Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
1bcfaea4
Commit
1bcfaea4
authored
May 21, 2021
by
Alan (Maciej) Paruszewski
Committed by
Nick Gaskill
May 21, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove GMAv1 references and rename GMAv2 reference in Protect docs
parent
02f7d42a
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
12 additions
and
68 deletions
+12
-68
doc/user/clusters/applications.md
doc/user/clusters/applications.md
+0
-22
doc/user/clusters/img/fluentd_v13_0.png
doc/user/clusters/img/fluentd_v13_0.png
+0
-0
doc/user/project/clusters/protect/container_host_security/index.md
...project/clusters/protect/container_host_security/index.md
+2
-2
doc/user/project/clusters/protect/container_host_security/quick_start_guide.md
...ters/protect/container_host_security/quick_start_guide.md
+3
-18
doc/user/project/clusters/protect/container_network_security/index.md
...ject/clusters/protect/container_network_security/index.md
+2
-2
doc/user/project/clusters/protect/container_network_security/quick_start_guide.md
...s/protect/container_network_security/quick_start_guide.md
+5
-24
No files found.
doc/user/clusters/applications.md
View file @
1bcfaea4
...
@@ -1066,7 +1066,6 @@ You can install the following applications with one click:
...
@@ -1066,7 +1066,6 @@ You can install the following applications with one click:
-
[
Knative
](
#knative
)
-
[
Knative
](
#knative
)
-
[
Crossplane
](
#crossplane
)
-
[
Crossplane
](
#crossplane
)
-
[
Elastic Stack
](
#elastic-stack
)
-
[
Elastic Stack
](
#elastic-stack
)
-
[
Fluentd
](
#fluentd
)
With the exception of Knative, the applications are installed in a dedicated
With the exception of Knative, the applications are installed in a dedicated
namespace called
`gitlab-managed-apps`
.
namespace called
`gitlab-managed-apps`
.
...
@@ -1558,27 +1557,6 @@ kubectl port-forward svc/kibana-kibana 5601:5601
...
@@ -1558,27 +1557,6 @@ kubectl port-forward svc/kibana-kibana 5601:5601
Then, you can visit Kibana at
`http://localhost:5601`
.
Then, you can visit Kibana at
`http://localhost:5601`
.
### Fluentd
> Introduced in GitLab 12.10 for project- and group-level clusters.
[
Fluentd
](
https://www.fluentd.org/
)
is an open source data collector, which enables
you to unify the data collection and consumption to better use and understand
your data. Fluentd sends logs in syslog format.
To enable Fluentd:
1.
Navigate to
**Operations > Kubernetes**
and click
**Applications**
. Enter a host, port, and protocol
for sending the WAF logs with syslog.
1.
Provide the host domain name or URL in
**SIEM Hostname**
.
1.
Provide the host port number in
**SIEM Port**
.
1.
Select a
**SIEM Protocol**
.
1.
Select at least one of the available logs (such as WAF or Cilium).
1.
Click
**Save changes**
.
![
Fluentd input fields
](
img/fluentd_v13_0.png
)
## Upgrading applications
## Upgrading applications
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24789) in GitLab 11.8.
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24789) in GitLab 11.8.
...
...
doc/user/clusters/img/fluentd_v13_0.png
deleted
100644 → 0
View file @
02f7d42a
31.7 KB
doc/user/project/clusters/protect/container_host_security/index.md
View file @
1bcfaea4
...
@@ -28,8 +28,8 @@ users define profiles for these technologies.
...
@@ -28,8 +28,8 @@ users define profiles for these technologies.
See the
[
installation guide
](
quick_start_guide.md
)
for the recommended steps to install the
See the
[
installation guide
](
quick_start_guide.md
)
for the recommended steps to install the
Container Host Security capabilities. This guide shows the recommended way of installing Container
Container Host Security capabilities. This guide shows the recommended way of installing Container
Host Security through
GMAv2. However, it's also possible to do a manual installation through our
Host Security through
the Cluster Management Project. However, it's also possible to do a manual
Helm chart.
installation through our
Helm chart.
## Features
## Features
...
...
doc/user/project/clusters/protect/container_host_security/quick_start_guide.md
View file @
1bcfaea4
...
@@ -6,9 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
...
