copyright | lastupdated | keywords | subcollection | ||
---|---|---|---|---|---|
|
2023-01-30 |
kubernetes, helm |
containers |
{{site.data.keyword.attribute-definition-list}}
{: #supported_integrations}
You can use various {{site.data.keyword.IBM}}, {{site.data.keyword.cloud}}, and external services with a standard cluster in {{site.data.keyword.containerlong_notm}}. {: shortdesc}
{: #popular_services}
Service | Category | Description | Classic | VPC |
---|---|---|---|---|
{{site.data.keyword.cloudaccesstrailfull_notm}} | Cluster activity logs | Monitor the administrative activity that is made in your cluster by analyzing logs through Grafana. For more information about the service, see the Activity Tracker documentation. For more information about the types of events that you can track, see Activity Tracker events. | Yes | Yes |
{{site.data.keyword.appid_full_notm}} | Authentication | Add a level of security to your apps with {{site.data.keyword.appid_short}} by requiring users to sign in. To authenticate web or API HTTP or HTTPS requests to your app, you can integrate {{site.data.keyword.appid_short_notm}} with your Ingress service by using the {{site.data.keyword.appid_short_notm}} authentication Ingress annotation. | Yes | Yes |
{{site.data.keyword.cloud_notm}} Classic Block Storage | Block storage | {{site.data.keyword.cloud_notm}} Block Storage is persistent, high-performance iSCSI storage that you can add to your apps by using Kubernetes persistent volumes (PVs). Use block storage to deploy stateful apps in a single zone or as high-performance storage for single pods. For more information about how to provision block storage in your cluster, see Storing data on {{site.data.keyword.cloud_notm}} Block Storage | Yes | |
{{site.data.keyword.block_storage_is_short}} | Block storage | {{site.data.keyword.block_storage_is_short}} provides hypervisor-mounted, high-performance data storage for your virtual server instances that you provision within a VPC cluster. For more information about how to provision VPC Block Storage in your cluster, see Storing data on {{site.data.keyword.block_storage_is_short}} | Yes | |
{{site.data.keyword.codeenginefull_notm}} | Serverless | {{site.data.keyword.codeengineshort}} is a fully managed, serverless platform that runs your containerized workloads, including web apps, micro-services, event-driven functions, or batch jobs. {{site.data.keyword.codeengineshort}} even builds container images for you from your source code. Because these workloads are all hosted within the same Kubernetes infrastructure, all them can seamlessly work together. For more information, see Getting started with {{site.data.keyword.codeenginefull_notm}}. | ||
{{site.data.keyword.registrylong_notm}} | Container images | Set up your own secured Docker image repository where you can safely store and share images between cluster users. For more information, see the {{site.data.keyword.registrylong}} documentation{: external}. | Yes | Yes |
{{site.data.keyword.cloud_notm}} {{site.data.keyword.contdelivery_short}} | Build automation | Automate your app builds and container deployments to Kubernetes clusters by using a toolchain. For more information about the setup, see working with Tekton pipelines{: external}. | Yes | Yes |
{{site.data.keyword.cloud_notm}} Classic {{site.data.keyword.filestorage_short}} | File storage | {{site.data.keyword.cloud_notm}} Classic {{site.data.keyword.filestorage_short}} is persistent, fast, and flexible network-attached, NFS-based file storage that you can add to your apps by using Kubernetes persistent volumes. You can choose between predefined storage tiers with GB sizes and IOPS that meet the requirements of your workloads. For more information about how to provision file storage in your cluster, see Storing data on {{site.data.keyword.cloud_notm}} {{site.data.keyword.filestorage_short}}. | Yes | |
{{site.data.keyword.keymanagementservicefull_notm}} | Data encryption | Encrypt the Kubernetes secrets that are in your cluster by enabling a key management service (KMS) provider. Encrypting your Kubernetes secrets prevents unauthorized users from accessing sensitive cluster information. | Yes | Yes |
{{site.data.keyword.la_full_notm}} | Cluster and app logs | Add log management capabilities to your cluster by deploying a {{site.data.keyword.la_short}} agent to your worker nodes to manage logs from your pod containers. For more information, see Managing Kubernetes cluster logs with {{site.data.keyword.la_full_notm}}. | Yes | Yes |
{{site.data.keyword.mon_full_notm}} | Cluster and app metrics | Gain operational visibility into the performance and health of your apps by deploying an {{site.data.keyword.mon_full_notm}} agent to your worker nodes to forward metrics to {{site.data.keyword.mon_full}}. For more information, see Analyzing metrics for an app that is deployed in a Kubernetes cluster. | Yes | Yes |
