Istio OIDC Authentication

A service mesh is an architectural pattern that provides common network services as a feature of the infrastructure. This typically includes features such as service discovery and policy enforcement to control how services within the mesh can communicate with each other. Istio is a service mesh implementation which works by running an instance of Envoy alongside each instance of your services to intercept and proxy service traffic. Additionally, fleets of standalone Envoys are deployed to handle traffic entering and leaving the mesh.

Easier Troubleshooting of cert-manager Certificates

[Editor’s note: This post was written by Haoxiang Zhou who was a work placement student at Jetstack for the past four months. We are grateful to Haoxiang for adding this very useful feature, and all his other contributions, and wish him all the best with his final year of study.]

This post will explore the newest addition to the kubectl plugin of cert-manager, kubectl cert-manager status certificate, a command designed to make the troubleshooting experience of cert-manager problems easier. The command was hugely improved in the recent v1 release. Jump to the bottom for more information on how to get involved and start contributing!

Performing a Live CNI Migration

cert-manager reaches v1 and Jetstack announce enterprise support

On behalf of the cert-manager team, it is with great pleasure to announce the v1 release of the cert-manager project! A project started by Jetstack three years ago, cert-manager automates the management of x509 machine identities within Kubernetes and OpenShift. It has grown to become a leading community project in the cloud native ecosystem, with many tens of thousands of end-users. The project has now reached a level of maturity and we are excited to reach this momentous milestone with the help and support of the entire community.

Anthos Attached Clusters

Next in our series of posts taking a look at Google Cloud Anthos functionality, we’re going to take a look at attaching Kubernetes clusters running in AKS and EKS to Anthos in Google Cloud. This builds on the multi-cloud capabilties of Anthos we saw previously with GKE on AWS moving to GA. Anthos is orientated around being the management plane for all of your enterprise workload clusters, providing a centralised, consolidated hub to orchestrate infrastructure and applications.

GKE on AWS

This is the first in a series of posts taking a look at Google Cloud Anthos, and how it seeks to facilitate digital transformation and become the management plane for enterprise workloads across hybrid and multi-cloud environments, starting with GKE on AWS becoming generally available. The value proposition of Anthos is to enable environmental agnosticism, with containers and Kubernetes being the common denominator for our workloads. This allows for a level of portability through Anthos to manage workload deployments and lifecycles across multi-cloud (GCP, AWS and Azure), as well as on-prem data centres (VMWare & bare metal).

Configuring MySQL SSL/TLS authentication with cert-manager

We recently worked on a customer project, where they wanted to secure the connection between their Java Spring Boot application and their MySQL Database, all this running on Google Kubernetes Engine (GKE). We suggested they use cert-manager, our preferred certificate management tool on Kubernetes.

Jetstack and Venafi join forces to bring Machine Identity Protection to the cloud native stack

At Jetstack, we’re today announcing that we have signed an agreement to join Venafi, the global leader in Machine Identity Protection. This is an incredible milestone for the team and we’re thrilled to share the news with our customers, partners and the community. In this post, I wanted to take the opportunity to talk through the partnership, how we’ve got to where we are, and importantly, the exciting path that lies ahead for us both.

Cert-manager v0.15 and beyond

This post will explore the new features in the recently released cert-manager v0.15, as well as give an overview of our plans for the future of the project. Jump to the bottom for more information on how to get involved and start contributing! The cert-manager project has come leaps and bounds since its beginnings almost three years ago. Initially started to expand on the success of its predecessor, kube-lego, the project is now used by companies all across the world and in all sorts of industries, including government departments, large financial institutions, car manufacturers and retail stores!

Operating in the New Normal

Operating in the New Normal If you’d have told me at the end of 2019 that within three months, the whole of Jetstack was going to be working remotely, facing one of the worst crises the world has seen for decades, I would have had a hard time believing it. But, sadly, this is the case, and as a team we are having to respond to some of the most challenging times of our lives.

