Kubernetes Platform: Introduction
The Reclaim the Stack Platform is a fully open source Kubernetes-based deployment platform which can be easily deployed on bare metal as well as the cloud. It is designed to replace Platform as a Service (PaaS) offerings like Heroku, and to provide a fully featured, easy to use platform for deploying web applications.
We gave a talk about the motivations and approach for building out the platform at TalosCon 2023 which serves as a good introduction.
Is it for you?
While we believe we have done a good job at making a platform which is stable, easy to use and easy to maintain. It may not be for everyone.
Signs that you will be happy with your choice to Reclaim the Stack include:
- You want full control over your data due to privacy concerns, GDPR, or other compliance reasons
- You want to improve user experience by running on the latest and most performant hardware (which may not be available or affordable on the cloud)
- You're looking for a Heroku-like DevOps experience (minus the buildpacks)
- You're tired of your current PaaS or Cloud provider having issues multiple times a year
- You wish all infrastructure tooling sign-in could be handled via a single OIDC provider
- Your current cloud / PaaS costs are north of $5,000/month
- You have at least two developers who are into the idea of running Kubernetes and their own infrastructure and are willing to spend some time learning how to do so
- You want to avoid vendor lock in with a fully open source stack*
* Except for Cloudflare 🙈
Whether you're all in or on the fence about using it, we invite you to join our Discord community and engage with others who also have an interest in cheaper, faster and better application hosting.
A note on security
We adopt a pragmatic approach to security, avoiding unnecessary complications. Our basic philosophy when it comes to security is that we can trust our developers and that we can trust the private network within the cluster. Consequently, don't expect a rigorous "zero trust" or "least privilege" approach to access control or networking.
Having started with Heroku, we have maintained a similar level of security, albeit with different trade-offs. For instance:
On Heroku, all your infrastructure is publicly available on the internet, secured solely by passwords. With the Reclaim the Stack platform, your infrastructure is accessible only to the private network, unless explicitly exposed. In our view, this makes our platform fundamentally more secure than Heroku.
On Heroku, you can control access for your organization's users on a per application basis. With the Reclaim the Stack platform, we don't offer this level of granularity. Technically, all application resources are created in the default
Kubernetes namespace, and all users are expected to have access to this namespace.
Note however that the platform components themselves tend to reside outside of the default
namespace and can thus be locked down to a smaller set of users.
There is of course nothing stopping you from adding additional access control and security layers inside the cluster via your own GitOps repository, but we currently don't provide any tooling to manage this.