{{site.data.keyword.cos_full_notm}} | Object storage | Data that is stored with {{site.data.keyword.cos_short}} is encrypted and dispersed across multiple geographic locations, and accessed over HTTP by using a REST API. You can use the ibm-backup-restore image to configure the service to make one-time or scheduled backups for data in your clusters. For more information about the service, see the {{site.data.keyword.cos_short}} documentation{: external}. | Yes | Yes |
Istio on {{site.data.keyword.containerlong_notm}} | Microservice management | Istio{: external} is an open source service that gives developers a way to connect, secure, manage, and monitor a network of microservices, also known as a service mesh, on cloud orchestration platforms. Istio on {{site.data.keyword.containerlong}} provides a one-step installation of Istio into your cluster through a managed add-on. With one click, you can get all Istio core components, additional tracing, monitoring, and visualization up and running. To get started, see Using the managed Istio add-on. | Yes | Yes |
Portworx | Storage for stateful apps | Portworx{: external} is a highly available software-defined storage solution that you can use to manage persistent storage for your containerized databases and other stateful apps, or to share data between pods across multiple zones. You can install Portworx with a Helm chart and provision storage for your apps by using Kubernetes persistent volumes. For more information about how to set up Portworx in your cluster, see Storing data on software-defined storage (SDS) with Portworx. | Yes | Yes |
Razee | Deployment automation | Razee{: external} is an open-source project that automates and manages the deployment of Kubernetes resources across clusters, environments, and cloud providers, and helps you to visualize deployment information for your resources so that you can monitor the rollout process and find deployment issues more quickly. For more information about Razee and how to set up Razee in your cluster to automate your deployment process, see the Razee documentation{: external}. | Yes | Yes |
{{site.data.keyword.secrets-manager_full_notm}} | Ingress secrets and certificates | You can use {{site.data.keyword.secrets-manager_short}} to store and manage your Ingress secrets and certificates. For more information, see Setting up {{site.data.keyword.secrets-manager_short}} in your Kubernetes Service cluster. | Yes | Yes |
{{site.data.keyword.bplong_notm}}/ Terraform | Infrastructure and {{site.data.keyword.cloud_notm}} service automation | Terraform is an open-source software that enables predictable and consistent provisioning of {{site.data.keyword.cloud_notm}} platform, classic infrastructure, and VPC infrastructure resources by using a high-level scripting language. {{site.data.keyword.bplong_notm}} delivers Terraform-as-a-Service so that you can model the resources that you want in your {{site.data.keyword.cloud_notm}} environment, and enable Infrastructure as Code (IaC). For more information about how to use native Terraform to create a cluster, see Creating single and multizone Kubernetes and {{site.data.keyword.redhat_openshift_notm}} clusters. | Yes | Yes |
{: caption="Table 1. Popular integrations" caption-side="bottom"} |
{: #devops_services}
Service | Description | Classic | VPC |
---|---|---|---|
Cloud Foundry Public | Deploy and manage your own Cloud Foundry platform on a Kubernetes cluster to develop, package, deploy, and manage cloud-native apps, and leverage the {{site.data.keyword.cloud_notm}} ecosystem to bind additional services to your apps. When you create an Cloud Foundry Public instance, you must configure your Kubernetes cluster by choosing the flavor and VLANs for your worker nodes. Your cluster is then provisioned with {{site.data.keyword.containerlong_notm}} and Cloud Foundry Public is automatically deployed to your cluster. For more information about how to set up Cloud Foundry Public, see the Getting started tutorial. | Yes | |
Codeship | You can use Codeship{: external} for the continuous integration and delivery of containers. For more information, see Using Codeship Pro To Deploy Workloads to {{site.data.keyword.containerlong_notm}}{: external}. | Yes | Yes |
Grafeas | Grafeas{: external} is an open source CI/CD service that provides a common way for how to retrieve, store, and exchange metadata during the software supply chain process. For example, if you integrate Grafeas into your app build process, Grafeas can store information about the initiator of the build request, vulnerability scan results, and quality assurance sign-off so that you can make an informed decision if an app can be deployed to production. You can use this metadata in audits or to prove compliance for your software supply chain. | Yes | Yes |
Helm | Helm{: external} is a Kubernetes package manager. You can create new Helm charts or use preexisting Helm charts to define, install, and upgrade complex Kubernetes applications that run in {{site.data.keyword.containerlong_notm}} clusters. For more information, see Setting up Helm in {{site.data.keyword.containerlong_notm}}. | Yes | Yes |
