APPUiO Managed

APPUiO Managed provides a fully managed Project Syn enabled Kubernetes cluster in several flavors and on several clouds. VSHN provisions and maintains the Kubernetes cluster throughout its lifetime and makes sure the Project Syn provided tools are running and available to the user of the platform. The user of the application environment gets support and operations from VSHN.

It is available in these flavors:

Red Hat OpenShift 4

Red Hat OpenShift Container Platform operated by VSHN on the best-matching infrastructure depending on the needs of the applications running on it.

Rancher Kubernetes Engine

Kubernetes Clusters managed with Rancher. Either Rancher Kubernetes Engine (RKE) on any virtual machines or cloud offerings like Amazon EKS, Google GKE or Azure AKS.

Rancher K3s

Single-node Kubernetes Clusters with Rancher K3s. Low demand and low requirement Kubernetes offering.

Cloud Kubernetes

Managed Kubernetes offerings from cloud providers.

Included Services and Features

The following list shows what’s included in APPUiO Managed

Kubernetes Platform features

Cluster provisioning

Provisioning of Kubernetes cluster on supported clouds (see flavor specific documentation).

Cluster maintenance

The cluster components (control plane and worker nodes) are regularly maintained and updated with the latest patches and releases.


Regular backup of cluster configuration including monitoring of success.

Monitoring and Alerting

Monitoring of cluster and system services functionality and alert handling according to SLA. Alert rules and thresholds are continuously assesed and regularly maintained.

This includes the Kubernetes cluster itself (control-plane and worker nodes) and the Project Syn provided tooling, no customer specific application and services running on the cluster. The Project Syn provided monitoring solution can be used by the user of the platform to integrate their own alerting and metrics collection.

VSHN provides additional services to also monitor customer applications running on the cluster.


Metrics emitted by all system services and the Kubernetes cluster components are continuosly collected and presented in a graphical way.

System Services

A variety of system services are included, pre-configured, ready to be used. A non-exhaustive selection:

  • cert-manager: Automated certificate management, supports Let’s Encrypt

  • ACME Controller (only on OpenShift): Let’s Encrypt support for OpenShift routes

Persistent Storage

Persistent storage is available out of the box with Kubernetes CSI (Container Storage Interface) when supported by the infrastructure provider. Additional persistent storage options are available on request.

Project Syn features


Every cluster has Argo CD deployed which is managed by VSHN with Project Syn.

Each cluster has its own configuration Git repository managed either by Lieutenant or by the customer itself. This repository stores the whole configuration of the cluster for all Project Syn tools.

Argo CD can also be used by the customer to deploy applications using GitOps.


For deploying services like databases, caches or others Crossplane is available on each cluster.

VSHN provides a set of best-practice configuration and configures Crossplane to be ready to use.

Taking care and managing Crossplane provisioned services is offered as an add-on by VSHN.

K8up for Backup

The backup Operator K8up is preinstalled and configured, ready to be used by the user of the platform. It provisions backup destination S3 buckets with Crossplane. Taking care and managing the backups is offered as an add-on by VSHN.

Secret Management with Vault

No secrets are stored in plaintext, they all live in protected key stores. By applying best-practices configuration we ensure secure configuration by default of all components. Only TLS secured connections are used. A Hashicorp Vault instance is provided per Cluster, ready to be used by the user of the platform.

Tools Maintenance with Renovate

Tools and system services managed with Project Syn are automatically maintained with Renovate and deployed/updated with GitOps mechanisms.


Keeping an overview of all the Kubernetes clusters, their versions, locations and other important information is provided by Lieutenant and available in the VSHN Portal.

VSHN Support and Services

Alert handling

Alerts are handled according the the service levels chosen. Additional SLAs are available according to the service levels.

Best-Practices Configuration

VSHN makes use of best-practices configuration, learned from running Kubernetes and applications on top of it in production since many years, and applies them continuously. As the best-practices evolve over time, they are integrated as they are learned.

Expert Pool

The Kubernetes experts at VSHN are available to help the user of the platform. In addition VSHN has access to the Kubernetes distribution supplier support organizations with very direct channels. By taking part in the Open Source community of the key software used by VSHN communication with the upstream developers happens daily.

Fun fact: VSHN is Switzerlands first official Kubernetes Certified Service (KCSP) provider and therefore we’re listed on the official Kubernetes Partners page.

VSHN Portal

The VSHN Portal provides access to many self-service capabilities like:

  • Ticket management

  • Reporting functionality

  • Kubernetes cluster insights

  • User account management

  • Billing information

Our detailed VSHN Portal help system provides a glance at what the VSHN portal can offer and how it looks like.