This repository serves as an entry-point for multiple community-maintained components in the Kubermatic ecosystem. Feedback is highly encouraged đź‘Ť
Dedicated components for customer purposes.
| Name | Description |
|---|---|
| Overview Manage Cluster via API/Cluster CRD with GitOps Tooling | |
| api/cluster-management-by-api | Bash based management scripts to specify your KKP cluster by API for CI/CD or GitOPs purposes, see Cluster Provisioning by API via Bash/Curl. |
| api/terraform-kkp-cluster-provider | Terraform based management of KKP user cluster for GitOps, see KKP Terraform REST Provider. |
| api/cluster-management-by-crds | Management of KKP user cluster via Cluster or ClusterTemplate objects as .yaml files for GitOps, see Cluster management for KKP with Cluster CRDs |
| certificates/self-signed-ca | How to create and managed self-signed CA at KKP |
| controllers/aws-private-ip-enforce-controller | Enforces the assignPublicIP: false flag on all user cluster machine deployments |
| controllers/component-override-controller | This bash-controller watches over Cluster objects and controls part of the spec.componentOverride. |
| controllers/external-dns-route53 | external-dns is a controller that automatically creates dns records for your ingresses and loadbalancer services. This is a chart that deploys an opinionated configuration for working with AWS Route 53 |
| controllers/pod-cidr-controller | This bash-controller watches over Cluster objects and patches spec.clusterNetwork.pods.cidrBlocks |
| cron-jobs/scale-down | running a cron job that scales down worker nodes during non work hours and weekends. |
| id-management/active-directory | Example how to configure KKP with Active Directory |
| id-management/openldap | Helm based OpenLDAP setup to deploy a indipendent LDAP server into Kubernetes for testing purposes |
| id-management/keycloak | Example on how to configure and integrate KeyCloak setup as custom OIDC provider into Kubermatic KKP |
| loadbalancers/metallb | Example config for MetalLB what aims to redress this imbalance by offering a Network LB implementation that integrates with standard network equipment |
| logging/audit/static-audit-log | Description how static audit logging could get configured |
| vm-images/packer-ubuntu1804-vsphere-template | A packer template to customize an ubuntu 18.04 cloud-image on vSphere |
| s3/s3-syncer-aws-cli | s3-syncer based CronJob on the aws s3 cli to sync two different S3 locations as well Azure (by Minio Azure Gateway) |
| s3/s3-dbdump-syncer | s3-syncer based CronJob creates a DB dump of a postgres SQL database and sync it via the aws s3 cli to a target S3 location. |
| vmware-exporter | Helm chart for VMware Exporter and Dashboard for Prometheus and Grafana for monitoring of vSphere environments in the KKP MLA stack. |
| nutanix-exporter | Helm chart for nutanix-exporter - exporter for Prometheus that can be used for monitoring of Nutanix-based environments. |
| user-cluster-alertmanager-alerts | Set of user-cluster alert rules for usage with User-Cluster MLA. See cluster-mamangement-by-api to deploy Alertrules programatically. |
| user-cluster-grafana-dashboards | Set of user-cluster grafana dashboards for usage with User-Cluster MLA. |
| Name | Description |
|---|---|
| vSphere kubeOne / Kubermatic demo | an example for running kubermatic on vSphere with kubeOne to install the |
| AWS EKS -D kubeOne demo | an example for creating a Cluster running Amazon EKS-D |
| Bare Metal - KubeOne Static Hosts | Example how to managed static bare metal workers. The "bare metal" workers are simulated with vSphere by terraform automation |
| Bare Metal - KKP and kubeadm join implementation examples | Example how to use kubeadm to join the KKP managed controlplan: 1 Manual Example, 2 SSH Multi Client join script |
| Baremetal node provisioning with OSM | This method allows you to provision a baremetal machine as a Kubernetes node, using the provisioning logic of OSM as provided by the specific OSP. |
Configuration and tooling for common used KKP - Guides - Addon for user cluster customization.
| Name | Description |
|---|---|
| Makefile | Wrapper for building KKP addons for a dedicated version |
| addon-manifests | Holding the AddonConfig custom resource specifications for a set of addons to configure KKP UI |
| custom-addon/dns-resolve-overwrite | A DaemonSet with privileged permissions to overwrite the host DNS at the kubernetes nodes |
| custom-addon/echoserver | Simple echo server application as an example workload deployment with ingress config |
| custom-addon/ingress-nginx | Deploys the Ingress Nginx Controller to the user cluster |
| custom-addon/trident-installer | Addon for NetApp Trident storage support into a user cluster |
| custom-addon/openebs | OpenEBS addon for on-premise users without distributed storage |
| custom-addon/amd-gpu | AMD-GPU device plugin addon |
| custom-addon/kubeflow | Kubeflow Machine Learning Toolkit |
| custom-addon/ntp-sync | DaemonSet to execute ntpdate primary secondary scheduled on every node of a cluster |
| custom-addon/docker-pull | DaemonSet to pull e.g. docker.io based images on every node with a docker-secret, to prevent rate-limited infrastructure pods. |
| custom-addon/flux2 | Deploys Flux for keeping your Kubernetes clusters in sync with sources of configuration (like Git repositories). |
| custom-addon/argocd | Deploys ArgoCD - a declarative, GitOps continuous delivery tool for Kubernetes (as high availability installation). |
| ------- ARCHIVED --- | |
| custom-addon/helm-operator | Deploys the FluxCD - Helm Operator for managing additional deployment trough Helm by CRD |
| custom-addon/loki-stack | (Requires Helm Operator) Add Grafana Loki stack based on Grafana Loki Charts |
| custom-addon/theia-ide | Customized KKP addon for quickly using Eclipse Theia IDE at your Kubernetes cluster. |
| custom-addon/metallb | MetalLB cluster addon for on-premise user cluster without native LB support |
| custom-addon/metallb-v2 | MetalLB cluster addon for on-premise user cluster without native LB support - with advanced config options, see MetalLB - Configuration. Used if IP range config is not enough. |
| custom-addon/archive/kube-proxy-ipvs-patch | Custom overwrite Addon to patch IPVS mode to strictARP: true. |
Configuration and tooling for common used KKP - Guides - Application for user cluster customization.
