{"id":30120041,"url":"https://github.com/stakater/stakaterplatform","last_synced_at":"2025-08-10T12:53:06.331Z","repository":{"id":44324545,"uuid":"220933741","full_name":"stakater/StakaterPlatform","owner":"stakater","description":"Stakater platform provides out of the box stacks to control, monitor, log, trace and security for applications deployed on kubernetes using CI/CD pipelines.","archived":false,"fork":false,"pushed_at":"2023-12-16T08:26:34.000Z","size":582,"stargazers_count":14,"open_issues_count":2,"forks_count":5,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-04-15T04:16:41.473Z","etag":null,"topics":["ci-cd","logging","monitoring","security","tracing"],"latest_commit_sha":null,"homepage":"http://stakater.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stakater.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-11-11T08:22:15.000Z","updated_at":"2024-02-29T20:59:48.000Z","dependencies_parsed_at":"2022-09-05T07:11:51.859Z","dependency_job_id":null,"html_url":"https://github.com/stakater/StakaterPlatform","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/stakater/StakaterPlatform","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stakater%2FStakaterPlatform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stakater%2FStakaterPlatform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stakater%2FStakaterPlatform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stakater%2FStakaterPlatform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stakater","download_url":"https://codeload.github.com/stakater/StakaterPlatform/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stakater%2FStakaterPlatform/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269727088,"owners_count":24465397,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-10T02:00:08.965Z","response_time":71,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci-cd","logging","monitoring","security","tracing"],"created_at":"2025-08-10T12:53:01.093Z","updated_at":"2025-08-10T12:53:06.305Z","avatar_url":"https://github.com/stakater.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# StakaterPlatform\n\n## Problem Statement\n\nWhen an individual or a company deploys a kubernetes cluster for workload management. *What is the next thing required*. Security, Monitoring, Logging, Tracing, Alerting and CI/CD for workloads, a lot of great opensource tools exist for these processes and selecting a tools based on industry's standards and recommendations is quite a hard \u0026 duanting task as it requires a lot of research that fulfill the requirements.\n\n## Solution\n\nWe at Stakater understand the industry's problem and keeping that in mind we have developed a consolidated solution named `StakaterPlatform` that will help the community to adopt Security, Monitoring, Logging, Tracing, Alerting and CI/CD processes for thier workloads.\n\n## Introduction\n\n`StakaterPlatform` gives a head-start to individuals and companies with a set of seven stacks containing best of the breed opensource tools based on industry's recommendation and best practices for `monitoring`, `logging`, `security`, `tracing` and `alerting` of Kubernetes cluster. End-users only need to focus on developing their application while everything else will be managed by `StakaterPlatform`!\n\n`StakaterPlatform` uses community managed helm charts and docker images.\n\nFor detailed walk-through please visit [StakaterPlatform on Stakater Playbook](https://playbook.stakater.com/content/stakaterplatform/stakaterplatform.html)\n\nStakaterPlatform consist of 7 stacks:\n\n- [Control](https://playbook.stakater.com/content/stakaterplatform/stakaterplatform.html#control-stack)\n- [Delivery](https://playbook.stakater.com/content/stakaterplatform/stakaterplatform.html#delivery-stack)\n- [Logging](https://playbook.stakater.com/content/stakaterplatform/stakaterplatform.html#logging-stack)\n- [Monitoring](https://playbook.stakater.com/content/stakaterplatform/stakaterplatform.html#monitoring-stack)\n- [Security](https://playbook.stakater.com/content/stakaterplatform/stakaterplatform.html#security-stack)\n- [Alerting](https://playbook.stakater.com/content/stakaterplatform/stakaterplatform.html#alerting-stack)\n- [Tracing](https://playbook.stakater.com/content/stakaterplatform/stakaterplatform.html#tracing-stack)\n\nTable for Stacks tools:\n\n| Control | Delivery | Logging | Monitoring | Security | Alerting | Tracing |\n|---|---|---|---|---|---|---|\n| [External DNS](https://github.com/kubernetes-sigs/external-dns) | [Jenkins](https://github.com/jenkinsci/jenkins) | Elasticsearch | [Prometheus Operator](https://github.com/coreos/prometheus-operator) | [Keycloak](https://github.com/keycloak/keycloak) | Uptime Robot | [Istio](https://istio.io/docs/reference/config/installation-options/) |\n| [Nginx Ingress](https://github.com/kubernetes/ingress-nginx) | [Sonatype-Nexus](https://github.com/sonatype/nexus-public) | Fluentd | [Metrics Server](https://github.com/coreos/prometheus-operator) | [Proxy Injector](https://github.com/stakater/proxyinjector) | Slack ||\n| [Descheduler](https://github.com/kubernetes-sigs/descheduler) | RDLM | Eventrouter |||||\n| [Forecastle](https://github.com/stakater/forecastle) || Kibana |||||\n| [Reloader](https://github.com/stakater/Reloader) || Cerebro |||||\n| [Sealed Secret Controller](https://github.com/bitnami-labs/sealed-secrets) || Elasticsearch Curator |||||\n| [K8S Dashboard](https://github.com/kubernetes/dashboard) || Logrotate |||||\n| [Gitwebhookproxy](https://github.com/stakater/GitWebhookProxy) || [Konfigurator](https://github.com/stakater/Konfigurator) |||||\n| [Ingress Monitor Controller](https://github.com/stakater/IngressMonitorController) |||||||\n| [Xposer](https://github.com/stakater/Xposer) |||||||\n\n## Prerequisites\n\n- Kubernetes cluster with at least 8 VCPUS \u0026 32 GB of RAM\n- A working domain (e.g. `stakaterplatform.com` ) \n- SSL Certificate for that domain. [Creating \u0026 using custom SSL certificates](https://playbook.stakater.com/content/processes/exposing/create-use-tls-custom-cert.html)\n\n## Tools/Terms\n\n- **Flux:** You define the entire desired state of your cluster in git and flux ensures that the current state matches the one declared in repo.\n- **Kubeseal:** Required to encrypt base64 encoded secrets to commit-able(git) [sealed-secrets](https://playbook.stakater.com/content/workshop/sealed-secrets/introduction.html)\n\n## Install from local machine\n\n## Video Tutorial\n\nInstallation tutorial for local machine can be seen [here](https://youtu.be/92qIaqJgaLw)\n\n### Prerequisites\n\n- kubectl (between v1.11 \u0026 v1.15.3)\n- helm (v2.15.0 or lower)\n- [kubeseal](https://github.com/bitnami-labs/sealed-secrets/releases)\n\n\n1. [Duplicate](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/duplicating-a-repository#mirroring-a-repository) this [repository](https://github.com/stakater/stakaterplatform).\n2. Update [configuration variables](#Basic-Configuration) in `variables.config` file and provide the relevant values.\n3. [Recommended but optional] To take full advantage of the tool stack configure [Additional Variables](docs/detailed-config.md) as well.\n4. Ensure that correct context is set for kubectl \u0026 helm.\n5. run `make configure`, this will make all required substitutions based on configuration variables in the repository. When prompted commit those changes, don't commit them if you want to run everything from your local machine i.e. No flux hence no GitOps.\n6. For deployment there are two options:\n    \n    a. Using [flux](https://playbook.stakater.com/content/processes/gitops/gitops-with-flux.html), [Add the public SSH key](https://help.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account) of flux(configs/flux.pub) to your Git repository with **write access**. For flux run `make deploy-flux` and provide git credentials on prompt.\n    \n    b. Without flux, just don't add flux key and this will remove the process of GitOps(using flux) from your cluster. It removes the need of having your repository available remotely. Run `make deploy`\n\n7. Estimated time for everything to be up and running is 5-10. Use the printed dashboard token to access the Kubernetes dashboard at `dashboard-control.YOURDOMAINNAME`\n8. Visit `https://forecastle-control.YOURDOMAINNAME` and you'll be able to view all applications deployed by StakaterPlatform.\n\n\n**Note:** Since `variables.config` file and `configs/` directory contains private information those files are not being\n tracked in git and won't/shouldn't be committed. In case you want to commit those changes run `make track-secrets`.\n\n## Install via GitLab CI Pipeline\n\n1. [Duplicate](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/duplicating-a-repository#mirroring-a-repository) this [repository](https://github.com/stakater/stakaterplatform) in a GitLab account.\n2. Update [configuration variables](#Basic-Configuration) in `variables.config` file and provide the relevant values.\n3. Create a [Personal Access Token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token) on GitLab and note down Personal Access Token (Available only when created)\n4. Configure CI/CD Environment variables in `\u003cYour GitLab Project\u003e -\u003e Settings -\u003e CI/CD`.\n5. Add Following variables for the pipeline\n\n| Pipeline Variables | Description |  \n|:---|:---|\n| KUBE_CONFIG | `Base64 encoded` KubeConfig of the kubernetes cluster you want to deploy on |\n| REPO_ACCESS_TOKEN | Personal access token generated in Step 3 |\n| TARGET | Make file target. Value: `pipeline-deploy` |\n| AWS_ACCESS_KEY_ID | (Define only if `CLOUD_PROVIDER` is `aws`) AWS Access Key Id. |\n| AWS_SECRET_ACCESS_KEY | (Define only if `CLOUD_PROVIDER` is `aws`) AWS Secret Access Key. |\n\n6. [Add the public SSH key](https://docs.gitlab.com/ee/ssh/#per-repository-deploy-keys)(Deploy Keys) to your GitLab account with **write access** printed at the end of pipeline logs.