This application is mainly meant to run on Kubernetes (K8s) and protect resources that run on Kubernetes clusters.
Uitsmijter is tested on Kubernetes version 1.22.0
and above.
-
π Traefik in version >= 2.9 Currently the Interceptor Mode is only available for Traefik at the moment. If you are using other ingress controllers, please feel free to contact us. We are constantly working on new features and integrations.
Attention: You have to enable allowExternalNameServices in Traefik! See π this Traefik documentation to set up Traefik correctly.
Settings in Traefik deployment
- --providers.kubernetesingress.allowExternalNameServices=true
-
π Helm in version > 3.0 We provide a setup routine in Helm Charts that installs Uitsmijter onto Kubernetes with all necessary resources. Read more about the installation process in the quick start tutorial.
-
π Cert-Manager Valid certificates are a must-have for a secure login. We recommend to use cert-manager to get valid π Letβs Encrypt certificates for your cluster ingresses.
-
π config-syncer The authorization server signs the JWT with a secret that every client must know. Rather than storing various secrets in different namespaces that are hard to keep in sync we recommend to use config-syncer to distribute the one secret to every namespace that is allowed to consume the secret.
-
π Prometheus Uitsmijter does not have its own management portal because it is not necessary and would brand the product. For the sake of simplicity and fully respect of your workflow everything can be configured as declarative code in π custom resources and π configmaps. To see what is Uitsmijter doing, it provides a wide set of metrics data in the π OpenMetrics format. We recommend to use Prometheus to collect the metrics.
-
π Grafana Because of the absence of an administrative portal that would dictate you how to take a look on the metrics, Uitsmijter offers a wide range of OpenMetrics data. To show them in meaningfully graphs a Grafana Dashboard is provided. You may want to use the dashboard as a starting point and bring in your own business metrics.
It is possible to run Uitsmijter in a docker environment for production. Unfortunately this operational mode is not documented yet.
- π Docker in version 20.10
- π Docker Compose in version 2.13.0
- π Traefik in version >= 2.9
If you are using docker or some other kind of orchestration please feel free to contact us. We are open to share some information and can help to implement Uitsmijter in a different setup than Kubernetes.
- Quick Start Guide for Kubernetes.