Skip to content

Latest commit

 

History

History
147 lines (105 loc) · 29.4 KB

cs_integrations_overview.md

File metadata and controls

147 lines (105 loc) · 29.4 KB
copyright lastupdated keywords subcollection
years
2014, 2023
2023-01-30
kubernetes, helm
containers

{{site.data.keyword.attribute-definition-list}}

Supported IBM Cloud and third-party integrations

{: #supported_integrations}

You can use various {{site.data.keyword.IBM}}, {{site.data.keyword.cloud}}, and external services with a standard cluster in {{site.data.keyword.containerlong_notm}}. {: shortdesc}

Popular integrations

{: #popular_services}

Service Category Description Classic VPC
{{site.data.keyword.cloudaccesstrailfull_notm}} Cluster activity logs Monitor the administrative activity that is made in your cluster by analyzing logs through Grafana. For more information about the service, see the Activity Tracker documentation. For more information about the types of events that you can track, see Activity Tracker events. Yes Yes
{{site.data.keyword.appid_full_notm}} Authentication Add a level of security to your apps with {{site.data.keyword.appid_short}} by requiring users to sign in. To authenticate web or API HTTP or HTTPS requests to your app, you can integrate {{site.data.keyword.appid_short_notm}} with your Ingress service by using the {{site.data.keyword.appid_short_notm}} authentication Ingress annotation. Yes Yes
{{site.data.keyword.cloud_notm}} Classic Block Storage Block storage {{site.data.keyword.cloud_notm}} Block Storage is persistent, high-performance iSCSI storage that you can add to your apps by using Kubernetes persistent volumes (PVs). Use block storage to deploy stateful apps in a single zone or as high-performance storage for single pods. For more information about how to provision block storage in your cluster, see Storing data on {{site.data.keyword.cloud_notm}} Block Storage Yes
{{site.data.keyword.block_storage_is_short}} Block storage {{site.data.keyword.block_storage_is_short}} provides hypervisor-mounted, high-performance data storage for your virtual server instances that you provision within a VPC cluster. For more information about how to provision VPC Block Storage in your cluster, see Storing data on {{site.data.keyword.block_storage_is_short}} Yes
{{site.data.keyword.codeenginefull_notm}} Serverless {{site.data.keyword.codeengineshort}} is a fully managed, serverless platform that runs your containerized workloads, including web apps, micro-services, event-driven functions, or batch jobs. {{site.data.keyword.codeengineshort}} even builds container images for you from your source code. Because these workloads are all hosted within the same Kubernetes infrastructure, all them can seamlessly work together. For more information, see Getting started with {{site.data.keyword.codeenginefull_notm}}.
{{site.data.keyword.registrylong_notm}} Container images Set up your own secured Docker image repository where you can safely store and share images between cluster users. For more information, see the {{site.data.keyword.registrylong}} documentation{: external}. Yes Yes
{{site.data.keyword.cloud_notm}} {{site.data.keyword.contdelivery_short}} Build automation Automate your app builds and container deployments to Kubernetes clusters by using a toolchain. For more information about the setup, see working with Tekton pipelines{: external}. Yes Yes
{{site.data.keyword.cloud_notm}} Classic {{site.data.keyword.filestorage_short}} File storage {{site.data.keyword.cloud_notm}} Classic {{site.data.keyword.filestorage_short}} is persistent, fast, and flexible network-attached, NFS-based file storage that you can add to your apps by using Kubernetes persistent volumes. You can choose between predefined storage tiers with GB sizes and IOPS that meet the requirements of your workloads. For more information about how to provision file storage in your cluster, see Storing data on {{site.data.keyword.cloud_notm}} {{site.data.keyword.filestorage_short}}. Yes
