DEV Community

Morteza Khazamipour
Morteza Khazamipour

Posted on • Edited on

Create your own Platform-As-A-Service(PaaS) Based on Kubernetes

Hi, I'm Morteza, and here is a little about me.
In 2018 my colleagues and I started a side project start-up called fandogh. It was the first public PaaS based on Kubernetes in Iran. I had to work on the identical product again but this time based on OpenShift, Which is slightly different than Kubernetes. I worked for three more years on a PaaS product and gained lots of experience in what a Platform-as-a-Service needs. In this blog post series, I will share the challenges a PaaS might face when dealing with public users, what are the corner cases and the lots of fun I had on this journey.

At first, we have to classify PaaS delivery methods.
In my opinion, there are two types of PaaS:

  1. Running already built container image.
  2. Building source code and creating container image, then running it.

Examples for the first one are Azure Container Service or DigitalOcean Apps.
For the second method, the very famous one, is Heroku. DigialOcean Apps also builds and runs from the source code.

In Container Services(PaaS), we support both methods, and You can run your container directly or build your source code and run it in our container service cloud.

Well, that's enough for the introduction. Let's start by comparing OpenShift and Kubernetes.

OpenShift added some extra features to Kubernetes, But from the inside, it is Kubernetes. Let me explain by examples.

Imagine you have a PaaS, and your first customer signs up for the service. First, you need to set a default quota for the newly registered user. OpenShift does this by templating it is supporting. You can set a default template for a newly registered user. It can consist of many resources, like default quota for a namespace or default NetworkPolicy for any registered namespace.

The registered user must have limited access to the cluster only to his namespace and no way to privilege his access. OpenShift automatically assigns the user to a "restricted" group when a user signs up. You can edit what is "restricted" group is capable of in SCCs(SecurityContextConstraints).

So, for now, OpenShift handled two main problems a PaaS could face. But we will implement the same features with the help of open-source projects, secure our platform, and build it on raw Kubernetes.

End of Part 1

Top comments (1)

Collapse
 
alisonjr profile image
Alison Rodrigues

I'm looking forward to part 2 😁