Kubernetes Architecture
The MAR platform is built on Kubernetes and provides a managed abstraction over Kubernetes resources.
Kubernetes Mapping
MAR platform resources map directly to Kubernetes concepts:
| MAR Concept | Kubernetes Concept | Description |
|---|---|---|
| Cluster | Namespace | Logical isolation unit |
| Instance | Pod | Deployable compute unit |
Clusters as Namespaces
In the MAR platform, clusters correspond to Kubernetes namespaces:
- Each cluster you create becomes a Kubernetes namespace
- Cluster name maps directly to namespace name
- Resource quotas and limits apply at the namespace level
- Network policies can be applied per cluster
- RBAC rules can target specific clusters
Namespace Properties
When you create a cluster in MAR, the following Kubernetes resources are created:
Cluster: prod-us-east
└─ Namespace: prod-us-east
├─ ResourceQuota
├─ LimitRange
└─ (contains instances as pods)Benefits of This Mapping
- Isolation - Each cluster/namespace provides logical separation
- Quota Management - Resource limits can be enforced per cluster
- Network Policies - Traffic can be restricted between clusters
- RBAC - Permissions can be scoped to specific clusters
Instances as Pods
In the MAR platform, instances correspond to Kubernetes pods:
- Each instance you manage is a pod in Kubernetes
- Instance ID maps to pod name
- Instance status reflects pod status
- Instance actions (start/stop/restart) map to pod operations
Pod Properties Mapping
| MAR Instance Field | Kubernetes Pod Field |
|---|---|
| ID | metadata.name |
| Cluster | metadata.namespace |
| Status | status.phase |
| CPU | spec.containers[].resources.limits.cpu |
| Memory | spec.containers[].resources.limits.memory |
| Restarts | status.containerStatuses[].restartCount |
Example Pod Configuration
apiVersion: v1
kind: Pod
metadata:
name: mar-i-92a1
namespace: prod-us-east
labels:
app: mar
instance-id: mar-i-92a1
spec:
containers:
- name: app
resources:
limits:
cpu: "2"
memory: 4GiResource Management
Resource Quotas
Each cluster (namespace) can have resource quotas controlling:
- Total CPU allocation
- Total memory allocation
- Number of pods
- Number of services
Limit Ranges
Default resource limits can be set for instances within a cluster:
- Default CPU limit
- Default memory limit
- Minimum/maximum limits
Networking
Service Discovery
Instances within the same cluster can communicate via:
- Kubernetes DNS ( servicename.namespace.svc.cluster.local)
- Environment variables
External Access
Traffic to instances is managed through:
- Kubernetes Services
- Ingress controllers
- Network policies
Storage
Instance data can be persisted using:
- Kubernetes PersistentVolumeClaims
- Dynamic volume provisioning
- Storage classes
Security
Pod Security
Instances run with security contexts configured:
- Run as non-root (configurable)
- Read-only filesystems
- Dropped capabilities
- SELinux/AppArmor profiles
Network Policies
Cluster-level network policies control:
- Ingress traffic
- Egress traffic
- Pod-to-pod communication
Monitoring at Kubernetes Level
Kubernetes-native monitoring includes:
- Metrics Server - CPU and memory metrics
- Node Exporter - Node-level metrics
- kube-state-metrics - Cluster state metrics
- Prometheus - Time series data collection
Access Control at Kubernetes Level
RBAC can be configured at the Kubernetes level:
- ClusterRole/Role for permissions
- ClusterRoleBinding/RoleBinding for user assignment
- Service accounts for programmatic access