{{site.data.keyword.keymanagementservicefull_notm}} Data encryption Encrypt the Kubernetes secrets that are in your cluster by enabling a key management service (KMS) provider. Encrypting your Kubernetes secrets prevents unauthorized users from accessing sensitive cluster information. Yes Yes
{{site.data.keyword.la_full_notm}} Cluster and app logs Add log management capabilities to your cluster by deploying a {{site.data.keyword.la_short}} agent to your worker nodes to manage logs from your pod containers. For more information, see Managing Kubernetes cluster logs with {{site.data.keyword.la_full_notm}}. Yes Yes
{{site.data.keyword.mon_full_notm}} Cluster and app metrics Gain operational visibility into the performance and health of your apps by deploying an {{site.data.keyword.mon_full_notm}} agent to your worker nodes to forward metrics to {{site.data.keyword.mon_full}}. For more information, see Analyzing metrics for an app that is deployed in a Kubernetes cluster. Yes Yes
{{site.data.keyword.cos_full_notm}} Object storage Data that is stored with {{site.data.keyword.cos_short}} is encrypted and dispersed across multiple geographic locations, and accessed over HTTP by using a REST API. You can use the ibm-backup-restore image to configure the service to make one-time or scheduled backups for data in your clusters. For more information about the service, see the {{site.data.keyword.cos_short}} documentation{: external}. Yes Yes
Istio on {{site.data.keyword.containerlong_notm}} Microservice management Istio{: external} is an open source service that gives developers a way to connect, secure, manage, and monitor a network of microservices, also known as a service mesh, on cloud orchestration platforms. Istio on {{site.data.keyword.containerlong}} provides a one-step installation of Istio into your cluster through a managed add-on. With one click, you can get all Istio core components, additional tracing, monitoring, and visualization up and running. To get started, see Using the managed Istio add-on. Yes Yes
Portworx Storage for stateful apps Portworx{: external} is a highly available software-defined storage solution that you can use to manage persistent storage for your containerized databases and other stateful apps, or to share data between pods across multiple zones. You can install Portworx with a Helm chart and provision storage for your apps by using Kubernetes persistent volumes. For more information about how to set up Portworx in your cluster, see Storing data on software-defined storage (SDS) with Portworx. Yes Yes
Razee Deployment automation Razee{: external} is an open-source project that automates and manages the deployment of Kubernetes resources across clusters, environments, and cloud providers, and helps you to visualize deployment information for your resources so that you can monitor the rollout process and find deployment issues more quickly. For more information about Razee and how to set up Razee in your cluster to automate your deployment process, see the Razee documentation{: external}. Yes Yes
{{site.data.keyword.secrets-manager_full_notm}} Ingress secrets and certificates You can use {{site.data.keyword.secrets-manager_short}} to store and manage your Ingress secrets and certificates. For more information, see Setting up {{site.data.keyword.secrets-manager_short}} in your Kubernetes Service cluster. Yes Yes
{{site.data.keyword.bplong_notm}}/ Terraform Infrastructure and {{site.data.keyword.cloud_notm}} service automation Terraform is an open-source software that enables predictable and consistent provisioning of {{site.data.keyword.cloud_notm}} platform, classic infrastructure, and VPC infrastructure resources by using a high-level scripting language. {{site.data.keyword.bplong_notm}} delivers Terraform-as-a-Service so that you can model the resources that you want in your {{site.data.keyword.cloud_notm}} environment, and enable Infrastructure as Code (IaC). For more information about how to use native Terraform to create a cluster, see Creating single and multizone Kubernetes and {{site.data.keyword.redhat_openshift_notm}} clusters. Yes Yes
{: caption="Table 1. Popular integrations" caption-side="bottom"}

