From 118d57615d85d6ea03574709be8804cd952d1a48 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Mon, 22 Jul 2024 18:49:16 +0530 Subject: [PATCH 01/33] Observability --- Observability101/observability.md | 3 +++ Observability101/observability.txt | 0 2 files changed, 3 insertions(+) create mode 100644 Observability101/observability.md delete mode 100644 Observability101/observability.txt diff --git a/Observability101/observability.md b/Observability101/observability.md new file mode 100644 index 00000000..c03ceac7 --- /dev/null +++ b/Observability101/observability.md @@ -0,0 +1,3 @@ +# Kubernetes cluster observability + +In this section, we will look at a number of tools that can help make your cluster adminstration and observability better. \ No newline at end of file diff --git a/Observability101/observability.txt b/Observability101/observability.txt deleted file mode 100644 index e69de29b..00000000 From a3075674406d64a30276d5d68e27860596dfd140 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Tue, 23 Jul 2024 18:05:50 +0530 Subject: [PATCH 02/33] Observability --- Observability101/observability.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index c03ceac7..d24bfa4a 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -1,3 +1,3 @@ # Kubernetes cluster observability -In this section, we will look at a number of tools that can help make your cluster adminstration and observability better. \ No newline at end of file +In this section, we will look at several tools that can help improve your cluster administration and observability. This won't cover monitoring tools like Prometheus and Grafana, which are tools used to read metrics from, but rather tools that allow you to perform actions on your clusters such as [KubeSphere](../KubeSphere/what-is-kubesphere.md). Since we've already discussed in detail about KubeSphere, which is a rather heavy-weight application that has all sorts of features, let's take a look at more light-weight alternatives that focus largely on converting your various kubectl commands to UI-based interface options. \ No newline at end of file From 93d102f30177e8057bcc9077d833dab444d95207 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Wed, 24 Jul 2024 18:12:48 +0530 Subject: [PATCH 03/33] Observability --- Observability101/observability.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index d24bfa4a..ca3915f5 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -1,3 +1,7 @@ # Kubernetes cluster observability -In this section, we will look at several tools that can help improve your cluster administration and observability. This won't cover monitoring tools like Prometheus and Grafana, which are tools used to read metrics from, but rather tools that allow you to perform actions on your clusters such as [KubeSphere](../KubeSphere/what-is-kubesphere.md). Since we've already discussed in detail about KubeSphere, which is a rather heavy-weight application that has all sorts of features, let's take a look at more light-weight alternatives that focus largely on converting your various kubectl commands to UI-based interface options. \ No newline at end of file +In this section, we will look at several tools that can help improve your cluster administration and observability. This won't cover monitoring tools like Prometheus and Grafana, which are tools used to read metrics from, but rather tools that allow you to perform actions on your clusters such as [KubeSphere](../KubeSphere/what-is-kubesphere.md). Since we've already discussed in detail about KubeSphere, which is a rather heavy-weight application that has all sorts of features, let's take a look at more light-weight alternatives that focus largely on converting your various kubectl commands to UI-based interface options. + +## Lens + +Let's start with one of the most popular cluster observability tools out there: Kube Lens. This is a desktop tool that can be used to perform pretty much anything you would do with the kubectl command line and is very stable and feature-rich. If you are a DevOps engineer working with Kubernetes clusters, Lens is a must. \ No newline at end of file From da6b343c69c6172c36b45e02e097676508dfdfe0 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Fri, 26 Jul 2024 11:43:35 +0530 Subject: [PATCH 04/33] Observability --- Observability101/observability.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index ca3915f5..a051b0ae 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -4,4 +4,8 @@ In this section, we will look at several tools that can help improve your cluste ## Lens -Let's start with one of the most popular cluster observability tools out there: Kube Lens. This is a desktop tool that can be used to perform pretty much anything you would do with the kubectl command line and is very stable and feature-rich. If you are a DevOps engineer working with Kubernetes clusters, Lens is a must. \ No newline at end of file +Let's start with one of the most popular cluster observability tools: Kube Lens. This is a desktop tool that can be used to perform pretty much anything you would do with the kubectl command line and is very stable and feature-rich. If you are a DevOps engineer working with Kubernetes clusters, Lens is a must. There are two versions of Lens: the one maintained by Mirantis (https://k8slens.dev) and the Open Lens maintained by the community. They both largely have the same features and provide an excellent way to access your cluster without using a host of kubectl commands. + +### Setup + +Since Lens is a desktop tool, the setup is fairly simple - assuming you already have the cluster accessible via kubectl. If this is the case, all you have to do is install the desktop application, and your cluster should be there in the catalog section of Lens. Once you connect to the cluster, you will be shown a list of resources, all relating to your Kubernetes cluster. This will include workloads (such as pods, and jobs), resources such as nodes, networking objects such as services and ingresses, etc... \ No newline at end of file From b2a6689d10572fa301e65a6363c3ae3b31da6c8a Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Mon, 29 Jul 2024 18:30:11 +0530 Subject: [PATCH 05/33] Observability --- Observability101/observability.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index a051b0ae..38aa6653 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -8,4 +8,4 @@ Let's start with one of the most popular cluster observability tools: Kube Lens. ### Setup -Since Lens is a desktop tool, the setup is fairly simple - assuming you already have the cluster accessible via kubectl. If this is the case, all you have to do is install the desktop application, and your cluster should be there in the catalog section of Lens. Once you connect to the cluster, you will be shown a list of resources, all relating to your Kubernetes cluster. This will include workloads (such as pods, and jobs), resources such as nodes, networking objects such as services and ingresses, etc... \ No newline at end of file +Since Lens is a desktop tool, the setup is fairly simple - assuming you already have the cluster accessible via kubectl. If this is the case, all you have to do is install the desktop application, and your cluster should be in the catalog section of Lens. Once you connect to the cluster, you will be shown a list of resources, all relating to your Kubernetes cluster. This will include workloads (such as pods, and jobs), resources such as nodes, networking objects such as services and ingresses, etc... You should also be able to easily edit each of these resources using the inbuilt editor, as well as exec into pods, nodes, and other resources. You can also select custom resources that are created by CRDs. \ No newline at end of file From daee69d87aab8b5f5146776552ec8ab95bed0ef2 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Wed, 31 Jul 2024 18:29:14 +0530 Subject: [PATCH 06/33] Observability --- Observability101/observability.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 38aa6653..4f323621 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -8,4 +8,6 @@ Let's start with one of the most popular cluster observability tools: Kube Lens. ### Setup -Since Lens is a desktop tool, the setup is fairly simple - assuming you already have the cluster accessible via kubectl. If this is the case, all you have to do is install the desktop application, and your cluster should be in the catalog section of Lens. Once you connect to the cluster, you will be shown a list of resources, all relating to your Kubernetes cluster. This will include workloads (such as pods, and jobs), resources such as nodes, networking objects such as services and ingresses, etc... You should also be able to easily edit each of these resources using the inbuilt editor, as well as exec into pods, nodes, and other resources. You can also select custom resources that are created by CRDs. \ No newline at end of file +Since Lens is a desktop tool, the setup is fairly simple - assuming you already have the cluster accessible via kubectl. If this is the case, all you have to do is install the desktop application, and your cluster should be in the catalog section of Lens. Once you connect to the cluster, you will be shown a list of resources, all relating to your Kubernetes cluster. This will include workloads (such as pods, and jobs), resources such as nodes, networking objects such as services and ingresses, etc... You should also be able to easily edit each of these resources using the inbuilt editor, as well as exec into pods, nodes, and other resources. You can also select custom resources created by CRDs, and view and edit them. + +Another cool feature Lens provides is the ability to port forward any port onto localhost. This is the same functionality provided by the `kubectl port-forward` command but allows you to skip having to write out the command each time. It's generally accepted that Lens is a pretty great tool for any beginners who want to get into Kubernetes without having to belt out an army of commands for everything. It's also great for developers and QA who aren't necessarily familiar with kubectl, but want to check deployments, container logs, etc... on dev and QA Kubernetes clusters. The problem for these people is having to set up the cluster on their local machines before using it to access Lens. For example, if we were dealing with an EKS cluster, they would have to be given the correct permissions from IAM, get the access key and secret key, download the AWS CLI, set it up on their machines, and run the `AWS update kubeconfig` command to get the cluster available. This might not be an issue for you or anyone in the DevOps team since you would have the cluster ready on your machine anyway, but it's a bunch of extra steps for a non-DevOps person. This is where the web-based dashboards come in. \ No newline at end of file From fee05b364d9fc4391f3f9f3455b4b8f6bb46029f Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Thu, 1 Aug 2024 17:59:10 +0530 Subject: [PATCH 07/33] Observability --- Observability101/observability.