Managed Kubernetes Public Documentation Portal

Description

Trustnest Managed Kubernetes (k8saas) is a service of the Thales Digital Platform (TDP).

K8saas aims to provide a service to run applications in development and production while minimizing operational costs while respecting high security constraints.

References

• Artificial Intelligence: MYDATAMODEL
• Drone Operation: ScaleFlyt
• Thales Corporate Engineering Environment: TDP Software Factory
• New intelligent planning tool for shipyards: Refit Optimizer
• Real-Time Data Integration and Processing Nexus for Adaptive C2 Systems: Sensor Hub
• Extend elasticsearch/opensearch capability with Trustnest Knowledge Search

Getting Started

First ask for a cluster creation using Thales postit portal. If you are not familiar with this new portal, please let yourself be guided here

Then look at our GETTING STARTED documentation.

tip

You want to use k8saas from example ? --> discover multiple hello worlds projects like using WAF, SSO, persistent storage and more...

Features

Self-Service

Features	Maturity	Discover	Innovate	Industrialize
Add service account to your namespace	GA	✅	✅	✅
Add your namespaces with HNS	GA	✅	✅	✅
Provide access to your team	GA	✅	✅	✅
Onboarding: ask for further privileges	GA	✅	✅	✅
Setting Grafana Alerting	GA	✅	✅	✅
Simplified services for application exposition	GA	✅	✅	✅
Stop & Start your AKS cluster	EA	✅	✅	✅
Use Gitops to deploy your workload	EA	❌	❌	✅

Observability

Features	Maturity	Discover	Innovate	Industrialize
Cluster Monitoring with Grafana	GA	✅	✅	✅
Centralized and dedicated log with Log analytics	GA	✅	✅	✅
Role Base access report	Deprecated	❌	❌	❌

Security

Features	Maturity	Discover	Innovate	Industrialize
Automatic AKS Operating System Nodes upgrade	Deprecated	❌	❌	❌
Automatic Backup with Velero	GA	✅	✅	✅
BSS helper	GA	✅	✅	✅
Enforcing Policies with OPA Gatekeeper	GA	✅	✅	✅
Managed Network Security Groups	GA	✅	✅	✅
Trusted image registries	GA	❌	❌	✅
Pod to Pod Encryption with Linkerd	GA	✅	✅	✅
Web application firewall with ModSecurity	GA	✅	✅	✅

Corporate Add-on

Features	Maturity	Discover	Innovate	Industrialize
Access to corporate add-on application from RIE	GA	✅	✅	✅
Access to corporate add-on application from TNAP	GA	✅	✅	✅
Corporate Add-on	GA	✅	✅	✅
Exposing your corporate add-on application using Thales private domain	GA	✅	✅	✅

Confidential Add-on

Features	Maturity	Discover	Innovate	Industrialize
Data encryption with Confidential Addon (by Ciphertrust)	EA	❌	❌	✅

Access Management

Features	Maturity	Discover	Innovate	Industrialize
Built-in roles base access with Thales identity	GA	✅	✅	✅
Built-in SSO for Thales employees (Oauth2)	Deprecated	❌	❌	❌
Private application exposition with Nginx	GA	✅	✅	✅
SSO New Generation with Pomerium	GA	✅	✅	✅
TLS Certificate generation with Let's encrypt	GA	✅	✅	✅
Workload Identity integration	Explorer	✅	✅	✅

Performance

Features	Maturity	Discover	Innovate	Industrialize
Available Azure Region	GA	✅	✅	✅
GPU for compute-intensive workloads	Explorer	✅	✅	✅
Prioritize your workloads with priorityClassName	GA	✅	✅	✅
Supported AKS VM types	GA	✅	✅	✅
Azure NAT Gateway Support	EA	❌	❌	✅

Storages

Features	Maturity	Discover	Innovate	Industrialize
Persist data for your applications	GA	✅	✅	✅

Cost Optimization

Features	Maturity	Discover	Innovate	Industrialize
Cost Optimization Feature	EA	✅	✅	✅
Dynamically scale your workload with Keda	Explorer	❌	❌	✅
Estimate and monitor your cloud spending.	GA	✅	✅	✅
Scheduled AKS Scaling	EA	✅	✅	✅
Use spot Instances	Explorer	❌	❌	✅

Customization

Features	Maturity	Discover	Innovate	Industrialize
Additional Windows Node pool	EA	❌	❌	✅
Bring your own DNS domain	GA	❌	❌	✅
Deploy CustomResourceDefinition,ClusterRole and Operators	EA	❌	❌	✅

Advanced Observability Stack

Features	Maturity	Discover	Innovate	Industrialize
Transversal Observability Stack and Log sink	Explorer	❌	❌	✅

EA:Early Access, GA:General Availability

Tutorial & Learning Section

Access to k8saas

• Access to k8saas from any device
• Get k8saas technical account (aka service account kubeconfig) #Deprecated from Copernic 3.8
• K8SaaS Service account by Trustnest IAM
• Use Azure/kubelogin with k8saas

Develop with k8saas

• Kubernetes alternatives to docker commands
• Use k8saas with Visual Studio Code & Bridge to Kubernetes

Write a Dockerfile

• Best practices 1 from jkutner
• Best practices 2 from bitnami

From Docker to Kubernetes / Use Kubernetes patterns

• Create your first Helm Charts
• Setup pod requests, limits and QoS
• Secure your containers with Thales Container Base Images
• Import your own certificate
• Specifying a Disruption Budget for your Application
• Using Sops to encrypt and manage secrets
• Discover the Kubernetes Networking concept

Use CI/CD with k8saas

• Use a Service account to deploy in a CI/CD
• Reuse default CI/CD pipeline - app-sample #Outdated
• Secure Deployment With Coverity

Integrate k8saas with other trustnest services

• Use Trustnest Software Factory with k8saas

Integrate k8saas with other cloud services

• Use k8saas with azure bastion
• Use k8saas with a managed database

Use Project Pack (explorer)

• Installation of a Web Application with k8saas and DBaas

Professional & Managed Services

• Vulnerability Management
• Understand the support organization & ticketing SLA
• Get the k8saas service status
• Discover the next breaking changes
• Raise a ticket to the support

Explore k8saas community

• Thales Innersource - Hello world using WAF, SSO, persistent storage and more...
• Warp10/SensX - GeoMap Series
• Punch Platform - real-time custom parsing

How to find out more about k8saas ?

• Have a look at our BLOG
• Product Owner contact
• 24/5 support

Contribution Guide

• Artifactory documentation
• Follow k8saas Code Quality Process
• Python projects documentation

Troubleshooting

• Alert Referential
• Azure roundTripper error after MFA
• Back-off pulling image registry.thalesdigital.io
• Cert Manager