You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Welcome to CloudVeneto's Experimental Container-as-a-Service (CaaS) Platform!

CaaS provides an easy way to run containerized software packages in the cloud. Unlike the more widely recognized Kubernetes-as-a-Service (KaaS) model, where users are responsible for creating and managing their Kubernetes clusters, with CaaS we offer a fully managed orchestration platform as a cloud service. This means you don't need an in-depth understanding of Kubernetes infrastructure management. Instead, you can effortlessly deploy your containers to our Kubernetes-based platform using the straightforward kubectl command line interface.

Please be aware that our CaaS service is currently in an experimental phase, so some issues may arise. If you encounter any problems, we kindly ask you to report them to support@cloudveneto.it. Your feedback is invaluable for enhancing the quality of our service.

In this section, we will guide you through the process of accessing our CaaS platform and running your containers.

Overview

Before accessing the platform, it is important to grasp some key concepts about the architecture, usability, security, and a few limitations. We assume that you already have a basic understanding of Kubernetes (https://kubernetes.io).

The Architecture

Kubernetes manages your workloads by placing containers in pods, which are then scheduled to run on nodes. In our CaaS, each node is essentially a virtual machine provided within the CloudVeneto infrastructure. These nodes are under your control but are configured by our platform. In contrast, the control plane, responsible for orchestrating container deployments and cluster management, is fully managed by CloudVeneto.

This separation of responsibilities ensures a streamlined user experience while providing the following benefits:

  • Flexibility: You have the freedom to manage your nodes according to your specific requirements in terms of CPU, RAM, and storage (flavor) without to worry about their setup.
  • Isolation: Your pods run on dedicated nodes, effectively creating a virtual cluster tailored to your needs.
  • Resource Sharing: You can share one or more nodes with users who belong to your CloudVeneto project.
  • Service Deployment: You can either use pre-deployed services (e.g., nginx) or deploy new ones in your own namespace. 

Please note that the nodes you create utilize the quota assigned to your CloudVeneto project. Therefore, the size of your virtual cluster is constrained by the available resources at any given moment. Since node creation typically takes just a few minutes (usually less than 5 minutes), we encourage you to create new nodes as needed but also to promptly remove them when they are no longer necessary in order to conserve cloud resources.

Security

Running pods on your own nodes (i.e., virtual machines) ensures a high level of isolation. However, Kubernetes doesn't provide complete isolation for users within the same namespace. To address this specific limitation, we have introduced integrated add-ons for Kubernetes. These enhancements include authentication mechanisms based on Keystone and IAM tokens, along with refined authorization procedures to ensure comprehensive user and resource isolation.

  • No labels