Automatic DNS, TLS, and Ingress come built-in

When you create a new cluster, you get a URL to the ‘Hello World’ demo app. We wanted to make it as easy as possible for you to see a working web app, and even swap it out for your own.

To make this achievable, every cluster comes loaded with great Open Source apps we fully-manage:

• Traefik (reverse) proxy, your ingress controller. The clusters’ network load balancer (NLB) routes traffic here, and you can enable routing to your containers using Kubernetes TLSRoute & HTTPRoute resources. MIT license.

• Cert Manager for creation/renewal of TLS certificates via Let’s Encrypt (or CA of choice). Apache License 2.0.

• Core DNS the Kubernetes standard for in-cluster DNS. Apache License 2.0.

• Cilium, which provides Kubernetes NetworkPolicy support so you can easily define rules for traffic egress and igress to/from your containers. Cilium is eBPF-based, offering great performance. Apache License 2.0.

We also handle DNS/TLS/Ingress to your clusters’ Kubernetes API, separate from its main/data-plane NLB & ingress.

Continuous Delivery, built-in

Every Nadrama cluster comes bundled with ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.

All cluster state updates for managed components are automatically applied via ArgoCD, from our Open Source Helm charts, providing full transparency and auditability of all changes post-setup.

And you can access the ArgoCD UI via a pre-configured subdomain on your clusters’ Nadrama subdomain, using the same login used for your Nadrama Console.

Manual scaling, auto-scaling & on-demand nodes *

Cost-fitting your VMs/nodes is critical to ensure you’re not overpaying cloud providers for the resources you need.

Nadrama supports 3 types of scaling:

• Manual scaling: allows you to set a fixed number of nodes per pool. Each node pool allows you to configure the instance type, availability zone, and subnet. You can separate out functions such as control plane (e.g. various controllers), ingress (i.e. Traefik ingress controllers), and others.

• Auto-scaling: Cluster auto-scaling let’s you scale each node pool dynamically based on load. We also support Horizontal Pod Autoscaling (HPA) and Vertical Pod Autoscaling (VPA).

• On-demand: particularly for Job and Workflow-based Pods, being able to have a dedicated node start and stop only for the duration of that Pods lifetime can help to minimise costs.

User Groups & Role-based Access Control (RBAC) *

Security best-practice is to follow the Principle of least privilege, meaning users should only be able to access the infromation and resources neccessary to do their job. Nadrama comes with built-in groups and roles, and when you invite new users to your account it defaults to the lowest privilege role available.

Plus you have the full power of Kubernetes RBAC to configure more advanced Roles & Permissions for each user or group on your account.

Great security for every account

Nadrama offers the same great security regardless of your plan type. Unlike many SaaS companies, we do not charge for OAuth sign-on with Google, Microsoft, or Github. And everyone gets secure app-based 2FA/MFA for free.

Managed clusters, with the support you need

We operate with a shared-responsibility model; Nadrama manages everything delivered on day 0 - if it comes pre-installed, we’ll manage and support it. But everything you run atop is your responsibility. Depending on your plan type, we offering varying degrees of support. From our awesome community-based support & documentation, through to email and chat, with phone support and SLAs available to enterprises.