Step 1: Prepare¶
Hi there, Application Developer! Happy to have you on board with Elastisys Compliant Kubernetes!
In this part, you will learn about the things you should do to prepare to get started with the platform.
We assume somebody else, your administrator, has already set up the platform for you. You will therefore have received:
- URLs for the Elastisys Compliant Kubernetes UI components: OpenSearch Dashboards, Grafana, and Harbor;
- a kubeconfig file for configuring
kubectlor Lens access to the underlying Kubernetes cluster; and
- (optionally and rarely) a static username and password. Note that normally, you should log in via a username and a password of your organization's Identity Provider, such as LDAP, Active Directory, or Google Workspaces account.
Do you not already have an Elastisys Compliant Kubernetes platform up and running? Request one from a managed service provider and get started!
Install Prerequisite Software¶
- oidc-login, which helps you log into your Kubernetes cluster via OpenID Connect integration with your Identity Provider of choice
Your cluster management software of choice, of which you can choose either or both:
- kubectl, a command-line tool to help manage your Kubernetes resources
- Lens, a graphical user interface to help manage your Kubernetes resources (see also our dedicated page on Lens integration)
Optional, but very useful, tools for developers and DevOps engineers:
- docker, if you want to build (Docker) container images locally
- helm, if you want to manage your application with the Helm package manager
Once installed, you can verify that configuration is correct by issuing a few simple commands.
Access Your Web Portals¶
Those URLs that your Elastisys Compliant Kubernetes administrator gave you all have a
$DOMAIN, which will typically include your company name and perhaps the environment name.
Your web portals are available at:
harbor.$DOMAIN-- the Harbor container image registry, which will be the home to all your container images
opensearch.$DOMAIN-- the OpenSearch Dashboards portal, where you will view your application and audit logs
grafana.$DOMAIN-- the Grafana portal, where you will view your monitoring metrics for both the platform, as such, and your application-specific metrics
Containerize Your Application¶
Elastisys Compliant Kubernetes runs containerized applications in a Kubernetes platform. It is a Certified Kubernetes distribution, which means that if an application is possible to deploy on a standard Kubernetes environment, it can be deployed on Elastisys Compliant Kubernetes.
However, there are some restrictions in place for security reasons. In particular, containers cannot be run as root. Following this best practice is a simple way to ensure additional security for your containerized applications deployed in Kubernetes.
There are additional safeguards in place that reflect the security posture of Elastisys Compliant Kubernetes that impact your application. These prevent users from doing potentially unsafe things. In particular, users are not allowed to:
- change the Kubernetes API through CustomResourceDefinitions or Dynamic Webhooks;
- gain more container execution permissions by mutating PodSecurityPolicies; this implies that you cannot run container images as root or mount hostPaths;
- mutate ClusterRoles or Roles so as to escalate privileges;
- mutate Kubernetes resources in administrator-owned namespaces, such as
- re-configure system Pods, such as Prometheus or fluentd;
- access the hosts directly.
Next step? Deploying!¶
Ready with a containerized application? Head over to the next step, where you learn how to deploy it!