From 70947182378ff6aab6fa73776d90ff177e6c289e Mon Sep 17 00:00:00 2001 From: Rasheed Amir Date: Sun, 23 Jun 2024 12:29:13 +0200 Subject: [PATCH 1/3] update sd --- content/about/service-definition.md | 116 ++++++++++++++++------------ 1 file changed, 67 insertions(+), 49 deletions(-) diff --git a/content/about/service-definition.md b/content/about/service-definition.md index bf2790fd..b9bc6833 100644 --- a/content/about/service-definition.md +++ b/content/about/service-definition.md @@ -58,6 +58,18 @@ All operators listed in the [Operator Hub marketplace](https://operatorhub.io/) Red Hat workloads typically refer to Red Hat-provided operators made available through [Operator Hub](https://operatorhub.io/). Red Hat workloads are not managed by the Stakater SRE team, and must be deployed on worker nodes and must be managed by the customer, see [customer applications responsibilities](responsibilities.md#data-and-applications). +### Cluster Backup Policy + +... + +### Windows Containers + +... + +### Descheduler + +SAAP includes the Kubernetes Descheduler to optimize workload placement within clusters. It periodically evicts and re-schedules pods to improve resource utilization and balance. This enhances overall cluster performance and reliability. + ## Storage All storage needed for SAAP will be provided through the cloud provider of the customer's choice. @@ -114,6 +126,14 @@ As an administrator of SAAP, you have access to the cluster-admin role. While lo SAAP includes Red Hat Advanced Cluster Security (RHACS) for robust security management. It ensures comprehensive build and runtime security for applications. RHACS is essential for maintaining a secure Kubernetes environment. +### Secrets Store - HashiCorp Vault OSS + +SAAP includes HashiCorp Vault OSS for secrets management, limited to use by applications running on SAAP. + +#### Clouds Secrets Store + +SAAP includes the External Secrets Operator (ESO) integrated with Vault OSS out of the box. If customers prefer a different secret store, ESO can be configured to connect with it. For assistance, open a [support ticket](https://support.stakater.com/index.html). + ## Networking ### Custom Domains for applications @@ -176,6 +196,18 @@ Data is stored for 14 days only. If you need to store data for a longer period, SAAP also supports integrating and forwarding metrics to your existing monitoring system. For a list of supported monitoring systems, contact our support team [here](https://support.stakater.com/index.html). +### Downtime Notifications - IMC + +SAAP includes [Stakater IMC (IngressMonitorController)](https://github.com/stakater/IngressMonitorController), automating the setup of external uptime monitors for Kubernetes ingresses. It ensures continuous monitoring of application availability and performance with seamless integration into popular monitoring services. + +### Cluster notifications + +Cluster notifications are messages about the status, health, or performance of your cluster. + +Cluster notifications are the primary way that Stakater Site Reliability Engineering (SRE) communicates with you about the health of your managed cluster. SRE may also use cluster notifications to prompt you to perform an action in order to resolve or prevent an issue with your cluster. + +Cluster owners and administrators must regularly review and action cluster notifications to ensure clusters remain healthy and supported. + ## Logging Stack ### Cluster Operations and Audit Logging @@ -194,98 +226,84 @@ Retention is set to seven days, with a limit of 200 GiB of logs per shard. For l SAAP also supports integrating and forwarding logs to your existing monitoring system. For a list of supported logging systems, contact our support team [here](https://support.stakater.com/index.html). -## Artifact Store - Nexus - -SAAP includes Nexus OSS as an integrated artifact store, restricted for use solely by applications running within SAAP. It is used to store Docker images, Helm charts, application dependencies, and other related artifacts. - -## Application Backup and Restore - Velero - -SAAP includes Velero (OADP) for application and volume backup and restore. Users can configure backups using this integration. While a default S3 backup bucket is provided, customers also have the option to select a different S3 bucket provider. For assistance, open a [support ticket](https://support.stakater.com/index.html). +## DevOps Stack -## Secrets Store - HashiCorp Vault OSS - -SAAP includes HashiCorp Vault OSS for secrets management, limited to use by applications running on SAAP. - -### Clouds Secrets Store - -SAAP includes