diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-24 09:53:08 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-24 09:53:08 +0000 |
| commit | 6a1900e8bd84c282a500ae4032645ae55c614b7b (patch) | |
| tree | d4d31289c39fc00da064a825df13a0b98ce95b10 /docs/netdata-cloud | |
| parent | Adding upstream version 1.45.3+dfsg. (diff) | |
| download | netdata-upstream/1.46.3.tar.xz netdata-upstream/1.46.3.zip | |
Adding upstream version 1.46.3.upstream/1.46.3
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
14 files changed, 447 insertions, 291 deletions
diff --git a/docs/netdata-cloud-onprem/getting-started-light-poc.md b/docs/netdata-cloud-onprem/getting-started-light-poc.md deleted file mode 100644 index 7e78638e3..000000000 --- a/docs/netdata-cloud-onprem/getting-started-light-poc.md +++ /dev/null @@ -1,60 +0,0 @@ -# Getting started with Netdata Cloud On-Prem Light PoC -Due to the high demand, we designed a very light and easy-to-install version of netdata for clients who do not have Kubernetes cluster installed. Please keep in mind that this is (for now) only designed to be used as a PoC with no built-in resiliency on failures of any kind. - -Requirements: - - Ubuntu 22.04 (clean installation will work best). - - 10 CPU Cores and 24 GiB of memory. - - Access to shell as a sudo. - - TLS certificate for Netdata Cloud On-Prem PoC. A single endpoint is required. The certificate must be trusted by all entities connecting to the On-Prem installation by any means. - - AWS ID and Key - contact Netdata Product Team - info@netdata.cloud - - License Key - contact Netdata Product Team - info@netdata.cloud - -To install the whole environment, log in to the designated host and run: -```shell -curl https://netdata-cloud-netdata-static-content.s3.amazonaws.com/provision.sh -o provision.sh -chmod +x provision.sh -sudo ./provision.sh install \ - -key-id "" \ - -access-key "" \ - -onprem-license-key "" \ - -onprem-license-subject "" \ - -onprem-url "" \ - -certificate-path "" \ - -private-key-path "" -``` - -What does the script do during installation? -1. Prompts for user to provide: - - `-key-id` - AWS ECR access key ID. - - `-access-key` - AWS ECR Access Key. - - `-onprem-license-key` - Netdata Cloud On-Prem license key. - - `-onprem-license-subject` - Netdata Cloud On-Prem license subject. - - `-onprem-url` - URL for the On-prem (without http(s) protocol). - - `-certificate-path` - path to your PEM encoded certificate. - - `-private-key-path` - path to your PEM encoded key. -2. After getting all of the information installation is starting. The script will install: - - Helm - - Kubectl - - AWS CLI - - K3s cluster (single node) -3. When all the required software is installed script starts to provision the K3s cluster with gathered data. - -After cluster provisioning netdata is ready to be used. - -##### How to log in? -Because this is a PoC with 0 configurations required, only log in by mail can work. What's more every mail that Netdata Cloud On-Prem sends will appear on the mailcatcher, which acts as the SMTP server with a simple GUI to read the mails. Steps: -1. Open Netdata Cloud On-Prem PoC in the web browser on URL you specified -2. Provide email and use the button to confirm -3. Mailcatcher will catch all the emails so go to `<URL from point 1.>/mailcatcher`. Find yours and click the link. -4. You are now logged into the netdata. Add your first nodes! - -##### How to remove Netdata Cloud On-Prem PoC? -To uninstall the whole PoC, use the same script that installed it, with the `uninstall` switch. - -```shell -cd <script dir> -sudo ./provision.sh uninstall -``` - -#### WARNING -This script will automatically expose not only netdata but also a mailcatcher under `<URL from point 1.>/mailcatcher`. diff --git a/docs/netdata-cloud-onprem/getting-started.md b/docs/netdata-cloud-onprem/getting-started.md deleted file mode 100644 index 9d2eea66f..000000000 --- a/docs/netdata-cloud-onprem/getting-started.md +++ /dev/null @@ -1,200 +0,0 @@ -# Getting started with Netdata Cloud On-Prem -Helm charts are designed for Kubernetes to run as the local equivalent of the Netdata Cloud public offering. This means that no data is sent outside of your cluster. By default, On-Prem installation is trying to reach outside resources only when pulling the container images. -There are 2 helm charts in total: -- netdata-cloud-onprem - installs onprem itself. -- netdata-cloud-dependency - installs all necessary dependency applications. Not for production use, PoC only. - -## Requirements -#### Install host: -- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) -- [Helm](https://helm.sh/docs/intro/install/) version 3.12+ with OCI Configuration (explained in the installation section) -- [Kubectl](https://kubernetes.io/docs/tasks/tools/) - -#### Kubernetes requirements: -- Kubernetes cluster version 1.23+ -- Kubernetes metrics server (For autoscaling) -- TLS certificate for Netdata Cloud On-Prem. A single endpoint is required but there is an option to split the frontend, api, and mqtt endpoints. The certificate must be trusted by all entities connecting to the On-Prem installation by any means. -- Ingress controller to support HTTPS `*` -- PostgreSQL version 13.7 `*` (Main persistent data app) -- EMQX version 5.11 `*` (MQTT Broker that allows Agents to send messages to the On-Prem Cloud) -- Apache Pulsar version 2.10+ `*` (Central communication hub. Applications exchange messages through Pulsar) -- Traefik version 2.7.x `*` (Internal communication - API Gateway) -- Elasticsearch version 8.8.x `*` (Holds Feed) -- Redis version 6.2 `*` (Cache) -- Some form of generating imagePullSecret `*` (Our ECR repos are secured) -- Default storage class configured and working (Persistent volumes based on SSDs are preferred) -`*` - available in dependencies helm chart for PoC applications. - -#### Hardware requirements: -##### How we tested it: -- Several VMs on the AWS EC2, the size of the instance was c6a.32xlarge (128CPUs / 256GiB memory). -- Host system - Ubuntu 22.04. -- Each VM hosts 200 Agent nodes as docker containers. -- Agents are connected directly to the Netdata Cloud On-Prem (no Parent-Child relationships). This is the worst option for the cloud. -- Cloud hosted on 1 Kubernetes node c6a.8xlarge (32CPUs / 64GiB memory). -- Dependencies were also installed on the same node. -The maximum of nodes connected was ~2000. - -##### Results -There was no point in trying to connect more nodes as we are covering the PoC purposes. -- In a peak connection phase - All nodes startup were triggered in ~15 minutes: - - Up to 60% (20 cores) CPU usage of the Kubernetes node. Top usage came from: - - Ingress controller (we used haproxy ingress controller) - - Postgres - - Pulsar - - EMQX - Combined they were responsible for ~30-35% of CPU usage of the node. -- When all nodes connected and synchronized their state CPU usage floated between 30% and 40% - depending on what we did on the Cloud. Here top offenders were: - - Pulsar - - Postgres - Combined