Tectonic provides enterprise-ready tools to deploy and manage Kubernetes clusters.
|Installation||Reliable and secure installation of Kubernetes and Tectonic components|
|Security||Configuration for enterprise authorization, authentication, and custom TLS certificates|
|Networking||Customization and extension of Kubernetes network features|
|Monitoring||Built-in end-to-end monitoring of Kubernetes clusters using Prometheus|
|Management||Tools to facilitate effective day-to-day management of Kubernetes clusters|
|Open Cloud Services||Application catalog of fully managed software services available on-demand on Tectonic clusters|
|Tutorials||Tutorials for users new to Tectonic|
Some Tectonic features marked as Alpha are available only to users within a private Alpha program. If you are interested in joining this program, please contact us at firstname.lastname@example.org.
Install Tectonic on a full-fledged infrastructure for production level workloads. Platform installers are built on Terraform.
|Amazon Web Services (AWS)||Install Tectonic on AWS using a graphical user interface or directly through Terraform||Installing Tectonic on AWS using GUI Installing Tectonic on AWS using command line Manually booting clusters with Terraform AWS Installation requirements Tectonic installation variables for AWS Troubleshooting AWS installations Uninstalling Tectonic from AWS|
|Microsoft Azure||Install Tectonic on Azure using Terraform.||Installing Tectonic on Azure using command line Tectonic installation variables for Azure To register for Azure Private Networks Alpha program, email email@example.com|
|On-premises||Install Tectonic on on-premises servers using a graphical user interface or directly through Terraform.||Installing Tectonic on bare metal using GUI Installing Tectonic on bare metal using command line Bare metal installation requirements Tectonic installation variables for bare metal Troubleshooting bare metal installations Uninstalling Tectonic from bare metal|
Tectonic enables the management of user permissions and authentication through existing corporate identity stores at the user, group, or role level, federated through SAML, LDAP, or OIDC. Access control rules can be defined and mapped to be enforced consistently across all interfaces (Console, command line, or direct API access).
|Identity Federation||Enable identity federation through existing enterprise authentication systems, including OpenID Connect (OIDC), LDAP (Lightweight Directory Access Protocol), and Security Assertion Markup Language (SAML), allowing administrators to map cluster RBAC bindings to an existing authentication system over a secure channel.||Tectonic Identity and user management Tectonic Identity configuration LDAP integration SAML integration|
|Role-Based Access Control (RBAC)||Use Kubernetes’ Role-Based Access Control (RBAC) to manage user roles and permissions within Tectonic clusters. Use Tectonic to grant cluster-wide or namespace-specific access for users and groups defined within existing IdP systems. Permissions are enforced through both Tectonic Console and kubectl.||Tectonic Role-Based Access Control Creating Tectonic accounts Defining Tectonic user roles Adding a service account to a Tectonic cluster|
|TLS certificates||Provide a Certificate Authority Certificate and Key (in PEM format) during Tectonic installation to secure access to Tectonic Console and any service accessing Tectonic ingress controller. The provided Key will be used to sign all generated certificates for the cluster.||Tectonic TLS Topology TLS Certificates for Tectonic Custom TLS for etcd Custom TLS for Tectonic Ingress Custom TLS for Kubernetes Custom TLS for Tectonic Identity|
Tectonic comes with a number of networking capabilities that are essential for Kubernetes network management at scale.
|Network Policy||Use Tectonic supported flannel or Calico to enable network policy, and define namespace isolation at the network layer, and fine-grained security between your Kubernetes pods. [ALPHA]||To register for the Network Policy Alpha program, email firstname.lastname@example.org|
|Border Gateway Protocol (BGP) routing on bare metal||Use the integrated project Calico to enable Border Gateway Protocol (BGP) networks, a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet. [ALPHA]||To register for the Border Gateway Protocol Alpha program, email email@example.com|
|Ingress||Use the provided Ingress Controller to expose the Tectonic Console and Tectonic Identity services. Tectonic Ingress is also configured to watch the Kubernetes API for Ingress resources and update their configuration to expose Kubernetes services.||Configuring Tectonic Ingress|
Tectonic ships with a pre-configured and self-updating monitoring stack that is based on the Prometheus open source project and its wider ecosystem. It provides monitoring of cluster components and ships with a set of alerts to immediately notify cluster admins about any occurring problems.
|Built-in Prometheus||Use the built-in, fully managed Prometheus instance to monitor the Tectonic cluster itself. This instance includes alerting rules to notify operators about problems in a cluster, based on key metrics collected from each Tectonic node.||Tectonic Monitoring Monitoring applications Monitoring namespaces Configuring Tectonic Monitoring|
|Pre-configured Dashboards||Use Tectonic Console’s pre-configured monitoring dashboards to view key cluster capacity and cluster health metrics. Augment these using Grafana dashboards to provide more extensive analysis.||Stay tuned for documentation|
|Prometheus Alerts||Configure the included central, highly available Prometheus Alertmanager cluster to notify administrators of potential cluster issues. Tectonic’s pre-configured alert library is built from years of operational knowledge gained through the cumulative set of Tectonic customer clusters.||Configuring alerts Tectonic pre-configured alerts|
Manage clusters using Tectonic’s component-spanning features.
