NoOps to your Kubernetes cluster
This is the most typical scenario where a cluster is deployed, and we are fortunate to be using Talos to run Kubernetes, which puts us in a great position as we don't need to worry about managing OS/Kubernetes updates. However, the cluster only includes the core Kubernetes software such as the control plane, etcd, and certificates, as well as CNI, without any additional features. These additional features may be essential for DevOps/SRE teams to utilize the latest containerization stack.
Other important aspects such as monitoring & logging and observability, RBAC and AuthN/AuthZ model and tooling, and metrics for proper management and automation are not provided by default. Even if we think about autoscaling, it is still necessary to implement a proper monitoring system.
Typically, when you have your cluster deployed, you might want to have this technologies applied down to your cluster:
- Ingress controller - Nginx / Contour if envoy is needed
- Bare-metal loadbalancing - MetalLB
- SSL Certs handling - Cert-manager
- DNS management - external-dns
- AuthN/AuthZ - Dex / OAuth2 & RBAC configured
- Monitoring - Prometheus & Grafana stack
- Logging - Loki / Elasticsearch
- Container Registry - Harbor / Trow / jfrog artifactory
- Service Mesh - Istio / LinkerD
- GitOps and progressive delivery - Argo stack, Flux, Flagger, Argo rollout
- Secret Management - Vault / Sealed-secrets
- CI/CD - Tekton, rancher fleet, devtron, argo workflows, werf etc.
- Other tooling - Reloader, image-sync, secret-copier etc.
- CSI tech - Rook / Linstor / Local-path-provisioner / OpenEBS / Longhorn etc.
The number of tools needed for a Kubernetes cluster depends on the requirements of the developers and operation teams. However, it would be easier if there was a tool that could set everything up for you. Some platforms like Openshift/OKD/Rancher might offer solutions out of the box, but this can lead to vendor lock-in.
To address this issue, the term NoOps was coined. NoOps means that a platform can be used in an existing cluster without the need to configure and install each tool individually. Everything is pre-configured, and it is simply a matter of installing it using the platform tooling. Two NoOps platforms are Kubesphere and Deckhouse.
In this post, the we are going to try out the Deckhouse platform because of its monitoring stack and software, which appears more interesting based on the documentation provided on https://deckhouse.io/en/documentation/v1/oss_info.html. However, we may consider trying Kubesphere in the future because it offers more features for CI/CD and GitOps approaches, making it more powerful from a development perspective.
Deckhouse platform
"Deckhouse Platform presents to you the opportunity to create homogeneous Kubernetes clusters anywhere and handles comprehensive, automagical management for them. It supplies all the add-ons you need for auto-scaling, observability, security, and service mesh. Deckhouse is a certified Kubernetes."
- Deploying Deckhouse is easy as can be: a couple of CLI commands and 8 minutes and you've got production-ready Kubernetes.
- Ready-to-use configurations for each cloud provider available — just choose the one that suits you the best.
- Even deploying on bare metal is no longer a big deal.
Thus, Deckhouse do offer different models of deploying it. It runs both on bare metal servers and on the infrastructure of the supported cloud providers. The installation process differs depending on the infrastructure chosen, thus they provide various installation, and we are specifically interested in this one: https://deckhouse.io/en/gs/existing/step2.html
Deckhouse Platform installation in existing cluster
Requirements:
- OS: Windows 10+, macOS 10.15+, Linux (e.g. Ubuntu 18.04+, Fedora 35+);
- installed docker to run the installer (here are the instructions for Ubuntu, macOS, Windows);
- HTTPS access to the
registry.deckhouse.io
container image registry (it is also possible to use a third-party registry); - the kubectl command-line tool must be configured to communicate with your cluster.
The existing Kubernetes cluster:
You will need a running Kubernetes cluster with the supported Kubernetes version and OS.
config.yml file to bootstrap the cluster
The recommended settings for a Deckhouse Platform Community Edition installation are generated below:
config.yml
— a file with the configuration needed to bootstrap the cluster. Contains the installer parameters, access parameters, and the initial cluster parameters.
