Jetstack often works with customers to provision multi-tenant platforms on Kubernetes. Sometimes special requirements arise that we cannot control with stock Kubernetes configuration. In order to implement such requirements, we’ve recently started making use of the Open Policy Agent project as an admission controller to enforce custom policies.

This post is a write up of an incident caused by misconfiguration of this integration.

We are now pleased to announce the availability of our Cloud Native Accelerator™, a full and holistic programme of consulting engineering, training and subscription, that provides a technology partnership as enterprises embrace Kubernetes and cloud native.

At Jetstack, we see many customers that are moving to managed Kubernetes services across multiple clouds to run their workloads. Whilst having the Kubernetes control plane managed for you takes away a lot of the operational burden, there is a trade-off for this convenience, with less opportunity for customisation with a managed control plane. Furthermore, across multiple clouds, there is often a lack of consistency in what is exposed. One such inconsistency is in authentication. Cloud providers typically provide deep integrations with their own authentication systems, however interoperability between them can often be a pain point.

Jetstack is excited to announce kube-oidc-proxy, a new open-source project that brings back consistency, and the lost functionality of authenticating via OIDC to the Kubernetes API server on managed services, across clouds.

We are excited to announce the release of Tarmak, 0.6! If unfamiliar, Tarmak is a CLI toolkit to provision and manage Kubernetes clusters on AWS with security-first principles. This new release brings a host of great new features and improvements, including pre-built AMI images for worker nodes, new CLI commands, use of the Kubernetes Addon-manager and more.

After a busy start to the year, we are incredibly excited to announce a series of Q2 workshops in association with Google Cloud. This series includes 12 workshops for all levels of Kubernetes users: Beginner, Intermediate, Operational Wargaming and our new Kubernetes for Application Developers course.

Milan Kundera said, ‘We pass through the present with our eyes blindfolded.’

Running a young and growing company in the Kubernetes space means travelling at high speed in an ever-changing market. We are heading into our fourth year of business, and around this time of year I like to step back from the noise and figure out some of the larger trends I’m seeing develop.

I am not a technologist by background, so my thoughts tend to be more commercial in nature. If you’re interested, I wrote a similar post last year.

We’re excited to announce v0.6 of cert-manager, the general purpose X.509 certificate management tool for Kubernetes. Cert-manager provides automated issuance, renewal and management of certificates within your organisation.

Certificate management in highly dynamic environments is no easy feat, and if approached without careful consideration could quickly lead to outages and service interuption when certificates begin expiring. By standardising on a single tool for managing your PKI assets, you can ensure that certificates are being automatically renewed, and that the appropriate teams are notified if there are any issues or policy violations within your cluster.

Since the start of 2018, the Jetstack team has over doubled in size. As we scale to tackle a variety of different projects, and grow out new functions in the organisation, we have been fortunate enough to welcome some new very talented team members in the start of 2019.

We are pleased to announce Flightdeck, our online Jetstack Subscription portal. In this first release, customer teams can now run Operational Wargaming exercises from their browsers - self-paced and on-demand.

If you’ve attended one of our in-person Operational Wargaming workshops, you’ll be familiar with the format. We provision Kubernetes clusters and then break them, in order to simulate production issues and cluster failures.

With Flightdeck, these same exercises are now available on-demand, so operations teams can become familiar with troubleshooting cluster failures and drill themselves on effective response and resolution.

Businesses operating at scale face several challenges. Not only must many applications be maintained - running in different environments and built in different languages - but application behavior should be monitored closely, whilst adhering to strict security policies. There is a lot to juggle.

Have you ever wondered how to run kubelet on a vacuum robot?

Our guess is, you haven’t - and nor have many other people. However, this didn’t stop Christian’s talk from attracting a large following at KubeCon Europe 2018, nor did it deter some curious conference goers from attempting to win a robot of their own!

Those of you who closely follow Jetstack’s open source projects may have already noticed that our new certificate management tool, cert-manager, has been available for some time now. In fact, we now have over 1,000 stars on GitHub!

Cert-manager is a general purpose x509 certificate management tool for Kubernetes. In today’s modern web, securing application traffic is critical. cert-manager aims to simplify management, issuance and renewal of certificates within your organisation.

We are delighted to announce Jetstack Subscription, comprising tried-and-tested Kubernetes Reference Architecture, the highest quality training, and continuous support for organisations adopting Kubernetes.

As a leading Kubernetes company in Europe, Jetstack Subscription has been designed and refined to give organisations the confidence to take Kubernetes to production environments.

Coming up to four years since its initial launch, Kubernetes is now at version 1.10. Congratulations to the many contributors and the release team on another excellent release!

At Jetstack, we push Kubernetes to its limits, whether engaging with customers on their own K8s projects, training K8s users of all levels, or contributing our open source developments to the K8s community. We follow the project day-to-day, and track its development closely.

Navigator is a Kubernetes extension for managing distributed databases. In this post we’ll tell you about all the improvements we’ve made since we unveiled it last year, including: experimental support for Apache Cassandra clusters, improved support for Elasticsearch clusters, and a Helm chart for easy installation! We’ll also give you an overview of the Navigator roadmap for 2018.