{{site.data.keyword.cloud_notm}} {{site.data.keyword.contdelivery_short}} | Automate your app builds and container deployments to Kubernetes clusters by using a toolchain. For more information about the setup, see working with Tekton pipelines. | Yes | Yes |
Istio on {{site.data.keyword.containerlong_notm}} | Istio{: external} is an open source service that gives developers a way to connect, secure, manage, and monitor a network of microservices, also known as a service mesh, on cloud orchestration platforms. Istio on {{site.data.keyword.containerlong}} provides a one-step installation of Istio into your cluster through a managed add-on. With one click, you can get all Istio core components, additional tracing, monitoring, and visualization up and running. To get started, see Using the managed Istio add-on | Yes | Yes |
Jenkins X | Jenkins X is a Kubernetes-native continuous integration and continuous delivery platform that you can use to automate your build process. For more information about how to install it on {{site.data.keyword.containerlong_notm}}, see Introducing the Jenkins X open source project{: external}. | ||
Razee | Razee{: external} is an open-source project that automates and manages the deployment of Kubernetes resources across clusters, environments, and cloud providers, and helps you to visualize deployment information for your resources so that you can monitor the rollout process and find deployment issues more quickly. For more information about Razee and how to set up Razee in your cluster to automate your deployment process, see the Razee documentation{: external}. | Yes | Yes |
{{site.data.keyword.bplong_notm}} | {{site.data.keyword.bplong_notm}} is a managed Terraform service where you can use native Terraform capabilities, but you don't have to worry about setting up and maintaining the Terraform CLI and {{site.data.keyword.cloud_notm}} Provider plug-in. For more information about how to use Terraform to create a cluster, see Creating single and multizone Kubernetes and {{site.data.keyword.redhat_openshift_notm}} clusters. | Yes | Yes |
Terraform | Terraform{: external} is an open-source software that enables predictable and consistent provisioning of {{site.data.keyword.cloud_notm}} platform, classic infrastructure, and VPC infrastructure resources by using a high-level scripting language. For more information about how to use native Terraform to create a cluster, see Creating single and multizone Kubernetes and {{site.data.keyword.redhat_openshift_notm}} clusters. | Yes | Yes |
{: caption="Table 2. DevOps services" caption-side="bottom"} |
{: #hybrid_cloud_services}
Service | Description | Classic | VPC |
---|---|---|---|
{{site.data.keyword.vpc_short}} VPN | With the {{site.data.keyword.vpc_short}} VPN, you can securely connect your VPC to an on-premises network, other VPCs, or to classic infrastructure through a VPN tunnel. For more information, see Connecting to your on-premises network. | Yes | |
{{site.data.keyword.dl_short}} | With {{site.data.keyword.dl_full}}, you can create a direct, private connection between your remote network environments and {{site.data.keyword.containerlong_notm}} without routing over the public internet. The {{site.data.keyword.dl_short}} offerings are useful when you must implement hybrid workloads, cross-provider workloads, large or frequent data transfers, or private workloads. To choose a {{site.data.keyword.dl_short}} offering and set up a {{site.data.keyword.dl_short}} connection, see Get Started with {{site.data.keyword.dl_full_notm}} (2.0). | Yes | Yes |
strongSwan IPSec VPN Service | Set up a strongSwan IPSec VPN service{: external} that securely connects your Kubernetes cluster with an on-premises network. The strongSwan IPSec VPN service provides a secure end-to-end communication channel over the internet that is based on the industry-standard Internet Protocol Security (IPSec) protocol suite. To set up a secure connection between your cluster and an on-premises network, configure and deploy the strongSwan IPSec VPN service directly in a pod in your cluster. | Yes | |
{{site.data.keyword.tg_short}} | Use {{site.data.keyword.tg_full_notm}} to manage access between your VPCs. {{site.data.keyword.tg_short}} instances can be configured to route between VPCs that are in the same region (local routing) or VPCs that are in different regions (global routing). Additionally, you can use {{site.data.keyword.tg_short}} to manage access between your VPCs in multiple regions to resources in your {{site.data.keyword.cloud_notm}} classic infrastructure. To get started, see the {{site.data.keyword.tg_short}} documentation. | Yes | |
{: caption="Table 3. Hybrid cloud services" caption-side="bottom"} |
{: #health_services}
Service | Description | Classic | VPC |
---|---|---|---|
CoScale | Monitor worker nodes, containers, replica sets, replication controllers, and services with CoScale{: external}. For more information, see Monitoring {{site.data.keyword.containerlong_notm}} with CoScale{: external}. | Yes | Yes |
Datadog | Monitor your cluster and view infrastructure and application performance metrics with Datadog{: external}. For more information, see Monitoring {{site.data.keyword.containerlong_notm}} with Datadog{: external}. | Yes | Yes |
{{site.data.keyword.cloudaccesstrailfull_notm}} | Monitor the administrative activity that is made in your cluster by analyzing logs through Grafana. For more information about the service, see the Activity Tracker documentation. For more information about the types of events that you can track, see Activity Tracker events. | Yes | Yes |
{{site.data.keyword.la_full_notm}} | Add log management capabilities to your cluster by deploying a {{site.data.keyword.la_short}} agent to your worker nodes to manage logs from your pod containers. For more information, see Managing Kubernetes cluster logs with {{site.data.keyword.la_full_notm}}. | Yes | Yes |
{{site.data.keyword.mon_full_notm}} | Gain operational visibility into the performance and health of your apps by deploying a {{site.data.keyword.mon_short}} agent to your worker nodes to forward metrics to {{site.data.keyword.mon_full}}. For more information, see Analyzing metrics for an app that is deployed in a Kubernetes cluster. | Yes | Yes |
Instana | Instana{: external} provides infrastructure and app performance monitoring with a GUI that automatically discovers and maps your apps. Instana captures every request to your apps, which you can use to troubleshoot and perform root cause analysis to prevent the problems from happening again. Check out the blog post about deploying Instana in {{site.data.keyword.containerlong_notm}}{: external} to learn more. | Yes | Yes |
Prometheus | Prometheus is an open source monitoring, logging, and alerting tool that was designed for Kubernetes. Prometheus retrieves detailed information about the cluster, worker nodes, and deployment health based on Kubernetes logging information. CPU, memory, I/O, and network activity is collected for each container that runs in a cluster. You can use the collected data in custom queries or alerts to monitor performance and workloads in your cluster. To use Prometheus, follow the CoreOS instructions{: external}. | Yes | Yes |
Sematext | View metrics and logs for your containerized applications by using Sematext{: external}. For more information, see Monitoring and logging for containers with Sematext{: external}. | Yes | Yes |
Splunk | Import and search your Kubernetes logging, object, and metrics data in Splunk by using Splunk Connect for Kubernetes. Splunk Connect for Kubernetes is a collection of Helm charts that deploy a Splunk-supported deployment of Fluentd to your Kubernetes cluster, a Splunk-built Fluentd HTTP Event Collector (HEC) plug-in to send logs and metadata, and a metrics deployment that captures your cluster metrics. For more information, see Solving Business Problems with Splunk on {{site.data.keyword.containerlong_notm}}{: external}. | Yes | Yes |
Weave Scope | Weave Scope{: external} provides a visual diagram of your resources within a Kubernetes cluster, including services, pods, containers, processes, nodes, and more. Weave Scope provides interactive metrics for CPU and memory and also provides tools to tail and exec into a container. | Yes | Yes |
{: caption="Table 4. Logging and monitoring services" caption-side="bottom"} |
{: #security_services}
Want a comprehensive view of how to integrate {{site.data.keyword.cloud_notm}} security services with your cluster? Check out the Apply end-to-end security to a cloud application tutorial. {: shortdesc}
Service | Description | Classic | VPC |
---|---|---|---|
{{site.data.keyword.appid_full_notm}} | Add a level of security to your apps with {{site.data.keyword.appid_short}} by requiring users to sign in. To authenticate web or API HTTP/HTTPS requests to your app, you can integrate {{site.data.keyword.appid_short_notm}} with your Ingress service by using the {{site.data.keyword.appid_short_notm}} authentication Ingress annotation. | Yes | Yes |
Aqua Security | As a supplement to Vulnerability Advisor{: external}, you can use Aqua Security{: external} to improve the security of container deployments by reducing what your app is allowed to do. For more information, see Securing container deployments on {{site.data.keyword.cloud_notm}} with Aqua Security{: external}. | Yes | Yes |
{{site.data.keyword.registrylong_notm}} | Set up your own secured Docker image repository where you can safely store and share images between cluster users. For more information, see the {{site.data.keyword.registrylong}} documentation{: external}. | Yes | Yes |