A bumpy landing into life as a CRE

Intro In this short post, I’ll be touching on my experience of moving into a customer-facing role, and my experience of overcoming work-based anxieties. I have worked purely within internal operations for the last 5 years. This started with Linux systems administration for a few years before going on to cloud platform engineering. More recently, I did a short stint as a technical solutions engineer. During this time spent working in the engine rooms of small businesses I built up some experience of platform reliability and observability.

Cluster API: Past, Present and Future

The Cluster API is a Kubernetes project that brings declarative, Kubernetes-style APIs to cluster creation. It does this by using CustomResourceDefinitions to extend the API exposed by the Kubernetes API Server, allowing users to create new resources such as Clusters (representing a Kubernetes cluster) and Machines (representing the machines that make up the Nodes that form the cluster). A controller for each resource is then responsible for reacting to changes to these resources to bring up the cluster.

Kubernetes cluster configuration and compliance with Jetstack Preflight

Jetstack formed as a way to help companies get value out of Kubernetes, and since the early days of the project, we have learned plenty about what it takes to run Kubernetes successfully - sometimes the hard way! It’s this valuable experience that we bring to our customers, giving them the confidence to take services to production and scale their platforms. As Kubernetes permeates businesses, we see customers run clusters in a huge variety of ways.

Exploring Tekton's cloud native CI/CD primitives

A quick glance at the CNCF Landscape reveals the wide range of CI/CD solutions that currently exist. Each of these has its own API, configuration (YAML) format, definitions, pricing structures and quirks for creating pipelines. In spite of all this variety, all solutions have certain requirements in common. They need to: access source code to execute tests and tasks declare the order of executing tests and builds pull and push build artifacts based on the tested source code publish the built source code to a live environment Instead of declaring these underlying concepts using a domain-specific/company-specific implemetation, wouldn’t it be nice to map these CI/CD pipeline components to Kubernetes objects?

Our take on Women of Silicon Roundabout

Jess and I recently attended the Women of Silicon Roundabout conference at London Excel and, rather than just returning to our usual routine the next day, we decided to sit down and have a think about it all. So if you’ve missed the event, are contemplating attending something similar or you’re simply just curious to know what we think, here is a summary of our key takes from the conference.

Tarmak 0.6 released

We are excited to announce the release of Tarmak, 0.6! If unfamiliar, Tarmak is a CLI toolkit to provision and manage Kubernetes clusters on AWS with security-first principles. This new release brings a host of great new features and improvements, including pre-built AMI images for worker nodes, new CLI commands, use of the Kubernetes Addon-manager and more.

Kubernetes Training in Association with Google Cloud

A Reflection on the Kubernetes Market

Milan Kundera said, ‘We pass through the present with our eyes blindfolded.’

Running a young and growing company in the Kubernetes space means travelling at high speed in an ever-changing market. We are heading into our fourth year of business, and around this time of year I like to step back from the noise and figure out some of the larger trends I’m seeing develop.

I am not a technologist by background, so my thoughts tend to be more commercial in nature. If you’re interested, I wrote a similar post last year.

Cert-manager reaches v0.6

We’re excited to announce v0.6 of cert-manager, the general purpose X.509 certificate management tool for Kubernetes. Cert-manager provides automated issuance, renewal and management of certificates within your organisation.

Certificate management in highly dynamic environments is no easy feat, and if approached without careful consideration could quickly lead to outages and service interuption when certificates begin expiring. By standardising on a single tool for managing your PKI assets, you can ensure that certificates are being automatically renewed, and that the appropriate teams are notified if there are any issues or policy violations within your cluster.

Continuous Deployment and Automated Canary Analysis with Spinnaker and Kubernetes

Spinnaker is a cloud-native continuous delivery tool created at Netflix and was originally designed and built to help internal development teams release software changes with confidence. Since then it has been open-sourced and has gained the support of a growing number of mainstream cloud providers including Google, Amazon, Microsoft, IBM and Oracle. At Jetstack we receive questions almost on a daily basis from our customers about how to deploy to Kubernetes across different environments and in some cases to clusters in multiple cloud providers/on-prem.

