diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-11-25 14:45:37 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-11-25 15:28:16 +0000 |
commit | 5e1bf7f1473ac3099948e1406d4ea8ba4af2be95 (patch) | |
tree | 524889e5becb81643bf8741e3082955dca076f09 /docs/netdata-cloud | |
parent | Releasing debian version 1.47.5-1. (diff) | |
download | netdata-5e1bf7f1473ac3099948e1406d4ea8ba4af2be95.tar.xz netdata-5e1bf7f1473ac3099948e1406d4ea8ba4af2be95.zip |
Merging upstream version 2.0.3+dfsg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/netdata-cloud')
5 files changed, 64 insertions, 38 deletions
diff --git a/docs/netdata-cloud/authentication-and-authorization/api-tokens.md b/docs/netdata-cloud/authentication-and-authorization/api-tokens.md index 88b73ee68..a8f304ffb 100644 --- a/docs/netdata-cloud/authentication-and-authorization/api-tokens.md +++ b/docs/netdata-cloud/authentication-and-authorization/api-tokens.md @@ -30,5 +30,5 @@ Currently, the Netdata Cloud is not exposing stable API. * get the cloud space list ```console -$ curl -H 'Accept: application/json' -H "Authorization: Bearer <token>" https://app.netdata.cloud/api/v2/spaces +curl -H 'Accept: application/json' -H "Authorization: Bearer <token>" https://app.netdata.cloud/api/v2/spaces ``` diff --git a/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md b/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md index 7657e8bcf..184ff5db9 100644 --- a/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md +++ b/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md @@ -1,36 +1,47 @@ # Enterprise SSO Authentication Netdata provides you with means to streamline and control how your team connects and authenticates to Netdata Cloud. We provide - diferent Single Sign-On (SSO) integrations that allow you to connect with the tool that your organization is using to manage your + different Single Sign-On (SSO) integrations that allow you to connect with the tool that your organization is using to manage your user accounts. - > ❗ This feature focus is on the Authentication flow, it doesn't support the Authorization with managing Users and Roles. - + > **Note** This feature focus is on the Authentication flow, it doesn't support the Authorization with managing Users and Roles. ## How to set it up? If you want to setup your Netdata Space to allow user Authentication through an Enterprise SSO tool you need to: -* Confirm the integration to the tool you want is available ([Authentication integations](https://learn.netdata.cloud/docs/netdata-cloud/authentication-&-authorization/cloud-authentication-&-authorization-integrations)) + +* Confirm the integration to the tool you want is available ([Authentication integrations](https://learn.netdata.cloud/docs/netdata-cloud/authentication-&-authorization/cloud-authentication-&-authorization-integrations)) * Have a Netdata Cloud account * Have Access to the Space as an administrator * Your Space needs to be on the Business plan or higher Once you ensure the above prerequisites you need to: + 1. Click on the Space settings cog (located above your profile icon) 2. Click on the Authentication tab 3. Select the card for the integration you are looking for, click on Configure 4. Fill the required attributes need to establish the integration with the tool - ## How to authenticate to Netdata? ### From Netdata Sign-up page -If you're starting your flow from Netdata sign-in page you need to: -1. Click on the link `Sign-in with an Enterprise Signle Sign-On (SSO)` -2. Enter your email address -3. Go to your mailbox and check the `Sign In to Nedata` email that you have received -4. Click on the **Sign In** button +#### Requirements + +You have to update your DNS settings by adding a TXT record with the Netdata verification code as its **Value**. +The **Value** can be found by clicking the **DNS TXT record** button in your space settings under **User Management**, in the** Authentication & Authorization** tab. + +Log into your domain provider’s website, and navigate to the DNS records section. +Create a new TXT record with the following specifications: +- Value/Answer/Description: `"netdata-verification=[VERIFICATION CODE]"` +- Name/Host/Alias: Leave this blank or type @ to include a subdomain. +- Time to live (TTL): "86400" (this can also be inherited from the default configuration). + +#### Starting the flow from Netdata sign-in page + +1. Click on the link `Sign-in with an Enterprise Single Sign-On (SSO)` +2. Enter your email address +3. Complete the SSO flow Note: If you're