Kubefirst, an open-source infrastructure application platform, recently released version 1.11. This version adds improved support for their local installation including a new local DNS implementation, enables Traefik ingress controller for local installs, and adds trusted local TLS certificates.
Kubefirst is an automated platform designed to provision, configure, and connect a number of open-source services commonly used in cloud applications. It can be deployed locally or into AWS. When kubefirst cluster create
is run against an empty AWS account, a number of services are deployed into Amazon Elastic Kubernetes Service (EKS) including Kubernetes, HashiCorp Vault, NGINX, and Argo CD. The services are deployed with Terraform and integrated with Atlantis to further automate the infrastructure-as-code workflows.
Kubefirst integrates with both GitHub and GitLab. When GitLab is chosen it is installed as a self-hosted model into the Kubernetes cluster. According to the Kubefirst docs, deploying this into AWS will incur around $10 per day in infrastructure costs. The cluster can be torn down using kubefirst cluster destroy
.
The 1.11 release improves the user experience of the locally installed version. This includes a new local DNS implementation leveraging localdev.me. Matthew Farina, Distinguished Engineer at SUSE, explains that "localdev.me DNS is served through [A]mazon. The domain name and any subdomains point to 127.0.0.1."
This enables using the Traefik ingress controller available for the cloud installation within the local installation. After installing Kubefirst locally, hostnames will be generated for the various platform applications that have the pattern <application>.localdev.me
. As noted by John Dietz, co-founder at Kubefirst, "what’s really nice about the ingress controller on the local story is that it removes the need for port forwards to local services".
TLS certificates are now also being generated for the local installation allowing all locally ingressed services to run under HTTPS. The certificates are not trusted by the browser by default so mkcert -install
will need to be run. If that isn't run, then the browser warnings will need to be ignored to proceed to the application.
This release also improves user password management. With the Vault installation comes an OIDC provider that is propagated throughout all the applications on the platform. It is now possible for administrators to reset any user's password and for users to reset their own passwords. This is done by logging into the Vault UI and visiting the Authentication Methods page.
Kubefirst comes with a suite of demo microservices applications known as Metaphor. According to the documentation, it is designed to "demonstrate how an application can be integrated into the Kubefirst platform following best practices". It showcases exemplars for CI/CD processes, Helm chart creation, linting, tests, GitOps-style deployments, and release management.
More details about the Kubefirst release can be found on the release blog post or in the release notes. Questions can be raised in the #helping-hands channel of the Kubefirst Slack workspace.