Packagesπ£
Big Bang includes many different packages that provide services to the ecosystem. Each of these packages is deployed by a Helm chart located in a repository under Big Bangβs Packages Group. The packages are broken up into several categories listed below. Sometimes packages are tightly coupled and grouped together in a stack. When using a stack, all packages in the stack will be deployed.
Technical Oversight Committee (TOC)π£
The Big Bang TOC supports users and contributors of the Big Bang ecosystem. If you would like to add, modify, or remove packages in Big Bang, we encourage you to attend the TOC to discuss your ideas. You can find details in the TOC repository.
Dependency Treeπ£
Several of Big Bangβs packages have dependencies on other packages. A Dependency exists if the package would have a significant (or total) loss in functionality if the dependency was not present.
Footnotes:
- Pages marked with
*
are in Beta testing- Dotted lines in
Core
indicate a package that is not enabled by default- The following were left off the chart to keep it simple
- Most packages depend on Istio for encrypted traffic and ingress to interfaces.
- Some packages have operators that are deployed prior to the package and manage the packageβs state.
Coreπ£
Core packages make up the foundation of Big Bang. At least one of the supported stacks listed in each category must be enabled to be considered a Big Bang cluster. These packages are designed to provide administrative support for other packages.
Service Meshπ£
A service mesh is a dedicated infrastructure layer for making service-to-service communication safe, fast, and reliable. It provides fine-grained control and enforcement of network routing into, out of, and within the cluster. It can also supply end-to-end traffic encryption, authentication, and authorization.
Default | Stack | Package | Function | Repositories |
---|---|---|---|---|
X | Istio | Istio Operator | Operator | istio-operator |
X | Istio | Istio | Control Plane | istio-controlplane |
X | Istio | Kiali | Management Console | kiali |
Loggingπ£
A logging stack is a set of scalable tools that can aggregate logs from cluster services and provide real-time queries and analysis. Logging is typically comprised of three components: a forwarder, storage, and a visualizer.
Default | Stack | Package | Function | Repositories |
---|---|---|---|---|
X | EFK | Elastic Cloud on Kubernetes (ECK) Operator | Operator | eck-operator |
X | EFK | Elasticsearch / Kibana | Storage & Visualization | policy |
X | EFK | Fluentbit | Forwarder | fluentbit |
PLG | Loki | Storage | loki | |
PLG | Promtail | Forwarder | promtail |
PLG stack uses Grafana, deployed in monitoring, for visualization.
Policy Enforcementπ£
Policy Enforcement is the ability to validate Kubernetes resources against compliance, security, and best-practice policies. If a resource violates a policy, the enforcement tool can deny access to the cluster, dynamically modify the resource to force compliance, or simply record the violation in an audit report. Usually, a reporting tool accompanies the engine to help with analyzing and visualizing policy violations.
Default | Stack | Package | Function | Repositories |
---|---|---|---|---|
X | Gatekeeper | OPA Gatekeeper | Engine & Policies | policy |
X | Gatekeeper | Cluster Auditor | Reporting | cluster-auditor |
Kyverno | Kyverno | Engine | kyverno | |
Kyverno | Kyverno Policies | Policies | kyverno-policies | |
Kyverno | Kyverno Reporter | Reporting | kyverno-reporter |
Monitoringπ£
A monitoring stack is used to collect, visualize, and alert on time-series metrics from cluster resources. Metrics are quantitative measurements that provide insight into the cluster. Some examples of metrics include memory utilization, disk utilization, network latency, number of web queries, or number of database transactions.
Default | Stack | Package | Function | Repositories |
---|---|---|---|---|
X | Monitoring | Prometheus | Collection & Alerting | monitoring |
X | Monitoring | Grafana | Visualization | monitoring |
Distributed Tracingπ£
Distributed tracing is a method of tracking application transactions as they flows through cluster services. It is a diagnosing technique to help characterize and troubleshoot problems from the userβs perspective.
Product:
Runtime Securityπ£
Runtime security is the active protection of containers running in the cluster. This type of tool includes scanning for vulnerabilities, checking compliance, detecting threats, and preventing intrusions. Many of these tools also include forensics and incident response features.
Default | Package | Repositories |
---|---|---|
X | Prisma Cloud Compute (AKA Twistlock) | twistlock |
Addonsπ£
Addons can be used to extend Big Bang with additional services. All of the addons listed here are supported by the Big Bang team and integrated into the product. There may be additional community supported Big Bang packages that are not listed here. These packages are disabled in Big Bang by default.
Storage Utilitiesπ£
Storage utilities include packages that provide services to store and retrieve temporal or persistent data in the cluster. This category includes databases, object storage, and data caching. It is generally advantageous to use cloud based offerings instead of these to take advantage of scalability, availability, and resiliency (e.g. backup and restore). However, for non-critical or on-prem deployments, these utilities offer a simpler and lower cost solution.
Stack | Package | Function | Repository |
---|---|---|---|
MinIO | MinIO Operator | Operator | minio-operator |
MinIO | MinIO | S3 Object Storage | minio |
Cluster Utilitiesπ£
Cluster utilities add functionality to Kubernetes clusters rather than applications. Examples include resource utilization, cluster backup and restore, continuos deployment, or load balancers.
Package | Function | Repository |
---|---|---|
ArgoCD | Continuous Deployment | argocd |
Metrics Server | Monitors pod CPU & memory utilization | metrics-server |
Velero | Cluster Backup & Restore | velero |
Securityπ£
Security packages add additional security features for protecting services or data from unauthorized access or exploitation. This includes things like identity providers (IdP), identity brokers, authentication (AuthN), authorization (AuthZ), single sign-on (SSO), security scanning, intrusion detection/prevention, and sensitive data protection.
Package | Function | Repository |
---|---|---|
Anchore | Vulnerability Scanner | anchore-enterprise |
Authservice | Istio extension for Single Sign-On (SSO) | authservice |
Keycloak | IdP, Identity Broker, AuthN/Z | keycloak |
Vault | Sensitive Data Access Control | vault |
Collaborationπ£
Collaboration tools provide environments to help teams work together online. Chatting, video conferencing, file sharing, and whiteboards are all examples of collaboration tools.
Stack | Package | Function | Repository |
---|---|---|---|
Mattermost | Mattermost Operator | Operator | mattermost-operator |
Mattermost | Mattermost | Chat | mattermost |
Developer Toolsπ£
Developer tools include packages that a programmer would use to plan, author, test, debug, or control code. This includes repositories, bug / feature tracking, pipelines, code analysis, automated tests, and development environments.
Stack | Package | Function | Repository |
---|---|---|---|
GitLab | GitLab | Code repository, issue tracking, release planning, security and compliance scanning, pipelines, artifact repository, wiki | gitLab |
GitLab | GitLab Runner | Executor for GitLab pipelines | gitlab-runner |
Nexus | Nexus Repository | Artifact repository | nexus |
Sonarqube | Sonarqube | Static code analysis | sonarqube |
Further Informationπ£
You can find some additional details about features supported by each package by visiting this document.