the External Secrets Operator (ESO) integrated with Vault OSS out of the box. If customers prefer a different secret store, ESO can be configured to connect with it. For assistance, open a [support ticket](https://support.stakater.com/index.html). - -## In-Cluster Multi Tenancy - Stakater MTO - -SAAP comes integrated with Stakater MTO (Multi-Tenant Operator), the world’s leading in-cluster Kubernetes multi-tenancy solution. This allows organizations to easily share a cluster among multiple teams. - -## Service Mesh +### Artifact Store - Nexus -SAAP includes an Istio-based service mesh with a single control plane supported out of the box. Multiple control planes can be enabled upon request. For assistance, open a [support ticket](https://support.stakater.com/index.html). +SAAP includes Nexus OSS as an integrated artifact store, restricted for use solely by applications running within SAAP. It is used to store Docker images, Helm charts, application dependencies, and other related artifacts. -## ArgoCD +### Continuous Deployment - ArgoCD SAAP integrates ArgoCD for GitOps automation, leveraging Git as the source of truth for Kubernetes deployments. It streamlines version-controlled updates, rollbacks, and application management, ensuring consistency and reliability. ArgoCD's declarative approach simplifies configuration management, supporting efficient, automated deployments across your infrastructure. -### Stakater GitOps Structure +#### Stakater GitOps Structure SAAP provides a pre-defined GitOps repository structure, eliminating the need for teams to spend time and effort figuring out their own. This standardized approach ensures efficient deployment workflows and simplifies Kubernetes application deployment. -## Tekton +### Continuous Integration - Tekton SAAP comes integrated with Tekton, an open-source, serverless CI/CD solution that is extremely powerful and flexible. This integration ensures streamlined, automated pipelines for building, testing, and deploying applications, enhancing productivity and efficiency for development teams. -### Tekton Task Catalog +#### Tekton Task Catalog SAAP also includes a meticulously maintained [Tekton task catalog](https://github.com/stakater-tekton-catalog), featuring a comprehensive collection of pre-built and thoroughly validated CI/CD tasks. This catalog supports complete DevSecOps pipelines, ensuring seamless integration, security, and automation across the development lifecycle. -### Stakater Trusted Application Pipelines +#### Stakater Trusted Application Pipelines Stakater's Trusted Application Pipeline mitigates unexpected vulnerabilities, simplifying the secure build and deployment of cloud-native applications to Kubernetes platforms. These pipelines wraps the process in a highly secure and manageable workflow, ensuring that developers and operations teams can focus on their jobs without needing deep Kubernetes expertise. -## Internal Development Platform (IDP) - Backstage +### Leader Application Helm Chart -SAAP includes a customized [Backstage](https://github.com/backstage/backstage) instance, providing a unified developer portal for managing applications. It enhances developer productivity and can be further tailored to meet specific needs. +SAAP ships with the [Leader Helm application chart](https://github.com/stakater/application), providing a standardized approach to deploying applications. This ensures consistent and efficient deployments across all environments within SAAP. -## Feature/Pull Request Environments - Tronador +### Tilt + +SAAP includes [Tilt](https://tilt.dev/) to streamline the developer experience. Tilt enables rapid local development and testing for Kubernetes applications, enhancing productivity and ease of use for developers working on SAAP. + +### SonarQube + +SAAP integrates with SonarQube for robust code quality analysis and security scanning. This tool is exclusively for applications deployed on SAAP, ensuring high standards of code integrity and safety. + +### Feature/Pull Request Environments - Tronador SAAP includes Stakater Tronador, a powerful tool that deploys applications in dynamic ephemeral environments upon pull requests. This ensures seamless testing and validation in isolated environments. Once changes are merged, Tronador automatically cleans up, maintaining an efficient and clutter-free workspace. This integration significantly enhances the development workflow by providing reliable and automated environment management. -## Reloader +### Renovate -SAAP includes [Stakater Reloader](https://github.com/stakater/Reloader), which automatically restarts