Banzai Cloud Pipeline provides a number of integrated services that allow for simple configuration and deployment of frequently used cluster-related services such as DNS, monitoring, container image vulnerability scans or Vault based security. These services can be activated using the web UI or the Banzai CLI tool, where the latter supports a wider range of configuration options.
The following sections provide a brief introduction to each integrated service.
Note: The command line examples assume that you have installed the Banzai CLI tool, logged in, and selected a cluster to operate on.
DNS
Use the DNS integrated service to enable public access to services on your cluster via domain names.
How to activate
In a shell of your choice run the following command:
% banzai cluster service dns activate
and complete the interactive wizard, or specify the options in a file or on standard input:
% banzai cluster service dns activate --file - <<EOF
{
"domainFilters": ["my.example.org"],
"policy": "sync",
"sources": ["ingress", "service"],
"provider": {
"name": "route53",
"secretId": "0fb5e6a344aaeb3382554ef3536791237d6e3f8ab59026e5bd8f6e3949675259",
"options": {
"region": "us-west-2",
"batchSize": "1000"
}
}
}
EOF
How to deactivate
In a shell of your choice run the following command:
% banzai cluster service dns deactivate
Monitoring
Use the monitoring integrated service to gather and view cluster metrics.
How to activate
In a shell of your choice run the following command:
% banzai cluster service monitoring activate
and complete the interactive wizard, or specify the options in a file or on standard input:
% banzai cluster service monitoring activate --file - <<EOF
{
"prometheus": {
"enabled": true,
"storage": {
"size": 1000,
"retention": "10d"
}
},
"exporters": {
"enabled": true,
"nodeExporter": {
"enabled": true
},
"kubeStateMetrics": {
"enabled": true
}
}
}
EOF
How to deactivate
In a shell of your choice run the following command:
% banzai cluster service monitoring deactivate
Security scan
Use the security scan integrated service to control admission of pods to the cluster, using preconfigured admission policies.
How to activate
In a shell of your choice run the following command:
% banzai cluster service securityscan activate
and complete the interactive wizard, or specify the options in a file or on standard input:
% banzai cluster service securityscan activate --file - <<EOF
{
"policy": {
"policyId": "97b33e2c-3b57-4a3f-a12b-a8c0daa472a0"
}
}
EOF
How to deactivate
In a shell of your choice run the following command:
% banzai cluster service securityscan deactivate
Vault
Use the Vault integrated service to enhance security by injecting secrets directly into pods from Vault.
How to activate
In a shell of your choice run the following command:
% banzai cluster service vault activate
and complete the interactive wizard, or specify the options in a file or on standard input:
% banzai cluster service vault activate --file - <<EOF
{
"settings": {
"namespaces": ["default"],
"serviceAccounts": ["*"]
}
}
EOF
How to deactivate
In a shell of your choice run the following command:
% banzai cluster service vault deactivate