Supported IBM Cloud and third-party integrations
You can use various IBM®, IBM Cloud®, and external services with your IBM Cloud Kubernetes Service clusters.
Popular integrations
| Service | Category | Description | Classic | VPC |
|---|---|---|---|---|
| IBM Cloud Activity Tracker | Cluster activity logs | Monitor the administrative activity that is made in your cluster by analyzing logs through Grafana. For more information about the service, see the Activity Tracker documentation. For more information about the types of events that you can track, see Activity Tracker events. | Yes | Yes |
| IBM Cloud App ID | Authentication | Add a level of security to your apps with App ID by requiring users to sign in. To authenticate web or API HTTP or HTTPS requests to your app, you can integrate App ID with your Ingress service by using the App ID authentication Ingress annotation. | Yes | Yes |
| IBM Cloud Classic Block Storage | Block storage | IBM Cloud Block Storage is persistent, high-performance iSCSI storage that you can add to your apps by using Kubernetes persistent volumes (PVs). Use block storage to deploy stateful apps in a single zone or as high-performance storage for single pods. For more information about how to provision block storage in your cluster, see Setting up IBM Cloud Block Storage | Yes | |
| Block Storage for VPC | Block storage | Block Storage for VPC provides hypervisor-mounted, high-performance data storage for your virtual server instances that you provision within a VPC cluster. For more information about how to provision VPC Block Storage in your cluster, see Setting up Block Storage for VPC | Yes | |
| IBM Cloud Code Engine | Serverless | Code Engine is a fully managed, serverless platform that runs your containerized workloads, including web apps, micro-services, event-driven functions, or batch jobs. Code Engine even builds container images for you from your source code. Because these workloads are all hosted within the same Kubernetes infrastructure, all them can seamlessly work together. For more information, see Getting started with IBM Cloud Code Engine. | ||
| IBM Cloud Container Registry | Container images | Set up your own secured Docker image repository where you can safely store and share images between cluster users. For more information, see the IBM Cloud® Container Registry documentation. | Yes | Yes |
| IBM Cloud Continuous Delivery | Build automation | Automate your app builds and container deployments to Kubernetes clusters by using a toolchain. For more information about the setup, see working with Tekton pipelines. | Yes | Yes |
| File Storage for Classic | File storage | NFS-based file storage that you can add to your apps by using Kubernetes persistent volumes. You can choose between predefined storage tiers with GB sizes and IOPS that meet the requirements of your workloads. | Yes | |
| IBM Key Protect for IBM Cloud | Data encryption | Encrypt the Kubernetes secrets that are in your cluster by enabling a key management service (KMS) provider. Encrypting your Kubernetes secrets prevents unauthorized users from accessing sensitive cluster information. | Yes | Yes |
| IBM Log Analysis | Cluster and app logs | Add log management capabilities to your cluster by deploying a Log Analysis agent to your worker nodes to manage logs from your pod containers. For more information, see Managing Kubernetes cluster logs with IBM Log Analysis. | Yes | Yes |
| IBM Cloud Monitoring | Cluster and app metrics | Gain operational visibility into the performance and health of your apps by deploying an IBM Cloud Monitoring agent to your worker nodes to forward metrics to IBM Cloud® Monitoring. For more information, see Analyzing metrics for an app that is deployed in a Kubernetes cluster. | Yes | Yes |
| IBM Cloud Object Storage | Object storage | Data that is stored with Object Storage is encrypted and dispersed across multiple geographic locations, and accessed over HTTP by using a REST API. You can use the ibm-backup-restore image to configure the service to make one-time or scheduled backups for data in your clusters. For more information about the service, see the Object Storage documentation. | Yes | Yes |
| Istio on IBM Cloud Kubernetes Service | Microservice management | Istio is an open source service that gives developers a way to connect, secure, manage, and monitor a network of microservices, also known as a service mesh, on cloud orchestration platforms. Istio on IBM Cloud® Kubernetes Service provides a one-step installation of Istio into your cluster through a managed add-on. With one click, you can get all Istio core components, additional tracing, monitoring, and visualization up and running. To get started, see Using the managed Istio add-on. | Yes | Yes |
