Managed Kubernetes · mum-1a
Plain Kubernetes that hands you the admin kubeconfig.
Excloud provisions a control plane on machines that are yours alone, pre-installs CNI, CSI, and the cloud controller, and gives you full cluster privileges. Everything after that is standard upstream Kubernetes, so everything you already know still works.
$ exc k8s cluster kubeconfig get --cluster_id 7 \ -o ~/.kube/excloud.yaml $ export KUBECONFIG=~/.kube/excloud.yaml $ kubectl get nodes NAME STATUS ROLES VERSION cluster-7-cp-1 Ready control-plane v1.30.2 worker-1 Ready <none> v1.30.2
What you get
Your cluster, including the parts other clouds keep.
Most managed Kubernetes puts the control plane behind glass. Here it runs on dedicated VMs in your org, and the kubeconfig you get is the admin one. The defaults are managed so day one is short; nothing stops you from replacing them on day two.
Single-tenant control plane
Your control plane runs on its own machines, one node or three for HA. The VMs show up in exc compute list like any other — there is no hidden management layer.
The admin kubeconfig
One command hands you a kubeconfig with full cluster privileges. From there it behaves like the upstream Kubernetes you already run everywhere else.
Managed defaults, your call
CNI, CSI, and the cloud controller manager come pre-installed and tested. If you have opinions about networking plugins, swap them out.
Worker pricing
Workers are VMs you can price in your head.
A worker node is a regular compute instance that auto-joins the cluster, billed at the same hourly rate as any other VM. Three m1a.large workers cost exactly three times one m1a.large. No per-node management fee, no separate Kubernetes SKU to decode.
Scale with exc k8s cluster worker create, shrink with worker delete. The meter follows the VM.
| Worker type | Spec | Rate |
|---|---|---|
| t1a.micro | 2 vCPU · 1 GiB, burstable | ₹0.236/hr |
| t1a.medium | 2 vCPU · 4 GiB, burstable | ₹0.945/hr |
| m1a.large | 2 vCPU · 8 GiB, dedicated | ₹1.889/hr |
| m1a.xlarge | 4 vCPU · 16 GiB, dedicated | ₹3.778/hr |
| m1a.2xlarge | 8 vCPU · 32 GiB, dedicated | ₹7.556/hr |
| m1a.4xlarge | 16 vCPU · 64 GiB, dedicated | ₹15.112/hr |
Workload identity
Every cluster is its own OIDC issuer.
Kubernetes signs ServiceAccount tokens with a cluster-specific key, and we publish the matching JWKS at a public URL. Point AWS IAM, Vault, or any OIDC-federating IdP at that URL and your pods exchange short-lived tokens for credentials. Nothing long-lived gets mounted into a container.
- Projected ServiceAccount tokens, refreshed before expiry
- Issuer URL is per cluster; trust survives key rotation
- Works with AWS IAM, GCP federation, Vault, Auth0
The wiring is a pod-spec volume and a trust policy. The workload identity docs have both.
per-cluster issuer
https://k8sapi.excloud.in/c/<cluster_id>/ .well-known/openid-configuration https://k8sapi.excloud.in/c/<cluster_id>/ openid/v1/jwks
Both URLs are public. Give them to whatever IdP needs to verify a token your cluster issued.
The details
Things worth knowing before you create one.
Versions ride the image
The Kubernetes version comes from the control-plane and worker image IDs you pick at create time. In-place upgrades are on the roadmap; today you re-create with newer images when you want to move up.
You run the add-ons
Ingress controllers, cert-manager, and your observability stack are yours to install and own. The cluster ships with tested CNI, CSI, and CCM defaults and stays out of the rest.
One region today
Everything runs in mum-1a, Mumbai. A three-node control plane gives you HA within the zone; we won't pretend that is multi-region.
Get started
Cluster, kubeconfig, worker, pod.
The quickstart takes you from nothing to a running pod, and a t1a.micro worker meters at ₹0.236/hr while you try it. Delete the cluster and the bill stops.