Banzai Cloud Pipeline is an application platform with many services, some of which are optional. The quick start guides don’t touch the default selection of the platform’s components, but of course you may need to configure the system to your specific requirements.

Components can be switched on and off in the values.yaml file of your workspace (~/.banzai/pipeline/default). After your changes are ready for deployment, simply run banzai pipeline up [--workspace=default] and confirm the deployment plan offered.

Let’s take a look at the components and their essential configuration.

Recommender and Cloudinfo

The Recommender is an independent service of the platform, which is used by the user interface during the cluster creation flow. It takes generic requirements like number of CPUs and amount of memory, and recommends cluster layouts of different cloud providers based on overall price and value. You can find more technical details on the banzaicloud/telescopes Github project page.

Recommendations are backed by another component called Cloudinfo (banzaicloud/cloudinfo), which collects and organizes the offers of popular cloud providers.

Both of these services are available publicly for free, and the default installation uses these public services.

Hollowtrees

Hollowtrees is another optional component. It’s a ruleset based watchguard, which keeps spot/preemptible instance based clusters safe and allows to use them in production.

You can enable the platform component that is needed to create clusters taking advantage of its services with the following addition to your values.yaml:

hollowtrees:
  enabled: true

You can find more technical details on the banzaicloud/hollowtrees Github project page and in the Kubernetes on the spot blog post.

Secret store

Secrets are used everywhere in Banzai Cloud Pipeline: for interactions with cloud providers, Kubernetes clusters, or for applications deployed to the clusters. The platform uses a central Vault service to securely store and manage secrets.

It is configured to use the database backend of the platform, but you can customize this.

Authentication

Banzai Cloud Pipeline uses Dex for its main authentication and authorization entry point. Dex is an open-source, federated OpenID Connect identity provider. The default Banzai Cloud Pipeline installation accepts a static credential (with a random generated password), which is good for a test drive. Production deployments should set up an authentication provider, or alternatively use an existing instance of Dex within the organization.

Another popular authentication provider is Github: see GitHub OAuth based authentication. For enterprise authentication provider integrations contact us.

CI/CD

Banzai Cloud Pipeline has an optional integrated CI/CD engine that is able to run jobs on clusters managed by the Platform. The same engine is used by Spotguides as well.

CI/CD can only work if it has access to an instance of Github or Gitlab.

This values.yaml snippet enables CI/CD for GitHub, to make this properly work please continue with the GitHub OAuth based authentication guide as well:

cicd:
  enabled: true
pipeline:
  configuration:
    cicd:
      enabled: true
      scm: github

Image scan

Image vulnerability scan is an optional feature for clusters managed by Banzai Cloud Pipeline. The feature depends on a central instance of Anchore, which is not installed by default.

You can enable it with the following values.yaml snippet:

anchore:
  enabled: true
ui:
  featureSet:
    menuSecurityScan: true
    menuGroupSecurity: true

Web UI

The web user interface of the platform is enabled by default.

Database backend

A few components of Banzai Cloud Pipeline use relational databases for persistence. The default setup deploys and configures a PostgreSQL instance to the cluster that runs Banzai Cloud Pipeline.

The platform supports MySQL as well, and you may also decide to use an existing database server.