a9s Kubernetes

This documentation describes the a9s Kubernetes service. a9s Kubernetes enables on-demand provisioning of VM-based, dedicated Kubernetes servers and clusters. Developers can create instances of a Kubernetes server or cluster using Apps Manager or the Cloud Foundry Command Line interface (cf CLI) and bind these instances to an application. Depending on your service plan, a service instance may be associated with a single, dedicated VM or a set of VMs consisting of multiple VMs containing an Kubernetes cluster.

Overview

When you run the cf CLI create-service a9s-kubernetes command, BOSH creates dedicated VMs for this service instance. This allows the best possible bad neighborhood protection.

Kubernetes service instance provisioning, including VM orchestration, is entirely automated. This enables service instances to be highly isolated and shielded by infrastructure virtualization mechanisms.

Due to the on-demand provisioning on VMs, only existing service instances allocate infrastructure resources. These resources are released when service instances are destroyed. Using on-demand provisioning the number of service instances is not limited by design.

Distributed across multiple infrastructure availability zones, clustered data service plans are resilient against failures of individual infrastructure hosts or entire availability zones.

Current Features

The current version of a9s Kubernetes includes the following key features:

FeatureBenefit
On­-Demand Service Instance Provisioninga9s Kubernetes deploys Kubernetes instances automatically. Developers can provision a single-VM Kubernetes server or a multi-VM Kubernetes cluster using a single command.
Service Instance IsolationEach Kubernetes server runs on a dedicated VM to ensure bad neighborhood protection in order to be aligned with enterprise security requirements.

a9s Kubernetes uses Cloud Foundry security groups to prevent network connections being established by unauthorized applications.
High Availabilitya9s Kubernetes ensures high-availability.

The Consul-based internal DNS system ensures that the connected application always connects to a working node.
Service Instance Capacity UpgradeCloud Foundry Service Plan updates allow upgrades to the RAM, CPU and storage capacity for your Kubernetes instances.
Deployment UpdaterThis errand automatically updates the stemcell and all provisioned a9s Kubernetes service instances to their latest version.
Service GuardThe Service Guard creates Cloud Foundry security groups for your service instance VMs.

When the IP address of a service instance changes, the guard updates the security group. The Service Guard also restarts the application instances bound to the affected service instance. The instances of one application are restarted one by one to avoid downtime.

More information