README.md

RMK CLI - Reduced Management for Kubernetes

Command-line tool for simplified management and provisioning of Kubernetes clusters and environments, Helm secrets and releases, built according to best practices in CI/CD and DevOps.

Full documentation is available at https://edenlabllc.github.io/rmk/latest/.

Overview

RMK stands for "Reduced Management for Kubernetes".

The main goal of the CLI tool is to simplify (reduce) the management of Kubernetes clusters and releases, serving as a "Swiss knife" for daily CI/CD and DevOps tasks while allowing efficient control with a minimal set of CLI commands.

RMK serves as a wrapper for various popular CI/CD and DevOps CLI tools, including:

• Helmfile
• Helm
• kubectl
• clusterctl
• K3D
• SOPS
• Age

It leverages Kubernetes Cluster API for cluster provisioning and management across different environments, such as cloud providers and on-premise deployments.

RMK has been designed to be used by different IT specialists, among them are DevOps engineers, software developers, SREs, cloud architects, system analytics, software testers and even managers with minimal technical background.

Advantages

RMK simplifies the setup and management of Kubernetes-based projects of any complexity due to the following advantages:

• Time-proven CI/CD solution: Tested and validated across multiple cloud providers and real customers, RMK leverages Kubernetes Cluster API for cluster provisioning and Helmfile/Helm for efficient release and secrets management.
• Seamless integration with CI/CD platforms: A self-sufficient, portable binary that follows the 12-factor app methodology and can easily be integrated with any CI/CD solution.
• Built-in versioning for CI/CD pipelines: Supports static and dynamic tags (e.g., SemVer2) for project and releases to guarantee stable, well-tested, and predictable deployments.
• Transparent project structure and dependency management: Enables rapid project setup and hierarchical project inheritance, e.g., "parent-child" or "upstream-downstream" relationships) between sibling projects to enable release configuration reuse.
• Batch secret management: Automates templating, generation, and encryption of secrets across all environments in batch mode.
• Adheres to the GitOps approach: Uses Git branches as unique identifiers for environments, clusters, configurations, and project management in Kubernetes.
• Follows the GitLab Flow model: Implements a standard branching strategy (develop, staging, production) and ephemeral branches (feature/*, release/*) for temporary environments.
• Aligns with the DevOps methodology: Enables multiple teams to develop and release independently while seamlessly integrating their work into a single project.
• Directly executes the wrapped CLI tools: Calls CLI tools as a user would, passing the correct arguments and flags based on the project configuration, ensuring RMK updates remain decoupled from CLI tool updates for continued access to new features and fixes.

Supported Kubernetes cluster providers

Provisioned by RMK

RMK currently supports the provisioning of the following Kubernetes clusters:

• Amazon Elastic Kubernetes Service (EKS)
• Azure Kubernetes Service (AKS)
• Google Kubernetes Engine (GKE)
• Single-machine K3D clusters

Please see the Roadmap section for more details on upcoming features.

Provisioned using third-party tools and services

By design, RMK can work with any existing Kubernetes cluster, provided it has been provisioned in advance by a third party. The CLI tool simply requires an existing Kubernetes context to connect to and manage the cluster.

Edenlab LLC use cases

Efficiency in numbers

Initially, it has been developed by Edenlab LLC as the main CLI for provisioning and managing Kodjin FHIR Server on Kubernetes clusters in different environments.

Since 2021, RMK has been an integral part of the company’s Kubernetes infrastructure, used regularly for automated provisioning and destroy of temporary Kubernetes clusters for development and testing purposes, both manually and automatically within CI/CD pipelines.

🚀 Proven at scale:

• 220+ clusters handled monthly (based on a 5-day workweek).
• 2,600+ clusters handled annually.
• 10,000+ clusters orchestrated since 2021.

Beyond internal use, RMK is also leveraged by various external clients to streamline their CI/CD workflows, ensuring fast and efficient Kubernetes environment management.

Managing clusters

At Edenlab LLC, RMK is utilized to deploy the Kodjin FHIR Server across various cloud providers and on-premise environments.

Examples of Kubernetes providers where Kodjin has already been deployed include:

• Amazon Elastic Kubernetes Service (EKS)
• Azure Kubernetes Service (AKS)
• Google Kubernetes Engine (GKE)
• Open Telekom Cloud - Cloud Container Engine (CCE)
• Rancher Kubernetes Platform
• Kubermatic Kubernetes Platform (KKP)
• On-premise deployments
• Single-machine K3D clusters

A standard Kodjin-based cluster follows a 4-level inheritance structure:

• cluster-deps (upstream#1): Provides Kubernetes Cluster API and essential system components required by RMK for provisioning Kubernetes clusters across various providers.
• Dependencies (upstream#2): Includes core components such as databases, search engines, caches, load balancers/proxies, and operators. etc., uses cluster-deps as its primary project dependency.
• Kodjin (downstream#1): A set of Rust microservices that form the Kodjin FHIR API (REST).
• Target project (tenant) (downstream#2): Encompasses products built on top of Kodjin, including UI components, user portals, and middleware services, such as the e.g., Kodjin Demo FHIR Server

Each project repository follows a standard GitLab Flow branching model.

Related repositories

GitHub

• cluster-deps.bootstrap.infra: Kubernetes Cluster API and system components required for provisioning of Kubernetes clusters for different providers.
• helmfile.hooks.infra: A collection of shell scripts used as Helmfile hooks in dependencies, Kodjin, or any other project, e.g., check cluster-deps global configuration).
• aws-iam-provisioner.operators.infra: Kubernetes operator for automatic provisioning of IAM roles on the fly for the Kubernetes clusters managed using Kubernetes Cluster API Provider AWS.
• ebs-snapshot-provision.operators.infra: Kubernetes operator for automatic provisioning of Amazon EBS snapshots to be used in existing Kubernetes clusters.
• ecr-token-refresh.operators.infra: Kubernetes operator for automatic refresh of the Amazon ECR authorization token before it expires.
• secrets-sync.operators.infra: Kubernetes operator for automatically copying of existing Kubernetes secrets between namespaces.

Helm charts

• core-charts: A publicly accessible, S3-based Helm chart repository used by Kodjin, or any other project, e.g., check cluster-deps Helmfile.

Roadmap

• Integration with Helmfile vals: Integrate RMK with vals for advanced values and secrets management.
• Implementation of on-premise Kubernetes Cluster API provider: Implement support for provisioning and destroy of on-premise Kubernetes clusters.
• Automatic testing of RMK during the CI/CD pipeline: Ensure that changes to the RMK codebase do not introduce errors or regressions during the CI/CD across all cluster providers.
• Guidelines for contributors: Create comprehensive guidelines for contributors, including instructions for creating pull requests (PRs).

Please refer to GitHub issues for more information.

Development and release

The guidelines are available at https://edenlabllc.github.io/rmk/latest/development-and-release/.

License

RMK is open source software (OSS) licensed under the Apache 2.0 License.

Code of Conduct

This project adheres to the Contributor Covenant Сode of Сonduct. By participating, you are expected to uphold this code. Please refer to our Contributing Guidelines for

further information.