From 30bce4984a88303721f56687dc36961f88359e72 Mon Sep 17 00:00:00 2001 From: Shahar Glazner Date: Wed, 23 Oct 2024 11:29:50 +0300 Subject: [PATCH] docs(k8s): new kubernetes documentation (#2270) --- docs/deployment/gke.mdx | 318 ------------------ .../architecture.mdx} | 198 ++--------- docs/deployment/kubernetes/installation.mdx | 167 +++++++++ .../deployment/{ => kubernetes}/openshift.mdx | 0 docs/deployment/kubernetes/overview.mdx | 18 + docs/mint.json | 192 ++++++----- 6 files changed, 305 insertions(+), 588 deletions(-) delete mode 100644 docs/deployment/gke.mdx rename docs/deployment/{kubernetes.mdx => kubernetes/architecture.mdx} (57%) create mode 100644 docs/deployment/kubernetes/installation.mdx rename docs/deployment/{ => kubernetes}/openshift.mdx (100%) create mode 100644 docs/deployment/kubernetes/overview.mdx diff --git a/docs/deployment/gke.mdx b/docs/deployment/gke.mdx deleted file mode 100644 index dad98f3cd..000000000 --- a/docs/deployment/gke.mdx +++ /dev/null @@ -1,318 +0,0 @@ ---- -title: "GKE" -sidebarTitle: "GKE" ---- - -## Step 0: Prerequisites - -1. GKE cluster (**required**) -2. kubectl and helm installed (**required**) -3. Domain + Certificate (**optional**, for TLS) - - - -## Step 1: Configure Keep's helm repo -```bash -# configure the helm repo -helm repo add keephq https://keephq.github.io/helm-charts -helm pull keephq/keep - - -# make sure you are going to install Keep -helm search repo keep -NAME CHART VERSION APP VERSION DESCRIPTION -keephq/keep 0.1.20 0.25.4 Keep Helm Chart -``` - -## Step 2: Install Keep - -Do not install Keep in your default namespace. Its best practice to create a dedicated namespace. - -Let's create a dedicated namespace and install Keep in it: -```bash -# create a dedicated namespace for Keep -kubectl create ns keep - -# Install keep -helm install -n keep keep keephq/keep --set isGKE=true --set namespace=keep - -# You should see something like: -NAME: keep -LAST DEPLOYED: Thu Oct 10 11:31:07 2024 -NAMESPACE: keep -STATUS: deployed -REVISION: 1 -TEST SUITE: None -``` - - -As number of cofiguration change from the vanilla helm chart increase, it may be more convient to create a `values.yaml` and use it: - - -```bash -cat values.yaml -isGke=true -namespace=keep - -helm install -n keep keep keephq/keep -f values.yaml -``` - - - -Now, let's make sure everything installed correctly: - -```bash -# Note: it can take few minutes until GKE assign the public IP's to the ingresses -helm-charts % kubectl -n keep get ingress,svc,pod,backendconfig -NAME CLASS HOSTS ADDRESS PORTS AGE -ingress.networking.k8s.io/keep-backend * 34.54.XXX.XXX 80 5m27s -ingress.networking.k8s.io/keep-frontend * 34.49.XXX.XXX 80 5m27s - -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -service/keep-backend ClusterIP 34.118.239.9 8080/TCP 5m28s -service/keep-database ClusterIP 34.118.228.60 3306/TCP 5m28s -service/keep-frontend ClusterIP 34.118.230.132 3000/TCP 5m28s -service/keep-websocket ClusterIP 34.118.227.128 6001/TCP 5m28s - -NAME READY STATUS RESTARTS AGE -pod/keep-backend-7466b5fcbb-5vst4 1/1 Running 0 5m27s -pod/keep-database-7c65c996f7-nl59n 1/1 Running 0 5m27s -pod/keep-frontend-6dd6897bbb-mbddn 1/1 Running 0 5m27s -pod/keep-websocket-7fc496997b-bz68z 1/1 Running 0 5m27s - -NAME AGE -backendconfig.cloud.google.com/keep-backend-backendconfig 5m28s -backendconfig.cloud.google.com/keep-frontend-backendconfig 5m28s -``` - -You can access Keep by browsing the frontend IP: -``` -frontend_ip=$(kubectl -n keep get ingress | grep frontend | awk '{ print $4 }') -``` - -Keep is now running with its vanilla configuration. This tutorial focus on how to spin up Keep on GKE using Keep's helm chart and doesn't cover all Keep's environment variables and configuration. - - - - - - - -## Step 3: Configure domain and certificate (TLS) - -### Background - -Keep has three ingresses that allow external access to its various components: - - -In this tutorial we focus om exposing the frontend, but exposing the backend and the websocket server is basically the same. - - -#### Frontend Ingress (Required) -This ingress serves the main UI of Keep. It is required for users to access the dashboard and interact with the platform. The frontend is exposed on port 80 by default (or 443 when TLS is configured) and typically points to the public-facing interface of your Keep installation. - -#### Backend Ingress (Optional, enabled by default in `values.yaml`) -This ingress provides access to the backend API, which powers all the business logic, integrations, and alerting services of Keep. The backend ingress is usually accessed by frontend components or other services through internal or external API calls. By default, this ingress is enabled in the Helm chart and exposed internally unless explicitly configured with external domain access. - -#### Websocket Ingress (Optional, disabled by default in `values.yaml`) -This ingress supports real-time communication and push updates for the frontend without requiring page reloads. It is essential for use cases where live alert updates or continuous status changes need to be reflected immediately on the dashboard. Since not every deployment requires real-time updates, the WebSocket ingress is disabled by default but can be enabled as needed by updating the Helm chart configuration. - - - -### Prerequisites - -#### Domain -e.g. keep.yourcomapny.com will be used to access Keep UI. - -#### Certificate -Both private key (.pem) and certificate (.crt) - - -There are other ways to assign the certificate to the ingress, which are not covered by this tutorial, contributions are welcomed here, just open a PR and we will review and merge. - - -1. Google's Managed Certificate - if you domain is managed by Google Cloud DNS, you can spin up the ceritificate automatically using Google's Managed Certificate. -2. Using cert-manager - you can install cert-manager and use LetsEncrypt to spin up ceritificate for Keep. - - - - -### Add an A record for the domain to point to the frontend IP -You can get the frontend IP by: -``` -frontend_ip=$(kubectl -n keep get ingress | grep frontend | awk '{ print $4 }') -``` -Now go into the domain controller and add the A record that points to that IP. - -At this stage, you should be able to access your Keep UI via http://keep.yourcomapny.com - -### Store the certificate as kubernetes secret -Assuming the private key stored as `tls.key` and the certificate stored as `tls.crt`: - -```bash -kubectl create secret tls frontend-tls --cert=./tls.crt --key=./tls.key -n keep - -# you should see: -secret/frontend-tls created -``` - - -### Upgrade Keep to use TLS - -Create this `values.yaml`: -** Note to change keep.yourcomapny.com to your domain ** - -```yaml -namespace: keep -isGKE: true -frontend: - ingress: - enabled: true - hosts: - - host: keep.yourcompany.com - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - keep.yourcompany.com - secretName: frontend-tls - env: - - name: NEXTAUTH_SECRET - value: secret - # Changed the NEXTAUTH_URL - - name: NEXTAUTH_URL - value: https://keep.yourcompany.com - # https://github.com/nextauthjs/next-auth/issues/600 - - name: VERCEL - value: 1 - - name: API_URL - value: http://keep-backend:8080 - - name: NEXT_PUBLIC_POSTHOG_KEY - value: "phc_muk9qE3TfZsX3SZ9XxX52kCGJBclrjhkP9JxAQcm1PZ" - - name: NEXT_PUBLIC_POSTHOG_HOST - value: https://app.posthog.com - - name: ENV - value: development - - name: NODE_ENV - value: development - - name: HOSTNAME - value: 0.0.0.0 - - name: PUSHER_HOST - value: keep-websocket.default.svc.cluster.local - - name: PUSHER_PORT - value: 6001 - - name: PUSHER_APP_KEY - value: "keepappkey" - -backend: - env: - # Added the KEEP_API_URL - - name: KEEP_API_URL - value: https://keep.yourcompany.com/backend - - name: DATABASE_CONNECTION_STRING - value: mysql+pymysql://root@keep-database:3306/keep - - name: SECRET_MANAGER_TYPE - value: k8s - - name: PORT - value: "8080" - - name: PUSHER_APP_ID - value: 1 - - name: PUSHER_APP_KEY - value: keepappkey - - name: PUSHER_APP_SECRET - value: keepappsecret - - name: PUSHER_HOST - value: keep-websocket - - name: PUSHER_PORT - value: 6001 -database: - # this is needed since o/w helm install fails. if you are using different storageClass, edit the value here. - pvc: - storageClass: "standard-rwo" -``` - -Now, update Keep: -``` -helm upgrade -n keep keep keephq/keep -f values.yaml -``` - -### Validate everything works - -First, you should be able to access Keep's UI with https now, using https://keep.yourcompany.com if that's working - you can skip the other validations. -The "Not Secure" in the screenshot is due to self-signed certificate. - - - - - -#### Validate ingress host - -```bash -kubectl -n keep get ingress - -# You should see now the HOST underyour ingress, now with port 443: -NAME CLASS HOSTS ADDRESS PORTS AGE -keep-backend * 34.54.XXX.XXX 80 2d16h -keep-frontend keep.yourcompany.com 34.49.XXX.XXX 80, 443 2d16h -``` - -#### Validate the ingress using the TLS - -You should see `frontend-tls terminates keep.yourcompany.com`: - -```bash -kubectl -n keep describe ingress.networking.k8s.io/keep-frontend -Name: keep-frontend -Labels: app.kubernetes.io/instance=keep - app.kubernetes.io/managed-by=Helm - app.kubernetes.io/name=keep - app.kubernetes.io/version=0.25.4 - helm.sh/chart=keep-0.1.21 -Namespace: keep -Address: 34.54.XXX.XXX -Ingress Class: -Default backend: -TLS: - frontend-tls terminates keep.yourcompany.com -Rules: - Host Path Backends - ---- ---- -------- - gkefrontend.keephq.dev - / keep-frontend:3000 (10.24.8.93:3000) -Annotations: ingress.kubernetes.io/backends: - {"k8s1-0864ab44-keep-keep-frontend-3000-98c56664":"HEALTHY","k8s1-0864ab44-kube-system-default-http-backend-80-2d92bedb":"HEALTHY"} - ingress.kubernetes.io/forwarding-rule: k8s2-fr-h7ydn1yg-keep-keep-frontend-ldr6qtxe - ingress.kubernetes.io/https-forwarding-rule: k8s2-fs-h7ydn1yg-keep-keep-frontend-ldr6qtxe - ingress.kubernetes.io/https-target-proxy: k8s2-ts-h7ydn1yg-keep-keep-frontend-ldr6qtxe - ingress.kubernetes.io/ssl-cert: k8s2-cr-h7ydn1yg-7taujpdzbehr1ghm-64d2ca9e282d3ef5 - ingress.kubernetes.io/static-ip: k8s2-fr-h7ydn1yg-keep-keep-frontend-ldr6qtxe - ingress.kubernetes.io/target-proxy: k8s2-tp-h7ydn1yg-keep-keep-frontend-ldr6qtxe - ingress.kubernetes.io/url-map: k8s2-um-h7ydn1yg-keep-keep-frontend-ldr6qtxe - meta.helm.sh/release-name: keep - meta.helm.sh/release-namespace: keep -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal Sync 8m49s loadbalancer-controller UrlMap "k8s2-um-h7ydn1yg-keep-keep-frontend-ldr6qtxe" created - Normal Sync 8m46s loadbalancer-controller TargetProxy "k8s2-tp-h7ydn1yg-keep-keep-frontend-ldr6qtxe" created - Normal Sync 8m33s loadbalancer-controller ForwardingRule "k8s2-fr-h7ydn1yg-keep-keep-frontend-ldr6qtxe" created - Normal Sync 8m25s loadbalancer-controller TargetProxy "k8s2-ts-h7ydn1yg-keep-keep-frontend-ldr6qtxe" created - Normal Sync 8m12s loadbalancer-controller ForwardingRule "k8s2-fs-h7ydn1yg-keep-keep-frontend-ldr6qtxe" created - Normal IPChanged 8m11s loadbalancer-controller IP is now 34.54.XXX.XXX - Normal Sync 7m39s loadbalancer-controller UrlMap "k8s2-um-h7ydn1yg-keep-keep-frontend-ldr6qtxe" updated - Normal Sync 116s (x6 over 9m47s) loadbalancer-controller Scheduled for sync - ``` - -## Uninstall Keep - -### Uninstall the helm package -```bash -helm uninstall -n keep keep -``` - -### Delete the namespace - -```bash -kubectl delete ns keep -``` diff --git a/docs/deployment/kubernetes.mdx b/docs/deployment/kubernetes/architecture.mdx similarity index 57% rename from docs/deployment/kubernetes.mdx rename to docs/deployment/kubernetes/architecture.mdx index 3a7dc2902..5d1051270 100644 --- a/docs/deployment/kubernetes.mdx +++ b/docs/deployment/kubernetes/architecture.mdx @@ -1,26 +1,28 @@ --- -title: "Kubernetes" -sidebarTitle: "Kubernetes" +title: "Architecture" +sidebarTitle: "Architecture" --- -## Overview - -### High Level Architecture +## High Level Architecture Keep architecture composes of two main components: -1. **Keep API** (aka keep backend) - a pythonic server (FastAPI) which serves as Keep's backend -2. **Keep Frontend** - (aka keep ui) - a nextjs server which serves as Keep's frontend +1. **Keep API** - A FastAPI-based backend server that handles business logic and API endpoints. +2. **Keep Frontend** - A Next.js-based frontend interface for user interaction. +3. **Websocket Server** - A Soketi server for real-time updates without page refreshes. +4. **Database Server** - A database used to store and manage persistent data. Supported databases include SQLite, PostgreSQL, MySQL, and SQL Server. + +## Kubernetes Architecture -Keep is also using the following (optional) components: +Keep uses a single unified NGINX ingress controller to route traffic to all components (frontend, backend, and websocket). The ingress handles path-based routing: -3. **Websocket Server** - a soketi server serves as the websocket server to allow real time updates from the server to the browser without refreshing the page -4. **Database Server** - a database which Keep reads/writes for persistency. Keep currently supports sqlite, postgres, mysql and sql server (enterprise) +By default: +- `/` routed to **Frontend** (configurable via `global.ingress.frontendPrefix`) +- `/v2` routed to **Backend** (configurable via `global.ingress.backendPrefix`) +- `/websocket` routed to **WebSocket** (configurable via `global.ingress.websocketPrefix`) -### Kubernetes Architecture -Keep's Kubernetes architecture is composed of several components, each with its own set of Kubernetes resources. Here's a detailed breakdown of each component and its associated resources: +### General Components -#### General Components Keep uses kubernetes secret manager to store secrets such as integrations credentials. | Kubernetes Resource | Purpose | Required/Optional | Source | @@ -30,16 +32,19 @@ Keep's Kubernetes architecture is composed of several components, each with its | RoleBinding | Associates the Role with the ServiceAccount | Required | [role-binding-secret-manager.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/role-binding-secret-manager.yaml) | | Secret Deletion Job | Cleans up Keep-related secrets when the Helm release is deleted | Required | [delete-secret-job.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/delete-secret-job.yaml) | -#### Frontend Components +### Ingress Component +| Kubernetes Resource | Purpose | Required/Optional | Source | +|:-------------------:|:-------:|:-----------------:|:------:| +| Shared NGINX Ingress | Routes all external traffic via one entry point | Optional | [nginx-ingress.