Skip to content

IronRoot

Kubernetes

IronRoot

Getting Started
Getting Started
Architecture
Architecture
- System Model
  System Model
- PKI Model
  PKI Model
- Platform Components
  Platform Components
- Reference
  Reference
Installation
Installation
- Install Methods
  Install Methods
- Configure
  Configure
  - Configuration
  - Local Development
- Runtime TLS
  Runtime TLS
  - Podman TLS Usage
- Lifecycle
  Lifecycle
  - Upgrades
  - Uninstall
Security
Security
- Bootstrap And Checks
  Bootstrap And Checks
  - Bootstrap Guide
  - Security Check
- Trust And CA Handling
  Trust And CA Handling
- Hardening
  Hardening
- Resilience
  Resilience
Observability
Observability
- Signals
  Signals
  - Traces
  - Metrics
  - Logs
- OpenTelemetry Stack
  OpenTelemetry Stack
  - OpenTelemetry
  - Collector
  - Prometheus
  - Tempo
  - Loki
  - Grafana
- Operations
  Operations
- Deployment Integrations
  Deployment Integrations
  - Kubernetes
  - Podman
  - Binary
Kubernetes
Kubernetes
- Deploy
  Deploy
  - Helm Installation
  - Values Reference
- Operate
  Operate
Airgap
Airgap
- Overview
- Offline Trust
  Offline Trust
- Artifact Movement
  Artifact Movement
- Operations
  Operations
  - Airgap Upgrades
  - Airgap Recovery
Operations
Operations
- Certificate Operations
  Certificate Operations
- Recovery
  Recovery
- Runbooks
  Runbooks
API & CLI
API & CLI
- API
  API
- CLI
  CLI
- Configuration
  Configuration
  - Configuration Reference
  - Environment Variables
Contributing
Contributing
- Start Here
  Start Here
  - Local Development
    Local Development
    
    Overview
    
    Up And Running
    
    Multi-Root CA Development
    
    RBAC Development
    
    Testing And Verification
    
    Troubleshooting
  - Platform Setup
- Contributor Workflow
  Contributor Workflow
- Specialized Development
  Specialized Development
  - Helm Development
  - OpenTelemetry Development
- Releases And Roadmap
  Releases And Roadmap
- Project Community
  Project Community

Kubernetes Observability¶

Stage: Alpha Status: Draft

The Helm chart supports OTEL environment variables, /metrics, ServiceMonitor, and Prometheus scrape annotations.

config:
  telemetry:
    enabled: true
    endpoint: opentelemetry-collector.observability.svc:4317
    protocol: grpc
    serviceName: ironroot
    environment: production
    samplingRatio: 0.25
serviceMonitor:
  enabled: true

flowchart TD
  Pod[IronRoot Pod] -->|/metrics| Prometheus
  Pod -->|OTLP| Collector[OpenTelemetry Collector]
  Collector --> Tempo
  Collector --> Loki
  Prometheus --> Grafana
  Tempo --> Grafana
  Loki --> Grafana

Keep the Root CA out of Kubernetes. Restrict access to the Intermediate CA Secret, use NetworkPolicy, and run with non-root security contexts.