Isolation Is a
Design Decision

We didn't just wrap Kubernetes in a UI. We architected strictly isolated failure domains to ensure one tenant cannot affect another.

System Architecture Diagram

Control Plane (Managed)

K3s API Server

Vault (Secrets)

Platform API

Tenant A Namespace

API Pod

Worker Pod

Ingress Route

Tenant B Namespace

Web App

Tenant Boundaries

Each tenant lives in a K8s Namespace. NetworkPolicies deny cross-namespace traffic by default.

Failure Domains

Pods are scheduled with anti-affinity where possible. Resource quotas prevent noisy neighbors.

Security Layers

Traefik creates Ingress. Vault injects secrets. K3s creates the floor. Your app brings the ceiling.

Under the Hood

Control Plane

We run a customized K3s distribution with SQLite (internally) or etcd (HA). The control plane is completely inaccessible to tenants. Interaction happens exclusively via the scoped Kubeconfig which targets the API server through a restrictive RBAC role.

Networking

We use Flannel/Kube-Router for CNI. Traefik v2 manages Ingress. Every tenant gets a wildcard certificate for `*.tenant.k8s.planbok.io` automatically provisioned via Let's Encrypt DNS challenge.

Storage

Persistent Volumes (PVs) are provisioned via Longhorn or Local Path Provisioner on NVMe drives. Data is replicated (if HA configured) to ensure durability.

Built for Reliability

Self-Service Kubernetes. Without the Headache.

Read Full Specs

Isolation Is a Design Decision