applications when configmaps or secrets change. This integration streamlines updates, enhances reliability, and minimizes downtime for developers. +SAAP comes with Renovate, a tool for automating dependency updates. It helps keep applications secure and up-to-date by regularly checking for and applying updates. Renovate ensures a seamless and efficient dependency management process. -## IMC +### Browser IDE - DevSpaces -SAAP includes [Stakater IMC (IngressMonitorController)](https://github.com/stakater/IngressMonitorController), automating the setup of external uptime monitors for Kubernetes ingresses. It ensures continuous monitoring of application availability and performance with seamless integration into popular monitoring services. +SAAP includes DevSpaces to provide developers with cloud-based, ready-to-code environments. These workspaces streamline development by offering preconfigured setups, ensuring consistency and reducing setup time. DevSpaces enhances productivity by allowing developers to start coding immediately in a fully equipped environment. -## Forecastle +## Application Backup and Restore - Velero -SAAP includes [Stakater Forecastle](https://github.com/stakater/Forecastle), a powerful tool that simplifies application discovery within Kubernetes clusters. This integration provides a unified, user-friendly dashboard, enhancing accessibility and efficiency. +SAAP includes Velero (OADP) for application and volume backup and restore. Users can configure backups using this integration. While a default S3 backup bucket is provided, customers also have the option to select a different S3 bucket provider. For assistance, open a [support ticket](https://support.stakater.com/index.html). -## Leader Application Helm Chart +## In-Cluster Multi Tenancy - Stakater MTO -SAAP ships with the [Leader Helm application chart](https://github.com/stakater/application), providing a standardized approach to deploying applications. This ensures consistent and efficient deployments across all environments within SAAP. +SAAP comes integrated with Stakater MTO (Multi-Tenant Operator), the world’s leading in-cluster Kubernetes multi-tenancy solution. This allows organizations to easily share a cluster among multiple teams. -## Tilt +## Service Mesh -SAAP includes [Tilt](https://tilt.dev/) to streamline the developer experience. Tilt enables rapid local development and testing for Kubernetes applications, enhancing productivity and ease of use for developers working on SAAP. +SAAP includes an Istio-based service mesh with a single control plane supported out of the box. Multiple control planes can be enabled upon request. For assistance, open a [support ticket](https://support.stakater.com/index.html). -## SonarQube +## Internal Development Platform (IDP) - Backstage -SAAP integrates with SonarQube for robust code quality analysis and security scanning. This tool is exclusively for applications deployed on SAAP, ensuring high standards of code integrity and safety. +SAAP includes a customized [Backstage](https://github.com/backstage/backstage) instance, providing a unified developer portal for managing applications. It enhances developer productivity and can be further tailored to meet specific needs. -## Descheduler +## Reloader -SAAP includes the Kubernetes Descheduler to optimize workload placement within clusters. It periodically evicts and re-schedules pods to improve resource utilization and balance. This enhances overall cluster performance and reliability. +SAAP includes [Stakater Reloader](https://github.com/stakater/Reloader), which automatically restarts applications when configmaps or secrets change. This integration streamlines updates, enhances reliability, and minimizes downtime for developers. -## Renovate +## Forecastle -SAAP comes with Renovate, a tool for automating dependency updates. It helps keep applications secure and up-to-date by regularly checking for and applying updates. Renovate ensures a seamless and efficient dependency management process. +SAAP includes [Stakater Forecastle](https://github.com/stakater/Forecastle), a powerful tool that simplifies application discovery within Kubernetes clusters. This integration provides a unified, user-friendly dashboard, enhancing accessibility and efficiency. ## Cert-Manager SAAP comes integrated with Cert-Manager to automate the management and renewal of SSL/TLS certificates. It ensures secure communication for your applications by handling certificate issuance and renewal seamlessly. -## DevSpaces - -SAAP includes DevSpaces to provide developers with cloud-based, ready-to-code