Kestra Administrator Guide – Operate and Secure Your Cluster

The Administrator Guide covers everything you need to know about managing your Kestra cluster.

Operate and secure your Kestra cluster

  • Check the Installation Guide for details on how to install Kestra to your preferred environment.
  • Check the Configuration guide for details on how to configure Kestra based your specific needs.

Software and Hardware Requirements

Check Kestra system requirements. Verify software prerequisites (Java, DB) and hardware recommendations for running Kestra effectively.

Alerting & Monitoring

Monitor and alert on Kestra health. Best practices for setting up Prometheus metrics, health checks, and failure notifications for your instance.

Troubleshooting

Solutions for common Kestra issues, including pod restarts, unprocessable executions, and Docker-in-Docker problems.

Backup & Restore

Learn how to perform full or metadata-only backups and restores of your Kestra instance for disaster recovery and migration.

Troubleshooting Basic Authentication

Troubleshoot common issues with Basic Authentication in Kestra, including configuration and login problems.

MITM Proxy for DinD

Configure Docker-in-Docker (DinD) to run securely behind a corporate or MITM proxy within your Kestra deployment.

High Availability

Design and configure Kestra for High Availability (HA) to ensure fault tolerance and continuous operation in production.

JVM CPU Limits

Configure the Kestra Helm chart to force the JVM to honor Kubernetes CPU limits, preventing pods from over-consuming resources.

MITM Proxy for Kestra

Configure Kestra to route outbound HTTPS traffic through a Man-in-the-Middle (MITM) proxy for secure environments.

OpenTelemetry

Implement observability in Kestra with OpenTelemetry to export traces, metrics, and logs to your preferred monitoring tools.

Prometheus Metrics

Explore the available Prometheus metrics in Kestra to monitor the performance and health of your orchestration cluster.

Purge

Use purge tasks to remove old executions, logs, and key-value pairs, helping reduce storage usage.

Security Hardening

Best practices for hardening Kestra security, including network isolation, host-level controls, and plugin validation.

Server Components Liveness

Understand Kestra's server liveness mechanism, heartbeats, and how it handles component failures and recovery.

Configure SSL for Kestra

Configure SSL/TLS encryption for Kestra to secure the UI and API access using self-signed or CA-signed certificates.

Managing Upgrades

Best practices for upgrading Kestra, performing rolling updates, and rolling back to previous versions safely.

Usage

Learn about anonymous usage reporting in Kestra and how to configure or disable data collection.

Webserver URL

Configure the Kestra webserver URL and proxy settings to ensure correct link generation and access behind reverse proxies.

Was this page helpful?