It's expensive, time-consuming, and technically difficult to build a secure, scalable Kubernetes platform. Yet many companies that do this spend 6+ months building it themselves and then hire an expensive platform team to manage it. We've talked to customers who have spent $1.5M to build something that isn't their core product.
On the technology side, you have to solve for authentication, authorization, service registry and discovery, scalability, observability, infrastructure and more. Most teams end up stitching together a bunch of OS tools and cloud primitives just to end up with a fragile system that’s difficult to maintain as it grows. On the people side, it’s difficult and expensive to find developers and devops engineers who deeply understand Kubernetes and distributed systems. When they leave, tech and process documentation is incomplete, hard to find and often outdated.
Nick and I have been building infrastructure platforms for the past 7 years at companies like NewFront, Skyflow, IBM and Garmin. Companies like ours were spending a lot of time and energy in building internal developer platforms from scratch and then hiring expensive teams to maintain them. These were important platforms but never the companies’ core product. It seemed crazy to us that a series A company would have 2-3 developers spend 6+ months building something that wasn't their core product. We felt like there had to be a better way.
We’re building a platform that accomplishes 4 things: (1) Reduce the time it takes to spin up Kubernetes environments and services; (2) Provide an intuitive developer experience that simplifies working with Kubernetes; (3) Empower devops and platform teams to automate manual tasks and enable developer self service without spending months building infra; (4) Centralize, organize and be a source of truth for infra-related configurations, processes and documentation.
To get into the architecture a bit, you can think of Nucleus as three layers:
At the bottom layer, we build and manage pre-configured Kubernetes clusters in your AWS accounts. We install different add-ons into the cluster that enable key functionality such as security, autoscaling and metrics. You can find a full list in our docs - https://docs.nucleuscloud.com. The idea is that you can run Nucleus on autopilot without needing to be a Kubernetes expert. That said, many engineers want access to kubectl, so we make it easy to provision different user-profiles with different access to kubectl via an IAM role.
The next layer up is the service mesh layer. We built on top of Istio to implement things like authN, authZ, service discovery and registry. We were also really inspired by this blogpost from the neobank Monzo (https://monzo.com/blog/2022/03/31/how-we-secure-monzos-banki...). Each cluster has a dedicated load balancer that sits in a public subnet while the cluster and services are in a private subnet. Communication between these services uses mTLS. Private services are, by default, isolated and can’t talk to any other service unless you explicitly authorize it. We make that as easy as passing in the service name. This is all automated and transparent to the end-user. We’re soon going to be coming out with more features around managing load balancers and enabling blue-green deploys with zero downtime cutovers.
The top layer is our integration layer. We provide a bunch of integrations and we’re continuing to building out more. This includes container registry tools (DockerHub, ECR, Github), Observability (Datadog, Prometheus, Grafana), Secrets Managers (param store), DBs (Aurora, MongoDb), and CI/CD (github actions). The idea is that you shouldn’t be spending time trying to build integrations for each of your services, you should just point-and-click which ones you need. We’ve built a permissioning system which makes it easy to give/revoke access for an integration to any service or environment. For example, if you want your dev services to have access to your dev db, you shouldn’t have to build that separately for each service. You just configure it once, pick the services or environment that needs access to and we automatically expose those environment variables to those services.
Ultimately, the vision is to build a platform across all cloud providers that developers and devops teams can use to build, test, deploy and manage environments and services transparently. We strongly believe that developers and devops/platform teams should be working on the same platform. So many of the communication and siloing issues happen because teams use different platforms and tools. Consolidating those into one platform helps everyone stay in sync and have access to everything they need.
We’ve never been big fans of the complicated pricing that most SaaS companies have so we sell Nucleus as a single annual license where you get everything. In full transparency, we currently price Nucleus around $35k/license, or about 10% of what it would cost you to build and maintain this yourself.
Our current customers range from small startups who want to focus on getting to market fast and not worry about infra or devops, to mid-market companies that want to empower their existing devops teams with automation. Their main use-cases are: 1. Automatically containerizing their services (with our built-in CI/CD pipeline) and deploying them on Kubernetes 2. Building out a microservices architecture (we have a built-in in service mesh) 3. Making it easy for developers to self-service environments, environment variables and more.
If you're interested to learn more, check out our docs (https://docs.nucleuscloud.com) and you can sign up for a free account here (https://app.nucleuscloud.com). We're always looking for feedback so please let us know your thoughts/questions and thanks for having us!
by Andrey
Azimov