Operations & Access

This guide covers how to access the web UIs, databases, and internal services deployed by the CIMPL stack.

External UIs (DNS-routed)

These UIs are exposed through the Istio Gateway with TLS certificates managed by cert-manager. Access them directly in a browser.

UI	URL Pattern	Purpose
Kibana	`https://<env>-kibana.<domain>`	Elasticsearch dashboards, index management, log exploration
Keycloak	`https://<env>-keycloak.<domain>`	Identity provider admin console, realm and user management
Airflow	`https://<env>-airflow.<domain>`	DAG management, task monitoring, workflow orchestration

The <env> prefix and <domain> are set during azd provision. For example: https://myenv-kibana.developer.example.org.

Internal UIs (port-forward)

These UIs are not exposed externally and should be accessed by forwarding a local port to the cluster service. This requires kubectl access to the cluster, which serves as the authentication boundary.

UI	Command	Local URL	Purpose
MinIO Console	`kubectl port-forward -n platform svc/minio-console 9001:9001`	localhost:9001	Object storage browser, bucket management
RabbitMQ Management	`kubectl port-forward -n platform svc/rabbitmq 15672:15672`	localhost:15672	Queue monitoring, exchange and binding management

MinIO Console

MinIO provides S3-compatible object storage. The console gives full read/write access to all buckets including schema storage, OPA policies, and legal configuration.

kubectl port-forward -n platform svc/minio-console 9001:9001

RabbitMQ Management

RabbitMQ provides async messaging between OSDU services. The management UI shows queue depths, consumer counts, and message rates.

kubectl port-forward -n platform svc/rabbitmq 15672:15672

Database Access

PostgreSQL

CloudNativePG provides a 3-node HA PostgreSQL cluster. Connect to the read-write primary:

kubectl port-forward -n platform svc/postgresql-rw 5432:5432

Then connect with any PostgreSQL client:

psql -h localhost -U osdu -d partition

Read-only access

Use svc/postgresql-ro for read-only queries that can be served by replicas.

Elasticsearch

The Elasticsearch HTTP API is available on port 9200. Kibana is the preferred way to interact with it (see External UIs), but you can also port-forward for direct API access:

kubectl port-forward -n platform svc/elasticsearch-es-http 9200:9200

Redis

Redis is used for caching (entitlements, sessions). Connect to the master:

kubectl port-forward -n platform svc/redis-master 6379:6379

redis-cli -h localhost -p 6379

OSDU Service APIs

All OSDU services are exposed externally through the Istio Gateway on the primary hostname (https://<env>.<domain>), with path-based routing:

Service	Path Prefix
Partition	`/api/partition/v1/`
Entitlements	`/api/entitlements/v2/`
Legal	`/api/legal/v1/`
Storage	`/api/storage/v2/`
Search	`/api/search/v2/`
Schema	`/api/schema-service/v1/`
File	`/api/file/v2/`
Workflow	`/api/workflow/v2/`
Indexer	`/api/indexer/v2/`
Notification	`/api/notification/v1/`
Dataset	`/api/dataset/v1/`
Register	`/api/register/v1/`
Unit	`/api/unit/v3/`

For internal debugging, you can also port-forward directly to a service in the osdu namespace:

kubectl port-forward -n osdu svc/legal 8080:80
curl http://localhost:8080/api/legal/v1/info