开源软件名称：

开源软件地址：

开源软件介绍：

Support Notice

The Gravity project is no longer under active development.The project's development has been limited to maintenance and support for ourcommercial customers until maintenance agreements expire.

Please see our blog post for more information:https://goteleport.com/blog/gravitational-is-teleport/

Gravity is a Kubernetes packaging solutionthat takes the drama out of deploying and running applications in someoneelse's cloud accounts, on-premise data centers, edge locations and other"uncharted territory" environments.

With Gravity, Kubernetes apps can run and be regularly updated anywhere inthe world without a massive DevOps team.

Introduction

Gravity is an open source toolkit for creating "images" of Kubernetesclusters and the applications running inside the clusters. The resultingimages are called cluster images and they are just .tar files.

A cluster image can be used to re-create full replicas of the originalcluster in any environment where compliance and consistency matters, i.e. inlocked-down AWS/GCE/Azure environments or even in air-gapped server rooms.An image can run without human supervision, as a "kubernetes appliance".

Gravity has been running in production in major financial institutions,government data centers and enterprises. Gravitational open sourced it in thefall of 2018.

Gravity vs ...

There are plenty of Kubernetes distributions out there. Most of them aim to beflexible, general purpose platforms. Gravity has a more narrow focuson compliance and reducing the overhead of managing Kubernetes:

• Gravity clusters are idempotent, i.e. clusters created from the same imageare always identical. There is no configuration drift over time; no"special snowflakes".
• Gravity clusters are always "wrapped" with a privileged access gateway calledTeleport, which unifies k8s and SSHauthentication, integrates with SSO and keeps a detailed audit log for compliancepurposes. It even records the interactive SSH and kubectl exec sessions.
• Gravity clusters deployed world-wide can be remotely managed via built-inreverse SSH tunnels, i.e. developers can have access to thousands of k8s APIendpoints even if they're located behind NAT/firewalls.
• Gravity includes tools to perform infrastructure validation prior tocluster provisioning. This allows cluster designers to prevent users frominstalling clusters on infrastructure that does not meet the system requirements.
• Gravity clusters only allow Kubernetes components that have been thoroughlytested by Gravitational Inc for compatibilityand stability. These components are called a "Kubernetes Runtime". Users canpick a Runtime but Gravity does not allow any customization ofindividual components of Kubernetes.

Who is Gravity for?

We have seen the following primary use cases for using a image-based Kubernetes approach(there may be others):

• Deploying and running complex SaaS applications into on-premises enterprise environments.
• Deploying and running complex SaaS applications in thousands of edge locations (retail, transportation, energy, etc).

Anyone who needs Kubernetes best practices out of the box, without having toproactively manage it can benefit from Gravity. It allows you to focus onbuilding your product instead of managing Kubernetes.

Cluster Images

A Cluster Image produced by Gravity includes:

• All Kubernetes binaries and their dependencies.
• Built-in container registry.
• De-duplicated layers of all application containers inside a cluster.
• Built-in cluster orchestrator which guarantees HA operation, in-placeupgrades and auto-scaling.
• Installation wizard for both CLI and web browser GUI.

An image is all one needs to re-create the complete replica of the originalKubernetes cluster, with all deployed applications inside, even in anair-gapped server room.

Examples

Take a look at the examples directory in this repository to findexamples of how to package and deploy Kubernetes applications using Gravity.

The following examples are currently available:

• Wordpress. Deploys Wordpress CMS with an OpenEBS-backed persistent storage.

How do Initial Deployments work?

A cluster image created with Gravity can be used for:

1. Creating many Kubernetes clusters from scratch, on any infrastructure.
2. Installing applications contained in the cluster image into an existingKubernetes cluster, like OpenShift.

How do Updates work?

Developers can continuously update their applications using different methods:

1. Vanilla CI/CD using Kubernetes APIs, which is available for every cluster.This is probably what you're already doing.
2. Via "polling model", when each Gravity cluster will automatically downloadupdates from a Gravity Hub, letting cluster users decide when/if they wantto upgrade. This method is recommended for traditional on-premiseenvironments when developers do not have access to each deployment site.
3. Offline method, when a developer prepares a new cluster image which can bedistributed via offline media. This method is suitable for air-gappedenvironments.

Remote Access and Compliance

Each cluster provisioned with Gravity includes the built-in SSH/Kubernetes gatewaycalled Teleport. Teleport provides thefollowing benefits:

• One-step authentication which issues credentials for both k8s API and SSH.
• Ability to implement compliance rules like "developers must never touch production data".
• Ability to grant remote access to the cluster via SSH or via k8s API, even if thecluster is located behind NAT with no open ports.
• Keeps a detailed audit log (including fully recorded interactive sessions)for all SSH commands and all kubectl commands executed on cluster nodes.

Teleport can also be used independently without Gravity, it has been auditedmultiple times by reputablecyber security companies and it has been deployed in production in multipleorganizations.

Is Gravity Production Ready?

Yes!

Fully autonomous Gravity clusters are running inside of large banks, governmentinstitutions, enterprises, etc. We use Gravity to run our own infrastructure.

Why did We Build Gravity?

Gravity is built by Teleport.

The original use case for Gravity was to allow Kubernetes applications to bedeployed into 3rd party environments, like on-premises datacenters. That's whyGravity includes features like the built-in, graphical cluster installer,infrastructure validation and a built-in privileged access manager (Teleport)for providing remote support.

These features also resonated with security-minded teams who need to runapplications in environments where compliance matters. Gravity clusters arealways identical and do not allow any configuration drift over time. Thisallows cluster architects (aka, Devops or SREs) to "publish" clusters that are approved forproduction and allow multiple teams within the organization to rapidly scale theirKubernetes adoption without having to become security and Kubernetes experts themselves.

Building from source

Gravity is written in Go. There are two ways to build the Gravity tools fromsource: by using locally installed build tools or via Docker. In both casesyou will need a Linux machine.

Building on MacOS, even with Docker, is possible but not currently supported

$ git clone [email protected]:gravitational/gravity.git$ cd gravity# Running 'make' with the default target uses Docker.# The output will be stored in build/current/$ make# If you have Go 1.10+ installed, you can build without Docker which is faster.# The output will be stored in $GOPATH/bin/$ make install# To remove the build artifacts:$ make clean

Contributing

To contribute, please read the contribution guidelines.

Want to join our team? We are always hiring!