# section for bootstrapping the Deckhouse cluster (InitConfiguration)
# version of the Deckhouse API
apiVersion: deckhouse.io/v1
# type of the configuration section
kind: InitConfiguration
# Deckhouse parameters
deckhouse:
# the release channel in use
releaseChannel: Stable
# the Minimal bundle is used when installing Deckhouse in an existing cluster
bundle: Minimal
configOverrides:
global:
modules:
# template that will be used for system apps domains within the cluster
# e.g., Grafana for %s.wildcard.domain.for.your.cluster will be available as grafana.wildcard.domain.for.your.cluster
publicDomainTemplate: "%s.wildcard.domain.for.your.cluster"
# you might consider changing this
placement:
customTolerationKeys:
- SystemLoad
# You can enable modules here
certManagerEnabled: true
extendedMonitoringEnabled: true
monitoringCustomEnabled: true
monitoringKubernetesControlPlaneEnabled: true
monitoringKubernetesEnabled: true
monitoringPingEnabled: true
namespaceConfiguratorEnabled: true
operatorPrometheusCrdEnabled: true
operatorPrometheusEnabled: true
podReloaderEnabled: true
priorityClassEnabled: true
prometheusCrdEnabled: true
prometheusEnabled: true
prometheusMetricsAdapterEnabled: true
secretCopierEnabled: true
upmeterEnabled: true
userAuthnCrdEnabled: true
userAuthnEnabled: true
userAuthzEnabled: true
verticalPodAutoscalerCrdEnabled: true
verticalPodAutoscalerEnabled: true
ingressNginxEnabled: true
deckhouseWebEnabled: true
dashboardEnabled: true
smokeMiniEnabled: true
logShipperEnabled: true
Installation
Use a Docker image to install the Deckhouse Platform. It is necessary to transfer configuration files to the container.
docker run --pull=always -it -v "$PWD/config.yml:/config.yml" \
-v "$HOME/.kube/config:/kubeconfig" registry.deckhouse.io/deckhouse/ce/install:stable bash
Notes:
- Kubectl configuration file with access to Kubernetes API must be mount as the /kubeconfig file in the container.
Now, to initiate the process of installation, you need to execute inside the container:
dhctl bootstrap-phase install-deckhouse --kubeconfig=/kubeconfig --config=/config.yml
After the installation is complete, you will be returned to the command line.
[deckhouse] root@3ae15e4f6643 / # dhctl bootstrap-phase install-deckhouse --kubeconfig=/kubeconfig --config=/config.yml
┌ ⛵ ~ Bootstrap: Install Deckhouse
│ ┌ 🎈 ~ Common: Connect to Kubernetes API
│ │ ┌ Get Kubernetes API client
│ │ │ 🎉 Succeeded!
│ │ └ Get Kubernetes API client (0.02 seconds)
│ │
│ │ ┌ Waiting for Kubernetes API to become Ready
│ │ │ 🎉 Succeeded!
│ │ └ Waiting for Kubernetes API to become Ready (0.03 seconds)
│ └ 🎈 ~ Common: Connect to Kubernetes API (0.11 seconds)
│
│ ┌ ⛵ ~ Bootstrap: Install Deckhouse
│ │ ┌ Create Manifests
│ │ │ Manifest for Namespace "d8-system"
│ │ │ Manifest for Admin ClusterRole "cluster-admin"
│ │ │ Admin ClusterRole "cluster-admin" already exists. Trying to update ... OK!
│ │ │ Manifest for ClusterRoleBinding "deckhouse"
│ │ │ Manifest for ServiceAccount "deckhouse"
│ │ │ Manifest for ConfigMap "deckhouse"
│ │ │ Manifest for Secret "deckhouse-registry"
│ │ │ Manifest for Deployment "deckhouse"
│ │ └ Create Manifests (0.23 seconds)
│ │
│ │ ┌ Waiting for Deckhouse to become Ready
│ │ │ No Deckhouse pod found.
