How the Lens Extension API lets you add on to an already great Kubernetes IDE
Today we're announcing Lens 4.0 and the Lens Extensions API, which lets you quickly code lightweight integrations that customize Lens for your own tools and workflows. The REACT.js-based Extensions API enables extensions to work through the Lens user interface, leverage Lens' ability to manage access and permissions, and automate around Helm and kubectl.
The Extensions API makes it possible to add new tabs and screens to Lens, and to work with custom resources, so you can do things like integrate your own CI/CD workflows, databases, and even your own internal corporate applications, to speed your workflow.
But you don't have to build your own extensions to benefit from the API, because partners in the Lens and Kubernetes ecosystems are already building their own integrations that enable you to use their products with Lens. By extending Lens to show information beyond the core Kubernetes constructs we’re able to build more comprehensive situational awareness and help Kubernetes users get more value out of their clusters.
Many of the extensions announced today revolved around improving security. For example, Aqua’s Starboard project brings security information natively into Kubernetes in the form of custom resources. By extending Lens to display these resources, the integration makes security information easily accessible and actionable for Kubernetes users.
“Aqua’s open source project Starboard makes security reports from a variety of tools and vendors available as Kubernetes-native resources," said Liz Rice, VP Open Source Engineering, Aqua Security. "The new Lens API allows us to make such security information accessible to developers within their IDE, giving them immediate and actionable information about potential security risks in their K8s deployment, in an approach that’s true to DevSecOps principles.”
Carbonetes evaluates your code for risks (vulnerabilities, SCA, licenses, bill of materials, malware, and secrets), compares those results against company policy, and recommends the most efficient fix. Carbonetes integrates seamlessly into your CI/CD pipeline with plug-ins, enabling full automation.
"Carbonetes is excited to provide enhanced security insights in conjunction with Lens' amazing cluster monitoring platform," said Mike Hogan, CEO of Carbonetes, "In addition to addressing compliance and security risks in runtime clusters, Carbonetes streamlines the process of building new and more secure containers, protecting your cluster against stale images, outdated open source tools, policy drift, and more."
Thanks to the Extensions API, Lens will even help you with projects that rely on specialized hardware. Entrust hardware security modules are hardened devices designed to safeguard and manage cryptographic keys. Validated to FIPS 140-2 level 3 and Common Criteria EAL4+ and offered as on-premises appliance, or as a service, nShield delivers enhanced key generation, signing, and encryption to protect sensitive containerized data and transactions.
“Having recently completed the integration and certification of our FIPS-validated nShield hardware security modules (HSMs) with the [Mirantis Kubernetes Engine (formerly Docker Enterprise)] container platform from Mirantis, Entrust looks forward to continuing the development of our high assurance security solutions to provide developers not only quick and easy access to cryptographic capabilities, but also greater visibility over their Kubernetes cluster deployments,” said Tony Crossman, Director of Business Development at Entrust. “Entrust nShield is the first certified HSM in the market to deliver enhanced security to the Docker Enterprise container platform. The new certified integration provides a root of trust, enabling developers to add robust cryptographic services offered by Entrust nShield HSMs to containerized applications.”
That's not to say that the Lens Extension API is only for security issues. For example, Kong Enterprise is a service connectivity platform that provides technology teams at multi-cloud and hybrid organizations the “architectural freedom” to build APIs and services anywhere.
Kong’s service connectivity platform provides a flexible, technology-agnostic platform that supports any cloud, platform, protocol and architecture. Kong Enterprise supports the full lifecycle of service management, enabling users to easily design, test, secure, deploy, monitor, monetize and version their APIs.
A Kong Lens extension would enable admins to better control and manage all Kubenetes objects under Kong's domain. For example, the plugin will provide a visual representation of all dependencies a given Kubernetes Ingress has in terms of Kong policies.
The Extensions API lets you focus on the user experience. For example, integrated KubeLinter static analysis for YAML files and Helm charts, combined with StackRox Kubernetes-native security info, policies, and recommendations, provides Lens users powerful security tools that always stay in context across their clusters.
“Introducing an Extensions API to Lens is a game-changer for Kubernetes operators and developers, because it will foster an ecosystem of cloud-native tools that can be used in context with the full power of Kubernetes controls at the users’ fingertips,” said Viswajith Venugopal, StackRox software engineer and lead developer of KubeLinter. “At StackRox, we initiated the open source project KubeLinter to help incorporate production-ready policies into developer workflows when working with Kubernetes YAMLs and Helm charts, and we look forward to integrating KubeLinter with Lens for a more seamless user experience.”
StackRox delivers the industry's first Kubernetes-native security platform that enables organizations to secure their cloud-native apps from build to deploy to runtime.
The StackRox Kubernetes Security Platform leverages Kubernetes as a common framework for security controls across DevOps and Security teams. KubeLinter, a new open source static analysis tool recently launched by StackRox, helps Kubernetes users identify misconfigurations in their deployments.
The Extensions API is also helping Ambassador Labs to improve your ability to use Lens for one of it's greatest strengths: troubleshooting. "We are thrilled to partner with Mirantis on a Telepresence plugin for Lens. With Lens and Telepresence, users will be able to quickly code, debug, and troubleshoot cloud-native applications on Kubernetes faster than ever before," Ambassador CEO Richard Li said.
Ambassador Labs makes the popular open source projects Kubernetes Ambassador Edge Stack and Telepresence. The plug-in integrates Telepresence with Lens, making it possible for Kubernetes developers to quickly and easily test changes to their Kubernetes services locally while bridging to a remote Kubernetes cluster.
Extensions are even enabling Lens to branch out into machine learning-enabled optimization.
"Carbon Relay is thrilled to be the Kubernetes Optimization partner of choice for Lens. The Lens IDE enables users to easily manage, develop, debug, monitor, and troubleshoot their apps across a fleet of Kubernetes clusters on any infrastructure. We extend upon the Lens IDE by delivering machine learning-powered optimization, affording users performance reliability and cost-efficiencies without sacrificing scale." Joe Wykes, Chief Sales Officer for Carbon Relay said.
Carbon Relay combines cloud-native performance testing with machine learning-powered optimization, and the Carbon Relay platform helps DevOps teams build optimization into their CI/CD workflow to proactively ensure performance, reliability, and cost-efficiency.
As you can see, Lens is branching out, and fast! If you haven't tried it yet, you can get it here. If you are already a Lens user, you are probably thinking about how you can use the Extensions API to your advantage (aside from bugging your favorite vendors to build their own plugins). If so, watch this space for instructions on building your own Lens plugin!