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 4f323621..03b5f2bb 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -6,8 +6,12 @@ In this section, we will look at several tools that can help improve your cluste Let's start with one of the most popular cluster observability tools: Kube Lens. This is a desktop tool that can be used to perform pretty much anything you would do with the kubectl command line and is very stable and feature-rich. If you are a DevOps engineer working with Kubernetes clusters, Lens is a must. There are two versions of Lens: the one maintained by Mirantis (https://k8slens.dev) and the Open Lens maintained by the community. They both largely have the same features and provide an excellent way to access your cluster without using a host of kubectl commands. -### Setup - Since Lens is a desktop tool, the setup is fairly simple - assuming you already have the cluster accessible via kubectl. If this is the case, all you have to do is install the desktop application, and your cluster should be in the catalog section of Lens. Once you connect to the cluster, you will be shown a list of resources, all relating to your Kubernetes cluster. This will include workloads (such as pods, and jobs), resources such as nodes, networking objects such as services and ingresses, etc... You should also be able to easily edit each of these resources using the inbuilt editor, as well as exec into pods, nodes, and other resources. You can also select custom resources created by CRDs, and view and edit them. -Another cool feature Lens provides is the ability to port forward any port onto localhost. This is the same functionality provided by the `kubectl port-forward` command but allows you to skip having to write out the command each time. It's generally accepted that Lens is a pretty great tool for any beginners who want to get into Kubernetes without having to belt out an army of commands for everything. It's also great for developers and QA who aren't necessarily familiar with kubectl, but want to check deployments, container logs, etc... on dev and QA Kubernetes clusters. The problem for these people is having to set up the cluster on their local machines before using it to access Lens. For example, if we were dealing with an EKS cluster, they would have to be given the correct permissions from IAM, get the access key and secret key, download the AWS CLI, set it up on their machines, and run the `AWS update kubeconfig` command to get the cluster available. This might not be an issue for you or anyone in the DevOps team since you would have the cluster ready on your machine anyway, but it's a bunch of extra steps for a non-DevOps person. This is where the web-based dashboards come in. \ No newline at end of file +Another cool feature Lens provides is the ability to port forward any port onto localhost. This is the same functionality provided by the `kubectl port-forward` command but allows you to skip having to write out the command each time. It's generally accepted that Lens is a pretty great tool for any beginners who want to get into Kubernetes without having to belt out an army of commands for everything. It's also great for developers and QA who aren't necessarily familiar with kubectl, but want to check deployments, container logs, etc... on dev and QA Kubernetes clusters. The problem for these people is having to set up the cluster on their local machines before using it to access Lens. For example, if we were dealing with an EKS cluster, they would have to be given the correct permissions from IAM, get the access key and secret key, download the AWS CLI, set it up on their machines, and run the `AWS update kubeconfig` command to get the cluster available. This might not be an issue for you or anyone in the DevOps team since you would have the cluster ready on your machine anyway, but it's a bunch of extra steps for a non-DevOps person. This is where the web-based dashboards come in. + +## Headlamp + +[Headlamp](https://headlamp.dev) is an excellent option for a very minimal, no-frills Kubernetes dashboard. This is a React-based project that can be set up both as a desktop application as well as a browser-based app. The browser-based version is probably the most lightweight, yet fully featured dashboard out there, running a single pod that takes around 10MB of memory. This makes it a great option for small clusters, where you don't want the dashboard taking up too many resources. Headlamp allows you to do almost everything you can do with kubectl, such as view, edit, and configure resources. It also allows you to exec into pods, but not nodes (as of right now). One especially cool feature of Headlamp is its extensible plugin system, which allows you to extend the libraries provided by Headlamp to add your own components to the Headlamp dashboard as you see fit. These include things like changing logos, adding items to the sidebar, and title bar, creating your own custom pages, etc... You can see some examples of this functionality in their [plugins page](https://headlamp.dev/docs/latest/development/plugins/functionality). + +If you are running as a production cluster, then you obviously need to limit the number of people that can access this cluster. \ No newline at end of file From 963cf85c138eaeb8fb190207b11c53064cbc93ce Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Fri, 2 Aug 2024 18:15:54 +0530 Subject: [PATCH 08/33] Observability --- Observability101/observability.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 03b5f2bb..b6357776 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -8,10 +8,14 @@ Let's start with one of the most popular cluster observability tools: Kube Lens. Since Lens is a desktop tool, the setup is fairly simple - assuming you already have the cluster accessible via kubectl. If this is the case, all you have to do is install the desktop application, and your cluster should be in the catalog section of Lens. Once you connect to the cluster, you will be shown a list of resources, all relating to your Kubernetes cluster. This will include workloads (such as pods, and jobs), resources such as nodes, networking objects such as services and ingresses, etc... You should also be able to easily edit each of these resources using the inbuilt editor, as well as exec into pods, nodes, and other resources. You can also select custom resources created by CRDs, and view and edit them. -Another cool feature Lens provides is the ability to port forward any port onto localhost. This is the same functionality provided by the `kubectl port-forward` command but allows you to skip having to write out the command each time. It's generally accepted that Lens is a pretty great tool for any beginners who want to get into Kubernetes without having to belt out an army of commands for everything. It's also great for developers and QA who aren't necessarily familiar with kubectl, but want to check deployments, container logs, etc... on dev and QA Kubernetes clusters. The problem for these people is having to set up the cluster on their local machines before using it to access Lens. For example, if we were dealing with an EKS cluster, they would have to be given the correct permissions from IAM, get the access key and secret key, download the AWS CLI, set it up on their machines, and run the `AWS update kubeconfig` command to get the cluster available. This might not be an issue for you or anyone in the DevOps team since you would have the cluster ready on your machine anyway, but it's a bunch of extra steps for a non-DevOps person. This is where the web-based dashboards come in. +Another cool feature Lens provides is the ability to port forward any port onto localhost. This is the same functionality provided by the `kubectl port-forward` command but allows you to skip having to write out the command each time. It's generally accepted that Lens is a pretty great tool for any beginners who want to get into Kubernetes without having to belt out an army of commands for everything. + +Another notable mention for Kubernetes desktop IDEs is Octant, developed by VMware. + +It's also great for developers and QA who aren't necessarily familiar with kubectl, but want to check deployments, container logs, etc... on dev and QA Kubernetes clusters. The problem for these people is having to set up the cluster on their local machines before using it to access Lens. For example, if we were dealing with an EKS cluster, they would have to be given the correct permissions from IAM, get the access key and secret key, download the AWS CLI, set it up on their machines, and run the `AWS update kubeconfig` command to get the cluster available. This might not be an issue for you or anyone in the DevOps team since you would have the cluster ready on your machine anyway, but it's a bunch of extra steps for a non-DevOps person. This is where the web-based dashboards come in. ## Headlamp [Headlamp](https://headlamp.dev) is an excellent option for a very minimal, no-frills Kubernetes dashboard. This is a React-based project that can be set up both as a desktop application as well as a browser-based app. The browser-based version is probably the most lightweight, yet fully featured dashboard out there, running a single pod that takes around 10MB of memory. This makes it a great option for small clusters, where you don't want the dashboard taking up too many resources. Headlamp allows you to do almost everything you can do with kubectl, such as view, edit, and configure resources. It also allows you to exec into pods, but not nodes (as of right now). One especially cool feature of Headlamp is its extensible plugin system, which allows you to extend the libraries provided by Headlamp to add your own components to the Headlamp dashboard as you see fit. These include things like changing logos, adding items to the sidebar, and title bar, creating your own custom pages, etc... You can see some examples of this functionality in their [plugins page](https://headlamp.dev/docs/latest/development/plugins/functionality). -If you are running as a production cluster, then you obviously need to limit the number of people that can access this cluster. \ No newline at end of file +If you are running as a production cluster, then you obviously need to limit the number of people that can access this cluster. Since the Headlamp dashboard can allow you to do admin-level stuff with your Kubernetes cluster, you must enable authentication. To support this, Headlamp allows all sorts of authentication for your cluster such as Dex, Keycloak, and AWS Cognito. Essentially every type of OIDC authentication is supported. You can get more information on this on their [authentication page](https://headlamp.dev/docs/latest/installation/in-cluster/dex/). \ No newline at end of file From f6d75ce37b61f5acc5af052084db7af27262f2d4 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Sun, 4 Aug 2024 13:20:55 +0530 Subject: [PATCH 09/33] observability --- Observability101/observability.