Building a Kubernetes platform from scratch is a time-consuming process. Kubefirst’s elevator pitch is that it will do this for you, provisioning an instant, production-grade, fully automated GitOps platform.
Kubefirst helps teams build out their Kubernetes platform quickly, automating the setup and configuration of GitOps management and app delivery ecosystem, freeing up more time in the important first year for app development. More recently, the project has described itself as an “automated Infrastructure as Code (IaC) solution for the masses," emphasizing the project’s mission to cover Day 2 as well as Day 1 and bridging the gap between provisioning infrastructure and automating the day-to-day management of infrastructure. Demonstrating this, version 2.3 was recently released and has added full-fledged cluster management features.
What’s interesting About Kubefirst?
Like most cloud-native innovations, Kubefirst would not exist without the open-source platform tools it uses and the efforts of experienced engineers. The project has many K8s experts who want to help others get into Kubernetes and cloud-native without the pain they experienced in the early days.
The installer creates a GitOps cloud management and application delivery ecosystem, which incorporates automated Terraform workflows, Vault secrets management, and Git repository integrations (for both GitHub and GitLab) with Argo (Kubefirst uses the GitOps continuous delivery tool for K8s (Argo CD) and the Argo project’s workflow engine (Argo wf)).
Kubefirst: How Does It Work?
Kubefirst can either be implemented via CLI or a Helm chart with a user interface. As the diagram, above, indicates, you simply point the Kubefirst installer at your cloud, choice of Git provider, and domain and go.
The “Instant” component of Kubefirst’s installation translates to a mere six minutes to get Kubernetes running in production, with the caveat that this applies to the local installation, which needs Homebrew installed. While Kubefirst uses K3D for the local provisioning process, there are cloud options, such as AWS, which takes a little longer at around 40 minutes.
John Dietz, one of the project founders, recently explained on Reddit what Kubefirst solves, in practical terms. At the core of the installation is the generation of a single GitOps git repo, creating a single source of truth for both infrastructure and application code and enabling teams to manage their infrastructure and application deployments declaratively, using a version-controlled Git repository. Kubefirst then moves on to create a fully automated cloud-native management platform from popular open source and free-tier cloud-native tools:
Terraform - the Infrastructure as Code(IaC) tool is used by Kubefirst to customize your environment and create your cloud, cluster, users, and so on.
Atlantis - automates the governance of Terraform and integrates it with your git pull requests to the GitOps repo.
Argo CD - Kubefirst installs this component of the Argo project, and it’s bootstrapped against a registry directory in your Gitops repo. Dietz says this bootstrap includes Argo CD sync wave orchestration “so that all the chicken-and-egg scenarios are all ironed out, and everything is running and integrated in a single shot.”
This “single shot” includes: argocd, vault, atlantis, self-hosted github/gitlab runners, external-secrets-operator, ingress-nginx, argo workflows integrated with github/gitlab, reloader, crossplane, external-dns, cert-manager, letsencrypt issuers, chartmuseum and more.
Users are managed by Terraform, so all secrets on the platform are stored in the Hashicorp Vault OIDC provider and bound to the platform tools.
Demo - once everything is installed, you can experiment with a demo app called metaphor to understand how all the components work together. It demonstrates:
- container builds
- chart publish
- Gitops delivery to dev, stage, and production
- Helm chart version management
The sample application also demonstrates “first-hand how Gitops delivery can work” with various popular integrations, including Vault, ingress NGINX, cert-manager, external-secrets-operator, Argo wf and GitHub, and GitLab.
What We Like About Kubefirst
- Audit log - Kubefirst uses an Atlantis and Terraform setup, which means there is an audit trail for all system changes in the Git repo that will house all your IaC and GitOps configs.
- Feature-packed - As you can see from the infographic below, Kuberfirst includes all the tools required to manage K8s apps and infrastructure.
- Flexibility - You control the GitOps repository, add and remove tools, and decide what direction you want to take the platform.
- Multi-cloud support - Kubefirst has a growing list of cloud providers, even if some are still in beta, that it supports for deploying your apps to whichever cloud you choose.
- Integrated Secrets - Hashicorp Vault is used as the source of the truth for all secrets across all the platform tools and includes OpenID Connect provision for Single Sign-On.
Right now, Kubefirst supports local, AWS, and Civo clouds, with other cloud platforms, including GCP and DigitalOcean (Edit: now supported) but not Azure, in beta.
Get expert advice on the right cloud-native technology for your specific use case—Book a call today!CONNECT WITH US