The latest articles on DEV Community by Morteza Khazamipour (@mkhazamipour). https://dev.to/mkhazamipour https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F192518%2Fc27a195c-fd0c-4419-b739-fe80d0658d9c.jpeg https://dev.to/mkhazamipour en Morteza Khazamipour Sat, 23 Apr 2022 23:28:59 +0000 https://dev.to/mkhazamipour/create-your-own-platform-as-a-servicepaas-based-on-kubernetes-kfc https://dev.to/mkhazamipour/create-your-own-platform-as-a-servicepaas-based-on-kubernetes-kfc <p>Hi, I'm Morteza, and here is a little about me.<br> In 2018 my colleagues and I started a side project start-up called <a href="//fandogh.cloud">fandogh</a>. It was the first public PaaS based on Kubernetes in Iran. I had to work on the identical product again but this time based on OpenShift, Which is slightly different than Kubernetes. I worked for three more years on a PaaS product and gained lots of experience in what a Platform-as-a-Service needs. In this blog post series, I will share the challenges a PaaS might face when dealing with public users, what are the corner cases and the lots of fun I had on this journey. </p> <p>At first, we have to classify PaaS delivery methods.<br> In my opinion, there are two types of PaaS:</p> <ol> <li>Running already built container image.</li> <li>Building source code and creating container image, then running it.</li> </ol> <p>Examples for the first one are Azure Container Service or DigitalOcean Apps.<br> For the second method, the very famous one, is Heroku. DigialOcean Apps also builds and runs from the source code.</p> <p>In Container Services(PaaS), we support both methods, and You can run your container directly or build your source code and run it in our container service cloud.</p> <p>Well, that's enough for the introduction. Let's start by comparing OpenShift and Kubernetes.</p> <p>OpenShift added some extra features to Kubernetes, But from the inside, it is Kubernetes. Let me explain by examples.</p> <p>Imagine you have a PaaS, and your first customer signs up for the service. First, you need to set a default quota for the newly registered user. OpenShift does this by templating it is supporting. You can set a default template for a newly registered user. It can consist of many resources, like default quota for a namespace or default NetworkPolicy for any registered namespace.</p> <p>The registered user must have limited access to the cluster only to his namespace and no way to privilege his access. OpenShift automatically assigns the user to a "restricted" group when a user signs up. You can edit what is "restricted" group is capable of in SCCs(SecurityContextConstraints).</p> <p>So, for now, OpenShift handled two main problems a PaaS could face. But we will implement the same features with the help of open-source projects, secure our platform, and build it on raw Kubernetes.</p> <p>End of Part 1</p> kubernetes sre devops