│ │ │ Deckhouse pod found: deckhouse-77ccbbcbd4-w4sv5 (Pending)
│ │ │ Deckhouse pod found: deckhouse-77ccbbcbd4-w4sv5 (Pending)
│ │ │ Deckhouse pod found: deckhouse-77ccbbcbd4-w4sv5 (Pending)
│ │ │ Deckhouse pod found: deckhouse-77ccbbcbd4-w4sv5 (Pending)
│ │ │ Deckhouse pod found: deckhouse-77ccbbcbd4-w4sv5 (Pending)
│ │ │ Deckhouse pod found: deckhouse-77ccbbcbd4-w4sv5 (Running)
│ │ │ Running pod found! Checking logs...
│ │ │ Module "priority-class" run successfully
│ │ │ Module "user-authn-crd" run successfully
│ │ │ Module "vertical-pod-autoscaler-crd" run successfully
│ │ │ Request failed. Probably pod was restarted during installation.
│ │ │ Deckhouse pod found: deckhouse-6b9d7756bb-zs8b6 (Pending)
│ │ │ Deckhouse pod found: deckhouse-6b9d7756bb-zs8b6 (Pending)
│ │ │ Deckhouse pod found: deckhouse-6b9d7756bb-zs8b6 (Pending)
│ │ │ Deckhouse pod found: deckhouse-6b9d7756bb-zs8b6 (Pending)
│ │ │ Deckhouse pod found: deckhouse-6b9d7756bb-zs8b6 (Pending)
│ │ │ Deckhouse pod found: deckhouse-6b9d7756bb-zs8b6 (Pending)
│ │ │ Deckhouse pod found: deckhouse-6b9d7756bb-zs8b6 (Pending)
│ │ │ Deckhouse pod found: deckhouse-6b9d7756bb-zs8b6 (Running)
│ │ │ Running pod found! Checking logs...
│ │ │ Module "deckhouse" run successfully
│ │ │ Module "cert-manager" run successfully
│ │ │ Module "user-authn" run successfully
│ │ │ Module "operator-prometheus" run successfully
│ │ │ prometheus/: 2022/08/17 09:20:15 [INFO] generate received request
│ │ │ prometheus/: 2022/08/17 09:20:15 [INFO] received CSR
│ │ │ prometheus/: 2022/08/17 09:20:15 [INFO] generating key: ecdsa-256
│ │ │ prometheus/: 2022/08/17 09:20:15 [INFO] encoded CSR
│ │ │ prometheus/: 2022/08/17 09:20:18 [INFO] generate received request
│ │ │ prometheus/: 2022/08/17 09:20:18 [INFO] received CSR
│ │ │ prometheus/: 2022/08/17 09:20:18 [INFO] generating key: ecdsa-256
│ │ │ prometheus/: 2022/08/17 09:20:18 [INFO] encoded CSR
│ │ │ Module "prometheus" run successfully
│ │ │ Request failed. Probably pod was restarted during installation.
│ │ │ Deckhouse pod found: deckhouse-fdd54c8c8-28lmn (Pending)
│ │ │ Deckhouse pod found: deckhouse-fdd54c8c8-28lmn (Running)
│ │ │ Running pod found! Checking logs...
│ │ │ Module "operator-prometheus-crd" run successfully
│ │ │ Module "priority-class" run successfully
│ │ │ Module "prometheus-crd" run successfully
│ │ │ Module "vertical-pod-autoscaler-crd" run successfully
│ │ │ Module "deckhouse" run successfully
│ │ │ Module "user-authz" run successfully
│ │ │ Module "operator-prometheus" run successfully
│ │ │ Module "vertical-pod-autoscaler" run successfully
│ │ │ Module "extended-monitoring" run successfully
│ │ │ Module "monitoring-custom" run successfully
│ │ │ monitoring-kubernetes-control-plane/: WARNING: Can't find etcd pod to discover scheme and port.
│ │ │ Module "monitoring-kubernetes-control-plane" run successfully
│ │ │ Module "monitoring-ping" run successfully
│ │ │ Module "ingress-nginx" run successfully
│ │ │ Module "pod-reloader" run successfully
│ │ │ Module "upmeter" run successfully
│ │ │ Module "namespace-configurator" run successfully
│ │ │ Deckhouse pod is Ready!
