Features in Omnia Radix
Alerting and notification
Radix can send alerts about failing pipeline jobs, components or jobs to Slack using Incoming Webhooks.
Authentication
Guide - Radix config reference
Client certificates
ClientCertificates, which can be configured for a component or a specific environment.
OAuth service
Radix provides built-in configuration for adding OAuth2 authorization with OIDC to the component. Common oauth2 settings can be configured at component level and/or in the component's environmentConfig section.
Guide - Radix config reference
Azure Blob Storage CSI driver
This driver allows Kubernetes to access Azure Storage - Blobs.
Guide - Radix config reference
Azure Key Vault integration
Azure Key Vault secrets, keys and certificates can be used in Radix as secrets. Once configured, they are available in replicas of Radix application as environment variables and files.
Guide - Radix config reference
Key Vault secret, keys and certificates are listed as variables in web console, including version information.
Autorotation of secrets
Azure Workload Identity
Some workloads (component or job replicas) running in Radix require credentials (JWT access tokens) for an Azure AD app registration or user-assigned managed identity to access Azure AD protected resources, like MS Graph, Key Vaults, Storage Accounts or Azure SQL Databases. Credentials for such workloads can be acquired using the OAuth 2.0 client credentials flow. The client credentials flow permits a workload to use its own credentials to access protected resources instead of impersonating a user. Credentials can be acquired by using either a shared secret, a certificate or with federated credentials.
Guide - Radix config reference
Backup
Application configuration is backed up every hour using Velero and that backup is stored in the Azure Storage account.
Auto build and/or deploy on GitHub commit
Continuous integration/deployment (CI/CD), using a GitHub Webhook, secured by a deploy key and a webhook secret.
Workflows
It is possible to use, for instance Git Flow or Trunk-based development. Radix gives us a couple of tools to shape our workflow: branch-environment mapping and deployment promotion.
Build and deploy pipeline
The most used pipeline is the build and deploy pipeline, which builds the application and deploys the resulting image(s).
Deploy only pipeline
Another pipeline is the deploy only pipeline, which deployes a already built image.
Guide - Radix config reference
AD Service Access Token
In order to run a deploy-only pipeline job, Azure service principals Azure AD app registration or user-assigned managed identity can be used.
Promote pipeline
Promote a deployment to another or the same environment.
Rollback to any version (as part of Promote)
It is easy to rollback to an earlier version, using the promote pipeline (yes, it should have been called demote - or rollback)
Build secrets
Named values, entered in the Radix console, passed as arguments to a Dockerfile build operation.
Guide - Radix config reference
Certificates, SSL certificates
Only HTTPS traffic is allowed in and out of the application. SSL certificates are automatically managed by Radix, except for custom external aliases.
Custom certificate
Managing your own certificate is possible. Adding the certificate information to your application is done using the Radix Console
Component and/or Environment stop/start/restart
Stop, Start and Restart of a running component or all components in an environment can be done in the Web console.
Command Line (Radix CLI)
Radix offers a command line interface - Radix CLI, which uses the command rx.
Container logs in Radix console and Radix CLI
Container logs can be accessed using Radix Web Console or Radix CLI.
Code editor integrations - radixconfig.yaml schema validation
Enable auto-completion and schema validation for radixconfig.yaml in VS Code and Jetbrains IDEs.
Cost calculation
Cost calculation is based on the total time the replicas(containers) belonging to an application has been running, and how much CPU and memory the replicas requested.
DNS aliases
Each application can have one specific component in one specific environment set as the default alias.
External alias (byo DNS certificate)
It is possible to have multiple custom DNS aliases (i.e. to choose your own custom domain) for the application.
Doc Guide - Radix config reference
Egress rules
An egress configuration can define rules for outbound traffic from a Radix application.
Guide - Radix config reference
Enable/disable components
Components can be enabled or disabled for all or only certain environments.
Guide - Radix config reference
Environment(s)
Environment variables
Multiple environments
Horizontal autoscaling
Number of replicas can be used to horizontally scale.
Job manager
Guide - Radix config reference
Job batches
Jobs
Kubernetes Cluster node autoscaling
For modern application development in Kubernetes and in Radix it is preferred to create applications that scales horizontally rather than vertically.
Monorepo
It is possible to have multiple Radix applications, using the same GitHub repository, also known as monorepo software development strategy.
Monitoring and metrics
Prometheus and Grafana are the main tools provided in Radix for analytics and monitoring visualisation.
Guide - Doc - Radix config reference and config reference
Sub-pipelines (Tekton)
After "Build components" step (if it does not exist - after "Prepare pipeline" step), the step "Run sub-pipeline" runs optional sub-pipeline. Using the Tekton CI/CD framework.
Doc Guide - Tekton documentation
Pipeline status badges
A pipeline status badge shows the status of the latest pipeline job of a specific type in a specific environment. Status is one of success, failing, stopped, pending or running.
Private container image repositories
When using a Deploy only strategy, a private image is often used.
Guide - Radix config reference
Probes, monitoring container liveness
Radix uses readiness probe to minimize this downtime as close to zero as possible.
Replica
A replica is a running instance of a component. As a normal process, it can write to the standard output (stdout), which is made available for inspection by Radix.
Resource request and limits
resources is used to ensure that each container is allocated enough resources to run as it should.
Rolling updates
Radix aims to support zero downtime application re-deployment by utilising Kubernetes' rolling update and readiness probe features.
Runtime secrets
Secrets are made available to components as environment variables
Git Submodules
Submodules is a native git feature which enables git repositories within other git repositories.