Getting started

Introduction

What telark does, what it doesn't, and who it is for.

telark is a self-hosted, Kubernetes-native control plane. It runs as a Helm release inside your cluster and provides three things on day one.

The three pillars

  1. Live application discovery. Every workload is grouped into an application via Kubernetes informers and Redis-backed event coalescing. Namespace exclusion and force-sync are first-class.
  2. Pre-change snapshots and one-call rollbacks. Every change to a tracked resource is captured before it lands. One API call rewinds the application to a known-good revision.
  3. Passkey-first auth and CRD-based RBAC. Users, groups, and roles are custom resources. WebAuthn is the default auth flow; Google OIDC is supported.

What it is not

  • Multi-cluster. telark is single-cluster, single-tenant today. Federation is not on the near roadmap.
  • Hosted. The Elastic License 2.0 forbids us from offering telark as a hosted service. You run it.
  • An agent. No sidecars, no DaemonSet that mutates your pods.

Who it is for

Platform engineers and SREs running their own Kubernetes in production who want an undo button, change classification, and modern auth without standing up four separate tools.