IBM Cloud Docs
Supported IBM Cloud and third-party integrations

Supported IBM Cloud and third-party integrations

You can use various IBM®, IBM Cloud®, and external services with your IBM Cloud Kubernetes Service clusters.

DevOps services

DevOps services
Service Description Classic VPC
Codeship You can use Codeship for the continuous integration and delivery of containers. Yes Yes
Grafeas Grafeas is an open source CI/CD service that provides a common way for how to retrieve, store, and exchange metadata during the software supply chain process. For example, if you integrate Grafeas into your app build process, Grafeas can store information about the initiator of the build request, vulnerability scan results, and quality assurance sign-off so that you can make an informed decision if an app can be deployed to production. You can use this metadata in audits or to prove compliance for your software supply chain. Yes Yes
Helm Helm is a Kubernetes package manager. You can create new Helm charts or use preexisting Helm charts to define, install, and upgrade complex Kubernetes applications that run in IBM Cloud Kubernetes Service clusters. For more information, see Setting up Helm in IBM Cloud Kubernetes Service. Yes Yes
IBM Cloud Continuous Delivery Automate your app builds and container deployments to Kubernetes clusters by using a toolchain. For more information about the setup, see working with Tekton pipelines. Yes Yes
Istio on IBM Cloud Kubernetes Service Istio is an open source service that gives developers a way to connect, secure, manage, and monitor a network of microservices, also known as a service mesh, on cloud orchestration platforms. Istio on IBM Cloud® Kubernetes Service provides a one-step installation of Istio into your cluster through a managed add-on. With one click, you can get all Istio core components, additional tracing, monitoring, and visualization up and running. To get started, see Using the managed Istio add-on Yes Yes
Jenkins X Jenkins X is a Kubernetes-native continuous integration and continuous delivery platform that you can use to automate your build process. For more information, see the Jenkins X documentation.
Razee Razee is an open-source project that automates and manages the deployment of Kubernetes resources across clusters, environments, and cloud providers, and helps you to visualize deployment information for your resources so that you can monitor the rollout process and find deployment issues more quickly. For more information about Razee and how to set up Razee in your cluster to automate your deployment process, see the Razee documentation. Yes Yes
IBM Cloud Schematics IBM Cloud Schematics is a managed Terraform service where you can use native Terraform capabilities, but you don't have to worry about setting up and maintaining the Terraform CLI and IBM Cloud Provider plug-in. For more information about how to use Terraform to create a cluster, see Creating single and multizone Kubernetes and Red Hat OpenShift clusters. Yes Yes
Terraform Terraform is an open-source software that enables predictable and consistent provisioning of IBM Cloud platform, classic infrastructure, and VPC infrastructure resources by using a high-level scripting language. For more information about how to use native Terraform to create a cluster, see Creating single and multizone Kubernetes and Red Hat OpenShift clusters. Yes Yes

Hybrid cloud services

Hybrid cloud services
Service Description Classic VPC
IBM Cloud VPC VPN With the IBM Cloud VPC VPN, you can securely connect your VPC to an on-premises network, other VPCs, or to classic infrastructure through a VPN tunnel. For more information, see Connecting to your on-premises network. Yes
Direct Link With IBM Cloud® Direct Link, you can create a direct, private connection between your remote network environments and IBM Cloud Kubernetes Service without routing over the public internet. The Direct Link offerings are useful when you must implement hybrid workloads, cross-provider workloads, large or frequent data transfers, or private workloads. To choose a Direct Link offering and set up a Direct Link connection, see Get Started with IBM Cloud Direct Link (2.0). Yes Yes
strongSwan IPSec VPN Service Set up a strongSwan IPSec VPN service that securely connects your Kubernetes cluster with an on-premises network. The strongSwan IPSec VPN service provides a secure end-to-end communication channel over the internet that is based on the industry-standard Internet Protocol Security (IPSec) protocol suite. To set up a secure connection between your cluster and an on-premises network, configure and deploy the strongSwan IPSec VPN service directly in a pod in your cluster. Yes
Transit Gateway Use IBM Cloud Transit Gateway to manage access between your VPCs. Transit Gateway instances can be configured to route between VPCs that are in the same region (local routing) or VPCs that are in different regions (global routing). Additionally, you can use Transit Gateway to manage access between your VPCs in multiple regions to resources in your IBM Cloud classic infrastructure. To get started, see the Transit Gateway documentation. Yes

Logging and monitoring services

Logging and monitoring services
Service Description Classic VPC
CoScale Monitor worker nodes, containers, replica sets, replication controllers, and services with CoScale. Yes Yes
Datadog Monitor your cluster and view infrastructure and application performance metrics with Datadog. Yes Yes
IBM Cloud Activity Tracker Monitor the administrative activity that is made in your cluster by analyzing logs through Grafana. For more information about the service, see the Activity Tracker documentation. For more information about the types of events that you can track, see Activity Tracker events. Yes Yes
IBM Log Analysis Add log management capabilities to your cluster by deploying a Log Analysis agent to your worker nodes to manage logs from your pod containers. For more information, see Managing Kubernetes cluster logs with IBM Log Analysis. Yes Yes
IBM Cloud Monitoring Gain operational visibility into the performance and health of your apps by deploying a Monitoring agent to your worker nodes to forward metrics to IBM Cloud® Monitoring. For more information, see Analyzing metrics for an app that is deployed in a Kubernetes cluster. Yes Yes
Instana Instana provides infrastructure and app performance monitoring with a GUI that automatically discovers and maps your apps. Instana captures every request to your apps, which you can use to troubleshoot and perform root cause analysis to prevent the problems from happening again. For more information, see the Instana product page Yes Yes
Prometheus Prometheus is an open source monitoring, logging, and alerting tool that was designed for Kubernetes. Prometheus retrieves detailed information about the cluster, worker nodes, and deployment health based on Kubernetes logging information. CPU, memory, I/O, and network activity is collected for each container that runs in a cluster. You can use the collected data in custom queries or alerts to monitor performance and workloads in your cluster. To use Prometheus, follow the CoreOS instructions. Yes Yes
Sematext View metrics and logs for your containerized applications by using Sematext. Yes Yes
Splunk Import and search your Kubernetes logging, object, and metrics data in Splunk by using Splunk Connect for Kubernetes. Splunk Connect for Kubernetes is a collection of Helm charts that deploy a Splunk-supported deployment of Fluentd to your Kubernetes cluster, a Splunk-built Fluentd HTTP Event Collector (HEC) plug-in to send logs and metadata, and a metrics deployment that captures your cluster metrics. For more information, see Solving Business Problems with Splunk on IBM Cloud Kubernetes Service. Yes Yes

Security services

Want a comprehensive view of how to integrate IBM Cloud security services with your cluster? Check out the Apply end-to-end security to a cloud application tutorial.

Security services
Service Description Classic VPC
IBM Cloud App ID Add a level of security to your apps with App ID by requiring users to sign in. To authenticate web or API HTTP/HTTPS requests to your app, you can integrate App ID with your Ingress service by using the App ID authentication Ingress annotation. Yes Yes
Aqua Security As a supplement to Vulnerability Advisor, you can use Aqua Security to improve the security of container deployments by reducing what your app is allowed to do. Yes Yes
IBM Cloud Container Registry Set up your own secured Docker image repository where you can safely store and share images between cluster users. For more information, see the IBM Cloud® Container Registry documentation. Yes Yes
IBM Key Protect for IBM Cloud Encrypt the Kubernetes secrets that are in your cluster by enabling a key management service (KMS) provider. Encrypting your Kubernetes secrets prevents unauthorized users from accessing sensitive cluster information. Yes Yes
NeuVector Protect containers with a cloud-native firewall by using NeuVector. Yes Yes
IBM Cloud Secrets Manager Ingress secrets and certificates You can use Secrets Manager to store and manage your Ingress secrets and certificates. For more information, see Setting up Secrets Manager in your Kubernetes Service cluster. Yes
Twistlock As a supplement to Vulnerability Advisor, you can use Twistlock to manage firewalls, threat protection, and incident response. Yes Yes

Storage services

Storage services
Service Description Classic VPC
Heptio Velero You can use Heptio Velero to back up and restore cluster resources and persistent volumes. For more information, see the Heptio Velero Use cases for disaster recovery and cluster migration. Yes Yes
IBM Cloud Classic Block Storage IBM Cloud Classic Block Storage is persistent, high-performance iSCSI storage that you can add to your apps by using Kubernetes persistent volumes (PVs). For more information about how to provision block storage in your cluster, see Setting up IBM Cloud Block Storage Yes
Block Storage for VPC Block Storage for VPC provides hypervisor-mounted, high-performance data storage for your virtual server instances that you provision within a VPC cluster. For more information about how to provision VPC Block Storage in your cluster, see Setting up Block Storage for VPC Yes
IBM Cloud Object Storage Data that is stored with Object Storage is encrypted and dispersed across multiple geographic regions, and accessed over HTTP by using a REST API. You can use the ibm-backup-restore image to configure the service to make one-time or scheduled backups for data in your clusters. For more information about the service, see the Object Storage documentation. Yes Yes
File Storage for Classic File Storage for Classic is persistent, fast, and flexible network-attached, NFS-based file storage that you can add to your apps by using Kubernetes persistent volumes. You can choose between predefined storage tiers with GB sizes and IOPS that meet the requirements of your workloads. For more information about how to provision file storage in your cluster, see Setting up File Storage for Classic. Yes
Portworx Portworx is a highly available software-defined storage solution that you can use to manage persistent storage for your containerized databases and other stateful apps, or to share data between pods across multiple zones. You can install Portworx with a Helm chart and provision storage for your apps by using Kubernetes persistent volumes. For more information about how to set up Portworx in your cluster, see Setting up software-defined storage (SDS) with Portworx. Yes Yes

Database services

Database services
Service Description Classic VPC
Cloud databases You can choose between various IBM Cloud database services, such as IBM® Compose for MongoDB for IBM Cloud® or IBM® Cloudant® for IBM Cloud® to deploy highly available and scalable database solutions in your cluster. For a list of available cloud databases, see the IBM Cloud catalog. Yes Yes