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index b6357776..e4b2967a 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -18,4 +18,8 @@ It's also great for developers and QA who aren't necessarily familiar with kubec [Headlamp](https://headlamp.dev) is an excellent option for a very minimal, no-frills Kubernetes dashboard. This is a React-based project that can be set up both as a desktop application as well as a browser-based app. The browser-based version is probably the most lightweight, yet fully featured dashboard out there, running a single pod that takes around 10MB of memory. This makes it a great option for small clusters, where you don't want the dashboard taking up too many resources. Headlamp allows you to do almost everything you can do with kubectl, such as view, edit, and configure resources. It also allows you to exec into pods, but not nodes (as of right now). One especially cool feature of Headlamp is its extensible plugin system, which allows you to extend the libraries provided by Headlamp to add your own components to the Headlamp dashboard as you see fit. These include things like changing logos, adding items to the sidebar, and title bar, creating your own custom pages, etc... You can see some examples of this functionality in their [plugins page](https://headlamp.dev/docs/latest/development/plugins/functionality). -If you are running as a production cluster, then you obviously need to limit the number of people that can access this cluster. Since the Headlamp dashboard can allow you to do admin-level stuff with your Kubernetes cluster, you must enable authentication. To support this, Headlamp allows all sorts of authentication for your cluster such as Dex, Keycloak, and AWS Cognito. Essentially every type of OIDC authentication is supported. You can get more information on this on their [authentication page](https://headlamp.dev/docs/latest/installation/in-cluster/dex/). \ No newline at end of file +If you are running as a production cluster, then you need to limit the number of people that can access this cluster. Since the Headlamp dashboard can allow you to do admin-level stuff with your Kubernetes cluster, you must enable authentication. To support this, Headlamp allows all sorts of authentication for your cluster such as Dex, Keycloak, and AWS Cognito. Essentially every type of OIDC authentication is supported. You can get more information on this on their [authentication page](https://headlamp.dev/docs/latest/installation/in-cluster/dex/). We shall discuss using tools like Keycloak with Kubernetes to secure your in-cluster services in a different section. + +While Headlamp is a great, lightweight web-based dashboard, it only allows you to observe and perform basic functions on your cluster. If you need a much more heavy-hitting application that gives you observability, but also allows you to cram the entire build & deploy pipeline into a single tool, you can consider a tool like Devtron. + +## Devtron \ No newline at end of file From 162938e5b9fc6099a4cda15c2b37bb6b7205e820 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Mon, 5 Aug 2024 17:15:56 +0530 Subject: [PATCH 10/33] Observability --- Observability101/observability.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index e4b2967a..3706e2dd 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -18,8 +18,10 @@ It's also great for developers and QA who aren't necessarily familiar with kubec [Headlamp](https://headlamp.dev) is an excellent option for a very minimal, no-frills Kubernetes dashboard. This is a React-based project that can be set up both as a desktop application as well as a browser-based app. The browser-based version is probably the most lightweight, yet fully featured dashboard out there, running a single pod that takes around 10MB of memory. This makes it a great option for small clusters, where you don't want the dashboard taking up too many resources. Headlamp allows you to do almost everything you can do with kubectl, such as view, edit, and configure resources. It also allows you to exec into pods, but not nodes (as of right now). One especially cool feature of Headlamp is its extensible plugin system, which allows you to extend the libraries provided by Headlamp to add your own components to the Headlamp dashboard as you see fit. These include things like changing logos, adding items to the sidebar, and title bar, creating your own custom pages, etc... You can see some examples of this functionality in their [plugins page](https://headlamp.dev/docs/latest/development/plugins/functionality). -If you are running as a production cluster, then you need to limit the number of people that can access this cluster. Since the Headlamp dashboard can allow you to do admin-level stuff with your Kubernetes cluster, you must enable authentication. To support this, Headlamp allows all sorts of authentication for your cluster such as Dex, Keycloak, and AWS Cognito. Essentially every type of OIDC authentication is supported. You can get more information on this on their [authentication page](https://headlamp.dev/docs/latest/installation/in-cluster/dex/). We shall discuss using tools like Keycloak with Kubernetes to secure your in-cluster services in a different section. +If you are running as a production cluster, then you need to limit the number of people that can access this cluster. Since the Headlamp dashboard can allow you to do admin-level stuff with your Kubernetes cluster, you must enable authentication. To support this, Headlamp allows all sorts of authentication for your cluster such as Dex, Keycloak, and AWS Cognito. Essentially every type of OIDC authentication is supported. You can get more information on this on their [authentication page](https://headlamp.dev/docs/latest/installation/in-cluster/dex/). We shall discuss using tools like Keycloak with Kubernetes to secure your in-cluster services in a different section. Headlamp is fully open source and does not have an enterprise edition, but its very easy to get support from the great community of Headlamp users. While Headlamp is a great, lightweight web-based dashboard, it only allows you to observe and perform basic functions on your cluster. If you need a much more heavy-hitting application that gives you observability, but also allows you to cram the entire build & deploy pipeline into a single tool, you can consider a tool like Devtron. -## Devtron \ No newline at end of file +## Devtron + +Devtron has all the features of Headlamp & Lens, such as viewing, editing, and logging, but it also includes its own build and deploy stack. You can create a Devtron application that reads off a repo and builds the application based on your specifications. The image gets pushed to your image repo of choice, and you can then have additional CI/CD pipelines that deploy this image into your cluster. The image can be deployed with regular Kubernetes manifest files, or with Helm charts. This is part of the Build & Deploy integration. \ No newline at end of file From d1a4b5dd36826162a227d2c6db9995519851da5b Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Tue, 6 Aug 2024 18:03:51 +0530 Subject: [PATCH 11/33] Observability --- Observability101/observability.md | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 3706e2dd..13fef2e7 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -20,8 +20,36 @@ It's also great for developers and QA who aren't necessarily familiar with kubec If you are running as a production cluster, then you need to limit the number of people that can access this cluster. Since the Headlamp dashboard can allow you to do admin-level stuff with your Kubernetes cluster, you must enable authentication. To support this, Headlamp allows all sorts of authentication for your cluster such as Dex, Keycloak, and AWS Cognito. Essentially every type of OIDC authentication is supported. You can get more information on this on their [authentication page](https://headlamp.dev/docs/latest/installation/in-cluster/dex/). We shall discuss using tools like Keycloak with Kubernetes to secure your in-cluster services in a different section. Headlamp is fully open source and does not have an enterprise edition, but its very easy to get support from the great community of Headlamp users. +To install a headlamp on your cluster, all you have to do is: + +``` +helm repo add headlamp https://headlamp-k8s.github.io/headlamp/ +helm install my-headlamp headlamp/headlamp --namespace kube-system +``` + +You can change the default installation using custom values.yaml. + +``` +helm install my-headlamp headlamp/headlamp --namespace kube-system -f values.yaml +helm install my-headlamp headlamp/headlamp --namespace kube-system --set replicaCount=2 +``` + +Or you could install everything with a kubectl deployment: + +``` +kubectl apply -f https://raw.githubusercontent.com/kinvolk/headlamp/main/kubernetes-headlamp.yaml +``` + +After that, you can expose Headlamp in a couple of ways. If you are on a cloud provider, then edit the headlamp service and change the service type to `LoadBalancer`. This will create an internet-facing LB that you can access. If you already have a VPN setup for your cloud VPC, you could add the annotation `service.beta.kubernetes.io/aws-load-balancer-internal: 'true'` which will make the LB internal (assuming you're on AWS, other providers will have different annotations). + +You could also expose it with port forwarding. + While Headlamp is a great, lightweight web-based dashboard, it only allows you to observe and perform basic functions on your cluster. If you need a much more heavy-hitting application that gives you observability, but also allows you to cram the entire build & deploy pipeline into a single tool, you can consider a tool like Devtron. ## Devtron -Devtron has all the features of Headlamp & Lens, such as viewing, editing, and logging, but it also includes its own build and deploy stack. You can create a Devtron application that reads off a repo and builds the application based on your specifications. The image gets pushed to your image repo of choice, and you can then have additional CI/CD pipelines that deploy this image into your cluster. The image can be deployed with regular Kubernetes manifest files, or with Helm charts. This is part of the Build & Deploy integration. \ No newline at end of file +Devtron has all the features of Headlamp & Lens, such as viewing, editing, and logging, but it also includes its own build and deploy stack. If you wanted to have headlamp level of functionality without any of the added stuff, Devtron allows you to easily install just thhe core dashboard without any integrations: + + + +You can create a Devtron application that reads off a repo and builds the application based on your specifications. The image gets pushed to your image repo of choice, and you can then have additional CI/CD pipelines that deploy this image into your cluster. The image can be deployed with regular Kubernetes manifest files, or with Helm charts. This is part of the Build & Deploy integration. \ No newline at end of file From 156a2da6885bebc04a2fedae152a3bbda50dc082 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Wed, 7 Aug 2024 18:11:59 +0530 Subject: [PATCH 12/33] Observability --- Observability101/observability.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/Observability101/observability.md b/Observability101/observability.md index 13fef2e7..ee3cef4e 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -44,6 +44,22 @@ After that, you can expose Headlamp in a couple of ways. If you are on a cloud p You could also expose it with port forwarding. +``` +kubectl port-forward -n kube-system service/headlamp 8080:80 +``` + +This is the easiest option of you are running on something like Minikube. Or, you could [expose Headlamp with an ingress server](https://headlamp.dev/docs/latest/installation/in-cluster/#exposing-headlamp-with-an-ingress-server). + +Once that is done, head over to the dashboard, and you will be presented with a login screen. To login, create a service account and get service token: + +``` +kubectl -n kube-system create serviceaccount headlamp-admin +kubectl create clusterrolebinding headlamp-admin --serviceaccount=kube-system:headlamp-admin --clusterrole=cluster-admin +kubectl create token headlamp-admin -n kube-system +``` + +Note that this service token is temporary and shouldn't be used as a login mechanism anyway. It's best to setup login properly with OIDC. + While Headlamp is a great, lightweight web-based dashboard, it only allows you to observe and perform basic functions on your cluster. If you need a much more heavy-hitting application that gives you observability, but also allows you to cram the entire build & deploy pipeline into a single tool, you can consider a tool like Devtron. ## Devtron From 8c47e26b21886ed3277acb8ee6ed305bacd9be7e Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Thu, 8 Aug 2024 18:31:58 +0530 Subject: [PATCH 13/33] Observability --- Observability101/observability.