DevOps services

{: #devops_services}

Service Description Classic VPC
Cloud Foundry Public Deploy and manage your own Cloud Foundry platform on a Kubernetes cluster to develop, package, deploy, and manage cloud-native apps, and leverage the {{site.data.keyword.cloud_notm}} ecosystem to bind additional services to your apps. When you create an Cloud Foundry Public instance, you must configure your Kubernetes cluster by choosing the flavor and VLANs for your worker nodes. Your cluster is then provisioned with {{site.data.keyword.containerlong_notm}} and Cloud Foundry Public is automatically deployed to your cluster. For more information about how to set up Cloud Foundry Public, see the Getting started tutorial. Yes
Codeship You can use Codeship{: external} for the continuous integration and delivery of containers. For more information, see Using Codeship Pro To Deploy Workloads to {{site.data.keyword.containerlong_notm}}{: external}. Yes Yes
Grafeas Grafeas{: external} is an open source CI/CD service that provides a common way for how to retrieve, store, and exchange metadata during the software supply chain process. For example, if you integrate Grafeas into your app build process, Grafeas can store information about the initiator of the build request, vulnerability scan results, and quality assurance sign-off so that you can make an informed decision if an app can be deployed to production. You can use this metadata in audits or to prove compliance for your software supply chain. Yes Yes
Helm Helm{: external} is a Kubernetes package manager. You can create new Helm charts or use preexisting Helm charts to define, install, and upgrade complex Kubernetes applications that run in {{site.data.keyword.containerlong_notm}} clusters. For more information, see Setting up Helm in {{site.data.keyword.containerlong_notm}}. Yes Yes
{{site.data.keyword.cloud_notm}} {{site.data.keyword.contdelivery_short}} Automate your app builds and container deployments to Kubernetes clusters by using a toolchain. For more information about the setup, see working with Tekton pipelines. Yes Yes
Istio on {{site.data.keyword.containerlong_notm}} Istio{: external} is an open source service that gives developers a way to connect, secure, manage, and monitor a network of microservices, also known as a service mesh, on cloud orchestration platforms. Istio on {{site.data.keyword.containerlong}} provides a one-step installation of Istio into your cluster through a managed add-on. With one click, you can get all Istio core components, additional tracing, monitoring, and visualization up and running. To get started, see Using the managed Istio add-on Yes Yes
Jenkins X Jenkins X is a Kubernetes-native continuous integration and continuous delivery platform that you can use to automate your build process. For more information about how to install it on {{site.data.keyword.containerlong_notm}}, see Introducing the Jenkins X open source project{: external}.
Razee Razee{: external} is an open-source project that automates and manages the deployment of Kubernetes resources across clusters, environments, and cloud providers, and helps you to visualize deployment information for your resources so that you can monitor the rollout process and find deployment issues more quickly. For more information about Razee and how to set up Razee in your cluster to automate your deployment process, see the Razee documentation{: external}. Yes Yes
{{site.data.keyword.bplong_notm}} {{site.data.keyword.bplong_notm}} is a managed Terraform service where you can use native Terraform capabilities, but you don't have to worry about setting up and maintaining the Terraform CLI and {{site.data.keyword.cloud_notm}} Provider plug-in. For more information about how to use Terraform to create a cluster, see Creating single and multizone Kubernetes and {{site.data.keyword.redhat_openshift_notm}} clusters. Yes Yes
Terraform Terraform{: external} is an open-source software that enables predictable and consistent provisioning of {{site.data.keyword.cloud_notm}} platform, classic infrastructure, and VPC infrastructure resources by using a high-level scripting language. For more information about how to use native Terraform to create a cluster, see Creating single and multizone Kubernetes and {{site.data.keyword.redhat_openshift_notm}} clusters. Yes Yes
{: caption="Table 2. DevOps services" caption-side="bottom"}

Hybrid cloud services

{: #hybrid_cloud_services}

Service Description Classic VPC
{{site.data.keyword.vpc_short}} VPN With the {{site.data.keyword.vpc_short}} VPN, you can securely connect your VPC to an on-premises network, other VPCs, or to classic infrastructure through a VPN tunnel. For more information, see Connecting to your on-premises network. Yes
{{site.data.keyword.dl_short}} With {{site.data.keyword.dl_full}}, you can create a direct, private connection between your remote network environments and {{site.data.keyword.containerlong_notm}} without routing over the public internet. The {{site.data.keyword.dl_short}} offerings are useful when you must implement hybrid workloads, cross-provider workloads, large or frequent data transfers, or private workloads. To choose a {{site.data.keyword.dl_short}} offering and set up a {{site.data.keyword.dl_short}} connection, see Get Started with {{site.data.keyword.dl_full_notm}} (2.0). Yes Yes
strongSwan IPSec VPN Service Set up a strongSwan IPSec VPN service{: external} that securely connects your Kubernetes cluster with an on-premises network. The strongSwan IPSec VPN service provides a secure end-to-end communication channel over the internet that is based on the industry-standard Internet Protocol Security (IPSec) protocol suite. To set up a secure connection between your cluster and an on-premises network, configure and deploy the strongSwan IPSec VPN service directly in a pod in your cluster. Yes
{{site.data.keyword.tg_short}} Use {{site.data.keyword.tg_full_notm}} to manage access between your VPCs. {{site.data.keyword.tg_short}} instances can be configured to route between VPCs that are in the same region (local routing) or VPCs that are in different regions (global routing). Additionally, you can use {{site.data.keyword.tg_short}} to manage access between your VPCs in multiple regions to resources in your {{site.data.keyword.cloud_notm}} classic infrastructure. To get started, see the {{site.data.keyword.tg_short}} documentation. Yes
{: caption="Table 3. Hybrid cloud services" caption-side="bottom"}

