Shipa Blog

Latest updates on our products, plus helpful articles relating to Kubernetes, container security, microservices and more

Application Discovery Tutorial

Systems and platforms continue to grow more complex and distributed. The march towards distributed microservices has been accelerated with Kubernetes; arm yourself with a Kubernetes manifest and up your replica count and like magic, you have more than one endpoint for your workload. In the Kubernetes ecosystem, there has been a lot of investment on the infrastructure side of the house for example in making sure clusters are performant and have the ability to scale. 

Imagine yourself as a new developer on a team that has services on Kubernetes. On your first day in the role, you need to figure out aspects of the application running in Kubernetes. The purview you are granted with kubectl or even Kubernetes-centric tools is still infrastructure-centric. Now with Shipa, that is changing and you can have an application-centric view of your application. Until recently, the application map that Shipa provides was limited to applications that were managed by Shipa. Shipa now has the capability to expose application-centric information for applications not managed by Shipa e.g Application Discovery. In this example, you can wire your first Application Discovery. 

Getting Started

For Application Discovery, you need a Shipa or Shipa Cloud instance and a Kubernetes cluster and you are all set. If this is your first time leveraging Shipa, you can sign up for a Shipa Cloud account for free. There are a few tutorials on how to wire Shipa Cloud to a Kubernetes cluster or even to a local Kubernetes cluster on your machine. This example will walk you through assuming you have a vanilla Kubernetes cluster. 

Deploy Some Workload to Your Cluster

First validating you have connectivity to your Kubernetes cluster of choice, can run kubectl get nodes

Get Kubernetes Nodes

Next as a good habit, create a Namespace to deploy your workload. 

kubectl create namespace notdefault
Create Kubernetes Namespace

A quick way to deploy a sample workload is to deploy Bitnami’s WordPress Helm Chart. If you don’t have Helm, you can grab Helm via a tool like Homebrew.    

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm install my-release bitnami/wordpress --namespace notdefault
Helm Install WordPress

Then you can validate the pods are up and running. 

kubectl get pods -n notdefault
Kubernetes Get Pods

Now you are ready to create a Shipa Framework that will discover your applications. 

Shipa Application Discovery Framework

Shipa works off a concept of Frameworks which are logical groupings of policies. Application Discovery works off of ingesting Labels. The first step can be to either look at what Labels are attached to your Pods or add Labels to your Pod.  

To view Labels on your Pods:

kubectl get pods -n notdefault --show-labels
Kubernetes Show Labels

Depending on where you get your workload, could be an exercise at looking at an eyechart. Though for this Bitnami Helm Chart, the label “app.kubernetes.io/name” is common across both Pods. We will use that Label in Shipa. 

Optionally, you can add your own Labels also.

kubectl label pods -n notdefault <pod>  somelabel=somevalue

Now it is time to create a Shipa Framework to ingest Labels. 

Shipa -> Frameworks + Add Framework

Shipa Blank Framework

In the UI can select “Discover existing applications” then click Next. 

Shipa Create Framework

In the General Configuration:

Name: discovernotdefault

Kubernetes Namespace: notdefault

Ingress: traefik [this is Shipa’s Default to bind a cluster, will be set up later]

Plan: shipa-plan [default created with Shipa Cloud]

Team: shipa-team [default created with Shipa Cloud].

Shipa Application Discovery Framework

Click Next and configure the auto-discovery [label] information so Shipa can discover the applications. 

Label: app.kubernetes.io/name

Configure app-discovery

Then click Create and your Framework is available.

Framework added

Now you are ready to wire your Kubernetes cluster to Shipa. 

Wiring a Kubernetes Cluster to Shipa

Wiring a Kubernetes cluster is simple and will require three pieces; the Kubernetes API endpoint, service account token, and CA Cert.  

Shipa Cloud -> Clusters + Connect Cluster 

Shipa Blank Cluster

In Cluster Setup

Name: somekubernetescluster

Framework: discovernotdefault

Shipa Cluster Setup

In the Cluster Connection Screen, finding the three pieces are straightforward.

Shipa Cluster Connection

Kubernetes Control Plane

This is your Kubernetes API Endpoint address.

kubectl cluster-info | grep 'Kubernetes' | awk '/http/ {print $NF}'
Get Kubernetes API Endpoint

Token 

A service account is needed to be created and then a token generated off of that service account needs to be wired into Shipa. The Shipa Documentation for connecting a cluster gives the needed manifest to create the role and base the token off of.

Create shipa-admin-service-account.yaml

Shipa Service Token

Then apply the manifest.

kubectl apply -f shipa-admin-service-account.yaml
Service Account

Now you can grab the token off of the account.

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep shipa-admin | awk '{print $1}')
Get Token Secret

Certificate

Once the token has been created, now you can grab the CA Certificate. 

kubectl get secret $(kubectl get secret | grep default-token | awk '{print $1}') -o jsonpath='{.data.ca\.crt}' | base64 --decode
Get Kubernetes CA Cert

Wire in to Shipa

With the three pieces of needed information captured, wire into the Cluster Connection UI.

Shipa Cluster Connection Complete

Click Next and can leverage the default Shipa Traefik ingress controller. 

Shipa Ingress Controller

Click Create and your cluster will be wired and the auto-discovery process will be started. 

Your First Auto-Discovered Applications View

Navigating to the Applications menu, you should see two new applications appear which were discovered by Shipa without any user or admin intervention. 

Auto Discovered Applications

Shipa is known for providing a world-class application map which you can now dig into and see what has been exposed. 

Applications -> wordpress -> Application Map

Shipa Application Map

Shipa has also discovered the backing MariaDB of WordPress. The art of the possible is great with Shipa exposing applications in your organization. Shipa can also manage those applications if deployed through Shipa. This is just our first rendition of Application Discovery and looking to have conformance and compliance features in future renditions. Stay tuned!

Cheers,

-Ravi