│ │ └ Waiting for Deckhouse to become Ready (318.04 seconds)
│ └ ⛵ ~ Bootstrap: Install Deckhouse (318.28 seconds)
└ ⛵ ~ Bootstrap: Install Deckhouse (318.39 seconds)
Next step is to create Ingress controller and user name so you can be able to access the services:
Note: if you deployed Deckhouse on Baremetal cluster, you need to add MetalLb to the cluster so you can create a LoadBalancer service within the cluster for Nginx Ingress Controller.
apiVersion: deckhouse.io/v1
kind: IngressNginxController
metadata:
name: main
spec:
# We need to use version 1.1 because Talos cluster version is 1.23+
controllerVersion: "1.1"
ingressClass: nginx
inlet: LoadBalancer
resourcesRequests:
mode: VPA
vpa:
mode: Auto
cpu:
max: 100m
memory:
max: 200Mi
---
apiVersion: deckhouse.io/v1
kind: ClusterAuthorizationRule
metadata:
name: admin
spec:
# Kubernetes RBAC accounts list
subjects:
- kind: User
name: [email protected]
# pre-defined access template
accessLevel: SuperAdmin
# allow user to do kubectl port-forward
portForwarding: true
---
# section containing the parameters of the static user
# version of the Deckhouse API
apiVersion: deckhouse.io/v1
kind: User
metadata:
name: admin
spec:
# user e-mail
email: [email protected]
# this is a hash of the password b5v2ui7t9t, generated now
# generate your own or use it at your own risk (for testing purposes)
# echo "b5v2ui7t9t" | htpasswd -BinC 10 "" | cut -d: -f2
# you might consider changing this
password: '$2a$10$Ib.R9jq0ZJc/95PKPubGnOFl6OmZyEa1mHB.tJer8iiqsEn.XopvC'
Now that we have installed and properly configured Deckhouse, let’s look at what we have got in the cluster:
kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cilium cilium-cj7z8 1/1 Running 0 22h
cilium cilium-d77pc 1/1 Running 0 22h
cilium cilium-dlxkg 1/1 Running 0 22h
cilium cilium-j5bsm 1/1 Running 0 22h
cilium cilium-jmzdj 1/1 Running 0 22h
cilium cilium-njggw 1/1 Running 0 22h
cilium cilium-operator-5bf866cbd6-5jrb5 1/1 Running 0 22h
cilium cilium-operator-5bf866cbd6-76b5q 1/1 Running 0 22h
cilium cilium-rdh2g 1/1 Running 0 22h
cilium cilium-vgkq7 1/1 Running 0 22h
d8-cert-manager annotations-converter-webhook-975f65684-4q9tf 1/1 Running 0 21h
d8-cert-manager annotations-converter-webhook-975f65684-8hf8z 1/1 Running 0 21h
d8-cert-manager annotations-converter-webhook-975f65684-p8f2x 1/1 Running 0 21h
d8-cert-manager cainjector-569d94675-9q6j5 1/1 Running 0 22h
d8-cert-manager cainjector-569d94675-fw7v6 1/1 Running 0 22h
d8-cert-manager cainjector-569d94675-sx4bg 1/1 Running 0 22h
d8-cert-manager cert-manager-7dc789f76f-dcfdg 2/2 Running 0 7h56m
d8-cert-manager cert-manager-7dc789f76f-k7ptz 2/2 Running 0 7h57m
d8-cert-manager webhook-5df5d9bc9f-8jb9p 1/1 Running 0 22h
d8-cert-manager webhook-5df5d9bc9f-9zxjj 1/1 Running 0 22h
d8-cert-manager webhook-5df5d9bc9f-zfp56 1/1 Running 0 22h
d8-dashboard dashboard-765bc7987f-7px49 1/1 Running 0 21h
d8-dashboard dashboard-765bc7987f-vdxb6 1/1 Running 0 21h
d8-dashboard dashboard-dex-authenticator-54f967d6f7-2vrln 2/2 Running 1 (21h ago) 21h
