Addons

Hostman Kubernetes clusters support various add-ons that can be used to extend functionality. Add-ons help manage traffic, monitor services, work with storage, and ensure security.

Some add-ons, such as Nginx Ingress, Kubernetes Dashboard, and CSI S3, can be installed both during cluster creation and later. You can manage the installation and removal of add-ons in the Addons tab of the cluster management panel.

Add-ons that are not available in the control panel can be installed manually using Helm.

Capsule

Capsule is an add-on that implements the concept of multi-tenancy in Kubernetes, ensuring resource isolation and consumption control between different user groups.

How It Works

Capsule allows the creation of logical tenants based on namespaces with annotations and policies, giving users the ability to manage their resources without affecting others.

Key Features

• Resource isolation between users.
• Management of quotas and limits.
• Security policy configuration for different users.

cert-manager

cert-manager is a Kubernetes add-on that automates the issuance, renewal, and management of TLS certificates.

How It Works

cert-manager automatically requests and renews certificates, managing their lifecycle using CRD objects (CertificateRequest, Issuer, ClusterIssuer). It supports integration with various certificate providers, such as Let's Encrypt, HashiCorp Vault, and internal certificate authorities.

Key Features

• Automatic certificate issuance.
• Certificate renewal upon expiration.
• Support for multiple providers (ACME, Vault, self-signed).

Cluster Proportional Autoscaler

Cluster Proportional Autoscaler (CPA) is a controller that automatically scales a specified deployment based on the number of nodes or CPU cores in the cluster. 

CPA is particularly useful for services that need to scale proportionally to cluster resources, such as metrics-server or CoreDNS.

How It Works

Unlike the Horizontal Pod Autoscaler, CPA does not rely on load metrics. Instead, scaling is determined by formulas based on the number of nodes and/or CPU cores. Two modes are supported:

• Linear: the number of replicas is calculated using a defined formula that considers node and CPU counts.
• Ladder: the number of replicas is explicitly set in a lookup table (e.g., 2 nodes → 2 pods).

Key Features

• Scaling of deployments without using load metrics.
• Support for both linear and table-based (ladder) scaling modes.
• Takes into account both schedulable and unschedulable nodes.
• Flexible configuration through Helm.
• Support for multiple CPA instances for different purposes.

CSI S3

CSI S3 is a plugin for the Container Storage Interface (CSI) that allows the use of S3-compatible storage with Kubernetes.

How It Works

CSI S3 enables the dynamic attachment of object storage compatible with S3 (such as Ceph, MinIO, AWS S3) as standard persistent volumes for use in Kubernetes. This is particularly useful for storing large amounts of data in containerized applications.

Key Features

• Connecting S3 storage as persistent volumes
• Support for dynamic volume creation and deletion
• Flexibility in using various S3-compatible storage systems

ExternalDNS

ExternalDNS is a tool for automatic DNS record management based on Kubernetes resources. It creates and updates records in DNS providers according to annotations specified in service and Ingress manifests.

How It Works

ExternalDNS monitors changes in Kubernetes objects and creates or updates DNS records according to the external IP addresses of services. This enables automatic domain name assignment to services in the cluster without manual DNS management.

Key Features

• Automatic creation and updating of DNS records.
• Simplified domain name management in Kubernetes.

Fluent Operator

Fluent Operator is a Kubernetes operator for managing Fluentd and Fluent Bit, automating log collection, routing, and processing within a cluster.

How It Works

Fluent Operator uses CRDs to manage Fluentd and Fluent Bit configurations, enabling container and system logs to be directed to various storage solutions such as Elasticsearch, Loki, Kafka, and others.

Key Features

• Centralized log collection and management.
• Flexible log routing to different storage systems.
• Configuration of log filtering, aggregation, and processing.

Grafana Loki

Grafana Loki is a log aggregation and visualization system developed by Grafana Labs. It is used together with Grafana to provide convenient Kubernetes log visualization.

How It Works

Unlike traditional logging stacks (e.g., ELK), Loki does not index the contents of logs. Instead, it stores log data alongside metadata (such as pod name, namespace, etc.), which makes the system more resource-efficient.

Logs are collected using the Promtail agent installed on each node and sent to Loki. Logs are viewed in Grafana using the LogQL query language.

Key Features

• Collection of logs from Kubernetes pods.
• Storage of logs with associated metadata.
• Log visualization in Grafana.
• Querying and filtering logs using LogQL.
• Integration with alternative agents (Fluent Bit, Filebeat, Logstash).

Istio

Istio is a Service Mesh that provides traffic management, security, and monitoring for services in Kubernetes.

How It Works

Istio injects sidecar proxies (Envoy) into each pod, enabling request routing, authentication, and monitoring within the service mesh.

Key Features

• Traffic routing.
• Flexible security policy management.
• Request monitoring and tracing.

Istio Ingress

Istio Ingress is an Istio component that manages external traffic into the service mesh.

How It Works

Istio Ingress acts as an entry point to the Service Mesh, handling external HTTP, HTTPS, and TCP requests and directing them to internal services via Istio.

Key Features

• External traffic management.
• Request routing.
• Support for TLS and mTLS.

Jaeger

Jaeger is a distributed tracing tool used for monitoring microservice interactions and analyzing their performance.

How It Works

Jaeger collects data on service-to-service requests, recording timestamps and dependencies. This allows for request chain tracking, latency analysis, and identifying bottlenecks in the system.