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/nginx-ingress.yaml) | + +### Frontend Components | Kubernetes Resource | Purpose | Required/Optional | Source | |:-------------------:|:-------:|:-----------------:|:------:| | Frontend Deployment | Manages the frontend application containers | Required | [frontend.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/frontend.yaml) | | Frontend Service | Exposes the frontend deployment within the cluster | Required | [frontend-service.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/frontend-service.yaml) | -| Frontend Ingress | Exposes the frontend service to external traffic | Optional | [frontend-ingress.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/frontend-ingress.yaml) | | Frontend Route (OpenShift) | Exposes the frontend service to external traffic on OpenShift | Optional | [frontend-route.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/frontend-route.yaml) | | Frontend HorizontalPodAutoscaler | Automatically scales the number of frontend pods | Optional | [frontend-hpa.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/frontend-hpa.yaml) | -| Frontend BackendConfig (GKE) | Configures health checks for Google Cloud Load Balancing | Optional (GKE only) | [backendconfig.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/gke/frontend-gke-healthcheck-config.yaml) | #### Backend Components @@ -47,10 +52,8 @@ Keep's Kubernetes architecture is composed of several components, each with its |:-------------------:|:-------:|:-----------------:|:------:| | Backend Deployment | Manages the backend application containers | Required (if backend enabled) | [backend.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/backend.yaml) | | Backend Service | Exposes the backend deployment within the cluster | Required (if backend enabled) | [backend-service.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/backend-service.yaml) | -| Backend Ingress | Exposes the backend service to external traffic | Optional | [backend-ingress.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/backend-ingress.yaml) | | Backend Route (OpenShift) | Exposes the backend service to external traffic on OpenShift | Optional | [backend-route.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/backend-route.yaml) | | Backend HorizontalPodAutoscaler | Automatically scales the number of backend pods | Optional | [backend-hpa.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/backend-hpa.yaml) | -| BackendConfig (GKE) | Configures health checks for Google Cloud Load Balancing | Optional (GKE only) | [backendconfig.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/gke/backend-gke-healthcheck-config.yaml) | #### Database Components Database components are optional. You can spin up Keep with your own database. @@ -69,13 +72,11 @@ Keep's Kubernetes architecture is composed of several components, each with its |:-------------------:|:-------:|:-----------------:|:------:| | WebSocket Deployment | Manages the WebSocket server containers (Soketi) | Optional | [websocket-server.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/websocket-server.yaml) | | WebSocket Service | Exposes the WebSocket deployment within the cluster | Required (if WebSocket enabled) | [websocket-server-service.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/websocket-server-service.yaml) | -| WebSocket Ingress | Exposes the WebSocket service to external traffic | Optional | [websocket-server-ingress.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/websocket-server-ingress.yaml) | | WebSocket Route (OpenShift) | Exposes the WebSocket service to external traffic on OpenShift | Optional | [websocket-server-route.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/websocket-server-route.yaml) | | WebSocket HorizontalPodAutoscaler | Automatically scales the number of WebSocket server pods | Optional | [websocket-server-hpa.yaml](https://github.com/keephq/helm-charts/blob/main/charts/keep/templates/websocket-server-hpa.yaml) | These tables provide a comprehensive overview of the Kubernetes resources used in the Keep architecture, organized by component type. Each table describes the purpose of each resource, indicates whether it's required or optional, and provides a direct link to the source template in the Keep Helm charts GitHub repository. - ### Kubernetes Configuration This sections covers only kubernetes-specific configuration. To learn about Keep-specific configuration, controlled by environment variables, see [Keep Configuration](/deployment/configuration) @@ -102,18 +103,6 @@ frontend: service: type: ClusterIP # Service type (ClusterIP, NodePort, LoadBalancer). port: 3000 # Port on which the frontend service is exposed. - # Enable or disable frontend ingress. - ingress: - enabled: true - hosts: - - host: keep.yourcompany.com - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - keep.yourcompany.com - secretName: frontend-tls # Secret for TLS certificates. ``` #### 2. Backend Configuration @@ -133,12 +122,6 @@ backend: service: type: ClusterIP # Service type (ClusterIP, NodePort, LoadBalancer). port: 8080 # Port on which the backend API is exposed. - ingress: - enabled: true # Enable or disable backend ingress. - hosts: - - paths: - - path: / - pathType: Prefix ``` #### 3. WebSocket Server Configuration @@ -147,142 +130,3 @@ Keep uses Soketi as its websocket server. To learn how to configure it, please s #### 4. Database Configuration Keep supports plenty of database (e.g. postgresql, mysql, sqlite, etc). It is out of scope to describe here how to deploy all of them to k8s. If you have specific questions - [contact us](https://slack.keephq.dev) and we will be happy to help. - - - -## Installation -The recommended way to install Keep in kubernetes is via Helm Chart. - -First, add the Helm repository of Keep and pull the latest version of the chart: -```bash -helm repo add keephq https://keephq.github.io/helm-charts -helm pull keephq/keep -``` - -Next, install Keep using: -```bash - -# it is always recommended to install Keep in a seperate namespace -kubectl create ns keep - -helm install -n keep keep keephq/keep --set namespace=keep -``` - - -## Expose Keep with port-forward -Notice for it to work locally, you'll need this port forwarding: -``` -# expose the UI -kubectl -n keep port-forward svc/keep-frontend 3000:3000 -``` - -## Expose Keep with ingress (HTTP) -Once you are ready to expose Keep to the outer world, Keep's helm chart comes with pre-configured ingress - -```bash -kubectl -n keep get ingress -NAME CLASS HOSTS ADDRESS PORTS AGE -keep-backend 34.54.XXX.XXX 80 75m -keep-frontend 34.54.XXX.XXX 80 70m -``` - -## Expose Keep with ingress (HTTPS) - -#### Prerequisites - -1. Domain -e.g. keep.yourcomapny.com will be used to access Keep UI. -2. Certificate - both private key (.pem) and certificate (.crt) - -#### Store the certificate as kubernetes secret -Assuming the private key stored as `tls.key` and the certificate stored as `tls.crt`: - -```bash -kubectl create secret tls frontend-tls --cert=./tls.crt --key=./tls.key -n keep - -# you should see: -secret/frontend-tls created -``` - -#### Upgrade Keep to use TLS - -Create this `values.yaml`: -** Note to change keep.yourcomapny.com to your domain ** - -```yaml -namespace: keep -frontend: - ingress: - enabled: true - hosts: - - host: keep.yourcompany.com - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - keep.yourcompany.com - secretName: frontend-tls - env: - - name: NEXTAUTH_SECRET - value: secret - # Changed the NEXTAUTH_URL - - name: NEXTAUTH_URL - value: https://keep.yourcompany.com - # https://github.com/nextauthjs/next-auth/issues/600 - - name: VERCEL - value: 1 - - name: API_URL - value: http://keep-backend:8080 - - name: NEXT_PUBLIC_POSTHOG_KEY - value: "phc_muk9qE3TfZsX3SZ9XxX52kCGJBclrjhkP9JxAQcm1PZ" - - name: NEXT_PUBLIC_POSTHOG_HOST - value: https://app.posthog.com - - name: ENV - value: development - - name: NODE_ENV - value: development - - name: HOSTNAME - value: 0.0.0.0 - - name: PUSHER_HOST - value: keep-websocket.default.svc.cluster.local - - name: PUSHER_PORT - value: 6001 - - name: PUSHER_APP_KEY - value: "keepappkey" - -backend: - env: - # Added the KEEP_API_URL - - name: KEEP_API_URL - value: https://keep.yourcompany.com/backend - - name: DATABASE_CONNECTION_STRING - value: mysql+pymysql://root@keep-database:3306/keep - - name: SECRET_MANAGER_TYPE - value: k8s - - name: PORT - value: "8080" - - name: PUSHER_APP_ID - value: 1 - - name: PUSHER_APP_KEY - value: keepappkey - - name: PUSHER_APP_SECRET - value: keepappsecret - - name: PUSHER_HOST - value: keep-websocket - - name: PUSHER_PORT - value: 6001 -database: - # this is needed since o/w helm install fails. if you are using different storageClass, edit the value here. - pvc: - storageClass: "standard-rwo" -``` - -Now, update Keep: -``` -helm upgrade -n keep keep keephq/keep -f values.yaml -``` - - -To learn more about Keep's helm chart, see https://github.com/keephq/helm-charts/blob/main/README.md - -To discover about how to configure Keep using Helm, see auto generated helm-docs at https://github.com/keephq/helm-charts/blob/main/charts/keep/README.md diff --git a/docs/deployment/kubernetes/installation.mdx b/docs/deployment/kubernetes/installation.mdx new file mode 100644 index 000000000..5b3010ffd --- /dev/null +++ b/docs/deployment/kubernetes/installation.mdx @@ -0,0 +1,167 @@ +--- +title: "Installation" +sidebarTitle: "Installation" +--- + + +The recommended way to install Keep on Kubernetes is via Helm Chart.

+Follow these steps to set it up. +
+ +## Prerequisites + +### Helm CLI +See the [Helm documentation](https://helm.sh/docs/intro/install/) for instructions about installing helm. + +### Ingress Controller (Optional) + +You can skip this step if: +1. You already have **ingress-nginx** installed. +2. You don't need to expose Keep to the internet/network. + + +#### Overview +An ingress controller is essential for managing external access to services in your Kubernetes cluster. It acts as a smart router and load balancer, allowing you to expose multiple services through a single entry point while handling SSL termination and routing rules. +**Keep works the best with** [ingress-nginx](https://github.com/kubernetes/ingress-nginx) **but you can customize the helm chart for other ingress controllers too.** + + +#### Check ingress-nginx Installed +You check if you already have ingress-nginx installed: +```bash +# By default, the ingress-nginx will be installed under the ingress-nginx namespace +kubectl -n ingress-nginx get pods +NAME READY STATUS RESTARTS AGE +ingress-nginx-controller-d49697d5f-hjhbj 1/1 Running 0 4h19m + +# Or check for the ingress class +kubectl get ingressclass +NAME CONTROLLER PARAMETERS AGE +nginx k8s.io/ingress-nginx 4h19m + +``` + +#### Install ingress-nginx + +To read about more installation options, see [ingress-nginx installation docs](https://kubernetes.github.io/ingress-nginx/deploy/). + +```bash +# simplest way to install +helm upgrade --install ingress-nginx ingress-nginx \ + --repo https://kubernetes.github.io/ingress-nginx \ + --namespace ingress-nginx --create-namespace +``` + +Verify installation: +```bash +kubectl get ingressclass +NAME CONTROLLER PARAMETERS AGE +nginx k8s.io/ingress-nginx 4h19m +``` + +Verify if snippet annotations are enabled: +```bash +kubectl get configmap -n ingress-nginx ingress-nginx-controller -o yaml | grep allow-snippet-annotations +allow-snippet-annotations: "true" +``` + +## Installation + +### With Ingress-NGINX (Recommended) + +```bash +# Add the Helm repository +helm repo add keephq https://keephq.github.io/helm-charts + +# Install Keep with ingress enabled +helm install keep keephq/keep -n keep --create-namespace +``` + +### Without Ingress-NGINX (Not Recommended) + +```bash +# Add the Helm repository +helm repo add keephq https://keephq.github.io/helm-charts + +# Install Keep without ingress enabled. +# You won't be able to access Keep from the network. +helm install keep keephq/keep -n keep --create-namespace \ + --set global.ingress.enabled=false +``` + +## Accessing Keep + +### Ingress +If you installed Keep with ingress, you should be able to access Keep. + +```bash +kubectl -n keep get ingress +NAME CLASS HOSTS ADDRESS PORTS AGE +keep-ingress nginx * X.X.X.X 80 4h16m +``` + +Keep is available at http://X.X.X.X :) + +### Without Ingress (Port-Forwarding) + +Use the following commands to access Keep locally without ingress: +```bash +# Forward the UI +kubectl port-forward svc/keep-frontend 3000:3000 -n keep & + +# Forward the Backend +kubectl port-forward svc/keep-backend 8080:8080 -n keep & + +# Forward WebSocket server (optional) +kubectl port-forward svc/keep-websocket 6001:6001 -n keep & +``` + +Keep is available at http://localhost:3000 :) + +## Configuring HTTPS + +### Prerequisites +1. Domain Name: Example - keep.yourcompany.com +2. TLS Certificate: Private key (tls.key) and certificate (tls.crt) + +### Create the TLS Secret + +Assuming: +- `tls.crt` contains the certificate. +- `tls.key` contains the private key. + +```bash +# create the secret with kubectl +kubectl create secret tls keep-tls --cert=./tls.crt --key=./tls.key -n keep +``` + +### Update Helm Values for TLS +```bash +helm upgrade -n keep keep keephq/keep \ + --set "global.ingress.hosts[0]=keep.example.com" \ + --set "global.ingress.tls[0].hosts[0]=keep.example.com" \ + --set "global.ingress.tls[0].secretName=keep-tls" +``` + + + +Alternatively, update your `values.yaml`: +```bash +... +global: + ingress: + hosts: + - host: keep.example.com + tls: + - hosts: + - keep.example.com + secretName: keep-tls +... +``` + + +## Uninstallation +To remove Keep and clean up: +```bash +helm uninstall keep -n keep +kubectl delete namespace keep +``` diff --git a/docs/deployment/openshift.mdx b/docs/deployment/kubernetes/openshift.mdx similarity index 100% rename from docs/deployment/openshift.mdx rename to docs/deployment/kubernetes/openshift.mdx diff --git a/docs/deployment/kubernetes/overview.mdx b/docs/deployment/kubernetes/overview.mdx new file mode 100644 index 000000000..b40d9c771 --- /dev/null +++ b/docs/deployment/kubernetes/overview.mdx @@ -0,0 +1,18 @@ +--- +title: "Overview" +sidebarTitle: "Overview" +--- + + If you need help deploying Keep on Kubernetes or have any feedback or suggestions, feel free to open a ticket in our [GitHub repo](https://github.com/keephq/keep) or say hello in our [Slack](https://slack.keephq.dev). + + +Keep is designed as a Kubernetes-native application. + +We maintain an opinionated, batteries-included Helm chart, but you can customize it as needed. + + +## Next steps +- Install Keep on [Kubernetes](/deployment/kubernetes/installation). +- Keep's [Helm Chart](https://github.com/keephq/helm-charts). +- Deep dive to Keep's kubernetes [Architecture](/deployment/kubernetes/architecture). +- Install Keep on [OpenShift](/deployment/kubernetes/openshift). diff --git a/docs/mint.json b/docs/mint.json index 2504bd46e..89f69ba23 100644 --- a/docs/mint.json +++ b/docs/mint.json @@ -79,10 +79,17 @@ }, "deployment/secret-manager", "deployment/docker", - "deployment/kubernetes", + { + "group": "Kubernetes", + "pages": [ + "deployment/kubernetes/overview", + "deployment/kubernetes/installation", + "deployment/kubernetes/architecture", + "deployment/kubernetes/openshift" + ] + }, "deployment/openshift", "deployment/ecs", - "deployment/gke", "deployment/stress-testing" ] }, @@ -107,97 +114,96 @@ { "group": "Supported Providers", "pages": [ - "providers/documentation/aks-provider", - "providers/documentation/appdynamics-provider", - "providers/documentation/auth0-provider", - "providers/documentation/axiom-provider", - "providers/documentation/azuremonitoring-provider", - "providers/documentation/bash-provider", - "providers/documentation/bigquery-provider", - "providers/documentation/centreon-provider", - "providers/documentation/clickhouse-provider", - "providers/documentation/cloudwatch-provider", - "providers/documentation/console-provider", - "providers/documentation/coralogix-provider", - "providers/documentation/datadog-provider", - "providers/documentation/discord-provider", - "providers/documentation/dynatrace-provider", - "providers/documentation/elastic-provider", - "providers/documentation/gcpmonitoring-provider", - "providers/documentation/github-provider", - "providers/documentation/github_workflows_provider", - "providers/documentation/gitlab-provider", - "providers/documentation/gitlabpipelines-provider", - "providers/documentation/gke-provider", - "providers/documentation/google_chat-provider", - "providers/documentation/grafana-provider", - "providers/documentation/grafana_incident-provider", - "providers/documentation/grafana_oncall-provider", - "providers/documentation/http-provider", - "providers/documentation/ilert-provider", - "providers/documentation/incidentio-provider", - "providers/documentation/incidentmanager-provider", - "providers/documentation/jira-on-prem-provider", - "providers/documentation/jira-provider", - "providers/documentation/kafka-provider", - "providers/documentation/keep-provider", - "providers/documentation/kibana-provider", - "providers/documentation/kubernetes-provider", - "providers/documentation/linear_provider", - "providers/documentation/linearb-provider", - "providers/documentation/mailchimp-provider", - "providers/documentation/mailgun-provider", - "providers/documentation/mattermost-provider", - "providers/documentation/microsoft-planner-provider", - "providers/documentation/mock-provider", - "providers/documentation/mongodb-provider", - "providers/documentation/mysql-provider", - "providers/documentation/netdata-provider", - "providers/documentation/new-relic-provider", - "providers/documentation/ntfy-provider", - "providers/documentation/openobserve-provider", - "providers/documentation/openshift-provider", - "providers/documentation/opsgenie-provider", - "providers/documentation/pagerduty-provider", - "providers/documentation/pagertree-provider", - "providers/documentation/parseable-provider", - "providers/documentation/pingdom-provider", - "providers/documentation/planner-provider", - "providers/documentation/postgresql-provider", - "providers/documentation/prometheus-provider", - "providers/documentation/pushover-provider", - "providers/documentation/python-provider", - "providers/documentation/quickchart-provider", - "providers/documentation/redmine-provider", - "providers/documentation/resend-provider", - "providers/documentation/rollbar-provider", - "providers/documentation/sendgrid-provider", - "providers/documentation/sentry-provider", - "providers/documentation/service-now-provider", - "providers/documentation/signalfx-provider", - "providers/documentation/signl4-provider", - "providers/documentation/site24x7-provider", - "providers/documentation/slack-provider", - "providers/documentation/smtp-provider", - "providers/documentation/snowflake-provider", - "providers/documentation/splunk-provider", - "providers/documentation/squadcast-provider", - "providers/documentation/ssh-provider", - "providers/documentation/statuscake-provider", - "providers/documentation/sumologic-provider", - "providers/documentation/teams-provider", - "providers/documentation/telegram-provider", - "providers/documentation/template", - "providers/documentation/trello-provider", - "providers/documentation/twilio-provider", - "providers/documentation/uptimekuma-provider", - "providers/documentation/victoriametrics-provider", - "providers/documentation/webhook-provider", - "providers/documentation/websocket-provider", - "providers/documentation/zabbix-provider", - "providers/documentation/zenduty-provider" - ] - + "providers/documentation/aks-provider", + "providers/documentation/appdynamics-provider", + "providers/documentation/auth0-provider", + "providers/documentation/axiom-provider", + "providers/documentation/azuremonitoring-provider", + "providers/documentation/bash-provider", + "providers/documentation/bigquery-provider", + "providers/documentation/centreon-provider", + "providers/documentation/clickhouse-provider", + "providers/documentation/cloudwatch-provider", + "providers/documentation/console-provider", + "providers/documentation/coralogix-provider", + "providers/documentation/datadog-provider", + "providers/documentation/discord-provider", + "providers/documentation/dynatrace-provider", + "providers/documentation/elastic-provider", + "providers/documentation/gcpmonitoring-provider", + "providers/documentation/github-provider", + "providers/documentation/github_workflows_provider", + "providers/documentation/gitlab-provider", + "providers/documentation/gitlabpipelines-provider", + "providers/documentation/gke-provider", + "providers/documentation/google_chat-provider", + "providers/documentation/grafana-provider", + "providers/documentation/grafana_incident-provider", + "providers/documentation/grafana_oncall-provider", + "providers/documentation/http-provider", + "providers/documentation/ilert-provider", + "providers/documentation/incidentio-provider", + "providers/documentation/incidentmanager-provider", + "providers/documentation/jira-on-prem-provider", + "providers/documentation/jira-provider", + "providers/documentation/kafka-provider", + "providers/documentation/keep-provider", + "providers/documentation/kibana-provider", + "providers/documentation/kubernetes-provider", + "providers/documentation/linear_provider", + "providers/documentation/linearb-provider", + "providers/documentation/mailchimp-provider", + "providers/documentation/mailgun-provider", + "providers/documentation/mattermost-provider", + "providers/documentation/microsoft-planner-provider", + "providers/documentation/mock-provider", + "providers/documentation/mongodb-provider", + "providers/documentation/mysql-provider", + "providers/documentation/netdata-provider", + "providers/documentation/new-relic-provider", + "providers/documentation/ntfy-provider", + "providers/documentation/openobserve-provider", + "providers/documentation/openshift-provider", + "providers/documentation/opsgenie-provider", + "providers/documentation/pagerduty-provider", + "providers/documentation/pagertree-provider", + "providers/documentation/parseable-provider", + "providers/documentation/pingdom-provider", + "providers/documentation/planner-provider", + "providers/documentation/postgresql-provider", + "providers/documentation/prometheus-provider", + "providers/documentation/pushover-provider", + "providers/documentation/python-provider", + "providers/documentation/quickchart-provider", + "providers/documentation/redmine-provider", + "providers/documentation/resend-provider", + "providers/documentation/rollbar-provider", + "providers/documentation/sendgrid-provider", + "providers/documentation/sentry-provider", + "providers/documentation/service-now-provider", + "providers/documentation/signalfx-provider", + "providers/documentation/signl4-provider", + "providers/documentation/site24x7-provider", + "providers/documentation/slack-provider", + "providers/documentation/smtp-provider", + "providers/documentation/snowflake-provider", + "providers/documentation/splunk-provider", + "providers/documentation/squadcast-provider", + "providers/documentation/ssh-provider", + "providers/documentation/statuscake-provider", + "providers/documentation/sumologic-provider", + "providers/documentation/teams-provider", + "providers/documentation/telegram-provider", + "providers/documentation/template", + "providers/documentation/trello-provider", + "providers/documentation/twilio-provider", + "providers/documentation/uptimekuma-provider", + "providers/documentation/victoriametrics-provider", + "providers/documentation/webhook-provider", + "providers/documentation/websocket-provider", + "providers/documentation/zabbix-provider", + "providers/documentation/zenduty-provider" + ] } ] },