Shipa Blog

Latest updates on our products, plus helpful articles relating to Kubernetes, container security, microservices and more

Shipa Insights – Engineering Efficiency Release

As we continue to build our vision around Shipa Insights, we are pleased to announce that we are now including engineering efficiency statistics along with the policy and security violations from our initial release. 

Shipa Insights Animation

Getting started with Shipa Insights is very easy, Shipa Insights is there for you automatically. Navigate to the Insights Module and take a look at what Shipa has been keeping track of / discovering on your behalf. 

Your First Shipa Insights

There are two paths to Shipa Insights. You can deploy workloads through Shipa and/or auto-discover/ingest existing workloads with Shipa. Based on the Shipa Framework defined, policy violations will be scored against what is configured in a Framework. 

Ingesting Workloads

Shipa has a robust auto-discover capability e.g Application Discovery. First, connect a Kubernetes cluster to Shipa. Then you can ingest workloads. If you do not have a workload, installing something like Magento via Helm is a good example. 

helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-release bitnami/magento
Helm install Magento

Next, can create a Shipa Framework to ingest the workloads. 

Shipa -> Frameworks -> Create Framework

Option: Discover existing applications

Shipa App Discover Framework

Click Next to configure.  The Kubernetes Namespace for the installed Magento Chart is “default”. You can validate this by running “kubectl get pods -A”. 

Name: disoverworkload

Plan: shipa-plan

Kubernetes Namespace: default

Teams: shipa-team

Cluster Connection: cluster you connected to Shipa

Shipa Configure App Discover

Click Next to configure the import. Shipa Application Discovery works off of Labels. 

If you would like to take a look at the Labels provided by the Helm install, can run the following: kubectl get pods -n default –show-labels

In this case, importing on “app.kubernetes.io/name” makes the most sense. 

Label: app.kubernetes.io/name

Naming suffix: -imported

Shipa App Discover Label

Click Create and your workloads will be ingested. Can validate they have been ingested by returning to Applications. 

Shipa Imported Apps

After a few moments, policy violations will start to appear. For example, mariadb when compared against your discoverworkload policy, has a Resource Limit Policy Violation. 

MariaDB Policy

This is due to when setting up the Framework, the Shipa default “shipa-plan” sets the cpushare to 100. 

Shipa Plan
Security Scanning 

By default with quick-starts, the Container Scanning feature is turned off. Can update the Framework to turn this on to get scanning results for the running ingested workloads. Update your created discoverworkload.

Shipa -> Frameworks -> discoverworkload -> Update

Shipa Frameworks

Click Update and then click on Security Scans in the left-hand panel. 

Shipa Enable Security Scan

Un-check “Disable app scans” then click Update & Close. Shipa will now start to scan your running containers. 

Heading back to Insights, you will notice that mariadb has one more violation from the Resource Limit violation. 

MariaDB Policy Violation

Clicking into mariadb, the Security ScanPolicy will allow you to now take a look at the security scan. 

MariaDB Security

Click on the Scan report to take a look at the report. 

MariaDB Security Scan Results

Just like that, you were able to ingest existing Kubernetes workloads to start to get a deeper understanding of what is running. 

Deploying Workloads

For workloads that you deploy through Shipa, the process is similar. Shipa has a one-click to deploy which is very simple. Similar to creating the Application Discovery Framework, can create one to deploy. 

Shipa -> Frameworks -> Create Framework

Option: Deploy applications with reasonable defaults

Shipa Deploy Framework

Click Next to configure the Framework. 

Name: shipadeploy

Plan: shipa-plan

Teams: shipa-team

Connect to cluster: Your Kubernetes cluster 

Shipa Deploy Configuration

Then click Create. 

Now you can add an Application [deploymnet] with Shipa. 

Shipa -> Application + Create

Name: myfirstapp

Framework: shipadeploy

Team: shipa-team

Shipa Deploy Setup

Now you can specify an image to deploy. 

Deployment source: Public-registry

Image URL [Test with Sample Image]: docker.io/shipasoftware/hello-shipa:latest

Shipa Deploy Image

Click Deploy and you are off to the races again with Shipa. 

Circling back to Insights, you will notice that your newly deployed Application has no policy violations. Shipa was able to enforce the decisions that were prescribed by the Framework.

Shipa No Policy Violations

Digging into the engineering efficiency section, now statistics will be there around deployment frequency, average deployment time, and total deployments. 

Shipa Deployment Stats

We are just getting started with Shipa Insights. 

Shipa, Fighter of Kubernetes Toil

We are making some great strides around Shipa Insights to start combating problems of current and future as organizations continue their Kubernetes journey. Shipa already has rock-solid Kubernetes abstractions and policy enforcement to get your workloads on Kubernetes. As Kubernetes adoption starts to scale, looking at security and efficiency items, especially for existing workloads where the authoring engineers are long gone is challenging. Shipa is here to change that. Feel free to signup for a free Shipa Cloud account to take Shipa Insights for a spin. 

Cheers,

-Ravi