Platform Applications

How platform applications work

When attaching a cluster, DKP deploys certain platform applications on the newly attached cluster. Operators can use the DKP UI to customize which platform applications to deploy to the attached clusters in a given workspace. Refer to the Release Notes for the default DKP Applications and their current versions.

Default Foundational Applications

These applications provide the foundation for all Platform Application capabilities and deployments on Managed Clusters. These applications must be enabled for any Platform Applications to work properly. For current DKP release Helm Values and DKP Values, refer to the Release Notes: DKP 2.8.0 Components and Applications and related topics at the bottom of the page.

The foundational applications are comprised of the following Platform Applications:

• cert-manager: Automates TLS certificate management and issuance.

• reloader: A controller that watches changes on ConfigMaps and Secrets, and automatically triggers updates on the dependent applications.

• traefik: Provides an HTTP reverse proxy and load balancer. Requires cert-manager and reloader.

• gitea: Similar to GitHub and is installed using Helmchart

• chartmuseum: An Open source Helm Chart (collection of files that describe a set of Kubernetes resources) repository.

  • Air-gapped environments only - ChartMuseum is used on air-gapped installations to store the Helm Charts for Air-gapped installations.  In non-air-gapped installations, the charts are fetched from upstream repositories and Chartmuseum is not installed.

To see which applications are Enabled/Disabled in each category, verify the status:

kubectl get apps,clusterapps,appdeployments -A 

After deployment, applications will be enabled. To check whether enabled or not, connect to the attached cluster and watch the HelmReleases to verify the deployment. In this example, we are checking if istio got deployed correctly:

kubectl get helmreleases istio -n ${WORKSPACE_NAMESPACE} -w

You should eventually see the HelmRelease marked as Ready:

NAMESPACE               NAME        READY   STATUS                             AGE
workspace-test-vjsfq    istio       True    Release reconciliation succeeded   7m3s

Logging

Collects logs over time from Kubernetes and applications deployed on managed clusters. Also provides the ability to visualize and query the aggregated logs.

• fluent-bit: Open source and multi-platform log processor tool which aims to be a generic Swiss knife for logs processing and distribution.

• grafana-logging: Logging dashboard used to view logs aggregated to Grafana Loki.

• grafana-loki: A horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus.

• logging-operator: Automates the deployment and configuration of a Kubernetes logging pipeline.

• rook-ceph and rook-ceph-cluster: A Kubernetes-native high performance object store with an S3-compatible API that supports deploying into private and public cloud infrastructures.

Currently, the monitoring stack is deployed by default. The logging stack is not.

Monitoring

Provides monitoring capabilities by collecting metrics, including cost metrics, for Kubernetes and applications deployed on managed clusters. Also provides visualization of metrics and evaluates rule expressions to trigger alerts when specific conditions are observed.

• kubecost: provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs.

• kubernetes-dashboard: A general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster, troubleshoot them and manage the cluster itself.

• kube-prometheus-stack: A stack of applications that collect metrics and provide visualization and alerting capabilities.

  NOTE: Prometheus, Prometheus Alertmanager and Grafana are included in the bundled installation.

• nvidia-gpu-operator: The NVIDIA GPU Operator manages NVIDIA GPU resources in a Kubernetes cluster and automates tasks related to bootstrapping GPU nodes.

• prometheus-adapter: Provides cluster metrics from Prometheus.

Security

Allows management of security constraints and capabilities for the clusters and users.

• gatekeeper: A policy Controller for Kubernetes.

Single Sign On (SSO)

Group of platform applications that allow enabling SSO on attached clusters. SSO is a centralized system for connecting attached clusters to the centralized authority on the management cluster.

• kube-oidc-proxy: A reverse proxy server that authenticates users using OIDC to Kubernetes API servers where OIDC authentication is not available.

• traefik-forward-auth: Installs a forward authentication application providing Google OAuth based authentication for Traefik.

Backup

This platform application assists you with backing up and restoring your environment.

• velero: An open source tool for safely backing up and restoring resources in a Kubernetes cluster, performing disaster recovery, and migrating resources and persistent volumes to another Kubernetes cluster.

Review the Workspace Platform Application Defaults and Resource Requirements to ensure that the attached clusters have sufficient resources.

When deploying and upgrading applications, platform applications come as a bundle; they are tested as a single unit, and you must deploy or upgrade them in a single process, for each workspace. This means all clusters in a workspace have the same set and versions of platform applications deployed.

Related Topics

• Deploy Platform Applications via CLI

• Cluster-scoped Configuration for Existing AppDeployments

• Manage an Application using the UI

• Cluster-scoped Application Configuration from the DKP UI

• Platform Application Dependencies

• Workspace Platform Application Defaults and Resource Requirements