Kubernetes

Managed Kubernetes clusters on Tasmanian infrastructure. Deploy and manage containerized workloads with our virtual cluster abstraction—no need to manage underlying infrastructure.

Overview

Our Kubernetes offering provides:

Virtual cluster architecture — Full Kubernetes control plane without dedicated hardware
Multi-tenant isolation — Secure separation between workloads
FluxCD GitOps — Declarative cluster management
VPN-only access — Secure cluster access via Netbird
Sovereign infrastructure — 100% Tasmanian data residency

What We're Solving

Traditional Kubernetes requires significant operational overhead:

Control plane management — etcd, API server, controllers need expertise
Infrastructure provisioning — Bare metal or VM orchestration
Upgrade coordination — Complex rolling update procedures
High availability — Multi-node control plane for production

Our virtual cluster abstraction handles all of this for you.

Virtual Cluster Architecture

Instead of provisioning dedicated hardware, each cluster runs as a virtual cluster—a fully functional Kubernetes control plane that shares underlying infrastructure with other virtual clusters.

How It Works

graph TB
    subgraph "Shared Infrastructure"
        subgraph "Host Cluster"
            HC[Host Kubernetes]

            subgraph "Virtual Cluster 1"
                VC1_API[API Server]
                VC1_ETCD[etcd]
                VC1 Controller[Controllers]
            end

            subgraph "Virtual Cluster 2"
                VC2_API[API Server]
                VC2_ETCD[etcd]
                VC2 Controller[Controllers]
            end

            subgraph "Virtual Cluster 3"
                VC3_API[API Server]
                VC3_ETCD[etcd]
                VC3 Controller[Controllers]
            end

            Workers[Worker Nodes<br/>Shared Pool]
        end
    end

    User1[Your Team] --> VC1_API
    User2[Other Team] --> VC2_API
    User3[Other Team] --> VC3_API

    VC1_API --> Workers
    VC2_API --> Workers
    VC3_API --> Workers

Benefits

Aspect	Traditional K8s	Virtual Clusters
Provisioning	Hours to days	Minutes
Control plane cost	Dedicated nodes	Shared, efficient
Isolation	Separate clusters	Strong multi-tenant
Management	You manage	We handle upgrades
Scaling	Add physical nodes	Instant allocation

What You Get

Each virtual cluster includes:

✅ Dedicated Kubernetes API server
✅ Isolated etcd datastore
✅ Full RBAC permissions
✅ Custom resource definitions
✅ Namespaced resource quotas
✅ Independent upgrades

What We Handle

We manage:

🔧 Control plane high availability
🔧 etcd backups and recovery
🔧 Kubernetes version upgrades
🔧 Security patches
🔧 Certificate rotation
🔧 API server scaling

Use Cases

Microservices applications — Container orchestration at scale
Development teams — Isolated environments per team/project
CI/CD pipelines — Ephemeral clusters for testing
SaaS platforms — Multi-tenant application hosting

What We Don't Offer

❌ GPU nodes (no GPU hardware available)
❌ Public load balancers with public IPs
❌ Direct host cluster access

Getting Started

1. Create a Cluster

Via O2S Portal:

Go to o2s.tasmanian.cloud
Navigate to Kubernetes > Create Cluster
Select configuration (size, Kubernetes version)
Deploy

Via CLI:

# Create a cluster
tc k8s create \
  --name production \
  --version 1.29

# Check status
tc k8s status production

# List clusters
tc k8s list

2. Configure kubectl

# Download kubeconfig
tc k8s kubeconfig production > ~/.kube/config

# Verify connection
kubectl get nodes

3. Connect via VPN

Cluster API is only accessible via Netbird VPN:

# Join your network
netbird up --setup-key YOUR_CLUSTER_KEY

# Verify connectivity
kubectl cluster-info

Cluster Sizing

Plan	Control Plane	Best For
Starter	Shared	Development, testing
Standard	Dedicated	Production workloads
Pro	Dedicated + HA	Critical applications

Available Versions

We support current Kubernetes releases:

1.28
1.29
1.30

Storage

Default Storage Class

Clusters include distributed block storage:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-data
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: default
  resources:
    requests:
      storage: 10Gi

Object Storage

For object storage, use our S3-compatible service:

apiVersion: v1
kind: Secret
metadata:
  name: s3-credentials
type: Opaque
stringData:
  access-key: YOUR_ACCESS_KEY
  secret-key: YOUR_SECRET_KEY

Networking

Network Policies

Secure your workloads with network policies:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: api-allow-frontend
spec:
  podSelector:
    matchLabels:
      app: api
  policyTypes:
    - Ingress
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: frontend
      ports:
        - protocol: TCP
          port: 8080

Service Types

Type	Description
`ClusterIP`	Internal cluster access only
`NodePort`	Expose on node IP (VPN accessible)
`LoadBalancer`	Creates internal load balancer

GitOps with FluxCD

All clusters come with FluxCD pre-installed.

Bootstrap Flux

flux bootstrap github \
  --owner=myorg \
  --repository=k8s-config \
  --branch=main \
  --path=clusters/production

Automated Deployments

Push to your repo, Flux automatically applies changes:

git add .
git commit -m "Deploy v1.2.3"
git push

Monitoring

Every cluster includes:

Prometheus — Metrics collection
Grafana — Dashboards
Loki — Log aggregation

Access Dashboards

kubectl port-forward -n monitoring svc/grafana 3000:3000
# Access via VPN at http://localhost:3000

Security

RBAC

Full RBAC support with user-based access:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: developer
rules:
  - apiGroups: ["", "apps"]
    resources", "deployments: ["pods", "services"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]

Pod Security

Clusters enforce restricted pod security standards by default.

Upgrades

We handle control plane upgrades automatically:

# Check current version
kubectl version

# Request upgrade
tc k8s upgrade production --version 1.30

Pricing

Component	Price
Starter cluster	$25/month
Standard cluster	$50/month
Pro cluster	$100/month
Storage	$0.10/GB/month

Managed (Dedicated Hardware)

For organizations requiring dedicated infrastructure, we offer Managed Kubernetes on dedicated hardware.

What's Included

Dedicated control plane nodes
Dedicated worker nodes
Custom networking configuration
Direct hardware access
Custom storage options

Contact Us

This offering requires custom configuration. Contact us to discuss your requirements:

📧 hello@tasmanian.cloud

VPS — Single virtual machine workloads
Templates — One-click application deployments
Storage — Object and block storage
API Reference — REST API

On this page