Documentation
Everything you need to deploy and operate ITOps V4.
Getting Started
ITOps V4 consists of four bundled components plus one standalone: Core (Go backend: GraphQL + REST API), UI (Vue.js/Quasar SPA), Landing (static marketing + docs), and Agent (K8s operator). SLA Portal is optional and deploys standalone as a public status page. The main chart (itops/itops) bundles Core + UI + Landing + PostgreSQL; the agent and SLA Portal are separate charts.
Quick Deploy
Before you start:
Pick one API key value and use the SAME string everywhere — the platform (as
ITOPS_SECURITY_OPERATOR_API_KEY) and every agent + webhook caller (as itops.apiKey.value or X-API-Key / Authorization: Bearer header) must match. The two header forms are equivalent — pick one, CronJobs usually prefer X-API-Key. Generate a key with openssl rand -hex 32.
Always include nodeId on push webhooks:
Every call to
/api/v1/health/report, /api/v1/storage/report and /api/v1/backup/report should carry "nodeId": "organization/platform/environment/cluster". If it's missing, the backend places the service under a red "unknown" hierarchy node (deliberate — it surfaces misconfig instead of silently dropping data). Seeing anything under "unknown" in the UI means some cronjob needs its nodeId fixed.
# 1. Add ITOps Helm repo
helm repo add itops https://charts.mlops.hu
helm repo update
# 2. Deploy ITOps platform (Core + UI + Landing + PostgreSQL)
API_KEY=$(openssl rand -hex 32)
helm install itops itops/itops -n itops --create-namespace \
--set secretEnv.ITOPS_SECURITY_OPERATOR_API_KEY="$API_KEY"
# 3. Deploy agent on each K8s cluster you want to monitor
# Use in-cluster URL when the platform runs in the same cluster:
helm install itops-agent itops/itops-agent -n itops --create-namespace \
--set node.id="myorg/myplatform/prod/cluster1" \
--set itops.url="http://itops-core.itops:8080" \
--set itops.apiKey.value="$API_KEY"
# Or an ingress URL if the agent lives in a DIFFERENT cluster:
# --set itops.url="https://api.yourdomain.com"
# 4. (Optional) Deploy SLA Portal as a public status page
helm install sla-portal itops/sla-portal -n sla-portal --create-namespace \
--set ingress.host=sla.yourdomain.com \
--set apiKey="$API_KEY"
# 5. Verify
kubectl get pods -n itops
kubectl get pods -n sla-portal
# 6. Open the UI (port-forward for a quick first look)
kubectl port-forward -n itops svc/itops-ui 8080:80
# Browse http://localhost:8080
# Default login: admin / Password123! (change after first login)
#
# After first login, wire up LDAP / SSO via GitOps Helm values — the Auth
# Providers admin UI is read-only, everything comes from the chart. See:
# Docs → GitOps → Auth providersArchitecture
5-level hierarchy: organization/platform/environment/cluster/service. The first four come from the agent's node.id; the fifth is each individual service. Data enters ITOps through two symmetric paths — K8s agents and HTTP push webhooks — both feed the same upsert pipeline, so every service (K8s-native, bare-metal, or cloud-managed) appears side-by-side in one Operations Catalog.
BROWSERS PLATFORM (namespace: itops) DATA SOURCES
-------- --------------------------- ------------
Admin UI (Vue.js/Quasar) +-------------------+
----------------------------->| itops-ui |
GraphQL + REST to /api | (nginx, static) |
+---------+---------+ +-------------------------+
| | K8s clusters (any #) |
Landing / public docs +---------v---------+ sync | +-------------------+ |
----------------------------->| itops-landing |<--------| | itops-agent | |
(www.mlops.hu) +-------------------+ 30s | | - ConfigMap watch| |
| | - pod health | |
+-------------------+ | +-------------------+ |
| itops-core |<---PUT/POST--- push webhooks ---+ |
| - GraphQL API | | (external / VM / |
| - REST API | | bare-metal cronjobs) |
| - SLA aggregator | +-------------------------+
| - Daily report |
| 07:00 local |---JSON-->+-----------------+
+---------+---------+ | sla-portal |
| | (separate NS, |
+---------v---------+ | SQLite-backed, |
| postgresql | | public status) |
+-------------------+ +-----------------+