Posted on

Service Discovery From Within the Kubernetes Cluster

It is probably not common to write your own code to perform service discovery from within the Kubernetes cluster. It is better to delegate that responsibility to an ingress controller or a load balancer. However, ever the adventurer, I stumbled onto the Java Kubernetes Client.

The project was an investigation into using Spinnaker as a CI/CD tool for a new micro-services architecture. My adventures of getting Spinnaker to run on Minikube have been documented as a three-article series on DZone and can be accessed from my profile page. 

Posted on

Scalable Jenkins on Kubernetes Cluster and Pipeline for Automated CI/CD (Jenkins—Github Integration)

Introduction

Setting up scalable Jenkins on Kubernetes can be a daunting task. This article demonstrates not only how to set up scalable Jenkins on Kubernetes but also how to integrate Jenkins into Github so that whenever any Pull Request is requested on a branch, the build is automatically triggered and results are made available to the branch admin to review before merging the Pull Request.

Let us first get the scalable Jenkins up before setting up a pipeline for automated CI/CD.

Posted on

RBAC Controls: The Key to Hardening a Kubernetes Cluster

If you’re using Kubernetes, you understand the importance of the API server. Referred to as 'the core of Kubernetes’ control plane' in the platform’s own documentation, the API server enables users, cluster elements, and external components to communicate with each other. Each of those communication instances constitutes a REST API call for which the API server is responsible. The API server subsequently treats everything in Kubernetes as an API object, the platform notes elsewhere on its website. As such, administrators can use the API to manipulate the state of pods, namespaces, and other API objects.

This functionality makes it imperative for administrators to keep the API locked down. To do that, they need to realize that the API generally comes exposed on every deployment for management purposes. This default configuration makes it possible for an unauthenticated actor to interact with publicly exposed Kubernetes clusters and manipulate what’s considered to be a valid request. They could then change some of the settings and configure the API to approve requests in a way that allows for malicious activity such as connecting to or downloading files from suspicious websites.

Posted on

How to Create a Kubernetes Cluster on AWS With Jenkins and Spring Boot

Kuberntes cluster under construction.

In this article, we will set up an AWS environment to deploy a Dockerized Spring Boot application in a Kubernetes Cluster with the free tier EC2 instance in a few minutes. Kubernetes can be installed on AWS as explained in the Kubernetes documentation either using conjure-upKubernetes Operations (kops), CoreOS Tectonic or kube-aws. Out of those options, I found kops easier to use and it's nicely-designed for customizing the installation, executing upgrades and managing the Kubernetes clusters over time. 

You may also enjoy:  Creating an Affordable Kubernetes Cluster

Steps to Follow

  1. First, we need an AWS account and access keys to start with. Login to your AWS console and generate access keys for your user by navigating to Users/Security credentials page.
  2. Create an EC2 Instance with a t2.micro instance for managing the Kubernetes cluster.
  3. Create a new IAM user or use an existing IAM user and grant the following permissions to the newly-created EC2 Instance:        
AmazonEC2FullAccess
AmazonRoute53FullAccess
AmazonS3FullAccess
AmazonVPCFullAccess
AmazonIAMFullAccess


Posted on

CI/CD for Kubernetes With Jenkins and Spinnaker (Part 2)

In our last post, we installed Spinnaker using Halyard. Now we will create applications and pipelines that will be continuously deployed in our Kubernetes Cluster.

Before creating an application we will add docker registry to cache images which will be used to deploy clusters in application deployments.