| Name | Description |
|---|---|
| README.md - Values | Sample values yaml for the Applications |
| argocd-app | Argo CD - Declarative Continuous Delivery for Kubernetes. |
| echoserver-app | Echo Server Example App |
| eclipse-che-app | Preconfigured Eclipse Che IDE App |
| external-dns-app | Using externalDNS to manage DNS Entries in an automated way in scope of an KKP user cluster |
| flux2-app | Flux GitOps sync tool for application deployment |
| harbor-app | Harbor App for user Clusters |
| sysdig-secure-app | Sysdig Secure Integration for KKP User Clusters |
| hivemq-app | HiveMQ Operator App to manage HiveMQ clusters in KKP user clusters |
Some useful containers to work with KubeOne and KKP
| Name | Description |
|---|---|
| kubeone-tool-container | A docker container with various tools to work with KubeOne and Kubernetes |
| kubermatic-dev-ui | Complete DEV UI Container including KubeOne and various tools to work with KubeOne, KKP and Kubernetes via a Frontend UI |
List of helper scripts and tools
| Name | Description |
|---|---|
| git-crypt | git-crypt is a tooling to encrypt git repositories based GPG keys |
| kubeone-makefile | Contains a template Makefile to manage KubeOne deployments |
| kubermatic-installer-script | Contains a standalone usage of kubermatic - deploy.sh repo installation script for own installations. |
| kubermatic-makefile | Contains a template Makefile to manage kubermatic deployments |
| ssh-debug | SSH Debug Client for quickly ssh to nodes in an internal network |
| vault/vault-k8s-mapper | Maps Vault secret as native Kubernetes secret into a defined namespace/secret. |
| vault/vault-kv-management.sh | Management script to up/download secrets to a vault secret kv store. |
| delete-evicted-pods-all-ns.sh | Deletes pods in state evicted |
| headless.vnc.test.container.yaml | docker-headless-vnc-container container containing Linux UI exposed via webvnc for testing e.g. dashboards from internal cluster view |
| kill-kube-ns.sh | kills a pending kubernetes namespace |
| kube-node-cleanup.sh | cleanup a kubernetes node with some potential leftovers |
| kubeconfig-kubermatic-serviceaccount.sh | creates an kubermatic service account at an seed cluster |
| machinedeployment-patch.gce.sh | Scripts patches some specification of an Cluster API MachineDeployment object. |
| set-build-tags-to-image.sh | Set dedicated build tags to the Kubermatic Charts |
| untaint_master.sh | untaints all master nodes, to be able to schedule workload |
| bash-port-scanner.sh | A Bash bases Port-Scanner which is able to scan ports without any dependencies or tools like nmap |
| pvc.test.yaml | small pod + pvc to test if storage provisioning works |
| refresh-all-service-accounts-in-cluster.sh | script to refresh all service accounts token (stored as secrets) and restart dependent pods semi-automatic |
| local-connect-k8s-services.sh | A small helper script to kubectl port-forward a handful of service, in the example the typical MLA services prometheus, grafana, alertmanager |
| ssh-jumphosts-template.sh | Template to create a jumphost script with predefined enviroments. |
| Infrastructure benchmarking | Documentation on how to benchmark various infrastrucutre elements used for hosting a kubernetes cluster. |
| KKP Project Viewer Service Account | Adding a service account with view-only rights to your KKP Master Cluster |
Helpful how-tos and detailed documentation:
| Name | Description |
|---|---|
| setup-checklist/kkp | Detailed requirement documentation to setup Kubermatic KKP at different environments |
| setup-checklist/kubeone | Detailed requirement documentation to setup KubeOne at different environments |
| how-to-convert-to-docx | Commands to convert markdown to docx |
| migrate-helm2-to-helm3 | This document shows you how to migrate Heml releases from using Helm version 2.x with Tiller to being managed by Helm version 3.x in place. |
| node-health-check | This doc describes how Kubermatic node health checks works |
| nvidia-gpu-operator | How to enable GPU support for KKP clusters by NVIDIA - GPU Operator |
| offline-setup | How to run kubermatic in offline environments |
| upload-ova-with-govc | How to upload ova by using govc |
| how-to-collect-cluster-cpu-memory.md | How to collect the provisioned CPU/Memory of Kubernetes Clusters |
Guides how to operate KubeOne / KKP.
| Name | Description |
|---|---|
| metallb-service-connection-drops-ipvs-strict-arp | Connection Drops of Service Type LoadBalancer provided by MetalLB. |
| user-cluster-prometheus.md | Crash Looping Prometheus at KKP user cluster namespace |
| manual-backup | How to create manual backup for your KKP/KubeOne setup. |
| k8s-kubeconfig-expiring-failure.md | Expiring kubeconfig client certificate (at KubeOne Cluster example) |
If you encounter issues file an issue or talk to us on the #kubermatic channel on the Kubermatic Slack.
Thanks for taking the time to join our community and start contributing!
Feedback and discussion are available on #kubermatic channel.
- Please familiarize yourself with the Code of Conduct before contributing.
- See CONTRIBUTING.md for instructions on the developer certificate of origin that we require.
- We welcome pull requests. Feel free to dig through the issues and jump in.
See the list of releases to find out about feature changes.