Kubefirst Platform Improves Password Management and Local Experience
Published on feb 3, 2023
An open-source infrastructure application platform named Kubefirst, has just released version 1.11. Improved support for local installations has been added in this version, including new local DNS implementations, Traefik ingress control for local installations, and trusted local TLS certificates.
Kubefirst is an automated platform for provisioning, configuring, and connecting a variety of open-source services commonly used in cloud applications. AWS or local deployment is possible. A number of services are deployed into Amazon Elastic Kubernetes Service (EKS) when the kubefirst cluster create command is performed against an empty AWS account, including Kubernetes, HashiCorp Vault, NGINX, and Argo CD. As part of the infrastructure-as-code workflows, the services are deployed with Terraform and integrated with Atlantis.
Kubefirst is integrated with both GitHub and GitLab. GitLab is installed as a self-hosted model into the Kubernetes cluster when it is selected. According to Kubefirst’s documentation, AWS infrastructure costs will be approximately $10 per day for this deployment. Using kubefirst cluster destroy, the cluster can be destroyed.
1.11 improves the user experience of the locally installed version. A new local DNS implementation based on localdev.me is included in this release. “Localdev.me DNS is served by [A]mazon. The domain name and any subdomains point to 127.0.0.1,” explains Matthew Farina, Distinguished Engineer at SUSE.
This enables the local installation to use the Traefik ingress controller available for the cloud installation. Upon installing Kubefirst locally, hostnames will be generated for the various platform applications that have the pattern .localdev.me. According to John Dietz, Cofounder of Kubefirst, “What’s really nice about the ingress controller on the local story is that it removes the need for port forwarding”.
In addition, TLS certificates are now being generated for the local installation, allowing all locally accessed services to operate under HTTPS. As the certificates are not trusted by default by the browser, you will need to run mkcert -install. You will need to ignore the browser warnings if that isn’t run in order to proceed with the application.
The password management system has also been improved in this release. The Vault installation includes an OIDC provider that is propagated throughout all applications on the platform. It is now possible for administrators to reset the passwords of any user and for users to reset their own passwords. You can do this by logging into the Vault UI and visiting the Authentication Methods page.
Metaphor is a set of demo microservices applications included with Kubefirst. It is intended to demonstrate how an application can be integrated into the Kubefirst platform using best practices, according to the documentation. CI/CD processes, Helm chart creation, linting, tests, GitOps-style deployments, and release management are demonstrated.
GraalVM Native Image on RISC-V
The fifth generation of the Reduced Instruction Set Computer (RISC) architecture, known as RISC-V
AWS Gives Developers More Control over Lambda Function Runtime with Runtime Management Controls
Runtime management controls provide developers with three new capabilities: