APPUiO Managed provides a dedicated and Project Syn enabled Kubernetes cluster, available with Red Hat OpenShift and Kubernetes Services, on several clouds. VSHN provisions and maintains the Kubernetes cluster throughout its lifetime and makes sure the Project Syn provided tools are running and available to the user of the platform. APPUiO Managed clusters provide a production ready Kubernetes environment to host the users applications.
It is available in these flavors:
- Red Hat OpenShift
Red Hat OpenShift Container Platform operated by VSHN on the best-matching infrastructure depending on the needs of the applications running on it.
- Kubernetes Services
Managed Kubernetes offerings from cloud providers, like Amazon EKS, Google GKE or Azure AKS.
Included Services and Features
The following list shows what’s included in APPUiO Managed
Kubernetes Platform features
- Cluster provisioning
Provisioning of Kubernetes cluster on supported clouds (see flavor specific documentation).
- Cluster maintenance
The cluster components (control plane and worker nodes) are regularly maintained and updated with the latest patches and releases.
A backup of the etcd (the storage used to store Kubernetes objects) data is done regularly. A second backup, stores the raw Kubernetes objects.
These backups serve a very limited purpose. They can only be used to deal with data corruption within etcd.
Those backups can not be used as a means for disaster recovery purposes (like for instance to recover from a failed infrastructure). If you need this ability, please talk to us.
Most importantly, those backups do NOT cover data in persistent volumes. Users are responsible to have backups of their application data. For this, K8up is deployed on the cluster to help with that task.
- Monitoring and Alerting
Monitoring of cluster and system services functionality and alert handling according to SLA. Alert rules and thresholds are continuously assesed and regularly maintained.
This includes the Kubernetes cluster itself (control-plane and worker nodes) and the Project Syn provided tooling, no customer specific application and services running on the cluster. The Project Syn provided monitoring solution can be used by the user of the platform to integrate their own alerting and metrics collection.
VSHN provides additional services to also monitor customer applications running on the cluster.
Metrics emitted by all system services and the Kubernetes cluster components are continuosly collected and presented in a graphical way.
- System Services
A variety of system services are included, pre-configured, ready to be used. A non-exhaustive selection:
cert-manager: Automated certificate management, supports Let’s Encrypt
- Persistent Storage
Persistent storage is available out of the box with Kubernetes CSI (Container Storage Interface) when supported by the infrastructure provider. Additional persistent storage options are available on request.
Project Syn features
Every cluster has Argo CD deployed which is managed by VSHN with Project Syn.
Each cluster has its own configuration Git repository managed either by Lieutenant or by the customer itself. This repository stores the whole configuration of the cluster for all Project Syn tools.
Argo CD can also be used by the customer to deploy applications using GitOps.
For deploying services like databases, caches or others Crossplane is available on each cluster.
VSHN provides a set of best-practice configuration and configures Crossplane to be ready to use.
Taking care and managing Crossplane provisioned services is offered as an add-on by VSHN.
- K8up for Backup
The backup Operator K8up is preinstalled and configured, ready to be used by the user of the platform. It provisions backup destination S3 buckets with Crossplane. Taking care and managing the backups is offered as an add-on by VSHN.
- Secret Management with Vault
No secrets are stored in plaintext, they all live in protected key stores. By applying best-practices configuration we ensure secure configuration by default of all components. Only TLS secured connections are used. A Hashicorp Vault instance is provided per Cluster, ready to be used by the user of the platform.
- Tools Maintenance with Renovate
Tools and system services managed with Project Syn are automatically maintained with Renovate and deployed/updated with GitOps mechanisms.
Keeping an overview of all the Kubernetes clusters, their versions, locations and other important information is provided by Lieutenant and available in the VSHN Portal.
VSHN Support and Services
- Alert handling
Alerts are handled according the the service levels chosen. Additional SLAs are available according to the service levels.
- Best-Practices Configuration
VSHN makes use of best-practices configuration, learned from running Kubernetes and applications on top of it in production since many years, and applies them continuously. As the best-practices evolve over time, they are integrated as they are learned.
- Expert Pool
The Kubernetes experts at VSHN are available to help the user of the platform. In addition VSHN has access to the Kubernetes distribution supplier support organizations with very direct channels. By taking part in the Open Source community of the key software used by VSHN communication with the upstream developers happens daily.
Fun fact: VSHN is Switzerlands first official Kubernetes Certified Service (KCSP) provider and therefore we’re listed on the official Kubernetes Partners page.
- VSHN Portal
The VSHN Portal provides access to many self-service capabilities like:
Kubernetes cluster insights
User account management
Our detailed VSHN Portal help system provides a glance at what the VSHN portal can offer and how it looks like.