Skip to content

Commit

Permalink
fix(docs): re-ordered small paragraphs, clarified wording, and added …
Browse files Browse the repository at this point in the history 
…links to tech homepages (#531)

# Summary

As a new Unicorn, I made changes which I believe would've increased my
comprehension of this document on the first read-through.

## Description

- Re-ordered tools in monitoring to build conceptually in line with the
way each enables the next
- Turned first mention of each tool into a link to the relevant docs.
Both an ease of reference change and also to disambiguate in the event a
name collision exists in the reader's mind.
- Clarified relationship between AuthService and Keycloak as this
Unicorn initially saw a redundancy and suspected AuthService was perhaps
the service IAM solution while Keycloak was the user IAM solution. We
could link out to BigBang's explanation of this relationship but I did
not:
https://docs-bigbang.dso.mil/2.2.0/docs/understanding-bigbang/package-architecture/authservice/
- Wording changes for precision. Example, in MetricsServer, speaking of
"container" metrics is more precise (and I believe more accurate) than
"cluster" metrics. If it reports on nodes and containers I would
(personally) speak of both over the more nebulous "cluster" (which has
many more primitives (notably servics and pods) which could be but are
not (I think) being reported on).
- Most likely errors needing correction:
  - Metrics Server may be misunderstood
- AuthService may be better characterized but I didn't want to plagarize
the BigBang docs, and am new to this service.

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [X] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request)
followed

---------

Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
  • Loading branch information
@JoeHCQ1 @mjnagel
JoeHCQ1 and mjnagel authored Jul 2, 2024
1 parent a9d3eec commit 6b2b46b
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions docs/application-baseline.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ For optimal deployment and operational efficiency, it is important to deliver a

| **Capability** | **Application** |
| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Service Mesh** | **Istio:** A powerful service mesh tool that provides traffic management, load balancing, security, and observability features. |
| **Monitoring** | **Prometheus Stack:** Collects and stores time-series data for insights into application health and performance.<br><br> **Grafana:** Provides visualization and alerting capabilities for monitoring metrics.<br><br> **Metrics Server:** Offers resource utilization metrics for Kubernetes clusters, aiding in capacity planning and optimization. |
| **Logging** | **Loki:** A log aggregation system that allows users to store, search, and analyze logs across their applications.<br><br> **Promtail:** A companion agent that efficiently gathers and sends log data to Loki, simplifying log monitoring, troubleshooting, and compliance auditing, enhancing the overall observability of the mission environment. |
| **Security and Compliance** | **NeuVector:** Offers container-native security, protecting applications against threats and vulnerabilities.<br><br> **Pepr:** UDS policy engine and operator for enhanced security and compliance. |
| **Identity and Access Management** | **Keycloak:** A robust open-source Identity and Access Management solution, providing centralized authentication, authorization, and user management for enhanced security and control over access to mission-critical resources. |
| **Backup and Restore** | **Velero:** Provides backup and restore capabilities for Kubernetes clusters, ensuring data protection and disaster recovery. |
| **Authorization** | **AuthService:** Offers centralized authorization services, managing access control and permissions within the mission environment. |
| **Service Mesh** | **[Istio](https://istio.io/):** A powerful service mesh that provides traffic management, load balancing, security, and observability features. |
| **Monitoring** | **[Metrics Server](https://kubernetes-sigs.github.io/metrics-server/):** Provides container resource utilization metrics API for Kubernetes clusters.<br><br>**[Prometheus](https://prometheus.io/):** Scrapes Metrics Server API and application metrics and stores the data in a time-series database for insights into application health and performance.<br><br> **[Grafana](https://grafana.com/grafana/):** Provides visualization and alerting capabilities based on Prometheus's time-series database of metrics. |
| **Logging** | **[Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/):** A companion agent that efficiently gathers and sends container logs to Loki, simplifying log monitoring, troubleshooting, and compliance auditing, enhancing the overall observability of the mission environment.<br><br> **[Loki](https://grafana.com/docs/loki/latest/):** A log aggregation system that allows users to store, search, and analyze logs across their applications. |
| **Security and Compliance** | **[NeuVector](https://open-docs.neuvector.com/):** Offers container-native security, protecting applications against threats and vulnerabilities.<br><br> **[Pepr](https://pepr.dev/):** UDS policy engine and operator for enhanced security and compliance.|
| **Identity and Access Management** | **[Keycloak](https://www.keycloak.org/):** A robust open-source Identity and Access Management solution, providing centralized authentication, authorization, and user management for enhanced security and control over access to mission-critical resources.|
| **Backup and Restore** | **[Velero](https://velero.io/):** Provides backup and restore capabilities for Kubernetes clusters, ensuring data protection and disaster recovery.|
| **Authorization** | **[AuthService](https://github.com/istio-ecosystem/authservice):** Offers centralized authorization services, managing access control and permissions within the Istio mesh. AuthService plays a supporting role to Keycloak as it handles part of the OIDC redirect flow.|

0 comments on commit 6b2b46b

Please sign in to comment.