environments. These workspaces streamline development by offering preconfigured setups, ensuring consistency and reducing setup time. DevSpaces enhances productivity by allowing developers to start coding immediately in a fully equipped environment. - ## ExternalDNS SAAP integrates with ExternalDNS, automating DNS record management for Kubernetes services. This ensures seamless DNS updates as services are created or modified within the cluster, enhancing reliability and reducing manual DNS configuration efforts. From 8bc9bf5137ad6e85e8bda507a02e02421e5b7774 Mon Sep 17 00:00:00 2001 From: Rasheed Amir Date: Mon, 24 Jun 2024 18:15:50 +0200 Subject: [PATCH 2/3] further update sd --- content/about/service-definition.md | 58 ++++++++++++++++------------- 1 file changed, 32 insertions(+), 26 deletions(-) diff --git a/content/about/service-definition.md b/content/about/service-definition.md index b9bc6833..6a77a8f1 100644 --- a/content/about/service-definition.md +++ b/content/about/service-definition.md @@ -58,18 +58,18 @@ All operators listed in the [Operator Hub marketplace](https://operatorhub.io/) Red Hat workloads typically refer to Red Hat-provided operators made available through [Operator Hub](https://operatorhub.io/). Red Hat workloads are not managed by the Stakater SRE team, and must be deployed on worker nodes and must be managed by the customer, see [customer applications responsibilities](responsibilities.md#data-and-applications). -### Cluster Backup Policy - -... - ### Windows Containers -... +SAAP supports Windows containers, enabling seamless deployment and management of both Windows and Linux applications within the same platform. ### Descheduler SAAP includes the Kubernetes Descheduler to optimize workload placement within clusters. It periodically evicts and re-schedules pods to improve resource utilization and balance. This enhances overall cluster performance and reliability. +### Kubernetes Dashboard + +SAAP includes the OpenShift Console, the most advanced Kubernetes dashboard available. It provides a user-friendly interface for managing and monitoring your Kubernetes clusters, applications, and resources. With rich features and intuitive design, it simplifies complex operations, enhances productivity, and empowers teams to manage their deployments efficiently. + ## Storage All storage needed for SAAP will be provided through the cloud provider of the customer's choice. @@ -126,6 +126,12 @@ As an administrator of SAAP, you have access to the cluster-admin role. While lo SAAP includes Red Hat Advanced Cluster Security (RHACS) for robust security management. It ensures comprehensive build and runtime security for applications. RHACS is essential for maintaining a secure Kubernetes environment. +## Cert-Manager + +SAAP comes integrated with Cert-Manager to automate the management and renewal of SSL/TLS certificates. It ensures secure communication for your applications by handling certificate issuance and renewal seamlessly. + +## Secrets Management Stack + ### Secrets Store - HashiCorp Vault OSS SAAP includes HashiCorp Vault OSS for secrets management, limited to use by applications running on SAAP. @@ -178,6 +184,14 @@ All cluster ingress traffic goes through the defined load-balancers. Direct acce Public outbound traffic from the control plane and infrastructure nodes is required and necessary to maintain cluster image security and cluster monitoring. This requires the `0.0.0.0/0` route to belong only to the internet gateway. +### Kubernetes Router + +SAAP includes the OpenShift Router, the most advanced Kubernetes ingress controller available. It supports various routing options and protocols, ensuring high performance and reliability for your applications. + +### ExternalDNS + +SAAP integrates with ExternalDNS, automating DNS record management for Kubernetes services. This ensures seamless DNS updates as services are created or modified within the cluster, enhancing reliability and reducing manual DNS configuration efforts. + ## Monitoring Stack ### Cluster Metrics @@ -226,7 +240,7 @@ Retention is set to seven days, with a limit of 200 GiB of logs per shard. For l SAAP also supports integrating and forwarding logs to your existing monitoring system. For a list of supported logging systems, contact our support team [here](https://support.stakater.com/index.html). -## DevOps Stack +## DevOps(CICD) Stack ### Artifact Store - Nexus @@ -256,10 +270,6 @@ Stakater's Trusted Application Pipeline mitigates unexpected vulnerabilities, si SAAP ships with the [Leader Helm application chart](https://github.com/stakater/application), providing a