@Zelldon I’m wondering what your intention is for your customers to use these helm charts. For instance, I see a postgresql database. My organization will be interested in using our own implementation of a Postgresql database (AWS RDS). Will we be able to direct the platform to use ours?
It’s also likely that our security teams will want our own base images because we have various security agents in place.
We’ll have to tag the pods to tie them back to various reporting and charge-backs.
We’re also going to want to get logs to our centralized SIEM system.
Will we have the ability to customize these to fit our needs? Or are you anticipating that we will have to run them as you provide them (and then maybe have to isolate the system in a security bubble)?
Thoughts?
-Doug
Hey @DGilmour22
sorry for the delay. I try to answer all your questions below.
For instance, I see a postgresql database. My organization will be interested in using our own implementation of a Postgresql database (AWS RDS). Will we be able to direct the platform to use ours?
Identity, which is enabled by default, has a dependency to Keycloak. Keycloak itself needs a relation database to work. We use the Bitnami Keycloak Helm charts, which install per default a PostgreSQL. As far as I know you can bring your own PostgreSQL, but I’m not sure how well supported it is for other databases. You can check this section, how to configure Keycloak for external databases.
We’ll have to tag the pods to tie them back to various reporting and charge-backs.
We’re also going to want to get logs to our centralized SIEM system.
Will we have the ability to customize these to fit our needs?
I see currently no issues with that. We use in our benchmarks stackdriver and use json logging which can be configured separately, you can see an example configuration here. If you observe any issue please bring them up.
Or are you anticipating that we will have to run them as you provide them (and then maybe have to isolate the system in a security bubble)?
I’m not 100% sure whether I get this, maybe you can elaborate here a bit more. What I can say is that the defaults should help users to start with the setup and it should be feasible for most use cases to go into production, but we expect that users will do adjustments and configuration changes based on their needs. For that we documented all possible values here, which should help to configure them.
Hope this helps? Let me know if you have more questions/concerns.
Greets
Chris