Platform applications that are deployed to a workspace’s attached clusters can depend on each other. It is important to note these dependencies when customizing the workspace platform applications to ensure that your applications are properly deployed to the clusters. For more information on how to customize workspace platform applications, see Workspace Platform Applications.
Platform Application Dependencies
When deploying or troubleshooting platform applications, it helps to understand how platform applications interact and may require other platform applications as dependencies.
If a platform application’s dependency does not successfully deploy, the platform application requiring that dependency does not successfully deploy.
The following sections detail information about the workspace platform application.
Provides the foundation for all platform application capabilities and deployments on managed clusters. These applications must be enabled for any platform applications to work properly.
The foundational applications are comprised of the following platform application:
- cert-manager: Automates TLS certificate management and issuance.
- reloader: A controller that watches changes on ConfigMaps and Secrets, and automatically triggers updates on the dependent applications.
- traefik: Provides an HTTP reverse proxy and load balancer. Requires cert-manager and reloader.
Collects logs over time from Kubernetes and applications deployed on managed clusters. Also provides the ability to visualize and query the aggregated logs.
- grafana-loki: A horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus.
- grafana-logging: Logging dashboard used to view logs aggregated to Grafana Loki.
- logging-operator: Automates the deployment and configuration of a Kubernetes logging pipeline.
- minio-operator: A Kubernetes-native high performance object store with an S3-compatible API that supports deploying MinIO Tenants onto private and public cloud infrastructures.
- fluent-bit: Open source and multi-platform log processor tool which aims to be a generic Swiss knife for logs processing and distribution.
Provides monitoring capabilities by collecting metrics, including cost metrics, for Kubernetes and applications deployed on managed clusters. Also provides visualization of metrics and evaluates rule expressions to trigger alerts when specific conditions are observed.
- kube-prometheus-stack: A stack of applications that collect metrics and provide visualization and alerting capabilities.
- prometheus-adapter: Provides cluster metrics from Prometheus.
- kubecost: provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs.
- kubernetes-dashboard: A general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster, troubleshoot them and manage the cluster itself.
- nvidia: A suite of tools for managing and monitoring NVIDIA datacenter GPUs in cluster environments. Includes active health monitoring, comprehensive diagnostics, system alerts, and governance policies including power and clock management.
Allows management of security constraints and capabilities for the clusters and users.
- gatekeeper: A policy Controller for Kubernetes.
Single Sign On (SSO)
Group of platform applications that allow enabling SSO on attached clusters. SSO is a centralized system for connecting attached clusters to the centralized authority on the management cluster.
- kube-oidc-proxy: A reverse proxy server that authenticates users using OIDC to Kubernetes API servers where OIDC authentication is not available.
- traefik-forward-auth: Installs a forward authentication application providing Google OAuth based authentication for Traefik.
This platform application assists you with backing up and restoring your environment.
- velero: An open source tool for safely backing up and restoring resources in a Kubernetes cluster, performing disaster recovery, and migrating resources and persistent volumes to another Kubernetes cluster.
Allows deploying service mesh on clusters, enabling the management of microservices in cloud-native applications. Service mesh can provide a number of benefits, such as providing observability into communications, providing secure connections, or automating retries and backoff for failed requests.
- istio: Addresses the challenges developers and operators face with a distributed or microservices architecture.
- kiali: A management console for an Istio-based service mesh. It provides dashboards, observability, and lets you operate your mesh with robust configuration and validation capabilities.
- jaeger: A distributed tracing system used for monitoring and troubleshooting microservices-based distributed systems.