Skip to main content
Open Source Free MIT License

KubeLaunch Essentials

Standing up a production Kubernetes cluster with security, observability, and GitOps takes months of integration work — and that's before your first workload.

View on GitHub Get Production Help

Production-ready Kubernetes in minutes, not months

KubeLaunch Essentials is a free, open-source Kubernetes platform with integrated security, observability, and service mesh. It deploys a security-hardened EKS cluster via Terraform/Terragrunt with ArgoCD, Kyverno, Falco, Istio, and Kubecost pre-configured. Available on GitHub at github.com/cloudon-one/kubelaunch-essentials.

Core Features

GitOps & CI/CD

Automated continuous deployment and infrastructure management through battle-tested tools.

  • ArgoCD for GitOps-based deployments
  • Atlantis for Terraform PR automation
  • GitHub OIDC — zero long-lived credentials
  • CI/CD templates for Docker and Terragrunt

Runtime Security

Real-time threat detection and policy enforcement from day one.

  • Kyverno admission control policies
  • Falco eBPF-based runtime monitoring
  • Velero automated cluster backups
  • Weekly CIS Kubernetes Benchmark scans

Observability & Service Mesh

Complete visibility and enterprise-grade service communication.

  • Istio service mesh with mutual TLS
  • Kong API gateway
  • Loki log aggregation and Jaeger tracing
  • Kubecost for real-time expense tracking

How It Works

01

Configure Platform Variables

Edit the central platform_vars.yaml to set your AWS account, region, domain, and component preferences.

02

Deploy AWS Infrastructure

Run Terraform to provision the state backend, OIDC authentication, and secrets rotation.

03

Launch Kubernetes Platform

Use terragrunt run-all apply to deploy the EKS cluster with all platform tools pre-configured.

04

Start Deploying

ArgoCD is ready for your application deployments. Observability, security, and service mesh are already running.

Why Choose KubeLaunch Essentials?

Weeks to Minutes

Skip the months of integration work. KubeLaunch deploys a production-ready Kubernetes platform with a single command.

Security by Default

Three-phase security: foundation (OIDC, encrypted state), runtime (admission control, threat detection), and operational (CIS compliance, auditing).

Zero Long-Lived Credentials

GitHub OIDC federation eliminates permanent AWS credentials. Automated monthly secrets rotation via Lambda.

Cost Transparency

Kubecost provides real-time expense tracking. Development environment runs at approximately $195/month with Spot instances.

Tech Stack

Terraform Terragrunt AWS EKS ArgoCD Istio Kyverno Falco Kubecost Loki Jaeger Kong Vault Velero

Frequently Asked Questions

What cloud providers does KubeLaunch support?
KubeLaunch Essentials currently targets AWS EKS. The Terraform/Terragrunt architecture is designed to be adaptable to other providers.
How much does the infrastructure cost?
A development environment costs approximately $195/month with Spot instances and optimized log retention. Production costs depend on workload size.
Do I need Kubernetes experience to use KubeLaunch?
Basic Kubernetes knowledge is helpful, but KubeLaunch handles the complex platform engineering. You configure a YAML file and run Terragrunt commands.
What security compliance does KubeLaunch support?
KubeLaunch includes automated CIS Kubernetes Benchmark scanning, Pod Security Standards (Restricted mode), and comprehensive audit logging with SNS alerting for findings.
Can I customize which components are deployed?
Yes. The modular architecture allows selective component deployment. Enable or disable any tool through the central platform_vars.yaml configuration.

From the Blog

Kubernetes Platform Terraform Modules: Supercharge Your DevOps Journey

Explore a suite of reusable Terraform modules that streamline Kubernetes cluster infrastructure, security, networking, and observability for production-ready platforms.

Kubernetes Terraform DevOps Platform Engineering
Read article

Simplify Your Kubernetes Platform with Terragrunt: A Comprehensive Walkthrough

A comprehensive walkthrough of using Terragrunt to deploy and maintain complex Kubernetes ecosystems including service mesh, observability, and platform tools.

Kubernetes Terragrunt IaC Platform Engineering
Read article

Kubernetes Networking Unlocked: Why You Need Both a CNI and a Service Mesh

A guide demystifying the roles of CNI plugins and Service Mesh in Kubernetes, explaining how they work together for connectivity, security, and traffic management.

Kubernetes Networking CNI Service Mesh
Read article

Other CloudOn Tools

Multi-Cloud Runway

Multi-Cloud Runway is a free, open-source infrastructure template providing security-hardened landing zones for AWS and GCP. It sets up multi-account environments with networking, IAM, security monitoring, and compliance via Terraform/Terragrunt. Available on GitHub at github.com/cloudon-one/multi-cloud-runway.

Learn more

SecureOps

SecureOps is a free, open-source GitHub Action that performs automated security scanning on repositories. It detects secrets, vulnerabilities, and misconfigurations using Gitleaks, Trivy, and OSV-Scanner. Generates multi-format reports and integrates with GitHub Security tab. Available on GitHub at github.com/cloudon-one/git-security-scanner-public.

Learn more

FinOps Guardian

FinOps Guardian is a free, open-source cost governance toolkit for AWS and GCP. It automatically detects idle resources, provides cost-saving recommendations, and cleans up unused infrastructure. Deployed with Terraform, it runs serverlessly on Lambda and Cloud Functions. Available on GitHub at github.com/cloudon-one/FinOps-Guardian.

Learn more

Run KubeLaunch Essentials in your environment.

Clone the repo and deploy with Terraform — or book an engineering call for hands-on help adapting it to your stack.

View on GitHub Book an Engineering Call