Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions content/docs/en/cluster/access-cluster.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ import Zoom from "react-medium-image-zoom";

In order to access your Kubernetes cluster you must complete some steps and generate a Kubeconfig file to connect to a Kubernetes IDE.

:::tip
Prefer not to install a Kubernetes IDE? The [Headlamp](/docs/cluster/addons/headlamp) add-on gives you a browser-based Kubernetes UI, with no Kubeconfig or Lens installation required — you still need to be connected to the VPN to reach it.
:::


## FAQs
<details>
Expand Down Expand Up @@ -58,8 +62,8 @@ Go to the *Access Cluster* option.

- Login into AWS with your username.
- Then, go to [AWS Access Key Wizard](https://us-east-1.console.aws.amazon.com/iam/home#/security_credentials/access-key-wizard) to generate the keys on AWS.
- Paste the keys in the form and generate the kubeconfig file.
- Copy the output.
- Paste the keys in the form.
- Use **Copy Kubeconfig** or **Download Kubeconfig** to get the generated file.

<Zoom overlayBgColorEnd="rgba(255, 255, 255, 0.8)">
<img
Expand Down
38 changes: 35 additions & 3 deletions content/docs/en/cluster/addons/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ import Zoom from "react-medium-image-zoom";

In SleakOps, Add-ons enhance the functionality of your EKS cluster by providing essential and optional components that streamline operations, optimize performance, and improve visibility. Essential add-ons include tools for monitoring, DNS management, load balancing, and intelligent node provisioning, ensuring your cluster is robust and efficient.

When an add-on depends on another one (for example, Grafana needs Prometheus and the EBS CSI Driver), installing it automatically installs the missing dependencies first, in the right order.


## FAQs

Expand All @@ -27,23 +29,53 @@ By default SleakOps includes in your infra:
### Which optional Add-ons are available?
</summary>
- **Grafana**: Visualize and analyze data with Grafana's dashboards, making it easier to monitor system performance and troubleshoot issues. Perfect for tracking application memory and CPU usage.
- **LOKI**: Use Loki for cost-effective log aggregation. It simplifies log management by labeling log streams without indexing content, making it ideal for browsing and monitoring application logs.
- **LOKI**: Use Loki for cost-effective log aggregation. It simplifies log management by labeling log streams without indexing content, making it ideal for browsing and monitoring application logs. This add-on is **deprecated** — see the [Loki documentation](/docs/cluster/addons/loki) for details.
- **Kubecost**: Gain real-time insights into Kubernetes cloud costs with Kubecost. This add-on helps you monitor and reduce expenses across projects in your cluster.
- **Prometheus**: SleakOps deploys Prometheus for monitoring and alerting, providing detailed insights into cluster performance and resource utilization.
- **OTEL**: Use OpenTelemetry to collect and analyze distributed traces, enabling you to monitor and optimize application performance across your cluster.
- [**KEDA**](/docs/cluster/addons/keda): Scale your workloads based on external signals — queue depth, consumer lag, CloudWatch metrics, and more — including down to zero replicas.
- [**Headlamp**](/docs/cluster/addons/headlamp): A browser-based UI for browsing and managing the Kubernetes resources of your cluster, no `kubectl` required.
- [**EFS Controller**](./addons/efs): The EFS Controller allows you to manage EFS volumes within your EKS cluster, providing scalable and shared storage for your applications. For more details, refer to the [EFS documentation](/docs/cluster/addons/efs).
- [**EBS Controller**](./addons/ebs): The EBS Controller allows you to manage EBS volumes within your EKS cluster, providing persistent block storage for your applications. For more details, refer to the [EBS documentation](/docs/cluster/addons/ebs).

Add-ons in Beta or Deprecated show a matching badge in the catalog.
</details>

<details>
<summary>
### How do I set up an Add-on?
</summary>
To set up an add-on, follow these steps:
1. Navigate to the Add-ons section in the [Cluster](../cluster) section
1. Open the **Clusters** section, select your cluster, and click **Manage Addons**.
2. Select the desired add-on from the list of available options.
3. Configure the add-on settings as needed.
4. Click "Deploy" to install the add-on in your EKS cluster.
4. Click **Install** to deploy the add-on to your EKS cluster.

For more detailed instructions, refer to the [Add-ons setup guide](/docs/cluster/addons).
</details>

<details>
<summary>
### Can I deploy a custom Helm chart as an add-on?
</summary>
Yes. Click **Add custom addon** above the Add-ons grid to deploy any Helm chart of your choice by setting its release name, chart, repository, version, namespace and values. Custom add-ons are tagged **Custom** in the list, and — unlike the built-in add-on types — you can install more than one per cluster. SleakOps doesn't manage ingress or a domain for them.
</details>

<details>
<summary>
### Can I import an addon configuration or an existing Helm release?
</summary>
Yes, two ways:

- **Import from JSON** pastes a previously exported add-on configuration and pre-fills the installation form for the matching add-on type.
- **Import from cluster** lists Helm releases already running in your cluster that SleakOps doesn't manage yet, so you can adopt one as a custom add-on. From that point on, SleakOps is the source of truth: any change you make directly in the cluster afterward gets overwritten on the next sync.

Every installed add-on also has an **Export** action that produces a portable JSON file you can re-import into another cluster.
</details>

<details>
<summary>
### What happens when I uninstall an Add-on?
</summary>
Uninstalling an add-on removes its Helm release and every resource it created in the cluster — this also applies to add-ons imported from an existing release. SleakOps confirms this before you proceed.
</details>
4 changes: 4 additions & 0 deletions content/docs/en/cluster/addons/loki.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ import { FiExternalLink } from "react-icons/fi";

# Loki

:::warning Deprecated
The Loki add-on is **deprecated**. SleakOps offers a newer LokiV2 add-on with the same log-aggregation capabilities — it is available in the addon catalog (Beta) and can be installed like any other addon.
:::

Introduction
[Loki <FiExternalLink/>](https://grafana.com/oss/loki/) is an Addon that enables you to store and query logs from the containers deployed inside the cluster. Loki depends on [Grafana <FiExternalLink/>](/docs/cluster/addons/grafana) as Sleakops uses it as log viewer. It is a crucial tool for troubleshooting as it can store logs of everything inside the cluster which is useful for root cause analysis of problems in your applications or from any resource allocated inside the cluster.

Expand Down
23 changes: 1 addition & 22 deletions content/docs/en/cluster/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -75,11 +75,7 @@ Choosing the right instance types depends on your application requirements, cost
### How does SleakOps handle cluster updates and upgrades?

</summary>

1. We notify users about new version coming in approximatively 1 month in advance.
2. Upgrade clusters for a group of selected customers.
3. Upgrade all non-production flagged clusters.
4. Upgrade all clusters.
When a new Kubernetes version rollout is planned for your clusters, SleakOps schedules it as an upgrade in the [Upgrades](/docs/upgrades) panel and notifies you in advance. From there you can review what the upgrade involves, run it ahead of its scheduled date, or move it within the allowed window.
</details>

<details>
Expand Down Expand Up @@ -116,23 +112,6 @@ You can monitor your cluster's activity by accessing Clusters, and clicking into
### Can I connect a Staging service to a Production service if they are in different clusters?

</summary>
Tenés razón, se me pasó destacar el título en la versión en inglés. Aquí tenés el punto 2 completo, con los títulos bien marcados para ambos idiomas y la lógica de cuentas corregida:

### **2. ¿Puedo conectar un servicio de Staging con uno de Producción si están en diferente clúster?**

**Versión en Español**

Bajo un esquema de **multi-cuenta**, los entornos se encuentran en clústeres y cuentas de AWS separadas (Prod y Dev). En esta configuración, están totalmente aislados y no existe peering entre sus VPCs. Por el contrario, en caso de utilizar una **cuenta única**, ambos entornos conviven dentro del mismo clúster.

La **buena práctica** es que permanezcan desconectados para garantizar el aislamiento total de los datos. El uso de un mismo clúster o de un esquema único (_single schema_) conlleva riesgos críticos de seguridad:

- **Corrupción de Datos:** Un bug en el código de Staging podría ejecutar comandos accidentales (como `DROP TABLE` o `DELETE`) que impacten directamente en la base de datos de Producción.
- **Compromiso de Credenciales:** Si un atacante compromete el entorno de Staging (que suele tener políticas de acceso más flexibles), podría escalar privilegios y acceder a los secretos o llaves maestras de Producción.

### **2. Can I connect a Staging service to a Production service if they are in different clusters?**

**English Version**

In a **multi-account** setup, environments reside in separate clusters and AWS accounts (Prod and Dev). In this configuration, they are completely isolated, and no VPC peering exists. Conversely, in a **single-account** setup, both environments coexist within the same cluster.

**Best practice** is to keep them disconnected to ensure strict security and data isolation. Sharing a cluster or using a single database schema introduces critical risks:
Expand Down
4 changes: 4 additions & 0 deletions content/docs/en/cluster/nodepools/creating-nodepool.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ Into the Node Pool section, if you have permission, you'll find the *Create* opt

Notice, that the quantity of Node Pools per Cluster might be limited by your plan.

:::info
Node pools can't be created or edited while the cluster is being provisioned or is shut down.
:::

<Zoom overlayBgColorEnd="rgba(255, 255, 255, 0.8)">
<img
src="/img/cluster/cluster-nodepool-section.png"
Expand Down
8 changes: 8 additions & 0 deletions content/docs/en/cluster/nodepools/managing-nodepool.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@ Update the parameters into the modal and click on *Save*.
/>
</Zoom>

:::warning
Changing a node pool's compute settings can trigger a rolling replacement of its nodes, which may briefly restart the workloads scheduled on it. If the workloads currently running on the pool already use more CPU or memory than the new limits you're setting, the update is rejected — free up capacity or scale down those workloads first.
:::

## Deleting a node pool

### 1. Click the bin button at the top right of the node pool card
Expand All @@ -53,3 +57,7 @@ Update the parameters into the modal and click on *Save*.
<p>Click on Delete to confirm and trigger the action on SleakOps.</p>
</div>
</div>

:::info
You can't delete internal node pools (including the build pool), the last non-internal (customer) node pool in the cluster, or a node pool currently assigned to a Project Environment — reassign or remove the environment first. The cluster must also be powered on to delete a node pool.
:::
6 changes: 6 additions & 0 deletions content/docs/en/cluster/shutdown-cluster.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ import { FiExternalLink } from "react-icons/fi";
It is the capacity to turn off all your cluster's resources at a specified scheduled time to avoid incurring costs during that time frame.
When this feature is activated you will be able to turn ON or OFF your cluster at any time, even outside the scheduled time you've configured.

When your cluster turns back on, SleakOps restores the exact node pools it had before shutting down.

:::warning
When your cluster is OFF, you will not be able to run any Build, Deploy or other actions that require its resources to run.
:::
Expand Down Expand Up @@ -42,6 +44,10 @@ Below you will see a box that shows 'Generated Cron Expressions (UTC)', which di

## How can I shutdown my cluster at any time?

:::info
Manual start/stop is only available once Scheduled Shutdown has been configured for the cluster. If it hasn't, SleakOps prompts you to set up a schedule first instead of turning the cluster off.
:::

In order to shutdown a cluster, just click on the *Stop* button and confirm the action.

This action can be performed just in *Active* clusters.
Expand Down
36 changes: 16 additions & 20 deletions content/docs/en/domain/delegation.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -228,40 +228,25 @@ sequenceDiagram
participant ALB as AWS ALB

U->>S: Create Alias: api.external.com
S-->>U: Provide Certificate Validation Records
U->>DNS: Add Validation CNAME Records
DNS-->>S: Certificate Validated ✅
S-->>U: Reuses external.com's certificate (no validation needed)
S-->>U: Provide ALB Endpoint
U->>DNS: Add CNAME to ALB
DNS->>ALB: Traffic Routed
ALB-->>U: Service Accessible
```

#### For SSL Certificate Validation

1. **Sleakops provides validation records**
- You'll see CNAME records for certificate validation
- Example:

```
_acme-challenge.api.external.com → _validation123.acme.aws.com
```

2. **Add validation records to your DNS**
- Go to the hosted zone for `external.com` (in Sleakops or wherever it's managed)
- Add the CNAME records exactly as shown
- Wait for certificate validation (usually 5-15 minutes)
Since `api.external.com` is a direct subdomain of a domain Sleakops already manages in the same account, it reuses that domain's certificate — there's no separate SSL validation step. If the parent domain belongs to a different account, the alias gets its own certificate with manual validation records instead.

#### For Traffic Routing

3. **Sleakops provides ALB endpoint**
1. **Sleakops provides ALB endpoint**
- You'll see the ALB DNS name:

```
ALB: my-alb-123456.us-east-1.elb.amazonaws.com
```

4. **Create CNAME record**
2. **Create CNAME record**
- Go to your DNS management for `external.com`
- Create a CNAME record:

Expand All @@ -272,7 +257,7 @@ Value: my-alb-123456.us-east-1.elb.amazonaws.com
TTL: 300
```

5. **Verify**
3. **Verify**
- Test the domain: `curl https://api.external.com`
- Should return your service response

Expand Down Expand Up @@ -419,6 +404,17 @@ graph TD
3. Remove any conflicting DNS records
4. Wait 15-30 minutes for DNS propagation
5. Check DNS: `dig _acme-challenge.yourdomain.com`
6. If validation fails because of a CAA policy, Sleakops shows the exact CAA record to add (e.g. `0 issue "amazon.com"`) in the domain's Certificate section — add it and check again

---

### Alias domain rejected when creating it

**Issue:** Creating an alias fails with a domain format error

**Solutions:**
1. Use a top-level domain of 6 characters or fewer (e.g. `.com`, `.io`, `.dev`) — longer TLDs aren't currently supported for aliases
2. Wildcard aliases (`*.domain.com`) aren't supported from the panel — create explicit subdomains instead

---

Expand Down
6 changes: 3 additions & 3 deletions content/docs/en/domain/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -111,10 +111,10 @@ Zero-configuration domain setup. Each service automatically gets a predictable,
**What Sleakops does:**

### Scenario A: Domain matches an existing hosted zone
If `external-domain.com` is already a Provider or Environment in Sleakops:
- ✅ Provides DNS records for SSL certificate validation
If the alias is a direct subdomain of a domain already managed by Sleakops as a Provider or Environment **in the same account** (e.g. `api.external-domain.com` under `external-domain.com`):
- ✅ Reuses that domain's certificate automatically — no separate SSL validation needed (a parent in a different account doesn't count: the alias then gets its own certificate with manual validation, as in Scenario B)
- ✅ Provides ALB name for DNS configuration
- ⚠️ You configure the DNS records yourself
- ⚠️ You still create the CNAME (or A/ALIAS record for a root domain) pointing to the ALB yourself

### Scenario B: Domain doesn't match any hosted zone
If `anything.com` is completely external:
Expand Down
Loading