Big Bang includes many different packages that provide services to the ecosystem. Each of these packages is deployed by a Helm chart located in a repository under Big Bang’s Universe Group. The packages are broken up into several categories listed below. Sometimes packages are tightly coupled and grouped together in a stack. When using a stack, all packages in the stack will be deployed.
Technical Oversight Committee (TOC)📜
The Big Bang TOC supports users and contributors of the Big Bang ecosystem. If you would like to add, modify, or remove packages in Big Bang, we encourage you to attend the TOC to discuss your ideas. You can find details in the BBTOC repository.
Several of Big Bang’s packages have dependencies on other packages. A Dependency exists if the package would have a significant (or total) loss in functionality if the dependency was not present.
flowchart LR subgraph Core direction BT subgraph L[Logging] subgraph EFK[Default] Kibana & Fluentbit --> Elastic end subgraph PLG[Alternative] style PLG stroke-dasharray: 10 10 Promtail[Promtail*] --> Loki[Loki*] end end subgraph M[Monitoring] Grafana --> Prometheus Grafana -.-> Loki end subgraph PE[Policy Enforcement] subgraph CA[Default] direction BT ClusterAuditor --> OPA[OPA Gatekeeper] end subgraph KyvernoStack[Alternative] style KyvernoStack stroke-dasharray: 10 10 direction BT KyvernoReporter[Kyverno Reporter*] --> Kyverno[Kyverno*] end end subgraph RS[Runtime Security] subgraph TL[Default] Twistlock[Prisma Cloud Compute] end end subgraph DT[Distributed Tracing] subgraph J[Default] Jaeger ----> Elastic end subgraph T[Alternative] style T stroke-dasharray: 10 10 Tempo[Tempo*] -.-> Grafana end end subgraph SM[Service Mesh] Jaeger --> Istio Tempo -.-> Istio Kiali --> Jaeger & Istio & Prometheus end end
flowchart LR subgraph AddOns subgraph AppUtils[Application Utilities] MinIO end subgraph ClusterUtils[Cluster Utilities] direction BT ArgoCD Metrics[Metrics Server] Velero end subgraph "Security" direction BT Anchore Authservice --> I[Istio] Keycloak Vault[Vault*] end subgraph "Collaboration" direction BT Mattermost end subgraph "Developer Tools" direction BT GLRunners[GitLab Runners] --> GitLab Nexus[Nexus Repository] Sonarqube end end
- Dotted lines in
Coreindicate a package that is not enabled by default
- The following were left off the chart to keep it simple
- Most packages depend on Istio for encrypted traffic and ingress to interfaces.
- Some packages have operators that are deployed prior to the package and manage the package’s state.
Core packages make up the foundation of Big Bang. At least one of the supported stacks listed in each category must be enabled to be considered a Big Bang cluster. These packages are designed to provide administrative support for other packages.
A service mesh is a dedicated infrastructure layer for making service-to-service communication safe, fast, and reliable. It provides fine-grained control and enforcement of network routing into, out of, and within the cluster. It can also supply end-to-end traffic encryption, authentication, and authorization.
A logging stack is a set of scalable tools that can aggregate logs from cluster services and provide real-time queries and analysis. Logging is typically comprised of three components: a forwarder, storage, and a visualizer.
|EFK||Elastic Cloud on Kubernetes (ECK) Operator||Operator||eck-operator|
|EFK||Elasticsearch / Kibana||Storage & Visualization||policy|
|> PLG stack uses Grafana, deployed in monitoring, for visualization.|
Policy Enforcement is the ability to validate Kubernetes resources against compliance, security, and best-practice policies. If a resource violates a policy, the enforcement tool can deny access to the cluster, dynamically modify the resource to force compliance, or simply record the violation in an audit report. Usually, a reporting tool accompanies the engine to help with analyzing and visualizing policy violations.
|Gatekeeper||OPA Gatekeeper||Engine & Policies||policy|
A monitoring stack is used to collect, visualize, and alert on time-series metrics from cluster resources. Metrics are quantitative measurements that provide insight into the cluster. Some examples of metrics include memory utilization, disk utilization, network latency, number of web queries, or number of database transactions.
|X||Monitoring||Prometheus||Collection & Alerting||monitoring|
Distributed tracing is a method of tracking application transactions as they flows through cluster services. It is a diagnosing technique to help characterize and troubleshoot problems from the user’s perspective.
Runtime security is the active protection of containers running in the cluster. This type of tool includes scanning for vulnerabilities, checking compliance, detecting threats, and preventing intrusions. Many of these tools also include forensics and incident response features.
|Prisma Cloud Compute (AKA Twistlock)||twistlock|
Addons can be used to extend Big Bang with additional services. All of the addons listed here are supported by the Big Bang team and integrated into the product. There may be additional community supported Big Bang packages that are not listed here. These packages are disabled in Big Bang by default.
Storage utilities include packages that provide services to store and retrieve temporal or persistent data in the cluster. This category includes databases, object storage, and data caching. It is generally advantageous to use cloud based offerings instead of these to take advantage of scalability, availability, and resiliency (e.g. backup and restore). However, for non-critical or on-prem deployments, these utilities offer a simpler and lower cost solution.
|MinIO||MinIO||S3 Object Storage||minio|
Cluster utilities add functionality to Kubernetes clusters rather than applications. Examples include resource utilization, cluster backup and restore, continuos deployment, or load balancers.
|Metrics Server||Monitors pod CPU & memory utilization||metrics-server|
|Velero||Cluster Backup & Restore||velero|
Security packages add additional security features for protecting services or data from unauthorized access or exploitation. This includes things like identity providers (IdP), identity brokers, authentication (AuthN), authorization (AuthZ), single sign-on (SSO), security scanning, intrusion detection/prevention, and sensitive data protection.
|Authservice||Istio extension for Single Sign-On (SSO)||authservice|
|Keycloak||IdP, Identity Broker, AuthN/Z||keycloak|
|Vault||Sensitive Data Access Control||vault|
Collaboration tools provide environments to help teams work together online. Chatting, video conferencing, file sharing, and whiteboards are all examples of collaboration tools.
Developer tools include packages that a programmer would use to plan, author, test, debug, or control code. This includes repositories, bug / feature tracking, pipelines, code analysis, automated tests, and development environments.
|GitLab||GitLab||Code repository, issue tracking, release planning, security and compliance scanning, pipelines, artifact repository, wiki||gitLab|
|GitLab||GitLab Runner||Executor for GitLab pipelines||gitlab-runner|
|Nexus||Nexus Repository Manager||Artifact repository||nexus|
|Sonarqube||Sonarqube||Static code analysis||sonarqube|
You can find some additional details about features supported by each package by visiting this document.