Wayfinder's Default Cluster Plans
< benefits | introduction to cluster plans
Are there any out-of-the-box examples?
Wayfinder ships with default out-of-the-box cluster plans for each cloud provider (AWS, Azure and GCP). You can use them as-is or make a copy to accellerate configuring your own cluster plans.
Which services are included in each default cluster plan?
The default cluster plans shipped with Wayfinder include the following pre-provisioned services. As a prerequisite, Wayfinder uses the Flux Helm Controller (which is installed by Wayfinder on every cluster) to deliver them:
- NGINX ingress
- ExternalDNS
- cert-manager
- Kyverno policy engine
- Auto-scalers: Installed for EKS, and enabled in GKE and AKS
- EKS: Kubernetes metrics-server (available by default in GKE and AKS)
- EKS: Calico networking
Are you following any guidelines?
Wayfinder adheres to guidelines published by Cloud Providers to configure clusters:
- Loosely defined permission bindings are eliminated to enhance security.
- Prior pod security policies (PSP) are removed, and a baseline Pod Security Standard (PSS) is applied to all applications to ensure a reasonable least-privileged default setting.
- A default network policy denial rule is enforced for all newly created namespaces, requiring explicit traffic permissions instead of a blanket allowance.