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index ee3cef4e..a520b6a9 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -58,7 +58,7 @@ kubectl create clusterrolebinding headlamp-admin --serviceaccount=kube-system:he kubectl create token headlamp-admin -n kube-system ``` -Note that this service token is temporary and shouldn't be used as a login mechanism anyway. It's best to setup login properly with OIDC. +Note that this service token is temporary and shouldn't be used as a login mechanism anyway. It's best to setup login properly with OIDC. Once OIDC is setup, you can use the native Kubernetes RBAC roles to decide who gets what access. While Headlamp is a great, lightweight web-based dashboard, it only allows you to observe and perform basic functions on your cluster. If you need a much more heavy-hitting application that gives you observability, but also allows you to cram the entire build & deploy pipeline into a single tool, you can consider a tool like Devtron. @@ -66,6 +66,19 @@ While Headlamp is a great, lightweight web-based dashboard, it only allows you t Devtron has all the features of Headlamp & Lens, such as viewing, editing, and logging, but it also includes its own build and deploy stack. If you wanted to have headlamp level of functionality without any of the added stuff, Devtron allows you to easily install just thhe core dashboard without any integrations: +``` +helm repo add devtron https://helm.devtron.ai +helm repo update devtron +helm install devtron devtron/devtron-operator \ +--create-namespace --namespace devtroncd +``` + +Exposing this is similar to exposing Headlamp. You could use: + +``` +kubectl get svc -n devtroncd devtron-service -o jsonpath='{.status.loadBalancer.ingress}' +``` +To get the load balancer path. Similar to Headlamp, Devtron provides easy integration with OIDC providers like Keycloak and Dex. They additionally also provide you with SSO integration for major SSO providers such as Google and Microsoft, as well as support for LDAP. In comparison to Headlamp, Devtron has it's own UI that allows you to specify access to resources, users, and roles. You can create a Devtron application that reads off a repo and builds the application based on your specifications. The image gets pushed to your image repo of choice, and you can then have additional CI/CD pipelines that deploy this image into your cluster. The image can be deployed with regular Kubernetes manifest files, or with Helm charts. This is part of the Build & Deploy integration. \ No newline at end of file From be4072adf16eb0ab4ee9edc03599944c85d584ba Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Fri, 9 Aug 2024 18:25:03 +0530 Subject: [PATCH 14/33] Prod infra config changes --- Observability101/observability.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index a520b6a9..2ae0afdf 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -79,6 +79,8 @@ Exposing this is similar to exposing Headlamp. You could use: kubectl get svc -n devtroncd devtron-service -o jsonpath='{.status.loadBalancer.ingress}' ``` -To get the load balancer path. Similar to Headlamp, Devtron provides easy integration with OIDC providers like Keycloak and Dex. They additionally also provide you with SSO integration for major SSO providers such as Google and Microsoft, as well as support for LDAP. In comparison to Headlamp, Devtron has it's own UI that allows you to specify access to resources, users, and roles. +To get the load balancer path. Like Headlamp, Devtron provides easy integration with OIDC providers like Keycloak and Dex. They additionally also provide you with SSO integration for major SSO providers such as Google and Microsoft, as well as support for LDAP. Compared to Headlamp, Devtron has its own UI that allows you to specify access to resources, users, and roles. You can define permission groups, create new users, and then assign those permission groups to users. You can also assign multiple permission groups to a single user, meaning that you can have increasingly permissive groups for each user. + +Now that we have covered all the areas that Devtron and Headlamp have in common, let's move to the areas that are different: which is the application stack. You can create a Devtron application that reads off a repo and builds the application based on your specifications. The image gets pushed to your image repo of choice, and you can then have additional CI/CD pipelines that deploy this image into your cluster. The image can be deployed with regular Kubernetes manifest files, or with Helm charts. This is part of the Build & Deploy integration. \ No newline at end of file From f96a17e7caa585cb278c3a99820b27f2ea34f80a Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Sat, 10 Aug 2024 13:43:30 +0530 Subject: [PATCH 15/33] Observability --- Observability101/observability.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 2ae0afdf..3ae22c7e 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -83,4 +83,4 @@ To get the load balancer path. Like Headlamp, Devtron provides easy integration Now that we have covered all the areas that Devtron and Headlamp have in common, let's move to the areas that are different: which is the application stack. -You can create a Devtron application that reads off a repo and builds the application based on your specifications. The image gets pushed to your image repo of choice, and you can then have additional CI/CD pipelines that deploy this image into your cluster. The image can be deployed with regular Kubernetes manifest files, or with Helm charts. This is part of the Build & Deploy integration. \ No newline at end of file +You can create a Devtron application that reads off a repo and builds the application based on your specifications. The image gets pushed to your image repo of choice, and you can then have additional CI/CD pipelines that deploy this image into your cluster. The image can be deployed with regular Kubernetes manifest files, or with Helm charts. This is part of the Build & Deploy integration. One thing you have to keep in mind is that the stack is unique to Devtron, so you can't migrate, say, your Jenkins build pipelines directly into Devtron. You will instead have to set them up as Devtron apps. Once you have set up the Devtron apps, your builds will run on your Kubernetes infrastructure by spinning up pods to run the build processes. Once the builds are finished, the pods will leave, thereby saving resources. Jenkins has a similar master-slave architecture, and you can actually install Jenkins on your cluster and have a similar functionality. However, if your applications are Kubernetes-based, Devtron makes the whole setup easier since you can monitor the entire build, deployment, and run process from the same dashboard. \ No newline at end of file From b5672ccf9f5dc668899497f095bedbb68dc8fd2d Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Sun, 11 Aug 2024 11:36:46 +0530 Subject: [PATCH 16/33] Observability --- Observability101/observability.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 3ae22c7e..1eea6894 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -83,4 +83,8 @@ To get the load balancer path. Like Headlamp, Devtron provides easy integration Now that we have covered all the areas that Devtron and Headlamp have in common, let's move to the areas that are different: which is the application stack. -You can create a Devtron application that reads off a repo and builds the application based on your specifications. The image gets pushed to your image repo of choice, and you can then have additional CI/CD pipelines that deploy this image into your cluster. The image can be deployed with regular Kubernetes manifest files, or with Helm charts. This is part of the Build & Deploy integration. One thing you have to keep in mind is that the stack is unique to Devtron, so you can't migrate, say, your Jenkins build pipelines directly into Devtron. You will instead have to set them up as Devtron apps. Once you have set up the Devtron apps, your builds will run on your Kubernetes infrastructure by spinning up pods to run the build processes. Once the builds are finished, the pods will leave, thereby saving resources. Jenkins has a similar master-slave architecture, and you can actually install Jenkins on your cluster and have a similar functionality. However, if your applications are Kubernetes-based, Devtron makes the whole setup easier since you can monitor the entire build, deployment, and run process from the same dashboard. \ No newline at end of file +You can create a Devtron application that reads off a repo and builds the application based on your specifications. The image gets pushed to your image repo of choice, and you can then have additional CI/CD pipelines that deploy this image into your cluster. The image can be deployed with regular Kubernetes manifest files, or with Helm charts. This is part of the Build & Deploy integration. One thing you have to keep in mind is that the stack is unique to Devtron. So for example, you can't migrate your Jenkins build pipelines directly into Devtron. You will instead have to set them up as Devtron apps. Once you have set up the Devtron apps, your builds will run on your Kubernetes infrastructure by spinning up pods to run the build processes. Once the builds are finished, the pods will leave, thereby saving resources. Jenkins has a similar master-slave architecture, and you can actually install Jenkins on your cluster and have a similar functionality. However, if your applications are Kubernetes-based, Devtron makes the whole setup easier since you can monitor the entire build, deployment, and run process from the same dashboard. + +Another integration Devtron provides is GitOps with ArgoCD. For more information on GitOps, head to the [GitOps](../GitOps101/what-is-gitops.md) section. Since Devtron apps are inherently designed to be compatible with ArgoCD, there is no additional setup to integrate your application into GitOps after you have set up your Devtron apps. + +A very important feature Devtron provides is vulnerability scanning using [Clair](https://github.com/quay/clair). As your Devtron apps build your source, they create Docker images. These images can have vulnerabilities, or use base images/packages that have vulnerabilities. Clair will automatically analyze these images as they are built, and provide a vulnerability report. You could additionally set security policies so that trying to deploy an application that uses vulnerable images gets blocked. This is very useful in enterprise situations where security is a major concern. In addition to the threat of attacks, organizations also have certain compliance standards they must meet. \ No newline at end of file From 133a551ce0ce462516906d915ef2b2535400d2e7 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Tue, 13 Aug 2024 17:49:28 +0530 Subject: [PATCH 17/33] Prod infra config changes --- Observability101/observability.