they were responsible for ~15-20% of CPU usage of the node. -- Memory usage - 45GiB in a peak. Most of it (~20GiB) was consumed by: - - Postgres - - Elasticsearch - - Pulsar - -For a comparison - Netdata Cloud On-prem installation with just 100 nodes connected, without dependencies is going to consume ~2CPUs and ~2GiB of memory (REAL usage, not requests on a Kubernetes). - -## Pulling the helm chart -The helm chart for the Netdata Cloud On-Prem installation on Kubernetes is available in the ECR registry. -The ECR registry is private, so you need to log in first. Credentials are sent by our Product Team. If you do not have them, please contact our Product Team - info@netdata.cloud. - -#### Configure AWS CLI -The machine used for helm chart installation will also need [AWS CLI installed](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). -There are 2 options for configuring `aws cli` to work with the provided credentials. The first one is to set the environment variables: -```bash -export AWS_ACCESS_KEY_ID=<your_secret_id> -export AWS_SECRET_ACCESS_KEY=<your_secret_key> -``` - -The second one is to use an interactive shell: -```bash -aws configure -``` - -#### Configure helm to use secured ECR repository -Using `aws` command we will generate a token for helm to access the secured ECR repository: -```bash -aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin 362923047827.dkr.ecr.us-east-1.amazonaws.com/netdata-cloud-onprem -``` - -After this step you should be able to add the repository to your helm or just pull the helm chart: -```bash -helm pull oci://362923047827.dkr.ecr.us-east-1.amazonaws.com/netdata-cloud-dependency --untar #optional -helm pull oci://362923047827.dkr.ecr.us-east-1.amazonaws.com/netdata-cloud-onprem --untar -``` - -Local folders with the newest versions of helm charts should appear on your working dir. - -## Installation - -Netdata provides access to two helm charts: -1. netdata-cloud-dependency - required applications for netdata-cloud-onprem. Not for production use. -2. netdata-cloud-onprem - the application itself + provisioning - -### netdata-cloud-dependency -The entire helm chart is designed around the idea that it allows the installation of the necessary applications: -- Redis -- Elasticsearch -- EMQX -- Apache Pulsar -- PostgreSQL -- Traefik -- Mailcatcher -- k8s-ecr-login-renew -- kubernetes-ingress - -Every configuration option is available through `values.yaml` in the folder that contains your netdata-cloud-dependency helm chart. All configuration options are described in README.md which is a part of the helm chart. It is enough to mention here that each component can be enabled/disabled individually. It is done by true/false switches in `values.yaml`. In this way, it is easier for the user to migrate to production-grade components gradually. - -Unless you prefer a different solution to the problem, `k8s-ecr-login-renew` is responsible for calling out the `AWS API` for token regeneration. This token is then injected into the secret that every node is using for authentication with secured ECR when pulling the images. -The default setting in `values.yaml` of `netdata-cloud-onprem` - `.global.imagePullSecrets` is configured to work out of the box with the dependency helm chart. - -For helm chart installation - save your changes in `values.yaml` and execute: -```shell -cd [your helm chart location] -helm upgrade --wait --install netdata-cloud-dependency -n netdata-cloud --create-namespace -f values.yaml . -``` - -### netdata-cloud-onprem - -Every configuration option is available through `values.yaml` in the folder that contains your netdata-cloud-onprem helm chart. All configuration options are described in README.md which is a part of the helm chart. - -#### Installing Netdata Cloud On-Prem -```shell -cd [your helm chart location] -helm upgrade --wait --install netdata-cloud-onprem -n netdata-cloud --create-namespace -f values.yaml . -``` - -##### Important notes -1. Installation takes care of provisioning the resources with migration services. -1. During the first installation, a secret called the `netdata-cloud-common` is created. It contains several randomly generated entries. Deleting helm chart is not going to delete this secret, nor reinstalling the whole On-Prem, unless manually deleted by kubernetes administrator. The content of this secret is extremely relevant - strings that are contained there are essential parts of encryption. Losing or changing the data that it contains will result in data loss. - -## Short description of services -#### cloud-accounts-service -Responsible for user registration & authentication. Manages user account information. -#### cloud-agent-data-ctrl-service -Forwards request from the cloud to the relevant agents. -The requests include: -* Fetching chart metadata from the agent -* Fetching chart data from the agent -* Fetching function data from the agent -#### cloud-agent-mqtt-input-service -Forwards MQTT messages emitted by the agent related to the agent entities to the internal Pulsar broker. These include agent connection state updates. -#### cloud-agent-mqtt-output-service -Forwards Pulsar messages emitted in the cloud related to the agent entities to the MQTT broker. From there, the messages reach the relevant agent. -#### cloud-alarm-config-mqtt-input-service -Forwards MQTT messages emitted by the agent related to the alarm-config entities to the internal Pulsar broker. These include the data for the alarm configuration as seen by the agent. -#### cloud-alarm-log-mqtt-input-service -Forwards MQTT messages emitted by the agent related to the alarm-log entities to the internal Pulsar broker. These contain data about the alarm transitions that occurred in an agent. -#### cloud-alarm-mqtt-output-service -Forwards Pulsar messages emitted in the cloud related to the alarm entities to the MQTT broker. From there, the messages reach the relevant agent. -#### cloud-alarm-processor-service -Persists latest alert statuses received from the agent in the cloud. -Aggregates alert statuses from relevant node instances. -Exposes API endpoints to fetch alert data for visualization on the cloud. -Determines if notifications need to be sent when alert statuses change and emits relevant messages to Pulsar. -Exposes API endpoints to store and return notification-silencing data. -#### cloud-alarm-streaming-service -Responsible for starting the alert stream between the agent and the cloud. -Ensures that messages are processed in the correct order, and starts a reconciliation process between the cloud and the agent if out-of-order processing occurs. -#### cloud-charts-mqtt-input-service -Forwards MQTT messages emitted by the agent related to the chart entities to the internal Pulsar broker. These include the chart metadata that is used to display relevant charts on the cloud. -#### cloud-charts-mqtt-output-service -Forwards Pulsar messages emitted in the cloud related to the charts entities to the MQTT broker. From there, the