d8-dashboard dashboard-dex-authenticator-54f967d6f7-zcnsc 2/2 Running 1 21h
d8-dashboard metrics-scraper-b669d7c56-jrr5p 1/1 Running 0 21h
d8-dashboard metrics-scraper-b669d7c56-n69qg 1/1 Running 0 21h
d8-ingress-nginx controller-main-j72r8 3/3 Running 0 21h
d8-ingress-nginx controller-main-ksnsh 3/3 Running 0 21h
d8-ingress-nginx controller-main-nsbfs 3/3 Running 0 21h
d8-ingress-nginx controller-main-qpxvz 3/3 Running 0 21h
d8-ingress-nginx controller-main-rxzgm 3/3 Running 0 21h
d8-monitoring control-plane-proxy-425f55b4-596hh 0/3 Running 0 21h
d8-monitoring control-plane-proxy-425f55b4-ntvz4 0/3 Running 0 21h
d8-monitoring control-plane-proxy-425f55b4-qcz7q 0/3 Running 0 21h
d8-monitoring ebpf-exporter-bhmgm 2/2 Running 0 21h
d8-monitoring ebpf-exporter-ghb2m 2/2 Running 0 21h
d8-monitoring ebpf-exporter-mcdl9 2/2 Running 0 21h
d8-monitoring ebpf-exporter-mf2wc 2/2 Running 0 21h
d8-monitoring ebpf-exporter-mrq9j 2/2 Running 0 21h
d8-monitoring ebpf-exporter-ngdsn 2/2 Running 0 21h
d8-monitoring ebpf-exporter-q5n4s 2/2 Running 0 21h
d8-monitoring ebpf-exporter-sqn7r 2/2 Running 0 21h
d8-monitoring extended-monitoring-exporter-5b98646445-x5jh9 2/2 Running 0 22h
d8-monitoring grafana-dex-authenticator-5b4d784d6b-qptbw 2/2 Running 1 (21h ago) 21h
d8-monitoring grafana-dex-authenticator-5b4d784d6b-xqg7z 2/2 Running 1 (21h ago) 21h
d8-monitoring grafana-fd84cc744-66hgn 3/3 Running 0 6h54m
d8-monitoring grafana-fd84cc744-6vmtn 3/3 Running 0 6h52m
d8-monitoring image-availability-exporter-6958c96ccb-dcg4z 2/2 Running 0 22h
d8-monitoring kube-state-metrics-64fd9856cd-mxlgm 2/2 Running 0 16h
d8-monitoring kube-state-metrics-64fd9856cd-s59ks 2/2 Running 0 16h
d8-monitoring monitoring-ping-2qbgn 1/1 Running 0 21h
d8-monitoring monitoring-ping-9qc8k 1/1 Running 0 21h
d8-monitoring monitoring-ping-c74j5 1/1 Running 0 21h
d8-monitoring monitoring-ping-cgvwm 1/1 Running 0 21h
d8-monitoring monitoring-ping-p9w4b 1/1 Running 0 21h
d8-monitoring monitoring-ping-smmfq 1/1 Running 0 21h
d8-monitoring monitoring-ping-v6t7s 1/1 Running 0 21h
d8-monitoring monitoring-ping-v9clc 1/1 Running 0 21h
d8-monitoring node-exporter-4chvh 2/3 Running 261 (3m13s ago) 21h
d8-monitoring node-exporter-6bkhn 2/3 Running 260 (4m7s ago) 21h
d8-monitoring node-exporter-92ntw 2/3 Running 260 (4m32s ago) 21h
d8-monitoring node-exporter-bkbkm 2/3 Running 261 (2m2s ago) 21h
d8-monitoring node-exporter-fvmqp 2/3 Running 258 (86s ago) 21h
d8-monitoring node-exporter-hwdbp 2/3 Running 261 (28s ago) 21h
d8-monitoring node-exporter-l95qq 2/3 Running 261 (97s ago) 21h
d8-monitoring node-exporter-sdtg9 2/3 Running 261 (2m40s ago) 21h
d8-monitoring prometheus-longterm-0 3/3 Running 0 22h
d8-monitoring prometheus-main-0 3/3 Running 0 22h
d8-monitoring prometheus-main-1 3/3 Running 0 22h
d8-monitoring prometheus-metrics-adapter-65495cf479-86jv7 2/2 Running 0 22h
d8-monitoring prometheus-metrics-adapter-65495cf479-bmx5s 2/2 Running 0 22h
d8-monitoring prometheus-metrics-adapter-65495cf479-q78lm 2/2 Running 0 22h
d8-monitoring trickster-757f6cc66c-6w2j4 2/2 Running 0 9h
d8-monitoring trickster-757f6cc66c-nvhp4 2/2 Running 0 9h
d8-operator-prometheus prometheus-operator-994cd8c95-9p5v4 2/2 Running 0 22h
d8-pod-reloader pod-reloader-7fcb65d4dc-tvk8q 2/2 Running 0 21h
d8-system deckhouse-8d6d7f8dc-xstjn 1/1 Running 0 22h
d8-system deckhouse-web-b44f84bf9-qrrxv 1/1 Running 0 21h
d8-system deckhouse-web-dex-authenticator-84dcc46bf-2d6vs 2/2 Running 1 (21h ago) 21h
d8-system deckhouse-web-dex-authenticator-84dcc46bf-jmp9f 2/2 Running 0 21h
d8-system webhook-handler-575f568d98-fzpzq 1/1 Running 0 21h
d8-system webhook-handler-575f568d98-ptqhf 1/1 Running 0 21h
d8-upmeter smoke-mini-a-0 1/1 Running 0 2m26s
d8-upmeter smoke-mini-b-0 1/1 Running 0 87s
d8-upmeter smoke-mini-c-0 1/1 Running 0 26s
d8-upmeter smoke-mini-d-0 1/1 Running 0 4m26s
d8-upmeter smoke-mini-e-0 1/1 Running 0 3m26s
d8-upmeter status-bdfcf8c8c-7mrbb 1/1 Running 0 15h
d8-upmeter status-dex-authenticator-b6754856c-652q7 2/2 Running 1 (21h ago) 21h
d8-upmeter status-dex-authenticator-b6754856c-xfcwx 2/2 Running 1 (21h ago) 21h
d8-upmeter upmeter-0 2/2 Running 0 21h
d8-upmeter upmeter-dex-authenticator-85974b884b-4c7ww 2/2 Running 1 (21h ago) 21h
d8-upmeter upmeter-dex-authenticator-85974b884b-b69sd 2/2 Running 1 (21h ago) 21h
d8-upmeter webui-7849cf766c-k5t8v 1/1 Running 0 21h
d8-user-authn dex-66d5657bfc-2xkmr 2/2 Running 0 21h
d8-user-authn dex-66d5657bfc-lh5jw 2/2 Running 0 21h
kube-system coredns-68bbc8b67d-fgttt 1/1 Running 0 22h
kube-system coredns-68bbc8b67d-t2l2b 1/1 Running 0 22h
kube-system kube-apiserver-master-1 1/1 Running 0 22h
kube-system kube-apiserver-master-2 1/1 Running 0 22h
kube-system kube-apiserver-master-3 1/1 Running 0 22h
kube-system kube-controller-manager-master-1 1/1 Running 1 (22h ago) 22h
kube-system kube-controller-manager-master-2 1/1 Running 1 (22h ago) 22h
kube-system kube-controller-manager-master-3 1/1 Running 1 (22h ago) 22h
kube-system kube-scheduler-master-1 1/1 Running 2 (22h ago) 22h
kube-system kube-scheduler-master-2 1/1 Running 1 (22h ago) 22h
kube-system kube-scheduler-master-3 1/1 Running 1 (22h ago) 22h
kube-system vpa-admission-controller-796d4d56bb-2mkkd 1/1 Running 0 22h
kube-system vpa-admission-controller-796d4d56bb-c8dsm 1/1 Running 0 22h
kube-system vpa-admission-controller-796d4d56bb-jhf9l 1/1 Running 0 22h
kube-system vpa-recommender-6dbdd4b67f-27l6p 1/1 Running 0 22h
kube-system vpa-updater-5c67d75775-drh4p 1/1 Running 0 22h
kubelet-serving-cert-approver kubelet-serving-cert-approver-669cc9f99c-8ztmg 1/1 Running 0 22h
metallb-system controller-666bffdb48-92hdx 1/1 Running 0 22h
metallb-system speaker-7gch4 1/1 Running 0 22h
metallb-system speaker-8tkln 1/1 Running 0 22h
metallb-system speaker-bwh24 1/1 Running 0 22h
metallb-system speaker-l74vt 1/1 Running 0 22h
metallb-system speaker-pcdm8 1/1 Running 1 (22h ago) 22h
metallb-system speaker-qwz6f 1/1 Running 0 22h
metallb-system speaker-qx94d 1/1 Running 0 22h
metallb-system speaker-z9cdq 1/1 Running 0 22h
---
kubectl get vpa -A
NAMESPACE NAME MODE CPU MEM PROVIDED AGE
