gravity

module
v0.0.0-...-0755659 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 8, 2019 License: Apache-2.0

README

Gravity

Gravity is an upstream Kubernetes packaging solution that takes the drama out of on-premises deployments.

Project Links Description
Gravity Website The official website of the enterprise version of Gravity called Telekube
Gravity Documentation Gravity Documentation (aka, Telekube)
Blog Our blog, where we publish Gravity news
Security Updates Gravity Community Security Updates
Community Forum Gravity Community Forum

Introduction

Gravity is an open source tooklit for creating "images" of Kubernetes clusters and the applications running inside the clusters. The resulting images are called application bundles and they are just .tar files.

An application bundle can be used to re-create full replicas of the original cluster in any environment where compliance and consistency matters, i.e. in locked-down AWS/GCE/Azure environments or even in air-gapped server rooms. A bundle can run without human supervision, as a "kubernetes appliance".

Gravity has been running in production in major financial institutions, government data centers and enterprises. Gravitational open sourced it in the fall of 2018.

Gravity

Gravity vs ...

There are plenty of Kubernetes distributions out there. Most of them aim to be flexible, general purpose platforms. Gravity has a more narrow focus on compliance and reducing the overhead of managing Kubernetes:

  • Gravity clusters are idempotent, i.e. clusters created from the same bundle are always identical. There is no configuration drift over time; no "special snowflakes".
  • Gravity clusters are always "wrapped" with a privileged access gateway called Teleport, which unifies k8s and SSH authentication and keeps a detailed audit log for compliance purposes.
  • Gravity includes tools to perform infrastructure validation prior to cluster provisioning. This allows cluster designers to prevent users from installing clusters on infrastructure that does not meet the system requirements.
  • Gravity clusters only allow Kubernetes components that have been thoroughly tested by Gravitational Inc for compatibility and stability. These components are called a "Kubernetes Runtime". Users can pick a Runtime but Gravity does not allow any customization of individual components of Kubernetes.

Who is Gravity for?

We have seen the following primary use cases for using a image-based Kubernetes approach (there may be others):

  • Deploying complex SaaS applications into on-premises enterprise environments.
  • Managing many idempotent Kubernetes clusters in environments where compliance and security matters. An example would be if you want the same, compliant Kubernetes environment across a variety of organizations or infrastructure environments.
  • Environments where autonomous Kubernetes is required, such as large multi-node hardware appliances, production floors, edge deployments, etc.

Anyone who needs Kubernetes best practices out of the box, without having to proactively manage it can benefit from Gravity. It allows you to focus on building your product instead of managing Kubernetes.

Application Bundles

An Application Bundle produced by Gravity includes:

  • All Kubernetes binaries and their dependencies.
  • Built-in container registry.
  • De-duplicated layers of all application containers inside a cluster.
  • Built-in cluster orchestrator which guarantees HA operation, in-place upgrades and auto-scaling.
  • Installation wizard for both CLI and web browser GUI.

A bundle is all one needs to re-create the complete replica of the original Kubernetes cluster, with all deployed applications inside, even in an air-gapped server room.

Remote Access and Compliance

Each cluster provisioned with Gravity includes the built-in SSH/Kubernetes gateway called Teleport. Teleport provides the following benefits:

  • One-step authentication which issues credentials for both k8s API and SSH.
  • Ability to implement compliance rules like "developers must never touch production data".
  • Ability to grant remote access to the cluster via SSH or via k8s API, even if the cluster is located behind NAT with no open ports.
  • Keeps a detailed audit log (including fully recorded interactive sessions) for all SSH commands and all kubectl commands executed on cluster nodes.

Teleport can also be used independently without Gravity, it has been audited multiple times by reputable cyber security companies and it has been deployed in production in multiple organizations.

Is Gravity Production Ready?

Yes! Even though Gravity was open sourced in September 2018, it started life much earlier, as a component of a larger, proprietary system called Telekube.

Fully autonomous Gravity clusters are running inside of large banks, government institutions, enterprises, etc. Some of the commercial users of Gravity are listed on the Gravitational web site

Why did We Build Gravity?

Gravity was built by Gravitational Inc, a company based in Oakland, California. Gravitational's mission is to allow software creators to easily share their products with customers without having to convert themselves into software operators.