standardized approach to deploying applications. This ensures consistent and efficient deployments across all environments within SAAP. -### Tilt - -SAAP includes [Tilt](https://tilt.dev/) to streamline the developer experience. Tilt enables rapid local development and testing for Kubernetes applications, enhancing productivity and ease of use for developers working on SAAP. - ### SonarQube SAAP integrates with SonarQube for robust code quality analysis and security scanning. This tool is exclusively for applications deployed on SAAP, ensuring high standards of code integrity and safety. @@ -276,6 +286,18 @@ SAAP comes with Renovate, a tool for automating dependency updates. It helps kee SAAP includes DevSpaces to provide developers with cloud-based, ready-to-code environments. These workspaces streamline development by offering preconfigured setups, ensuring consistency and reducing setup time. DevSpaces enhances productivity by allowing developers to start coding immediately in a fully equipped environment. +### Tilt + +SAAP includes [Tilt](https://tilt.dev/) to streamline the developer experience. Tilt enables rapid local development and testing for Kubernetes applications, enhancing productivity and ease of use for developers working on SAAP. + +### Reloader + +SAAP includes [Stakater Reloader](https://github.com/stakater/Reloader), which automatically restarts applications when configmaps or secrets change. This integration streamlines updates, enhances reliability, and minimizes downtime for developers. + +### Forecastle + +SAAP includes [Stakater Forecastle](https://github.com/stakater/Forecastle), a powerful tool that simplifies application discovery within Kubernetes clusters. This integration provides a unified, user-friendly dashboard, enhancing accessibility and efficiency. + ## Application Backup and Restore - Velero SAAP includes Velero (OADP) for application and volume backup and restore. Users can configure backups using this integration. While a default S3 backup bucket is provided, customers also have the option to select a different S3 bucket provider. For assistance, open a [support ticket](https://support.stakater.com/index.html). @@ -292,22 +314,6 @@ SAAP includes an Istio-based service mesh with a single control plane supported SAAP includes a customized [Backstage](https://github.com/backstage/backstage) instance, providing a unified developer portal for managing applications. It enhances developer productivity and can be further tailored to meet specific needs. -## Reloader - -SAAP includes [Stakater Reloader](https://github.com/stakater/Reloader), which automatically restarts applications when configmaps or secrets change. This integration streamlines updates, enhances reliability, and minimizes downtime for developers. - -## Forecastle - -SAAP includes [Stakater Forecastle](https://github.com/stakater/Forecastle), a powerful tool that simplifies application discovery within Kubernetes clusters. This integration provides a unified, user-friendly dashboard, enhancing accessibility and efficiency. - -## Cert-Manager - -SAAP comes integrated with Cert-Manager to automate the management and renewal of SSL/TLS certificates. It ensures secure communication for your applications by handling certificate issuance and renewal seamlessly. - -## ExternalDNS - -SAAP integrates with ExternalDNS, automating DNS record management for Kubernetes services. This ensures seamless DNS updates as services are created or modified within the cluster, enhancing reliability and reducing manual DNS configuration efforts. - ## Account Management ### Billing and Pricing From 4d76dfbeb0e8be03594412b16dd8b81c67b06311 Mon Sep 17 00:00:00 2001 From: Rasheed Amir Date: Mon, 24 Jun 2024 18:17:24 +0200 Subject: [PATCH 3/3] fix linting --- content/about/service-definition.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/about/service-definition.md b/content/about/service-definition.md index 6a77a8f1..f18e782c 100644 --- a/content/about/service-definition.md +++ b/content/about/service-definition.md @@ -186,7 +186,7 @@ Public outbound traffic from the control plane and infrastructure nodes is requi ### Kubernetes Router -SAAP includes the OpenShift Router, the most advanced Kubernetes ingress controller available. It supports various routing options and protocols, ensuring high performance and reliability for your applications. +SAAP includes the OpenShift Router, the most advanced Kubernetes ingress controller available. It supports various routing options and protocols, ensuring high performance and reliability for your applications. ### ExternalDNS