Dashboard
Loading...
▣ Server Health
◎ Setup Progress
≡ Recent Events
Server Fleet
7 nodes · Real-time SSH metrics
Enter real IPs in ⚙ Configure IPs, upload your SSH key in Settings, then test connectivity before running any wizard phase.
SSH Session History
| Time | User | Server | Command | Duration |
|---|
Installation Wizard
Step-by-step guided setup — real script execution via SSH
Configure all 7 server IPs and upload your SSH key in Settings before running phases. Each phase runs the real installation script over SSH.
HA Upgrade Path
High-availability extensions — guided, real execution
Complete all 10 wizard phases before starting HA. V1.5 requires 2 additional VMs provisioned on OpenStack.
Cluster Manager
K3s / Kubernetes deployment and node management
K3s cluster setup requires V2 HA complete. Minimum 6 additional VMs (3 control + 3 workers).
K3s Deployment Steps
1
Provision 3 control plane VMs (4vCPU/8GB) on OpenStack:
openstack server create --flavor m1.large --image ubuntu-24.04 k3s-cp-{1,2,3}2
Run OS hardening on all K3s nodes (reuse Phase 0 script)
3
Initialize K3s on CP1:
curl -sfL https://get.k3s.io | sh -s - server --cluster-init --tls-san VIP_IP4
Join CP2 and CP3 with cluster token from
/var/lib/rancher/k3s/server/node-token5
Join worker nodes:
K3S_URL=https://CP1:6443 K3S_TOKEN=token curl -sfL https://get.k3s.io | sh -6
Install Kong Ingress Controller:
helm install kong/kong --set ingressController.enabled=true7
Migrate services: run
kompose convert on each docker-compose file → apply Helm charts8
Install CloudNativePG operator for declarative PostgreSQL HA + backup to OpenStack Swift
Control Plane Nodes
Worker Nodes
Vault Manager
HashiCorp Vault · prod-control-secrets-01
Secret Paths
| Path | Engine | Action |
|---|
Actions
Command output appears here...
Keycloak Manager
SSO · Realms · Clients · Users · Themes
Keycloak admin console available at https://auth.yourdomain.com — open in new tab for full management.
Realms
| Realm | Theme | Users | Action |
|---|---|---|---|
| Connect Keycloak to load... | |||
OAuth2 Clients
| Client ID | Flow | Realm |
|---|---|---|
| Connect Keycloak to load... | ||
Actions
API Gateway
Kong 3.6 · Services · Routes · Plugins · Rate limits
Registered Services
| Service | Upstream | Plugins | Routes | Status | Action |
|---|---|---|---|---|---|
| Loading from Kong API... | |||||
Consumer Groups (Plan-based Rate Limits)
| Plan | Req / min | Req / day | Action |
|---|---|---|---|
| Startup | 30 | 1,000 | |
| Business | 200 | 10,000 | |
| Enterprise | 1,000 | Unlimited |
Monitoring
Prometheus · Grafana · Loki · Alertmanager
Alert Rules
| Alert | Condition | Severity | State |
|---|---|---|---|
| ServerDown | up==0 for 2m | Critical | OK |
| VaultSealed | vault_unsealed==0 | Critical | OK |
| DiskCritical | disk>90% | Critical | OK |
| DiskWarning | disk>75% | Warning | FIRING |
| HighMemory | mem>90% 5m | Warning | OK |
| CertExpiring | cert_days<14 | Warning | OK |
Service Status
| Service | Port | Status |
|---|---|---|
| Prometheus | 9090 | Running |
| Grafana | 3000 | Running |
| Loki | 3100 | Running |
| Alertmanager | 9093 | Running |
Tenant Manager
Multi-tenant provisioning · Schema isolation · Kong consumers
Tenant Registry
| Company | Slug | Plan | DB Schema | Status | Created | Actions |
|---|---|---|---|---|---|---|
| Loading... | ||||||
License Manager
Generate and validate enterprise customer licenses
Each enterprise customer who clones the Zecurix setup gets a license key. The control plane validates this on first boot.
Issued Licenses
| License Key | Customer | Plan | Max Tenants | Valid Until | Status |
|---|---|---|---|---|---|
| Loading... | |||||
Validate a License
Security Hardening
Live checks via SSH · CIS-aligned · Auto-remediation
Click Run Full Audit to check all servers via SSH.
Certificate Manager
Internal CA · Per-service TLS · Let's Encrypt
Certificate Inventory
| Service | Type | Issued | Expires | Days Left | Status | Action |
|---|
Firewall Manager
UFW rules per server · Live verification
Audit Log
All actions · SSH sessions · Tenant events · Vault access
| Time | User | Action | Resource | IP |
|---|---|---|---|---|
| Loading... | ||||
User Management
Control plane users · Roles · Access
These are users of this control plane app. After Keycloak setup, SSO login will be available — configure in Settings → Keycloak SSO.
| Username | Role | Last Login | Actions | |
|---|---|---|---|---|
| Loading... | ||||
Settings
Server config · SSH key · SMTP · Keycloak SSO
⚙ Server IP Configuration
🔑 SSH Private Key
Paste your SSH private key. It is stored encrypted on this server only and never transmitted to clients.
📧 SMTP Configuration
🔐 Keycloak SSO (enable after infra setup)
Enable Keycloak SSO Login
🌐 Domain & Network
⚠ Change Admin Password