cortex
Ory Kratos
cortex | Ory Kratos | |
---|---|---|
18 | 44 | |
5,432 | 11,035 | |
0.5% | 1.2% | |
9.7 | 9.6 | |
2 days ago | 4 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cortex
-
Scaling Prometheus with Thanos
There are many Projects like Thanos, M3, Cortex, and Victoriametrics. But Thanos is the most popular among these. Thanos addresses these issues with Prometheus and is the ideal solution for scaling Prometheus in environments with extensive metrics or multiple clusters where we require a global view of historical metrics. In this blog, we will explore the components of Thanos and will try to simplify its architecture by building it step by step, starting with the main components. We will also have a demo using k6-metrics. Before diving into Thanos, I recommend reading our blog on Prometheus Monitoring with Prometheus if you are not already familiar with Prometheus.
-
Self hosted log paraer
now if its more metric data you are using and want to do APM, prometheus is your man https://prometheus.io/, want to make prometheus your full time job? deploy cortex https://cortexmetrics.io/, honorable mention in the metrics space, Zabbix, https://www.zabbix.com/ I've seen use cases of zabbix going way beyond its intended use its a fantastic tool
-
Is anyone frustrated with anything about Prometheus?
Yes, but also no. The Prometheus ecosystem already has two FOSS time-series databases that are complementary to Prometheus itself. Thanos and Mimir. Not to mention M3db, developed at Uber, and Cortex, then ancestor of Mimir. There's a bunch of others I won't mention as it would take too long.
-
Centralized solution for Prometheus?
You can use the Remote write feature to send to a centralized location. It would have to be scalable like Cortex https://cortexmetrics.io/
-
Where to store high-cardinality metrics?
Cortex is not really good for high-cardinality metrics (if you are talking about https://github.com/cortexproject/cortex)
-
Building a distributed lab with an observability stack
For a homelab I think prometheus + grafana is easy to get started and scales well. There are lots of ways to set up the architecture. Prometheus can write to a directory on a filesystem, it can be set to write to a remote server, and there are other projects to integrate object storage (s3, minio, etc) or influxdb for long term storage and downsampling.
-
Prometheus federation or Thanos?
Cortex (it is renamed to Mimir recently).
- Building my first Monitoring stack - Security concerns
-
Grafana Mimir – 1B active series TSDB
Disclosure: I work for AWS, but I don't work on the Amazon Managed Service for Prometheus. I have my own very long held opinions about Free and Open Source software, and I am only speaking for myself.
To me, the AGPLv3 license isn't about forcing software users to "give changes back" to a project. It is about giving the permissions to users of software that are necessary for Software Freedom [1] when they access a program over a network. In practice, that means that changes often flow "upstream" to copyleft licensed programs one way or another. But it was never about obligating changes to be "given back" to upstream. In my personal opinion, you should be "free to fork" Free and Open Source Software (FOSS). Indeed, the Grafana folks seem to have decided to do that with Grafana Mimir.
Personally, I hope that they accept contributions under the AGPLv3 license, and hold themselves to the same obligations that others are held to with regard to providing corresponding source code of derivative works when it is made available to users over a network. In my personal opinion, too often companies use a contributor agreement that excuses them from those obligations, and also allows them to sell the software to others under licenses that do not carry copyleft obligations. See [2] for a blog post that goes into some detail about this.
If you look at the Coretex project MAINTAINERS file [3], you will see that there are two folks listed that currently work at AWS, but no other company other than Grafana Labs today. I would love to see more diversity in maintainers for a project like this, as I think too many maintainers from any one company isn't the best for long term project sustainability.
I think if you look at the Cortex Community Meeting minutes [4], you can see that AWS folks are regularly "showing up" in healthy numbers, and working collaboratively with anyone who accepts the open invitation to participate. There have been some pretty big improvements to Coretex that have merged lately, like some of the work on parallel compaction [5, 6].
TL;DR, I think it is easy to jump to some conclusions about how things are going in a FOSS project that don't hold water if you do some cursory exploration. I think best way to know what's going on in a project is to get involved!
--
[1] the rights needed to: run the program for any purpose; to study how the program works, and modify it; to redistribute copies; to distribute copies of modified versions to others
[2] https://meshedinsights.com/2021/06/14/legally-ignoring-the-l...
[3] https://github.com/cortexproject/cortex/blob/master/MAINTAIN...
[4] https://docs.google.com/document/d/1shtXSAqp3t7fiC-9uZcKkq3m...
[5] https://aws.amazon.com/blogs/opensource/scaling-cortex-with-...
[6] https://github.com/cortexproject/cortex/pull/4624
- Ask HN: How to built a HIGHLY scalable API monitoring tool?
Ory Kratos
- Show HN: OSS Auth0 Alternative Ory Kratos Now with Full PassKey Support
-
Integrate Ory in a NestJS application
In the onSignIn method, if the user's email address is not verified, an error is thrown to prevent login, see documentation. This logic is similar to the original require_verified_address hook in Ory Kratos. Unless the identity schema does not require email verification, the user can log in without a verified email address. We will use this logic to skip the email verification step for our end-to-end tests. The OryWebhookError class is a custom error class that extends the HttpException class from NestJS. It formats the error response in the format expected by Ory Kratos webhooks allowing the error message to be displayed in the Self-Service UI.
-
Create NestJS libraries to interact with Ory API
kratos-client-wrapper is a set of NestJS modules that wraps @ory/client and, more particularly, the Frontend and Identity APIs, which are part of Ory Kratos
- Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support
-
Show HN: Obligator – An OpenID Connect server for self-hosters
I was expecting hydra / kratos to show up as an alternative.. but did not see any. Does any have any experience, good or bad about it?
https://github.com/ory/kratos
-
Show HN: Blueprint for a distributed multi-region IAM with Go and CockroachDB
I think it would be fair to say that kratos was not the priority in 2022 in terms of code you can see not much was commited (https://github.com/ory/kratos/graphs/code-frequency) so I might have had a bad first impression.
A few issues on kratos that I consider relatively important are still missing / nobody from Ory is giving their input so it's hard to make progress and I would not take my time to contribute if I dont know if the owner are going to merge it.
An example that comes to mind is the OAuth email auto-verification or the search of users that is still super basic (we only recently got the filter of identifiers).
- Ory Kratos v1.0 with passkeys, MFA and multi-region
- Show HN: Open-source IAM Ory Kratos v1.0 with Passkeys, MFA and multi-region
-
What auth do you use? Why?
IMO it's almost always good to offer some OIDC social login, just depends what provider your users use.
- https://github.com/ory/kratos
- Show HN: Open-source Auth0 alternative Ory Kratos v0.13 released – nearing v1.0
What are some alternatives?
thanos - Highly available Prometheus setup with long term storage capabilities. A CNCF Incubating project.
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
mimir - Grafana Mimir provides horizontally scalable, highly available, multi-tenant, long-term storage for Prometheus.
SuperTokens Community - Open source alternative to Auth0 / Firebase Auth / AWS Cognito
loki - Like Prometheus, but for logs.
zitadel - ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.
VictoriaMetrics - VictoriaMetrics: fast, cost-effective monitoring solution and time series database
Ory Hydra - OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
TimescaleDB - An open-source time-series SQL database optimized for fast ingest and complex queries. Packaged as a PostgreSQL extension.
Ory Keto - Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.
m3 - M3 monorepo - Distributed TSDB, Aggregator and Query Engine, Prometheus Sidecar, Graphite Compatible, Metrics Platform
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.