not authenticated on the Enterprise SSO tool you'll be prompted to authenticate there first before being allowed to proceed to Netdata Cloud. diff --git a/docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md b/docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md index d2a3ea4f2..2226a1a0d 100644 --- a/docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md +++ b/docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md @@ -108,9 +108,9 @@ In more detail, you can find on the following tables which functionalities are a | **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes | |:-------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|:---------------------------------------------------------------------| -| See all functions in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | -| Run any function in Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | -| Run read-only function in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | | +| See all functions in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | :: | +| Run any function in Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | :: | +| Run read-only function in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | :: | | Run sensitive function in Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | There isn't any function on this category yet, so subject to change. | ### Events feed diff --git a/docs/netdata-cloud/netdata-cloud-on-prem/installation.md b/docs/netdata-cloud/netdata-cloud-on-prem/installation.md index 259ddb5ce..a23baa99c 100644 --- a/docs/netdata-cloud/netdata-cloud-on-prem/installation.md +++ b/docs/netdata-cloud/netdata-cloud-on-prem/installation.md @@ -10,6 +10,20 @@ The following components are required to install Netdata Cloud On-Prem: - **Helm** version 3.12+ with OCI Configuration (explained in the installation section) - **Kubectl** +The minimum requirements for Netdata-Cloud are: + +- 4 CPU cores +- 15GiB of memory +- Cloud services are ephemeral + +The requirements for the non-production Dependencies helm chart: + +- 8 CPU cores +- 14GiB of memory +- 160GiB for PVCs (SSD) + +> **_NOTE:_** Values for each component may vary depending on the type of load. The most compute-intensive task that the On-Prem needs to perform is the initial sync of directly connected Agents. The testing for these requirements was conducted with 1,000 nodes directly connected to the On-Prem. If you plan on spawning hundreds of new nodes within a few minutes, Postgres will be the first bottleneck. For example, a 2 vCPU / 8 GiB memory / 1k IOPS database can handle 1,000 nodes without any problems if your environment is fairly steady, adding nodes in batches of 10-30 (directly connected). + ## Preparations for Installation ### Configure AWS CLI @@ -103,39 +117,40 @@ helm upgrade --wait --install netdata-cloud-onprem -n netdata-cloud --create-nam ## Short description of Netdata Cloud microservices -#### cloud-accounts-service +### cloud-accounts-service Responsible for user registration & authentication. Manages user account information. -#### cloud-agent-data-ctrl-service +### cloud-agent-data-ctrl-service Forwards request from the cloud to the relevant agents. The requests include: + - Fetching chart metadata from the agent - Fetching chart data from the agent - Fetching function data from the agent -#### cloud-agent-mqtt-input-service +### cloud-agent-mqtt-input-service Forwards MQTT messages emitted by the agent related to the agent entities to the internal Pulsar broker. These include agent connection state updates. -#### cloud-agent-mqtt-output-service +### cloud-agent-mqtt-output-service Forwards Pulsar messages emitted in the cloud related to the agent entities to the MQTT broker. From there, the messages reach the relevant agent. -#### cloud-alarm-config-mqtt-input-service +### cloud-alarm-config-mqtt-input-service Forwards MQTT messages emitted by the agent related to the alarm-config entities to the internal Pulsar broker. These include the data for the alarm configuration as seen by the agent. -#### cloud-alarm-log-mqtt-input-service +### cloud-alarm-log-mqtt-input-service Forwards MQTT messages emitted by the agent related to the alarm-log entities to the internal Pulsar broker. These contain data about the alarm transitions that occurred in an agent. -#### cloud-alarm-mqtt-output-service +### cloud-alarm-mqtt-output-service Forwards Pulsar messages emitted in the cloud related to the alarm entities to the MQTT broker. From there, the messages reach the relevant agent. -#### cloud-alarm-processor-service +### cloud-alarm-processor-service Persists latest alert statuses received from the agent in the cloud. Aggregates alert statuses from relevant node instances. @@ -143,69 +158,69 @@ Exposes API endpoints to fetch alert data for visualization on the cloud. Determines if notifications need to be sent when alert statuses change and emits relevant messages to Pulsar. Exposes API endpoints to store and return notification-silencing data. -#### cloud-alarm-streaming-service +### cloud-alarm-streaming-service Responsible for starting the alert stream between the agent and the cloud. Ensures that messages are processed in the correct order, and starts a reconciliation process between the cloud and the agent if out-of-order processing occurs. -#### cloud-charts-mqtt-input-service +### cloud-charts-mqtt-input-service Forwards MQTT messages emitted by the agent related to the chart entities to the internal Pulsar broker. These include the chart metadata that is used to display relevant charts on the cloud. -#### cloud-charts-mqtt-output-service +### cloud-charts-mqtt-output-service Forwards Pulsar messages emitted in the cloud related to the charts entities to the MQTT broker. From there, the messages reach the relevant agent. -#### cloud-charts-service +### cloud-charts-service Exposes API endpoints to fetch the chart metadata. Forwards data requests via the `cloud-agent-data-ctrl-service` to the relevant agents to fetch chart data points. Exposes API endpoints to call various other endpoints on the agent, for instance, functions. -#### cloud-custom-dashboard-service +### cloud-custom-dashboard-service Exposes API endpoints to fetch and store custom dashboard data. -#### cloud-environment-service +### cloud-environment-service Serves as the first contact point between the agent and the cloud. Returns authentication and MQTT endpoints to connecting agents. -#### cloud-feed-service +### cloud-feed-service Processes incoming feed events and stores them in Elasticsearch. Exposes API endpoints to fetch feed events from Elasticsearch. -#### cloud-frontend +### cloud-frontend Contains the on-prem cloud website. Serves static content. -#### cloud-iam-user-service +### cloud-iam-user-service Acts as a middleware for authentication on most of the API endpoints. Validates incoming token headers, injects the relevant ones, and forwards the requests. -#### cloud-metrics-exporter +### cloud-metrics-exporter Exports various metrics from an On-Prem Cloud installation. Uses the Prometheus metric exposition format. -#### cloud-netdata-assistant +### cloud-netdata-assistant Exposes API endpoints to fetch a human-friendly explanation of various netdata configuration options, namely the alerts. -#### cloud-node-mqtt-input-service +### cloud-node-mqtt-input-service Forwards MQTT messages emitted by the agent related to the node entities to the internal Pulsar broker. These include the node metadata as well as their connectivity state, either direct or via parents. -#### cloud-node-mqtt-output-service +### cloud-node-mqtt-output-service Forwards Pulsar messages emitted in the cloud related to the charts entities to the MQTT broker. From there, the messages reach the relevant agent. -#### cloud-notifications-dispatcher-service +### cloud-notifications-dispatcher-service Exposes API endpoints to handle integrations. Handles incoming notification messages and uses the relevant channels(email, slack...) to notify relevant users. -#### cloud-spaceroom-service +### cloud-spaceroom-service Exposes API endpoints to fetch and store relations between agents, nodes, spaces, users, and rooms. Acts as a provider of authorization for other cloud endpoints. diff --git a/docs/netdata-cloud/versions.md b/docs/netdata-cloud/versions.md index 06a8f706a..1bfd363d6 100644 --- a/docs/netdata-cloud/versions.md +++ b/docs/netdata-cloud/versions.md @@ -4,7 +4,7 @@ Netdata Cloud is provided in two versions: - **SaaS**, we run and maintain Netdata Cloud and users use it to complement their observability with the additional features it provides. -- **On Prem**, we provide a licensed copy of the Netdata Cloud software, that users can install and run at their premises. +- **On Prem**, we provide a licensed copy of the Netdata Cloud software, that users can install and run at their premises. The pricing of both versions is similar, with the On-Prem version introducing a monthly fixed-fee for the extra support and packaging required when users are running Netdata Cloud by themselves. |