top of page
Writer's pictureCat Morris

Kratix CLI++, Permissions, and Backstage: Sept Product Update

Hi friends šŸ˜ŠĀ Iā€™m Cat, Product Manager here at Syntasso, and Iā€™ve been listening to you, our avid followers. ā€œCat, we love Kratix, and we love your team; we want an update!ā€ I hear you scream, so here I am, delivering this top-quality content. Youā€™re welcome.


Given that this is our first Kratix Product Updateā„¢ (not really ā„¢), I wanted to shout about some of the great work the team has done over the last few months, so weā€™re going back a bit further than we usually willā€¦ Indulge me; it was my birthday this month.


TL;DR



If you only have 10 seconds spare to read this blog, these are the features you need to know about:


  • We have two CLIs now! One for building promises and one for installing SKE (Syntasso Kratix Enterprise)

  • Setting permissions just got a little bit easier

  • If you like Backstage, youā€™ll like what weā€™re up to


Big stuff for the fans of Kratix




Kratix Promise building CLI

Like all good tools for developers, we needed a CLI - and one that is more than just a rat nest of bash scripts*. It's now even easier to quickly whip together a Promise from scratch, or your existing operatorsĀ and helm charts.


It's unbelievably easy to get started. Head over to our kratix-cli repo, download the latest release and go wild. You can read up on the tool in our docsĀ as well!



ā€œThat's sweet!ā€ -Ā an actual quote from a customer trying out the new CLI.


*no offence meant to rats, their nests, or bash scripts that resemble said nests


SKE Operator

Our enterprise product, Syntasso Kratix Enterprise (SKE),Ā comes with a bunch of cool features that makes it mega easy to get started, including integrations with Backstage, Terraform Enterprise and now, super speedy installation via our helm chartĀ and the ske-cli.


This will pull in some really cool stuff - it can help manage upgrading Kratix, check if those upgrades worked, and help you with rollbacks.


If you want to try it out, ping us an email at kratix@syntasso.io,Ā and weā€™ll hook you up šŸ˜Ž



Neat stuff (because security should not be YOLO!)



Security uplift

So security is hard. Weā€™ve made this a little bit easier in two ways.


RBAC permissions for your pipelines

You can set the RBAC permissions you want all your pipelines to have in the promise spec. There are a few ways you can do this depending on your use of service accounts and namespaces, so check out our docs.

This will give you as the promise writer more control of the permissions of your pipelines without having to manually set things up after applying a promise.



Security Contexts for Your Pods

By default, Kratix-owned pods have security contexts set with all the privileges they need. Any containers provided by a Promise author got NOTHING. I didnā€™t say Kratix was a fair project.


But we have just got a little fairer. You can now set security contexts for your own pods by specifying it in the container spec. Perhaps more excitingly, you can now specify a global default security context in theĀ KratixĀ ConfigMap in theĀ kratix-platform-system. FireĀ Configure and forget šŸ”„



ā€œI think it is much betterĀ šŸ‘ā€Ā - Another actual customer quote.


More control over Backstage (with Kratix)

If you know anything about Syntasso, it's that we love Backstage. We even did a webinarĀ with one of their product managers, the insightful Seve Kim.


We believe Kratix and Backstage work so beautifully together that our SKE offering comes bundled with plugins that make managing Promises and Resources from Backstage a joyful experience. This month, weā€™ve given users even more control in two ways.


Promise authors can now provide an ā€œinfoā€ field as part of the Promise spec that will show up on your component page. This field supports markdown and has far too much space to let your users know whatever will make their day a little easier.


We have also made the first page of requesting a resource more configurable - we know not every end user will understand what their ā€œnamespaceā€ should be (even though it is very important for knowing where we should put that resource!!) so you can configure that to whatever makes sense for your team. You can even go full abstraction and get rid of it entirely and pre-populate it with whatever you want. The skyā€™s the limit.


Backstage and Kratix: Best of friends
Backstage and Kratix: Best of friends

Useful Kratix resources

You should find the following resources helpful for your Kratix exploration:



Shout out to the team at Port (getport.io) and Traefik (traefik.io) for their awesome product update blogs, which served as inspiration for this post.

53 views0 comments