
An opinionated cloud native infrastructure stack

Primary LanguageShell


An opinionated open platform cloud native Fabrikate stack for operating Kubernetes clusters.

It includes:

Cluster Maintainance (via fabrikate-kured)

  • Kured: Automatic node reboot when OS is patched.

Metrics Monitoring (via fabrikate-prometheus-grafana)

  • Prometheus Metrics aggregation
  • Grafana Visualization with Kubernetes monitoring dashboards preconfigured

Service Mesh (via fabrikate-istio)

  • Istio: Connect, secure, control, and observe services.
  • CertManager: For retrieving SSL certs

Distributed Tracing (via fabrikate-jaeger)

  • Jaeger: Distributed transaction, latency, and dependency tracing


mkdir -p fabrikated && cd fabrikated
fab add cloud-native --source https://github.com/grimesjm/fabrikate-cloud-native
fab install
fab generate prod aws
kubectl apply --recursive -f . 


Set NAME and INGRESS_DOMAIN to give the certificate resource a name and a domain to control and run certs/apply.sh


  • Set slack-hook-url for Kured set this in config/prod.yaml and/or config/dev.yaml
  • Set email for cert-manager - set in config/common.yaml

Does not work yet, need a newer version of the Kured container

If you have any one off pods such as Jobs or Cronjobs that are expensive in CPU or time, Add the following selectors to the pod:

"metadata": {
  "labels": {
    "runtime" : "long",
    "cost" : "expensive"

This will prevent us from rebooting a recently patched node while the pod is running.


  • Run kube-bench
  • Set pod security policies
  • Verify PV/PVC's
  • Feed prometheus alert-manager slack config