messages reach the relevant agent. -#### cloud-charts-service -Exposes API endpoints to fetch the chart metadata. -Forwards data requests via the `cloud-agent-data-ctrl-service` to the relevant agents to fetch chart data points. -Exposes API endpoints to call various other endpoints on the agent, for instance, functions. -#### cloud-custom-dashboard-service -Exposes API endpoints to fetch and store custom dashboard data. -#### cloud-environment-service -Serves as the first contact point between the agent and the cloud. -Returns authentication and MQTT endpoints to connecting agents. -#### cloud-feed-service -Processes incoming feed events and stores them in Elasticsearch. -Exposes API endpoints to fetch feed events from Elasticsearch. -#### cloud-frontend -Contains the on-prem cloud website. Serves static content. -#### cloud-iam-user-service -Acts as a middleware for authentication on most of the API endpoints. Validates incoming token headers, injects the relevant ones, and forwards the requests. -#### cloud-metrics-exporter -Exports various metrics from an On-Prem Cloud installation. Uses the Prometheus metric exposition format. -#### cloud-netdata-assistant -Exposes API endpoints to fetch a human-friendly explanation of various netdata configuration options, namely the alerts. -#### cloud-node-mqtt-input-service -Forwards MQTT messages emitted by the agent related to the node entities to the internal Pulsar broker. These include the node metadata as well as their connectivity state, either direct or via parents. -#### cloud-node-mqtt-output-service -Forwards Pulsar messages emitted in the cloud related to the charts entities to the MQTT broker. From there, the messages reach the relevant agent. -#### cloud-notifications-dispatcher-service -Exposes API endpoints to handle integrations. -Handles incoming notification messages and uses the relevant channels(email, slack...) to notify relevant users. -#### cloud-spaceroom-service -Exposes API endpoints to fetch and store relations between agents, nodes, spaces, users, and rooms. -Acts as a provider of authorization for other cloud endpoints. -Exposes API endpoints to authenticate agents connecting to the cloud. - -## Infrastructure Diagram - - - -### If you have any questions or suggestions please contact the Netdata team. diff --git a/docs/netdata-cloud-onprem/troubleshooting-onprem.md b/docs/netdata-cloud-onprem/troubleshooting-onprem.md deleted file mode 100644 index 4f449c965..000000000 --- a/docs/netdata-cloud-onprem/troubleshooting-onprem.md +++ /dev/null @@ -1,21 +0,0 @@ -# Basic troubleshooting -We cannot predict how your particular installation of Netdata Cloud On-prem is going to work. It is a mixture of underlying infrastructure, the number of agents, and their topology. -You can always contact the Netdata team for recommendations! - -#### Loading charts takes a long time or ends with an error -Charts service is trying to collect the data from all of the agents in question. If we are talking about the overview screen, all of the nodes in space are going to be queried (`All nodes` room). If it takes a long time, there are a few things that should be checked: -1. How many nodes are you querying directly? - There is a big difference between having 100 nodes connected directly to the cloud compared to them being connected through a few parents. Netdata always prioritizes querying nodes through parents. This way, we can reduce some of the load by pushing the responsibility to query the data to the parent. The parent is then responsible for passing accumulated data from nodes connected to it to the cloud. -1. If you are missing data from endpoints all the time. - Netdata Cloud always queries nodes themselves for the metrics. The cloud only holds information about metadata, such as information about what charts can be pulled from any node, but not the data points themselves for any metric. This means that if a node is throttled by the network connection or under high resource pressure, the information exchange between the agent and cloud through the MQTT broker might take a long time. In addition to checking resource usage and networking, we advise using a parent node for such endpoints. Parents can hold the data from nodes that are connected to the cloud through them, eliminating the need to query those endpoints. -1. Errors on the cloud when trying to load charts. - If the entire data query is crashing and no data is displayed on the UI, it could indicate problems with the `cloud-charts-service`. The query you are performing might simply exceed the CPU and/or memory limits set on the deployment. We advise increasing those resources. -It takes a long time to load anything on the Cloud UI -When experiencing sluggishness and slow responsiveness, the following factors should be checked regarding the Postgres database: - 1. CPU: Monitor the CPU usage to ensure it is not reaching its maximum capacity. High and sustained CPU usage can lead to sluggish performance. - 1. Memory: Check if the database server has sufficient memory allocated. Inadequate memory could cause excessive disk I/O and slow down the database. - 1. Disk Queue / IOPS: Analyze the disk queue length and disk I/O operations per second (IOPS). A high disk queue length or limited IOPS can indicate a bottleneck and negatively impact database performance. -By examining these factors and ensuring that CPU, memory, and disk IOPS are within acceptable ranges, you can mitigate potential performance issues with the Postgres database. - -#### Nodes are not updated quickly on the Cloud UI -If you're experiencing delays with information exchange between the Cloud UI and the Agent, and you've already checked the networking and resource usage on the agent side, the problem may be related to Apache Pulsar or the database. Slow alerts on node alerts or slow updates on node status (online/offline) could indicate issues with message processing or database performance. You may want to investigate the performance of Apache Pulsar, ensure it is properly configured, and consider scaling or optimizing the database to handle the volume of data being processed or written to it. diff --git a/docs/netdata-cloud/README.md b/docs/netdata-cloud/README.md index acf8e42fa..6a2406aeb 100644 --- a/docs/netdata-cloud/README.md +++ b/docs/netdata-cloud/README.md @@ -43,7 +43,7 @@ Netdata Cloud provides the following features, on top of what the Netdata agents Netdata Cloud is a fundamental component for achieving an optimal cost structure and flexibility, in structuring observability the way that is best suited for each case. -2. **Role Based Access Control (RBAC)**: Netdata Cloud has all the mechanisms for user-management and access control. It allows assigning all users a role, segmenting the infrastructure into rooms, and associating rooms with roles and users. +2. **Role Based Access Control (RBAC)**: Netdata Cloud has all the mechanisms for user-management and access control. It allows assigning all users a role, segmenting the infrastructure into rooms, and associating Rooms with roles and users. 