in kubernetes
Write a Dockerfile
From Docker to Kubernetes / Use Kubernetes patterns
- Create your first Helm Charts
- Setup pod requests, limits and QoS
- Secure your containers with Thales Container Base Images
- Import your own certificate
- Specifying a Disruption Budget for your Application
- Using Sops to encrypt and manage secrets
- Discover the Kubernetes Networking concept
Use CI/CD with k8saas
- Use a Service account to deploy in a CI/CD
- Reuse default CI/CD pipeline - app-sample #Outdated
- Secure Deployment With Coverity
Integrate k8saas with other trustnest services
Integrate k8saas with other cloud services
Use Project Pack (explorer)
Professional & Managed Services
- Vulnerability Management
- Understand the support organization & ticketing SLA
- Discover the next breaking changes
- Raise a ticket to the support
Explore k8saas community
- Thales Innersource - Hello world using WAF, SSO, persistent storage and more...
- Punch Platform - real-time custom parsing
How to find out more about k8saas ?
- Have a look at our BLOG
- Product Owner contact