The original use case for Gravity was to allow Kubernetes applications to be deployed into 3rd party environments, like on-premises datacenters. That's why Gravity includes features like the built-in, graphical cluster installer, infrastructure validation and a built-in privileged access manager (Teleport) for providing remote support.

These features also resonated with security-minded teams who need to run applications in environments where compliance matters. Gravity clusters are always identical and do not allow any configuration drift over time, which allows cluster designers (aka, Devops or SREs) to "publish" clusters that are approved for production and allow multiple teams within the organization to rapidly scale their Kubernetes adoption without having to become security and Kubernetes experts themselves.

Building from source

Gravity is written in Go. There are two ways to build the Gravity tools from source: by using locally installed build tools or via Docker. In both cases you will need a Linux machine.

Building on MacOS, even with Docker, is possible but not currently supported

$ git clone git@github.com:gravitational/gravity.git
$ cd gravity

# Running 'make' with the default target uses Docker.
# The output will be stored in build/current/
$ make

# If you have Go 1.10+ installed, you can build without Docker which is faster.
# The output will be stored in $GOPATH/bin/
$ make install

# To remove the build artifacts:
$ make clean

Known Issues

While the code is open source, we're still working on updating the documentation to reflect the differences between the proprietary and community/OSS editions of the software. We are also working on providing open source users with pre-built binaries on a regular basis.

Questions?

For more information reach out to info@gravitational.com

Directories

Path Synopsis
assets
lib
app
Package app implements gravity application support for import and configuration and management
Package app implements gravity application support for import and configuration and management
app/resources
+groupName=gravitational.io
+groupName=gravitational.io
app/suite
package suite contains a backend-independent application service acceptance test suite
package suite contains a backend-independent application service acceptance test suite
constants
package constants contains global constants shared between packages
package constants contains global constants shared between packages
fsm
hub
loc
network/validation/proto
Package proto is a generated protocol buffer package.
Package proto is a generated protocol buffer package.
ops
Site state transitions ----------------------
Site state transitions ----------------------
ops/suite
package suite contains a ops service acceptance test suite that is backend implementation independent, used both for services and clients
package suite contains a ops service acceptance test suite that is backend implementation independent, used both for services and clients
pack
package pack defines packaging format used by gravity
package pack defines packaging format used by gravity
pack/suite
Package suite contains a package service acceptance test suite that is backend implementation independent each storage will use the suite to test itself
Package suite contains a package service acceptance test suite that is backend implementation independent each storage will use the suite to test itself
process
handler introduces new way to access site API:
handler introduces new way to access site API:
rpc
rpc/inprocess
Package inprocess implements in-process network connections and corresponding dialing/listening.
Package inprocess implements in-process network connections and corresponding dialing/listening.
rpc/proto
Package proto is a generated protocol buffer package.
Package proto is a generated protocol buffer package.
rpc/proxy
Package proxy implements a simple network proxy for tests
Package proxy implements a simple network proxy for tests
run
schema
This package implements compatibilty layer to bridge previous provider/provisioner mismatch and as such is discouraged for future use.
This package implements compatibilty layer to bridge previous provider/provisioner mismatch and as such is discouraged for future use.
schema/v1
Package v1 is the v1 version of the API.
Package v1 is the v1 version of the API.
sni
storage
Package storage implements storage backends for objects in portal - Accounts, Sites and others these implementations are supposed to be dumb - no business logic just storage logic should be handled to keep the backend implementations small.
Package storage implements storage backends for objects in portal - Accounts, Sites and others these implementations are supposed to be dumb - no business logic just storage logic should be handled to keep the backend implementations small.
storage/keyval
Package keyval implements Etcd and BoltDB powered storage
Package keyval implements Etcd and BoltDB powered storage
storage/suite
package suite contains a storage acceptance test suite that is backend implementation independent each storage will use the suite to test itself
package suite contains a storage acceptance test suite that is backend implementation independent each storage will use the suite to test itself
users/suite
package credssuite contains a storage acceptance test suite that is service implementation independent
package credssuite contains a storage acceptance test suite that is service implementation independent
webapi
Package webapi implements web proxy handler that provides various helpers for web UI, so it's OK to put UI specific stuff here
Package webapi implements web proxy handler that provides various helpers for web UI, so it's OK to put UI specific stuff here
tool
gravity command
tele command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL