Virginia Tech IT Common Platform#
Network Infrastructure and Services and Enterprise Systems provide a Kubernetes-based Common Platform for use by DoIT. The documentation here is intended to assist teams with onboarding their applications into the platform and managing their applications once they are onboarded.
Why use the IT Common Platform?#
Our goal is simply "bring a container and we'll run it for you." We want development teams to focus on what matters most to them... writing code to respond to the needs of their stakeholders and customers without worrying about infrastructure, networking, container orchestration, etc. At a high-level, we provide the following features:
- Managed container-based hosting platform - You bring a container and we'll run it! It doesn't matter what language or framework you use. Simply use what makes sense to you to meet your needs.
- No more patching or managing machines - We take care of the underlying infrastructure for you.
- Automatic log forwarding - All applications automatically send logs to CLS, meeting requirements for log management defined in the Standard for Information Technology Logging.
- Increased security posture - All changes to the platform are performed through manifest repos or reviewed code processes. Even the admins on the platform team have read-only access, and all state changes are logged.
- CI assistance - We've created GitLab CI templates that support many of the common use cases for teams who are running builds on the platform or those that want to deploy on the platform.
- Standardized deployments - By using the same methods of deployment used by other teams, our overall ability to share best practices and training increases.
- 24/7 support - We have team members on call who respond 24/7 to alerts.
What are the current limitations of the IT Common Platform?#
- Linux-only support - While Kubernetes supports Windows-based nodes, we currently do not support it.
- Ingress restrictions - TLS must be used on ingresses. We only support ingress on port 443. Port 80 forwards to port 443.
- Pod Security Standards - Pods are required to run under the restricted Pod Security Standard. This enforces security best practices such as not running as root, not running privileged containers, etc.