Kubernetes Cluster
The "Kubernetes Cluster" streamlines deployment of the Kubernetes control plane and node groups; by shipping basic configurations straight out of the box. When you create an environment, a cluster is provisioned automatically.
How Kapstan Sets Up Your Kubernetes Cluster
When you create a new environment in Kapstan, we automatically set up a complete Kubernetes cluster for you. You don't need to configure anything - we create a dedicated Virtual Private Cloud (VPC) and Kubernetes cluster that works with your cloud provider. This means you can focus on your applications while we handle all the setup work.
Comprehensive Resource Provisioning
Kapstan ensures your cluster with all the dependencies and resources it needs, pre-configured to work harmoniously with your cloud provider. These are:
- IAM Roles: Secure access management for your cluster and its components.
- Node Pools: Scalable group of worker nodes to handle your workloads.
- Security Groups: Network policies to safeguard and isolate your cluster.
- Add-ons: Essential extensions to enhance cluster functionality (e.g., logging, networking, storage).
- Service Accounts: Secure identities for your Kubernetes application.
- Tags: Labels for better cost tracking and resource organization.
Advanced Autoscaling using Karpenter (AWS Only)
For AWS clusters, Kapstan takes efficiency to the next level:
- Karpenter Integration: For clusters provisined on AWS cloud, Kapstan installs Karpenter, which is an open-source autoscaling tool designed to optimise resource usage by consolidating workloads on regular interval.
- How It Works: Karpenter dynamically adjusts the number and type of nodes based on workload demands, ensuring efficient resource use and cost savings.
- Customer Benefit: This capability improves scalability and performance, making your AWS-based clusters more responsive and cost-efficient.
Always Up-to-Date with Automatic Upgrades
Kapstan keeps your cluster up to date and secure with minimal effort from you:
- Latest Kubernetes Version: Your cluster starts with the latest available Kubernetes version, giving you access to new features and security updates right away.
- Automatic Upgrades: When a new version is released, Kapstan automatically upgrades your cluster—no manual updates needed.
- Why It's Important: This keeps your cluster optimized and secure, allowing you to concentrate on your apps rather than maintenance.
Enhanced Security with Istio Service Mesh
Kapstan enhances your cluster's security with a built-in Istio service mesh:
- Automatic Setup: During cluster creation, we deploy Istio to manage and secure communication between your services.
- mTLS by Default: Istio enforces mutual Transport Layer Security (mTLS) for all services created through Kapstan, encrypting communication automatically.
- Security Benefit: This built-in encryption keeps your data private and secure within the cluster, adding a robust layer of protection.
Security by Design
- Security as a Priority:
Every aspect of the cluster creation process is built with security in mind, protecting your infrastructure and workloads from the ground up. - Key Security Features:
- Least Privilege Access: IAM roles are configured to grant only the permissions needed.
- Network Isolation: A dedicated VPC keeps your cluster separate from others.
- Secure Defaults: Security groups and service accounts follow best practices to enforce safe communication and access.
- Peace of Mind:
Kapstan’s security-first approach ensures your cluster is robust and compliant, letting you deploy with confidence.
Additional Benefits
- Consistency Across Clouds: Kapstan offers a consistent experience across AWS, GCP, and beyond, while leveraging each cloud’s strengths.
- Cost Optimization: Resource tags make it easy to track and manage cloud spending.
- Monitoring and Management: Post-creation tools help you keep tabs on cluster health and performance.
