https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/Recent content in Integrations on CapsuleHugo -- gohugo.ioenhttps://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/argocd/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/argocd/Integration Resource Actions You may provide Custom Resource Actions for Capsule specific resources and interactions. Namespace Resource Actions With the following configuration, ArgoCD will show Cordon and Resume actions for the Namespace resource. The Cordon action will set the projectcapsule.dev/cordoned label to true, while the Resume action will set it to false. This is only for Namespaces part of a Capsule Tenant. resource.customizations.actions.Namespace: | mergeBuiltinActions: true discovery.lua: | actions = { cordon = { iconClass = "fa fa-solid fa-pause", disabled = true, }, uncordon = { iconClass = "fa fa-solid fa-play", disabled = true, }, } local function has_managed_ownerref() if obj.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/crossplane/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/crossplane/https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/dashboard/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/dashboard/This guide works with the kubernetes dashboard v2.0.0 (Chart 6.0.8). It has not yet been tested successfully with with v3.x version of the dashboard. We recommend to use Headlamp as a more modern alternative to the Kubernetes Dashboard. This guide describes how to integrate the Kubernetes Dashboard and Capsule Proxy with OIDC authorization. OIDC Authentication Your cluster must also be configured to use OIDC Authentication for seemless Kubernetes RBAC integration.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/envoy-gateway/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/envoy-gateway/There’s different ways to use Gateway API in a multi-tenant setup. This guide suggested a strong isolated implementation using the Envoy Gateway Project. The Architecture suggested looks something like this: Each tenant will get it’s own -system Namespace. However that namespace is not managed by the Tenant nor part of it. It’s the namespace where the platform deploys managed services for each Tenant, which are out of bound for TenantOwners.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/harbor/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/harbor/There’s different ways to use Gateway API in a multi-tenant setup. This guide suggested a strong isolated implementation using the Envoy Gateway Project. The Architecture suggested looks something like this: Each tenant will get it’s own -system Namespace. However that namespace is not managed by the Tenant nor part of it. It’s the namespace where the platform deploys managed services for each Tenant, which are out of bound for TenantOwners.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/eso/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/eso/With External Secrets Operator it’s possible to delegate Secrets Management to an external system while keeping the actual management of the secrets within Kubernetes. This guide provides a simple automation example with External Secrets Operator. Before starting, you might want to explore the existing documentation regarding multi-tenancy: https://external-secrets.io/latest/guides/multi-tenancy/ Secure ClusterSecretStores If you have any ClusterSecretStores, which are not intended to be used by Tenants, you must make sure Tenants can not reference the ClusterSecretStore.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/headlamp/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/headlamp/Headlamp is an easy-to-use and extensible Kubernetes web UI. Headlamp was created to blend the traditional feature set of other web UIs/dashboards (i.e., to list and view resources) with added functionality. Prerequisites You will need a running Capsule Proxy instance. For Authentication you will need a Confidential OIDC client configured in your OIDC provider, such as Keycloak, Dex, or Google Cloud Identity. By default the Kubernetes API only validates tokens against a Public OIDC client, so you will need to configure your OIDC provider to allow the Headlamp client to issue tokens.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/kyverno/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/kyverno/Kyverno is a policy engine designed for Kubernetes. It provides the ability to validate, mutate, and generate Kubernetes resources using admission control. Kyverno policies are managed as Kubernetes resources and can be applied to a cluster using kubectl. Capsule integrates with Kyverno to provide a set of policies that can be used to improve the security and governance of the Kubernetes cluster. Permissions Some policies are attempting to query Capsule specific information, such as the tenant name based on the namespace.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/lens/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/lens/With Capsule extension for Lens, a cluster administrator can easily manage from a single pane of glass all resources of a Kubernetes cluster, including all the Tenants created through the Capsule Operator. Features Capsule extension for Lens provides these capabilities: List all tenants See tenant details and change through the embedded Lens editor Check Resources Quota and Budget at both the tenant and namespace level Please, see the README for details about the installation of the Capsule Lens Extension.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/monitoring/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/monitoring/While we can not provide a full list of all the monitoring solutions available, we can provide some guidance on how to integrate Capsule with some of the most popular ones. Also this is dependent on how you have set up your monitoring solution. We will just explore the options available to you. Logging Loki Promtail config: clients: - url: "https://loki.company.com/loki/api/v1/push" # Maximum wait period before sending batch batchwait: 1s # Maximum batch size to accrue before sending, unit is byte batchsize: 102400 # Maximum time to wait for server to respond to a request timeout: 10s backoff_config: # Initial backoff time between retries min_period: 100ms # Maximum backoff time between retries max_period: 5s # Maximum number of retries when sending batches, 0 means infinite retries max_retries: 20 tenant_id: "tenant" external_labels: cluster: "${cluster_name}" serverPort: 3101 positions: filename: /run/promtail/positions.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/opencost/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/opencost/This guide explains how to integrate OpenCost with Capsule to provide cost visibility and chargeback/showback per tenant. You can group workloads into tenants by annotating namespaces (for example, opencost.projectcapsule.dev/tenant: {{ tenant.name }}). OpenCost can use this annotation to aggregate costs, enabling accurate cost allocation across clusters, nodes, namespaces, controller kinds, controllers, services, pods, and containers for each tenant. Prerequisites Capsule v0.10.8 or later Prometheus Operator Prometheus OpenCost Installation Capsule Create a tenant with spec.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/openshift/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/openshift/https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/rancher/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/rancher/https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/tekton/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/tekton/With Capsule extension for Lens, a cluster administrator can easily manage from a single pane of glass all resources of a Kubernetes cluster, including all the Tenants created through the Capsule Operator. Prerequisites Tekton must be already installed on your cluster, if that’s not the case consult the documentation here: Tekton Cluster Scoped Permissions Tekton Dashboard Now for the enduser experience we are going to deploy the tekton dashboard. When using oauth2-proxy we can deploy one single dashboard, which can be used for all tenants.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/teleport/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/teleport/Teleport is an open-source tool that provides zero trust access to servers and cloud applications using SSH, Kubernetes, Database, Remote Desktop Protocol and HTTPS. It can eliminate the need for VPNs by providing a single gateway to access computing infrastructure via SSH, Kubernetes clusters, and cloud applications via a built-in proxy.1 If you want to pass requests from teleport users through the capsule-proxy for users to be able to do things like listing namespaces scoped to their own tenants, this integration is for you.https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/velero/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/ecosystem/integrations/velero/