New Jetstackers in 2019

Since the start of 2018, the Jetstack team has over doubled in size. As we scale to tackle a variety of different projects, and grow out new functions in the organisation, we have been fortunate enough to welcome some new very talented team members in the start of 2019.

Day in the life of a CRE

A bit of background… I joined Jetstack in May 2018 as a Solutions Engineer and since then I have helped customers with their Kubernetes journey. At Kubecon in Copenhagen we launched our Jetstack Kubernetes Subscription and together with that we also created our CRE role. CRE stands for Customer Reliability Engineer, a role conceived by Google with the mission of reducing customer anxiety by sharing operational responsibilities and generally being closer to your customers.

Tarmak 0.5 released

After the recent Kubernetes security vulnerability, it is time for some positive news again. Three weeks ago we released Tarmak 0.5. Tarmak is a toolkit for Kubernetes cluster provisioning and management. This recent release has seen a lot of improvements and new features. We were pleased to be able to shorten the release cycle for 0.5 to three months, and we will be releasing regularly and maintaining this faster pace of development as we progress towards 1.

Introducing Jetstack Flightdeck

We are pleased to announce Flightdeck, our online Jetstack Subscription portal. In this first release, customer teams can now run Operational Wargaming exercises from their browsers - self-paced and on-demand.

If you’ve attended one of our in-person Operational Wargaming workshops, you’ll be familiar with the format. We provision Kubernetes clusters and then break them, in order to simulate production issues and cluster failures.

With Flightdeck, these same exercises are now available on-demand, so operations teams can become familiar with troubleshooting cluster failures and drill themselves on effective response and resolution.

Introducing Jetstack's Kubernetes for Application Developers Course

Introduction Our Kubernetes training programme forms a considerable part of our services at Jetstack. In 2017 alone we trained more than 1,000 engineers from over 50 different companies, and so far in 2018 we have already delivered over 60 courses. We are constantly making an effort to ensure that our course content is refined and up-to-date, and that it reflects both the real-world experience of our engineers and also the evolving Kubernetes ecosystem.

Istio at 1.0 - Why should you care?

Businesses operating at scale face several challenges. Not only must many applications be maintained - running in different environments and built in different languages - but application behavior should be monitored closely, whilst adhering to strict security policies. There is a lot to juggle.

Adventures of the Kubernetes Vacuum Robots

Have you ever wondered how to run kubelet on a vacuum robot?

Our guess is, you haven’t - and nor have many other people. However, this didn’t stop Christian’s talk from attracting a large following at KubeCon Europe 2018, nor did it deter some curious conference goers from attempting to win a robot of their own!

Cert-manager: native x509 certificate management for Kubernetes

Those of you who closely follow Jetstack’s open source projects may have already noticed that our new certificate management tool, cert-manager, has been available for some time now. In fact, we now have over 1,000 stars on GitHub!

Cert-manager is a general purpose x509 certificate management tool for Kubernetes. In today’s modern web, securing application traffic is critical. cert-manager aims to simplify management, issuance and renewal of certificates within your organisation.

Introducing Jetstack Subscription

We are delighted to announce Jetstack Subscription, comprising tried-and-tested Kubernetes Reference Architecture, the highest quality training, and continuous support for organisations adopting Kubernetes.

As a leading Kubernetes company in Europe, Jetstack Subscription has been designed and refined to give organisations the confidence to take Kubernetes to production environments.

New Jetstackers in 2018

Introduction As ever, the Jetstack team are incredibly busy. Recent months have seen back-to-back Kubernetes consulting, training and open source development, as more and more companies adopt Kubernetes in order to meet the demands of their business. It has to be said that at Jetstack we are scaling to meet the demands of our business: Just 3 months into 2018, and we have already grown by 3 members! We are delighted to welcome to our team Matt (yes, another!

Kubernetes Training with Jetstack

This blog post provides an insight into how we run our Kubernetes workshops as we prepare for even more from Jetstack training in 2018. Introduction In 2017, Jetstack ran more than 25 Kubernetes in Practice workshops: We trained engineers from over 80 different companies in London and across Europe, and had a great time doing so! 2018 promises to be an even busier year for Jetstack training, with several dates already in the diary for our first and second series of Beginner and Intermediate workshops.