3. **Access from anywhere**: Netdata agents are installed on-prem and this is where all your data are always stored. Netdata Cloud allows querying all the Netdata agents (Standalone, Children and Parents) in real-time when dashboards are accessed via Netdata Cloud. @@ -57,7 +57,7 @@ Netdata Cloud provides the following features, on top of what the Netdata agents Custom dashboards are created directly from the UI, without the need for learning a query language. Netdata Cloud provides all the APIs to the Netdata dashboards to store, browse and retrieve custom dashboards created by all users. -6. **Advanced Customization**: Netdata Cloud provides all the APIs for the dashboard to have different default settings per space, per room and per user, allowing administrators and users to customize the Netdata dashboards and charts the way they see fit. +6. **Advanced Customization**: Netdata Cloud provides all the APIs for the dashboard to have different default settings per space, per Room and per user, allowing administrators and users to customize the Netdata dashboards and charts the way they see fit. ## Data Exposed to Netdata Cloud @@ -113,9 +113,9 @@ However, when there are multiple Netdata agents involved, the queries will be fa No. Any or all Netdata agents can be connected to Netdata Cloud. -We recommend to create [observability centralization points](https://github.com/netdata/netdata/blob/master/docs/observability-centralization-points/README.md), as required for operational efficiency (ephemeral nodes, teams or services isolation, central control of alerts, production systems performance), security policies (internet isolation), or cost optimization (use existing capacities before allocating new ones). +We recommend to create [observability centralization points](/docs/observability-centralization-points/README.md), as required for operational efficiency (ephemeral nodes, teams or services isolation, central control of alerts, production systems performance), security policies (internet isolation), or cost optimization (use existing capacities before allocating new ones). -We suggest to review the [Best Practices for Observability Centralization Points](https://github.com/netdata/netdata/blob/master/docs/observability-centralization-points/best-practices.md). +We suggest to review the [Best Practices for Observability Centralization Points](/docs/observability-centralization-points/best-practices.md). ## When I have Netdata Parents, do I need to connect Netdata Children to Netdata Cloud too? @@ -129,6 +129,6 @@ Netdata Cloud prefers: - The most distant (from the Child) Parent available, when doing metrics visualization queries (since usually these Parents have been added for this purpose). -- The closest (to the Child) Parent available, for [Top Monitoring](https://github.com/netdata/netdata/blob/master/docs/cloud/netdata-functions.md) (since top-monitoring provides live data, like the processes running, the list of sockets open, etc). The streaming protocol of Netdata Parents and Children is able to forward such requests to the right child, via the Parents, to respond with live and accurate data. +- The closest (to the Child) Parent available, for [Top Monitoring](/docs/top-monitoring-netdata-functions.md) (since top-monitoring provides live data, like the processes running, the list of sockets open, etc). The streaming protocol of Netdata Parents and Children is able to forward such requests to the right child, via the Parents, to respond with live and accurate data. Netdata Children may be connected to Netdata Cloud for high-availability, in case the Netdata Parents are unreachable. diff --git a/docs/netdata-cloud/authentication-and-authorization/README.md b/docs/netdata-cloud/authentication-and-authorization/README.md new file mode 100644 index 000000000..5eb7acf24 --- /dev/null +++ b/docs/netdata-cloud/authentication-and-authorization/README.md @@ -0,0 +1,27 @@ +# Authentication & Authorization + +This section contains documentation about how Netdata allows users to Authenticate with Netdata Cloud, as well as the Authorization flows that control the access and actions of their teammates in Netdata Cloud. + +## Authentication + +### Email + +To sign in/sign up using email, visit [Netdata Cloud](https://app.netdata.cloud/sign-in?cloudRoute=spaces?utm_source=docs&utm_content=sign_in_button_email_section), enter your email address, and click the **Sign in by email** button. + +Click the **Verify** button in the email you received to start using Netdata Cloud. + +### Google and GitHub OAuth + +When you use Google/GitHub OAuth, your Netdata Cloud account is associated with the email address that Netdata Cloud receives through OAuth. + +To sign in/sign up using Google or GitHub OAuth, visit [Netdata Cloud](https://app.netdata.cloud/sign-in?cloudRoute=spaces?utm_source=docs&utm_content=sign_in_button_google_github_section) select the method you want to use. After the verification steps, you will be signed in to Netdata Cloud. + +### Enterprise SSO Authentication + +Netdata integrates with SSO tools, allowing you to control how your team connects and authenticates to Netdata Cloud. + +For more information, see [Enterprise SSO Authentication](/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md). + +## Authorization + +Once logged in, you can manage role-based access in your space to give each team member the appropriate role. For more information, see [Role-Based Access model](/docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md). diff --git a/docs/netdata-cloud/authentication-and-authorization/api-tokens.md b/docs/netdata-cloud/authentication-and-authorization/api-tokens.md new file mode 100644 index 000000000..88b73ee68 --- /dev/null +++ b/docs/netdata-cloud/authentication-and-authorization/api-tokens.md @@ -0,0 +1,34 @@ +# API Tokens + +## Overview + +Every single user can get access to the Netdata resource programmatically. It is done through the API Token which +can be also called as Bearer Token. This token is used for authentication and authorization, it can be issued +in the Netdata UI under the user Settings: + +<img width="316" alt="image" src="https://github.com/netdata/netdata/assets/14999928/b0846076-afae-47ab-92df-c24967305ab9"/> + +The API Tokens are not going to expire and can be limited to a few scopes: + +* `scope:all` + + this token is given the same level of action as the user has, the use-case for it is Netdata terraform provider + +* `scope:agent-ui` + + this token is mainly used by the local Netdata agent accessing the Cloud UI + +* `scope:grafana-plugin` + + this token is used for the [Netdata Grafana plugin](https://github.com/netdata/netdata-grafana-datasource-plugin/blob/master/README.md) + to access Netdata charts + +Currently, the Netdata Cloud is not exposing stable API. + +## Example usage + +* get the cloud space list + +```console +$ curl -H 'Accept: application/json' -H "Authorization: Bearer <token>" https://app.netdata.cloud/api/v2/spaces +``` diff --git a/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md b/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md new file mode 100644 index 000000000..7657e8bcf --- /dev/null +++ b/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md @@ -0,0 +1,36 @@ +# Enterprise SSO Authentication + +Netdata provides you with means to streamline and control how your team connects and authenticates to Netdata Cloud. We provide + diferent Single Sign-On (SSO) integrations that allow you to connect with the tool that your organization is using to manage your + user accounts. + + > ❗ This feature focus is on the Authentication flow, it doesn't support the Authorization with managing Users and Roles. + + +## How to set it up? + +If you want to setup your Netdata Space to allow user Authentication through an Enterprise SSO tool you need to: +* Confirm the integration to the tool you want is available ([Authentication integations](https://learn.netdata.cloud/docs/netdata-cloud/authentication-&-authorization/cloud-authentication-&-authorization-integrations)) +* Have a Netdata Cloud account +* Have Access to the Space as an administrator +* Your Space needs to be on the Business plan or higher + +Once you ensure the above prerequisites you need to: +1. Click on the Space settings cog (located above your profile icon) +2. Click on the Authentication tab +3. Select the card for the integration you are looking for, click on Configure +4. Fill the required attributes need to establish the integration with the tool + + +## How to authenticate to Netdata? + +### From Netdata Sign-up page + +If you're starting your flow from Netdata sign-in page you need to: +1. Click on the link `Sign-in with an Enterprise Signle Sign-On (SSO)` +2. Enter your email address +3. Go to your mailbox and check the `Sign In to Nedata` email that you have received +4. Click on the **Sign In** button + +Note: If you're not authenticated on the Enterprise SSO tool you'll be prompted to authenticate there +first before being allowed to proceed to Netdata Cloud. diff --git a/docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md b/docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md new file mode 100644 index 000000000..fec33ca22 --- /dev/null +++ b/docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md @@ -0,0 +1,157 @@ +# Role-Based Access model + +Netdata Cloud's role-based-access mechanism allows you to control what functionalities in the app users can access. Each user can be assigned only one role, which fully specifies all the capabilities they are afforded. + +## What roles are available? + +With the advent of the paid plans we revamped the roles to cover needs expressed by Netdata users, like providing more limited access to their customers, or +being able to join any Room. We also aligned the offered roles to the target audience of each plan. The end result is the following: + +| **Role** | **Community** | **Homelab** | **Business** | **Enterprise On-Premise** | +|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------|:-------------------|:-------------------|:--------------------------| +| **Admins**<p>Users with this role can control Spaces, Rooms, Nodes, Users and Billing.</p><p>They can also access any Room in the Space.</p> | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| **Managers**<p>Users with this role can manage Rooms and Users.</p><p>They can access any Room in the Space.</p> | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| **Troubleshooters**<p>Users with this role can use Netdata to troubleshoot, not manage entities.</p><p>They can access any Room in the Space.</p> | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| **Observers**<p>Users with this role can only view data in specific Rooms.</p>💡 Ideal for restricting your customer's access to their own dedicated rooms.<p></p> | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| **Billing**<p>Users with this role can handle billing options and invoices.</p> | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| **Member** ⚠️ Legacy role<p>Users with this role you can create Rooms and invite other Members.</p><p>They can only see the Rooms they belong to and all Nodes in the All Nodes Room.</p> | - | - | - | - | + +## Which functionalities are available for each role? + +In more detail, you can find on the following tables which functionalities are available for each role on each domain. + +### Space Management + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | +|:-----------------------|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:| +| See Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Leave Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Delete Space | :heavy_check_mark: | - | - | - | - | - | +| Change name | :heavy_check_mark: | - | - | - | - | - | +| Change description | :heavy_check_mark: | - | - | - | - | - | +| Change slug | :heavy_check_mark: | - | - | - | - | - | +| Change preferred nodes | :heavy_check_mark: | - | - | - | - | - | + +### Node Management + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes | +|:------------------------------------------|:------------------:|:------------------:|:------------------:|:------------:|:-----------:|:------------------:|:-------------------------------------------| +| See all Nodes in Space (_All Nodes_ Room) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | :heavy_check_mark: | Members are always on the _All Nodes_ Room | +| Connect Node to Space | :heavy_check_mark: | - | - | - | - | - | - | +| Delete Node from Space | :heavy_check_mark: | - | - | - | - | - | - | + +### User Management + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes | +|:-----------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|:----------------------------------------------------------------------------------------------| +| See all Users in Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | | +| Invite new User to Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | You can't invite a user with a role you don't have permissions to appoint to (see below) | +| Delete Pending Invitation to Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | | +| Delete User from Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | You can't delete a user if he has a role you don't have permissions to appoint to (see below) | +| Appoint Administrators | :heavy_check_mark: | - | - | - | - | - | | +| Appoint Billing user | :heavy_check_mark: | - | - | - | - | - | | +| Appoint Managers | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | | +| Appoint Troubleshooters | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | | +| Appoint Observer | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | | +| Appoint Member | :heavy_check_mark: | - | - | - | - | :heavy_check_mark: | Only available on Early Bird plans | +| See all Users in a Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | | +| Invite