Shipa Blog

Latest updates on our products, plus helpful articles relating to Kubernetes, container security, microservices and more

Framework for Kubernetes – Shipa 1.2 Release

Shipa 1.2 is now GA

Shipa (https://www.shipa.io), the full lifecycle application-centric framework for Kubernetes and multi-cluster portability, just got better! Version 1.2 is now available, and we are excited to share these key new features and improvements with the Shipa community.

Shipa creates the guardrails, compliance and controls for your Kubernetes and OpenShift applications, while at the same time helps eliminate all the yaml-files, helm charts and custom scrips that are most likely starting to pile up and slowing things down for your developers.

Get Started

Shipa version 1.2 includes improvements to:

    • Multi-cloud incl. AKS, EKS, OKE, GKE, IKS & OpenShift
    • Multi-tenancy – improved detailed multi tenancy model

Shipa 1.2 key new feature include:

    • Network Policies Map
    • Integration with Istio – incl. canary rollouts
    • Vault integration
    • Integration with Private Registries – incl. JFrog

Shipa for Kubernetes multi-cloud portability

New in 1.2:

Network Policies Map

Shipa 1.2 brings user experience to the next level by empowering organizations with a visual translation of standard Kubernetes network policies, representing the simple abstraction level that Shipa provides when restricting or allowing traffic flow between applications. Shipa users can set rules for the application and have an automated visualization of all application policies displayed on the Shipa UI.

The map captures the complexities that are configured under the hood in a rich diagram, allowing you to achieve specific networking rules without understanding how pods or namespaces selectors work in the complex world of Kubernetes. Users can continue to think in an app-centric way and not be burdened with learning how to set up infrastructure objects.

Chart animation shows how the traffic moves between all of the graphed nodes, so users can have an exact representation of the incoming or outgoing network flow.

The map is an excellent tool for developers to understand how applications are configured quickly, and it can be used for a wide range of purposes. For example, from a security standpoint, this feature offers a quick view of whether the application is open to the world or to a specific set of applications/pools; this makes it easier for developers to match their policies to internal business requirements. This feature can also help developers from a debugging perspective. Because the chart show how all applications are connected (or not), developers can quickly see if a certain bug/issue can be derived from an infrastructure misconfiguration or from a codebase error.

Integration with Istio

Istio is an open-source service mesh developed by a collaboration between Google, IBM, and Lyft. It coordinates communication between services, providing service discovery, load balancing, security, recovery, telemetry, policy enforcement capabilities, and more.

Shipa users can now leverage their existing Istio ingress controller for their deployed applications.

Shipa simplifies using Service Mesh by abstracting the complexities away, empowering users to define services communication policies.

Canary rollouts

Shipa users can leverage Istio for the traffic routing rules, including canary rollouts based on percentage traffic splits. Canary rollouts allow you to test a new version of the service by sending small amounts of traffic to the new version. If the test is successful, it can gradually increase the traffic sent to the newest version until all traffic is moved. If anything goes wrong along the way, you can abort the rollout and return the traffic to the old version.

Metrics

Istio generates a set of service metrics based on the four golden monitoring signals ( latency, traffic, errors, and saturation). Once having all of these metrics, Shipa users can take advantage of  out-of-the-box integrations with your existing APM solutions and incident management tools. By doing that, Shipa makes it easier to solve problems and build more resilient applications quickly.

CNAME & HTTPS

Shipa integrates with cert-manager, and by using one single command, Shipa automatically generates certificates for your cname.

By using “shipa cname-add {appname} {cname} “and routing your DNS to Istio gateway endpoint, Shipa takes care of everything else.

Shipa also allows certificates to be added manually through “shipa certificate-add” command.

Vault integration

Users can now inject secrets from their Harshicorp Vault into their Kubernetes applications deployed using Shipa.

As many organizations migrate to the cloud, significant concern has been regarding how to best secure data. Vault is secret store software; it uses to store, manage safely, and control access to secrets ( tokens, passwords, certificates, and API keys) on Kubernetes clusters.

For safety reasons and user experience, Shipa users manage their secrets directly on Vault. Shipa provides a sophisticated user experience that enables the user to pass all necessary vault annotations through shipa.yaml, these annotations are used by Kubernetes Vault sidecar to inject secrets to your app.

shipa.yaml
security:
  vault:
    annotations:
      vault.hashicorp.com/agent-inject: true
      vault.hashicorp.com/role: "internal-app"
      vault.hashicorp.com/agent-inject-secret-database-config.txt: "internal/data/database/config"

Integration with Private Registries

At Shipa, we believe that integration is essential for Continuous Delivery; for that reason, Shipa integrates with your current stack and tools in minutes.

Shipa now provides the ability to deploy applications with docker images stored in private registries. This feature uses an image URL, docker username, and password/access token to gain access.
Shipa offers full support for JFrog Artifactory, Docker Hub, Amazon ECR, Azure Container Registry, Google GCR, Nexus repository, and more.

Try Shipa today

Shipa is easy to install and get started

Click Here