Key Features

• Distributed request tracing.
• Service response time analysis.
• Identifying bottlenecks in architecture.

Kiali

Kiali is a tool for managing and visualizing the Istio Service Mesh in Kubernetes.

How It Works

Kiali provides a graphical representation of service network interactions, displaying dependencies, metrics, and potential issues. It integrates with Prometheus to collect traffic, error, and performance data and simplifies Istio configuration management.

Key Features

• Service mesh visualization.
• Traffic and error monitoring.
• Istio configuration management.

Kube Prometheus Stack

Kube Prometheus Stack is a Kubernetes monitoring toolset that includes Prometheus for metrics collection, Alertmanager for alerting, and Grafana for data visualization.

How It Works

The system automatically collects metrics from Kubernetes components, pods, nodes, and services that support Prometheus metric export. Data is stored in Prometheus, visualized in Grafana, and Alertmanager sends notifications when predefined thresholds are exceeded.

Key Features

• Metric collection and storage.
• Data visualization in Grafana.
• Alert configuration.

Kubernetes Dashboard

Kubernetes Dashboard is a web interface for managing and monitoring a Kubernetes cluster.

The Nginx Ingress add-on is required for the Dashboard to function. When enabling Kubernetes Dashboard, Nginx Ingress will be automatically selected.

How It Works

The Dashboard provides users with a graphical interface to interact with the cluster. It allows users to view the status of pods, nodes, services, and other Kubernetes resources. The interface also supports creating, modifying, and deleting resources.

Key Features

• Cluster status overview (pods, nodes, services, configurations)
• Cluster resource management
• Instant access to pod logs and running application information
• Management of secrets and configurations

Accessing Kubernetes Dashboard

If you enable the Kubernetes Dashboard option for your cluster, you can access it from the management panel. You will need a token to log in, which can be copied from the Information tab on the cluster Dashboard.

Nginx Ingress

Nginx Ingress is an Ingress controller that manages external traffic access to services within a Kubernetes cluster via HTTP and HTTPS. It routes traffic based on rules defined in Ingress resources.

How It Works

The Ingress controller monitors Ingress objects in Kubernetes and configures the Nginx reverse proxy to route traffic to the appropriate services. This allows access to various microservices through a single IP address, as well as setting up load balancing and routing based on domain names.

Key Features

• HTTP/HTTPS request routing
• SSL/TLS support
• Load balancing
• Managing external access to services in the cluster

OpenFaaS Kubernetes

OpenFaaS is a platform for running functions (Function as a Service, FaaS) in Kubernetes. It enables fast deployment and execution of containerized functions on demand or in response to events.

How It Works

Functions in OpenFaaS are packaged into Docker images and deployed as pods within the cluster. The platform manages their scaling, request routing, and security.

OpenFaaS provides both a web interface and a CLI tool (faas-cli) for managing functions. It supports popular programming languages through templates, including Python, Node.js, Go, and others.

Key Features

• Deployment of functions using the FaaS model in Kubernetes.
• Web interface and CLI for managing functions.
• Support for both built-in and custom functions.
• Integration with Docker Hub.
• Automatic scaling of functions based on workload.

Traefik

Traefik is an Ingress controller and load balancer for Kubernetes, providing dynamic traffic routing and automatic SSL certificate management.

How It Works

Traefik automatically discovers services in the cluster and configures HTTP/HTTPS traffic routing.

Key Features

• Traffic routing.
• Integration with Let's Encrypt.

Vault

Vault is a secrets management system developed by HashiCorp. It allows centralized storage of tokens, passwords, certificates, and other sensitive data. In Kubernetes, it is used as an external secrets storage system with flexible access control capabilities.

How It Works

Vault is installed as an add-on in a cluster and can operate in either dev or HA (High Availability) mode.

• The dev mode is intended only for development and testing.
• The HA mode provides fault tolerance, scalability, and the use of distributed storage (for example, CSI-S3).

Key Features

• Centralized and secure secret storage.
• Support for both dev and HA modes.
• Built-in UI for managing data.
• Integration with Kubernetes: automatic injection of secrets into pods.
• Support for Raft and external CSI storage backends.

Velero

Velero is a tool for backup, restore, and data migration in Kubernetes.

How It Works

Velero allows backups and restores at the namespace, resource, and PersistentVolume levels.

Key Features

• Kubernetes resource backup and restoration.
• Data and application migration between clusters.
• Support for local and cloud storage for backups.

VictoriaMetrics Operator

VictoriaMetrics Operator is a Kubernetes operator that automates the deployment and management of monitoring components based on VictoriaMetrics. It enables metric collection, storage, and visualization without the need to manually configure each component.

How It Works

The operator uses CRD (Custom Resource Definition) objects to manage the monitoring infrastructure:

• VMSingle: a single-node instance of VictoriaMetrics, suitable for simple or testing clusters.
• VMCluster: a scalable, multi-component setup designed for production environments.
• VMAgent: collects metrics from pods and services and forwards them to VMSingle or VMCluster.
• VMPodScrape: defines which pods to scrape and how to do it.

Metrics are collected by VMAgent, and data can be accessed through the VictoriaMetrics web interface.

Key Features

• Automated installation of monitoring components.
• Collection of metrics from pods, services, and external sources.
• Flexible configuration of metric storage and aggregation.
• Scalability and production-grade performance.
• Integration with Ingress for web interface access