https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/Recent content in Operating on CapsuleHugo -- gohugo.ioenhttps://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/admission-policies/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/admission-policies/As Capsule we try to provide a secure multi-tenant environment out of the box, there are however some additional Admission Policies you should consider to enforce best practices in your cluster. Since Capsule only covers the core multi-tenancy features, such as Namespaces, Resource Quotas, Network Policies, and Container Registries, Classes, you should consider using an additional Admission Controller to enforce best practices on workloads and other resources. Custom Create custom Policies and reuse data provided via Tenant Status to enforce your own rules.https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/architecture/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/architecture/Key Decisions Introducing a new separation of duties can lead to a significant paradigm shift. This has technical implications and may also impact your organizational structure. Therefore, when designing a multi-tenant platform pattern, carefully consider the following aspects. As Cluster Administrator, ask yourself: 🔑 How much ownership can be delegated to Tenant Owners (Platform Users)? The answer to this question may be influenced by the following aspects: Are the Cluster Adminsitrators willing to grant permissions to Tenant Owners?https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/authentication/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/authentication/Capsule does not care about the authentication strategy used in the cluster and all the Kubernetes methods of authentication are supported. The only requirement to use Capsule is to assign tenant users to the group defined by userGroups option in the CapsuleConfiguration, which defaults to projectcapsule.dev. OIDC In the following guide, we’ll use Keycloak an Open Source Identity and Access Management server capable to authenticate users via OIDC and release JWT tokens as proof of authentication.https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/monitoring/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/monitoring/The Capsule dashboard allows you to track the health and performance of Capsule manager and tenants, with particular attention to resources saturation, server responses, and latencies. Prometheus and Grafana are requirements for monitoring Capsule. ResourcePools Instrumentation for ResourcePools. Dashboards Dashboards can be deployed via helm-chart, enable the following values: monitoring: dashboards: enabled: true Capsule / ResourcePools Dashboard which grants a detailed overview over the ResourcePools Rules Example rules to give you some idea, what’s possible.https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/backup-restore/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/backup-restore/Velero is a backup and restore solution that performs data protection, disaster recovery and migrates Kubernetes cluster from on-premises to the Cloud or between different Clouds. When coming to backup and restore in Kubernetes, we have two main requirements: Configurations backup Data backup The first requirement aims to backup all the resources stored into etcd database, for example: namespaces, pods, services, deployments, etc. The second is about how to backup stateful application data as volumes.https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/templating/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/templating/Fast Templates For simple template cases we provide a fast templating engine. With this engine, you can use Go templates syntax to reference Tenant and Namespace fields. There are no operators or anything else supported. Available fields are: {{tenant.name}}: The Name of the Tenant {{namespace}}: The Name of the Tenant Sprout Templating Our template library is mainly based on the upstream implementation from Sprout. You can find the all available functions here:https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/troubleshoting/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/troubleshoting/