Cluster
Cluster is the component of Common in charge of providing a company-wide Kubernetes Cluster.
Public Oath
Fluid Attacks will constantly look for new stack that simplifies serving applications to the Internet in a secure and automated manner.
Architecture
- The module is managed as code using Terraform.
- We have one Kubernetes cluster
called
common-k8s
that is shared by all the components. - The cluster is hosted on EKS by Amazon Web Services (AWS).
- The cluster is divided into namespaces,
which keep resources in isolation from other namespaces.
- The
default
namespace is unused, we try to put things into a namespace appropriate to the product. - The
dev
namespace currently holds the ephemeral environments of Integrates. - The
prod-integrates
namespace holds the production deployment of Integrates, and a Celery jobs server. - The
kube-system
namespace holds cluster-wide deployments for, load balancer, DNS, node termination handler, cloudflared, observability and autoscaler. - Other
kube-*
namespaces exist, but they are not used for anything at the moment.
- The
- Every namespace runs in a specific worker group whose physical machine instances run on EC2 by Amazon Web Services (AWS).
- The cluster spawns machines on all availability zones within
us-east-1
for maximum spot availability. - The cluster supports autoscaling based on several metrics like cpu consumption, memory consumption and queue size.
- It provides observability tools for debugging.
- It creates AWS application load balancers and Cloudflare DNS records for ingress resources.
- It supports a Cloudflare ZTNA tunnel that allows developers to access the AWS VPC via Cloudflare WARP.
- Developers can access the cluster via Okta for debugging.
Contributing
Please read the contributing page first.