Kubefirst v1.11 Release Notes

The Kubefirst 1.11 release continues the momentum our recent introduction of kubefirst local. The local environment is a fully automated local kubernetes cluster and gitops platform that includes some of the best open source tools like argo cd, vault, terraform automated with Atlantis, argo workflows, and so much more all working together.

The new version of kubefirst local includes auto-generated certs with an option to make them trusted in your local browser, a traefik ingress controller and removal of all port forwards, a local dns implementation with localdev.me, and https communication for all ingressed services.

Local DNS

With the new local DNS implementation, your local kubefirst environment will have a look and feel of our cloud platform, thanks to some trickery provided by local.me. Simply put, local.me is a simple dns where it and all of its subdomains will resolve to the localhost at address 127.0.0.1. This provides a very convenient way to implement a local platform with the same ingress look and feel as our cloud environment.

Traefik Ingress Controller

With a local DNS eco system now available, the traefik ingress controller that’s available by default on k3d clusters has been enabled for kubefirst local. By combining the ingress controller with the local dns story, we were able to establish a local platform that’s even more in alignment with the look and feel of our cloud platforms.

After the kubefirst local install, you’ll receive hostnames for your platform applications like

• argocd.localdev.me
• argo.localdev.me
• atlantis.localdev.me
• vault.localdev.me

What’s really nice about the ingress controller on the local story is that it removes the need for port forwards to local services. Remembering port numbers and dealing with the flaky nature of a port-forward wasn’t an ideal experience and we’re excited to have something that provides more stability and better UX all in one shot.

TLS Certificates

What DNS and Ingress story would be complete without some TLS certificates? Yes the kubefirst team has also been able to establish that our locally ingressed services are also all https with certificates that can be trusted by the browser.

When we install the kubefirst local platform, we’ll generate some TLS certificates and use them to encrypt the traffic between your local browser and your local cluster. This produces a more secure local ecosystem and also more closely resembles our cloud platforms.

In order to have the certificates trusted by your browser, you will need to run one additional command to add the cert to your local store.

mkcert -install

If you do not wish to trust this generated certificate, or your organization restricts you from doing so, you’ll simply need to ignore the warnings that your browser displays to you and you can continue safely to the ingressed applications with https communication nevertheless.

Self Service User Password Management

The kubefirst platform comes installed with an identity provider in Vault managed by Terraform. It lets you create new admins and developers by simply copying and pasting a few lines of terraform. The oidc provider that leverages this Vault identity provider is also powered by Vault and propagated through all of the apps on the platform.

Until this release, we haven’t had a nice frictionless way to manage password resets. This capability was added to 1.11 so that admins can reset anyone’s password, and so developers can reset their own password, just by logging into your new Vault and visiting the userpass authentication method in the UI and editing the user.

Check out 1.11

Give us a quick 5-minute platform install and tell us what you did with it!

Join the kubefirst slack workspace and ask questions in #helping-hands!

Check out our release notes!

Shoot us a github star for the free open source platform that we’ve built.