Firekube - Fast and Secure Kubernetes Clusters Using Weave Ignite
Weave Firekube is a new open source Kubernetes distribution that enables secure clouds anywhere. Firekube uses Weave Ignite to run Kubernetes on Firecracker. It pulls everything from Git and boots up a secure cluster in 2.5 minutes.
This blog post is about a new way to launch and manage Kubernetes. It is especially aimed at developers who need a free, fast, reliable and secure way to run k8s clusters anywhere.
Weave Firekube is a new open source Kubernetes distribution that enables secure clouds anywhere. Firekube uses Weave Ignite to run Kubernetes on Firecracker by default. As such it is a portable and secure alternative to Project Pacific in that Kubernetes is integrated with a VM stack. The whole stack is managed using GitOps which simplifies correct installation and management. Firekube may also be seen as an alternative to KIND using Ignite and GitOps.
Firekube pulls everything from Git, detects your operating system and can boot up a secure cluster from nothing in 2.5 minutes.
Watch a demo:
Firekube is fast, lean and secure
Our vision for Kubernetes is that clusters should be zero cost ‘cattle’ not ‘pets’. The real value of cloud native is in what it means for applications. So we need an almost-zero effort way to boot and manage clusters that is open source. We believe all vendors are driving to this goal and this is our contribution.
Firekube is a ‘lean’ bundle that makes Kubernetes cluster creation easy and fast. Firekube is also secure because Firecracker VMs are isolated. The Firecracker security model (process jails) is well understood and should make your OpSec team happier than with some other approaches.
A Firekube cluster has the following properties:
- Runs Kubernetes (now K8s, possibly K3s in future)
- High grade VM security via the Firecracker KVM isolation
- Fast start up and tear down of VMs e.g. for functions and serverless apps
- Scales from zero to production - uses standard k8s plugins for networking etc
- “Lift and shift” software into VMs
- Run containers inside VMs or alongside VMs on the same CNI network
Use Firekube Now
Firekube is available on Weaveworks GitHub.
The software runs Ignite which requires Linux KVM. If your machine does not have KVM available like on Mac OS, then Firekube defaults to using WKSctl and Weave Footloose with Kubernetes nodes running in containers.
Here are two demos of Firekube. The first demo creates a cluster with WKS and WKSctl that is managed with GitOps:
The second demo is of Firekube on Mac OS where it defaults to using Weave Footloose, since there is no Linux KVM running on that OS:
Firekube runs Apps using OSS Kubernetes
Firekube also provides a “multi PaaS” baseline - you can run Buildpacks on Firekube as well as EKS Quickstart Profiles. These features make it possible to deliver “app platforms” anywhere.
Firekube is open source: it installs an upstream OSS Kubernetes distribution by default. It does this using WKSctl which means that cluster management and upgrades are GitOps-managed just like the underlying Ignite VMs. For example, you can just commit a new podinfo file and it will get deployed.
Weave Firekube supports features to reduce the cost of running “application platforms” anywhere. With GitOps giving us an “app push” developer experience and operating model, we can call this a PaaS.
Some people like the term micro-PaaS but since there can be many different profiles, I like the term “multi PaaS”.
We developed Quickstart Profiles to encapsulate sets of interdependent add-ons to Kubernetes clusters, for example this web app profile for EKS. These are managed using GitOps to guarantee correct platform deployment and verify it continuously, as well as deal with versioning and upgrades. These profiles are portable to Firekube! So your EKS and cluster add-ons on your laptop are also now portable.
Buildpacks with Kpack
PaaS tools like Heroku and Cloud Foundry developed Buildpacks as an alternative packaging model for developer-ready environments. We can use Kpack to build any Buildpack with Firekube. Moreover the operating model integrates directly into GitOps. You can see the steps from deploying Kpack to building a container image, and then storing it into an image registry, all done with GitOps in the following video.
Summary and Next Steps
Kubernetes clusters should be free, easy, fast and secure, so we can all build great things on top of them. We hope you enjoy playing with Firekube and use it for development and CI -- maybe production in future too. Send us issue reports on GitHub.
Weave Firekube is also part of our commercial Weave Kubernetes Platform. Along with WKSctl this gives you greater choice, enterprise support, policy and governance. If you are interested in getting Weaveworks to help you commercially, please get in touch with our sales team, and contact me if you have other questions.