Some Tectonic features marked as Alpha are available only to users within a private Alpha program. If you are interested in joining this program, please contact us at firstname.lastname@example.org.
Install Tectonic on a full-fledged infrastructure for production level workloads. Platform installers are built on Terraform.
Amazon Web Services (AWS)
Install Tectonic on AWS using a graphical user interface or directly through Terraform
Tectonic enables the management of user permissions and authentication through existing corporate identity stores at the user, group, or role level, federated through SAML, LDAP, or OIDC. Access control rules can be defined and mapped to be enforced consistently across all interfaces (Console, command line, or direct API access).
Enable identity federation through existing enterprise authentication systems, including OpenID Connect (OIDC), LDAP (Lightweight Directory Access Protocol), and Security Assertion Markup Language (SAML), allowing administrators to map cluster RBAC bindings to an existing authentication system over a secure channel.
Use Kubernetes’ Role-Based Access Control (RBAC) to manage user roles and permissions within Tectonic clusters. Use Tectonic to grant cluster-wide or namespace-specific access for users and groups defined within existing IdP systems. Permissions are enforced through both Tectonic Console and kubectl.
Provide a Certificate Authority Certificate and Key (in PEM format) during Tectonic installation to secure access to Tectonic Console and any service accessing Tectonic ingress controller. The provided Key will be used to sign all generated certificates for the cluster.
Border Gateway Protocol (BGP) routing on bare metal
Use the integrated project Calico to enable Border Gateway Protocol (BGP) networks, a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet. [ALPHA]
Use the provided Ingress Controller to expose the Tectonic Console and Tectonic Identity services. Tectonic Ingress is also configured to watch the Kubernetes API for Ingress resources and update their configuration to expose Kubernetes services.
Tectonic ships with a pre-configured and self-updating monitoring stack that is based on the Prometheus open source project and its wider ecosystem. It provides monitoring of cluster components and ships with a set of alerts to immediately notify cluster admins about any occurring problems.
Use the built-in, fully managed Prometheus instance to monitor the Tectonic cluster itself. This instance includes alerting rules to notify operators about problems in a cluster, based on key metrics collected from each Tectonic node.
Use Tectonic Console’s pre-configured monitoring dashboards to view key cluster capacity and cluster health metrics. Augment these using Grafana dashboards to provide more extensive analysis.
Stay tuned for documentation
Configure the included central, highly available Prometheus Alertmanager cluster to notify administrators of potential cluster issues. Tectonic’s pre-configured alert library is built from years of operational knowledge gained through the cumulative set of Tectonic customer clusters.
Enable single-click operational tasks, such as upgrades and backups of entire clusters, for both pure, upstream Kubernetes and the Container Linux operating system to ensure that clusters are always up to date with the most recent feature and security releases.
Generate usage reports per namespace, pod, label, and application. Reports show CPU and memory usage (actual and reserved), as well as the correlation of usage to underlying IaaS cost for AWS clusters. [PUBLIC ALPHA]
Manage multiple clusters, across multiple clouds (on public or private, on-premises clouds) through a single Tectonic Console. Define centralized Role-Based Access Control rules for access to different clusters. [PUBLIC ALPHA]
Open Cloud Services (OCS) are software services made available to Tectonic users on demand and in their own environment. Like public cloud services, OCSs take care of the heavy lifting of maintaining open source projects by automating maintenance tasks such as regular, one-click, zero-downtime updates, disaster recovery, and horizontal scaling. Unlike public cloud services like AWS DynamoDB, OCSs are first class Kubernetes resources and are truly portable to any datacenter or cloud. Because an OCS runs in your environment, the system is transparent and you can see the see the container, logs, flags, and config file inside of your Kubernetes environment.
Open Cloud Services catalog
Use Tectonic Console’s Open Cloud Services catalog to deploy, consume, and manage services consistently across platforms. Allow infra-admins to easily deploy services into the namespace of their choice, and app developers to easily create and manage the services’ instances.
Fully managed Vault secret management instances with support for automated updates, high availability, and backup and restore. Vault enables the disintermediation of cloud provider authentication APIs and associates them with container identity. [BETA]
Fully managed etcd distributed key value store instances with support for automated updates, high availability, and backup and restore. etcd is the leading open source distributed key value store for cloud native applications. [BETA]
Fully managed Prometheus monitoring server instances with support for automated updates and high availability. Prometheus is the leading open source monitoring solution for cloud native applications. [PUBLIC ALPHA]
A comprehensive container registry for building, storing, and distributing containers to your servers. Quay is offered as a packaged solution private instances installation as Quay Enterprise as well as a SaaS service as Quay.io.
Container Linux redefines the operating system as a smaller, more compact Linux distribution. Traditional distros package unused software that leads to dependency conflicts and needlessly increases the attack surface.