This documentation describes the a9s Kubernetes service. a9s Kubernetes enables on-demand provisioning of VM-based, dedicated Kubernetes servers and clusters. Developers can create instances of a Kubernetes server or cluster using Apps Manager or the Cloud Foundry Command Line interface (cf CLI) and bind these instances to an application. Depending on your service plan, a service instance may be associated with a single, dedicated VM or a set of VMs consisting of multiple VMs containing an Kubernetes cluster.
When you run the cf CLI
create-service a9s-kubernetes command, BOSH creates
dedicated VMs for this service instance. This allows the best possible bad neighborhood protection.
Kubernetes service instance provisioning, including VM orchestration, is entirely automated. This enables service instances to be highly isolated and shielded by infrastructure virtualization mechanisms.
Due to the on-demand provisioning on VMs, only existing service instances allocate infrastructure resources. These resources are released when service instances are destroyed. Using on-demand provisioning the number of service instances is not limited by design.
Distributed across multiple infrastructure availability zones, clustered data service plans are resilient against failures of individual infrastructure hosts or entire availability zones.
The current version of a9s Kubernetes includes the following key features:
|On-Demand Service Instance Provisioning||a9s Kubernetes deploys Kubernetes instances automatically. Developers can provision a single-VM Kubernetes server or a multi-VM Kubernetes cluster using a single command.|
|Service Instance Isolation||Each Kubernetes server runs on a dedicated VM to ensure bad neighborhood protection in order to be aligned with enterprise security requirements.|
a9s Kubernetes uses Cloud Foundry security groups to prevent network connections being established by unauthorized applications.
|High Availability||a9s Kubernetes ensures high-availability.|
The Consul-based internal DNS system ensures that the connected application always connects to a working node.
|Service Instance Capacity Upgrade||Cloud Foundry Service Plan updates allow upgrades to the RAM, CPU and storage capacity for your Kubernetes instances.|
|Deployment Updater||This errand automatically updates the stemcell and all provisioned a9s Kubernetes service instances to their latest version.|
|Service Guard||The Service Guard creates Cloud Foundry security groups for your service instance VMs.|
When the IP address of a service instance changes, the guard updates the security group. The Service Guard also restarts the application instances bound to the affected service instance. The instances of one application are restarted one by one to avoid downtime.