Packages📜
Big Bang includes many different packages that provide services to the ecosystem. Each of these packages is deployed by a Helm chart located in a repository under Big Bang’s Universe Group. The packages are broken up into several categories listed below. Sometimes packages are tightly coupled and grouped together in a stack. When using a stack, all packages in the stack will be deployed.
Technical Oversight Committee (TOC)📜
The Big Bang TOC supports users and contributors of the Big Bang ecosystem. If you would like to add, modify, or remove packages in Big Bang, we encourage you to attend the TOC to discuss your ideas. You can find details in the BBTOC repository.
Dependency Tree📜
Several of Big Bang’s packages have dependencies on other packages. A Dependency exists if the package would have a significant (or total) loss in functionality if the dependency was not present.
flowchart LR
subgraph Core
direction BT
subgraph L[Logging]
subgraph EFK[Default]
Kibana & Fluentbit --> Elastic
end
subgraph PLG[Alternative]
style PLG stroke-dasharray: 10 10
Promtail[Promtail*] --> Loki[Loki*]
end
end
subgraph M[Monitoring]
Grafana --> Prometheus
Grafana -.-> Loki
end
subgraph PE[Policy Enforcement]
subgraph KyvernoStack[Default]
direction BT
KyvernoReporter[Kyverno Reporter*] --> Kyverno[Kyverno*]
end
subgraph CA[Alternative]
style CA stroke-dasharray: 10 10
direction BT
ClusterAuditor --> OPA[OPA Gatekeeper]
end
end
subgraph RS[Runtime Security]
subgraph TL[Default]
Twistlock[Prisma Cloud Compute]
end
end
subgraph DT[Distributed Tracing]
subgraph J[Default]
Jaeger ----> Elastic
end
subgraph T[Alternative]
style T stroke-dasharray: 10 10
Tempo[Tempo*] -.-> Grafana
end
end
subgraph SM[Service Mesh]
Jaeger --> Istio
Tempo -.-> Istio
Kiali --> Jaeger & Istio & Prometheus
end
endflowchart LR
subgraph AddOns
subgraph AppUtils[Application Utilities]
MinIO
end
subgraph ClusterUtils[Cluster Utilities]
direction BT
ArgoCD
Metrics[Metrics Server]
Velero
end
subgraph "Security"
direction BT
Anchore
Authservice --> I[Istio]
Keycloak
Vault[Vault*]
end
subgraph "Collaboration"
direction BT
Mattermost
end
subgraph "Developer Tools"
direction BT
GLRunners[GitLab Runners] --> GitLab
Nexus[Nexus Repository]
Sonarqube
end
endFootnotes:
- Dotted lines in
Coreindicate a package that is not enabled by default- The following were left off the chart to keep it simple
- Most packages depend on Istio for encrypted traffic and ingress to interfaces.
- Some packages have operators that are deployed prior to the package and manage the package’s state.
Core📜
Core packages make up the foundation of Big Bang. At least one of the supported stacks listed in each category must be enabled to be considered a Big Bang cluster. These packages are designed to provide administrative support for other packages.
Service Mesh📜
A service mesh is a dedicated infrastructure layer for making service-to-service communication safe, fast, and reliable. It provides fine-grained control and enforcement of network routing into, out of, and within the cluster. It can also supply end-to-end traffic encryption, authentication, and authorization.
| Default | Stack | Package | Function | Repositories |
|---|---|---|---|---|
| X | Istio | Istio Operator | Operator | istio-operator |
| X | Istio | Istio | Control Plane | istio-controlplane |
| X | Istio | Kiali | Management Console | kiali |
Logging📜
A logging stack is a set of scalable tools that can aggregate logs from cluster services and provide real-time queries and analysis. Logging is typically comprised of three components: a forwarder, storage, and a visualizer.
| Default | Stack | Package | Function | Repositories |
|---|---|---|---|---|
| EFK | Elastic Cloud on Kubernetes (ECK) Operator | Operator | eck-operator | |
| EFK | Elasticsearch / Kibana | Storage & Visualization | policy | |
| EFK | Fluentbit | Forwarder | fluentbit | |
| X | PLG | Loki | Storage | loki |
| X | PLG | Promtail | Forwarder | promtail |
| > PLG stack uses Grafana, deployed in monitoring, for visualization. |
Policy Enforcement📜
Policy Enforcement is the ability to validate Kubernetes resources against compliance, security, and best-practice policies. If a resource violates a policy, the enforcement tool can deny access to the cluster, dynamically modify the resource to force compliance, or simply record the violation in an audit report. Usually, a reporting tool accompanies the engine to help with analyzing and visualizing policy violations.