@@ -6,9 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# Getting started with Container Host Security
# Getting started with Container Host Security
The following steps are recommended for installing Container Host Security. Although you can install
The following steps are recommended for installing Container Host Security.
some capabilities through GMAv1, we
[
recommend
](
#using-gmav1-with-gmav2
)
that you install
applications through GMAv2 exclusively when using Container Network Security.
## Installation steps
## Installation steps
...
@@ -21,7 +19,7 @@ The following steps are recommended to install and use Container Host Security t
...
@@ -21,7 +19,7 @@ The following steps are recommended to install and use Container Host Security t
1.
Install and configure an Ingress node:
1.
Install and configure an Ingress node:
-
[
Install the Ingress node via CI/CD (
GMAv2
)
](
../../../../clusters/applications.md#install-ingress-using-gitlab-cicd
)
.
-
[
Install the Ingress node via CI/CD (
Cluster Management Project
)
](
../../../../clusters/applications.md#install-ingress-using-gitlab-cicd
)
.
-
[
Determine the external endpoint via the manual method
](
../../../../clusters/applications.md#determining-the-external-endpoint-manually
)
.
-
[
Determine the external endpoint via the manual method
](
../../../../clusters/applications.md#determining-the-external-endpoint-manually
)
.
-
Navigate to the Kubernetes page and enter the
[
DNS address for the external endpoint
](
../../index.md#base-domain
)
-
Navigate to the Kubernetes page and enter the
[
DNS address for the external endpoint
](
../../index.md#base-domain
)
into the
**Base domain**
field on the
**Details**
tab. Save the changes to the Kubernetes
into the
**Base domain**
field on the
**Details**
tab. Save the changes to the Kubernetes
...
@@ -63,19 +61,6 @@ initial troubleshooting steps that resolve the most common problems:
...
@@ -63,19 +61,6 @@ initial troubleshooting steps that resolve the most common problems:
`kubectl delete namespaces <insert-some-namespace-name>`
in your Kubernetes cluster.
`kubectl delete namespaces <insert-some-namespace-name>`
in your Kubernetes cluster.
-
Rerun the application project pipeline to redeploy the application.
-
Rerun the application project pipeline to redeploy the application.
### Using GMAv1 with GMAv2
When GMAv1 and GMAv2 are used together on the same cluster, users may experience problems with
applications being uninstalled or removed from the cluster. This is because GMAv2 actively
uninstalls applications that are installed with GMAv1 and not configured to be installed with GMAv2.
It's possible to use a mixture of applications installed with GMAv1 and GMAv2 by ensuring that the
GMAv1 applications are installed
**after**
the GMAv2 cluster management project pipeline runs. GMAv1
applications must be reinstalled after each run of that pipeline. This approach isn't recommended as
it's error-prone and can lead to downtime as applications are uninstalled and later reinstalled.
When using Container Network Security, the preferred and recommended path is to install all
necessary components with GMAv2 and the cluster management project.
**Related documentation links:**
**Related documentation links:**
-
[
GitLab Managed Apps v1 (GMAv1)
](
../../../../clusters/applications.md#install-with-one-click-deprecated
)
-
[
Cluster Management Project
](
../../../../clusters/management_project.md
)
-
[
GitLab Managed Apps v2 (GMAv2)
](
../../../../clusters/management_project.md
)
doc/user/project/clusters/protect/container_network_security/index.md
View file @
1bcfaea4
...
@@ -20,8 +20,8 @@ disabled by default, as they must usually be customized to match application-spe
...
@@ -20,8 +20,8 @@ disabled by default, as they must usually be customized to match application-spe
See the
[
installation guide
](
quick_start_guide.md
)
for the recommended steps to install GitLab
See the
[
installation guide
](
quick_start_guide.md
)
for the recommended steps to install GitLab
Container Network Security. This guide shows the recommended way of installing Container Network
Container Network Security. This guide shows the recommended way of installing Container Network
Security through
GMAv2. However, it's also possible to install Cilium manually through our Hel
m
Security through
the Cluster Management Project. However, it's also possible to install Ciliu
m
chart.
manually through our Helm
chart.
## Features
## Features
...
...
doc/user/project/clusters/protect/container_network_security/quick_start_guide.md
View file @
1bcfaea4
...
@@ -6,9 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
...
@@ -6,9 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# Getting started with Container Network Security
# Getting started with Container Network Security
The following steps are recommended for installing Container Network Security. Although you can
The following steps are recommended for installing Container Network Security.
install some capabilities through GMAv1, we
[
recommend
](
#using-gmav1-with-gmav2
)
that you install
applications through GMAv2 exclusively when using Container Network Security.
## Installation steps
## Installation steps
...
@@ -21,7 +19,7 @@ The following steps are recommended to install and use Container Network Securit
...
@@ -21,7 +19,7 @@ The following steps are recommended to install and use Container Network Securit
1.
Install and configure an Ingress node:
1.
Install and configure an Ingress node:
-
[
Install the Ingress node via CI/CD (
GMAv2
)
](
../../../../clusters/applications.md#install-ingress-using-gitlab-cicd
)
.
-
[
Install the Ingress node via CI/CD (
Cluster Management Project
)
](
../../../../clusters/applications.md#install-ingress-using-gitlab-cicd
)
.
-
[
Determine the external endpoint via the manual method
](
../../../../clusters/applications.md#determining-the-external-endpoint-manually
)
.
-
[
Determine the external endpoint via the manual method
](
../../../../clusters/applications.md#determining-the-external-endpoint-manually
)
.
-
Navigate to the Kubernetes page and enter the
[
DNS address for the external endpoint
](
../../index.md#base-domain
)
-
Navigate to the Kubernetes page and enter the
[
DNS address for the external endpoint
](
../../index.md#base-domain
)
into the
**Base domain**
field on the
**Details**
tab. Save the changes to the Kubernetes
into the
**Base domain**
field on the
**Details**
tab. Save the changes to the Kubernetes
...
@@ -83,12 +81,8 @@ Additional information about the statistics page is available in the
...
@@ -83,12 +81,8 @@ Additional information about the statistics page is available in the
## Forwarding logs to a SIEM
## Forwarding logs to a SIEM
Cilium logs can be forwarded to a SIEM or an external logging system through syslog protocol by
Cilium logs can be forwarded to a SIEM or an external logging system through syslog protocol by
installing and configuring Fluentd. Fluentd can be installed through GitLab in two ways:
installing and configuring Fluentd. Fluentd can be installed through the GitLab
[
Cluster Management Project
](
../../../../clusters/applications.md#install-fluentd-using-gitlab-cicd
)
.
-
The
[
GMAv1 method
](
../../../../clusters/applications.md#fluentd
)
-
The
[
GMAv2 method
](
../../../../clusters/applications.md#install-fluentd-using-gitlab-cicd
)
GitLab strongly encourages using only the GMAv2 method to install Fluentd.
## Viewing the logs
## Viewing the logs
...
@@ -135,19 +129,6 @@ initial troubleshooting steps that resolve the most common problems:
...
@@ -135,19 +129,6 @@ initial troubleshooting steps that resolve the most common problems:
-
Delete the relevant namespace in Kubernetes by running
`kubectl delete namespaces <insert-some-namespace-name>`
in your Kubernetes cluster.
-
Delete the relevant namespace in Kubernetes by running
`kubectl delete namespaces <insert-some-namespace-name>`
in your Kubernetes cluster.
-
Rerun the application project pipeline to redeploy the application.
-
Rerun the application project pipeline to redeploy the application.
### Using GMAv1 with GMAv2
When GMAv1 and GMAv2 are used together on the same cluster, users may experience problems with
applications being uninstalled or removed from the cluster. This is because GMAv2 actively
uninstalls applications that are installed with GMAv1 and not configured to be installed with GMAv2.
It's possible to use a mixture of applications installed with GMAv1 and GMAv2 by ensuring that the
GMAv1 applications are installed
**after**
the GMAv2 cluster management project pipeline runs. GMAv1
applications must be reinstalled after each run of that pipeline. This approach isn't recommended as
it's error-prone and can lead to downtime as applications are uninstalled and later reinstalled.
When using Container Network Security, the preferred and recommended path is to install all
necessary components with GMAv2 and the cluster management project.
**Related documentation links:**
**Related documentation links:**
-
[
GitLab Managed Apps v1 (GMAv1)
](
../../../../clusters/applications.md#install-with-one-click-deprecated
)
-
[
Cluster Management Project
](
../../../../clusters/management_project.md
)
-
[
GitLab Managed Apps v2 (GMAv2)
](
../../../../clusters/management_project.md
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment