Welcome to the ITlusions Kubernetes (ITL.K8s) documentation repository. This repository serves as the central hub for all Kubernetes-related documentation, best practices, configurations, and operational guides.
- Quick Start
- Documentation Structure
- Storage Classes
- Authentication
- Getting Started
- Contributing
- Support
- π Read the Documentation Index - Start here for a complete overview
- π Set up GitHub Authentication - Configure cluster access
- πΎ Understand Storage Classes - Choose the right storage for your workloads
- οΏ½ Review Emergency Access - Understand break glass procedures
- οΏ½π οΈ Follow our Best Practices - Ensure production-ready deployments
| Resource | Description | Status |
|---|---|---|
| π Full Documentation | Complete documentation index | β Available |
| π Authentication Guide | GitHub OAuth setup for K8s access | β Available |
| πΎ Storage Classes | Storage configuration and selection guide | β Available |
| π¨ Emergency Access | Break glass procedures for critical incidents | β Available |
| ποΈ Architecture Diagrams | Infrastructure overview and patterns | π§ Coming Soon |
| π Monitoring Dashboards | Grafana dashboards and alerts | π§ Coming Soon |
ITL.K8s/
βββ README.md # This file - main entry point
βββ docs/
β βββ index.md # Complete documentation index
β βββ authentication/
β β βββ GITHUB_AUTHENTICATION.md # GitHub OAuth for Kubernetes
β β βββ EMERGENCY_ACCESS.md # Break glass emergency procedures
β βββ storageClasses/
β βββ README.md # Storage classes overview
β βββ ha-dbs-lh.yaml # High availability database storage
β βββ longhorn.yaml # Default distributed storage
β βββ longhorn-static.yaml # Simplified Longhorn storage
β βββ minio-data.yaml # MinIO object storage
β βββ nfs-csi.yaml # Network file system storage
β βββ openebs-hostpath.yaml # Local high-performance storage
β βββ local-storage.yaml # Manual provisioned storage
βββ [Additional directories as needed]
Our Kubernetes cluster provides multiple storage classes optimized for different workloads:
| Storage Class | Use Case | Performance | Availability | Documentation |
|---|---|---|---|---|
ha-dbs-lh |
ποΈ Production databases | High | Very High | Details |
longhorn |
π± General applications | High | High | Details |
openebs-hostpath |
β‘ High-performance apps | Very High | Medium | Details |
nfs-csi |
π€ Shared volumes | Medium | High | Details |
π Complete Storage Classes Guide
# For databases (PostgreSQL, MySQL, MongoDB)
kubectl apply -f - <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: database-storage
spec:
accessModes: [ReadWriteOnce]
storageClassName: ha-dbs-lh
resources:
requests:
storage: 10Gi
EOF
# For applications
kubectl apply -f - <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: app-storage
spec:
accessModes: [ReadWriteOnce]
storageClassName: longhorn
resources:
requests:
storage: 5Gi
EOFWe use GitHub OAuth for Kubernetes cluster authentication through Keycloak:
- β Single Sign-On: Use your GitHub credentials
- β Team-based Access: GitHub teams β Kubernetes RBAC
- β Centralized Management: All access through Keycloak
- β Audit Trail: Complete authentication logging
π Setup GitHub Authentication
When normal authentication fails, we provide tiered emergency access:
- Emergency Keycloak Accounts: Local admin accounts in Keycloak (fastest)
- Node-stored Configuration: Emergency kubeconfig on control plane nodes
- Vault Backup: Final fallback through HashiCorp Vault
π Emergency Access Procedures
# Check your current authentication
kubectl auth whoami
# Login with GitHub (via Keycloak)
kubectl oidc-login
# Verify your permissions
kubectl auth can-i get pods --namespace=default- Setup Access: Follow the GitHub Authentication Guide
- Choose Storage: Use the Storage Classes Guide
- Deploy Applications: Follow our deployment best practices
- Monitor: Use our monitoring dashboards
- Read Full Documentation: Start with docs/index.md
- Understand Architecture: Review infrastructure patterns
- Configure Security: Implement RBAC and network policies
- Setup Monitoring: Deploy observability stack
- CI/CD Integration: Setup GitHub Actions with OIDC
- GitOps Workflows: Configure ArgoCD deployments
- Security Policies: Implement Pod Security Standards
- Disaster Recovery: Setup backup and recovery procedures
- Use
ha-dbs-lhstorage class for production databases - Implement network policies for pod-to-pod communication
- Regular security audits and compliance checks
- Principle of least privilege for RBAC
- Choose appropriate storage classes for workload requirements
- Monitor resource usage and set appropriate limits
- Use horizontal pod autoscaling where applicable
- Optimize container images for faster startup
- Right-size storage volumes and compute resources
- Use spot instances where appropriate
- Regular cleanup of unused resources
- Monitor and optimize cluster utilization
- Follow GitOps practices for all deployments
- Implement comprehensive monitoring and alerting
- Document all customizations and configurations
- Regular backup and disaster recovery testing
| Issue Type | Contact Method | Response Time |
|---|---|---|
| Emergency | Matrix: #platform-emergency |
Immediate |
| General Questions | Matrix: #kubernetes-help |
Same day |
| Documentation | GitHub Issues | 1-2 days |
| Feature Requests | GitHub Issues | Weekly review |
- Platform Team: Overall cluster management and infrastructure
- Security Team: Security policies and compliance
- DevOps Team: CI/CD and deployment automation
- Cluster Dashboard: https://dashboard.dev.itlusions.com
- Grafana Monitoring: https://grafana.dev.itlusions.com
- ArgoCD GitOps: https://argocd.dev.itlusions.com
- Keycloak Auth: https://sts.itlusions.com
This documentation is maintained by the ITlusions Platform Team.
Last Updated: September 14, 2025 | Version: 1.0 | Status: π’ Active
π‘ Tip: Bookmark this README and the Documentation Index for quick access to all Kubernetes resources!
Happy Kubernetes-ing! π’