Eliatra Suite

2023-11-30

Sub Minute Ephemeral Kubernetes

Sub Minute Ephemeral Kubernetes (SMEK) is a managed service which provisions ephemeral Kubernetes clusters in under a minute

Reading time: 4 minutes
By Jochen Kressin

New Eliatra Product: SMEK

Sub-Minute Ephemeral Kubernetes (SMEK) is a managed service that provisions ephemeral Kubernetes clusters in less than a minute, typically in less than 5 seconds. With SMEK you can deploy isolated Kubernetes clusters in ultra-fast time for testing and development purposes.
It’s an api-centric service for developers and devops engineers who need to quickly and easily provision isolated Kubernetes clusters. The two main use cases (at the moment) are:
    Automated Testing in CI environments.
    Development where developers need to deploy their software into an isolated Kubernetes cluster.
SMEK is not intended to be used for running production workloads.

Getting Started

To set up SMEK and start using the product, complete the following instructions:
Export the API token (Please reach out to us to get a token):
copy
export TOKEN="eyJ..."

You can create clusters with a simple API request like the following:
copy
curl -Ss https://smek-api.eliatra.com/create \
     -H "Authorization: Bearer $TOKEN" \
     -H 'content-type: application/json' \
     -d '
            {
                "k8s-version": "1.27.4", //default: "1.27.4"
                "minutes-to-live": 120, //default: 60
                "keep-cluster": false, //default: true
                "notification-email": "[email protected]", //required
                "enable-privileged": true, //default: false
                "cluster-size": "1-mid" //default: "1-mid"
            }
        ' | sh - 
This request will provision a single-node midsized Kubernetes cluster that terminates automatically after 2 hours.
Parameter descriptions
k8s-version: The Kubernetes version that will be deployed. At the moment only 1.27.4 is supported.
minutes-to-live: Terminate or stop automatically after n minutes. This ensures that clusters won’t be running for ever by mistake.
keep-cluster: If true, then the cluster will be stopped rather than terminated (deleted). It can be restarted at any time and all of the Kubernetes resources and configuration will still be there.
notification-email: An email address where notifications about starting, terminating or stopping clusters are sent.
enable-privileged: If true, and the Bearer token allows it, the Kubernetes cluster will accept and run privileged pods. If false, the cluster will be deleted after the time elapsed.
cluster-size: Node count and resources for the cluster (currently only 1-mid) is supported, which will provision one node with 8 CPU cores and 32 GB memory. The usable disk size of the cluster is 100 GB). At the moment only 1-mid is supported.

API Calls

The create api request shown above will download a kubeconfig file that can be immediately used to connect to the cluster via kubectl.
In case you need to terminate or stop the cluster before automatic shutdown happens, just call the stop api:
copy
curl -Ss https://smek-api.eliatra.com/stop \
     -H "Authorization: Bearer $TOKEN" \
     -H 'content-type: application/json' \
     -d '
            {
                "cluster-id": "c-aaabbb", //required
                "force-terminate": false //default false
            }
        '
The api call will either stop or terminate (e.g. delete) the cluster depending on the keep-cluster argument value provided when the cluster was created. If you want to terminate a cluster created with keep-cluster: true supply a value of true for force-terminate
The cluster-id can be obtained by one of the following methods:
    It can be extracted from the kubeconfig
    All nodes have a label smek-cluster-id which can be queried via kubectl
    The list api can be used to retrieve a cluster id
copy
curl -Ss https://smek-api.eliatra.com/list \
     -H "Authorization: Bearer $TOKEN"
Response:
copy
[
  {
   "cluster-id": "c-aabbb",
   "cluster-status": "running" //or "stopped"
  },
  {
   "cluster-id": "c-123dfeg",
   "cluster-status": "stopped"
  },
  ...
]
To start a stopped (but not terminated) cluster:
copy
curl -Ss https://smek-api.eliatra.com/start \
     -H "Authorization: Bearer $TOKEN" \
     -H 'content-type: application/json' \
     -d '
            {
                "cluster-id": ""c-aaabbb" //required
            }
        '

Notes

The following sections provide information about the current status and development of the product.

Status

The product status is currently: Technical preview.
All APIs should work but the service is not yet considered stable enough for Beta or GA. There is also currently a resource limit on how many clusters can be running in parallel.
We may also add additional features like support for hibernation, multi node clusters, and observability.

Security Considerations

Access to the SMEK cluster is almost unlimited. There a few exceptions:
    You cannot run privileged pods (unless you are explicitly permitted to do so).
    You cannot change cluster-wide defined RBAC permissions.
    Everything else the “Baseline” Pod Security Standards don’t allow (like hostpath).
    TCP Ports < 1024 can’t be used, with the exception of 80 and 443.

Storage

There is a local-path storage class available which is marked as default. You can’t add new storage classes at this time.

Networking

Inside the cluster we run CoreDNS, Service LB, and Flannel CNI.

Start using SMEK!

All you need to get started is an API key (a Bearer token) which we are happy to provide.
Please reach out to us to get a token.
Ready to get started?!
Let's work together to navigate your OpenSearch journey. Send us a message and talk to the team today!
Get in touch