Functional Definition
The evroc Run service allows a customer to deploy a containerized application to the evroc cloud.
The container image must be OCI complaint and target the x86-64 architecture.
evroc Run supports the https networking protocol only.
The configured application services will be accessible via the internet at
https://svc-[iid].prod.evroclabs.net.
The service features are described below.
Run as non-root
The application running in the container is not allowed to run as root.
When building the container image (typically done using a Dockerfile) a user
must be specified using the USER <user>:<group> statement. If a non-root user
is not specified in this way then the container won't start properly.
Container port
When deploying a container it is possible to specify a TCP port to which traffic
is forwarded. The PORT environment variable is made available to the program
running in the container, and the value of the PORT environment variable is
the TCP port number that traffic will be forwarded to. An application in the
container that wants to listen for incoming traffic should bind to this port.
The port number can be specified when the Run service is created. It must be a non-privileged port (a port number greater than or equal to 1024).
Auto-scaling
The platform will automatically scale instances of the application to meet a latency-based target. Prior to delivery of vertical auto-scaling the per container CPU and memory resource configuration will be fixed by evroc to meet the customer’s test requirements.
Scale to/from zero
The platform will scale the application to zero instances when there is no request load, and from zero instances when requests are received.
Rollouts and Rollback
The platform will manage the release of a new version of a containerized application, including the routing of request flow to new revisions based on readiness check. 100% of traffic will be routed to the latest version when its ready.
Configuration
Configuration of the container is supported via the pod spec:
- Command line arguments.
- Environment variables inline only.
Network Restrictions
Serverless services deployed on evroc Run have the following network restrictions in place for security:
- No outbound internet access: Services cannot make requests to external internet endpoints
- No access to evroc Compute services: Services cannot communicate with VMs or other Compute resources
- No inter-service communication: Services cannot communicate with other serverless services via internal IPs
- Inbound HTTPS only: Services can only receive traffic via HTTPS through their assigned public URL
IAM
The evroc team will create an organisation called [customer]-poc within its production environment to represent the pilot customer.
The evroc team will create a resourcegroup called [customer]-test within the [customer]-poc organisation.
The evroc team will create a named list of users within the organisation that are able to create|update|delete|view the run services.
Image registry
A v2 docker compatible image registry will be hosted at https://registry.prod.evroclabs.net/.
Users provided as part of the IAM onboarding will be able to push and pull images for use by the run service.
See the Registry documentation for more information.
Logs
The platform will make container logs accessible to the pilot customer via the evroc CLI.
evroc CLI availability
The evroc CLI can be downloaded for macOS, Linux, and Windows from https://downloads.evroc.com/evroc-cli/latest/.
See the evroc CLI documentation for more information.
K8s API
Resource definitions:
- services.run.evroclabs.net
The API is v1alpha1, consequently no commitment is made on its stability or compatibility across releases. We will give the customer notice in the release notes when we do make incompatible changes.
See the API documentation.
Console
The console gives you the ability to view, manage and monitor the health of your services. Explore here.