Nubus for Kubernetes 1.20: Monitoring and Observability

The latest Nubus for Kubernetes release improves observability: a new API endpoint provides metrics for operator dashboards, and additional information in the Management UI gives operators and administrators easy access to information that helps prevent or analyze incidents.

The REST API of the Univention Directory Manager (UDM) now includes a new endpoint that provides metrics about the Nubus deployment. The API has been designed to work best with Prometheus, the most commonly used implementation for collecting and storing metrics and providing them to dashboard solutions such as Grafana.

In the initial release, the metrics endpoint of the UDM REST API provides the following metrics:

• Number of registered users
• Number of licensed users
• Nubus domain name and domain identifiers
• Detailed information about the Nubus release, including software version, patch level, and platform information (whether it runs on Kubernetes or UCS)

Operators can easily identify when user growth reaches critical levels, exceeds the license limits, or when the installed Nubus version is outdated. Thanks to the domain information, it is also easy to distinguish between multiple Nubus deployments in larger environments. Detailed information can be found in the metrics chapter of the Nubus Manual.

When analyzing configuration issues or end-user incidents, it is often necessary to access technical information used in the backends, such as the Univention Object Identifier introduced with Nubus for Kubernetes 1.10. To simplify the process of matching real names with technical identifiers for users, groups, and any other information stored in the directory service, Univention Nubus now includes these identifiers in the Web UI.

This is helpful in several scenarios: if a warning or error containing a technical identifier such as the Univention Object Identifier is logged in a backend service, administrators can now search for that identifier directly in the Web UI of Univention Nubus and easily access the full information about the affected user. If a user reports an issue to the end-user helpdesk, administrators can now easily retrieve the technical identifiers from the Nubus Web UI and use them to search log messages.

In addition, further information such as the LDAP DN, as well as timestamps and actors for object creation and last modification, are available, together with OpenLDAP internal information such as the entryUUID. This information is available for every object stored in the directory service and can be accessed both in the Web UI and in the UDM REST API. As this information is not needed for day-to-day administration, the UI elements are located in the “Advanced settings” section within a new “Technical Information” area.

As with every release, there are many smaller changes. One noteworthy aspect is the increasing number of security-related fixes we deliver for upstream components included in Univention Nubus. We assume that AI-based analysis of open source software also impacts the software included in Nubus, and we aim to release patched versions as quickly as possible — for example, for critical findings in Keycloak that were already addressed in the Nubus 1.19.1 patch-level release. Thanks to the infrastructure we introduced to prevent supply chain attacks, we can identify and fix these issues quickly.

A cost-saving improvement for operators of larger deployments is the newly introduced configuration option for the two data volumes used by the LDAP container images. One of these volumes stores the LDAP database with all stored objects and therefore requires larger and faster storage, while the other stores only runtime data and requires only a small volume with average performance. In previous releases, it was not possible to configure different storage classes and sizes for these volumes, resulting in runtime data being placed on large, fast, and therefore expensive storage. Thanks to the new configuration options, it is now possible to choose different storage classes and reduce costs.

As always, the Release Notes provide all details, and the installation process is described in the Nubus Operations Manual.