The release of the free PaaS platform Cozystack 0.20.0, built on Kubernetes, has been published. The project is aimed at providing a ready-made platform for hosting providers and a framework for building private and public clouds. The platform is installed directly on servers and covers all aspects of preparing infrastructure for the provision of managed services. Cozystack allows you to run and provision Kubernetes clusters, databases, and virtual machines. The platform code is available on GitHub and is distributed under the Apache-2.0 license.
Talos Linux and Flux CD are used as the base technology stack. Images with the system, kernel and necessary modules are generated in advance and updated atomically, which allows you to do without components such as dkms and a package manager and guarantee stable operation. Provides a simple installation method in an empty data center using PXE and the Debian-like talos-bootstrap installer.
The platform includes a free implementation network infrastructure (fabric) based on Kube-OVN, and uses Cilium for service mesh organization and MetalLB for service advertising. Storage is implemented on LINSTOR, which uses ZFS as the underlying storage layer and DRBD for replication. A pre-configured monitoring stack based on VictoriaMetrics and Grafana is included. To launch virtual machines KubeVirt technology is used, which allows you to run classic virtual machines directly in Kubernetes containers and already has all the necessary integrations with the Cluster API for launching managed Kubernetes clusters inside a hardware Kubernetes cluster.
Major changes:
- Kube-OVN has been updated to version 0.13.0.
- Improved KubeVirt CCM (Cloud Controller Manager) logic, now the platform provides more stable balancers for tenant-Kubernetes.
- Resolved issues with user rights in OIDC.
- Added group for cluster administrator.
- Fixed alerts and dashboards in Grafana.
- NATS gained the ability to enable jetstream and pass configuration.
- Added the ability to use Terraform to interact with the platform API.
The previous release of Cozystack 0.19 implemented support for OIDC (OpenID Connect), but due to the work on stabilizing the code base, this release was not announced separately. Now, Keycloak is supplied with Cozystack, which automatically configures the Cozy realm, inside which you can create local users and configure communication with external OIDC providers. For each tenant, 4 default groups are provided, and in the tenant application, you can automatically download a generated kubeconfig file, which is configured for authentication via Keycloak. The ability to configure "Keycloak as Code" is provided by implementing Keycloak Operator. Keycloak integration with the K8s cluster and Dashboard is configured automatically.
Source: opennet.ru
