Kubernetes

AppDat Kubernetes #

AppDat’s “Dat Clusters” come bootstrapped with several applications that help streamline and secure the applications hosted within these AppDat managed Kubernetes clusters.

“Dat Clusters” can be operated across all major cloud service providers and on-premise data centers. “Dat Clusters” are provisioned and bootstrapped launch with an “Infrastructure-as-Code” (IAC) approach that automates the provisioning process for rapid scalability, but also provides a robust configuration management model for ensuring consistency and security of these clusters.

AppDat uses “KPT Packages” launch to perform application and service installs into the AppDat managed Kubernetes clusters. The source code for those packages is open source and available to review here launch .

Cluster Features #

The following sections detail the specific packages installed into a kubernetes cluster when configuring it as a “Dat Cluster”.

TLS/SSL - Cert Manager #

AppDat utilizes the open source, cert-manager launch application for the automatic provisioning and management of TLS certificates for all AppDat hosted applications.

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.

Logging - Fluent Bit #

Logging feature is under constructed and AppDat is moving to the Elastic Stack launch with Beats launch

AppDat utilizes the open source Fluent Bit launch application for log processing and forwarding.

Fluent Bit is an open source Log Processor and Forwarder which allows you to collect any data like metrics and logs from different sources, enrich them with filters and send them to multiple destinations. It’s the preferred choice for containerized environments like Kubernetes.

Edge Proxy - NGINX Ingress Controller #

AppDat utilizes the open source NGINX Ingress Controller launch application which is built around the Kubernetes Ingress resource launch using a ConfigMap launch to store the NGINX configuration.

This ingress controller is responsible for all client request traffic routing to AppDat hosted applications.

Authorization - Gatekeeper #

AppDat utilizes the open source Gatekeeper launch for performing ingress authorization validation. AppDat configures Gatekeeper policy via configuration files stored alongside the application source code repositories they apply too.

This allows AppDat to support declarative authorization policies for each individual application resource hosted on the platform.

Networking - Service Mesh #

Feature is currently being developed is not fully operational.

AppDat utilizes the open source Istio service mesh launch to transparently add capabilities like observability, traffic management and security, without adding those capabilities to each individual application’s source code.

Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes.