diff --git a/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_AWS_Analyze.mdx b/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_AWS_Analyze.mdx index 1577c79..7ca10cf 100644 --- a/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_AWS_Analyze.mdx +++ b/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_AWS_Analyze.mdx @@ -10,40 +10,12 @@ The `/analysis/cloud/aws/analyze` resource is used to collect AWS CloudWatch da * Subsequent analysis is scheduled to run on a nightly basis after the completion of data collection. * Optionally, you can configure the results to be sent to a webhook URI upon analysis completion. See [Add webhook to an analysis](./Analysis_Webhook#_AddWebhook) for details. -3. While data collection or analysis is in progress, you can check the status (using `/analysis/AWS/<``subscriptionId``>/status` resource) or wait for the results to be published to an optional webhook URI. +3. Once data collection succeeds and an `analysisId` is created for the account, you can check progress with `/analysis/cloud/aws//status` or wait for the results to be published to an optional webhook URI. Accounts that have not produced an `analysisId` (for example, due to unsupported resources or insufficient data) cannot use the status endpoint until an analysis run begins. 4. The reporting database update is scheduled to run automatically on a nightly basis after the completion of the analysis. This process produces reports for each instance recommendation, which is useful for analysts or application owners. These reports are only created after the scheduled analysis is completed, and may therefore only be available on the following day for a new analysis. Exact timing depends on the size of your environment. - -### Ad-Hoc Tasks - -Generally you do not need to run once-off tasks as both data collection and analysis tasks are scheduled automatically. In cases where you need make an ad-hoc request in addition to the scheduled job, the functionality exists for this endpoint. - -#### Historical Data Collection - -When Kubex initiates data collection, normally audits collect only the last 24 hours of data. You can optionally collect up to 60 days of historical data. The historical data provides a more representative set of data on which to base resizing and optimization recommendations. You can run an ad-hoc task to collect the historical data. - -Collection of historical data can take a significant amount of time, depending on the number of instances from which Kubex is collecting data. Contact [support@kubex.ai](mailto:support@kubex.ai) to enable historical data collection and details of the performance impact. +When onboarding an account using the `/analysis/cloud/aws/analyze` endpoint, receiving a 200 status code signals that the onboarding was successful. -The following settings define the range of historical data to be collected: - -* Start date offset--This is number of days from the 60-day maximum, used to define the start of the range. - -These extra API parameters allow you to reduce the number of days of historical data to be collected. If, for example, the daily audit has been running for a few days before the historical audit can be executed then you can set the end offset to exclude the number of days that have already been collected. Sixty days is the maximum number of days that you can go back and collect historical data. - -* End date offset--This is number of days from yesterday, to end the range of data collected. - - -![](/images/docs-api/WebHelp_Densify_API_Cloud/Content/Resources/Images/CiRBA_API_Guide/03000025_356x218.png) - - - -A connection to the specified cloud account must already exist before you can run an ad hoc audit. When you execute an ad hoc refresh an audit task will be configured but a new connection will not be created. If the cloud connection does not already exist and the API POST contains `triggerAdhocAudit=true`, then you will get an error message. - -If there is more than one account associated with the specified account ID (i.e. a payer account with many linked accounts), the Kubex API handles it in the same way that analyses are currently rerun using the POST operation. - -Once the audit is complete you need to rerun the associated analyses as indicated below or you can wait for the next scheduled execution of the analyses and RDB populate. - #### Analysis Update You can make an ad-hoc request to refresh an existing analysis, outside of the scheduled nightly run using `/analysis/cloud//analyze`. This manual, ad hoc analysis request does not perform data collection or reporting database (RDB) updates. It only runs the analysis on the existing data collected with the following behavior: @@ -70,9 +42,9 @@ Before you can collect AWS CloudWatch data, you need to create an IAM role for ## Endpoints - + - + \ No newline at end of file diff --git a/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_Azure_Analyze.mdx b/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_Azure_Analyze.mdx index 38c233c..280d141 100644 --- a/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_Azure_Analyze.mdx +++ b/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_Azure_Analyze.mdx @@ -8,36 +8,15 @@ The `/analysis/azure/analyze` resource is used to collect Microsoft Azure infra 2. Initiate analysis on the data collected using the default policy. * Subsequent analysis is scheduled to run on a nightly basis after the completion of data collection. * Optionally, you can configure the results to be sent to a webhook URI upon analysis completion. See [Add webhook to an analysis](./Analysis_Webhook#_AddWebhook) for details. -3. While data collection or analysis is in progress, you can check the status (using `/analysis/azure/<``subscriptionId``>/status` resource) or wait for the results to be published to an optional webhook URI. +3. Once data collection succeeds and an `analysisId` is created for the subscription, you can track progress with `/analysis/cloud/azure//status` or wait for the results to be published to an optional webhook URI. Subscriptions that have not produced an `analysisId` (for example, unsupported resources or insufficient data) cannot use the status endpoint until an analysis run begins. 4. The reporting database update is scheduled to run automatically on a nightly basis after the completion of the analysis. This process produces reports for each instance recommendation, which is useful for analysts or application owners. These reports are only created after the scheduled analysis is completed, and may therefore only be available on the following day for a new analysis. Exact timing depends on the size of your environment. -The `/analysis/cloud/azure` resource is also used to return a list of Microsoft Azure optimization analyses currently in Kubex. - -### Ad-Hoc Tasks - -Generally you do not need to run once-off tasks as both data collection and analysis tasks are scheduled automatically. In cases where you need make an ad-hoc request in addition to the scheduled job, the functionality exists for this endpoint. - -#### Historical Data Collection - -When Kubex initiates data collection, normally audits collect only the last 24 hours of data. You can optionally collect up to 30 days of historical data. The historical data provides a more representative set of data on which to base resizing and optimization recommendations. You can run an ad-hoc task to collect the historical data. - -Collection of historical data can take a significant amount of time, depending on the number of instances from which Kubex is collecting data. Contact [support@kubex.ai](mailto:support@kubex.ai) to enable historical data collection and details of the performance impact. +When onboarding a subscription using the `/analysis/cloud/azure/analyze` endpoint, receiving a 200 status code signals that the onboarding was successful. +The `/analysis/cloud/azure` resource is also used to return a list of Microsoft Azure optimization analyses currently in Kubex. -The following settings define the range of historical data to be collected: - -* Start date offset--This is the number of days from the 30-day maximum, used to define the start of the range. -* End date offset--This is number of days from yesterday, to end the range of data collected. - -These parameters allow you to reduce the number of days of historical data to be collected. If, for example, the daily audit has been running for a few days before the historical audit can be executed then you can set the end offset to exclude the number of days that have already been collected. Thirty days is the maximum number of days that you can go back and collect historical data for Azure and GCP environments. - -A connection to the specified cloud account must already exist before you can run an ad hoc audit. When you execute an ad hoc refresh an audit task will be configured but a new connection will not be created. If the cloud connection does not already exist and the API POST contains `triggerAdhocAudit=true`, then you will get an error message. - -If there is more than one account associated with the specified account ID (i.e. a payer account with many linked accounts), the Kubex API handles it in the same way that analyses are currently rerun using the POST operation. - -Once the audit is complete you need to rerun the associated analyses as indicated below or you can wait for the next scheduled execution of the analyses and RDB populate. #### Analysis Update diff --git a/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_GCP_Analyze.mdx b/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_GCP_Analyze.mdx index d078ab3..c4ca540 100644 --- a/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_GCP_Analyze.mdx +++ b/docs-api/WebHelp_Densify_API_Cloud/Content/API_Guide/Analysis_GCP_Analyze.mdx @@ -14,34 +14,13 @@ The `/analysis/gcp/analyze` resource is used to collect Google Cloud Platform i * Subsequent analysis is scheduled to run on a nightly basis after data collection. * You can optionally configure the results to be sent to a webhook URI upon analysis completion. See [Add webhook to an analysis](./Analysis_Webhook#_AddWebhook) for details. -3. While data collection or analysis is in progress, you can check for status (using `/analysis/gcp/<``projectId``>/status` resource) or wait for the results to be published to an optional webhook URI. +3. Once data collection succeeds and an `analysisId` is created for the project, you can check progress via `/analysis/cloud/gcp//status` or wait for the results to be published to an optional webhook URI. Projects that do not yet have an `analysisId` (for example, unsupported resources or insufficient data) must wait for an analysis run before the status endpoint becomes available. 4. The reporting database update is scheduled to run automatically on a nightly basis after the completion of the analysis. This process produces reports for each instance recommendation, which is useful for analysts or application owners. These reports are only created after the scheduled analysis is completed, and may therefore only be available on the following day for a new analysis. Exact timing depends on the size of your environment. -### Ad-Hoc Tasks - -Generally you do not need to run once-off tasks as both data collection and analysis tasks are scheduled automatically. In cases where you need make an ad-hoc request in addition to the scheduled job, the functionality exists for this endpoint. - -#### Historical Data Collection - -When Kubex initiates data collection, normally audits collect only the last 24 hours of data. You can optionally collect up to 30 days of historical data. The historical data provides a more representative set of data on which to base resizing and optimization recommendations. You can run an ad-hoc task to collect the historical data. - -Collection of historical data can take a significant amount of time, depending on the number of instances from which Kubex is collecting data. Contact [support@kubex.ai](mailto:support@kubex.ai) to enable historical data collection and details of the performance impact. +When onboarding a project using the `/analysis/cloud/gcp/analyze` endpoint, receiving a 200 status code signals that the onboarding was successful. -The following settings define the range of historical data to be collected: - -* Start date offset--This is the number of days from the 30-day maximum, used to define the start of the range. -* End date offset--This is number of days from yesterday, to end the range of data collected. - -These parameters allow you to reduce the number of days of historical data to be collected. If, for example, the daily audit has been running for a few days before the historical audit can be executed then you can set the end offset to exclude the number of days that have already been collected. Thirty days is the maximum number of days that you can go back and collect historical data for Azure and GCP environments. - -A connection to the specified cloud account must already exist before you can run an ad hoc audit. When you execute an ad hoc refresh an audit task will be configured but a new connection will not be created. If the cloud connection does not already exist and the API POST contains `triggerAdhocAudit=true`, then you will get an error message. - -If there is more than one account associated with the specified account ID (i.e. a payer account with many linked accounts), the Kubex API handles it in the same way that analyses are currently rerun using the POST operation. - -Once the audit is complete you need to rerun the associated analyses as indicated below or you can wait for the next scheduled execution of the analyses and RDB populate. - #### Analysis Update You can make an ad-hoc request to refresh an existing analysis, outside of the scheduled nightly run using `/analysis/cloud//analyze`. This manual, ad hoc analysis request does not perform data collection or reporting database updates. It only runs the analysis on the existing data collected with the following behavior: diff --git a/docs-kubex/Content/Cloudex/Catalog_Map_Tab.mdx b/docs-kubex/Content/Cloudex/Catalog_Map_Tab.mdx index 433180d..60df884 100644 --- a/docs-kubex/Content/Cloudex/Catalog_Map_Tab.mdx +++ b/docs-kubex/Content/Cloudex/Catalog_Map_Tab.mdx @@ -8,7 +8,7 @@ import { ImageCard } from "/snippets/ImageCard.mdx"; The Kubex catalog map allows you to view a range of recommended instance type options for public cloud instances. The map view shows the AWS or Azure catalog scores for the selected instance. -**Note:** The catalog map is **not** currently available for ASGs, VM Scale Sets or GCP cloud instances. +**Note:** The catalog map is **not** currently available for ASGs, VM Scale Sets, GCP CE Instances or OCI Instances. Filters allow you to limit the catalog based on items such as processor type, processor features and instance cost. diff --git a/docs-kubex/Content/Cloudex/Cloud_Connections.mdx b/docs-kubex/Content/Cloudex/Cloud_Connections.mdx index 8fe27d8..4718eed 100644 --- a/docs-kubex/Content/Cloudex/Cloud_Connections.mdx +++ b/docs-kubex/Content/Cloudex/Cloud_Connections.mdx @@ -34,13 +34,22 @@ Before creating a connection you need to grant access to Kubex so that it can co AWS Data Collection Using IAM Roles Prerequisites - .
  • Microsoft Azure Data Collection Prerequisites
    • +
  • + + Google Cloud Platform Data Collection Prerequisites + +
    • +
  • + + Oracle Cloud Infrastructure Data Collection Prerequisites + +
    • @@ -58,6 +67,16 @@ Once you have completed the prerequisites you can create the connections using t Creating Azure Cloud Connections +
  • + + Creating GCP Cloud Connections + +
    • +
  • + + Creating OCI Cloud Connections + +
    • diff --git a/docs-kubex/Content/Cloudex/Data_Collection_GCP_Connections.mdx b/docs-kubex/Content/Cloudex/Data_Collection_GCP_Connections.mdx new file mode 100644 index 0000000..f4739d3 --- /dev/null +++ b/docs-kubex/Content/Cloudex/Data_Collection_GCP_Connections.mdx @@ -0,0 +1,87 @@ +--- +title: "Connecting GCP to Kubex" +sidebarTitle: "Connecting GCP to Kubex" +--- + +Kubex uses an API-Key user to access your Google Cloud Platform (GCP) project. See [Google Cloud Platform Data Collection Prerequisites](/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Google_Cloud_Platform_Data_Collection_Prerequisites) for details on configuring the API-Key user and obtaining the required credentials. + +## Configuring GCP Connections + +
      +
    1. + Click the **Add** button and select GCP. + + + +
      2. +
    2. + Enter the GCP-specific connection parameters. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      FieldDescription
      Service Account Key File + The JSON key file for the service account you created in GCP for Kubex data collection. +
      Client ID + The client ID for the service account you created in GCP for Kubex data collection. This is auto filled when you upload the service account key file. +
      Client Email + The client email for the service account you created in GCP for Kubex data collection. This is auto filled when you upload the service account key file. +
      +       +
      3. +
    3. + Verify your connection by clicking the **Verify Connection** button. +
        +
      • + If the credentials are valid, you will be connected and authenticated. +
        • +
      • + If the credentials cannot be validated, then review the displayed error message and correct your credentials. See Troubleshooting GCP Cloud Connections for details. +
        • +
      +
      4. +
    4. + Once the account is verified, the available projects that are associated with the service account are listed. Select the projects that you want to include in this connection and click **Next**. +
      5. + + + +
    5. + Review the connection details and add a name for your connection. Click **Save** to save the connection. +
      6. + + + + + +
    6. + If you want to connect another tenancy, click **Add** and repeat these steps to configure the connection. +
      7. +
    + diff --git a/docs-kubex/Content/Cloudex/Data_Collection_OCI_Connections.mdx b/docs-kubex/Content/Cloudex/Data_Collection_OCI_Connections.mdx new file mode 100644 index 0000000..57c858f --- /dev/null +++ b/docs-kubex/Content/Cloudex/Data_Collection_OCI_Connections.mdx @@ -0,0 +1,92 @@ +--- +title: "Connecting OCI to Kubex" +sidebarTitle: "Connecting OCI to Kubex" +--- + +Kubex uses an API-Key user to access your Oracle Cloud Infrastructure (OCI) tenancy. See [Oracle Cloud Infrastructure Data Collection Prerequisites](/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Oracle_Cloud_Infrastructure_Data_Collection_Prerequisites) for details on configuring the API-Key user and obtaining the required credentials. + +## Configuring OCI Connections + +
      +
    1. + Click the **Add** button and select OCI. + + + +
      2. +
    2. + Enter the OCI-specific connection parameters. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      FieldDescription
      Tenancy OCID + The Oracle Cloud Identifier (OCID) for your tenancy. +
      User OCID + The OCID for the API-Key user you created in the OCI Console for Kubex data collection. +
      Region Identifier + The identifier for the home region assigned to your tenancy. +
      API Key Fingerprint + The fingerprint for the API key you created in OCI for the Kubex data collection user. +
      Private Key File + The private key file you created in OCI for the Kubex data collection user. This file must be in PEM format. +
      +       +
      3. +
    3. + Verify your connection by clicking the **Verify Connection** button. +
        +
      • + If the credentials are valid, you will be connected and authenticated. +
        • +
      • + If the credentials cannot be validated, then review the displayed error message and correct your credentials. See Troubleshooting OCI Cloud Connections for details. +
        • +
      +
      4. +
    4. + Once the connection to the tenancy is verified, you can edit the connection name or use the prefilled tenancy name. This name will appear in the **Cloud Connections** list so you can easily identify this connection. When ready, click the **Save** button to save your connection. +
      5. + + + + + +
    5. + If you want to connect another tenancy, click **Add** and repeat these steps to configure the connection. +
      6. +
    + diff --git a/docs-kubex/Content/Cloudex/Data_Collection_Overview-Cloud.mdx b/docs-kubex/Content/Cloudex/Data_Collection_Overview-Cloud.mdx index fa694f7..4497462 100644 --- a/docs-kubex/Content/Cloudex/Data_Collection_Overview-Cloud.mdx +++ b/docs-kubex/Content/Cloudex/Data_Collection_Overview-Cloud.mdx @@ -35,11 +35,18 @@ The following cloud platforms are currently supported in Kubex: Azure Cloud +
  • + + Google Cloud Platform + +
    • +
  • + + Oracle Cloud Infrastructure + +
    • - -You can use the Cloud Connection wizard in the classic Kubex Console UI to create GCP connections. You can also edit and delete all cloud connection using the Cloud Connection wizard. These features will be available in Kubex in an upcoming release. - ## API Access You can collect and analyze cloud data through the Kubex API. Refer to the following use cases for examples: diff --git a/docs-kubex/Content/Cloudex/Getting_Started_with_Cloudex.mdx b/docs-kubex/Content/Cloudex/Getting_Started_with_Cloudex.mdx index c3b3ee8..3f065ab 100644 --- a/docs-kubex/Content/Cloudex/Getting_Started_with_Cloudex.mdx +++ b/docs-kubex/Content/Cloudex/Getting_Started_with_Cloudex.mdx @@ -53,6 +53,15 @@ You can collect and analyze data from your public cloud environments. You can co + + + + Once your data has been analyzed, you can see your results in the Analysis Details Table tab. diff --git a/docs-kubex/Content/Kubex/Data_Collection_Overview.mdx b/docs-kubex/Content/Kubex/Data_Collection_Overview.mdx index bb931e5..904ad21 100644 --- a/docs-kubex/Content/Kubex/Data_Collection_Overview.mdx +++ b/docs-kubex/Content/Kubex/Data_Collection_Overview.mdx @@ -1,5 +1,6 @@ --- -title: "Connecting Clusters with Kubex" +title: "Connect Your Cluster to Kubex" +sidebar: "Connect Your Cluster to Kubex" --- import { InlineImageWithText } from "/snippets/InlineImageWithText.mdx" @@ -23,10 +24,14 @@ When you first log into Kubex, you'll be presented with a getting started page t
    -## Data Collection Status +## Data Collection Status & Adding More Clusters After deploying Kubex data collection, data will begin flowing within an hour. You can monitor the status of each cluster connection through the data collection status page, which is also accessible from the side panel. Kubex performs data analysis overnight, so data flowing in today will show analyzed results the following morning. ![](/images/docs-kubex/Content/Kubex/k8s_datastatus.png) + +
    +Other configuration options including multi-cluster and observability platforms are also supported. See Data Collection for Containers or Github for other configuration options. + diff --git a/docs-kubex/Content/Kubex/Ephemeral_Storage.mdx b/docs-kubex/Content/Kubex/Ephemeral_Storage.mdx new file mode 100644 index 0000000..5858171 --- /dev/null +++ b/docs-kubex/Content/Kubex/Ephemeral_Storage.mdx @@ -0,0 +1,31 @@ +# Ephemeral Storage Optimization + +Ephemeral storage is a critical yet frequently overlooked resource in Kubernetes environments. It provides containers with temporary space for logs, caches, and scratch data. Unlike persistent volumes, ephemeral storage is tied to the pod lifecycle and is typically backed by the node's local disk. + +While transient, inefficient ephemeral storage management can lead to performance degradation, unexpected pod evictions, and inflated infrastructure costs. + +## Why Optimization Matters + +**Preventing Pod Evictions**: Kubernetes triggers eviction policies when node-level storage is under pressure. Containers exceeding their limits or contributing to disk pressure are terminated, causing service disruptions. + +**Improving Resource Utilization**: Over-provisioning wastes capacity, while under-provisioning increases the risk of failures. Right-sizing storage requests and limits helps maximize node utilization. + +**Cost Efficiency**: Although ephemeral storage is often bundled with node costs, it still represents a finite and valuable resource. Inefficient usage can drive unnecessary scaling of nodes, indirectly increasing infrastructure costs. + +## Key Challenges + +| Challenge | Impact | +|-----------|---------| +| **Shared Pod Storage** | Limits are enforced at the pod level but consumed by individual containers. One "greedy" container can cause the entire pod to be evicted. | +| **Workload Variability** | Ephemeral storage usage can be highly dynamic, driven by log generation, temporary file creation, and workload-specific behavior. | +| **Inconsistent Configs** | Many workloads do not define explicit ephemeral storage requests and limits, relying instead on defaults. This leads to unpredictable scheduling and resource contention. | + +## Optimization + +Kubex provides intelligent ephemeral storage optimization by analyzing granular container-level usage of ephemeral storage. + +The optimization is based on observed storage consumption patterns over time, combined with configurable policy settings that define acceptable risk levels and optimization strategies. + +Each recommendation includes: +- Recommended ephemeral storage request +- Recommended ephemeral storage limit \ No newline at end of file diff --git a/docs-kubex/Content/Kubex/Getting_Started_with_Kubex.mdx b/docs-kubex/Content/Kubex/Getting_Started_with_Kubex.mdx index 09e3e0d..f609647 100644 --- a/docs-kubex/Content/Kubex/Getting_Started_with_Kubex.mdx +++ b/docs-kubex/Content/Kubex/Getting_Started_with_Kubex.mdx @@ -5,31 +5,35 @@ title: "Overview" import { InlineImageWithText } from "/snippets/InlineImageWithText.mdx" import {ContentWrapper} from "/snippets/ContentWrapper.mdx"; - - -## Viewing and Managing Your Kubernetes Environments +## Initiating Container Data Collection - -Watch a walk-through with specific use cases to learn how Kubex can help optimize your Kubernetes environments.
    + +The Kubex data collector is a container that collects data from Kubernetes using the Prometheus server and then forwards that data to Kubex.

    -A tree viewer and a number of tabs allow you to view your environments to better understand where resources are being wasted.
    +Refer to Data Collection Overview to get the Helm commands to deploy the data collector.
    -Take a guided tour through the significant features and find out how to view and optimize your container environments.
    +You can also go directly to the GitHub page: Kubex Collection Stack Helm Chart.
    +
    +Other configuration options including multi-cluster and observability platforms are also supported. See Data Collection for Containers or Github for other configuration options.     -## Initiating Container Data Collection +## Viewing and Managing Your Kubernetes Environments - -The Kubex data forwarder is a container that collects data from Kubernetes using the Prometheus server and then forwards that data to Kubex.
    + +Watch a walk-through with specific use cases to learn how Kubex can help optimize your Kubernetes environments.

