Hey everyone! My company is exploring how to set up a self-hosted Identity Platform (IDP) to simplify Kubernetes cluster creation and resource management. We're particularly focused on developing a form-based configuration page to spin up Kubernetes clusters with the resources we need. I've done some research on options like Backstage, k0rdent, kusion, kasm, and konstruct, but it seems like Backstage is generally the most recommended, albeit it requires a solid team of devs skilled in TypeScript and React. I'm currently trying to build a basic version using Backstage, but I'd love to hear about your recent experiences and advice on what's available right now.
I also came across mentions of Port and Cortex offering special self-hosted setups for companies with strict security requirements, but Port's site seems to suggest that's no longer an option. Has anyone set up anything with either of these? I'm eager to learn from your insights and appreciate your help!
9 Answers
I've set up Semaphore to run Ansible playbooks in the backend. Devs just log in with their AD accounts, fill out a form to create an API or Cronjob, and Ansible does the rest. It assembles the manifests based on their inputs and auto-deploys the Kubernetes objects. This way, devs don’t need help from the Ops team anymore!
Thanks for sharing! How long did it take you to set this up? I'm trying to gauge if I can pull a demo together in a short time.
Consider checking out Devtron; it's a self-hosted IDP that we're developing and it's really user-friendly. I'd love to hear what you think after you check it out!
We're looking into something similar, and we found OpenShift Developer Hub interesting. It's mainly built on open source tools like Backstage, making it extensible. We also looked at Cortex, which seems more polished but might be more of a black box when it comes to self-hosting. It's definitely worth a glance if you're looking to compare options.
For managing ephemeral environments in Kubernetes, I'm trying to set up a workflow in Backstage to trigger Helm chart installations. I think creating a custom UI with a form is primarily doable with Backstage, while a basic CI with variables feels like a messy backup. Just sharing my thoughts as I dive into this project.
Take a look at Flanksource Mission Control—it's open-source and free for non-production use. It might be a good fit for your needs!
I recommend taking an iterative approach. Start by setting up the first cluster manually to understand what it involves. Move to GitOps principles for the second cluster, keeping it simple without heavy parameterization. By the third or fourth, you'll start recognizing common patterns that can guide you in building your own IDP. This way, you save time and avoid unnecessary automation hassles while actually learning what users need.
Also, you should check out Plural. They have a demo that shows how to provision infrastructure like K8s clusters. It's user-friendly and could give you a good foundation for your project!
You could create a new instance of Keycloak for identity management and use it with Omni from Talos for direct cluster creation. It's a straightforward solution that could work well!
If you're testing several IDPs, I recommend RHDH Local from Red Hat. It's designed for local evaluation via Docker or Podman and can help simplify day-2 operations on Kubernetes. You don't even need to know TypeScript initially, and it comes with ready integrations for CI/CD tools and other services. It’s pretty straightforward to set up!
I like this approach, but why Ansible? Can't you do similar things with bash scripts? I'm curious about your reasoning.