diff --git a/README.md b/README.md index d1b607c..6c30624 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,95 @@ -# acme -"ACM Everywhere" - All of the Platform Infrastructure necessary to bring-up a managed service application +# ACME + +"ACM Everywhere" is a base platform of best practices, best-of-breed components, and common patterns using +[Advanced Cluster Management's](https://www.redhat.com/en/technologies/management/advanced-cluster-management) +declarative resource and application management technologies. + +Modern service architectures will span clusters and clouds with many different applications deployed across +environments that must be built, tested, progressively delivered, and supported by live SRE staff. ACMEverywhere helps managed this complexity +with declarative CRUD (Clusters, Resources, Users, and Deployments) that is infrastructure-as-code and delivered through pipelines. + +## Fully Declarative + +A live service represents both platform and business logic components. In fact, you have to bootstrap a *lot* of your +base platform before you can write any business logic that provides value. For example, a service would need, at a minimum, +a code repository and a build system, an image repository, some fleet of clusters to deploy to complete with peering and properly secure networking, +an Identity Provider to manage access to your clusters, something to orchestrate your deployments throughout your fleet, Vault to manage secrets, +and more. You haven't gotten to any business logic yet. + +### CRUD: Clusters, Resources, Users, Deployments + +#### Clusters + +CAPI provides the building blocks for declaring a fleet + +`Cluster` - top-level Kind that declares your cluster, its network config, and its control plane and worker nodes. + +TODO: Research and Replace with OpenShift/HCP equivalents -- `AWSCluster`, `KubeadmControlPlane`, `MachineDeployment`, `AWSMachineTemplate`. See [example](generated-examples/capi-int-cluster-example.yaml). + +`Peering` -- describes relationships and networking between clusters, implemented using such things as VPCs and PrivateLinks and the equivalents across cloud providers. + +TODO: Research and define the schema for Peering (app-interface to start and/or community offering) + +`CloudAccount` -- cloud accounts own resources, including clusters and cloud resources. + +`ClusterAuthentication` -- a cluster's configured IDP and auth solution + +#### Resources + +<< Use Radius (or similar plugin architecture) to declare cloud resources (e.g, Postgres in RDS/Aurora/Pod) >> + +`CloudResource` -- a resource provided by a hyperscalar. Resources will follow plugins/interfaces/recipes so that a postgres +database is seamlessly provided by pods, AWS RDS instances, Azure Aurora, or any other flavor desired and implemented. + +CloudResources are deployed to specific Namespaces on Clusters + +`CloudAccount` -- cloud accounts own resources, including clusters and cloud resources. + +#### Users + +`IdentityProvider` -- an IDP secures access to all clusters, resources, and deployments. + +`User` -- Users are internal developers, engineers, and other SRE staff who managed the clusters, resources, and deployments. + +`Role`, `Permission`, `RoleBinding` -- full RBAC model to authorize Users to perform specific actions across clusters and deployments. + + +#### Deployments + +`ImageRegistry` -- an image registry to host container images, such as Quay, ACR, and ECR. + +`Build` -- the build system for service development, such as Konflux. + +`Repository` -- the repository for project source code, such as GitHub or GitLab. + +`Component` -- a specific piece of functionality, such as an individual microservice. + +`Application` -- a collection of components create an Application. + +`ComponentImageRegistry` -- a image registry configured for a specific component. + +`ComponentBuild` -- a build configured for a specific component. + +`ComponentRepository` -- a code repository configured for a specific component. + + +## Entity Relationship Diagram + +Draft (at best). Deployment section TDB based on Argo Rollouts. + +![ERD](the%20big%20erd.drawio.png ) + + + + + + + +### Users + +<< Explain IAM strategy. Keycloak, roles, permissions, etc. >> + +### Deployments + +<< Explain progressive delivery of deployments throughout the fleet with tests, soak time, and metrics >> + diff --git a/generated-examples/capi-int-cluster-example.yaml b/generated-examples/capi-int-cluster-example.yaml new file mode 100644 index 0000000..6da0f98 --- /dev/null +++ b/generated-examples/capi-int-cluster-example.yaml @@ -0,0 +1,143 @@ +# example generated by gemini +# integration-cluster.yaml +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: integration-cluster + namespace: default # Or your desired namespace +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + services: + cidrBlocks: + - 10.96.0.0/12 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: integration-cluster-kcp + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AWSCluster + name: integration-cluster-aws + +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AWSCluster +metadata: + name: integration-cluster-aws + namespace: default +spec: + region: us-east-1 # Change to your desired AWS region + sshKeyName: capi-key # Replace with your SSH key pair name in AWS + # You might want to define a specific VPC and subnets here, + # or let CAPI create them. For simplicity, we let CAPI create. + networkSpec: + cni: + cniPlugin: calico # Or cilium, amazon-vpc-cni, etc. + # We will let CAPI create a new VPC and subnets for simplicity. + # For production, you might want to reference existing network resources. + # vpc: + # id: vpc-xxxxxxxxxxxxxxxxx + # subnets: + # - id: subnet-xxxxxxxxxxxxxxxxx + # availabilityZone: us-east-1a + # - id: subnet-xxxxxxxxxxxxxxxxx + # availabilityZone: us-east-1b + # - id: subnet-xxxxxxxxxxxxxxxxx + # availabilityZone: us-east-1c +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: integration-cluster-kcp + namespace: default +spec: + replicas: 3 # For high availability in a medium-sized cluster + version: v1.28.3 # Specify your desired Kubernetes version + kubeadmConfigSpec: + clusterConfiguration: + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + scheduler: + extraArgs: + bind-address: 0.0.0.0 + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: aws + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: aws + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AWSMachineTemplate + name: integration-cluster-control-plane-machine-template +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AWSMachineTemplate +metadata: + name: integration-cluster-control-plane-machine-template + namespace: default +spec: + template: + spec: + instanceType: m5.xlarge # Medium size instance type + ami: + id: ami-0abcdef1234567890 # Replace with a valid CAPI-compatible Kubernetes AMI for your region and K8s version + sshKeyName: capi-key # Replace with your SSH key pair name +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: integration-cluster-md-0 + namespace: default +spec: + clusterName: integration-cluster + replicas: 3 # Starting with 3 worker nodes for a medium-sized cluster + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: integration-cluster-md-0-kct + clusterName: integration-cluster + version: v1.28.3 # Must match control plane Kubernetes version + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AWSMachineTemplate + name: integration-cluster-md-0-amt +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AWSMachineTemplate +metadata: + name: integration-cluster-md-0-amt + namespace: default +spec: + template: + spec: + instanceType: m5.xlarge # Medium size instance type for worker nodes + ami: + id: ami-0abcdef1234567890 # Replace with a valid CAPI-compatible Kubernetes AMI for your region and K8s version + sshKeyName: capi-key # Replace with your SSH key pair name +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: integration-cluster-md-0-kct + namespace: default +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: aws diff --git a/the big erd.drawio.png b/the big erd.drawio.png new file mode 100644 index 0000000..a6b11b5 Binary files /dev/null and b/the big erd.drawio.png differ