    -You can quickly deploy the data forwarder and all of the required prerequisite software using a Helm chart. See Kubex Collection Stack Helm Chart.
    +The Kubernetes dashboard provides a high-level summary of cluster resources, workload usage, costs, and potential risks. + +Explore your Containers and the Nodes that host the container to better understand how resources are being used and how to optimize them.

    -Other configuration options including multi-cluster and observability platforms are also supported. See Data Collection for Containers or Github for other configuration options. +Take a guided tour through the significant features and find out how to view and optimize your container environments.
     + + diff --git a/docs-kubex/Content/Kubex/Kubex_Dashboard.mdx b/docs-kubex/Content/Kubex/Kubex_Dashboard.mdx new file mode 100644 index 0000000..1eb696d --- /dev/null +++ b/docs-kubex/Content/Kubex/Kubex_Dashboard.mdx @@ -0,0 +1,118 @@ +--- +title: "Kubex Dashboard" +--- +import { InlineImageWithText } from "/snippets/InlineImageWithText.mdx" + + +![](/images/docs-kubex/k8s_dashboard.png) + + +The Kubex dashboard provides a high-level summary of cluster resources, workload usage, costs, and potential risks. It helps users understand how Kubernetes resources are allocated, requested, and utilized across clusters, and highlights areas of inefficiency or operational risk. + +### Cluster Filter + +The Cluster Filter on the left side panel allows users to select which clusters are included in the dashboard. By default all clusters are included. + + +![](/images/docs-kubex/k8s_dashboard_cluster_filter.png) + + + +**Capabilities** + +- Search for clusters +- Select one or multiple clusters +- Select all or deselect all clusters +- Apply or reset filters + +The dashboard metrics and visualizations update automatically based on the selected clusters. + +### Dashboard Views + +Users can switch between multiple system views that are available out of the box: + + +![](/images/docs-kubex/k8s_dashboard_views.png) + + + +- Overview – High-level usage, cost and risk insights +- Waste – Focus on resource inefficiency and cost waste +- Risk – Focus on Node and Cluster performance and resource risks + +Users can create new views and designate them as public or as private. + +### Key widgets + +**CPU Allocatable vs Requested vs Utilized** + +This chart compares the allocatable CPU/Memory with what is being requested and the actual usage over time. + + +![](/images/docs-kubex/k8s_dashboard_charts.png) + + +Metrics displayed + +Allocatable – Total CPU/Memory capacity available on nodes +Requested – CPU/Memory resources requested by workloads +Utilized – Actual CPU/WorkingSetMemory usage by running workloads + +How to interpret + +- If Utilized is much lower than Requested, workloads may be over-provisioned. +- Large gaps between Allocatable and Requested may indicate unused capacity due to other factors (like max pods/node or ephemeral storage constraints) that makes the node autoscaler spin up more nodes. + +This helps identify opportunities to optimize CPU & Memory resource allocation. + +**Cluster Cost / Waste** + +This section shows monthly infrastructure cost and estimated waste per cluster and node groups. + + +![](/images/docs-kubex/k8s_dashboard_cluster_costs.png) + + +Metrics + +- Monthly Cost – Total estimated monthly cost of the cluster +- Waste – Estimated cost of unused or over-provisioned resources +- Waste % – Percentage of cluster cost that is inefficiently used + +This helps teams identify clusters where resource optimization could significantly reduce costs. + +**Node Risks** + +The Node Risks widget highlights nodes experiencing potential resource issues. + + +![](/images/docs-kubex/k8s_dashboard_risks.png) + + +- Memory Saturated Nodes: # of Nodes experiencing very high memory usage in the last 7 days +- CPU Saturated Nodes: # of Nodes experiencing very high CPU usage in the last 7 days +- Nodes at Max Pods: # of Nodes that have reached the maximum allowed number of pods in the last 7 days + +These indicators help identify infrastructure pressure points that may impact workload performance. + +**Container Risks** + +This section highlights potential risks at the container level. + + +![](/images/docs-kubex/k8s_dashboard_risks.png) + + +- Containers with Memory Limit Events: # of Containers where the working set utilization is at or very close to the Memory limit in the last 7 days +- Containers with Kill Events: Containers terminated due to a kill event (SIGKILL) +- Containers with CPU Throttling: Containers experiencing CPU throttling + +High values may indicate workloads that need resource tuning. + +**Automation** + +The Automation widget shows workloads that have been automatically optimized by Kubex. This helps track automated efficiency improvements. + + +![](/images/docs-kubex/k8s_dashboard_automation.png) + diff --git a/docs-kubex/Content/Kubex/Node_Group_Analysis.mdx b/docs-kubex/Content/Kubex/Node_Group_Analysis.mdx index 04dc88d..7e5324b 100644 --- a/docs-kubex/Content/Kubex/Node_Group_Analysis.mdx +++ b/docs-kubex/Content/Kubex/Node_Group_Analysis.mdx @@ -1,5 +1,6 @@ --- -title: "Node Group Analysis" +title: "Overview" +sideBar: "Overview" --- import { InlineImageWithText } from "/snippets/InlineImageWithText.mdx" diff --git a/docs-kubex/Content/Kubex/Overview_Tab.mdx b/docs-kubex/Content/Kubex/Overview_Tab.mdx index 6b00fc9..ac0f70d 100644 --- a/docs-kubex/Content/Kubex/Overview_Tab.mdx +++ b/docs-kubex/Content/Kubex/Overview_Tab.mdx @@ -152,7 +152,10 @@ These 2 cards summarize potential resource risks for the container and node grou Restarts
  • - Memory Limit Event + OOM Kills +
    • +
  • + CPU Throttling %
    • diff --git a/docs-kubex/Content/Kubex/Policies_Tab.mdx b/docs-kubex/Content/Kubex/Policies_Tab.mdx index e81215f..ae4ca5b 100644 --- a/docs-kubex/Content/Kubex/Policies_Tab.mdx +++ b/docs-kubex/Content/Kubex/Policies_Tab.mdx @@ -24,7 +24,7 @@ Two system views provide commonly used reports: -Descriptions of the policy settings are provided in the Policy Reference Guide. +Descriptions of the policy settings are provided in the Policy Reference Guide. diff --git a/docs-kubex/Content/Kubex/Using_the_Node_Tree_Viewer.mdx b/docs-kubex/Content/Kubex/Using_the_Node_Tree_Viewer.mdx index 190a59b..eb52b96 100644 --- a/docs-kubex/Content/Kubex/Using_the_Node_Tree_Viewer.mdx +++ b/docs-kubex/Content/Kubex/Using_the_Node_Tree_Viewer.mdx @@ -1,5 +1,6 @@ --- -title: "Using the Node Tree Viewer" +title: "Node Tree Viewer" +sideBar: "Node Tree Viewer" --- import { InlineImageWithText } from "/snippets/InlineImageWithText.mdx" diff --git a/docs-kubex/Content/Kubex/Using_the_Tree_Viewer.mdx b/docs-kubex/Content/Kubex/Using_the_Tree_Viewer.mdx index c71e69b..54959fb 100644 --- a/docs-kubex/Content/Kubex/Using_the_Tree_Viewer.mdx +++ b/docs-kubex/Content/Kubex/Using_the_Tree_Viewer.mdx @@ -1,5 +1,6 @@ --- -title: "Overview" +title: "Container Tree Viewer" +sideBar: "Container Tree Viewer" --- import { InlineImageWithText } from "/snippets/InlineImageWithText.mdx" import { InlineImage } from "/snippets/InlineImage.mdx" diff --git a/docs.json b/docs.json index fa8c4b1..1a5de2f 100644 --- a/docs.json +++ b/docs.json @@ -52,62 +52,59 @@ { "group": "Getting Started", "pages": [ - "docs-kubex/Content/Kubex/Getting_Started_with_Kubex", - "docs-kubex/Content/Kubex/Visualizing_Your_Data", + "docs-kubex/Content/Kubex/Data_Collection_Overview", + "docs-kubex/Content/Kubex/Kubex_Dashboard", "docs-kubex/Content/General/KubexAIAgent" ] }, { - "group": "Container Analysis", + "group": "Container Optimization", "pages": [ "docs-kubex/Content/Kubex/Containers_Analysis", { - "group": "Data Collection ", + "group": "Resource Optimization", "pages": [ - "docs-kubex/Content/Kubex/Data_Collection_Overview", - { - "group": "Alternate Data Collection Methods", - "pages": [ - "docs-kubex/Content/Kubex/Data_Collection_Alternate_Methods", - "docs-kubex/Content/Kubex/Data_Collection_Prerequisites", - "docs-kubex/Content/Kubex/Data_Collection_Additional_Considerations" - ] - } + "docs-kubex/Content/Kubex/Ephemeral_Storage" ] }, { - "group": "Using the Tree Viewer", + "group": "Container Tree Viewer", "pages": [ "docs-kubex/Content/Kubex/Using_the_Tree_Viewer", "docs-kubex/Content/Kubex/Creating_Custom_Views", "docs-kubex/Content/Kubex/Creating_Custom_Filters" ] }, - "docs-kubex/Content/Kubex/Summary_Tab", - "docs-kubex/Content/Kubex/Breakdown_Tab", - "docs-kubex/Content/Kubex/Histograms_Tab", - "docs-kubex/Content/Kubex/Overview_Tab", - "docs-kubex/Content/Kubex/GPU_Tab", - "docs-kubex/Content/Kubex/Metrics_Viewer_Tab", - { - "group": "Analysis Details Tab", + { + "group": "Container Data Tabs", "pages": [ - "docs-kubex/Content/Kubex/AI_Analysis_Details_Tab", - "docs-kubex/Content/Kubex/AI_Analysis_Details_Table", - "docs-kubex/Content/Kubex/Using_Table_Column_Features", - "docs-kubex/Content/Kubex/Using_Filters", - "docs-kubex/Content/Kubex/AI_Analysis_Details_Charts" + "docs-kubex/Content/Kubex/Summary_Tab", + "docs-kubex/Content/Kubex/Breakdown_Tab", + "docs-kubex/Content/Kubex/Histograms_Tab", + "docs-kubex/Content/Kubex/Overview_Tab", + "docs-kubex/Content/Kubex/GPU_Tab", + "docs-kubex/Content/Kubex/Metrics_Viewer_Tab", + { + "group": "Analysis Details Tab", + "pages": [ + "docs-kubex/Content/Kubex/AI_Analysis_Details_Tab", + "docs-kubex/Content/Kubex/AI_Analysis_Details_Table", + "docs-kubex/Content/Kubex/Using_Table_Column_Features", + "docs-kubex/Content/Kubex/Using_Filters", + "docs-kubex/Content/Kubex/AI_Analysis_Details_Charts" + ] + } ] }, { - "group": "Policy Overview", + "group": "Container Policy", "pages": [ "docs-kubex/Content/Kubex/Policy_Overview", "docs-kubex/Content/Kubex/Policies_Tab" ] }, { - "group": "Automation Overview", + "group": "Container Automation", "pages": [ "docs-kubex/Content/Kubex/Automation_Overview", "docs-kubex/Content/Kubex/Automation_Tab" @@ -116,16 +113,35 @@ ] }, { - "group": "Node Group Analysis", + "group": "Node Group Optimization", "pages": [ "docs-kubex/Content/Kubex/Node_Group_Analysis", "docs-kubex/Content/Kubex/Using_the_Node_Tree_Viewer", - "docs-kubex/Content/Kubex/Node_Group_Analysis_Table", - "docs-kubex/Content/Kubex/Node-Group-Overview_Tab", - "docs-kubex/Content/Kubex/Nodes_Tab", - "docs-kubex/Content/Kubex/Node-Overview-Tab" + { + "group": "Node Group Data Tabs", + "pages": [ + "docs-kubex/Content/Kubex/Node_Group_Analysis_Table", + "docs-kubex/Content/Kubex/Node-Group-Overview_Tab", + "docs-kubex/Content/Kubex/Nodes_Tab", + "docs-kubex/Content/Kubex/Node-Overview-Tab" + ] + } + ] + }, + { + "group": "Advanced", + "pages": [ + { + "group": "Alternate Data Collection Methods", + "pages": [ + "docs-kubex/Content/Kubex/Data_Collection_Alternate_Methods", + "docs-kubex/Content/Kubex/Data_Collection_Prerequisites", + "docs-kubex/Content/Kubex/Data_Collection_Additional_Considerations" + ] + } ] } + ] }, { @@ -180,9 +196,18 @@ "group": "GCP Data Collection", "pages": [ "docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Google_Cloud_Platform_Data_Collection_Prerequisites", + "docs-kubex/Content/Cloudex/Data_Collection_GCP_Connections", "docs/WebHelp_Densify_Cloud/Content/Data_Collection_Troubleshooting/GCP_Cloud_Connections" ] }, + { + "group": "OCI Data Collection", + "pages": [ + "docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Oracle_Cloud_Infrastructure_Data_Collection_Prerequisites", + "docs-kubex/Content/Cloudex/Data_Collection_OCI_Connections", + "docs/WebHelp_Densify_Cloud/Content/Data_Collection_Troubleshooting/OCI_Cloud_Connections" + ] + }, "docs-kubex/Content/Cloudex/Cloud_Connections" ] } @@ -458,6 +483,12 @@ "docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Google_OpenID", "docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Okta" ] + }, + { + "group": "User Management", + "pages": [ + "docs/WebHelp_Densify_Cloud/Content/Administration/Kubex_User_Mgmt_RBAC" + ] } ] } diff --git a/docs/WebHelp_Densify/Content/Administration/Kubex_UserMgmt_RBAC.mdx b/docs/WebHelp_Densify/Content/Administration/Kubex_UserMgmt_RBAC.mdx new file mode 100644 index 0000000..c8501cf --- /dev/null +++ b/docs/WebHelp_Densify/Content/Administration/Kubex_UserMgmt_RBAC.mdx @@ -0,0 +1,88 @@ +--- +title: "Kubex - User Access Control (RBAC)" +sideBar: "User Access Control (RBAC)" +--- +import { InlineImageWithText } from "/snippets/InlineImageWithText.mdx" + +# Role-Based Access Control (RBAC) + +## Overview +Role-Based Access Control (RBAC) allows administrators to manage user permissions by assigning predefined roles. Each role grants access to specific features and capabilities within the platform, ensuring secure and efficient access management. + +Users can be assigned one or more roles depending on their responsibilities. + +--- + +## Available Roles + +### 1. Analyst +**Description:** +Provides access to explore and analyze data within the platform. + +**Capabilities:** +- Access dashboards and analytics +- Explore datasets and insights +- View reports and metrics + +--- + +### 2. Access Manager +**Description:** +Responsible for managing users, groups, and access permissions. + +**Capabilities:** +- Create and manage users +- Assign roles and group memberships +- Control access permissions + +--- + +### 3. Connection Manager +**Description:** +Manages integrations with external systems including cloud and container environments. + +**Capabilities:** +- Add new connections +- Configure cloud and container integrations +- Maintain and update connection settings + +--- + +### 4. Policy Manager +**Description:** +Handles creation and management of analysis policies. + +**Capabilities:** +- Create and edit policies +- Manage analysis rules +- Govern policy enforcement across the platform + +--- + +## Assigning Roles + +To assign roles to a user: +1. Navigate to the **User Management** section. +2. Edit or create a user and assign the desired role(s) using the checkboxes. +3. Save the changes to apply permissions. + +Users can have multiple roles assigned simultaneously, combining permissions across roles. + + +![](/images/docs-kubex/kubex_user_mgmt.png) + + + +--- + +## Best Practices + +- **Principle of Least Privilege:** Assign only the roles necessary for a user’s responsibilities. +- **Separation of Duties:** Avoid assigning conflicting roles to the same user. +- **Regular Audits:** Periodically review role assignments to ensure compliance. + +--- + +## Summary + +RBAC simplifies access control by grouping permissions into roles. By assigning appropriate roles, organizations can ensure users have the right level of access while maintaining security and governance. \ No newline at end of file diff --git a/docs/WebHelp_Densify/Content/Administration/Kubex_User_Mgmt_RBAC.mdx b/docs/WebHelp_Densify/Content/Administration/Kubex_User_Mgmt_RBAC.mdx new file mode 100644 index 0000000..6395a41 --- /dev/null +++ b/docs/WebHelp_Densify/Content/Administration/Kubex_User_Mgmt_RBAC.mdx @@ -0,0 +1,86 @@ +--- +title: "User Access Control (RBAC)" +sidebar: "User Access Control (RBAC)" +--- +import { InlineImageWithText } from "/snippets/InlineImageWithText.mdx" + +## Overview +Role-Based Access Control (RBAC) allows administrators to manage user permissions by assigning predefined roles. Each role grants access to specific features and capabilities within the platform, ensuring secure and efficient access management. + +Users can be assigned one or more roles depending on their responsibilities. + +--- + +## Available Roles + +### 1. Analyst +**Description:** +Provides access to explore and analyze data within the platform. + +**Capabilities:** +- Access dashboards and analytics +- Explore datasets and insights +- View reports and metrics + +--- + +### 2. Access Manager +**Description:** +Responsible for managing users, groups, and access permissions. + +**Capabilities:** +- Create and manage users +- Assign roles and group memberships +- Control access permissions + +--- + +### 3. Connection Manager +**Description:** +Manages integrations with external systems including cloud and container environments. + +**Capabilities:** +- Add new connections +- Configure cloud and container integrations +- Maintain and update connection settings + +--- + +### 4. Policy Manager +**Description:** +Handles creation and management of analysis policies. + +**Capabilities:** +- Create and edit policies +- Manage analysis rules +- Govern policy enforcement across the platform + +--- + +## Assigning Roles + +To assign roles to a user: +1. Navigate to the **User Management** section. +2. Edit or create a user and assign the desired role(s) using the checkboxes. +3. Save the changes to apply permissions. + +Users can have multiple roles assigned simultaneously, combining permissions across roles. + + +![](/images/docs-kubex/kubex_user_mgmt.png) + + + +--- + +## Best Practices + +- **Principle of Least Privilege:** Assign only the roles necessary for a user’s responsibilities. +- **Separation of Duties:** Avoid assigning conflicting roles to the same user. +- **Regular Audits:** Periodically review role assignments to ensure compliance. + +--- + +## Summary + +RBAC simplifies access control by grouping permissions into roles. By assigning appropriate roles, organizations can ensure users have the right level of access while maintaining security and governance. \ No newline at end of file diff --git a/docs/WebHelp_Densify_Cloud/Content/Administration/Configuring_External_User_Authentication.mdx b/docs/WebHelp_Densify_Cloud/Content/Administration/Configuring_External_User_Authentication.mdx index 477c39e..e0d4320 100644 --- a/docs/WebHelp_Densify_Cloud/Content/Administration/Configuring_External_User_Authentication.mdx +++ b/docs/WebHelp_Densify_Cloud/Content/Administration/Configuring_External_User_Authentication.mdx @@ -2,14 +2,14 @@ title: "Overview" --- -Kubex provides the capability to authenticate users through external identity providers, that support the OpenID Connect specification. OpenID provides a framework for communicating between an identity provider and the OpenID acceptor, such as Okta and Microsoft Azure AD. +Kubex provides the capability to authenticate users through external identity providers, that support the OpenID Connect specification. OpenID provides a framework for communicating between an identity provider and the OpenID acceptor, such as Okta and Microsoft Entra ID. When authenticating users externally, authentication of Kubex users is first delegated to an external identity provider. A user can be authenticated in one of two ways: * Local user--The account is created and validated within Kubex. For on-premise deployments, you can configure a local account linked to a Windows® Active Directory™ account to access Kubex. Windows® Active Directory™ is not supported for SaaS deployments. -* Externally authentication--These users are authenticated through an external identity provider, that support the OpenID Connect specification. Only the following external identity providers are supported: +* External authentication--These users are authenticated through an external identity provider, that support the OpenID Connect specification. Only the following external identity providers are supported: @@ -19,7 +19,7 @@ A user can be authenticated in one of two ways:
    @@ -33,7 +33,7 @@ A user can be authenticated in one of two ways:
    -Once Open ID is enabled, users must exist in their OpenID provider before they can access Kubex. Users that are created in the Kubex user management console must use the same email address as their user ID in Azure, Okta or Google. +Once Open ID is enabled, users must exist in their OpenID provider before they can access Kubex. Users that are created in the Kubex user management console must use the same email address as their user ID in Microsoft Entra ID, Okta or Google. @@ -41,7 +41,7 @@ Once Open ID is enabled, users must exist in their OpenID provider before they c Once configured you can access either the Kubex Console or the Analysis Console using the configured connection. -The one exception is Google OpenID. When using Google Open ID, only the Kubex Console is supported. If you try to access the Analysis Console, the connection request will fail. If you need to access the Analysis Console, use AzureAD, Okta or Ping. +The one exception is Google OpenID. When using Google Open ID, only the Kubex Console is supported. If you try to access the Analysis Console, the connection request will fail. If you need to access the Analysis Console, use Microsoft Entra ID, Okta or Ping. @@ -52,7 +52,7 @@ The one exception is Google OpenID. When using Google Open ID, only the Kubex Co Before you can configure the feature in Kubex, you must register Kubex with your identity provider. You need to provide information about the application type, login/logout URLs etc. This is a standard procedure across all applications using OpenID for authentication. -Kubex supports: [Google OpenID](./External_User_Authentication_Example_Configuration_for_Google_OpenID), [Microsoft Azure AD](./External_User_Authentication_Example_Configuration_for_Azure_Active_Directory), [Okta](./External_User_Authentication_Example_Configuration_for_Okta) and Ping as external identity providers. +Kubex supports: [Google OpenID](./External_User_Authentication_Example_Configuration_for_Google_OpenID), [Microsoft Entra ID](./External_User_Authentication_Example_Configuration_for_Azure_Active_Directory), [Okta](./External_User_Authentication_Example_Configuration_for_Okta) and Ping as external identity providers. @@ -83,7 +83,7 @@ Kubex supports: [Google OpenID](./External_User_Authentication_Example_Configura @@ -94,13 +94,13 @@ Kubex supports: [Google OpenID](./External_User_Authentication_Example_Configura @@ -110,6 +110,7 @@ Kubex supports: [Google OpenID](./External_User_Authentication_Example_Configura

    This is the callback URL to your Kubex instance where the identity provider redirects the user after they have been authenticated.

    -

    https://\:443/

    +

    https://\.kubex.ai:443

    The HTTP redirect URIs must be protected with TLS security, so the service will only redirect to URIs beginning with "https". This prevents tokens from being intercepted during the authorization process.

    A logout URL is a URL in your Kubex instance that the identity provider can return to after the user has been logged out of the authorization server.

      -
    • https://\/ (for the Kubex Console)
      • -
    • https://\:443/admin (for the Analysis Console)
      • -
    • https://\:443/openIdError
      • +
    • https://\.kubex.ai (for the Kubex Console)
      • +
    • https://\.kubex.ai:443/admin (for the Analysis Console)
      • +
    • https://\.kubex.ai:443/openIdError

    When using Google OpenID Connect only the following is required:

      -
    • https://\:443/openIdError
      • +
    • https://\.kubex.ai:443/openIdError
      +
    • openid
    • Profile
    • Email – If not available, Kubex will use the preferred user name (preferred_username) value of the claim to verify that the user is registered with Kubex. Kubex assumes this is an email address.
