Managed Rancher Kubernetes
The Managed Rancher Kubernetes service delivers an enterprise-grade container orchestration platform that eliminates operational complexity while maximizing business value. This comprehensive solution combines:
- A centralized management interface that provides unified control and visibility across all Kubernetes environments
- Production-ready managed Kubernetes clusters with automated maintenance and built-in security features
- An extensive portfolio of managed add-on services enabling advanced capabilities
By offloading Kubernetes operations to this managed service, organizations can focus on application delivery while ensuring reliability, security and scalability of their container infrastructure. The service offers flexible deployment options to align with both development and production requirements.
This service is generally provided by ONZACK as a managed service. If this is not desired, the service can be installed directly into a customer environment.
Reason why
The Managed Rancher Kubernetes service consists of three main components that together provide a complete Kubernetes management solution using Rancher.
Central Kubernetes Management
The service includes a Rancher management server that helps bring your Kubernetes clusters together in one view. Its web interface provides visibility into your infrastructure while maintaining secure multi-tenant access. The graphical interface aims to simplify cluster management by offering a central place to access your Kubernetes workloads and keep track of your resources.
The Rancher Management Server is offered in two deployment configurations to meet different availability requirements:
| Flavor | Description |
|---|---|
| Non-high-availability | Single-node setup for non critical and cost-effective environments |
| High-availability | Multi-node setup for critical and production environments |
Managed Kubernetes
The service provides production-grade Kubernetes clusters powered by RKE2, Rancher's next-generation Kubernetes distribution. These clusters are fully managed, from the underlying infrastructure to day-to-day operations. The Kubernetes platform can be configured for high availability with multiple control plane nodes to ensure platform continuity and includes disaster recovery capabilities through etcd backups. The service includes automated updates and security patches to keep your clusters secure and up-to-date without manual intervention.
The managed Kubernetes cluster will be provided with the essential networking components (ingress controller, CNI) and a load balancer for external access. For storage, the service includes the cloud provider CSI driver (available for Cloudscale), that can be used to provision dynamic persistent volumes for workloads.
The managed Kubernetes cluster is offered in two deployment configurations to meet different availability requirements:
| Flavor | Description |
|---|---|
| Development | Single control plane node setup for non critical and cost-effective environments |
| Production | Multi control plane node setup for critical and production environments |
Additional managed services can be added to the cluster as add-ons.
Managed Add-Ons
The service includes a curated set of essential cluster add-ons and tools that can be enabled on demand. This includes secure secrets management, automated certificate management, automated DNS management, persistent storage solution, backup and disaster recovery capabilities, container vulnerability scanning, policy management and enforcement, as well as comprehensive monitoring and logging solutions for complete cluster observability. Additionally, the service provides GitOps tooling for declarative and version-controlled infrastructure and application management.
With the managed add-ons, the service can be tailored to specific needs and requirements. Of course, additional add-ons are fully managed including automated updates and security patches. The customer has full access to implement any use-case specific configuration. If needed, our experienced engineers are happy to assist with custom add-ons and configurations on a hourly basis.