{{site.data.keyword.keymanagementservicefull_notm}} | Encrypt the Kubernetes secrets that are in your cluster by enabling a key management service (KMS) provider. Encrypting your Kubernetes secrets prevents unauthorized users from accessing sensitive cluster information. | Yes | Yes |
NeuVector | Protect containers with a cloud-native firewall by using NeuVector{: external}. For more information, see NeuVector Container Security{: external}. | Yes | Yes |
{{site.data.keyword.secrets-manager_full_notm}} | Ingress secrets and certificates | You can use {{site.data.keyword.secrets-manager_short}} to store and manage your Ingress secrets and certificates. For more information, see Setting up {{site.data.keyword.secrets-manager_short}} in your Kubernetes Service cluster. | Yes |
Twistlock | As a supplement to Vulnerability Advisor{: external}, you can use Twistlock{: external} to manage firewalls, threat protection, and incident response. For more information, see Twistlock on {{site.data.keyword.containerlong_notm}}{: external}. | Yes | Yes |
{: caption="Table 5. Security services" caption-side="bottom"} |
{: #storage_services}
Service | Description | Classic | VPC |
---|---|---|---|
Heptio Velero | You can use Heptio Velero{: external} to back up and restore cluster resources and persistent volumes. For more information, see the Heptio Velero Use cases for disaster recovery and cluster migration{: external}. | Yes | Yes |
{{site.data.keyword.cloud_notm}} Classic Block Storage | {{site.data.keyword.cloud_notm}} Classic Block Storage is persistent, high-performance iSCSI storage that you can add to your apps by using Kubernetes persistent volumes (PVs). Use block storage to deploy stateful apps in a single zone or as high-performance storage for single pods. For more information about how to provision block storage in your cluster, see Storing data on {{site.data.keyword.cloud_notm}} Block Storage | Yes | |
{{site.data.keyword.block_storage_is_short}} | {{site.data.keyword.block_storage_is_short}} provides hypervisor-mounted, high-performance data storage for your virtual server instances that you provision within a VPC cluster. For more information about how to provision VPC Block Storage in your cluster, see Storing data on {{site.data.keyword.block_storage_is_short}} | Yes | |
{{site.data.keyword.cos_full_notm}} | Data that is stored with {{site.data.keyword.cos_short}} is encrypted and dispersed across multiple geographic locations, and accessed over HTTP by using a REST API. You can use the ibm-backup-restore image to configure the service to make one-time or scheduled backups for data in your clusters. For more information about the service, see the {{site.data.keyword.cos_short}} documentation{: external}. | Yes | Yes |
{{site.data.keyword.cloud_notm}} Classic {{site.data.keyword.filestorage_short}} | {{site.data.keyword.cloud_notm}} Classic {{site.data.keyword.filestorage_short}} is persistent, fast, and flexible network-attached, NFS-based file storage that you can add to your apps by using Kubernetes persistent volumes. You can choose between predefined storage tiers with GB sizes and IOPS that meet the requirements of your workloads. For more information about how to provision file storage in your cluster, see Storing data on {{site.data.keyword.cloud_notm}} {{site.data.keyword.filestorage_short}}. | Yes | |
Portworx | Portworx{: external} is a highly available software-defined storage solution that you can use to manage persistent storage for your containerized databases and other stateful apps, or to share data between pods across multiple zones. You can install Portworx with a Helm chart and provision storage for your apps by using Kubernetes persistent volumes. For more information about how to set up Portworx in your cluster, see Storing data on software-defined storage (SDS) with Portworx. | Yes | Yes |
{: caption="Table 6. Storage services" caption-side="bottom"} |
{: #database_services}
Service | Description | Classic | VPC |
---|---|---|---|
{{site.data.keyword.blockchainfull_notm}} Platform v2 | Deploy and manage your own {{site.data.keyword.blockchainfull_notm}} Platform on {{site.data.keyword.containerlong_notm}}. With {{site.data.keyword.blockchainfull_notm}} Platform v2, you can host {{site.data.keyword.blockchainfull_notm}} networks or create organizations that can join other {{site.data.keyword.blockchainfull_notm}} v2 networks. For more information about how to set up {{site.data.keyword.blockchainfull_notm}} in {{site.data.keyword.containerlong_notm}}, see About {{site.data.keyword.blockchainfull_notm}} Platform. | Yes | |
Cloud databases | You can choose between various {{site.data.keyword.cloud_notm}} database services, such as {{site.data.keyword.composeForMongoDB_full}} or {{site.data.keyword.cloudantfull}} to deploy highly available and scalable database solutions in your cluster. For a list of available cloud databases, see the {{site.data.keyword.cloud_notm}} catalog{: external}. | Yes | Yes |
{: caption="Table 7. Database services" caption-side="bottom"} |