| Portworx | Storage for stateful apps | Portworx is a highly available software-defined storage solution that you can use to manage persistent storage for your containerized databases and other stateful apps, or to share data between pods across multiple zones. You can install Portworx with a Helm chart and provision storage for your apps by using Kubernetes persistent volumes. For more information about how to set up Portworx in your cluster, see Setting up software-defined storage (SDS) with Portworx. | Yes | Yes |
| Razee | Deployment automation | Razee is an open-source project that automates and manages the deployment of Kubernetes resources across clusters, environments, and cloud providers, and helps you to visualize deployment information for your resources so that you can monitor the rollout process and find deployment issues more quickly. For more information about Razee and how to set up Razee in your cluster to automate your deployment process, see the Razee documentation. | Yes | Yes |
| IBM Cloud Secrets Manager | Ingress secrets and certificates | You can use Secrets Manager to store and manage your Ingress secrets and certificates. For more information, see Setting up Secrets Manager in your Kubernetes Service cluster. | Yes | Yes |
| IBM Cloud Schematics/ Terraform | Infrastructure and IBM Cloud service automation | Terraform is an open-source software that enables predictable and consistent provisioning of IBM Cloud platform, classic infrastructure, and VPC infrastructure resources by using a high-level scripting language. IBM Cloud Schematics delivers Terraform-as-a-Service so that you can model the resources that you want in your IBM Cloud environment, and enable Infrastructure as Code (IaC). For more information about how to use native Terraform to create a cluster, see Creating single and multizone Kubernetes and Red Hat OpenShift clusters. | Yes | Yes |
DevOps services
| Service | Description | Classic | VPC |
|---|---|---|---|
| Codeship | You can use Codeship for the continuous integration and delivery of containers. | Yes | Yes |
| Grafeas | Grafeas is an open source CI/CD service that provides a common way for how to retrieve, store, and exchange metadata during the software supply chain process. For example, if you integrate Grafeas into your app build process, Grafeas can store information about the initiator of the build request, vulnerability scan results, and quality assurance sign-off so that you can make an informed decision if an app can be deployed to production. You can use this metadata in audits or to prove compliance for your software supply chain. | Yes | Yes |
| Helm | Helm is a Kubernetes package manager. You can create new Helm charts or use preexisting Helm charts to define, install, and upgrade complex Kubernetes applications that run in IBM Cloud Kubernetes Service clusters. For more information, see Setting up Helm in IBM Cloud Kubernetes Service. | Yes | Yes |
| IBM Cloud Continuous Delivery | Automate your app builds and container deployments to Kubernetes clusters by using a toolchain. For more information about the setup, see working with Tekton pipelines. | Yes | Yes |
| Istio on IBM Cloud Kubernetes Service | Istio is an open source service that gives developers a way to connect, secure, manage, and monitor a network of microservices, also known as a service mesh, on cloud orchestration platforms. Istio on IBM Cloud® Kubernetes Service provides a one-step installation of Istio into your cluster through a managed add-on. With one click, you can get all Istio core components, additional tracing, monitoring, and visualization up and running. To get started, see Using the managed Istio add-on | Yes | Yes |
| Jenkins X | Jenkins X is a Kubernetes-native continuous integration and continuous delivery platform that you can use to automate your build process. For more information, see the Jenkins X documentation. | ||
| Razee | Razee is an open-source project that automates and manages the deployment of Kubernetes resources across clusters, environments, and cloud providers, and helps you to visualize deployment information for your resources so that you can monitor the rollout process and find deployment issues more quickly. For more information about Razee and how to set up Razee in your cluster to automate your deployment process, see the Razee documentation. | Yes | Yes |
| IBM Cloud Schematics | IBM Cloud Schematics is a managed Terraform service where you can use native Terraform capabilities, but you don't have to worry about setting up and maintaining the Terraform CLI and IBM Cloud Provider plug-in. For more information about how to use Terraform to create a cluster, see Creating single and multizone Kubernetes and Red Hat OpenShift clusters. | Yes | Yes |
| Terraform | Terraform is an open-source software that enables predictable and consistent provisioning of IBM Cloud platform, classic infrastructure, and VPC infrastructure resources by using a high-level scripting language. For more information about how to use native Terraform to create a cluster, see Creating single and multizone Kubernetes and Red Hat OpenShift clusters. | Yes | Yes |
