Architecture

Design principles

Forget about managing etcd servers, master nodes configuration, internal and external SSL/TLS certificates, load balancersWe want to give you quick access to a kubernetes-based cloud environment.

Isolation

It’s a multitenant design. All users of this product have a space (tenant) completely isolated from other users. Every tenant has a limited number of resources, this prevents one user from overusing the system’s free resources and even using another user’s reserved resources for their applications.

K8Spin use Kubernetes mechanisms to prevent one user from affecting another. Some of them are:

Among other mechanisms.

Sandbox

Sandboxing is a software management strategy that enforces isolation between software running on a machine, the host operating system, and other software also running on the machine. The purpose is to constrain applications to specific parts of the host’s memory and file-system and not allow it to breakout and affect other parts of the operating system.

sandbox

Source: https://cloudplatform.googleblog.com/2018/05/Open-sourcing-gVisor-a-sandboxed-container-runtime.html

gVisor

gVisor intends to solve this problem. It acts as a kernel in between the containerized application and the host kernel. It does this through various mechanisms to support syscall limits, file system proxying, and network access. These mechanisms are a paravirtualization providing a virtual-machine like level of isolation, without the fixed resource cost of each virtual machine.

sandbox

Source: https://channel9.msdn.com/Blogs/containers/DockerCon-16-Windows-Server-Docker-The-Internals-Behind-Bringing-Docker-Containers-to-Windows

For your safety and the safety of other users in this platform, all workloads use this sandbox implementation by default (platform enforces it).

Limitations

It is not currently possible to use Sandbox along with the following Kubernetes features:

There is also other cluster scope limitations. Click here to read about it.

Elasticity

K8Spin design allows us to grow horizontally in number of users without affecting the performance of any.

Security

We’re building the pillars so you can deploy your application in a cloud kubernetes environment.

Today we offer security at isolation level (multitenant) and protection against abuse of the instances that make it possible for the cluster to run.

Resilience

All the infrastructure of this project is installed in high availability. From computer resources to storage is ready to be used to deploy applications in high availability.

K8Spin provides disks to store data. Two storage classes are available in the cluster:

  • standard: Provides disks belonging to a single availability zone.
  • standard-topology-aware (default): Provides disks belonging to a single availability zone. Useful in stateful set applications. More information in the kubernetes blog.

You can find more information about the storage in its own section.