The simplest way to make Microk8s TeamCity work like it should

You have Kubernetes humming along on your laptop or edge cluster, containers spinning, pods scaling. Then someone says, “Let’s wire up TeamCity for continuous builds.” You sigh because that usually means permission puzzles and YAML spelunking. With Microk8s and TeamCity together, the setup can actually be boring—in a good way.

Microk8s is a lightweight, production-grade Kubernetes that runs anywhere: servers, desktops, even Raspberry Pi. It gives you isolation without heavy orchestration overhead. TeamCity handles build automation with quiet precision: pipelines, test reports, deployment triggers. When these two work as one, your CI/CD loop becomes quick, local, and secure. That’s what most teams are chasing.

Here’s how they connect in practice. Microk8s provides the Kubernetes API surface, RBAC rules, and service accounts. TeamCity uses its Kubernetes Cloud integration to schedule build agents as ephemeral pods. Each agent appears, runs the job, and vanishes—leaving no residue or privileged context behind. Secrets pass through Kubernetes-managed mounts or external stores, typically using OIDC or Vault so IAM and access policies stay centralized. The result is repeatable, identity-aware builds that map cleanly onto your cluster structure.

Quick answer: To integrate Microk8s TeamCity, enable the Kubernetes Cloud plugin inside TeamCity, point it to your Microk8s API server using a valid token or RBAC user, then define agent templates. TeamCity will start pods directly in Microk8s for each build and remove them automatically afterward.

Security rules can trip you up. Always align ServiceAccount scopes with your TeamCity build types. Do not grant cluster-admin rights just to make pipelines work. Rotate tokens regularly or tie them to an OIDC provider like Okta or AWS IAM to maintain audit trails. If jobs need access to internal registries, use Kubernetes secrets referenced in TeamCity parameters instead of writing keys in plaintext.

Key benefits you actually notice:

• Faster pipeline startup because build agents live inside Kubernetes’s scheduler logic
• Less manual cleanup with self-destructing pods after every job
• Centralized access control through Microk8s RBAC and identity federation
• Consistent staging environments without bespoke VM templates
• Tighter audit compliance for SOC 2 and internal policy requirements

For daily developer work, this combo eliminates waiting. A new branch spins up a clean agent pod within seconds. Debugging a failed image build feels local again—you can inspect a pod instantly without begging ops for credentials. The friction drops, velocity rises, and deploy approval lists get shorter.

AI-driven DevOps copilots can slot right into this flow since the ephemeral pods provide safe execution sandboxes. Machine learning agents can monitor build health or suggest performance tweaks without touching sensitive long-lived credentials. Automation becomes trustworthy instead of spooky.

Platforms like hoop.dev turn those identity and access rules into guardrails that enforce policy automatically. You keep your autonomy, but mistakes and secret leaks get caught before they reach the cluster.

When Microk8s and TeamCity share trust properly, the CI/CD chain feels like muscle memory: secure, clean, immediate.

See an Environment Agnostic Identity-Aware Proxy in action with hoop.dev. Deploy it, connect your identity provider, and watch it protect your endpoints everywhere—live in minutes.