Skip to main content
Skip table of contents

Platform Applications

How platform applications work

When attaching a cluster, DKP deploys certain platform applications on the newly attached cluster. Operators can use the DKP UI to customize which platform applications to deploy to the attached clusters in a given workspace. Refer to the Release Notes for the default DKP Applications and their current versions.

Default Foundational Applications

These applications provide the foundation for all Platform Application capabilities and deployments on Managed Clusters. These applications must be enabled for any Platform Applications to work properly. For current DKP release Helm Values and DKP Values, refer to the Release Notes: DKP 2.7.0 Components and Applications and related topics at the bottom of the page.

The foundational applications are comprised of the following Platform Applications:

  • cert-manager: Automates TLS certificate management and issuance.

  • reloader: A controller that watches changes on ConfigMaps and Secrets, and automatically triggers updates on the dependent applications.

  • traefik: Provides an HTTP reverse proxy and load balancer. Requires cert-manager and reloader.

  • gitea: Similar to GitHub and is installed using Helmchart

  • chartmuseum: An Open source Helm Chart (collection of files that describe a set of Kubernetes resources) repository.

    • Air-gapped environments only - ChartMuseum is used on air-gapped installations to store the Helm Charts for Air-gapped installations.  In non-air-gapped installations, the charts are fetched from upstream repositories and Chartmuseum is not installed.

Common Platform Application Name

APP ID

Cert-Manager

cert-manager

Logging Operator

logging-operator

Reloader

reloader

Traefik

traefik

Traefik ForwardAuth

traefik-forward-auth

ChartMuseum

chartmuseum

Gitea

gitea

To see which applications are Enabled/Disabled in each category, verify the status:

CODE
kubectl get apps,clusterapps,appdeployments -A 

After deployment, applications will be enabled. To check whether enabled or not, connect to the attached cluster and watch the HelmReleases to verify the deployment. In this example, we are checking if istio got deployed correctly:

CODE
kubectl get helmreleases istio -n ${WORKSPACE_NAMESPACE} -w

You should eventually see the HelmRelease marked as Ready:

CODE
NAMESPACE               NAME        READY   STATUS                             AGE
workspace-test-vjsfq    istio       True    Release reconciliation succeeded   7m3s

Logging

Collects logs over time from Kubernetes and applications deployed on managed clusters. Also provides the ability to visualize and query the aggregated logs.

  • fluent-bit: Open source and multi-platform log processor tool which aims to be a generic Swiss knife for logs processing and distribution.

  • grafana-logging: Logging dashboard used to view logs aggregated to Grafana Loki.

  • grafana-loki: A horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus.

  • logging-operator: Automates the deployment and configuration of a Kubernetes logging pipeline.

  • rook-ceph and rook-ceph-cluster: A Kubernetes-native high performance object store with an S3-compatible API that supports deploying into private and public cloud infrastructures.

Currently, the monitoring stack is deployed by default. The logging stack is not.

Common Platform Application Name

APP ID

Fluent Bit

fluent-bit

Grafana Logging

grafana-logging

Logging Operator

logging-operator

Grafana Loki (project)

project-grafana-loki

Rook Ceph

rook-ceph

Rook Ceph Cluster

rook-ceph-cluster

Monitoring

Provides monitoring capabilities by collecting metrics, including cost metrics, for Kubernetes and applications deployed on managed clusters. Also provides visualization of metrics and evaluates rule expressions to trigger alerts when specific conditions are observed.

  • kubecost: provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs.

  • kubernetes-dashboard: A general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster, troubleshoot them and manage the cluster itself.

  • kube-prometheus-stack: A stack of applications that collect metrics and provide visualization and alerting capabilities.

    NOTE: Prometheus, Prometheus Alertmanager and Grafana are included in the bundled installation.

  • nvidia-gpu-operator: The NVIDIA GPU Operator manages NVIDIA GPU resources in a Kubernetes cluster and automates tasks related to bootstrapping GPU nodes.

  • prometheus-adapter: Provides cluster metrics from Prometheus.

Common Platform Application Name

APP ID

Kubecost

kubecost

Kubernetes Dashboard

kubernetes-dashboard

Full Prometheus Stack

kube-prometheus-stack

Prometheus Adapter

prometheus-adapter

NVIDIA GPU Operator

nvidia-gpu-operator

Security

Allows management of security constraints and capabilities for the clusters and users.

Platform Application

APP ID

Gatekeeper

gatekeeper

Single Sign On (SSO)

Group of platform applications that allow enabling SSO on attached clusters. SSO is a centralized system for connecting attached clusters to the centralized authority on the management cluster.

  • kube-oidc-proxy: A reverse proxy server that authenticates users using OIDC to Kubernetes API servers where OIDC authentication is not available.

  • traefik-forward-auth: Installs a forward authentication application providing Google OAuth based authentication for Traefik.

Platform Application

APP ID

Kube OIDC Proxy

kube-oidc-proxy

Traefik ForwardAuth

traefik-forward-auth

Backup

This platform application assists you with backing up and restoring your environment.

  • velero: An open source tool for safely backing up and restoring resources in a Kubernetes cluster, performing disaster recovery, and migrating resources and persistent volumes to another Kubernetes cluster.

Platform Application

APP ID

Velero

velero

Review the Workspace Platform Application Defaults and Resource Requirements to ensure that the attached clusters have sufficient resources.

When deploying and upgrading applications, platform applications come as a bundle; they are tested as a single unit, and you must deploy or upgrade them in a single process, for each workspace. This means all clusters in a workspace have the same set and versions of platform applications deployed.

Related Topics

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.