-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #47 from stakater/update-service-definition
update service definition
- Loading branch information
Showing
11 changed files
with
169 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,17 +1,28 @@ | ||
| # Exoscale | ||
|
|
||
| An account is needed to create and provision SAAP instance on Exoscale. The following criteria must be met | ||
|
|
||
| | Type | Limit | | ||
| |---|---| | ||
| | Instances | 9 | | ||
|
|
||
| ## Instance Types | ||
|
|
||
| SAAP offers the following worker node types and sizes on Exoscale: | ||
|
|
||
| ### General Purpose | ||
|
|
||
| - ... | ||
| - EXTRA-LARGE (4x16) | ||
| - HUGE (8x32) | ||
| - MEGA (12x64) | ||
|
|
||
| ### Memory Optimized | ||
|
|
||
| - ... | ||
| - HUGE (4x32) | ||
| - MEGA (8x64) | ||
| - TITAN (12x128) | ||
|
|
||
| ### Compute Optimized | ||
|
|
||
| - .. | ||
| - EXTRA-LARGE (8x16) | ||
| - HUGE (16x32) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,15 @@ | ||
| # Logging | ||
|
|
||
| SAAP provides an optional integrated log forwarding to log store. | ||
|
|
||
| ## Cluster audit logging | ||
|
|
||
| Cluster audit logs are available through log store, if the integration is enabled. If the integration is not enabled, you can request the audit logs by opening a support case. | ||
|
|
||
| ## Application logging | ||
|
|
||
| Application logs sent to `STDOUT` are collected by log collector and forwarded to log store through the cluster logging stack, if it is installed. | ||
|
|
||
| ## Data retention | ||
|
|
||
| By default only 7 days data is kept; and if you want to store for long term then open a support case. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,15 @@ | ||
| # Monitoring | ||
|
|
||
| This section provides information about the service definition for SAAP monitoring. | ||
|
|
||
| ## Cluster metrics | ||
|
|
||
| SAAP instances come with an integrated Prometheus stack for cluster monitoring including CPU, memory, and network-based metrics. This is accessible through the web console. These metrics also allow for horizontal pod autoscaling based on CPU or memory metrics. | ||
|
|
||
| ## Application monitoring | ||
|
|
||
| SAAP provides an optional application monitoring stack based on Prometheus to monitor business critical applications. This allows for adding scrape targets in user namespaces. | ||
|
|
||
| ## Data retention | ||
|
|
||
| By default only 7 days data is kept; and if you want to store for long term then open a support case. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,20 @@ | ||
| # Overview | ||
|
|
||
| * Managed Kubernetes (Red Hat OpenShift) | ||
| * Managed Monitoring Stack (Prometheus, Grafana, Alert Manager) | ||
| * Managed Logging Stack (Fluentd, Vector, ElasticSearch, Kibana) | ||
| * Managed Container Registry (Nexus) | ||
| * Managed Artifacts Store (Nexus) | ||
| * Managed Backup Recovery (Velero) | ||
| * Managed Secrets Management (Vault) | ||
| * Managed Multi-tenancy (MTO) | ||
| * Managed Service Mesh (Istio, Kiali, Jaeger) | ||
| * Managed Certs | ||
| * Managed CD (ArgoCD) | ||
| * Managed CI (Tekton) | ||
| * Managed Policy Enforcement (Gatekeeper, OPA) | ||
| * Managed Downtime Alerting (IMC, UptimeRobot) | ||
| * Managed Dynamic Environments (Tronador) | ||
| * Managed Dynamic Application Reload (Reloader) | ||
| This section outlines the service definition for the SAAP: | ||
|
|
||
| 1. [Managed Kubernetes (Red Hat OpenShift)](platform.md) | ||
| 2. [Managed Monitoring Stack (Prometheus, Grafana, Alert Manager)](monitoring.md) | ||
| 3. [Managed Logging Stack (Fluentd, Vector, ElasticSearch, Kibana)](logging.md) | ||
| 4. Managed Container Registry (Nexus) | ||
| 5. Managed Artifacts Store (Nexus) | ||
| 6. Managed Backup Restore (Velero) | ||
| 7. [Managed Secrets Management (Vault)](secrets-management.md) | ||
| 8. Managed Multi-tenancy (MTO) | ||
| 9. Managed Service Mesh (`Istio`, `Kiali`, `Jagaer`, `Prometheus`) | ||
| 10. Managed Certs | ||
| 11. Managed CD (ArgoCD) | ||
| 12. Managed CI (Tekton) | ||
| 13. Managed Policy Enforcement (Gatekeeper, OPA) | ||
| 14. Managed Downtime Alerting (IMC, UptimeRobot) | ||
| 15. Managed Dynamic Environments (Tronador) | ||
| 16. Managed Dynamic Application Reload (Reloader) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,55 @@ | ||
| # Platform | ||
|
|
||
| ## Autoscaling | ||
|
|
||
| Node autoscaling is available on few clouds; you can find details in the relevant cloud section. You can configure the autoscaler option to automatically scale the number of machines in a cluster. | ||
|
|
||
| ## Daemonsets | ||
|
|
||
| Customers can create and run daemonsets on SAAP. To restrict daemonsets to only running on worker nodes, use the following `nodeSelector`: | ||
|
|
||
| ```yaml | ||
| ... | ||
| spec: | ||
| nodeSelector: | ||
| role: worker | ||
| ... | ||
| ``` | ||
|
|
||
| ## Multiple availability zone | ||
|
|
||
| In a multiple availability zone cluster, control plane nodes are distributed across availability zones and at least one worker node is required in each availability zone. | ||
|
|
||
| ## Node labels | ||
|
|
||
| Custom node labels are created by Stakater during node creation and cannot be changed on SAAP at this time. However, custom labels are supported when creating new machine pools. | ||
|
|
||
| ## OpenShift version | ||
