New Integrations for Vault Secrets Management and Policy-as-Code, Multi-Environment Features, and Helm Charts
Being a relatively early adopter of containers (since 2014) and Kubernetes has presented us with great opportunities to innovate our way out of challenges. We’ve written in the past about how the lack of suitable tools around Kubernetes — especially for configuration and secrets management, and dealing with stateful services — led us to develop Cloud 66 Skycap, Cloud 66 Maestro, and our open source projects Habitus and Copper.
However, being an advanced user of Kubernetes means that we continue to innovate around new problems, and feed that into our products. You may have read that this Wednesday and Thursday, we will be at the Gartner Catalyst Conference 2018 in London, talking about some significant new features. In this post, I’ll aim to provide a bit more detail on these.
HashiCorp Vault integration into Skycap
HashiCorp Vault has been hugely popular of late, alongside other projects from HashiCorp. Vault secures, stores, and tightly controls access to secrets in cloud-native environments. A big part of our product philosophy is to enable self-service deployments for developers, and that means, for example, that developers may know where a private key for their service lies, but might not need to spend time/bandwidth on knowing what that key is.
Adding your Vault servers in the Settings part of Skycap allows for a seamless flow from configuration file creation, through the build, and down to creating a multi-environment deployment pipeline. This is all defined by Operations with fine-grained user access controls so that everything developers do stays within policy.
Policy-as-code integration into Skycap
Copper is our open source configuration file validator. Since releasing it into the wild in March, we’ve received tons of positive feedback (as well as helpful suggestions!) from our own users as well as users of CI tools such as Jenkins, CircleCI and the like. While we do offer enterprise support for Copper and Habitus, ultimately they are critical building blocks in Skycap.
To bring that to life, we’re delighted to introduce Copper integration into the UI, with a powerful yet simple to use editor right inside your Formations section. Effectively, that brings policy-as-code into your container pipeline, in a way that is easy to manage and control for operations, and easy to use for developers. In more technical terms, this means additional support for Kubernetes configuration sets as well as Kubernetes configuration policy compliance automation, all powered by Copper within Skycap.
Rich and dev-friendly multi-environment Kubernetes (Stencils ❤ Helm)
We’ve written at length about the challenge of “build once, deploy many times” when you have multiple environments, clusters, and clouds. Our answer for this has been Formations, which, together with their building blocks Stencils, help us with generation and management of configuration file templates. This serves us well in dealing with 2,500 lines of configuration powering a dozen clusters and 4,000 customer workloads!
The first exciting bit of news here is that we’ll be launching Helm Charts integration into Formations, alongside Stencils. We use Charts for off-the-shelf services with predictable release cycles, and Stencils for internal services that tend to be more complex with regards to releases, configuration, and security. This integration, ready into private beta in October, makes Formations the single control plane for building and managing all your configuration templates, files and deployment targets!
The second is that this week we are making this powerful feature set even easier by introducing a step-by-step wizard, as well a shiny new (and always evolving!) documentation pages.
A word about Cloud 66 Maestro
As we’ve mentioned, there are some great managed Kubernetes services out there, and tomorrow, we’ll even be stating our opinion on some of them. Even in this crowded space, our very own Maestro — the Kubernetes full-stack app management tool — has recently enjoyed renewed interest specifically for four great features:
- It is multi-cloud and hybrid-cloud: deploy your app to any cloud or server, and then manage all your apps in one place, with fine-grained user access control.
- Even if you’re using just one cloud, it saves you a whole stack: to recreate Maestro’s operations features one public cloud, you’ll need to patch together almost a dozen different services.
- You can save on compute spend and precious time by using Maestro Clusters. Cut up to 80% of the time by pre-installing clusters, and stack up numerous apps on bigger servers to increase utilization and reduce costs.
- Native databases and persistent storage — stateful services — just work. While some databases can cope with node loss relatively easily, this is not the case for MySQL, PostgreSQL or others. We deploy databases (and storage) outside of your Kubernetes clusters, thus avoiding “special guests” (i.e. containers that will need special attention during cluster upgrades or node replacements). Maestro supports provisioning, deployment, and maintenance of most popular database servers, as well as storage solutions like GlusterFS — with backups, replication and high availability as a standard.
If you’re interested in any of these features, get in touch at firstname.lastname@example.org.
Originally published at blog.cloud66.com on September 24, 2018.