\n7. Once key is added StakaterPlatform will deploy on your cluster (Estimated time: 5-10 minutes). :confetti_ball: \n8. Use the printed dashboard token to access the Kubernetes dashboard at `dashboard-control.DOMAIN`\n\n### Flow Diagram for Deployment via GitLab CI Pipeline\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"./images/pipeline-flow.png\"\u003e\n\u003c/p\u003e\n\n## Verification\n\n### Locally\nRun `make verify` to run tests to ensure that all the relevant endpoints are up and running.\n\n### GitLab CI\nRun pipeline with Pipeline variable: `TARGET` = verify \n\nStakaterPlatform offers a tool [Forecastle](https://github.com/stakater/forecastle) to access tools from a single panel. Go to `forecastle-control.DOMAIN` to access forecastle after complete deployment where you can access all the tools offered by StakaterPlatform and verify if working fine\n\n![Diagram](./images/forecastle.png)\n\n## Default Credentials\n\nSee default username and passwords set for tools [here](./docs/default-passwords.md)\n\n## Basic Configuration\n| Variables | Description | Default |  \n|:---|:---|:---:|\n| CLOUD_PROVIDER | Name of the k8s cloud provider | `nil` \u003cbr\u003e (`aws` \\| `azure`) |\n| DNS_PROVIDER | Cloud DNS Provider | `aws` (Route53) |\n| EXTERNAL_DNS_AWS_ACCESS_KEY_ID | AWS Access Key Id having access to create/delete/update Route53 HostedZone entries | `nil` |\n| EXTERNAL_DNS_AWS_SECRET_ACCESS_KEY | AWS Secret Access Key having access to create/delete/update Route53 HostedZone entries | `nil` |\n| DOMAIN | Domain to use for StakaterPlatform | `nil` |\n| BASE64_ENCODED_SSL_CERTIFICATE_CA_CRT | Base64 encoded Intermediate Certificate value | `nil` |\n| BASE64_ENCODED_SSL_CERTIFICATE_TLS_CRT | Base64 encoded Server Certificate value |`nil` |\n| BASE64_ENCODED_SSL_CERTIFICATE_TLS_KEY | Base64 encoded Certificate Key value |`nil` |\n| STAKATER_PLATFORM_SSH_GIT_URL | SSH URL for your Github repo. | `nil`\u003cbr\u003e(e.g `git@github.com/stakater/StakaterPlatform.git`. Notice `:` is replaced with `/` in the URL ) |\n| STAKATER_PLATFORM_BRANCH | Branch to use for `STAKATER_PLATFORM_SSH_GIT_URL` | `master` |\n\n\nFor generating certificates view: [Creating \u0026 using custom SSL certificates](https://playbook.stakater.com/content/processes/exposing/create-use-tls-custom-cert.html)\n\n## Detailed Configuration and Stack definitions\n\nSee [Detailed Configurations](docs/detailed-config.md) for configuring available tools in the stacks.\n\nSee [Stakater Playbook](https://playbook.stakater.com/content/stacks/stakaterplatform.html#overview) for stack definitions and configuration options.\n\n## Uninstall\n\nRun `make destroy` to remove StakaterPlatform from your cluster.\n\n## Production Configuration and Hardening\n\n- Replace all secrets with sealed-secrets. [Stakater Workshop - Sealed Secrets](https://playbook.stakater.com/content/workshop/sealed-secrets/introduction.html) In coming updates for StakaterPlatform this will be followed by default\n- Change default usernames and passwords for all tools (`variables.config`)\n- Add your own SSH keys for flux\n- Use Identity Providers (e.g. Google, Active Directory etc.) and configure keyCloak to use that. [KeyCloak with Identity Providers](https://playbook.stakater.com/content/processes/security/keycloak.html#keycloak-with-identity-providers)\n- Use keycloak for SSO over all exposed applications\n- Enable mTLS between microservices to prevent unauthorized connections between pods\n- Only allow restricted access to users other than the administrator for dashboard\n- Don't share your kubeconfig file and other secrets, it's suggested to keep such things in [vault](https://github.com/hashicorp/hands-on-with-vault-on-kubernetes)\n\n\n## Compatibility Matrix\n\nStakaterPlatform has been tested on following kubernetes flavors:\n\n| Cloud | Kubernetes Version  | Stakater Platform Version |\n|---|---|---|\n| AWS [![image](./images/eks.png)](https://aws.amazon.com/eks/) EKS | 1.14.6 | v0.0.1 |\n| Azure [![image](./images/aks.png)](https://docs.microsoft.com/en-us/azure/aks/)  AKS | 1.14.8 | v0.0.1 |\n\n\n## Community\n\nIf you have questions, check the [Documentation](https://playbook.stakater.com/content/stacks/stakaterplatform.html) and\n talk to us on slack [#community on Stakater Slack](https://stakater-community.slack.com/messages/community).\n \nClick [here](https://slack-inviter.stakater.com) to join [Stakater](https://stakater.com) on Slack.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstakater%2Fstakaterplatform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstakater%2Fstakaterplatform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstakater%2Fstakaterplatform/lists"}