The Kubernetes Market in 2018

Not long ago, I overheard the Jetstack team chatting about recent changes in the market and the increasingly widespread adoption of Kubernetes. Only when I reflected to write this did I realise that we have been saying the same thing every few months for the past year. Indeed, the Kubernetes market shows no sign of slowing down. Jetstack alone has tripled in size as we scale to cater to demand, KubeCon has gone from a couple of hundred in a small room to 4000 in a vast conference centre, and recent announcements have seen millions of dollars pour into the space as companies like Cisco and VMWare announce strategic investments.

What's New in Navigator?

Navigator is a Kubernetes extension for managing distributed databases. In this post we’ll tell you about all the improvements we’ve made since we unveiled it last year, including: experimental support for Apache Cassandra clusters, improved support for Elasticsearch clusters, and a Helm chart for easy installation! We’ll also give you an overview of the Navigator roadmap for 2018.

A Day in the Life of a Jetstack Solutions Engineer

Solutions Engineer Luke provides an insight into what it’s like to work on Kubernetes projects with Jetstack. What made you want to work for Jetstack? I wanted to work for Jetstack because they offered me the opportunity to work on a variety of different projects, both with private clients and in open source. On one hand, I provide consultation for customers about Kubernetes best practices, and run workshops with Google to teach those who are relatively new to Kubernetes about the various tools available within the software.

Introducing Tarmak - the toolkit for Kubernetes cluster provisioning and management

We are proud to introduce Tarmak, an open source toolkit for Kubernetes cluster lifecycle management that focuses on best practice cluster security, management and operation. It has been built from the ground-up to be cloud provider-agnostic and provides a means for consistent and reliable cluster deployment and management, across clouds and on-premises environments.

Roundup - @JetstackHQ's Tuesday Twitter Tips for Kubernetes

Last year we were successful with a series of Kubernetes tips shared via Twitter : it was called Tuesday Tips. Following a bit of a hiatus, we’d like to bring it back. We’re starting with a roundup of our previous tips (those that are still valid anyway!)

This blog post compiles a summary of them, and ranks them according to popularity. Looking back it’s amazing how much the project has changed, so we’re exploring new features and running another series.

September New Hires and Offsite

The Jetstack team has multiplied quickly in the last year as we grow our engineering and operations teams. In September alone, we saw the addition of three new members. A warm welcome to Luke, Louis and Hannah!

This latest blog post serves as a brief introduction to the newest Jetstackers, and details the recent offsite meeting in Wales.

Introducing Navigator

Today we are proud to introduce Navigator, a centralised controller for managing the lifecycle of complex distributed applications. It intends to be the central control point for creating, updating, managing and monitoring stateful databases and services with Kubernetes.

Navigator is open source and extensible from day one. We launch today with support for Elasticsearch in alpha, with Couchbase support soon to land in the next few weeks, and more planned.

Containers - The Journey to Production

Tuesday the 21st of April was the inaugural [ Contain ] meetup.

Hosted at the Hoxton Hotel, Shoreditch, we were fortunate to have representation from:

The theme chosen for the event was:

“Containers - The Journey to Production”

Learning From Billion Dollar Startups

If you’ve not seen the Wall Street Journal’s Billion Dollar Startup Club, this article tracks venture-backed private companies valued at $1 billion or more. I thought I would take a look into their technology stacks to see what I could learn. The companies I have chosen to explore aren’t based on any categorisation, they are just highly visible companies that I thought most people would recognise. Obviously these companies are different to your average company, but they are fast-growing, innovative, and perhaps give us a glimpse into the future of computing.

Introducing Jetstack

I made the cut as a millennial by one year. The rate of technological change I have witnessed over the years is amazing. I’ve seen the birth of the web, the first mobile phones in the playground, and the flurry of excitement as the university computing lab is introduced to ‘thefacebook’.