https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/Recent content in Integrations on CapsuleHugo -- gohugo.ioenhttps://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/crossplane/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/crossplane/https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/dashboard/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/dashboard/This guide works with the kubernetes dashboard v2.0.0 (Chart 6.0.8). It has not yet been tested successfully with with v3.x version of the dashboard. We recommend to use Headlamp as a more modern alternative to the Kubernetes Dashboard. This guide describes how to integrate the Kubernetes Dashboard and Capsule Proxy with OIDC authorization. OIDC Authentication Your cluster must also be configured to use OIDC Authentication for seemless Kubernetes RBAC integration.https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/gangplank/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/gangplank/Gangplank is a web application that allows users to authenticate with an OIDC provider and configure their kubectl configuration file with the OpenID Connect Tokens. Gangplank is based on Gangway, which is no longer maintained. Prerequisites You will need a running Capsule Proxy instance. For Authentication you will need a Confidential OIDC client configured in your OIDC provider, such as Keycloak, Dex, or Google Cloud Identity. By default the Kubernetes API only validates tokens against a Public OIDC client, so you will need to configure your OIDC provider to allow the Gangplank client to issue tokens.https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/headlamp/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/headlamp/Headlamp is an easy-to-use and extensible Kubernetes web UI. Headlamp was created to blend the traditional feature set of other web UIs/dashboards (i.e., to list and view resources) with added functionality. Prerequisites You will need a running Capsule Proxy instance. For Authentication you will need a Confidential OIDC client configured in your OIDC provider, such as Keycloak, Dex, or Google Cloud Identity. By default the Kubernetes API only validates tokens against a Public OIDC client, so you will need to configure your OIDC provider to allow the Headlamp client to issue tokens.https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/kyverno/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/kyverno/Kyverno is a policy engine designed for Kubernetes. It provides the ability to validate, mutate, and generate Kubernetes resources using admission control. Kyverno policies are managed as Kubernetes resources and can be applied to a cluster using kubectl. Capsule integrates with Kyverno to provide a set of policies that can be used to improve the security and governance of the Kubernetes cluster. Permissions Some policies are attempting to query Capsule specific information, such as the tenant name based on the namespace.https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/lens/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/lens/With Capsule extension for Lens, a cluster administrator can easily manage from a single pane of glass all resources of a Kubernetes cluster, including all the Tenants created through the Capsule Operator. Features Capsule extension for Lens provides these capabilities: List all tenants See tenant details and change through the embedded Lens editor Check Resources Quota and Budget at both the tenant and namespace level Please, see the README for details about the installation of the Capsule Lens Extension.https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/monitoring/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/monitoring/While we can not provide a full list of all the monitoring solutions available, we can provide some guidance on how to integrate Capsule with some of the most popular ones. Also this is dependent on how you have set up your monitoring solution. We will just explore the options available to you. Logging Loki Promtail config: clients: - url: "https://loki.company.com/loki/api/v1/push" # Maximum wait period before sending batch batchwait: 1s # Maximum batch size to accrue before sending, unit is byte batchsize: 102400 # Maximum time to wait for server to respond to a request timeout: 10s backoff_config: # Initial backoff time between retries min_period: 100ms # Maximum backoff time between retries max_period: 5s # Maximum number of retries when sending batches, 0 means infinite retries max_retries: 20 tenant_id: "tenant" external_labels: cluster: "${cluster_name}" serverPort: 3101 positions: filename: /run/promtail/positions.https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/opencost/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/opencost/This guide explains how to integrate OpenCost with Capsule to provide cost visibility and chargeback/showback per tenant. You can group workloads into tenants by annotating namespaces (for example, opencost.projectcapsule.dev/tenant: {{ tenant.name }}). OpenCost can use this annotation to aggregate costs, enabling accurate cost allocation across clusters, nodes, namespaces, controller kinds, controllers, services, pods, and containers for each tenant. Prerequisites Capsule v0.10.8 or later Prometheus Operator Prometheus OpenCost Installation Capsule Create a tenant with spec.https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/openshift/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/openshift/https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/rancher/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/rancher/https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/tekton/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/tekton/With Capsule extension for Lens, a cluster administrator can easily manage from a single pane of glass all resources of a Kubernetes cluster, including all the Tenants created through the Capsule Operator. Prerequisites Tekton must be already installed on your cluster, if that’s not the case consult the documentation here: Tekton Cluster Scoped Permissions Tekton Dashboard Now for the enduser experience we are going to deploy the tekton dashboard. When using oauth2-proxy we can deploy one single dashboard, which can be used for all tenants.https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/teleport/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/teleport/Teleport is an open-source tool that provides zero trust access to servers and cloud applications using SSH, Kubernetes, Database, Remote Desktop Protocol and HTTPS. It can eliminate the need for VPNs by providing a single gateway to access computing infrastructure via SSH, Kubernetes clusters, and cloud applications via a built-in proxy.1 If you want to pass requests from teleport users through the capsule-proxy for users to be able to do things like listing namespaces scoped to their own tenants, this integration is for you.https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/velero/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-80--docs-projectcapsule.netlify.app/ecosystem/integrations/velero/