Works with any Kubernetes cluster

DevSpace Cloud works with all major Kubernetes distributions. Once you connect a cluster, DevSpace Cloud will install a lightweight control plane into the cluster which provides everything you need to create isolated development sandboxes.

Isolated Namespaces

DevSpace Cloud lets you build a self-service Kubernetes platform that enables developer teams to create isolated Kubernetes namespaces called Spaces. While creating a Space, DevSpace Cloud takes care of setting up the required RBAC rules, network policies, resource quotas, security policies etc.

  • 1
    Connect Clusters

    Run the connect cluster command and choose the kube-context of the cluster you want to connect.

    devspace connect cluster

  • 2
    Add Users & Configure Limits

    In the admin UI of DevSpace Cloud, you can create invite links, manage users and set user permissions.

  • 3
    Create Spaces On-Demand

    Cluster users can now create spaces whenever they need them, as long as they stay within their limits.

    devspace create space my-test-space

    DevSpace Cloud ensures that everyone stays within their limits and no one breaks out of their spaces.

5 Reasons

Why Cloud-Native Teams Choose DevSpace Cloud

#1 On-Demand Namespaces

DevSpace Cloud provisions and isolates namespaces on-demand

Instead of provisioning separate clusters for developers, DevSpace Cloud allows you to share Kubernetes clusters. After connecting a cluster to DevSpace Cloud, admins can add cluster users and configure their limits. Within these limits, cluster users can now create spaces on-demand whenever they need them.

devspace create space my-app

Create Isolated Namespaces

  • On-Demand Provisioning via CLI or UI

    With DevSpace Cloud, namespace provisioning becomes self-service for developers.

  • Automatic Kube-Context Setup

    During the 'create space' command, the CLI configures a kube-context for every newly created namespace, so developers can use tools like kubectl and helm.

  • Secure Isolation

    Every namespace created through DevSpace Cloud is by default completely isolated from the rest of the cluster.

    Learn more about Namespace Isolation
#2 Secure Multi-Tenancy

DevSpace Cloud securely isolates users and namespaces in shared clusters

Authentication

While users interact directly with the Kubernetes clusters, DevSpace Cloud creates and manages the access tokens for cluster users that work within isolated Spaces.

  • Auth Provider Plugin

    When running a kubectl command in the kube-context of a Space, kubectl will retrieve an auth token from DevSpace which is by default configured as auth plugin for the context.

  • 2-Factor Authentication via GitHub

    DevSpace Cloud supports oAuth, so users can sign in with their GitHub account (SASL is coming soon).

Authorization

DevSpace Cloud sets up service accounts and Role-Based Access Control (RBAC) rules to ensure that cluster users cannot break out of their namespaces.

  • Separate Service Accounts

    To ensure that users cannot break out of their Spaces, DevSpace Cloud creates a separate service account for each user of a Space.

  • Strict RBAC Rules

    By default, DevSpace Cloud sets up RBAC rules that make sure developers cannot run operations outside of their namespaces.

Network Isolation

To make sure that developers can work within their namespaces without issues, DevSpace Cloud isolates the network traffic for each Space.

  • Cross-Namespace Traffic Restrictions

    By default, containers in different Spaces cannot communicate with each other unless the cluster admins configures this explicitly.

  • Auto-Ingress & Hostname Validation

    DevSpace Cloud can automatically provision unique ingress hostnames for developers (if needed). Admins configure which other hostnames can be used by developers and DevSpace Cloud will ensure these rules using hostname validation.

Admission Control

DevSpace Cloud installs Open Policy Agent (OPA) into connected clusters to check every resource that a user creates using kubectl or other tools. This allows DevSpaceCloud to allow, reject or modify resources according to the admission policies defined by the cluster admins.

  • Strict Default Policies

    DevSpace Cloud provides a variety of best-practice admission policies for high security standards.

  • Custom Policies using OPA

    DevSpace Cloud allows admins to define their own admission checks using custom rules enforced by OPA.

#3 Powerful Admin UI

DevSpace Cloud provides a UI for managing cluster users and their permissions

  • Cluster Management

    Check the cluster status, install, configure or upgrade cluster services (e.g. ingress controller, cert manager, OPA Gatekeeper etc.) with just a click.

  • User Management

    View users, their permissions, their Spaces as well as the utilization of these Spaces.

  • Invite Links

    Create and send invite links to add new users.

  • Spaces Management

    Add or remove Spaces for cluster users. View all Spaces of cluster users (including log streaming for all pods). Pause Spaces to reduce cluster cost.

  • User & Space Limits

    Configure user permissions and Space limits for individual cluster users or groups of them (using bulk operations).

#4 Extensive Customization

The entire business logic of DevSpace Cloud is fully customizable

We know that every team has their own compliance rules and security guidelines. DevSpace Cloud is built for customization and provides over 50 different configuration options for restricting cluster access and for limiting users and Spaces. And for additional customization, DevSpace Cloud lets you define admission control rules using Open Policy Agent and even allows you to modify the entire control logic of DevSpace Cloud, which is written in admission control policies as well.

Here are some of the rules which most users might want to use or customize:

  • Custom Ingress Annotations

    Adds annotations to each ingress that is being created.

  • Ingress Hostname Validation

    Restricts the user to a list or pattern of allowed hostnames.

  • Pod Security

    Rejects privileged pods, hostNetwork access and more.

  • Pod Resource Limits

    Sets default resource limits for pods without limits and makes sure users do not exceed their resource limits.

#5 Lower Cluster Cost

DevSpace Cloud pauses namespaces when developers are not using them

Sleep Mode

Because DevSpace Cloud is involved during the token exchange when a user runs any kubectl command, it knows when users have not been sending any requests for a while. DevSpace Cloud provides a sleep mode option, which pauses namespaces after a certain period of time.

  • Automatically Pause Spaces

    DevSpace Cloud scales down the replica sets within a namespace if it detects that the user has not been working for a while (inactivity detection).

  • Automatically Resume Spaces

    If a Space is paused, the entire configuration is still there, only the replica number is set to 0. If DevSpace Cloud receives the first request again, it resumes the Space by restoring the old number of replicas.

  • Customize Inactivity Detection

    DevSpace Cloud allows you to configure how inactivity will be detected. This can even be configured differently on a per-user or on a per-Space basis.

Pricing

We host DevSpace Cloud and the Kubernetes clusters for you.

Free

$0
1 Space
1 CPU Core
2 GB Memory
10 GB Persistent Storage
GET STARTED

Flexible

pay per minute
Spaces
$0.0007 / Core / min
$0.00015 / GB RAM / min
$0.000003 / GB HDD / min
GET STARTED

We host DevSpace Cloud and you connect your own clusters to it.

Personal

$0
1 Cluster
3 Collaborators
Get Started

Team

$20
per developer
per month
Clusters
Collaborators
Sign Up

You host DevSpace Cloud yourself and connect your own clusters to it.

Free

$0
Clusters
10 Users
Install

Unlimited

contact sales
Clusters
Users
Contact Sales

The term "DevSpace" is a registered trademark of the provider of this site. All other trademarks and names referenced in this site are property of their respective owners.