Hybrid cloud services
| Service | Description | Classic | VPC |
|---|---|---|---|
| IBM Cloud VPC VPN | With the IBM Cloud VPC VPN, you can securely connect your VPC to an on-premises network, other VPCs, or to classic infrastructure through a VPN tunnel. For more information, see Connecting to your on-premises network. | Yes | |
| Direct Link | With IBM Cloud® Direct Link, you can create a direct, private connection between your remote network environments and IBM Cloud Kubernetes Service without routing over the public internet. The Direct Link offerings are useful when you must implement hybrid workloads, cross-provider workloads, large or frequent data transfers, or private workloads. To choose a Direct Link offering and set up a Direct Link connection, see Get Started with IBM Cloud Direct Link (2.0). | Yes | Yes |
| strongSwan IPSec VPN Service | Set up a strongSwan IPSec VPN service that securely connects your Kubernetes cluster with an on-premises network. The strongSwan IPSec VPN service provides a secure end-to-end communication channel over the internet that is based on the industry-standard Internet Protocol Security (IPSec) protocol suite. To set up a secure connection between your cluster and an on-premises network, configure and deploy the strongSwan IPSec VPN service directly in a pod in your cluster. | Yes | |
| Transit Gateway | Use IBM Cloud Transit Gateway to manage access between your VPCs. Transit Gateway instances can be configured to route between VPCs that are in the same region (local routing) or VPCs that are in different regions (global routing). Additionally, you can use Transit Gateway to manage access between your VPCs in multiple regions to resources in your IBM Cloud classic infrastructure. To get started, see the Transit Gateway documentation. | Yes |
Logging and monitoring services
| Service | Description | Classic | VPC |
|---|---|---|---|
| CoScale | Monitor worker nodes, containers, replica sets, replication controllers, and services with CoScale. | Yes | Yes |
| Datadog | Monitor your cluster and view infrastructure and application performance metrics with Datadog. | Yes | Yes |
| IBM Cloud Activity Tracker | Monitor the administrative activity that is made in your cluster by analyzing logs through Grafana. For more information about the service, see the Activity Tracker documentation. For more information about the types of events that you can track, see Activity Tracker events. | Yes | Yes |
| IBM Log Analysis | Add log management capabilities to your cluster by deploying a Log Analysis agent to your worker nodes to manage logs from your pod containers. For more information, see Managing Kubernetes cluster logs with IBM Log Analysis. | Yes | Yes |
| IBM Cloud Monitoring | Gain operational visibility into the performance and health of your apps by deploying a Monitoring agent to your worker nodes to forward metrics to IBM Cloud® Monitoring. For more information, see Analyzing metrics for an app that is deployed in a Kubernetes cluster. | Yes | Yes |
| Instana | Instana provides infrastructure and app performance monitoring with a GUI that automatically discovers and maps your apps. Instana captures every request to your apps, which you can use to troubleshoot and perform root cause analysis to prevent the problems from happening again. For more information, see the Instana product page | Yes | Yes |
| Prometheus | Prometheus is an open source monitoring, logging, and alerting tool that was designed for Kubernetes. Prometheus retrieves detailed information about the cluster, worker nodes, and deployment health based on Kubernetes logging information. CPU, memory, I/O, and network activity is collected for each container that runs in a cluster. You can use the collected data in custom queries or alerts to monitor performance and workloads in your cluster. To use Prometheus, follow the CoreOS instructions. | Yes | Yes |
| Sematext | View metrics and logs for your containerized applications by using Sematext. | Yes | Yes |
| Splunk | Import and search your Kubernetes logging, object, and metrics data in Splunk by using Splunk Connect for Kubernetes. Splunk Connect for Kubernetes is a collection of Helm charts that deploy a Splunk-supported deployment of Fluentd to your Kubernetes cluster, a Splunk-built Fluentd HTTP Event Collector (HEC) plug-in to send logs and metadata, and a metrics deployment that captures your cluster metrics. For more information, see Solving Business Problems with Splunk on IBM Cloud Kubernetes Service. | Yes | Yes |
Security services
Want a comprehensive view of how to integrate IBM Cloud security services with your cluster? Check out the Apply end-to-end security to a cloud application tutorial.
