Managed Kubernetes Public Documentation Portal
Description
Trustnest Managed Kubernetes (k8saas) is a service of the Thales Digital Platform (TDP).
K8saas aims to provide a service to run applications in development and production while minimizing operational costs while respecting high security constraints.
MCS Chatbot
The MCS chatbot is a helpful tool for quickly finding information in our documentations. However, since it uses generative AI, the information it provides may not always be 100% accurate and should be double-checked with the official documentation.
By including the 'k8saas' keyword in your query, you'll only search through the k8saas public documentation !
Did you try our chatbot at the bottom-right corner of the screen ? ↘
References
- Artificial Intelligence: MYDATAMODEL
- Drone Operation: ScaleFlyt
- Thales Corporate Engineering Environment: TDP Software Factory
- New intelligent planning tool for shipyards: Refit Optimizer
- Real-Time Data Integration and Processing Nexus for Adaptive C2 Systems: Sensor Hub
- Extend elasticsearch/opensearch capability with Trustnest Knowledge Search
Getting Started
First ask for a cluster creation using Thales postit portal.
If you are not familiar with this new portal, please let yourself be guided here_
Then look at our GETTING STARTED documentation.
You want to use k8saas from example ? --> discover multiple hello worlds projects like using WAF, SSO, persistent storage and more...
Features
Self-Service
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Add service account to your namespace | GA | ✅ | ✅ | ✅ |
Add your namespaces with HNS | GA | ✅ | ✅ | ✅ |
Provide access to your team | GA | ✅ | ✅ | ✅ |
Onboarding: ask for further privileges | GA | ✅ | ✅ | ✅ |
Setting Grafana Alerting | GA | ✅ | ✅ | ✅ |
Simplified services for application exposition | GA | ✅ | ✅ | ✅ |
Stop & Start your AKS cluster | EA | ✅ | ✅ | ✅ |
Use Gitops to deploy your workload | EA | ❌ | ❌ | ✅ |
Observability
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Cluster Monitoring with Grafana | GA | ✅ | ✅ | ✅ |
Centralized and dedicated log with Log analytics | GA | ✅ | ✅ | ✅ |
Role Base access report | Deprecated | ❌ | ❌ | ❌ |
Security
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Automatic AKS Operating System Nodes upgrade | Deprecated | ❌ | ❌ | ❌ |
Automatic AKS upgrade | EA | ✅ | ✅ | ✅ |
Automatic Backup with Velero | GA | ✅ | ✅ | ✅ |
BSS helper | GA | ✅ | ✅ | ✅ |
Enforcing Policies with OPA Gatekeeper | GA | ✅ | ✅ | ✅ |
Managed Network Security Groups | GA | ✅ | ✅ | ✅ |
Pod to Pod Encryption with Linkerd | GA | ✅ | ✅ | ✅ |
Trusted image registries | GA | ❌ | ❌ | ✅ |
Web application firewall with ModSecurity | GA | ✅ | ✅ | ✅ |
Corporate Add-on
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Access to corporate add-on application from RIE | GA | ✅ | ✅ | ✅ |
Access to corporate add-on application from TNAP | GA | ✅ | ✅ | ✅ |
Corporate Add-on | GA | ✅ | ✅ | ✅ |
Exposing your corporate add-on application using Thales private domain | GA | ✅ | ✅ | ✅ |
Confidential Add-on
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Data encryption with Confidential Addon (by Ciphertrust) | EA | ❌ | ❌ | ✅ |
Access Management
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Built-in roles base access with Thales identity | GA | ✅ | ✅ | ✅ |
Built-in SSO for Thales employees (Oauth2) | Deprecated | ❌ | ❌ | ❌ |
Private application exposition with Nginx | GA | ✅ | ✅ | ✅ |
SSO New Generation with Pomerium | GA | ✅ | ✅ | ✅ |
TLS Certificate generation with Let's encrypt | GA | ✅ | ✅ | ✅ |
Workload Identity integration | Explorer | ✅ | ✅ | ✅ |
Performance
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Available Azure Region | GA | ✅ | ✅ | ✅ |
GPU for compute-intensive workloads | Explorer | ✅ | ✅ | ✅ |
Prioritize your workloads with priorityClassName | GA | ✅ | ✅ | ✅ |
Supported AKS VM types | GA | ✅ | ✅ | ✅ |
Azure NAT Gateway Support | EA | ❌ | ❌ | ✅ |
Storages
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Persist data for your applications | GA | ✅ | ✅ | ✅ |
Cost Optimization
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Cost Optimization Feature | EA | ✅ | ✅ | ✅ |
Dynamically scale your workload with Keda | Explorer | ❌ | ❌ | ✅ |
Estimate and monitor your cloud spending. | GA | ✅ | ✅ | ✅ |
Scheduled AKS Scaling | EA | ✅ | ✅ | ✅ |
Use spot Instances | Explorer | ❌ | ❌ | ✅ |
Customization
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Additional Windows Node pool | EA | ❌ | ❌ | ✅ |
Bring your own DNS domain | GA | ❌ | ❌ | ✅ |
Deploy CustomResourceDefinition,ClusterRole and Operators | EA | ❌ | ❌ | ✅ |
Advanced Observability Stack
Features | Maturity | Discover | Innovate | Industrialize |
---|---|---|---|---|
Transversal Observability Stack and Log sink | Explorer | ❌ | ❌ | ✅ |
EA:Early Access, GA:General Availability
Tutorial & Learning Section
Access to k8saas
- Access to k8saas from any device
- Get k8saas technical account (aka service account kubeconfig) #Deprecated from Copernic 3.8
- K8SaaS Service account by Trustnest IAM
- Use Azure/kubelogin with k8saas
Develop with k8saas
- Kubernetes alternatives to docker commands
- Use k8saas with Visual Studio Code & Bridge to Kubernetes
Write a Dockerfile
From Docker to Kubernetes / Use Kubernetes patterns
- Create your first Helm Charts
- Setup pod requests, limits and QoS
- Secure your containers with Thales Container Base Images
- Import your own certificate
- Specifying a Disruption Budget for your Application
- Using Sops to encrypt and manage secrets
- Discover the Kubernetes Networking concept
Use CI/CD with k8saas
- Use a Service account to deploy in a CI/CD
- Reuse default CI/CD pipeline - app-sample #Outdated
- Secure Deployment With Coverity
Integrate k8saas with other trustnest services
Integrate k8saas with other cloud services
Use Project Pack (explorer)
Professional & Managed Services
- Vulnerability Management
- Understand the support organization & ticketing SLA
- Get the k8saas service status
- Discover the next breaking changes
- Raise a ticket to the support
Explore k8saas community
- Thales Innersource - Hello world using WAF, SSO, persistent storage and more...
- Warp10/SensX - GeoMap Series
- Punch Platform - real-time custom parsing
How to find out more about k8saas ?
- Have a look at our BLOG
- Product Owner contact
- 24/5 support