existing user to Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | User already invited to the Space | +| Remove user from Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | | + +### Room Management + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes | +|:-----------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|:-----------------------------------------------------------------------------------| +| See all Rooms in a Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | - | | +| Join any Room in a Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | - | By joining a Room you will be enabled to get notifications from nodes on that Room | +| Leave Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | | +| Create a new Room in a Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | | +| Delete Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | | +| Change Room name | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | If not the _All Nodes_ Room | +| Change Room description | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | | +| Add existing Nodes to Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | Node already connected to the Space | +| Remove Nodes from Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | | + +### Notifications Management + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes | +|:--------------------------------------------------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| See all configured notifications on a Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | | +| Add new configuration | :heavy_check_mark: | - | - | - | - | - | | +| Enable/Disable configuration | :heavy_check_mark: | - | - | - | - | - | | +| Edit configuration | :heavy_check_mark: | - | - | - | - | - | Some exceptions apply depending on [service level](/docs/alerts-and-notifications/notifications/centralized-cloud-notifications/manage-notification-methods.md#available-actions-per-notification-method-based-on-service-level) | +| Delete configuration | :heavy_check_mark: | - | - | - | - | - | | +| Edit personal level notification settings | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | [Manage user notification settings](/docs/alerts-and-notifications/notifications/centralized-cloud-notifications/manage-notification-methods.md#manage-user-notification-settings) | +| See space alert notification silencing rules | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | - | | +| Add new space alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | | +| Enable/Disable space alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | | +| Edit space alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | | +| Delete space alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | | +| See, add, edit or delete personal level alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | | + +> **Note** +> +> Enable, Edit and Add actions over specific notification methods will only be allowed if your plan has access to those ([service classification](/docs/alerts-and-notifications/notifications/centralized-cloud-notifications/centralized-cloud-notifications-reference.md#service-classification)) + +### Dashboards + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | +|:-----------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:| +| See all dashboards in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | +| Add new dashboard to Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | +| Edit any dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | :heavy_check_mark: | +| Edit own dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | +| Delete any dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | :heavy_check_mark: | +| Delete own dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | + +### Functions + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes | +|:-------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|:---------------------------------------------------------------------| +| See all functions in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | +| Run any function in Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | +| Run read-only function in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | | +| Run sensitive function in Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | There isn't any function on this category yet, so subject to change. | + +### Events feed + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes | +|:-----------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|:-----------------------------------------------| +| See Alert or Topology events | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | | +| See Auditing events | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | These are coming soon, not currently available | + +### Billing + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes | +|:---------------------------|:------------------:|:-----------:|:------------------:|:------------:|:------------------:|:----------:|:----------------------------------------------------------------| +| See Plan & Billing details | :heavy_check_mark: | - | - | - | :heavy_check_mark: | - | Current plan and usage figures | +| Update plans | :heavy_check_mark: | - | - | - | - | - | This includes cancelling current plan (going to Community plan) | +| See invoices | :heavy_check_mark: | - | - | - | :heavy_check_mark: | - | | +| Manage payment methods | :heavy_check_mark: | - | - | - | :heavy_check_mark: | - | | +| Update billing email | :heavy_check_mark: | - | - | - | :heavy_check_mark: | - | | + +### Dynamic Configuration Manager + +Netdata Cloud paid subscription required for all action except "List All". + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | +|:--------------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:| +| List All (see all configurable items) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | +| Enable/Disable | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | +| Add | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | +| Update | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | +| Remove | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | +| Test | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | +| View | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | +| View File Format | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | + + +### Other permissions + +| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | +|:---------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:| +| See Bookmarks in Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | +| Add Bookmark to Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | :heavy_check_mark: | +| Delete Bookmark from Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | :heavy_check_mark: | +| See Visited Nodes | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | +| Update Visited Nodes | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | diff --git a/docs/netdata-cloud/netdata-cloud-on-prem/README.md b/docs/netdata-cloud/netdata-cloud-on-prem/README.md index 29601686d..49373c454 100644 --- a/docs/netdata-cloud/netdata-cloud-on-prem/README.md +++ b/docs/netdata-cloud/netdata-cloud-on-prem/README.md @@ -26,7 +26,7 @@ flowchart TD users --> ingress agents --> ingress ingress --> traefik - traefik ==>|agents<br/>websockets| emqx + ingress ==>|agents<br/>websockets| emqx traefik -.- auth traefik ==>|http| spaceroom traefik ==>|http| frontend diff --git a/docs/netdata-cloud/netdata-cloud-on-prem/installation.md b/docs/netdata-cloud/netdata-cloud-on-prem/installation.md index a02033c24..259ddb5ce 100644 --- a/docs/netdata-cloud/netdata-cloud-on-prem/installation.md +++ b/docs/netdata-cloud/netdata-cloud-on-prem/installation.md @@ -1,6 +1,6 @@ # Netdata Cloud On-Prem Installation -This installation guide assumes the prerequisites for installing Netdata Cloud On-Prem as satisfied. For more information please refer to the [requirements documentation](https://github.com/netdata/netdata/blob/master/docs/netdata-cloud/netdata-cloud-on-prem/README.md#requirements). +This installation guide assumes the prerequisites for installing Netdata Cloud On-Prem as satisfied. For more information please refer to the [requirements documentation](/docs/netdata-cloud/netdata-cloud-on-prem/README.md#requirements). ## Installation Requirements @@ -34,7 +34,7 @@ aws configure Using `aws` command we will generate a token for helm to access the secured ECR repository: ```bash -aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin 362923047827.dkr.ecr.us-east-1.amazonaws.com/netdata-cloud-onprem +aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin 362923047827.dkr.ecr.us-east-1.amazonaws.com ``` After this step you should be able to add the repository to your helm or just pull the helm chart: diff --git a/docs/netdata-cloud/netdata-cloud-on-prem/troubleshooting.md b/docs/netdata-cloud/netdata-cloud-on-prem/troubleshooting.md index c330984ae..ac8bdf6f8 100644 --- a/docs/netdata-cloud/netdata-cloud-on-prem/troubleshooting.md +++ b/docs/netdata-cloud/netdata-cloud-on-prem/troubleshooting.md @@ -8,7 +8,7 @@ The following are questions that are usually asked by Netdata Cloud On-Prem oper ## Loading charts takes a long time or ends with an error -The charts service is trying to collect data from the agents involved in the query. In most of the cases, this microservice queries many agents (depending on the room), and all of them have to reply for the query to be satisfied. +The charts service is trying to collect data from the agents involved in the query. In most of the cases, this microservice queries many agents (depending on the Room), and all of them have to reply for the query to be satisfied. One or more of the following may be the cause: diff --git a/docs/netdata-cloud/organize-your-infrastructure-invite-your-team.md b/docs/netdata-cloud/organize-your-infrastructure-invite-your-team.md new file mode 100644 index 000000000..1ca004d99 --- /dev/null +++ b/docs/netdata-cloud/organize-your-infrastructure-invite-your-team.md @@ -0,0 +1,62 @@ +# Organize Your Infrastructure and Invite your Team + +Netdata Cloud works with [Spaces](#netdata-cloud-spaces) and [Rooms](#netdata-cloud-rooms). They allow you to better organize your infrastructure and provide the right access to your team. + +## Netdata Cloud Spaces + +A Space is a high-level container. It's a collaboration environment where you can organize team members, access levels and the nodes you want to monitor. + +### How to organize your Netdata Cloud Environment + +You can use any number of Spaces you want, but as you organize your Cloud experience, keep in mind that you can only add any given node to a **single** Space. + +We recommend sticking to a single Space so that you can keep all your nodes and their respective metrics in one place. You can then use multiple [Rooms](#netdata-cloud-rooms) to further organize your infrastructure monitoring. + +### Navigate between Spaces + +You can navigate through your different Spaces by using the left-most bar of the interface. From there you can also create a new Space by clicking the plus **+** icon. + + + +### Manage Spaces + +Manage your spaces by selecting a particular space and clicking on the gear icon in the lower left-hand corner. This will open the Space's settings view, where you can take a multitude of actions regarding the Space's Rooms, nodes, integrations, configurations, and more. + +## Netdata Cloud Rooms + +Spaces use Rooms to organize your connected nodes and provide infrastructure-wide dashboards using real-time metrics and visualizations. + +**A node can be in N Rooms.** + +Once you add nodes to a Space, all of your nodes will be visible in the **All nodes** Room. It gives you an overview of all of your nodes in this particular Space. Then you can create functional separations of your nodes into more Rooms. Every Room has its own dashboards, navigation, indicators, and management tools. + +### Room organization + +We recommend a few strategies for organizing your Rooms. + +- **Service, purpose, location, etc.** + You can group Rooms by a service (Nginx, MySQL, Pulsar, and so on), their purpose (webserver, database, application), their physical location, whether they're "bare metal" or a Docker container, the PaaS/cloud provider it runs on, and much more. This allows you to see entire slices of your infrastructure by moving from one Room to another. + +- **End-to-end apps/services** + If you have a user-facing SaaS product, or an internal service that this said product relies on, you may want to monitor that entire stack in a single Room. This might include Kubernetes clusters, Docker containers, proxies, databases, web servers, brokers, and more. End-to-end Rooms are valuable tools for ensuring the health and performance of your organization's essential services. + +- **Incident response** + You can also create new Rooms as one of the first steps in your incident response process. For example, you have a user-facing web app that relies on Apache Pulsar for a message queue, and one of your nodes using the [Pulsar collector](/src/go/collectors/go.d.plugin/modules/pulsar/README.md) begins reporting a suspiciously low messages rate. You can create a Room called `$year-$month-$day-pulsar-rate`, add all your Pulsar nodes in addition to nodes they connect to, and begin diagnosing the root cause in a Room optimized for getting to resolution as fast as possible. + +### Add Rooms + +To add new Rooms to any Space, click on the green plus icon **+** next to the **Rooms** heading on the Room's sidebar. + +### Manage Rooms + +All the users and nodes involved in a particular Space can be part of a Room. + +Click on the gear icon next to the Room's name in the top of the page to do that. This will open the Rooms settings view, where you can take the same actions as with the Spaces settings, but now catered towards the specific Room. + +## Invite your team + +Invite your entire SRE, DevOPs, or ITOps team to your Space, to give everyone access into your infrastructure from a single pane of glass. + +To do so, click on **Invite Users** in the [Space](#netdata-cloud-spaces) management area or any other such prompt around the UI. + +Follow the instructions on screen, to provide the right access and role to the users you want to invite. diff --git a/docs/netdata-cloud/versions.md b/docs/netdata-cloud/versions.md index 1031aa76a..06a8f706a 100644 --- a/docs/netdata-cloud/versions.md +++ b/docs/netdata-cloud/versions.md @@ -16,4 +16,4 @@ For more information check our [Pricing](https://www.netdata.cloud/pricing/) pag ## On-Prem Version -To deploy Netdata Cloud On-premises, take a look at the [related section](https://github.com/netdata/netdata/blob/master/docs/netdata-cloud/netdata-cloud-on-prem/README.md) on our Documentation. +To deploy Netdata Cloud On-premises, take a look at the [related section](/docs/netdata-cloud/netdata-cloud-on-prem/README.md) on our Documentation. diff --git a/docs/netdata-cloud/view-plan-and-billing.md b/docs/netdata-cloud/view-plan-and-billing.md new file mode 100644 index 000000000..2b1a34225 --- /dev/null +++ b/docs/netdata-cloud/view-plan-and-billing.md @@ -0,0 +1,121 @@ +# Netdata Plans & Billing + +Netdata offers a **Community plan**, a free SaaS and Open Source Agent, and paid subscriptions — **Homelab**, **Business**, and **Enterprise On-Premise** — providing key business features and unlimited access to your dashboards. + +For more info visit the [Netdata Cloud Pricing](https://netdata.cloud/pricing) page. + +## Plans + +Plans define the features and customization options available within a Space. Different Spaces can have different plans, giving you flexibility based on your needs. + +Netdata Cloud plans (excluding Community) involve: + +- A yearly flat fee for [committed nodes](#committed-nodes) +- An on-demand metered component based on the [number of running nodes](#running-nodes-and-billing) + +Billing options include monthly (pay-as-you-go) and yearly (annual prepayment). + +### Technical Details + +#### Running Nodes and Billing + +Billing is based solely on active nodes, excluding offline or stale instances. Daily and P90 metrics ensure fair pricing by mitigating transient increases in node activity. + +#### Committed Nodes + +Yearly plans offer a discounted rate for a pre-defined number of committed nodes. Any usage exceeding this commitment will be billed at the standard rate. + +#### Plan Changes and Credit Balance + +You can change your plan, billing frequency, or committed nodes at any time. For guidance, see [updating your plan](#update-a-subscription-plan). + +> **Note** +> +> - Changes like downgrades or cancellations keep notification configurations active for 24 hours. After that, any methods not supported by the new plan are disabled. +> - Changes may restrict user access in your Space. Review role availability under [each plan](https://netdata.cloud/pricing). +> - Any credits are valid until the end of the following year. + +#### Areas That Change Upon Subscription + +Please refer to the [Netdata Cloud Pricing](https://netdata.cloud/pricing) page for more information on what each plan provides. + +## View Plan and Billing Information + +### Prerequisites + +- A Netdata Cloud account +- Admin or Billing user access to the Space + +### Steps + +#### View Current Plan, Billing Options, and Invoices + +1. Navigate to **Space settings** (the cog above your profile icon). +2. Select the **Plan & Billing** tab. +3. You'll see: + - **Credit** amount, if applicable, usable for future invoices or subscription changes. More on this at [Plan changes and credit balance](/docs/netdata-cloud/view-plan-and-billing.md#plan-changes-and-credit-balance). + - **Billing email** linked to your subscription, where all related notifications are sent. + - A link to the **Billing options and Invoices** in our billing provider's Customer Portal, where you can: + - Manage subscriptions and payment methods. + - Update billing information such as email, address, phone number, and Tax ID. + - View invoice history. + - The **Change plan** button, showing details of your current plan with options to upgrade or cancel. + - Your **Usage chart**, displaying daily and period counts of live nodes and how they relate to your billing. + +#### Update a Subscription Plan + +1. In the **Plan & Billing** tab, click **Change plan** to see: + - Billing frequency and committed nodes (if applicable). + - Current billing information, which must be updated through our billing provider's Customer Portal via **Change billing info and payment method** link. + - Options to enter a promotion code and a breakdown of charges, including subscription total, applicable discounts, credit usage, tax details, and total payable amount. + +> **Note** +> +> - Checkout is performed directly if there's an active plan. +> - Plan changes, including downgrades or cancellations, may impact notification settings or user access. More details at [Plan changes and credit balance](/docs/netdata-cloud/view-plan-and-billing.md#plan-changes-and-credit-balance). + +## FAQ + +### What Payment Methods are Accepted? + +Netdata accepts most major Credit/Debit Cards and Bank payments through Stripe and AWS, with more options coming soon. + +### What Happens if a Renewal Payment Fails? + +If payment fails, attempts will be made weekly for 15 days. After three unsuccessful attempts, your Space will switch to the **Community** plan. Notification methods not supported by the Community plan will be disabled after 24 hours. + +### Which Currencies Do You Support? + +Currently, we accept US Dollars (USD). Plans to accept Euros (EUR) are in the works but without a set timeline. + +### Can I Get a Refund? + +Refunds are available if you cancel your subscription within 14 days of purchase. Request a refund via [billing@netdata.cloud](mailto:billing@netdata.cloud). + +### How Do I Cancel My Paid Plan? + +Cancel your plan anytime from the **Plan & Billing** section by selecting 'Cancel Plan' or switching to the **Community** plan. + +### How Can I Access My Invoices/Receipts? + +Find all your invoicing history under _Billing Options & Invoices_ in the **Plan & Billing** section. + +### Why Do I See Two Separate Invoices? + +Two invoices are generated per plan purchase or renewal: + +- One for recurring fees of the chosen plan. +- Another for monthly "On-Demand - Usage" based on actual usage. + +### How is the **Total Before Tax** Value Calculated on Plan Changes? + +The total before tax is calculated by: + +1. Calculating the residual value from unused time on your current plan. +2. Deducting any applicable discounts. +3. Subtracting credit from your balance, if necessary. +4. Applying tax to the final amount, if positive. Negative results adjust your customer credit balance. + +> **Note** +> +> A move to single-invoice billing is expected in the future, although a specific timeline is not set. |