Banzai Cloud Pipeline provides a number of integrated services that allow for simple configuration and deployment of frequently used cluster-related services such as DNS, monitoring, container image vulnerability scans or Vault based security. These services can be activated using the web UI or the Banzai CLI tool, where the latter supports a wider range of configuration options.

The following sections provide a brief introduction to each integrated service.

Note: The command line examples assume that you have installed the Banzai CLI tool, logged in, and selected a cluster to operate on.

DNS

Use the DNS integrated service to enable public access to services on your cluster via domain names.

How to activate

In a shell of your choice run the following command:

% banzai cluster service dns activate

and complete the interactive wizard, or specify the options in a file or on standard input:

% banzai cluster service dns activate --file - <<EOF
{
  "domainFilters": ["my.example.org"],
  "policy": "sync",
  "sources": ["ingress", "service"],
  "provider": {
      "name": "route53",
      "secretId": "0fb5e6a344aaeb3382554ef3536791237d6e3f8ab59026e5bd8f6e3949675259",
      "options": {
          "region": "us-west-2",
          "batchSize": "1000"
      }
  }
}
EOF

How to deactivate

In a shell of your choice run the following command:

% banzai cluster service dns deactivate

Monitoring

Use the monitoring integrated service to gather and view cluster metrics.

How to activate

In a shell of your choice run the following command:

% banzai cluster service monitoring activate

and complete the interactive wizard, or specify the options in a file or on standard input:

% banzai cluster service monitoring activate --file - <<EOF
{
  "prometheus": {
      "enabled": true,
      "storage": {
          "size": 1000,
          "retention": "10d"
      }
  },
  "exporters": {
      "enabled": true,
      "nodeExporter": {
          "enabled": true
      },
      "kubeStateMetrics": {
          "enabled": true
      }
  }
}
EOF

How to deactivate

In a shell of your choice run the following command:

% banzai cluster service monitoring deactivate

Security scan

Use the security scan integrated service to control admission of pods to the cluster, using preconfigured admission policies.

How to activate

In a shell of your choice run the following command:

% banzai cluster service securityscan activate

and complete the interactive wizard, or specify the options in a file or on standard input:

% banzai cluster service securityscan activate --file - <<EOF
{
  "policy": {
      "policyId": "97b33e2c-3b57-4a3f-a12b-a8c0daa472a0"
  }
}
EOF

How to deactivate

In a shell of your choice run the following command:

% banzai cluster service securityscan deactivate

Vault

Use the Vault integrated service to enhance security by injecting secrets directly into pods from Vault.

How to activate

In a shell of your choice run the following command:

% banzai cluster service vault activate

and complete the interactive wizard, or specify the options in a file or on standard input:

% banzai cluster service vault activate --file - <<EOF
{
  "settings": {
      "namespaces": ["default"],
      "serviceAccounts": ["*"]
  }
}
EOF

How to deactivate

In a shell of your choice run the following command:

% banzai cluster service vault deactivate