Logging and monitoring services

{: #health_services}

Service Description Classic VPC
CoScale Monitor worker nodes, containers, replica sets, replication controllers, and services with CoScale{: external}. For more information, see Monitoring {{site.data.keyword.containerlong_notm}} with CoScale{: external}. Yes Yes
Datadog Monitor your cluster and view infrastructure and application performance metrics with Datadog{: external}. For more information, see Monitoring {{site.data.keyword.containerlong_notm}} with Datadog{: external}. Yes Yes
{{site.data.keyword.cloudaccesstrailfull_notm}} Monitor the administrative activity that is made in your cluster by analyzing logs through Grafana. For more information about the service, see the Activity Tracker documentation. For more information about the types of events that you can track, see Activity Tracker events. Yes Yes
{{site.data.keyword.la_full_notm}} Add log management capabilities to your cluster by deploying a {{site.data.keyword.la_short}} agent to your worker nodes to manage logs from your pod containers. For more information, see Managing Kubernetes cluster logs with {{site.data.keyword.la_full_notm}}. Yes Yes
{{site.data.keyword.mon_full_notm}} Gain operational visibility into the performance and health of your apps by deploying a {{site.data.keyword.mon_short}} agent to your worker nodes to forward metrics to {{site.data.keyword.mon_full}}. For more information, see Analyzing metrics for an app that is deployed in a Kubernetes cluster. Yes Yes
Instana Instana{: external} provides infrastructure and app performance monitoring with a GUI that automatically discovers and maps your apps. Instana captures every request to your apps, which you can use to troubleshoot and perform root cause analysis to prevent the problems from happening again. Check out the blog post about deploying Instana in {{site.data.keyword.containerlong_notm}}{: external} to learn more. Yes Yes
Prometheus Prometheus is an open source monitoring, logging, and alerting tool that was designed for Kubernetes. Prometheus retrieves detailed information about the cluster, worker nodes, and deployment health based on Kubernetes logging information. CPU, memory, I/O, and network activity is collected for each container that runs in a cluster. You can use the collected data in custom queries or alerts to monitor performance and workloads in your cluster. To use Prometheus, follow the CoreOS instructions{: external}. Yes Yes
Sematext View metrics and logs for your containerized applications by using Sematext{: external}. For more information, see Monitoring and logging for containers with Sematext{: external}. Yes Yes
Splunk Import and search your Kubernetes logging, object, and metrics data in Splunk by using Splunk Connect for Kubernetes. Splunk Connect for Kubernetes is a collection of Helm charts that deploy a Splunk-supported deployment of Fluentd to your Kubernetes cluster, a Splunk-built Fluentd HTTP Event Collector (HEC) plug-in to send logs and metadata, and a metrics deployment that captures your cluster metrics. For more information, see Solving Business Problems with Splunk on {{site.data.keyword.containerlong_notm}}{: external}. Yes Yes
Weave Scope Weave Scope{: external} provides a visual diagram of your resources within a Kubernetes cluster, including services, pods, containers, processes, nodes, and more. Weave Scope provides interactive metrics for CPU and memory and also provides tools to tail and exec into a container. Yes Yes
{: caption="Table 4. Logging and monitoring services" caption-side="bottom"}

Security services

{: #security_services}

Want a comprehensive view of how to integrate {{site.data.keyword.cloud_notm}} security services with your cluster? Check out the Apply end-to-end security to a cloud application tutorial. {: shortdesc}

Service Description Classic VPC
{{site.data.keyword.appid_full_notm}} Add a level of security to your apps with {{site.data.keyword.appid_short}} by requiring users to sign in. To authenticate web or API HTTP/HTTPS requests to your app, you can integrate {{site.data.keyword.appid_short_notm}} with your Ingress service by using the {{site.data.keyword.appid_short_notm}} authentication Ingress annotation. Yes Yes
Aqua Security As a supplement to Vulnerability Advisor{: external}, you can use Aqua Security{: external} to improve the security of container deployments by reducing what your app is allowed to do. For more information, see Securing container deployments on {{site.data.keyword.cloud_notm}} with Aqua Security{: external}. Yes Yes
{{site.data.keyword.registrylong_notm}} Set up your own secured Docker image repository where you can safely store and share images between cluster users. For more information, see the {{site.data.keyword.registrylong}} documentation{: external}. Yes Yes
{{site.data.keyword.keymanagementservicefull_notm}} Encrypt the Kubernetes secrets that are in your cluster by enabling a key management service (KMS) provider. Encrypting your Kubernetes secrets prevents unauthorized users from accessing sensitive cluster information. Yes Yes
NeuVector Protect containers with a cloud-native firewall by using NeuVector{: external}. For more information, see NeuVector Container Security{: external}. Yes Yes
{{site.data.keyword.secrets-manager_full_notm}} Ingress secrets and certificates You can use {{site.data.keyword.secrets-manager_short}} to store and manage your Ingress secrets and certificates. For more information, see Setting up {{site.data.keyword.secrets-manager_short}} in your Kubernetes Service cluster. Yes
Twistlock As a supplement to Vulnerability Advisor{: external}, you can use Twistlock{: external} to manage firewalls, threat protection, and incident response. For more information, see Twistlock on {{site.data.keyword.containerlong_notm}}{: external}. Yes Yes
{: caption="Table 5. Security services" caption-side="bottom"}