Supported Components and Configurations
Available out of the box
The service includes the following components and configurations out of the box:
| Component | Description |
|---|---|
| Rancher Management Server | Central management interface for Kubernetes clusters with latest Rancher version including the Rancher UI |
| RKE2 Kubernetes Cluster | At least one RKE2 cluster with latest stable Kubernetes version |
| Ingress | Nginx Ingress Controller with latest stable version |
| Networking | Container Network Interface with Cilium CNI including support for network policies |
| Container Storage Interface | CSI driver from cloud provider if available, e.g. Cloudscale, with support for dynamic volume provisioning. The storage is provisioned by the customer and paid as you go. Please refer to the cloud provider pricing for more details. |
| Cloud Controller Manager | CCM from cloud provider if available, e.g. Cloudscale, for provisioning cloud resources. The provisioned resources using the Cloud Controller Manager are paid as you go. Please refer to the cloud provider pricing for more details. |
| Operating System | The underlying operating system for all nodes is Ubuntu LTS |
| Authentication & Authorization | Central authentication and authorization for the RKE2 Kubernetes Cluster managed by the Rancher Management Server using the default Rancher roles. It allows to integrate with well-known external identity providers. |
| Maintenance | Automated updates and security patches for all included components |
| Backup and Disaster Recovery | Automated backup and disaster recovery for the RKE2 Kubernetes Cluster using etcd backups every 4 hours. This supports disaster recovery of all Kubernetes resources including workloads, configurations, and secrets. This does not include backup of persistent volumes. This can be enabled with the managed add-on "Velero" |
Flavor & Scaling
Rancher Management Server
The Rancher Management Server is deployed according to the deployment configurations described above, using virtual machines with 16GB RAM and 4 vCPUs (shared):
- Non-high-availability deployment: One virtual machine
- High-availability deployment: Three virtual machines
RKE2 Kubernetes Cluster
The RKE2 Kubernetes Cluster is available in both development and production flavors:
| Flavor | Node Type | Count | Specifications |
|---|---|---|---|
| Development | Control Plane | 1 | Virtual machine optimized for general-purpose workloads, 8GB RAM and 4 vCPUs (dedicated), 30GB SSD storage |
| Worker | 3 | Virtual machine optimized for general-purpose workloads, 12GB RAM and 6 vCPUs (shared), 60GB SSD storage | |
| Production | Control Plane | 3 | Virtual machine optimized for general-purpose workloads, 8GB RAM and 4 vCPUs (dedicated), 30GB SSD storage |
| Worker | 3 | Virtual machine optimized for general-purpose workloads, 12GB RAM and 6 vCPUs (shared), 60GB SSD storage |
Worker node virtual machines can be scaled vertically and horizontally according to needs. The worker nodes count can be scaled up to 450 nodes, paid as you go.
Autoscaling of worker nodes is currently not supported.
Production Flavor Requirements
For Production flavor, spare resources of 1 node and 10% per node are required. This is to ensure high availability and recovery capabilities.
Available upon request
The following Add-Ons for the RKE2 Kubernetes Cluster are available upon request:
| Add-On | Description |
|---|---|
| Managed Kubernetes Observability | Fullstack Kubernetes observability stack including Prometheus, Grafana and Loki. This is a dedicated service provided by ONZACK. |
| Longhorn | Distributed block storage system for persistent volumes. It provides a highly available and scalable storage solution for the RKE2 Kubernetes Cluster. |
| Velero | Backup and Restore for the persistent volumes and cluster resources of the RKE2 Kubernetes Cluster |
| Cert-Manager | Automated certificate management for the RKE2 Kubernetes Cluster which can be integrated with the customers certificate authority |
| External DNS | Automated DNS management for the RKE2 Kubernetes Cluster ingress resources |
| Kyverno Policy Engine | Policy management and enforcement for the RKE2 Kubernetes Cluster |
| External Secrets | Secure secrets management for the RKE2 Kubernetes Cluster which can be integrated with the customers secrets provider |
| CIS Scans | Kubernetes and Container vulnerability scanning for the RKE2 Kubernetes Cluster based on the CIS Kubernetes Benchmark |
| ArgoCD | GitOps tooling for declarative and version-controlled infrastructure and application management |
There is always the possibility to request additional add-ons and engineering support. We're happy to discuss your requirements and provide a custom offer. For pricing details, please refer to the engineering services section.
Additional Add-Ons
We aim to offer the add-ons that matter to you. Please let us know your interest in additional add-ons by participating in this survey.
Maintenance & Support
Maintenance work is performed as outlined in the Service Levels - Maintenance Work section.
Version and Feature Support
We maintain support exclusively for the most current versions of the tools. Support for any version ceases concurrently with the end of support from the original developers. We support only those features that are designated as "General availability" according to the developers release and life cycle documentation.
