Skip to content

Getting Started with on-demand Kubernetes

on-demand Kubernetes

The on-demand kubernetes service is currently still in development. A beta-launch is planned for October 2025.

This guide will help you get started with Safespring's on-demand Kubernetes service.

Overview

on-demand Kubernetes allows users to create, scale and use Kubernetes clusters. A portal and API are used to manage the clusters.

It is build on top of the Safespring Compute service.

Cluster Management

Clusters can be created using the Safespring portal or API. Once created, clusters can be scaled up or down as needed.

We support using 3 or 5 control plane nodes. When Kubernetes API uptime is critical for you business operations, we recommend using 5 control plane nodes.

Worker nodes can be used with L2 or B2 flavors, see flavors for more details and trade-offs. Generally B2 provides better uptime and L2 with local disk provides better disk performance.

We make use of Talos Linux and follow its Support Matrix with the following currently supported versions:

Talos Version Supported Kubernetes Versions
1.10.7 (Default) 1.33.5
1.11.2 (Planned) 1.34.1 (Planned)

Access and Authentication

Access to the clusters is handled through the accounts you've been provided with for onboarding in the self-service portal.

Clusters are integrated with the OIDC compatible identity provider that is integrated with the portal. Use the following instructions on how to authenticate to a Kubernetes cluster with your account.

Networking

Cilium is used as the default CNI. Cilium is configured with the following settings:

  • Gateway API enabled
  • host routing
  • kube-proxy replacement
  • vxlan encapsulation

loadbalancing

Dedicated load balancers managed by Safespring are used to direct traffic to the control plane api and worker nodes. The cluster is provisioned with dedicated IPv4 addresses, ensuring control plane traffic stays isolated from worker node traffic.

When nodes get added or removed from the cluster, the load balancers will automatically be updated.

Storage

Clusters are configured with cinder csi during creation. The following storage classes are available:

  • large - HDD based block storage
  • fast - NVMe based block storage

Currently all available storage classes are based on networked storage.

SLA and Availability

Safespring on-demand Kubernetes is a highly available, reliable Kubernetes service. The clusters provisioned have a managed control plane with a 99.5% uptime SLA measured against the kubernetes API availability.

The worker nodes that are part of the cluster are part of the default Compute service SLA and not included in the on-demand Kubernetes SLA.

For any questions regarding the SLA please reach out to support

Cluster Components

Core Components in a Control Plane

We consider the following components

  1. API Server (kube-apiserver)
  2. etcd
  3. Controller Manager (kube-controller-manager)
  4. Scheduler (kube-scheduler)
  5. Cloud Controller Manager

Additionally we consider Cilium CNI as necessary for running the Kubernetes cluster, and we do not recommend replacing it.

Additional Components

Component Description
OpenStack Cloud Controller Manager Integrates with OpenStack to provide node metadata, load balancers, and storage support.
Cert Manager Automates the management and issuance of TLS certificates for Kubernetes workloads. Cluster issuer letsencrypt-prod available for NGINX Ingress Controller. For Gateway API a cluster issuer will need to be created.
Traffic Management - Cilium API Gateway (Default): eBPF-based ingress solution with advanced traffic management. We provide GatewayClass cilium by default.
- NGINX Ingress Controller: Widely adopted ingress controller with a large ecosystem. Default Ingress Class name is nginx.
Cinder CSI (optional) Container Storage Interface (CSI) driver for provisioning and managing OpenStack Cinder volumes.
Cilium eBPF-based networking, security, and observability for Kubernetes clusters, providing advanced features like network policies and load balancing.
NVIDIA Device Plugin Enables Kubernetes workloads to request and use GPUs for machine learning, AI, and high-performance compute applications. Only available if worker nodes have GPU flavors