KIWI User Guide

Welcome to the KIWI Guide! This guide will help you understand and utilize all the features of the KIWI platform with ease.

---

What is KIWI?

KIWI stands for K8s Integrated Workflow Intelligence, an integrated DevSecOps platform that lets you manage servers, deploy containers, and analyze security—all in one place.

Who Needs KIWI?

• Operations teams who want to centrally manage multiple servers and Kubernetes clusters.
• Development teams who want CI/CD pipelines and security scanning without separate tools
• DevOps engineers who want to see builds, deployments, and vulnerabilities at a glance
• Administrators who want to intuitively operate servers even with minimal infrastructure experience.

What Can You Do with KIWI?

• Register Servers: Register servers with SSH connection info and manage them remotely.

• Connect Runtimes: Connect Kubernetes, Docker, or Podman environments to KIWI.

• Build Services: Automatically build container images from GitLab repositories.

• Deploy Services: One-click deployment to K8s or Docker environments.

• Security Scanning: Automatically detect vulnerabilities with SAST, SCA, and DAST.

• Backup/Recovery: Safely backup and restore etcd and Docker data.

---

Quick Start

First Time Here?

If you're new to KIWI, follow these steps in order. Each step takes about 5-10 minutes to complete.

Step 1: Register a Server

First, register the server where you'll deploy services.

1. Go to the Device Management page
2. Click Add → Add Device
3. Enter the server's IP address and SSH port
4. Test the connection and save.

Before You Start

Prepare the following information:

• Server IP address and SSH port (default: 22)
• SSH credentials (username/password or key)

Step 2: Connect Runtime Environment

Connect a Kubernetes cluster or Docker to your registered server.

1. Go to the Runtime Environments page
2. Click the Add Runtime button.
3. Select the runtime type (Kubernetes/Docker/Podman)
4. Enter the connection information and save.

For Kubernetes Users

You'll need a kubeconfig file. Check the ~/.kube/config file on your master node.

Step 3: Register and Deploy a Service

Connect a GitLab repository to register a service and build/deploy it.

1. Go to the Service Management page
2. Click the Add Service button.
3. Enter the GitLab repository URL and token
4. Configure build settings and run the deployment.

Don't Have a GitLab Token?

Go to GitLab → Settings → Access Tokens to create a Personal Access Token. You'll need read_api and read_repository permissions.

---

Page Guides

Detailed guides for all features on each page. Click a page to view detailed usage instructions.

Main Features

• Dashboard: Monitor overall service status. Key features include status check, DORA metrics, and quick actions.

• Device Management: Manage servers and infrastructure. Key features include SSH connection, multi-hop, and VPN integration.

• Runtime Environments: Manage K8s/Docker/Podman. Key features include cluster connection and resource monitoring.

• Service Management: Git-based service build/deploy. Key features include build, deploy, security scan, and rollback.

Operations Management

• Backup Management: Backup and restore infrastructure data. Key features include etcd backup, Docker backup, and restoration.

• Database: Manage external DB connections. Key features include connection info, sync, and restoration.

• Audit Log: View system activity records. Key features include filtering, search, and export.

Admin Features

• User Management: Manage organization users. Key features include invite, assign roles, and deactivate.

• Permission Management: Configure user permissions. Key features include grant/revoke permissions and risk display.

• Profile: Manage personal information. Key features include edit info and change password.

---

Scenario Guides

Step-by-step guides that walk you through specific tasks from start to finish.

System Setup

• System Registration - Complete process for registering servers, K8s, and Docker.
• Server Registration - Register servers via SSH and test connections.

Service Build/Deploy

• Service Registration - From GitLab integration to build configuration.
• Build/Deploy - Kaniko builds and K8s/Docker deployment.
• Auto CI Setup - Configure automatic build triggers on push

Security Analysis

• Security Analysis Overview - Complete DevSecOps security scanning workflow
• SAST Scan - Static source code analysis.
• SCA Scan - Dependency vulnerability analysis.
• DAST Scan - Dynamic testing on running apps.

Operations Management

• Backup/Recovery - Backup and restore etcd and Docker data
• Operations Management - Log viewing, container management, Shell access.

---

KIWI Core Features

Service Build/Deploy

KIWI provides a complete pipeline for fetching source code from GitLab repositories, building container images, and deploying them.

• Git Integration: Connect GitLab repositories using a Personal Access Token. You can build by branch or tag.
• Kaniko Build: Safely build images based on Dockerfiles. If you don't have a Dockerfile, Build Wizard helps with auto-generation.
• K8s/Docker Deploy: Deploy built images as Kubernetes Pods or Docker containers.
• Rollback: Quickly revert to a previous version when issues occur.

Security Analysis (DevSecOps)

Perform security checks throughout the development pipeline to catch vulnerabilities early.

• SAST: Static source code analysis to detect SQL injection, XSS, etc. Runs before build using CodeQL and Semgrep.

• SCA: Check known vulnerabilities (CVEs) in open-source libraries. Runs after build using Trivy.

• SBOM: Generate software component list. Runs after build using Trivy.

• DAST: Attack simulation on running apps. Runs after deploy using ZAP.

Infrastructure Management

Unified management for various container runtimes.

• Kubernetes: Cluster connection, node status, namespaces, resource monitoring. Supports metrics server installation.
• Docker/Podman: Container list, log viewing, image management. Podman runs in rootless mode for enhanced security.

Backup/Recovery

Backup critical infrastructure data and restore when needed.

• etcd Backup: Backup Kubernetes cluster state as snapshots. Essential for cluster disaster recovery.
• Docker Backup: Backup containers, volumes, and images.
• External Storage: Safely store backup files in AWS S3, MinIO, etc.

---

Permission System

KIWI manages user permissions through Role-Based Access Control (RBAC).

Role Types

Each user has one role within an organization.

• Manager: Organization administrator with access to user invites, permission management, and most features.

• Member: Regular user with access only to features within granted permissions.

Permission Categories

Permissions are classified by target resource.

• infra: Kubernetes, Docker, Podman runtime related.
• device: Servers, VMs, and infrastructure devices.
• service: Service build, deploy, security scan related.
• backup: Backup creation, recovery, deletion related.
• database: Database connection, synchronization related.
• audit: Audit log viewing, export related.

Permission Risk Levels

Each permission displays a risk level based on its system impact.

• Critical: Major system impact. Examples include delete, restore, and terminal access.

• High: Data impact. Examples include configuration changes and deployment.

• Medium: General management tasks. Examples include create and modify operations.

• Low: View-only access. Examples include list viewing and status checks.

---

Need Help?

• FAQ - Frequently asked questions and answers.
• Page Guides - Detailed guides for each page in the left sidebar
• Scenario Guides - Step-by-step walkthroughs for specific tasks.

For additional inquiries, please contact your organization administrator.