Upgrade Policy
ONZACK discontinues support for major versions two months after the release of the latest major.minor version. Upgrades to new major versions must be executed within two months following. If a customer requires a longer transition period, the service will transition to an "unmanaged" status, although it will continue to operate. Once a service transitions to "unmanaged" status, it is no longer actively maintained by ONZACK. Consequently, any previously applicable Service Level Agreements (SLAs) will no longer be valid.
Service Levels
This service is currently available with service level Best Effort and Business Hours. For details about the service levels, please refer to the Service Levels section.
Below listed are the additional requirements and services for the different service levels.
Best Effort:
- no additional requirements
- no additional included services
Business Hours:
- additional requirements:
- RKE2 Kubernetes Cluster with Production flavor
- Managed Kubernetes Observability add-on
- additional included services (optional):
- Rancher Management Server with High-availability deployment
Pricing
Prices don't include initial setup, infrastructure costs and VAT. For infrastructure costs, please refer to the cloud provider pricing.
Initial setup is charged hourly, please refer to the engineering services section. Required efforts depend on the complexity of the setup, but should be expected to be between 4 and 12 hours. We are happy to provide an estimate as part of the quote. Please contact sales@onzack.com.
Monthly management fee per node
| Node | Best Effort | Business Hours |
|---|---|---|
| Rancher Management Server | CHF 220.00 | CHF 380.00 |
| Kubernetes Worker Node | CHF 120.00 | CHF 180.00 |
| Kubernetes Control Plane Node | included | included |
Monthly management fee per add-on
| Add-on | Best Effort | Business Hours |
|---|---|---|
| Managed Kubernetes Observability | see service pricing | see service pricing |
| Longhorn | CHF 120.00 | CHF 200.00 |
| Velero | CHF 80.00 | CHF 100.00 |
| cert-manager | CHF 80.00 | CHF 100.00 |
| External DNS | CHF 80.00 | CHF 100.00 |
| Kyverno Policy Engine | CHF 80.00 | CHF 100.00 |
| External Secrets | CHF 80.00 | CHF 100.00 |
| CIS Scans | CHF 80.00 | CHF 100.00 |
| ArgoCD | CHF 80.00 | CHF 100.00 |
Business Hours Service Level Requirements
The Business Hours service level for add-ons requires the same service level for the Rancher Kubernetes Cluster.
Calculation Example including infrastructure
This is a calculation example for a basic managed Kubernetes cluster with best effort service level and Cloudscale infrastructure. VAT is not included.
Monthly infrastructure fees:
| Item | Price per Item | Count | Total |
|---|---|---|---|
| CP Node VM, Plus-8-4 | CHF 165.00 | 1 | CHF 165.00 |
| Worker Node VM, Flex-12-6 | CHF 148.50 | 3 | CHF 445.50 |
| Rancher Server VM, Flex-16-4 | CHF 132.00 | 1 | CHF 132.00 |
| 50GB Rancher Disk for each VM | CHF 15.00 | 5 | CHF 75.00 |
| Loadbalancer | CHF 45.00 | 2 | CHF 90.00 |
Total monthly infrastructure fees: CHF 907.50
Monthly management fees:
| Item | Price per Item | Count | Total |
|---|---|---|---|
| Rancher Management Server | CHF 220.00 | 1 | CHF 220.00 |
| Kubernetes Worker Node | CHF 120.00 | 3 | CHF 360.00 |
Total monthly management fees: CHF 580.00
Total monthly: CHF 1487.50
Initial setup costs (approximation):
Will be charged hourly, please refer to the engineering services section.
| Item | Price per Hour | Count | Total |
|---|---|---|---|
| Initial setup | CHF 220.00 | 6 | CHF 1320.00 |
Total initial setup costs: CHF 1320.00
Where is this service available?
This service is currently available for the following cloud providers: