Operations with grafana, loki, promtail, prometheus

[srose]

No description provided.

[thomasdarimont]

Is ops really a stage? I'd expected this to be part of dev. In concrete deployment scenarios I'd differentiate Keycloak environments that secure internal core services (JIRA, confluence, grafana etc.) from Keycloak environments that secure application domains.

We need to think more about how we can represent this in our example, for now the pseudo ops stage is fine, but I think we need an additional layer here to express the scope of the Keycloak environment, e.g. the domain (application / internal).

[srose]

Yes, i think this is a pretty nice point to discuss. I considered ops to be something central not necessarily aligned to the stages of domain apps or keycloak. Could be different and central and might be of minor interest to keycloak? Stages could be done via different labels? Lets discuss :)

[thomasdarimont]

We cloud add an reverse proxy in front of those unprotected services to protect them

[srose]

In general we could decide if we want these services to be exposed and protected?
If they should be protected, I would work on the keycloak integration. Until then the ports are not exposed via docker by default? Is the proxy a proposal to use keycloak for protecting these sites?

[thomasdarimont]

Is it possible to feed Keycloak logs just from the container stdout, e.g. by configuring a proper log driver for the container instead of writing a log file?

[srose]

Seems to be open on promtail: grafana/loki#3374

And for sure this could be a reason to skip promtail and try something different....

[srose]

logging driver works with fluentbit, so i will try to replace promtail with fulentbit... thx for the hint

[srose]

Loki and promtail must go.