From 6b2b46b46dcb0d25bc13ca7e166bba4fb531da15 Mon Sep 17 00:00:00 2001 From: Joseph Richardson <49208786+JoeHCQ1@users.noreply.github.com> Date: Tue, 2 Jul 2024 18:04:20 -0400 Subject: [PATCH] fix(docs): re-ordered small paragraphs, clarified wording, and added links to tech homepages (#531) # Summary As a new Unicorn, I made changes which I believe would've increased my comprehension of this document on the first read-through. ## Description - Re-ordered tools in monitoring to build conceptually in line with the way each enables the next - Turned first mention of each tool into a link to the relevant docs. Both an ease of reference change and also to disambiguate in the event a name collision exists in the reader's mind. - Clarified relationship between AuthService and Keycloak as this Unicorn initially saw a redundancy and suspected AuthService was perhaps the service IAM solution while Keycloak was the user IAM solution. We could link out to BigBang's explanation of this relationship but I did not: https://docs-bigbang.dso.mil/2.2.0/docs/understanding-bigbang/package-architecture/authservice/ - Wording changes for precision. Example, in MetricsServer, speaking of "container" metrics is more precise (and I believe more accurate) than "cluster" metrics. If it reports on nodes and containers I would (personally) speak of both over the more nebulous "cluster" (which has many more primitives (notably servics and pods) which could be but are not (I think) being reported on). - Most likely errors needing correction: - Metrics Server may be misunderstood - AuthService may be better characterized but I didn't want to plagarize the BigBang docs, and am new to this service. ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --------- Co-authored-by: Micah Nagel --- docs/application-baseline.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/application-baseline.md b/docs/application-baseline.md index c16ea009d..27d507175 100644 --- a/docs/application-baseline.md +++ b/docs/application-baseline.md @@ -16,10 +16,10 @@ For optimal deployment and operational efficiency, it is important to deliver a | **Capability** | **Application** | | ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **Service Mesh** | **Istio:** A powerful service mesh tool that provides traffic management, load balancing, security, and observability features. | -| **Monitoring** | **Prometheus Stack:** Collects and stores time-series data for insights into application health and performance.

**Grafana:** Provides visualization and alerting capabilities for monitoring metrics.

**Metrics Server:** Offers resource utilization metrics for Kubernetes clusters, aiding in capacity planning and optimization. | -| **Logging** | **Loki:** A log aggregation system that allows users to store, search, and analyze logs across their applications.

**Promtail:** A companion agent that efficiently gathers and sends log data to Loki, simplifying log monitoring, troubleshooting, and compliance auditing, enhancing the overall observability of the mission environment. | -| **Security and Compliance** | **NeuVector:** Offers container-native security, protecting applications against threats and vulnerabilities.

**Pepr:** UDS policy engine and operator for enhanced security and compliance. | -| **Identity and Access Management** | **Keycloak:** A robust open-source Identity and Access Management solution, providing centralized authentication, authorization, and user management for enhanced security and control over access to mission-critical resources. | -| **Backup and Restore** | **Velero:** Provides backup and restore capabilities for Kubernetes clusters, ensuring data protection and disaster recovery. | -| **Authorization** | **AuthService:** Offers centralized authorization services, managing access control and permissions within the mission environment. | +| **Service Mesh** | **[Istio](https://istio.io/):** A powerful service mesh that provides traffic management, load balancing, security, and observability features. | +| **Monitoring** | **[Metrics Server](https://kubernetes-sigs.github.io/metrics-server/):** Provides container resource utilization metrics API for Kubernetes clusters.

**[Prometheus](https://prometheus.io/):** Scrapes Metrics Server API and application metrics and stores the data in a time-series database for insights into application health and performance.

**[Grafana](https://grafana.com/grafana/):** Provides visualization and alerting capabilities based on Prometheus's time-series database of metrics. | +| **Logging** | **[Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/):** A companion agent that efficiently gathers and sends container logs to Loki, simplifying log monitoring, troubleshooting, and compliance auditing, enhancing the overall observability of the mission environment.

**[Loki](https://grafana.com/docs/loki/latest/):** A log aggregation system that allows users to store, search, and analyze logs across their applications. | +| **Security and Compliance** | **[NeuVector](https://open-docs.neuvector.com/):** Offers container-native security, protecting applications against threats and vulnerabilities.

**[Pepr](https://pepr.dev/):** UDS policy engine and operator for enhanced security and compliance.| +| **Identity and Access Management** | **[Keycloak](https://www.keycloak.org/):** A robust open-source Identity and Access Management solution, providing centralized authentication, authorization, and user management for enhanced security and control over access to mission-critical resources.| +| **Backup and Restore** | **[Velero](https://velero.io/):** Provides backup and restore capabilities for Kubernetes clusters, ensuring data protection and disaster recovery.| +| **Authorization** | **[AuthService](https://github.com/istio-ecosystem/authservice):** Offers centralized authorization services, managing access control and permissions within the Istio mesh. AuthService plays a supporting role to Keycloak as it handles part of the OIDC redirect flow.|