We are proud to introduce Tarmak, an open source toolkit for Kubernetes cluster lifecycle management that focuses on best practice cluster security, management and operation. It has been built from the ground-up to be cloud provider-agnostic and provides a means for consistent and reliable cluster deployment and management, across clouds and on-premises environments.

Last year we were successful with a series of Kubernetes tips shared via Twitter : it was called Tuesday Tips. Following a bit of a hiatus, we’d like to bring it back. We’re starting with a roundup of our previous tips (those that are still valid anyway!)

This blog post compiles a summary of them, and ranks them according to popularity. Looking back it’s amazing how much the project has changed, so we’re exploring new features and running another series.

The Jetstack team has multiplied quickly in the last year as we grow our engineering and operations teams. In September alone, we saw the addition of three new members. A warm welcome to Luke, Louis and Hannah!

This latest blog post serves as a brief introduction to the newest Jetstackers, and details the recent offsite meeting in Wales.

Jetstack are pleased to open source a proof-of-concept sidecar for deployment of managed Couchbase clusters on OpenShift. The project is the product of a close engineering collaboration with Couchbase, Red Hat and Amadeus, and a demo was presented at the recent Red Hat Summit in Boston, MA.

This project provides a sidecar container that can be used alongside official Couchbase images to provide a scalable and flexible Couchbase deployment for OpenShift and Kubernetes. The sidecars manage cluster lifecycle, including registering new nodes into the Couchbase cluster, automatically triggering cluster rebalances, and handling migration of data given a scale-down or node failure event.

Today we are proud to introduce Navigator, a centralised controller for managing the lifecycle of complex distributed applications. It intends to be the central control point for creating, updating, managing and monitoring stateful databases and services with Kubernetes.

Navigator is open source and extensible from day one. We launch today with support for Elasticsearch in alpha, with Couchbase support soon to land in the next few weeks, and more planned.

With over 5000 commits and almost 350 contributors from the community and across industry, Kubernetes is now at version 1.3 and launched last week.

It is nearly two years ago that Kubernetes first launched. The scale of community engagement and innovation in the project has been staggering, with individuals collaborating alongside industry leaders (Google, RedHat et al) to push forward and bring production-grade container cluster management to all. This blog will investigate 1.3 and some of the hidden gems found in it.

In this blog post, we are pleased to introduce Kube-Lego, an open source tool for automated Let’s Encrypt TLS-enabled web services running in Kubernetes.

TLS has become increasingly important for production deployment of web services. This has been driven by revelations of surveillance post-Snowden, as well as the fact that Google now favours secure HTTPS sites in search result rankings.

In our previous blog, Getting Started with a Local Deployment, we deployed an Nginx pod to a standalone (single-node) Kubernetes cluster. This pod was bound to a specified node. If the pod were to fail unexpectedly, Kubernetes (specifically, the Kubelet service) would restart the pod. By default, pods have an ‘Always’ restart policy, but only to the node that it is first bound; it will not be rebound to another node. This means of course that if the node fails then pods will not be rescheduled elsewhere.

In Part 1 of this series of blogs, we introduced Kubernetes, an open source container management system from Google, based on operational systems that run over 2 billion containers a week. Kubernetes will very soon be production-ready with the 1.0 release scheduled for this month. In this second part, we will get hands-on, setup a local cluster and deploy a Nginx web server.

Google’s Kubernetes open source project for container management has just recently celebrated its first birthday. In its first year, it has attracted massive community and enterprise interest. The numbers speak for themselves: almost 400 contributors from across industry; over 8000 stars and 12000+ commits on Github. And many will have heard it mentioned in almost every other conversation at recent container meetups and industry conferences – no doubt with various different pronunciations!

Tuesday the 21st of April was the inaugural [ Contain ] meetup.

Hosted at the Hoxton Hotel, Shoreditch, we were fortunate to have representation from:

• Alexis Richardson: Founder of Weaveworks and RabbitMQ
• Ben Firshman: Founder of Fig and Orchard, now Product Manager at Docker
• Steve Bryen: Solution Architect, Amazon, and UK lead on Elastic Container Service (ECS)
• Ivan Pedrazas: Senior DevOps at Import.io and long-time user of Docker

The theme chosen for the event was:

“Containers - The Journey to Production”

If you’ve not seen the Wall Street Journal’s Billion Dollar Startup Club, this article tracks venture-backed private companies valued at $1 billion or more. I thought I would take a look into their technology stacks to see what I could learn. The companies I have chosen to explore aren’t based on any categorisation, they are just highly visible companies that I thought most people would recognise. Obviously these companies are different to your average company, but they are fast-growing, innovative, and perhaps give us a glimpse into the future of computing.

I made the cut as a millennial by one year. The rate of technological change I have witnessed over the years is amazing. I’ve seen the birth of the web, the first mobile phones in the playground, and the flurry of excitement as the university computing lab is introduced to ‘thefacebook’.