|
|
||
| SAAP is run as a managed service and is kept up to date with the latest OpenShift Container Platform version. Upgrade scheduling to the latest version is available. | ||
|
|
||
| ## Container engine | ||
|
|
||
| SAAP runs on OpenShift 4 and uses [CRI-O](https://www.redhat.com/en/blog/red-hat-openshift-container-platform-4-now-defaults-cri-o-underlying-container-engine) as the only available container engine. | ||
|
|
||
| ## Operating system | ||
|
|
||
| SAAP runs on OpenShift 4 and uses Red Hat CoreOS as the operating system for all control plane and worker nodes. | ||
|
|
||
| ## Windows Containers | ||
|
|
||
| Red Hat OpenShift support for Windows Containers is not available on SAAP at this time. | ||
|
|
||
| ## Upgrades | ||
|
|
||
| Upgrades can be scheduled by opening a [support case](https://support.stakater.com/index.html). | ||
|
|
||
| See the [SAAP Life Cycle](../update-lifecycle.md) for more information on the upgrade policy and procedures. | ||
|
|
||
| ## Kubernetes Operator support | ||
|
|
||
| All Operators listed in the Operator Hub marketplace should be available for installation. These operators are considered customer workloads, and are not monitored by Stakater SRE. | ||
|
|
||
| ## Red Hat Operator support | ||
|
|
||
| Red Hat workloads typically refer to Red Hat-provided Operators made available through Operator Hub. Red Hat workloads are not managed by the Stakater SRE team, and must be deployed on worker nodes and must be managed by the customer. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,5 @@ | ||
| # Secrets Management | ||
|
|
||
| SAAP provides an optional integration of HashiCorp Vault which enhances the security and secrets management capabilities of the platform. | ||
|
|
||
| By integrating Vault, SAAP provides customers with a secure and centralized solution for storing and accessing sensitive information such as passwords, API keys, and certificates. It complements the default OpenShift secrets mechanism, providing additional features and capabilities that are critical for managing secrets in modern containerized environments. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| # Service Mesh | ||
|
|
||
| SAAP provides an optional one fully managed service mesh control instance, it means that SAAP provides a pre-configured and managed service mesh infrastructure for handling service-to-service communication within a microservices architecture. | ||
|
|
||
| Here's an explanation of the managed service mesh instance within SAAP: | ||
|
|
||
| 1. Pre-configured Service Mesh Infrastructure: SAAP includes a pre-configured instance of a service mesh, which is a dedicated infrastructure layer for managing and securing communication between services in a microservices architecture. This instance is already set up and ready to use, eliminating the need for administrators to manually configure and deploy a service mesh from scratch. | ||
|
|
||
| 2. Simplified Service-to-Service Communication: The managed service mesh instance within SAAP simplifies the complexity of service-to-service communication. It provides a consistent and reliable mechanism for handling communication between services, abstracting away the underlying networking details and allowing developers to focus on building and deploying their microservices. | ||
|
|
||
| 3. Service Discovery and Load Balancing: The managed service mesh instance offers built-in service discovery and load balancing capabilities. It automatically discovers services within the mesh and routes traffic to the appropriate instances, distributing the load evenly to optimize performance and ensure high availability. | ||
|
|
||
| 4. Traffic Management and Resilience: SAAP's managed service mesh instance enables advanced traffic management techniques. It allows for fine-grained control over traffic routing, enabling features such as request routing, traffic splitting, and canary deployments. This allows organizations to implement various traffic management strategies and improve application resilience in the face of failures or traffic spikes. | ||
|
|
||
| 5. Security and Encryption: The managed service mesh instance within SAAP incorporates security features to secure communication between services. It includes built-in support for mutual TLS encryption, ensuring that all communication within the service mesh is encrypted and authenticated. This helps protect sensitive data and prevents unauthorized access to services within the mesh. | ||
|
|
||
| 6. Observability and Monitoring: SAAP's managed service mesh instance integrates with observability tools to provide insights into the performance and health of the microservices ecosystem. It offers monitoring and tracing functionalities, allowing organizations to track and analyze requests flowing through the service mesh, identify bottlenecks, and diagnose issues for troubleshooting and optimization. | ||
|
|
||
| By including a managed service mesh instance, SAAP simplifies and streamlines the deployment, management, and security of service-to-service communication within a microservices architecture. It provides a ready-to-use service mesh infrastructure that abstracts away the complexities and offers essential features for reliable, secure, and observable microservices communication. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters