A GitOps based approach to configuring a secure cluster and provisioning secure namespaces as a part of Operations as a Service (OaaS).
Kubernetes Operations as a Service - Secure Cluster consists of a Helm chart for provisioning namespaces as well as an example setting this up. The roadmap includes creating a Kubernetes operator to take over responsibility for namespace provisioning in a more powerful and dynamic way.
Operations as a Service (OaaS) for Kubernetes is a "shift-left" approach for development for security and operations. OaaS for Kubernetes consists of a number of repositories besides this one:
-
observable cluster (potential common ingestpoint for operations on-demand)
-
cluster tools (advanced secrets management including backup and restore)
The Secure Cluster is the coined term used for a gitOps enabled cluster setup, that installs a gitOps engine in a dedicated namespace and sets a number of sensible defaults for the cluster as well as for each additionally generated namespace.
The defaults are e.g. pod security policies, pod security context, default limits and network polices which should be helpful to have configured from the start of development. The target audience for this is clusters used by one or more teams developing applications and services.
An example setting up a cluster configured using GitOps and flux2 as well as using the oaas-namespace chart creating
namespaces for two teams is found under examples.