Access your Kubernetes cluster with your Active Directory credentials

Author image Simon Guyennet on Cloud, Kubernetes, Container, Active Directory, Authentication

Out of the box, the Kubernetes authentication is not very user-friendly for end users. In this lab, we will see how to integrate Active Directory with Kubernetes to give the easiest authentication experience to the end users. For this, we will use a project called Dex. Dex is an OpenID Connect provider done by CoreOS. It take care of the translation between Kubernetes tokens and Active Directory users. We will also use Heptio Gangway to generate kubectl configuration files for us, and Bitly OAuth2 Proxy to forward the OpenID token to the Kubernetes dashboard. Requirements You will need an ISO...

Automatically generate signed SSL certificates for your Kubernetes web applications

Author image Simon Guyennet on Cloud, Kubernetes, Container, SSL, Certificate, Let's Encrypt

In this lab, we will see how to automatically generate signed SSL certificates for your HTTP applications running in your Kubernetes cluster. To do this, we will deploy a tool called cert-manager. This awesome tool was developed by Jetstack and is able to automate the generation of signed SSL certificates via Let's Encrypt. Requirements For this lab, you will need a working Kubernetes cluster. If you don't already have one, you can follow the Install and configure a multi-master Kubernetes cluster with kubeadm article, or the Install and manage automatically a Kubernetes cluster on VMware vSphere with Terraform and Kubespray...

How to install and use VMware Harbor private registry with Kubernetes

Author image Simon Guyennet on Cloud, VMware, Kubernetes, Registry

Harbor is a container image registry developed by VMware. It was recently handed over to the Cloud Native Computing Foundation, and its development is now driven by the open-source community. Harbor includes a couple of other open-source projects, like CoreOS/RedHat Clair which allows to scan images for security issues, or Notary which allows to sign your container images. It also delivers a very nice web interface in which you can manage the various projects you are working on, as well as the permissions associated with these projects. In order to manage your users, it is also possible to link...

Install and manage automatically a Kubernetes cluster on VMware vSphere with Terraform and Kubespray

Author image Simon Guyennet on Cloud, Automation, Kubernetes, vSphere, VMware, Terraform, Container, Ansible, Kubespray

If you already completed the tutorials Deploy Kubernetes 1.9 from scratch on VMware vSphere and Install and configure a multi-master Kubernetes cluster with kubeadm, you should have a pretty good understanding of how a multi-master Kubernetes cluster is structured. You are now probably looking for a way to automate the deployment of your lab so you don't have to follow all these painful steps each time you want to deploy a clean environment. Kubespray is a Kubernetes incubator project. It is composed of Ansible playbook and automates the deployment of a Kubernetes cluster on an existing infrastructure. In this...

Install and configure MetalLB as a load balancer for Kubernetes

Author image Simon Guyennet on Cloud, Kubernetes, Container, MetalLB, Load Balancer, Network

If you installed a Kubernetes cluster on-premise on baremetal or on virtual machines, you probably noticed that one of the missing features of your cluster is that you cannot use the type LoadBalancer when you declare a service as you would do with a Kubernetes cluster running on AWS, GCP or Azure. MetalLB is a load balancer designed to run on and to work with Kubernetes and it will allow you to use the type LoadBalancer when you declare a service. You can integrate MetalLB with your existing network equipment easily as it supports BGP, and also layer 2 configuration....