Skip to content
Permalink
Browse files

synced with old repo

  • Loading branch information
xavier-r-millot committed Nov 21, 2019
1 parent c737be1 commit 3e441a3df5d22e6676cdec4613c80339bc849add
Showing with 307 additions and 14 deletions.
  1. +12 −14 README.md
  2. +18 −0 dev-manifest.yaml
  3. +18 −0 dev-scripts/fast-kapi-pod.yaml
  4. +9 −0 dev-scripts/fast-kapi.sh
  5. +250 −0 manifest.yaml
@@ -10,12 +10,10 @@ MOSAIC is a web app made up of [three deployments](https://github.com/nectar-cs/

The MOSAIC alpha is primarily focused on develoment/staging workflows - the phase when you're building confidence in your cluster's behavior before production. MOSAIC is not a provisioning tool, nor is it a platform. It helps you make fewer mistakes and solve problems faster.

It is designed for intermediate-level Kubernetes users whose:
+ sub-godly proficiency in the K-verse slows them down
+ skin crawls at the thought of opaque, lock-in-hungry PaaS'es
+ ears are open at the idea of making K8s friendlier without taking over it

In short, MOSAIC is for non-K-gods who want to move faster while retaining their agency over their infra.
It is designed for intermediate-level Kubernetes users:
+ whose sub-godly proficiency in the K-verse slows them down
+ who dread opaque, lock-in-hungry, buzz-killing PaaS'es
+ who keep it programmatic but are open visual sidekicks when legitimate


# Installation
@@ -44,6 +42,8 @@ kubectl delete clusterrolebinding/nectar-permissions

Note that none of the deps use resource limits at the moment. I'm waiting for some community feedback before settling on those.

Finally, keep in mind that **MOSAIC is still in alpha** so there will be bugs.

# Workflow / GitOps

MOSAIC's world view is that one deployment ~= one microservice. During setup, it discovers your deployments and has you **bind** them to their respective **GitHub Repos** and **Docker Image Repos**.
@@ -171,20 +171,18 @@ You'll see this popup quite frquently.

## What *is* Nectar?

Nectar is the company that makes MOSAIC. We're just out of stealth mode, have recently raised pre-seed, and are based in London.

Kubernetes is both complex and complicated.

Complex is why we love it - it's what makes orchestration powerful - it's inherent.
Nectar is the company that makes MOSAIC. We're just out of stealth mode,
have raised pre-seed, are raising seed now, and are based in London.

Complicated is why some hate it - orchestration's greatest weakness - but *we* believe it's *not* inherent.
You just installed foreign software into your cluster to enhance it. We want to make that the norm, because that's how we think tomorrows's systems will be built: out of other sub systems.

That's why **Nectar's mission** is to make orchestion *orderly*.
But how can we trust the systems we integrate if they're so opaque? Our first step is to bring transparency to the cloud native executables (YAML + images). MOSAIC is the first page in that chapter.

Ultimately, our vision is to become the new hub, the new clearing house for cloud native executables.

## Getting involved

If this gets you excited, if you're feeling crazy, have some water. After that, drop me a line at xavier@codenectar.com or on the K8s slack.
If this gets you excited, if you're feeling crazy, have some water. After that, drop me a line at [xavier@codenectar.com](mailto:xavier@codenectar.com) or on the K8s slack.

We're looking for cream of the crop engineers who want to create the new standard in container orchestration for the next decade.

@@ -0,0 +1,18 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: nectar-dev

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nectar-dev
subjects:
- kind: User
name: system:serviceaccount:default:nectar-dev
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
@@ -0,0 +1,18 @@
---
apiVersion: v1
kind: Pod

metadata:
name: fast-kapi
namespace: nectar
labels:
app: fast-kapi

spec:
serviceAccountName: nectar
containers:
- name: main
image: xaviermillot/kapi-test:latest
imagePullPolicy: 'Always'
ports:
- containerPort: 5000
@@ -0,0 +1,9 @@
#!/bin/bash

cd $HOME/workspace/nectar-mosaic/kapi
docker build . -t xaviermillot/kapi-test:latest
docker push xaviermillot/kapi-test:latest
kubectl delete pod -l app=fast-kapi -n nectar

cd $HOME/workspace/nectar-mosaic/infra/dev-scripts
kubectl apply -f fast-kapi-pod.yaml -n nectar
@@ -1 +1,251 @@
# ------------------ PERMS----------------------

apiVersion: v1
kind: Namespace
metadata:
name: nectar

---

apiVersion: v1
kind: ServiceAccount
metadata:
name: nectar
namespace: nectar

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nectar-cluster-wide-role
namespace: nectar
rules:
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "update", "patch"]
- apiGroups: ["apps"]
resources: ["deployments/scale"]
verbs: ['*']
- apiGroups: [""]
resources: ["services", "events", "endpoints", "pods/logs"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["list"]
- apiGroups: [""]
resources: ["pods", "pods/exec", "pods/attach"]
verbs: ['*']


---


kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nectar-permissions
namespace: nectar
subjects:
- kind: ServiceAccount
name: nectar
namespace: nectar
roleRef:
kind: ClusterRole
name: nectar-cluster-wide-role
apiGroup: rbac.authorization.k8s.io




---





# ------------------ KAPI DEP AND SVC----------------------







apiVersion: apps/v1
kind: Deployment
metadata:
name: kapi
namespace: nectar
labels:
app: kapi
core: "true"
spec:
replicas: 1
selector:
matchLabels:
app: kapi
template:
metadata:
namespace: nectar
labels:
app: kapi
spec:
serviceAccountName: nectar
containers:
- name: main
image: xnectar/kapi:latest
imagePullPolicy: 'Always'
ports:
- containerPort: 5000
env:
- name: DOCKER_HOST
value: tcp://dind.nectar:2375


---


kind: Service
apiVersion: v1
metadata:
name: kapi
namespace: nectar
labels:
app: kapi
core: "true"
spec:
type: ClusterIP
selector:
app: kapi
ports:
- protocol: TCP
port: 5000
targetPort: 5000

---






# ------------------ DIND DEP AND SVC----------------------







apiVersion: apps/v1
kind: Deployment
metadata:
name: dind
namespace: nectar
labels:
app: dind
core: "false"
spec:
replicas: 1
selector:
matchLabels:
app: dind
template:
metadata:
namespace: nectar
labels:
app: dind
spec:
serviceAccountName: nectar
containers:
- name: dind
image: docker:18.05-dind
securityContext:
privileged: true
volumeMounts:
- name: dind-storage
mountPath: /var/lib/docker
volumes:
- name: dind-storage
emptyDir: {}


---


kind: Service
apiVersion: v1
metadata:
name: dind
namespace: nectar
labels:
app: dind
core: "false"
spec:
type: ClusterIP
selector:
app: dind
ports:
- protocol: TCP
port: 2375
targetPort: 2375


---






# ------------------ FRONTEND DEP AND SVC----------------------





apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: nectar
labels:
app: frontend
core: "true"
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
namespace: nectar
labels:
app: frontend
spec:
containers:
- name: main
image: xnectar/frontend:latest
imagePullPolicy: 'Always'


---


kind: Service
apiVersion: v1
metadata:
name: frontend
namespace: nectar
labels:
app: frontend
core: "true"
spec:
type: ClusterIP
selector:
app: frontend
ports:
- protocol: TCP
port: 80
targetPort: 80

0 comments on commit 3e441a3

Please sign in to comment.
You can’t perform that action at this time.