Storage services

{: #storage_services}

Service Description Classic VPC
Heptio Velero You can use Heptio Velero{: external} to back up and restore cluster resources and persistent volumes. For more information, see the Heptio Velero Use cases for disaster recovery and cluster migration{: external}. Yes Yes
{{site.data.keyword.cloud_notm}} Classic Block Storage {{site.data.keyword.cloud_notm}} Classic Block Storage is persistent, high-performance iSCSI storage that you can add to your apps by using Kubernetes persistent volumes (PVs). Use block storage to deploy stateful apps in a single zone or as high-performance storage for single pods. For more information about how to provision block storage in your cluster, see Storing data on {{site.data.keyword.cloud_notm}} Block Storage Yes
{{site.data.keyword.block_storage_is_short}} {{site.data.keyword.block_storage_is_short}} provides hypervisor-mounted, high-performance data storage for your virtual server instances that you provision within a VPC cluster. For more information about how to provision VPC Block Storage in your cluster, see Storing data on {{site.data.keyword.block_storage_is_short}} Yes
{{site.data.keyword.cos_full_notm}} Data that is stored with {{site.data.keyword.cos_short}} is encrypted and dispersed across multiple geographic locations, and accessed over HTTP by using a REST API. You can use the ibm-backup-restore image to configure the service to make one-time or scheduled backups for data in your clusters. For more information about the service, see the {{site.data.keyword.cos_short}} documentation{: external}. Yes Yes
{{site.data.keyword.cloud_notm}} Classic {{site.data.keyword.filestorage_short}} {{site.data.keyword.cloud_notm}} Classic {{site.data.keyword.filestorage_short}} is persistent, fast, and flexible network-attached, NFS-based file storage that you can add to your apps by using Kubernetes persistent volumes. You can choose between predefined storage tiers with GB sizes and IOPS that meet the requirements of your workloads. For more information about how to provision file storage in your cluster, see Storing data on {{site.data.keyword.cloud_notm}} {{site.data.keyword.filestorage_short}}. Yes
Portworx Portworx{: external} is a highly available software-defined storage solution that you can use to manage persistent storage for your containerized databases and other stateful apps, or to share data between pods across multiple zones. You can install Portworx with a Helm chart and provision storage for your apps by using Kubernetes persistent volumes. For more information about how to set up Portworx in your cluster, see Storing data on software-defined storage (SDS) with Portworx. Yes Yes
{: caption="Table 6. Storage services" caption-side="bottom"}

Database services

{: #database_services}

Service Description Classic VPC
{{site.data.keyword.blockchainfull_notm}} Platform v2 Deploy and manage your own {{site.data.keyword.blockchainfull_notm}} Platform on {{site.data.keyword.containerlong_notm}}. With {{site.data.keyword.blockchainfull_notm}} Platform v2, you can host {{site.data.keyword.blockchainfull_notm}} networks or create organizations that can join other {{site.data.keyword.blockchainfull_notm}} v2 networks. For more information about how to set up {{site.data.keyword.blockchainfull_notm}} in {{site.data.keyword.containerlong_notm}}, see About {{site.data.keyword.blockchainfull_notm}} Platform. Yes
Cloud databases You can choose between various {{site.data.keyword.cloud_notm}} database services, such as {{site.data.keyword.composeForMongoDB_full}} or {{site.data.keyword.cloudantfull}} to deploy highly available and scalable database solutions in your cluster. For a list of available cloud databases, see the {{site.data.keyword.cloud_notm}} catalog{: external}. Yes Yes
{: caption="Table 7. Database services" caption-side="bottom"}