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 1eea6894..698d652e 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -87,4 +87,6 @@ You can create a Devtron application that reads off a repo and builds the applic Another integration Devtron provides is GitOps with ArgoCD. For more information on GitOps, head to the [GitOps](../GitOps101/what-is-gitops.md) section. Since Devtron apps are inherently designed to be compatible with ArgoCD, there is no additional setup to integrate your application into GitOps after you have set up your Devtron apps. -A very important feature Devtron provides is vulnerability scanning using [Clair](https://github.com/quay/clair). As your Devtron apps build your source, they create Docker images. These images can have vulnerabilities, or use base images/packages that have vulnerabilities. Clair will automatically analyze these images as they are built, and provide a vulnerability report. You could additionally set security policies so that trying to deploy an application that uses vulnerable images gets blocked. This is very useful in enterprise situations where security is a major concern. In addition to the threat of attacks, organizations also have certain compliance standards they must meet. \ No newline at end of file +An essential feature Devtron provides is vulnerability scanning using [Clair](https://github.com/quay/clair). As your Devtron apps build your source, they create Docker images. These images can have vulnerabilities, or use base images/packages that have vulnerabilities. Clair will automatically analyze these images as they are built, and provide a vulnerability report. You could additionally set security policies so that when trying to deploy an application that uses vulnerable images, it gets blocked. This is very useful in enterprise situations where security is a major concern. In addition to the threat of attacks, organizations also have certain compliance standards they must meet, such as SOC or ISO compliance. These have certain requirements (such as 0 critical or high-priority vulnerabilities in images), and having your CI/CD tool actively block pictures that don't meet these standards from being deployed is massively helpful in ensuring that your security audits don't fail. + +Another feature Devtron has is alerting. Any events that occur on your build or deployment pipelines can be alerted via email or Slack. This is a fairly basic configuration that you will find in most CI/CD systems such as Jenkins. \ No newline at end of file From ffdfeff857e411da4df1e44f3a2021aa1637d83c Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Wed, 14 Aug 2024 18:12:41 +0530 Subject: [PATCH 18/33] Observability --- Observability101/observability.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 698d652e..57b0c615 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -81,12 +81,14 @@ kubectl get svc -n devtroncd devtron-service -o jsonpath='{.status.loadBalancer. To get the load balancer path. Like Headlamp, Devtron provides easy integration with OIDC providers like Keycloak and Dex. They additionally also provide you with SSO integration for major SSO providers such as Google and Microsoft, as well as support for LDAP. Compared to Headlamp, Devtron has its own UI that allows you to specify access to resources, users, and roles. You can define permission groups, create new users, and then assign those permission groups to users. You can also assign multiple permission groups to a single user, meaning that you can have increasingly permissive groups for each user. -Now that we have covered all the areas that Devtron and Headlamp have in common, let's move to the areas that are different: which is the application stack. +Now that we have covered all the areas that Devtron and Headlamp have in common, let's move to the areas that are different: the application stack. If you installed Devtron without any integrations, you can simple install only the integration without having to reinstall the entire Helm chart by going to the Devtron stack manager in the UI from the left navigation bar. Under INTEGRATIONS, select Discover. You can create a Devtron application that reads off a repo and builds the application based on your specifications. The image gets pushed to your image repo of choice, and you can then have additional CI/CD pipelines that deploy this image into your cluster. The image can be deployed with regular Kubernetes manifest files, or with Helm charts. This is part of the Build & Deploy integration. One thing you have to keep in mind is that the stack is unique to Devtron. So for example, you can't migrate your Jenkins build pipelines directly into Devtron. You will instead have to set them up as Devtron apps. Once you have set up the Devtron apps, your builds will run on your Kubernetes infrastructure by spinning up pods to run the build processes. Once the builds are finished, the pods will leave, thereby saving resources. Jenkins has a similar master-slave architecture, and you can actually install Jenkins on your cluster and have a similar functionality. However, if your applications are Kubernetes-based, Devtron makes the whole setup easier since you can monitor the entire build, deployment, and run process from the same dashboard. Another integration Devtron provides is GitOps with ArgoCD. For more information on GitOps, head to the [GitOps](../GitOps101/what-is-gitops.md) section. Since Devtron apps are inherently designed to be compatible with ArgoCD, there is no additional setup to integrate your application into GitOps after you have set up your Devtron apps. -An essential feature Devtron provides is vulnerability scanning using [Clair](https://github.com/quay/clair). As your Devtron apps build your source, they create Docker images. These images can have vulnerabilities, or use base images/packages that have vulnerabilities. Clair will automatically analyze these images as they are built, and provide a vulnerability report. You could additionally set security policies so that when trying to deploy an application that uses vulnerable images, it gets blocked. This is very useful in enterprise situations where security is a major concern. In addition to the threat of attacks, organizations also have certain compliance standards they must meet, such as SOC or ISO compliance. These have certain requirements (such as 0 critical or high-priority vulnerabilities in images), and having your CI/CD tool actively block pictures that don't meet these standards from being deployed is massively helpful in ensuring that your security audits don't fail. +An essential feature Devtron provides is vulnerability scanning using [Clair](https://github.com/quay/clair). As your Devtron apps build your source, they create Docker images. These images can have vulnerabilities, or use base images/packages that have vulnerabilities. Clair will automatically analyze these images as they are built, and provide a vulnerability report. You could additionally set security policies so that when trying to deploy an application that uses vulnerable images, it gets blocked. This is very useful in enterprise situations where security is a major concern. In addition to the threat of attacks, organizations also have certain compliance standards they must meet, such as SOC or ISO compliance. These have certain requirements (such as 0 critical or high-priority vulnerabilities in images), and having your CI/CD tool actively block images that don't meet these standards from being deployed is massively helpful in ensuring that your security audits don't fail. -Another feature Devtron has is alerting. Any events that occur on your build or deployment pipelines can be alerted via email or Slack. This is a fairly basic configuration that you will find in most CI/CD systems such as Jenkins. \ No newline at end of file +Another feature Devtron has is alerting. Any events that occur on your build or deployment pipelines can be alerted via email or Slack. This is a fairly basic configuration that you will find in most CI/CD systems such as Jenkins. + +The final feature that Devtron has is monitoring with Grafana. Once you have finished deploying your application to your Kubernetes cluster, you can check the application metrics like CPU, Memory utilization, Status 4xx/ 5xx/ 2xx, Throughput, and Latency. This skips all the steps involved in setting up Grafana yourself and installs the full stack for you. \ No newline at end of file From d18ff83e67cb962173906ba8bfc5fa547652118b Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Thu, 15 Aug 2024 18:29:17 +0530 Subject: [PATCH 19/33] Observability --- Observability101/observability.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 57b0c615..20f4fe71 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -91,4 +91,6 @@ An essential feature Devtron provides is vulnerability scanning using [Clair](ht Another feature Devtron has is alerting. Any events that occur on your build or deployment pipelines can be alerted via email or Slack. This is a fairly basic configuration that you will find in most CI/CD systems such as Jenkins. -The final feature that Devtron has is monitoring with Grafana. Once you have finished deploying your application to your Kubernetes cluster, you can check the application metrics like CPU, Memory utilization, Status 4xx/ 5xx/ 2xx, Throughput, and Latency. This skips all the steps involved in setting up Grafana yourself and installs the full stack for you. \ No newline at end of file +The final feature that Devtron has is monitoring with Grafana. Once you have finished deploying your application to your Kubernetes cluster, you can check the application metrics like CPU, Memory utilization, Status 4xx/ 5xx/ 2xx, Throughput, and Latency. This skips all the steps involved in setting up Grafana yourself and installs the full stack for you. + +So all in all, Devtron provides much more than just a resource browser that can be used to control the Kubernetes cluster. It also allows you to build images, check them for vulnerabilities, then deploy them. Once the deployment is complete, you also get to monitor the health of these deployments and alert if something goes wrong. \ No newline at end of file From a79feb613e69ed5932e5f2ba335fee72af2b7f25 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Fri, 16 Aug 2024 18:00:40 +0530 Subject: [PATCH 20/33] Observability --- Observability101/observability.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 20f4fe71..707fa4e5 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -93,4 +93,8 @@ Another feature Devtron has is alerting. Any events that occur on your build or The final feature that Devtron has is monitoring with Grafana. Once you have finished deploying your application to your Kubernetes cluster, you can check the application metrics like CPU, Memory utilization, Status 4xx/ 5xx/ 2xx, Throughput, and Latency. This skips all the steps involved in setting up Grafana yourself and installs the full stack for you. -So all in all, Devtron provides much more than just a resource browser that can be used to control the Kubernetes cluster. It also allows you to build images, check them for vulnerabilities, then deploy them. Once the deployment is complete, you also get to monitor the health of these deployments and alert if something goes wrong. \ No newline at end of file +So all in all, Devtron provides much more than just a resource browser that can be used to control the Kubernetes cluster. It also allows you to build images, check them for vulnerabilities, then deploy them. Once the deployment is complete, you also get to monitor the health of these deployments and alert if something goes wrong. So it's the full end-to-end package. + +Now, let's move on to [portainer](https://www.portainer.io), which provides most features of Devtron, but also gives some additional options your organization might find useful. + +## Portainer From c2125f5bcec54a00881948695b785fc73d29a9ab Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Thu, 22 Aug 2024 18:08:59 +0530 Subject: [PATCH 21/33] Observability --- Observability101/observability-temp.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Observability101/observability-temp.md diff --git a/Observability101/observability-temp.md b/Observability101/observability-temp.md new file mode 100644 index 00000000..e07054ac --- /dev/null +++ b/Observability101/observability-temp.md @@ -0,0 +1,3 @@ +Next, let's look at Octant by VMware. Octant toes the line between being a desktop application and a web interface, in that you install it locally on your desktop, and it launches a server that gives you access to your cluster using your web browser. It uses your local kubeconfig to provide access to your clusters. Hence, there is no additional configuration required, and you can set up the kubeconfig in a server and have Octant installed on it, then serve it using a simple Nginx server. However, it is impossible to restrict access based on roles since the application was not designed for it. Specifically, Octant is designed to manage Tanzu Kubernetes Clusters, which are preconfigured enterprise-grade clusters provided by VMware. + +Octant provides all the features of tools such as Headlamp & Lens, except this has a high focus on development. While the other tools are mainly designed to be used by DevOps teams, Octant comes with inbuilt support for debugging and plug-ins over gRPC which are designed to be used by development teams testing out their software in Kubernetes clusters. \ No newline at end of file From db32758771076ac061e0d1fd7687459d68567e0f Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Fri, 23 Aug 2024 16:11:31 +0530 Subject: [PATCH 22/33] Observability --- Observability101/observability-temp.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Observability101/observability-temp.md b/Observability101/observability-temp.md index e07054ac..b3161638 100644 --- a/Observability101/observability-temp.md +++ b/Observability101/observability-temp.md @@ -1,3 +1,7 @@ Next, let's look at Octant by VMware. Octant toes the line between being a desktop application and a web interface, in that you install it locally on your desktop, and it launches a server that gives you access to your cluster using your web browser. It uses your local kubeconfig to provide access to your clusters. Hence, there is no additional configuration required, and you can set up the kubeconfig in a server and have Octant installed on it, then serve it using a simple Nginx server. However, it is impossible to restrict access based on roles since the application was not designed for it. Specifically, Octant is designed to manage Tanzu Kubernetes Clusters, which are preconfigured enterprise-grade clusters provided by VMware. -Octant provides all the features of tools such as Headlamp & Lens, except this has a high focus on development. While the other tools are mainly designed to be used by DevOps teams, Octant comes with inbuilt support for debugging and plug-ins over gRPC which are designed to be used by development teams testing out their software in Kubernetes clusters. \ No newline at end of file +Octant provides all the features of tools such as Headlamp & Lens, except this has a high focus on development. While the other tools are mainly designed to be used by DevOps teams, Octant comes with inbuilt support for debugging and plug-ins over gRPC which are designed to be used by development teams testing out their software in Kubernetes clusters. So it makes sense that the tool would be run locally on your machine similar to an IDE used to debug application code instead of a web interface shared by many people. So depending on your use case, this might not fit your needs. + +## ArgoCD + +ArgoCD is not a cluster observability/operations tool, but rather a GitOps tool used to automate CI/CD processes. However, it deserves an honorable mention since it gives observability/operations access to all parts of a Kubernetes cluster other than the nodes. ArgoCD allows you to deploy new application revisions and then lays out a resource map of all the resources that come up when the deployment is performed. You can then edit/delete these resources from the same dashboard and it will get updated in real-time. ArgoCD also allows you to view the logs & events of a pod, and with a little configuration, you should be able to shell into a pod from within ArgoCD as well. \ No newline at end of file From 09a4113f9a523b43e750f18cf202d51e6ea7edcb Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Sun, 25 Aug 2024 11:29:27 +0530 Subject: [PATCH 23/33] observability --- Observability101/observability.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Observability101/observability.md b/Observability101/observability.md index 707fa4e5..47ed57c0 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -60,6 +60,8 @@ kubectl create token headlamp-admin -n kube-system Note that this service token is temporary and shouldn't be used as a login mechanism anyway. It's best to setup login properly with OIDC. Once OIDC is setup, you can use the native Kubernetes RBAC roles to decide who gets what access. +Sidenote: Headlamp desktop allows managing multiple clusters but the web version does not. + While Headlamp is a great, lightweight web-based dashboard, it only allows you to observe and perform basic functions on your cluster. If you need a much more heavy-hitting application that gives you observability, but also allows you to cram the entire build & deploy pipeline into a single tool, you can consider a tool like Devtron. ## Devtron @@ -95,6 +97,16 @@ The final feature that Devtron has is monitoring with Grafana. Once you have fin So all in all, Devtron provides much more than just a resource browser that can be used to control the Kubernetes cluster. It also allows you to build images, check them for vulnerabilities, then deploy them. Once the deployment is complete, you also get to monitor the health of these deployments and alert if something goes wrong. So it's the full end-to-end package. +One additional feature Devtron has is multi-cluster management. If your organization has several clusters, you can get access to all of them within the same dashboard. There are two ways to do this, and the easiest is to create a service account in your second cluster that allows Devtron to perform operations on it. To do this, Devtron has provided a straightforward bash script that can be run which does the job for you. First, make sure you are in your second clusters' contexts, then run: + +``` +curl -O https://raw.githubusercontent.com/devtron-labs/utilities/main/kubeconfig-exporter/kubernetes_export_sa.sh && bash kubernetes_export_sa.sh cd-user  devtroncd +``` + +Add the server URL and token you get from this command to the Devtron UI and your cluster should start showing up in the resource browser. Full instructions can be found [in the official docs](https://docs.devtron.ai/global-configurations/cluster-and-environments#add-cluster). Another way to add a cluster is using the kubeconfig. Instructions to do this can be found [here](https://docs.devtron.ai/global-configurations/cluster-and-environments#add-clusters-using-kubeconfig). Note that if your cluster is hosted on a cloud provider, you can't just copy and paste the kubeconfig and expect it to work. + Now, let's move on to [portainer](https://www.portainer.io), which provides most features of Devtron, but also gives some additional options your organization might find useful. ## Portainer + +Portainer is a container management platform, which means that it dips into the realm of Docker/Docker swarms as well as Kubernetes. It works with basically every containerization platform, cloud service, and even your self hosted platforms. \ No newline at end of file From 4166bff73dd87eccb7548b3e715db559cf373857 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Mon, 26 Aug 2024 16:55:24 +0530 Subject: [PATCH 24/33] Observability --- Observability101/observability-temp.md | 7 --- Observability101/observability.md | 66 +++++++++++++++++++++++++- 2 files changed, 65 insertions(+), 8 deletions(-) delete mode 100644 Observability101/observability-temp.md diff --git a/Observability101/observability-temp.md b/Observability101/observability-temp.md deleted file mode 100644 index b3161638..00000000 --- a/Observability101/observability-temp.md +++ /dev/null @@ -1,7 +0,0 @@ -Next, let's look at Octant by VMware. Octant toes the line between being a desktop application and a web interface, in that you install it locally on your desktop, and it launches a server that gives you access to your cluster using your web browser. It uses your local kubeconfig to provide access to your clusters. Hence, there is no additional configuration required, and you can set up the kubeconfig in a server and have Octant installed on it, then serve it using a simple Nginx server. However, it is impossible to restrict access based on roles since the application was not designed for it. Specifically, Octant is designed to manage Tanzu Kubernetes Clusters, which are preconfigured enterprise-grade clusters provided by VMware. - -Octant provides all the features of tools such as Headlamp & Lens, except this has a high focus on development. While the other tools are mainly designed to be used by DevOps teams, Octant comes with inbuilt support for debugging and plug-ins over gRPC which are designed to be used by development teams testing out their software in Kubernetes clusters. So it makes sense that the tool would be run locally on your machine similar to an IDE used to debug application code instead of a web interface shared by many people. So depending on your use case, this might not fit your needs. - -## ArgoCD - -ArgoCD is not a cluster observability/operations tool, but rather a GitOps tool used to automate CI/CD processes. However, it deserves an honorable mention since it gives observability/operations access to all parts of a Kubernetes cluster other than the nodes. ArgoCD allows you to deploy new application revisions and then lays out a resource map of all the resources that come up when the deployment is performed. You can then edit/delete these resources from the same dashboard and it will get updated in real-time. ArgoCD also allows you to view the logs & events of a pod, and with a little configuration, you should be able to shell into a pod from within ArgoCD as well. \ No newline at end of file diff --git a/Observability101/observability.md b/Observability101/observability.md index 47ed57c0..cf8ad993 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -109,4 +109,68 @@ Now, let's move on to [portainer](https://www.portainer.io), which provides most ## Portainer -Portainer is a container management platform, which means that it dips into the realm of Docker/Docker swarms as well as Kubernetes. It works with basically every containerization platform, cloud service, and even your self hosted platforms. \ No newline at end of file +Portainer is a container management platform, which means that it dips into the realm of Docker/Docker swarms as well as Kubernetes. It works with basically every containerization platform, cloud service, and even your self hosted platforms. + +Portainer is a lightweight and user-friendly management UI for Docker, Kubernetes, and other container orchestration platforms. It simplifies the process of managing containers, images, volumes, networks, and more through an intuitive web interface. Here’s an overview of its key features and capabilities: + +### Key Features +1. **Container Management:** + - Allows users to create, manage, and monitor Docker containers. + - Supports starting, stopping, pausing, and restarting containers. + - Provides detailed information about container logs, resource usage, and network configurations. + +2. **Image Management:** + - Facilitates pulling, pushing, and managing Docker images. + - Supports creating new containers from images or building images directly from Dockerfiles. + +3. **Volume Management:** + - Enables easy management of Docker volumes, including creation, inspection, and deletion. + - Allows users to manage data persistence for their containers. + +4. **Network Management:** + - Provides tools for managing Docker networks, including the ability to create custom networks and attach/detach containers from them. + +5. **Kubernetes Support:** + - Portainer can manage Kubernetes clusters, making it easier for users to deploy and monitor workloads, services, and configurations