| Default | Stack | Package | Function | Repositories |
|---|---|---|---|---|
| Gatekeeper | OPA Gatekeeper | Engine & Policies | policy | |
| Gatekeeper | Cluster Auditor | Reporting | cluster-auditor | |
| X | Kyverno | Kyverno | Engine | kyverno |
| X | Kyverno | Kyverno Policies | Policies | kyverno-policies |
| X | Kyverno | Kyverno Reporter | Reporting | kyverno-reporter |
Monitoring📜
A monitoring stack is used to collect, visualize, and alert on time-series metrics from cluster resources. Metrics are quantitative measurements that provide insight into the cluster. Some examples of metrics include memory utilization, disk utilization, network latency, number of web queries, or number of database transactions.
| Default | Stack | Package | Function | Repositories |
|---|---|---|---|---|
| X | Monitoring | Prometheus | Collection & Alerting | monitoring |
| X | Monitoring | Grafana | Visualization | monitoring |
Distributed Tracing📜
Distributed tracing is a method of tracking application transactions as they flows through cluster services. It is a diagnosing technique to help characterize and troubleshoot problems from the user’s perspective.
| Default | Package | Repositories |
|---|---|---|
| Jaeger | jaeger | |
| X | Tempo | tempo |
Runtime Security📜
Runtime security is the active protection of containers running in the cluster. This type of tool includes scanning for vulnerabilities, checking compliance, detecting threats, and preventing intrusions. Many of these tools also include forensics and incident response features.
| Default | Package | Repositories |
|---|---|---|
Prisma Cloud Compute (AKA Twistlock)  |
twistlock | |
| X | Neuvector | neuvector |
Addons📜
Addons can be used to extend Big Bang with additional services. All of the addons listed here are supported by the Big Bang team and integrated into the product. There may be additional community supported Big Bang packages that are not listed here. These packages are disabled in Big Bang by default.
Storage Utilities📜
Storage utilities include packages that provide services to store and retrieve temporal or persistent data in the cluster. This category includes databases, object storage, and data caching. It is generally advantageous to use cloud based offerings instead of these to take advantage of scalability, availability, and resiliency (e.g. backup and restore). However, for non-critical or on-prem deployments, these utilities offer a simpler and lower cost solution.
| Stack | Package | Function | Repository |
|---|---|---|---|
| MinIO | MinIO Operator | Operator | minio-operator |
| MinIO | MinIO | S3 Object Storage | minio |
Cluster Utilities📜
Cluster utilities add functionality to Kubernetes clusters rather than applications. Examples include resource utilization, cluster backup and restore, continuos deployment, or load balancers.
| Package | Function | Repository |
|---|---|---|
| ArgoCD | Continuous Deployment | argocd |
| Metrics Server | Monitors pod CPU & memory utilization | metrics-server |
| Velero | Cluster Backup & Restore | velero |
Security📜
Security packages add additional security features for protecting services or data from unauthorized access or exploitation. This includes things like identity providers (IdP), identity brokers, authentication (AuthN), authorization (AuthZ), single sign-on (SSO), security scanning, intrusion detection/prevention, and sensitive data protection.
| Package | Function | Repository |
|---|---|---|
| Anchore | Vulnerability Scanner | anchore-enterprise |
| Authservice | Istio extension for Single Sign-On (SSO) | authservice |
| Keycloak | IdP, Identity Broker, AuthN/Z | keycloak |
| Vault | Sensitive Data Access Control | vault |
Collaboration📜
Collaboration tools provide environments to help teams work together online. Chatting, video conferencing, file sharing, and whiteboards are all examples of collaboration tools.
| Stack | Package | Function | Repository |
|---|---|---|---|
| Mattermost | Mattermost Operator | Operator | mattermost-operator |
| Mattermost | Mattermost | Chat | mattermost |
Developer Tools📜
Developer tools include packages that a programmer would use to plan, author, test, debug, or control code. This includes repositories, bug / feature tracking, pipelines, code analysis, automated tests, and development environments.
| Stack | Package | Function | Repository |
|---|---|---|---|
| GitLab | GitLab | Code repository, issue tracking, release planning, security and compliance scanning, pipelines, artifact repository, wiki | gitLab |
| GitLab | GitLab Runner | Executor for GitLab pipelines | gitlab-runner |
| Nexus | Nexus Repository Manager | Artifact repository | nexus |
| Sonarqube | Sonarqube | Static code analysis | sonarqube |
Further Information📜
You can find some additional details about features supported by each package by visiting this document.