Kubefirst v1.8 Release Announcement

Kubefirst cli: Kubernetes Platform Provisioning Enabler

The Kubefirst team is excited to announce the release of the kubefirst cli, an open source command line tool that enables platform provisioning operations.

What is Kubefirst?

Kubefirst is a fully automated and operational open source platform that includes some of the best tools available in the Kubernetes space, all working together from a single command. Kubefirst is a GitOps cloud management and application delivery ecosystem complete with automated Terraform workflows, vault secrets management, Gitlab integrations with Argo, and an example app that demonstrates how it all pieces together.

By running the command kubefirst cluster create against an empty AWS account, the new utility will provision a fully automated infrastructure management and application delivery ecosystem to your AWS cloud space powered by some of the best cloud native open source tools including Argo CD, Argo Workflows, Terraform, Atlantis, Vault, Nginx, GitLab, and more. In less than 30 minutes, Kubefirst builds you an automated and operational deployment platform using the best in class CNCF tools.

The release of the new kubefirst cli serves as a replacement to the nebulous container which was our original container-based mechanism for platform provisioning. The new command line utility provisions the Kubefirst platform 30% faster, is significantly more fault tolerant, and provides a better end user experience.

The latest version of the Kubefirst platform, as built by the new CLI, introduces a couple of technical changes to the provisioning process. The first is a transition from Omnibus GitLab running on EC2 to a GitLab cloud native installation running in Kubernetes. We are excited with the result and a tighter alignment of our platform's focus on leveraging Kubernetes for infrastructure and GitOps for application management.

The new CLI utility also allows us to support additional git providers, like GitHub, in future releases. With the shift we continue to support GitLab's self hosted OIDC provider for single sign-on to provide a cohesive authentication and authorization scheme throughout the platform. We have also shifted our initial Kubernetes GitOps bootstrapping to leverage an ephemeral self-serve git provider which lays the foundation for introducing Crossplane to our platform in the future

Installing the Kubefirst Platform

Kubefirst is installed in four steps. Before you begin, you will need an AWS account and administrative permissions in that account, and you will need to establish a single hosted zone that is configured to receive traffic from your domain registrar. Once you have your AWS account configured, you will install the kubefirst cli, run a kubefirst init command, then a kubefirst cluster create command. For more details see Install - Kubefirst Docs

Once you have installed the platform, you will be able to grant your team access to all the platform tools by issuing a pull request against your GitOps repository. For details see the Kubefirst docs.

How the new Kubefirst CLI works

When you run kubefirst cluster create against your empty AWS account, the CLI tool will begin provisioning a new VPC with enough content to start running services from the cloud. This will include subnets, an Elastic Kubernetes Service (EKS) cluster with nodes, Identity and Access Management (IAM), and object storage with S3.

The EKS Kubernetes cluster will be bootstrapped with a temporary self-serve git provider, with a GitOps repository derived from our gitops-template repository, and Argo CD will be registered against that repository.

At that point, Argo CD will begin provisioning Kubernetes resources using Argo CD Sync Waves.

Next, the GitLab instance running in the Kubernetes cluster takes over as the permanent git provider, and Atlantis begins to detect and reconcile any changes to Terraform, controlling the infrastructure management of all AWS resources in your account.​​

The Future of Kubefirst - Where We Are Today

As of v1.8, the kubefirst cluster create command will provision the following:

• AWS resources
  • VPC
  • Subnets
  • DynamoDB backend for Vault
  • S3 buckets for artifact and state storage
  • a KMS key for Vault encryption
  • an EKS cluster
• Kubernetes apps
• ingress-nginx
• external-dns
• cert-manager
• Vault
• external-secrets-operator
• Argo CD
• Argo CD workflows
• GitLab
• gitlab-runner
• Atlantis
• Metaphor (example microservice application)
  • development instance
  • staging instance
  • production instance

As of v1.8, the kubefirst cluster create command supports the following functionality:

• All secrets stored in Vault with disaster recovery
• All infrastructure managed by Terraform and automated with Atlantis
• All application changes deployed with a GitOps workflow managed by Argo CD
• Application delivery GitOps continuous integration workflows provided to
  • build containers
  • publish containers images
  • publish Helm charts
  • auto-manage Helm versions
  • provide Gitops delivery to dev, stage, prod
  • branch testing
• User management with RBAC controls in Argo workflows, Argo CD, Vault, and GitLab for developer and admin groups
• Vault integration with Kubernetes service accounts
• Single sign-on throughout the platform with OIDC provider in GitLab
• Metaphor sample application
  • delivers to development, staging, production
  • demonstrates integration with vault and external-secrets-operator
  • demonstrates integration with cert-manager, external-dns, ingress-nginx

Where Kubefirst Is Headed

We have been busy building a team around the Kubefirst project and are excited to create the best Kubernetes starting point for any Kubernetes project. In our upcoming releases, we will be adding support for GitHub as your git provider, adding support for Google Cloud Platform as your cloud provider, adding Crossplane integrations to the platform, and implementing multi-cluster and multi-cloud management features.

Let us know what you need

We are thrilled to finally be in a position to solicit user input on the platform, so please weigh in and let us know what you need. Star our repo to stay updated on new features and improvements.

We would also like to talk to you directly. Schedule time with us to talk through how Kubefirst can save your project months or years of investment. Join our Slack workspace to connect with other community users on the platform. We’re so excited to see what you build with Kubefirst!