within Kubernetes. + - Supports both standard Kubernetes and Docker Swarm environments. + +6. **User Management:** + - Portainer offers role-based access control (RBAC), allowing administrators to define user roles and permissions. + - Supports multi-user environments with authentication mechanisms like LDAP, OAuth, and more. + +7. **Stacks and Templates:** + - Users can deploy multi-container applications using stacks, which are defined using Docker Compose files. + - Provides a catalog of templates for commonly used applications, simplifying the deployment process. + +8. **Advanced Features:** + - Integrates with CI/CD pipelines, enabling automated deployment and management. + - Supports the management of secrets, environments, and custom registries. + +9. **Monitoring and Logs:** + - Offers real-time monitoring of container performance, including CPU, memory, and network usage. + - Provides access to container logs for debugging and auditing purposes. + +### Deployment and Usage +- **Deployment:** Portainer is deployed as a container itself, making it easy to set up. It can be installed on any system running Docker or Kubernetes. +- **Web Interface:** Once deployed, users can access Portainer via a web browser, where they interact with the system through a clean and straightforward UI. + +### Use Cases +- **Small to Medium-Sized Deployments:** Ideal for small to medium-sized deployments where ease of management and visibility is crucial. +- **Learning and Development:** Often used in learning environments to help new users understand Docker and Kubernetes concepts through a visual interface. +- **Multi-Cluster Management:** Useful in environments with multiple clusters or nodes, as it allows centralized management and monitoring. + +### Limitations +- **Scalability:** While Portainer is excellent for managing small to medium-sized environments, it may not scale as well for very large or complex enterprise environments with thousands of nodes. +- **Advanced Kubernetes Features:** It provides a simplified view of Kubernetes, which may not expose all the advanced features available through native Kubernetes tools. + +Overall, Portainer is a powerful tool for simplifying container and cluster management, making it accessible to a broader audience, including developers, sysadmins, and DevOps teams. + +## Octant + +Next, let's look at Octant by VMware. Octant toes the line between being a desktop application and a web interface, in that you install it locally on your desktop, and it launches a server that gives you access to your cluster using your web browser. It uses your local kubeconfig to provide access to your clusters. Hence, there is no additional configuration required, and you can set up the kubeconfig in a server and have Octant installed on it, then serve it using a simple Nginx server. However, it is impossible to restrict access based on roles since the application was not designed for it. Specifically, Octant is designed to manage Tanzu Kubernetes Clusters, which are preconfigured enterprise-grade clusters provided by VMware. + +Octant provides all the features of tools such as Headlamp & Lens, except this has a high focus on development. While the other tools are mainly designed to be used by DevOps teams, Octant comes with inbuilt support for debugging and plug-ins over gRPC which are designed to be used by development teams testing out their software in Kubernetes clusters. So it makes sense that the tool would be run locally on your machine similar to an IDE used to debug application code instead of a web interface shared by many people. So depending on your use case, this might not fit your needs. + +## ArgoCD + +ArgoCD is not a cluster observability/operations tool, but rather a GitOps tool used to automate CI/CD processes. However, it deserves an honorable mention since it gives observability/operations access to all parts of a Kubernetes cluster other than the nodes. ArgoCD allows you to deploy new application revisions and then lays out a resource map of all the resources that come up when the deployment is performed. You can then edit/delete these resources from the same dashboard and it will get updated in real-time. ArgoCD also allows you to view the logs & events of a pod, and with a little configuration, you should be able to shell into a pod from within ArgoCD as well. \ No newline at end of file From 81c18813d78e65de987610d5f819c10a0ccab740 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Tue, 27 Aug 2024 18:30:32 +0530 Subject: [PATCH 25/33] Observability --- Observability101/observability.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index cf8ad993..7428bef5 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -111,17 +111,7 @@ Now, let's move on to [portainer](https://www.portainer.io), which provides most Portainer is a container management platform, which means that it dips into the realm of Docker/Docker swarms as well as Kubernetes. It works with basically every containerization platform, cloud service, and even your self hosted platforms. -Portainer is a lightweight and user-friendly management UI for Docker, Kubernetes, and other container orchestration platforms. It simplifies the process of managing containers, images, volumes, networks, and more through an intuitive web interface. Here’s an overview of its key features and capabilities: - -### Key Features -1. **Container Management:** - - Allows users to create, manage, and monitor Docker containers. - - Supports starting, stopping, pausing, and restarting containers. - - Provides detailed information about container logs, resource usage, and network configurations. - -2. **Image Management:** - - Facilitates pulling, pushing, and managing Docker images. - - Supports creating new containers from images or building images directly from Dockerfiles. +For starters, it allows users to create, manage, and monitor Docker containers. It also allows operational functions such as starting, stopping, pausing, and restarting containers. You can also view container logs, resource usage, network configurations, and other metrics related to these containers. You also have an in-built image repo that facilitates pulling, pushing, and managing Docker images. This means you can create new containers from images or build images directly from Dockerfiles. 3. **Volume Management:** - Enables easy management of Docker volumes, including creation, inspection, and deletion. From c0fd4695088044c1450cbbd5d9f12d9f954c01fe Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Wed, 28 Aug 2024 18:40:25 +0530 Subject: [PATCH 26/33] Observability --- Observability101/observability.md | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 7428bef5..ae827f65 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -113,20 +113,7 @@ Portainer is a container management platform, which means that it dips into the For starters, it allows users to create, manage, and monitor Docker containers. It also allows operational functions such as starting, stopping, pausing, and restarting containers. You can also view container logs, resource usage, network configurations, and other metrics related to these containers. You also have an in-built image repo that facilitates pulling, pushing, and managing Docker images. This means you can create new containers from images or build images directly from Dockerfiles. -3. **Volume Management:** - - Enables easy management of Docker volumes, including creation, inspection, and deletion. - - Allows users to manage data persistence for their containers. - -4. **Network Management:** - - Provides tools for managing Docker networks, including the ability to create custom networks and attach/detach containers from them. - -5. **Kubernetes Support:** - - Portainer can manage Kubernetes clusters, making it easier for users to deploy and monitor workloads, services, and configurations within Kubernetes. - - Supports both standard Kubernetes and Docker Swarm environments. - -6. **User Management:** - - Portainer offers role-based access control (RBAC), allowing administrators to define user roles and permissions. - - Supports multi-user environments with authentication mechanisms like LDAP, OAuth, and more. +Managing the volumes used in both your Docker containers as well as PVCs used in Kubernetes is another feature available in Portainer, as well as the ability to create custom networks and attach/detach containers from them. When it comes to Kubernetes support, Portainer can manage Kubernetes clusters, making it easier for users to deploy and monitor workloads, services, and configurations within Kubernetes. It also supports Docker Swarm environments. You also have RBAC allowing administrators to define user roles and permissions. It also supports multi-user environments with authentication mechanisms like LDAP, OAuth, and more. Note that most of these features are enterprise grade. 7. **Stacks and Templates:** - Users can deploy multi-container applications using stacks, which are defined using Docker Compose files. From fdd52331d95de4c8437aa4136337037bd720bed9 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Thu, 29 Aug 2024 18:11:34 +0530 Subject: [PATCH 27/33] Observability --- Observability101/observability.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index ae827f65..bdd46be7 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -115,13 +115,7 @@ For starters, it allows users to create, manage, and monitor Docker containers. Managing the volumes used in both your Docker containers as well as PVCs used in Kubernetes is another feature available in Portainer, as well as the ability to create custom networks and attach/detach containers from them. When it comes to Kubernetes support, Portainer can manage Kubernetes clusters, making it easier for users to deploy and monitor workloads, services, and configurations within Kubernetes. It also supports Docker Swarm environments. You also have RBAC allowing administrators to define user roles and permissions. It also supports multi-user environments with authentication mechanisms like LDAP, OAuth, and more. Note that most of these features are enterprise grade. -7. **Stacks and Templates:** - - Users can deploy multi-container applications using stacks, which are defined using Docker Compose files. - - Provides a catalog of templates for commonly used applications, simplifying the deployment process. - -8. **Advanced Features:** - - Integrates with CI/CD pipelines, enabling automated deployment and management. - - Supports the management of secrets, environments, and custom registries. +Portainer also has a catalog of templates for commonly used applications, simplifying the deployment process. Users can also deploy multi-container applications using stacks, which are defined using Docker Compose files. Similar to Devtron, you also get CI/CD support, enabling automated deployment and management. portainer also has the added management functionality of secrets, environments, and custom registries. 9. **Monitoring and Logs:** - Offers real-time monitoring of container performance, including CPU, memory, and network usage. From d78a62e6274c407f230fa8a181e1df499f89bc89 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Fri, 30 Aug 2024 11:46:27 +0530 Subject: [PATCH 28/33] Observability --- Observability101/observability.md | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index bdd46be7..01009187 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -115,15 +115,25 @@ For starters, it allows users to create, manage, and monitor Docker containers. Managing the volumes used in both your Docker containers as well as PVCs used in Kubernetes is another feature available in Portainer, as well as the ability to create custom networks and attach/detach containers from them. When it comes to Kubernetes support, Portainer can manage Kubernetes clusters, making it easier for users to deploy and monitor workloads, services, and configurations within Kubernetes. It also supports Docker Swarm environments. You also have RBAC allowing administrators to define user roles and permissions. It also supports multi-user environments with authentication mechanisms like LDAP, OAuth, and more. Note that most of these features are enterprise grade. -Portainer also has a catalog of templates for commonly used applications, simplifying the deployment process. Users can also deploy multi-container applications using stacks, which are defined using Docker Compose files. Similar to Devtron, you also get CI/CD support, enabling automated deployment and management. portainer also has the added management functionality of secrets, environments, and custom registries. +Portainer also has a catalog of templates for commonly used applications, simplifying the deployment process. Users can also deploy multi-container applications using stacks, which are defined using Docker Compose files. Similar to Devtron, you also get CI/CD support, enabling automated deployment and management. Portainer also has the added management functionality of secrets, environments, and custom registries. -9. **Monitoring and Logs:** - - Offers real-time monitoring of container performance, including CPU, memory, and network usage. - - Provides access to container logs for debugging and auditing purposes. +You also get real-time monitoring of container performance, including CPU, memory, and network usage simliar to what you would get out of Grafana and Prometheus. You also have logging capabilities similar to the other tools on this list which provides access to container logs for debugging and auditing purposes. -### Deployment and Usage -- **Deployment:** Portainer is deployed as a container itself, making it easy to set up. It can be installed on any system running Docker or Kubernetes. -- **Web Interface:** Once deployed, users can access Portainer via a web browser, where they interact with the system through a clean and straightforward UI. +When it comes to deployments, there are several ways to do it depending on which environment you are using. It is containerized so it can run on your Docker environments just fine (both Docker standalone & Docker swarm). On Kubernetes, you use Helm like so: + +``` +helm repo add portainer https://portainer.github.io/k8s/ +helm repo update +helm upgrade --install --create-namespace -n portainer portainer portainer/portainer \ + --set tls.force=true \ + --set image.tag=2.21.0 +``` + +Or you could use plain kubectl: + +``` +kubectl apply -n portainer -f https://downloads.portainer.io/ce2-21/portainer.yaml +``` ### Use Cases - **Small to Medium-Sized Deployments:** Ideal for small to medium-sized deployments where ease of management and visibility is crucial. From ffcd49423a28cd973d898c9a80357391a204a904 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Sat, 31 Aug 2024 11:52:42 +0530 Subject: [PATCH 29/33] observability --- Observability101/observability.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 01009187..315bd7ec 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -135,14 +135,13 @@ Or you could use plain kubectl: kubectl apply -n portainer -f https://downloads.portainer.io/ce2-21/portainer.yaml ``` -### Use Cases -- **Small to Medium-Sized Deployments:** Ideal for small to medium-sized deployments where ease of management and visibility is crucial. -- **Learning and Development:** Often used in learning environments to help new users understand Docker and Kubernetes concepts through a visual interface. -- **Multi-Cluster Management:** Useful in environments with multiple clusters or nodes, as it allows centralized management and monitoring. - -### Limitations -- **Scalability:** While Portainer is excellent for managing small to medium-sized environments, it may not scale as well for very large or complex enterprise environments with thousands of nodes. -- **Advanced Kubernetes Features:** It provides a simplified view of Kubernetes, which may not expose all the advanced features available through native Kubernetes tools. +If you want to expose the service via LoadBalancer instead of NodePort: + +``` +kubectl apply -n portainer -f https://downloads.portainer.io/ce2-21/portainer-lb.yaml +``` + +Once you do this, you should be able to access the Portainer UI via localhost or the load balancer URL. From here on, all you need to do is create an initial admin user, then connect Portainer to your environments. Overall, Portainer is a powerful tool for simplifying container and cluster management, making it accessible to a broader audience, including developers, sysadmins, and DevOps teams. From 609a3695434aa4d3c38b2a2080c6cb8c0635a05e Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Mon, 2 Sep 2024 18:39:45 +0530 Subject: [PATCH 30/33] Observability --- Observability101/observability.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 315bd7ec..2e446b74 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -153,4 +153,4 @@ Octant provides all the features of tools such as Headlamp & Lens, except this h ## ArgoCD -ArgoCD is not a cluster observability/operations tool, but rather a GitOps tool used to automate CI/CD processes. However, it deserves an honorable mention since it gives observability/operations access to all parts of a Kubernetes cluster other than the nodes. ArgoCD allows you to deploy new application revisions and then lays out a resource map of all the resources that come up when the deployment is performed. You can then edit/delete these resources from the same dashboard and it will get updated in real-time. ArgoCD also allows you to view the logs & events of a pod, and with a little configuration, you should be able to shell into a pod from within ArgoCD as well. \ No newline at end of file +ArgoCD is not a cluster observability/operations tool, but rather a GitOps tool used to automate CI/CD processes. However, it deserves an honorable mention since it gives observability/operations access to all parts of a Kubernetes cluster other than the nodes. ArgoCD allows you to deploy new application revisions and then lays out a resource map of all the resources that come up when the deployment is performed. You can then edit/delete these resources from the same dashboard and it will get updated in real time. ArgoCD also allows you to view the logs & events of a pod. With a little configuration, you should be able to shell into a pod from within ArgoCD as well. You also get a basic authentication option with role-based access, or you could connect ArgoCD to an OIDC provider like the other tools provided here. ArgodCD also provides several different options for authentication and access control. To get a better idea of ArgoCD, head over to the [GitOps section](../GitOps101/what-is-gitops.md). However, note that ArgoCD was never meant to be a cluster administration tool, so it should ideally not be used as such. \ No newline at end of file From 0893819043fc7fe4b5ebc13f4f8eb18c2cc3283e Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Tue, 3 Sep 2024 17:55:11 +0530 Subject: [PATCH 31/33] Observability --- Observability101/observability.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 2e446b74..4e749f29 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -153,4 +153,8 @@ Octant provides all the features of tools such as Headlamp & Lens, except this h ## ArgoCD -ArgoCD is not a cluster observability/operations tool, but rather a GitOps tool used to automate CI/CD processes. However, it deserves an honorable mention since it gives observability/operations access to all parts of a Kubernetes cluster other than the nodes. ArgoCD allows you to deploy new application revisions and then lays out a resource map of all the resources that come up when the deployment is performed. You can then edit/delete these resources from the same dashboard and it will get updated in real time. ArgoCD also allows you to view the logs & events of a pod. With a little configuration, you should be able to shell into a pod from within ArgoCD as well. You also get a basic authentication option with role-based access, or you could connect ArgoCD to an OIDC provider like the other tools provided here. ArgodCD also provides several different options for authentication and access control. To get a better idea of ArgoCD, head over to the [GitOps section](../GitOps101/what-is-gitops.md). However, note that ArgoCD was never meant to be a cluster administration tool, so it should ideally not be used as such. \ No newline at end of file +ArgoCD is not a cluster observability/operations tool, but rather a GitOps tool used to automate CI/CD processes. However, it deserves an honorable mention since it gives observability/operations access to all parts of a Kubernetes cluster other than the nodes. ArgoCD allows you to deploy new application revisions and then lays out a resource map of all the resources that come up when the deployment is performed. You can then edit/delete these resources from the same dashboard and it will get updated in real time. ArgoCD also allows you to view the logs & events of a pod. With a little configuration, you should be able to shell into a pod from within ArgoCD as well. You also get a basic authentication option with role-based access, or you could connect ArgoCD to an OIDC provider like the other tools provided here. ArgodCD also provides several different options for authentication and access control. To get a better idea of ArgoCD, head over to the [GitOps section](../GitOps101/what-is-gitops.md). However, note that ArgoCD was never meant to be a cluster administration tool, so it should ideally not be used as such. + +## Conclusion + +This brings us to the end of the section on the various observability tools available for developers/DevOps that will help you observe your Kubernetes workloads. As a next step, let's take a look at enabling proper authentication for these tools. \ No newline at end of file From 7eb1b0fcbc71d2f954818636c1fcedafe9a3e064 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Wed, 4 Sep 2024 17:04:53 +0530 Subject: [PATCH 32/33] Observability --- Observability101/observability.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Observability101/observability.md b/Observability101/observability.md index 4e749f29..8ce20dbd 100644 --- a/Observability101/observability.md +++ b/Observability101/observability.md @@ -157,4 +157,4 @@ ArgoCD is not a cluster observability/operations tool, but rather a GitOps tool ## Conclusion -This brings us to the end of the section on the various observability tools available for developers/DevOps that will help you observe your Kubernetes workloads. As a next step, let's take a look at enabling proper authentication for these tools. \ No newline at end of file +This brings us to the end of the section on the various observability tools available for developers/DevOps that will help you observe your Kubernetes workloads. \ No newline at end of file From 468cd16a11c0421df989df59453b109685f8203b Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Wed, 4 Sep 2024 17:05:42 +0530 Subject: [PATCH 33/33] Observability --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index dd1b0896..738b9dfd 100644 --- a/README.md +++ b/README.md @@ -342,6 +342,9 @@ A Curated List of Kubernetes Labs and Tutorials - [What is Karpenter](./Karpenter101/what-is-karpenter.md) - [Karpenter Lab](./Karpenter101/karpenter-lab.md) +## Observability & Operations +- [Observability tools](./Observability101/observability.md) + ## For Node Developers - [Kubernetes for Node Developers](./nodejs.md)