    @@ -185,6 +186,6 @@ Validation is only performed on the mandatory fields defined in the OpenID Conne The next section contains the following topics: -- [External User Authentication Example Configuration for Azure Active Directory](/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Azure_Active_Directory) +- [External User Authentication Example Configuration for Microsoft Entra ID](/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Azure_Active_Directory) - [External User Authentication Example Configuration for Google OpenID](/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Google_OpenID) - [External User Authentication Example Configuration for Okta](/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Okta) diff --git a/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Azure_Active_Directory.mdx b/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Azure_Active_Directory.mdx index ab88a39..973f5d1 100644 --- a/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Azure_Active_Directory.mdx +++ b/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Azure_Active_Directory.mdx @@ -1,9 +1,9 @@ --- -title: "External User Authentication for Azure Active Directory" -sidebarTitle: "Azure Active Directory" +title: "External User Authentication for Microsoft Entra ID" +sidebarTitle: "Microsoft Entra ID" --- -You can use the following process to setup Azure Active Directory (AD). You need to register Kubex as a web application in your Azure AD and then provide the following information to Kubex: +You can use the following process to setup Microsoft Entra ID (formerly known as Azure AD). You need to register Kubex as a web application in your Microsoft Entra ID and then provide the following information to Kubex: * Application (client) ID * Directory (tenant) ID @@ -13,10 +13,10 @@ An auto-provisioning feature allows users to access the Kubex Console without ne ### Register an Application -You must have permission to manage applications in Azure AD. i.e. Application administrator or Application developer, etc. +You must have permission to manage applications in Microsoft Entra ID. i.e. Application administrator or Application developer, etc. -1. In the Azure portal. If you have access to multiple tenants, use the Directories + subscriptions filter in the top menu to switch to the tenant in which you want to register the application. -2. Navigate to Azure Active Directory > App Registrations > New registration. +1. Log into the Microsoft Entra ID portal. If you have access to multiple tenants, use the Directories + subscriptions filter in the top menu to switch to the tenant in which you want to register the application. +2. Navigate to Microsoft Entra ID > App Registrations > New registration. ![](/images/docs/WebHelp_Densify_Cloud/Content/Resources/Images/CiRBA_Administration_Guide/030000C6_329x191.png) @@ -36,7 +36,7 @@ New app registrations are hidden to other users by default. Refer to Microsoft.c #### Obtaining the Application and Directory IDs -1. In the Azure portal, navigate to Azure Active Directory > App Registrations. +1. In the Microsoft Entra ID portal, navigate to Microsoft Entra ID > App Registrations. 2. Select your new App Registration and copy the following values: * Application (client) ID @@ -53,7 +53,7 @@ You need to provide these values to Kubex to complete the authentication process A redirect URI is the location where the Microsoft identity platform redirects a user's client and sends back the security tokens after authentication. -1. In the Azure portal, in App registrations, select your application registration. +1. In the Microsoft Entra ID portal, in App registrations, select your application registration. 2. Select Authentication from the side menu. 3. Under Platform configurations, click Add a platform and then choose Web applications > Web. 4. Under Redirect URIs, add the following URIs: @@ -63,8 +63,8 @@ These are examples only. Contact Kubex for the actual URIs. +* https://\.kubex.ai:443 * https://\.kubex.ai:443/redirect -* https://\.kubex.ai:443/ * https://\.kubex.ai:443/kubex * https://\.kubex.ai:443/openIdError @@ -80,7 +80,7 @@ The credentials generated here allow Kubex to authenticate as itself, requiring A client secret is sometimes called an application password. It is a string value that Kubex can use in place of a certificate to identity itself. -1. In the Azure portal, in App registrations, select your application registration. +1. In the Microsoft Entra ID portal, in App registrations, select your application registration. 2. Navigate to Certificates & secrets > Client secrets > New client secret. 3. Add a description for your client secret. i.e.Kubex-Client-Secret 4. Select an expiration for the client secret or specify a custom lifetime. Please note the following: @@ -101,7 +101,7 @@ Record the displayed value, as this value will not be displayed again once you l In this section, you provide Kubex, now registered with the Microsoft identity platform with access to your own web API. You also provide the client app access to Microsoft Graph. -1. In the Azure portal, select App registrations and then select your application registration. +1. In the Microsoft Entra ID portal, select App registrations and then select your application registration. 2. Navigate to Manage > API permissions > Add a Permission > Microsoft Graph. ![](/images/docs/WebHelp_Densify_Cloud/Content/Resources/Images/CiRBA_Administration_Guide/03200049.png) @@ -150,11 +150,11 @@ If the auto-provisioning feature is enabled, you need to create these groups, ot -The auto-provisioning feature allows users to access the Kubex Console without needing to manually create user accounts in Kubex. Once the feature is enabled, you must create groups in your Azure AD, that correspond to Kubex's user groups and add users to grant the required permissions. +The auto-provisioning feature allows users to access the Kubex Console without needing to manually create user accounts in Kubex. Once the feature is enabled, you must create groups in your Microsoft Entra ID that correspond to Kubex's user groups and add users to grant the required permissions. Contact [support@kubex.ai](mailto:support@kubex.ai) to enable the auto-provisioning feature. -You need to create user groups that correspond to the commonly used Kubex user groups: KUBEX\_USER, KUBEX\_USER\_ADMIN and KUBEX\_AUDIT\_ADMIN. +You need to create user groups that correspond to the commonly used Kubex user groups: KUBEX\_USER, KUBEX\_USER\_ADMIN, KUBEX\_AUDIT\_ADMIN, and KUBEX\_POLICY\_ADMIN. 1. Navigate to Manage > Groups. You will see the list of existing groups. 2. Click New group at the top of the list and configure the group settings: @@ -165,7 +165,8 @@ You need to create user groups that correspond to the commonly used Kubex user g * Membership type--Specify how users will be added to the group i.e. "Assigned". 3. Click Create to create the group. -4. Repeat the process to create a group for KUBEX\_USER\_ADMIN and for KUBEX\_AUDIT\_ADMIN. +4. Repeat the process to create a group for KUBEX\_USER\_ADMIN, KUBEX\_AUDIT\_ADMIN, and KUBEX\_POLICY\_ADMIN. + These new user groups cannot be hidden groups. @@ -177,15 +178,16 @@ These new user groups cannot be hidden groups. Add the users to one or more groups. You can add users to all groups or add them to a specifc group , based on their requirements. -* SaaS\_User--Users with this role can access all features in the Kubex Console. -* SaaS\_User\_Admin--Users with this role can add, edit and remove Kubex user accounts through the user management dialog box. +* KUBEX\_USER -- Users with this role can access all features in the Kubex Console. +* KUBEX\_USER\_ADMIN -- Users with this role can add, edit and remove Kubex user accounts through the user management dialog box. User management is not required within Kubex when Open ID is configured and the auto-provisioning feature is enabled. -* SaaS\_Audit\_Admin--Users with this role can create, edit or delete cloud audits, but cannot manage user accounts. +* KUBEX\_AUDIT\_ADMIN -- Users with this role can create, edit or delete cloud audits, but cannot manage user accounts. +* KUBEX\_POLICY\_ADMIN -- Users with this role can edit policies applied to cloud accounts or Kubernetes clusters. -1. Navigate to one of the groups created above.Groups. You will see the list of existing groups. +1. You should now see these new groups appear in the list of all groups. Navigate to one of the groups created above (i.e.: KUBEX\_USER) 2. Click Add members at the top of the list and select the users to be added: 3. Click Add. 4. Repeat the process to add users to the other groups. diff --git a/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Google_OpenID.mdx b/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Google_OpenID.mdx index 6473413..e32440d 100644 --- a/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Google_OpenID.mdx +++ b/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Google_OpenID.mdx @@ -23,9 +23,9 @@ You must have permission to manage applications in your Google Console. 4. Select "Web application" from the Application type dropdown menu. You can accept the default Name for the OAuth 2.0 client. 5. Add the following redirect URIs: -* https://\:443/redirect--This is the login redirect for Kubex. -* https://\:443/openIdError--This is an error message page. The session management filter will redirect the user to the specified OpenID page. For example, when the Google user does not exist in Kubex. -* https://\:443/openIdLoggedOut--This is logout URI. Specify this page if the configuration property, "login.openId.useStaticLogout" is set in the Kubex configuration settings. +* https://\.kubex.ai:443/redirect--This is the login redirect for Kubex. +* https://\.kubex.ai:443/openIdError--This is an error message page. The session management filter will redirect the user to the specified OpenID page. For example, when the Google user does not exist in Kubex. +* https://\.kubex.ai:443/openIdLoggedOut--This is logout URI. Specify this page if the configuration property, "login.openId.useStaticLogout" is set in the Kubex configuration settings. These are examples only. Contact Kubex for the actual URIs. diff --git a/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Okta.mdx b/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Okta.mdx index 480fa8e..395c556 100644 --- a/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Okta.mdx +++ b/docs/WebHelp_Densify_Cloud/Content/Administration/External_User_Authentication_Example_Configuration_for_Okta.mdx @@ -21,12 +21,12 @@ You need to register Kubex as a web application in your Okta Authorization Serve 4. On the *New Web App Integration* page, select the following settings are click *Save*: * App integration name--a name for the application (example Kubex) - * Sign-in redirect URIs--https://\.kubex.ai:443/redirect + * Sign-in redirect URIs--https://\.kubex.ai:443/redirect * Sign-out redirect URIs: - * https://\.kubex.ai:443 - * https://\.kubex.ai:443/openIdError - * https://\.kubex.ai:443/kubex + * https://\.kubex.ai:443 + * https://\.kubex.ai:443/openIdError + * https://\.kubex.ai:443/kubex * Controlled access - Allow everyone in your organization to access diff --git a/docs/WebHelp_Densify_Cloud/Content/Administration/Kubex_User_Mgmt_RBAC.mdx b/docs/WebHelp_Densify_Cloud/Content/Administration/Kubex_User_Mgmt_RBAC.mdx new file mode 100644 index 0000000..4d2bcbf --- /dev/null +++ b/docs/WebHelp_Densify_Cloud/Content/Administration/Kubex_User_Mgmt_RBAC.mdx @@ -0,0 +1,102 @@ +--- +title: "User Access Control (RBAC)" +sidebar: "User Access Control (RBAC)" +--- +import { InlineImageWithText } from "/snippets/InlineImageWithText.mdx" + +## Overview +Role-Based Access Control (RBAC) allows administrators to manage user permissions by assigning predefined roles. Each role grants access to specific features and capabilities within the platform, ensuring secure and efficient access management. + +Users can be assigned one or more roles depending on their responsibilities. + +--- + +## Available Roles + +### 1. Analyst +**Description:** +Provides access to explore and analyze data within the platform. + +**Capabilities:** +- Access dashboards and analytics +- Explore datasets and insights +- View reports and metrics + +--- + +### 2. Access Manager +**Description:** +Responsible for managing users, groups, and access permissions. + +**Capabilities:** +- Create and manage users +- Assign roles and group memberships +- Control access permissions + +--- + +### 3. Connection Manager +**Description:** +Manages integrations with external systems including cloud and container environments. + +**Capabilities:** +- Connect K8s clusters to Kubex +- Connect AWS, Azure and GCP connections to Kubex +- Configure cloud and container integrations +- Maintain and update connection settings + +--- + +### 4. Policy Manager +**Description:** +Handles creation and management of analysis policies. + +**Capabilities:** +- Create and edit policies +- Manage analysis rules +- Govern policy enforcement across the platform + +--- + +## Assigning Roles + +### If using SSO +If you are using Single-Sign-On (refer: [SSO Overview](/docs/WebHelp_Densify_Cloud/Content/Administration/Configuring_External_User_Authentication)), you can map your user groups to specific roles in Kubex. + +By default, the following user groups are mapped to roles as described above: +- KUBEX_USER -> Analyst +- KUBEX_USER_ADMIN -> Access Manager +- KUBEX_AUDIT_ADMIN -> Connection Manager +- KUBEX_POLICY_ADMIN -> Policy Manager + +You can create these user groups in your identity provider and assign users to them. Once SSO is configured, Kubex will automatically provision users with the appropriate roles. + +If you need to map existing user groups to Kubex roles, contact [support@kubex.ai](mailto:support@kubex.ai) to request an update to the mapping. + + +### If not using SSO +To assign roles to a user: +1. Navigate to the **User Management** section. +2. Edit or create a user and assign the desired role(s) using the checkboxes. +3. Save the changes to apply permissions. + +Users can have multiple roles assigned simultaneously, combining permissions across roles. + + +![](/images/docs-kubex/kubex_user_mgmt.png) + + + +--- + +## Best Practices + +- **Principle of Least Privilege:** Assign only the roles necessary for a user’s responsibilities. +- **Separation of Duties:** Avoid assigning conflicting roles to the same user. +- **Regular Audits:** Periodically review role assignments to ensure compliance. + +--- + +## Summary + +RBAC simplifies access control by grouping permissions into roles. By assigning appropriate roles, organizations can ensure users have the right level of access while maintaining security and governance. \ No newline at end of file diff --git a/docs/WebHelp_Densify_Cloud/Content/Data_Collection_Troubleshooting/OCI_Cloud_Connections.mdx b/docs/WebHelp_Densify_Cloud/Content/Data_Collection_Troubleshooting/OCI_Cloud_Connections.mdx new file mode 100644 index 0000000..6c027e4 --- /dev/null +++ b/docs/WebHelp_Densify_Cloud/Content/Data_Collection_Troubleshooting/OCI_Cloud_Connections.mdx @@ -0,0 +1,14 @@ +--- +title: "Troubleshooting OCI Data Collection" +sidebarTitle: "Troubleshooting OCI" +--- + +### OCI Data Collection Issues + +The following are common issues when working with OCI cloud connections: + + +Solution: Create a new private key file in the PEM format or convert the existing key to PEM format. + + +If none of the above issues apply to your environment, contact support@kubex.ai to review your connectivity details and receive further guidance. diff --git a/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/AWS_Data_Collection_Prerequisites_for_an_IAM_Role__CloudWatch_only_.mdx b/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/AWS_Data_Collection_Prerequisites_for_an_IAM_Role__CloudWatch_only_.mdx index 3c65d60..612dc70 100644 --- a/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/AWS_Data_Collection_Prerequisites_for_an_IAM_Role__CloudWatch_only_.mdx +++ b/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/AWS_Data_Collection_Prerequisites_for_an_IAM_Role__CloudWatch_only_.mdx @@ -248,7 +248,7 @@ Linux

     -The CloudWatch agent must be installed and configured on each instance for which you want to obtain memory. Refer to the AWS user documentation for details. See \ +The CloudWatch agent must be installed and configured on each instance for which you want to obtain memory. Refer to the AWS user documentation for details. See \(https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Install-CloudWatch-Agent.html) diff --git a/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/AWS_Data_Collection_Using_a_CloudFormation_Template.mdx b/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/AWS_Data_Collection_Using_a_CloudFormation_Template.mdx index 0b42587..bc2c1c0 100644 --- a/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/AWS_Data_Collection_Using_a_CloudFormation_Template.mdx +++ b/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/AWS_Data_Collection_Using_a_CloudFormation_Template.mdx @@ -25,7 +25,7 @@ If you need to update the IAM role or policy after they have been created, see [ ## Supported Regions -You can run KUbex CloudFormation template in any of the following regions; +You can run the Kubex CloudFormation template in any of the following regions; @@ -194,12 +194,11 @@ When setting this value you must set Failure Tolerance to a value that is ≥ (M * Region Concurrency--Select the desired option. As long as Maximum Concurrent Accounts is specified, parallel is preferred. * Concurrency Mode--Leave the default value, of "Strict failure tolerance". -5. ![](/images/docs/WebHelp_Densify_Cloud/Content/Resources/Images/Cirba_DC_for_Public_Cloud/03000081.png) -6. Click Next to proceed with creating the stack. +5. Click Next to proceed with creating the stack. #### Step 5: Review diff --git a/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Google_Cloud_Platform_Data_Collection_Prerequisites.mdx b/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Google_Cloud_Platform_Data_Collection_Prerequisites.mdx index 6938316..8fa48ba 100644 --- a/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Google_Cloud_Platform_Data_Collection_Prerequisites.mdx +++ b/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Google_Cloud_Platform_Data_Collection_Prerequisites.mdx @@ -1,5 +1,5 @@ --- -title: "Prerequisites - Google Cloud Platform Data Collection" +title: "Google Cloud Platform Data Collection Prerequisites" sidebarTitle: "GCP Prerequisites" --- diff --git a/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Oracle_Cloud_Infrastructure_Data_Collection_Prerequisites.mdx b/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Oracle_Cloud_Infrastructure_Data_Collection_Prerequisites.mdx new file mode 100644 index 0000000..a0c7144 --- /dev/null +++ b/docs/WebHelp_Densify_Cloud/Content/Data_Collection_for_Public_Cloud_Systems/Oracle_Cloud_Infrastructure_Data_Collection_Prerequisites.mdx @@ -0,0 +1,102 @@ +--- +title: "Oracle Cloud Infrastructure Data Collection Prerequisites for API Key User" +sidebarTitle: "OCI Prerequisites" +--- + +## Overview + +Kubex currently supports data collection from an OCI tenancy using API Key user authentication. This method requires creating a dedicated user in OCI, generating an API signing key pair, and configuring appropriate policies to allow Kubex to collect Instance data. + +## Requirements to Create a Cloud Connection + +To connect Kubex to your OCI tenancy using API Key user authentication, you will need the following information for each tenancy you wish to connect: + +* Tenancy OCID +* User OCID +* Region Identifier +* API Key Fingerprint +* Private Key File + +Before configuring OCI data collection, ensure you have: + +- **Administrative Access**: You must have administrative privileges in your OCI tenancy or sufficient permissions to create users, groups, and policies +- **Console Access**: Access to the [Oracle Cloud Infrastructure Console](https://cloud.oracle.com) + +## Creating a User, Group and Policy for Kubex Data Collection + + + + Sign in to the OCI Console and navigate to Identity & Security > Identity > Domains. Select the appropriate identity domain for the Kubex data collection user. + + Ensure the selected domain exists in the root compartment of your tenancy to allow Kubex access to resources across all compartments. If your tenancy has resources deployed in multiple regions, verify that the selected domain is replicated to all regions Kubex should collect data from. + + + + In your selected Identity Domain: + 1. Navigate to **User management** tab + 2. Click **Create** button in the **Users** section + 3. Fill in the required fields: + - Last name: `Kubex Data Collector` + - User name: `kubex-data-collector` + - (Optional) Email: `support@kubex.ai` + 4. Click **Create** to create the user + + + In your selected Identity Domain: + 1. Navigate to **User management** tab + 2. Click **Create group** button in the **Groups** section + 3. Fill in the required fields: + - Name: `Kubex` + - Description: `Group for Kubex data collection` + 4. Select the user you created in the previous step to add to this group + 5. Click **Create** to create the group + + + 1. Navigate to Identity & Security > Identity > Policies + 2. Select the Policies tab and click **Create Policy** + 3. Fill in the required fields: + - Name: `Kubex Data Collection Policy` + - Description: `Policy to allow Kubex data collection` + 4. Switch to the manual editor and add the following policy statements: + ``` + Allow group Kubex to inspect compartments in tenancy + Allow group Kubex to inspect tenancies in tenancy + Allow group Kubex to read instances in tenancy + Allow group Kubex to inspect instance-images in tenancy + Allow group Kubex to inspect vnic-attachments in tenancy + Allow group Kubex to inspect vnics in tenancy + Allow group Kubex to read public-ips in tenancy + Allow group Kubex to inspect instance-pools in tenancy + Allow group Kubex to inspect instance-configurations in tenancy + Allow group Kubex to read metrics in tenancy + ``` + 5. Click **Create** to create the policy and apply it to the group and user + + Ensure the policy is created in the root compartment of your tenancy. + + + + +## Obtaining the Required Credentials for Connection + + + + In your selected Identity Domain, navigate to the **User management** tab and click on the user you created for Kubex data collection + + + 1. Click on the **API Keys** tab in the user details page + 2. Click **Add API Key** button + 3. Select **Generate API key pair** + 4. Download private and public key files and save securely. The private key file will be required when configuring the cloud connection in Kubex + 5. Click **Add** button to create the API key and associate it with the user + + + After adding the API key, a configuration file preview will be displayed. Copy the following values from the preview: + * user (User OCID) + * tenancy (Tenancy OCID) + * region (Region Identifier) + * fingerprint (API Key Fingerprint) + + + +Once you have the required credentials, you can add the connection in Kubex. See [Connecting OCI to Kubex](/docs-kubex/Content/Cloudex/Data_Collection_OCI_Connections) for more details. \ No newline at end of file diff --git a/docs/WebHelp_Densify_Cloud/Content/Release_Notes/New_Features_Cloud.mdx b/docs/WebHelp_Densify_Cloud/Content/Release_Notes/New_Features_Cloud.mdx index 0d23e79..47c32fe 100644 --- a/docs/WebHelp_Densify_Cloud/Content/Release_Notes/New_Features_Cloud.mdx +++ b/docs/WebHelp_Densify_Cloud/Content/Release_Notes/New_Features_Cloud.mdx @@ -12,6 +12,113 @@ The following sections provide details of new features and updates introduced in This topic summarizes both new and updated features introduced in Kubex + + + The following changes have been made to Kubex in this release: + + - **Oracle Cloud Infrastructure (OCI) Support** + - Added support for OCI connections from the Cloud Connections page + - Enabled data collection and optimization for OCI Virtual Machines (VMs) + - Added support for App Owner report + + + + + + + + + + + - **Container Ephemeral Storage Optimization** + - Introduced ephemeral storage recommendations in the UI and REST API + - Added support for ephemeral storage policies + - Note: Ephemeral storage data collection is opt-in and disabled by default + + + + + + + - **Widget Enhancements** + - Added GPU Trend widget to visualize GPU usage over time + - Added Prioritizer Insights widget to summarize recommended actions to focus on based on environment and preferences + + - **Policy Enhancements** + - Improved Policy Viewer layout for readability and navigation + - Added support for configuring samples percentile in Container and Cloud policies + + + + + + + - **API Enhancements** + - Added Automation Controller heartbeat endpoint: + `POST /automation/clusters/{clusterName}/heartbeat` + + - **UI Improvements** + - Added container cost visibility to the Container Overview page + - Enabled Edit and Delete functionality on the Cloud Connections page + + - **Access Control & Security** + - Added support for Okta Groups for permission management. Enabled assignment of user permissions based on group membership + - Added support for Microsoft Graph scopes (for example, `User.Read`) in Azure OpenID integrations + + + + + + + The following changes have been made to Kubex in this release: + + - **Kubernetes Dashboard** + - Kubex introduces a new customizable dashboard that serves as the default landing page, enabling users to compose their own workspace using widgets for faster operational insights. + - The dashboard includes preconfigured views that organize key metrics and charts into ready-to-use layouts. Users can customize these views by arranging widgets and visualizations to match their operational workflow. + - Users can choose whether the classic interface or the new dashboard is used as their default landing page. + + + + + + + - **Improved Node and Container Visibility** + - Container Details now displays node names instead of only a count. + - Horizontal Pod Autoscaler (HPA) settings are now visible in the Container Details table. + - Node group and node metrics now include 5-minute metric samples. + + - **API Enhancements** + - GPU recommendation details added to the Containers API endpoint `GET /kubernetes/clusters//containers?details=true` + + - **Google Cloud (GCP) Connection Support** + - Kubex now supports Google Cloud Platform (GCP) connections directly from the Kubex UI. + + + + + + + - **AWS RDS Connection Data Support** + - Kubex now collects and analyzes AWS RDS connection data, enabling deeper visibility into database activity and incorporating this data into platform analysis. + + - **User Management** + - Users in the Access Manager group can now access User Management + - Added sign-out functionality in the Kubex UI + + + + + + + - **Multi AI-Agent Support** + - Kubex now supports multiple AI agents, enabling users to switch between specialized agents for tasks such as predictive pod scaling, node pre-warming, container sizing, and automation impact analysis. + + + + + + + The following changes have been made to Kubex in this release: @@ -948,6 +1055,21 @@ Refer to [Github repository](https://github.com/densify-dev/container-data-colle When deploying the Container Data Forwarder ensure that the same version is deployed for all of your clusters. See [Data Collection for Containers](../Data_Collection_for_Public_Cloud_Systems/Container_Data_Collection_Overview) + + + Introduced ephemeral storage metrics collection (opt-in) + - Enables support for ephemeral storage analysis and recommendations + + + + Added enhanced node group detection using: + - Kubernetes labels + - OpenShift machine sets + - Node roles + + + + This release adds support for collecting data from Google Managed Prometheus (GMP), which is the only supported method for data collection from GKE Autopilot clusters. diff --git a/favicon.png b/favicon.png index 78aca1c..4339ae8 100644 Binary files a/favicon.png and b/favicon.png differ diff --git a/images/docs-cloudex/cloud_gcp_connection.png b/images/docs-cloudex/cloud_gcp_connection.png new file mode 100644 index 0000000..0ed2553 Binary files /dev/null and b/images/docs-cloudex/cloud_gcp_connection.png differ diff --git a/images/docs-cloudex/cloud_oci_connection.png b/images/docs-cloudex/cloud_oci_connection.png new file mode 100644 index 0000000..a203dc3 Binary files /dev/null and b/images/docs-cloudex/cloud_oci_connection.png differ diff --git a/images/docs-cloudex/cloud_oci_summary.png b/images/docs-cloudex/cloud_oci_summary.png new file mode 100644 index 0000000..0384a5c Binary files /dev/null and b/images/docs-cloudex/cloud_oci_summary.png differ diff --git a/images/docs-kubex/Content/Cloudex/03000172.png b/images/docs-kubex/Content/Cloudex/03000172.png new file mode 100644 index 0000000..64ee3ba Binary files /dev/null and b/images/docs-kubex/Content/Cloudex/03000172.png differ diff --git a/images/docs-kubex/Content/Cloudex/add_cloud_connection.png b/images/docs-kubex/Content/Cloudex/add_cloud_connection.png new file mode 100644 index 0000000..2479fb8 Binary files /dev/null and b/images/docs-kubex/Content/Cloudex/add_cloud_connection.png differ diff --git a/images/docs-kubex/Content/Cloudex/add_gcp_connection.png b/images/docs-kubex/Content/Cloudex/add_gcp_connection.png new file mode 100644 index 0000000..0365e8a Binary files /dev/null and b/images/docs-kubex/Content/Cloudex/add_gcp_connection.png differ diff --git a/images/docs-kubex/Content/Cloudex/add_oci_connection.png b/images/docs-kubex/Content/Cloudex/add_oci_connection.png new file mode 100644 index 0000000..40aceab Binary files /dev/null and b/images/docs-kubex/Content/Cloudex/add_oci_connection.png differ diff --git a/images/docs-kubex/Content/Cloudex/save_gcp_connection.png b/images/docs-kubex/Content/Cloudex/save_gcp_connection.png new file mode 100644 index 0000000..6a47ece Binary files /dev/null and b/images/docs-kubex/Content/Cloudex/save_gcp_connection.png differ diff --git a/images/docs-kubex/Content/Cloudex/save_oci_connection.png b/images/docs-kubex/Content/Cloudex/save_oci_connection.png new file mode 100644 index 0000000..f5254f1 Binary files /dev/null and b/images/docs-kubex/Content/Cloudex/save_oci_connection.png differ diff --git a/images/docs-kubex/Content/Cloudex/select_gcp_connection.png b/images/docs-kubex/Content/Cloudex/select_gcp_connection.png new file mode 100644 index 0000000..6b39254 Binary files /dev/null and b/images/docs-kubex/Content/Cloudex/select_gcp_connection.png differ diff --git a/images/docs-kubex/Content/Kubex/03000080_603x130.png b/images/docs-kubex/Content/Kubex/03000080_603x130.png index c8bff09..21bd0a6 100644 Binary files a/images/docs-kubex/Content/Kubex/03000080_603x130.png and b/images/docs-kubex/Content/Kubex/03000080_603x130.png differ diff --git a/images/docs-kubex/k8s_dashboard.png b/images/docs-kubex/k8s_dashboard.png new file mode 100644 index 0000000..73ca482 Binary files /dev/null and b/images/docs-kubex/k8s_dashboard.png differ diff --git a/images/docs-kubex/k8s_dashboard_automation.png b/images/docs-kubex/k8s_dashboard_automation.png new file mode 100644 index 0000000..dafc2a3 Binary files /dev/null and b/images/docs-kubex/k8s_dashboard_automation.png differ diff --git a/images/docs-kubex/k8s_dashboard_charts.png b/images/docs-kubex/k8s_dashboard_charts.png new file mode 100644 index 0000000..7b93f51 Binary files /dev/null and b/images/docs-kubex/k8s_dashboard_charts.png differ diff --git a/images/docs-kubex/k8s_dashboard_cluster_costs.png b/images/docs-kubex/k8s_dashboard_cluster_costs.png new file mode 100644 index 0000000..ac82fa6 Binary files /dev/null and b/images/docs-kubex/k8s_dashboard_cluster_costs.png differ diff --git a/images/docs-kubex/k8s_dashboard_cluster_filter.png b/images/docs-kubex/k8s_dashboard_cluster_filter.png new file mode 100644 index 0000000..9980368 Binary files /dev/null and b/images/docs-kubex/k8s_dashboard_cluster_filter.png differ diff --git a/images/docs-kubex/k8s_dashboard_risks.png b/images/docs-kubex/k8s_dashboard_risks.png new file mode 100644 index 0000000..24bff64 Binary files /dev/null and b/images/docs-kubex/k8s_dashboard_risks.png differ diff --git a/images/docs-kubex/k8s_dashboard_views.png b/images/docs-kubex/k8s_dashboard_views.png new file mode 100644 index 0000000..168f740 Binary files /dev/null and b/images/docs-kubex/k8s_dashboard_views.png differ diff --git a/images/docs-kubex/k8s_kubernetes_dashboard.png b/images/docs-kubex/k8s_kubernetes_dashboard.png new file mode 100644 index 0000000..3d690a5 Binary files /dev/null and b/images/docs-kubex/k8s_kubernetes_dashboard.png differ diff --git a/images/docs-kubex/k8s_overview_ephemeralStorage.png b/images/docs-kubex/k8s_overview_ephemeralStorage.png new file mode 100644 index 0000000..aa4c4d7 Binary files /dev/null and b/images/docs-kubex/k8s_overview_ephemeralStorage.png differ diff --git a/images/docs-kubex/k8s_policy.png b/images/docs-kubex/k8s_policy.png new file mode 100644 index 0000000..97f3973 Binary files /dev/null and b/images/docs-kubex/k8s_policy.png differ diff --git a/images/docs-kubex/kubex_multi_ai_agent.png b/images/docs-kubex/kubex_multi_ai_agent.png new file mode 100644 index 0000000..2e4f417 Binary files /dev/null and b/images/docs-kubex/kubex_multi_ai_agent.png differ diff --git a/images/docs-kubex/kubex_user_management.png b/images/docs-kubex/kubex_user_management.png new file mode 100644 index 0000000..0fe6c0a Binary files /dev/null and b/images/docs-kubex/kubex_user_management.png differ diff --git a/images/docs-kubex/kubex_user_mgmt.png b/images/docs-kubex/kubex_user_mgmt.png new file mode 100644 index 0000000..5ecf6f4 Binary files /dev/null and b/images/docs-kubex/kubex_user_mgmt.png differ diff --git a/openapi/public_cloud/Analysis_AWS_Analyze.yaml b/openapi/public_cloud/Analysis_AWS_Analyze.yaml index 6c41a5b..39b8700 100644 --- a/openapi/public_cloud/Analysis_AWS_Analyze.yaml +++ b/openapi/public_cloud/Analysis_AWS_Analyze.yaml @@ -16,10 +16,8 @@ paths: description: > Initiates AWS CloudWatch data collection and runs optimization analysis. Subsequent data collection and analysis are scheduled nightly. - If `triggerAdhocAudit` is provided, runs a one-time historical audit - (up to 60 days, optionally narrowed via start/end offsets). If an - analysis already exists, this endpoint re-runs analysis without data - collection and can update the webhook for result delivery. + If an analysis already exists, this endpoint re-runs analysis and can update + the webhook for result delivery. tags: [AWS Analyze] requestBody: required: true @@ -127,19 +125,35 @@ components: type: object description: Minimal representation of an AWS analysis created by the system. properties: - analysisId: - type: string accountId: type: string + description: AWS account ID linked to the analysis. + accountName: + type: string + description: Friendly account display name, when configured. + analysisName: + type: string + description: Internal name assigned to the analysis (defaults to accountId). + policyInstanceId: + type: string + description: Identifier of the policy instance applied to this analysis. + policyName: + type: string + description: Human-readable policy name applied to the analysis. + analysisId: + type: string + description: Unique identifier for the analysis entity. href: type: string - description: Link to the analysis entity or status. - createdOn: + description: Link to the analysis resource. + analysisStatus: type: string - format: date-time - lastRunOn: + description: Link to the status endpoint for this analysis. + analysisResults: type: string - format: date-time - webhookConfigured: - type: boolean - additionalProperties: true + description: Link to the results endpoint for this analysis run. + analysisCompletedOn: + type: integer + format: int64 + description: Unix epoch timestamp (ms) of the latest completed analysis run. + diff --git a/openapi/public_cloud/Analysis_AWS_Delete.yaml b/openapi/public_cloud/Analysis_AWS_Delete.yaml index 2c455f2..6633c99 100644 --- a/openapi/public_cloud/Analysis_AWS_Delete.yaml +++ b/openapi/public_cloud/Analysis_AWS_Delete.yaml @@ -1,72 +1,43 @@ openapi: 3.0.3 info: - title: Kubex API – AWS Delete + title: Kubex API – AWS Delete Connection version: "1.0" servers: - url: https://{host}/api/v2 variables: host: - default: api.example.com + default: hostname.kubex.ai paths: /analysis/cloud/aws/{analysisId}: delete: operationId: deleteAwsAnalysis tags: [AWS Analysis] - summary: Delete AWS audit - description: > - Deletes the single-day and 60-day audits and all associated scheduler entries - for the specified analysis. Collected data and the analysis entity are retained - for reporting or future restart. During deletion, any attempt to access other - endpoints for this analysisId (GET/PUT/POST) returns 400 Bad Request. While the - operation is in progress, poll `/analysis/cloud/aws/{analysisId}/status` or - provide a webhook to receive completion status. + summary: Delete AWS Cloud Connection and Analysis + description: | + Deletes the Cloud Connection and Analysis for the specified AWS account. + + This API only supports deletion for AWS accounts that have a valid analysisId. If the AWS + account was not analyzed (for example, unsupported resources or insufficient data), no + analysisId exists and this API cannot be used. In those cases, delete the cloud connection + manually and contact support@kubex.ai if assistance is required. parameters: - in: path name: analysisId required: true - description: Unique referenced ID of the AWS analysis. + description: The unique referenced ID of the AWS analysis. schema: type: string responses: "200": description: Delete request acknowledged / completed - content: - application/json: - schema: - $ref: '#/components/schemas/SimpleStatusResponse' "400": description: Invalid parameter or conflicting in-progress operation "401": description: Authentication failed "404": - description: Resource not found + description: Analysis not found. "405": description: Method not allowed "500": - description: Internal server error (e.g., payer/linked multi-account deletion not supported via API) - -components: - schemas: - WebHook: - type: object - properties: - uri: - type: string - format: uri - description: Destination URI to receive completion status. - authType: - type: string - description: Authentication type for the webhook (e.g., basic, bearer). - authValue: - type: string - description: Authentication credentials/value for the chosen authType. - SimpleStatusResponse: - type: object - properties: - message: - type: string - description: Informational message returned with the status. - status: - type: integer - description: HTTP response code. + description: Internal server error (e.g., data collection in progress). diff --git a/openapi/public_cloud/Analysis_AWS_Results.yaml b/openapi/public_cloud/Analysis_AWS_Results.yaml index c4ddfcc..73343e1 100644 --- a/openapi/public_cloud/Analysis_AWS_Results.yaml +++ b/openapi/public_cloud/Analysis_AWS_Results.yaml @@ -15,7 +15,7 @@ paths: tags: [AWS Analysis] summary: AWS recommendations using analysisId description: > - Returns optimization recommendations for systems (EC2, RDS, ASG, SPOT) in the + Returns optimization recommendations for systems (EC2, RDS, ASG) in the specified analysis. Use the `Accept` header to choose the representation: `application/json` (array of recommendation objects) or `application/terraform-map` (Terraform-style map where each key is the system's **provisioningId** or name). @@ -83,7 +83,7 @@ paths: name: serviceType schema: type: string - enum: [EC2, RDS, ASG, SPOT] + enum: [EC2, RDS, ASG] description: Filter by AWS service type. - in: query name: approvalType @@ -244,7 +244,7 @@ components: recommendedCost: { type: number } serviceType: type: string - enum: [EC2, RDS, ASG, SPOT] + enum: [EC2, RDS, ASG] currentHourlyRate: { type: number } recommendedHourlyRate: { type: number } currentRiCoverage: { type: integer } diff --git a/openapi/public_cloud/Analysis_AWS_Systems.yaml b/openapi/public_cloud/Analysis_AWS_Systems.yaml index e2cb414..3df8230 100644 --- a/openapi/public_cloud/Analysis_AWS_Systems.yaml +++ b/openapi/public_cloud/Analysis_AWS_Systems.yaml @@ -15,7 +15,7 @@ paths: tags: [AWS Analysis] summary: List all systems included in an AWS analysis description: > - Returns all systems (EC2, RDS, ASG, SPOT) that were part of the specified + Returns all systems (EC2, RDS, ASG) that were part of the specified AWS optimization analysis. Some systems may not have recommendations; use `/analysis/cloud/aws/{analysisId}/results` to fetch recommendation details. parameters: @@ -64,10 +64,9 @@ components: properties: serviceType: type: string - enum: [EC2, RDS, ASG, SPOT] + enum: [EC2, RDS, ASG] description: > - Cloud service type. Note: ASGs with maximum group size of 1 still appear - as `ASG` here; min/max group fields are not returned by this endpoint. + Cloud service type. resourceId: type: string description: Cloud provider resource identifier. diff --git a/openapi/public_cloud/Analysis_Azure_Delete.yaml b/openapi/public_cloud/Analysis_Azure_Delete.yaml index 6b262c5..90595db 100644 --- a/openapi/public_cloud/Analysis_Azure_Delete.yaml +++ b/openapi/public_cloud/Analysis_Azure_Delete.yaml @@ -1,15 +1,12 @@ openapi: 3.1.0 info: - title: Kubex – Azure Analysis Delete API + title: Kubex API – Azure Delete Connection version: "1.0.0" - description: > - Derived from "Analysis: Azure Delete". - Deletes the audit and scheduler entries for the specified Azure analysis. servers: - - url: https://{host} + - url: https://{host}/api/v2 variables: host: - default: api.example.com + default: hostname.kubex.ai tags: - name: Azure Analysis paths: @@ -17,13 +14,14 @@ paths: delete: tags: [Azure Analysis] operationId: deleteAzureAnalysisAudit - summary: Delete Azure data-collection audit for an analysis + summary: Delete Azure Cloud Connection and Analysis description: | - Deletes the audit and associated scheduler entries for the specified analysis. - - Removes single-day and 60-day historical audits if they exist. - - If the connection is a **many-to-one (aggregate)** created via the Cloud Connection Wizard, the request fails and must be deleted via the Wizard. - - While delete is in progress, other operations (GET/PUT/POST) on the same `analysisId` will yield **400 Bad Request**. - - Environment/analysis structures and collected data (within retention) remain; listing endpoints will still show the analysis. + Deletes the Cloud Connection and Analysis for the specified Azure subscription. + + This API only supports deletion for Azure subscriptions that have a valid analysisId. If the Azure + subscription was not analyzed (for example, unsupported resources or insufficient data), no + analysisId exists and this API cannot be used. In those cases, delete the cloud connection + manually and contact support@kubex.ai if assistance is required. parameters: - name: analysisId in: path @@ -31,34 +29,11 @@ paths: description: The unique referenced ID of the Azure analysis. schema: type: string - requestBody: - description: Optional webhook to receive completion status. - required: false - content: - application/json: - schema: - $ref: '#/components/schemas/DeleteWebhook' - examples: - withWebhook: - value: - webHook: - uri: "http://mywebhookserver/webhook/results" - authType: "basic" - authValue: "user:pass" responses: '200': description: Delete accepted/completed; audit removed. - content: - application/json: - schema: - $ref: '#/components/schemas/StatusMessage' - examples: - ok: - value: - message: "OK" - status: 200 '400': - description: Bad Request (e.g., other operations attempted during delete). + description: Invalid parameter or conflicting in-progress operation '401': description: Authentication failed. '404': @@ -66,52 +41,4 @@ paths: '405': description: Method not allowed. '500': - description: Server error (includes “audit in progress” or “aggregate connection” failures). - content: - application/json: - schema: - $ref: '#/components/schemas/StatusMessage' - examples: - inProgress: - summary: Attempted delete while an audit is running - value: - message: "Connection has an audit in progress. It cannot be deleted at this time." - status: 500 - aggregateConnection: - summary: Delete fails for many-to-one (aggregate) connections - value: - message: "Account dfc04848-3848-44c0-b85a-02311951de36 was created via UI and subscriptions [cc377154-9605-4cb0-8b41-1b39e1c4ac0f,3d4ba999-cbd8-40b8-9998-574be6824a97] are incompatible with API use; please delete via UI" - status: 500 - -components: - schemas: - DeleteWebhook: - type: object - additionalProperties: false - properties: - webHook: - type: object - additionalProperties: false - properties: - uri: - type: string - format: uri - description: Destination to receive delete completion status. - authType: - type: string - description: Authentication scheme used by the webhook endpoint (e.g., "basic", "bearer"). - authValue: - type: string - description: Credential value (e.g., user:pass for basic, or token). - required: [uri] - StatusMessage: - type: object - additionalProperties: false - properties: - message: - type: string - description: Informational message for the request result. - status: - type: integer - description: HTTP-like status code (200, 400, 401, 404, 405, 500). - required: [message, status] + description: Internal server error (e.g., data collection in progress). \ No newline at end of file diff --git a/openapi/public_cloud/Analysis_GCP_Delete.yaml b/openapi/public_cloud/Analysis_GCP_Delete.yaml index fded66b..d4691b3 100644 --- a/openapi/public_cloud/Analysis_GCP_Delete.yaml +++ b/openapi/public_cloud/Analysis_GCP_Delete.yaml @@ -1,18 +1,12 @@ openapi: 3.1.0 info: - title: Kubex – GCP Analysis Delete API + title: Kubex API – GCP Delete Connection version: "1.0.0" - description: > - DELETE `/analysis/cloud/gcp/{analysisId}` deletes the audit and its scheduler entries. - Removes single-day and 60-day historical audits if present. Fails for many-to-one - (aggregate) connections created via the Cloud Connection Wizard; those must be - deleted via the Wizard. While delete is in progress, other ops on the same analysisId - return 400. Collected data and the analysis structure remain available for reporting. servers: - - url: https://{host} + - url: https://{host}/api/v2 variables: host: - default: api.example.com + default: hostname.kubex.ai tags: - name: GCP Analysis paths: @@ -20,10 +14,14 @@ paths: delete: tags: [GCP Analysis] operationId: deleteGcpAnalysisAudit - summary: Delete GCP data-collection audit for an analysis + summary: Delete GCP Cloud Connection and Analysis description: | - Deletes the audit and associated scheduler entries for the specified analysis. - Status may be sent to an optional webhook on completion. + Deletes the Cloud Connection and Analysis for the specified GCP project. + + This API only supports deletion for GCP projects that have a valid analysisId. If the GCP + project was not analyzed (for example, unsupported resources or insufficient data), no + analysisId exists and this API cannot be used. In those cases, delete the cloud connection + manually and contact support@kubex.ai if assistance is required. parameters: - name: analysisId in: path @@ -31,32 +29,11 @@ paths: description: The unique referenced ID of the GCP analysis. schema: type: string - requestBody: - required: false - description: Optional webhook to receive completion status. - content: - application/json: - schema: - $ref: '#/components/schemas/DeleteWebhook' - examples: - withWebhook: - value: - webHook: - uri: "http://mywebhookserver/webhook/results" - authType: "basic" - authValue: "user:pass" responses: '200': - description: OK -- delete accepted/completed. - content: - application/json: - schema: - $ref: '#/components/schemas/StatusMessage' - examples: - ok: - value: { message: "OK", status: 200 } + description: Delete request acknowledged / completed '400': - description: Bad Request (e.g., other ops attempted during delete). + description: Invalid parameter or conflicting in-progress operation '401': description: Authentication failed. '404': @@ -64,47 +41,4 @@ paths: '405': description: Method not allowed. '500': - description: Server error (e.g., audit in progress or aggregate connection). - content: - application/json: - schema: - $ref: '#/components/schemas/StatusMessage' - examples: - inProgress: - value: - message: "Connection has an audit in progress. It cannot be deleted at this time." - status: 500 - aggregate: - value: - message: "Account dfc04848-3848-44c0-b85a-02311951de36 was created via UI and subscriptions [cc377154-9605-4cb0-8b41-1b39e1c4ac0f,3d4ba999-cbd8-40b8-9998-574be6824a97] are incompatible with API use; please delete via UI" - status: 500 - -components: - schemas: - DeleteWebhook: - type: object - additionalProperties: false - properties: - webHook: - type: object - additionalProperties: false - properties: - uri: - type: string - format: uri - authType: - type: string - description: Authentication scheme ("basic", "bearer", etc.). - authValue: - type: string - description: Credential value. - required: [uri] - StatusMessage: - type: object - additionalProperties: false - properties: - message: { type: string } - status: - type: integer - description: One of 200, 400, 401, 404, 405, 500. - required: [message, status] + description: Internal server error (e.g., data collection in progress).