Workspace Platform Application Dependencies

Dependencies between workspace applications

Platform applications that are deployed to a workspace’s attached clusters can depend on each other. It is important to note these dependencies when customizing the workspace platform applications to ensure that your applications are properly deployed to the clusters. For more information on how to customize workspace platform applications, see Workspace Platform Applications.

Platform Application Dependencies

When deploying or troubleshooting platform applications, it helps to understand how platform applications interact and may require other platform applications as dependencies.

If a platform application’s dependency does not successfully deploy, the platform application requiring that dependency does not successfully deploy.

The following sections detail information about the workspace platform application.

Foundational Applications

Provides the foundation for all platform application capabilities and deployments on managed clusters. These applications must be enabled for any platform applications to work properly.

The foundational applications are comprised of the following platform application:

  • cert-manager: Automates TLS certificate management and issuance.
  • reloader: A controller that watches changes on ConfigMaps and Secrets, and automatically triggers updates on the dependent applications.
  • traefik: Provides an HTTP reverse proxy and load balancer. Requires cert-manager and reloader.
Platform Application Dependencies
cert-manager
reloader
traefik cert-manager, reloader

Logging

Collects logs over time from Kubernetes and applications deployed on managed clusters. Also provides the ability to visualize and query the aggregated logs.

  • grafana-loki: A horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus.
  • grafana-logging: Logging dashboard used to view logs aggregated to Grafana Loki.
  • logging-operator: Automates the deployment and configuration of a Kubernetes logging pipeline.
  • minio-operator: A Kubernetes-native high performance object store with an S3-compatible API that supports deploying MinIO Tenants onto private and public cloud infrastructures.
  • fluent-bit: Open source and multi-platform log processor tool which aims to be a generic Swiss knife for logs processing and distribution.
Platform Application Dependencies
grafana-loki minio-operator
grafana-logging grafana-loki
logging-operator
minio-operator
fluent-bit

Monitoring

Provides monitoring capabilities by collecting metrics, including cost metrics, for Kubernetes and applications deployed on managed clusters. Also provides visualization of metrics and evaluates rule expressions to trigger alerts when specific conditions are observed.

  • kube-prometheus-stack: A stack of applications that collect metrics and provide visualization and alerting capabilities.

    NOTE: Prometheus, Prometheus Alertmanager and Grafana are included in the bundled installation.

  • prometheus-adapter: Provides cluster metrics from Prometheus.
  • kubecost: provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs.
  • kubernetes-dashboard: A general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster, troubleshoot them and manage the cluster itself.
  • nvidia: A suite of tools for managing and monitoring NVIDIA datacenter GPUs in cluster environments. Includes active health monitoring, comprehensive diagnostics, system alerts, and governance policies including power and clock management.
Platform Application Dependencies
kube-prometheus-stack traefik
prometheus-adapter kube-prometheus-stack
kubecost traefik
kubernetes-dashboard traefik
nvidia

Security

Allows management of security constraints and capabilities for the clusters and users.

Platform Application Dependencies
gatekeeper

Single Sign On (SSO)

Group of platform applications that allow enabling SSO on attached clusters. SSO is a centralized system for connecting attached clusters to the centralized authority on the management cluster.

  • kube-oidc-proxy: A reverse proxy server that authenticates users using OIDC to Kubernetes API servers where OIDC authentication is not available.
  • traefik-forward-auth: Installs a forward authentication application providing Google OAuth based authentication for Traefik.
Platform Application Dependencies
kube-oidc-proxy cert-manager, traefik
traefik-forward-auth traefik

Backup

This platform application assists you with backing up and restoring your environment.

  • velero: An open source tool for safely backing up and restoring resources in a Kubernetes cluster, performing disaster recovery, and migrating resources and persistent volumes to another Kubernetes cluster.
Platform Application Dependencies
velero

Service Mesh

Allows deploying service mesh on clusters, enabling the management of microservices in cloud-native applications. Service mesh can provide a number of benefits, such as providing observability into communications, providing secure connections, or automating retries and backoff for failed requests.

  • istio: Addresses the challenges developers and operators face with a distributed or microservices architecture.
  • kiali: A management console for an Istio-based service mesh. It provides dashboards, observability, and lets you operate your mesh with robust configuration and validation capabilities.
  • jaeger: A distributed tracing system used for monitoring and troubleshooting microservices-based distributed systems.
Catalog Application Dependencies
istio kube-prometheus-stack
kiali istio, jaeger
jaeger