| Service | Description | Classic | VPC |
|---|---|---|---|
| IBM Cloud App ID | Add a level of security to your apps with App ID by requiring users to sign in. To authenticate web or API HTTP/HTTPS requests to your app, you can integrate App ID with your Ingress service by using the App ID authentication Ingress annotation. | Yes | Yes |
| Aqua Security | As a supplement to Vulnerability Advisor, you can use Aqua Security to improve the security of container deployments by reducing what your app is allowed to do. For more information, see Securing container deployments on IBM Cloud with Aqua Security. | Yes | Yes |
| IBM Cloud Container Registry | Set up your own secured Docker image repository where you can safely store and share images between cluster users. For more information, see the IBM Cloud® Container Registry documentation. | Yes | Yes |
| IBM Key Protect for IBM Cloud | Encrypt the Kubernetes secrets that are in your cluster by enabling a key management service (KMS) provider. Encrypting your Kubernetes secrets prevents unauthorized users from accessing sensitive cluster information. | Yes | Yes |
| NeuVector | Protect containers with a cloud-native firewall by using NeuVector. | Yes | Yes |
| IBM Cloud Secrets Manager | Ingress secrets and certificates | You can use Secrets Manager to store and manage your Ingress secrets and certificates. For more information, see Setting up Secrets Manager in your Kubernetes Service cluster. | Yes |
| Twistlock | As a supplement to Vulnerability Advisor, you can use Twistlock to manage firewalls, threat protection, and incident response. | Yes | Yes |
Storage services
| Service | Description | Classic | VPC |
|---|---|---|---|
| Heptio Velero | You can use Heptio Velero to back up and restore cluster resources and persistent volumes. For more information, see the Heptio Velero Use cases for disaster recovery and cluster migration. | Yes | Yes |
| IBM Cloud Classic Block Storage | IBM Cloud Classic Block Storage is persistent, high-performance iSCSI storage that you can add to your apps by using Kubernetes persistent volumes (PVs). Use block storage to deploy stateful apps in a single zone or as high-performance storage for single pods. For more information about how to provision block storage in your cluster, see Setting up IBM Cloud Block Storage | Yes | |
| Block Storage for VPC | Block Storage for VPC provides hypervisor-mounted, high-performance data storage for your virtual server instances that you provision within a VPC cluster. For more information about how to provision VPC Block Storage in your cluster, see Setting up Block Storage for VPC | Yes | |
| IBM Cloud Object Storage | Data that is stored with Object Storage is encrypted and dispersed across multiple geographic locations, and accessed over HTTP by using a REST API. You can use the ibm-backup-restore image to configure the service to make one-time or scheduled backups for data in your clusters. For more information about the service, see the Object Storage documentation. | Yes | Yes |
| File Storage for Classic | File Storage for Classic is persistent, fast, and flexible network-attached, NFS-based file storage that you can add to your apps by using Kubernetes persistent volumes. You can choose between predefined storage tiers with GB sizes and IOPS that meet the requirements of your workloads. For more information about how to provision file storage in your cluster, see Setting up File Storage for Classic. | Yes | |
| Portworx | Portworx is a highly available software-defined storage solution that you can use to manage persistent storage for your containerized databases and other stateful apps, or to share data between pods across multiple zones. You can install Portworx with a Helm chart and provision storage for your apps by using Kubernetes persistent volumes. For more information about how to set up Portworx in your cluster, see Setting up software-defined storage (SDS) with Portworx. | Yes | Yes |
Database services
| Service | Description | Classic | VPC |
|---|---|---|---|
| IBM Blockchain Platform v2 | Deploy and manage your own IBM Blockchain Platform on IBM Cloud Kubernetes Service. With IBM Blockchain Platform v2, you can host IBM Blockchain networks or create organizations that can join other IBM Blockchain v2 networks. For more information about how to set up IBM Blockchain in IBM Cloud Kubernetes Service, see About IBM Blockchain Platform. | Yes | |
| Cloud databases | You can choose between various IBM Cloud database services, such as IBM® Compose for MongoDB for IBM Cloud® or IBM® Cloudant® for IBM Cloud® to deploy highly available and scalable database solutions in your cluster. For a list of available cloud databases, see the IBM Cloud catalog. | Yes | Yes |