Dependencies between workspace applications
Platform applications that are deployed to a workspace’s attached clusters can depend on each other. It is important to note these dependencies when customizing the workspace platform applications to ensure that your applications are properly deployed to the clusters. For more information on how to customize workspace platform applications, see Workspace Platform Applications.
When deploying or troubleshooting platform applications, it helps to understand how platform applications interact and may require other platform applications as dependencies.
If a platform application’s dependency does not successfully deploy, the platform application requiring that dependency does not successfully deploy.
The following sections detail information about the workspace platform application.
Provides the foundation for all platform application capabilities and deployments on managed clusters. These applications must be enabled for any platform applications to work properly.
The foundational applications are comprised of the following platform application:
cert-manager: Automates TLS certificate management and issuance.
reloader: A controller that watches changes on ConfigMaps and Secrets, and automatically triggers updates on the dependent applications.
traefik: Provides an HTTP reverse proxy and load balancer. Requires cert-manager and reloader.
Collects logs over time from Kubernetes and applications deployed on managed clusters. Also provides the ability to visualize and query the aggregated logs.
fluent-bit: Open source and multi-platform log processor tool which aims to be a generic Swiss knife for logs processing and distribution.
grafana-logging: Logging dashboard used to view logs aggregated to Grafana Loki.
grafana-loki: A horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus.
logging-operator: Automates the deployment and configuration of a Kubernetes logging pipeline.
kube-prometheus-stack is an optional dependency. Users can override the config to remove the dependency, as needed.
Provides monitoring capabilities by collecting metrics, including cost metrics, for Kubernetes and applications deployed on managed clusters. Also provides visualization of metrics and evaluates rule expressions to trigger alerts when specific conditions are observed.
kubecost: provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs.
kubernetes-dashboard: A general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster, troubleshoot them and manage the cluster itself.
kube-prometheus-stack: A stack of applications that collect metrics and provide visualization and alerting capabilities.
nvidia-gpu-operator: The NVIDIA GPU Operator manages NVIDIA GPU resources in a Kubernetes cluster and automates tasks related to bootstrapping GPU nodes.
prometheus-adapter: Provides cluster metrics from Prometheus.
Allows management of security constraints and capabilities for the clusters and users.
gatekeeper: A policy Controller for Kubernetes.
Single Sign On (SSO)
Group of platform applications that allow enabling SSO on attached clusters. SSO is a centralized system for connecting attached clusters to the centralized authority on the management cluster.
kube-oidc-proxy: A reverse proxy server that authenticates users using OIDC to Kubernetes API servers where OIDC authentication is not available.
traefik-forward-auth: Installs a forward authentication application providing Google OAuth based authentication for Traefik.
This platform application assists you with backing up and restoring your environment.
velero: An open source tool for safely backing up and restoring resources in a Kubernetes cluster, performing disaster recovery, and migrating resources and persistent volumes to another Kubernetes cluster.
This is an optional dependency. Users can override the config to remove the dependency, as needed.
Allows deploying service mesh on clusters, enabling the management of microservices in cloud-native applications. Service mesh can provide a number of benefits, such as providing observability into communications, providing secure connections, or automating retries and backoff for failed requests.
istio: Addresses the challenges developers and operators face with a distributed or microservices architecture.
jaeger: A distributed tracing system used for monitoring and troubleshooting microservices-based distributed systems.
kiali: A management console for an Istio-based service mesh. It provides dashboards, observability, and lets you operate your mesh with robust configuration and validation capabilities.
jaeger (optional for monitoring purposes)