d8-cert-manager annotations-converter-webhook Auto 25m 52428800 True 22h
d8-cert-manager cainjector Initial 25m 78221997 True 22h
d8-cert-manager cert-manager Auto 12m 63544758 True 22h
d8-cert-manager webhook Initial 25m 52428800 True 22h
d8-dashboard dashboard Auto 30m 52428800 True 22h
d8-dashboard dashboard-dex-authenticator Auto 12m 26214400 True 22h
d8-dashboard metrics-scraper Auto 25m 52428800 True 22h
d8-ingress-nginx controller-main Auto 23m 183046954 True 21h
d8-monitoring control-plane-proxy-425f55b4 Auto False 22h
d8-monitoring ebpf-exporter Auto 12m 26214400 True 22h
d8-monitoring extended-monitoring-exporter Auto 12m 26214400 True 22h
d8-monitoring grafana Auto 11m 183046954 True 22h
d8-monitoring grafana-dex-authenticator Auto 12m 26214400 True 22h
d8-monitoring image-availability-exporter Auto 12m 26214400 True 22h
d8-monitoring kube-state-metrics Auto 12m 26214400 True 22h
d8-monitoring monitoring-ping Auto 25m 52428800 True 22h
d8-monitoring node-exporter Auto 11m 17476266 True 22h
d8-monitoring prometheus-longterm Initial 11m 23574998 True 22h
d8-monitoring prometheus-main Initial 203m 1102117711 True 22h
d8-monitoring prometheus-metrics-adapter Initial 23m 49566436 True 22h
d8-monitoring trickster Auto 35m 26214400 True 22h
d8-operator-prometheus prometheus-operator Auto 12m 49566436 True 22h
d8-pod-reloader pod-reloader Auto 12m 49566436 True 22h
d8-system deckhouse Initial 296m 297164212 True 22h
d8-system deckhouse-web Initial 25m 52428800 True 22h
d8-system deckhouse-web-dex-authenticator Auto 12m 26214400 True 22h
d8-system webhook-handler Auto 25m 52428800 True 22h
d8-upmeter status Auto 25m 52428800 True 22h
d8-upmeter status-dex-authenticator Auto 12m 26214400 True 22h
d8-upmeter upmeter Auto 50m 50Mi True 22h
d8-upmeter upmeter-a Auto 25m 52428800 True 21h
d8-upmeter upmeter-agent Auto False 22h
d8-upmeter upmeter-b Auto 25m 52428800 True 21h
d8-upmeter upmeter-c Auto 25m 52428800 True 21h
d8-upmeter upmeter-d Auto 25m 52428800 True 21h
d8-upmeter upmeter-dex-authenticator Auto 12m 26214400 True 22h
d8-upmeter upmeter-e Auto 25m 52428800 True 22h
d8-upmeter webui Auto 25m 52428800 True 22h
d8-user-authn dex Auto 12m 26214400 True 22h
kube-system vpa-admission-controller Initial 25m 52428800 True 22h
kube-system vpa-recommender Auto 25m 52428800 True 22h
kube-system vpa-updater Auto 25m 52428800 True 22h
Now we can actually access Grafana and see that every monitoring aspect is already configured for us:
![](https://bnovickovs.me/content/images/2022/08/image-2.png)
![](https://bnovickovs.me/content/images/2022/08/image-3.png)
![](https://bnovickovs.me/content/images/2022/08/image-4.png)
While Deckhouse modules do not cater to all the requirements of the cluster, it does deploy critical components that are challenging to configure, such as monitoring and VPA. With Deckhouse, a production-ready monitoring system is readily available within the cluster, which can be used for tasks such as alerting, application monitoring & logs, and even node/pod auto-scaling if necessary.