|Console||Manage clusters using the web based user interface of Tectonic Console. Restrict user access by namespace through Role-Based Access Control.||Managing pull secrets Managing namespaces Persistent volumes|
|Automated operations||Enable single-click operational tasks, such as upgrades and backups of entire clusters, for both pure, upstream Kubernetes and the Container Linux operating system to ensure that clusters are always up to date with the most recent feature and security releases.||Upgrading Tectonic Scaling Tectonic clusters on AWS Scaling Tectonic clusters on bare metal|
|Workload separation||Guarantee a clear separation between control plane and user workloads, and improve the reliability of the control plane by spreading services across multiple nodes.||Separating Tectonic master and worker workload|
|Metering and Chargeback||Generate usage reports per namespace, pod, label, and application. Reports show CPU and memory usage (actual and reserved), as well as the correlation of usage to underlying IaaS cost for AWS clusters. [PUBLIC ALPHA]||Installing Chargeback Chargeback configuration options Using Chargeback Reports|
|Multi-cluster Registry||Manage multiple clusters, across multiple clouds (on public or private, on-premises clouds) through a single Tectonic Console. Define centralized Role-Based Access Control rules for access to different clusters. [PUBLIC ALPHA]||Enabling multi-cluster registry in Tectonic Installing the multi-cluster registry Multi-cluster user access policies|
|Log management||Configure Tectonic to direct all host system, container, and API server audit logs to a logging store (using Fluentd and Elasticsearch). Tag logs based on metadata such as container name.||Managing infrastructure and application logs with Tectonic|
|Troubleshooting||Troubleshoot Tectonic and Tectonic clusters.||Troubleshooting Tectonic clusters|
Open Cloud Services (OCS) are software services made available to Tectonic users on demand and in their own environment. Like public cloud services, OCSs take care of the heavy lifting of maintaining open source projects by automating maintenance tasks such as regular, one-click, zero-downtime updates, disaster recovery, and horizontal scaling. Unlike public cloud services like AWS DynamoDB, OCSs are first class Kubernetes resources and are truly portable to any datacenter or cloud. Because an OCS runs in your environment, the system is transparent and you can see the see the container, logs, flags, and config file inside of your Kubernetes environment.
|Open Cloud Services catalog||Use Tectonic Console’s Open Cloud Services catalog to deploy, consume, and manage services consistently across platforms. Allow infra-admins to easily deploy services into the namespace of their choice, and app developers to easily create and manage the services’ instances.||Tectonic Open Cloud Services catalog Working with Open Cloud Services|
|Vault Open Cloud Service||Fully managed Vault secret management instances with support for automated updates, high availability, and backup and restore. Vault enables the disintermediation of cloud provider authentication APIs and associates them with container identity. [BETA]||Vault Open Cloud Service Configuring Vault nodes Setting up Ingress Upgrading a Vault cluster Vault resource labels Using the Kubernetes auth backend Using Vault-UI on Tectonic Disaster recovery Setting up TLS for Vault|
|etcd Open Cloud Service||Fully managed etcd distributed key value store instances with support for automated updates, high availability, and backup and restore. etcd is the leading open source distributed key value store for cloud native applications. [BETA]||etcd Open Cloud Service etcd client service Status events and conditions etcd resource labels Cluster TLS policy Cluster spec examples|
|Prometheus Open Cloud Service||Fully managed Prometheus monitoring server instances with support for automated updates and high availability. Prometheus is the leading open source monitoring solution for cloud native applications. [PUBLIC ALPHA]||Prometheus Open Cloud Service Getting started Alerting|
These tutorials are designed to help new users create a Tectonic cluster and learn how to use it quickly.
|Tectonic and Kubernetes||Demonstrates how to bring up a cluster, then part it out, break the system, and watch it rebuild automatically||Tectonic and Kubernetes|
|Amazon Web Services||Install, observe, and scale clusters on AWS using Tectonic.||Installing Tectonic on AWS|
|Microsoft Azure||Install, observe, and scale clusters on Azure using Tectonic.||Installing Tectonic on Azure|
|Container Linux||Container Linux redefines the operating system as a smaller, more compact Linux distribution. Traditional distros package unused software that leads to dependency conflicts and needlessly increases the attack surface.||Container Linux|
|etcd||A distributed key value store that provides a reliable way to store data across a cluster of machines.||etcd|
|Clair||Clair provides static analysis of vulnerabilities in appc and docker containers.||Clair|
|flannel||flannel is a virtual network that gives a subnet to each host for use with container runtimes.||flannel|