Stakpak Reference Kubernetes Platform

A subjective reference architecture for a production ready Kubernetes-based application platform.

Within each layer items are ordered chronologically. We recommend you fullfill items at the top of the list before making your way down, you may wish to skip some items at the end of each list depending on your own requirements.

Next to each list item we recommend between parenthesis "()" our goto technology to implement this item, but it is a matter of preference, there are multiple tools that can fullfill each requirement (the blessing and the curse of the cloud-native landscape).

The Demo App

GoogleCloudPlatform/microservices-demo

00 Foundation

• VPC
• Subnets
• IAM
• DNS
• Cluster
• NAT

10 Platform

1. Gateway/Ingress (Ingress Nginx)
2. Secret Management (External Secret Operator)
3. Certificate Management (Cert Manager)
4. Continous Delivery (Argo CD)
5. Cluster Autoscaling

20 Observability

1. Visualization (Grafana)
2. Logging (Grafana Loki)
3. Metrics (Prometheus)
4. Auto-instrumented Tracing (Pixie)
5. Tracing (Grafana Tempo & Open Telemetry)

30 Resilience

1. Volume Backups (native cloud backups or Longhorn or Velero)
2. API/etcd Backups (Velero)

40 FinOps

1. Event-driven Autoscaling (KEDA)
2. Optimized Cluster Autoscaling (AWS:Karpenter)
3. Cost Monitoring (OpenCost)

50 Security

1. Configuration Security (Kyverno)
2. Image Security (Trivy)
3. Cloud Security Posture (Prowler)
4. CIS Benchmarks (Trivy)
5. Service Mesh (Cilium)
6. Runtime Monitoring (Falco)
7. MicroVM Isolation (Firecracker)

60 Developer Self-Service

1. Workflows & Runbooks (Argo Workflows)
2. Service Catalog

70 IaaS Management

1. Cloud Resources (Crossplane)
2. DNS (External DNS)
3. Cluster Fleet (Cluster API or Gardener)

80 Container Optimized OS

1. AWS (Bottlerocket)
2. Anywhere (Fedora CoreOS)