INR
Open console

Managed Kubernetes · mum-1a

Plain Kubernetes that hands you the admin kubeconfig.

Excloud provisions a control plane on machines that are yours alone, pre-installs CNI, CSI, and the cloud controller, and gives you full cluster privileges. Everything after that is standard upstream Kubernetes, so everything you already know still works.

Create a cluster Read the quickstart

$ exc k8s cluster kubeconfig get --cluster_id 7

exc — terminal
$ exc k8s cluster kubeconfig get --cluster_id 7 \
    -o ~/.kube/excloud.yaml
$ export KUBECONFIG=~/.kube/excloud.yaml
$ kubectl get nodes
NAME            STATUS  ROLES          VERSION
cluster-7-cp-1  Ready   control-plane  v1.30.2
worker-1        Ready   <none>         v1.30.2
The kubeconfig carries an admin client certificate. It is a credential, not a demo account.

What you get

A control plane on dedicated VMs, with the admin kubeconfig.

The control plane runs on VMs in your org — they show up in exc compute list like anything else you provision. CNI, CSI, and the cloud controller come pre-installed. What you do with the cluster after that is entirely up to you.

Single-tenant control plane

Your control plane runs on its own machines, one node or three for HA. The VMs show up in exc compute list like any other — there is no hidden management layer.

The admin kubeconfig

One command hands you a kubeconfig with full cluster privileges. From there it behaves like the upstream Kubernetes you already run everywhere else.

Managed defaults, your call

CNI, CSI, and the cloud controller manager come pre-installed and tested. If you have opinions about networking plugins, swap them out.

Worker pricing

Workers are VMs you can price in your head.

A worker node is a regular compute instance that auto-joins the cluster, billed at the same hourly rate as any other VM. Three m1a.large workers cost exactly three times one m1a.large. No per-node management fee, no separate Kubernetes SKU to decode.

Scale with exc k8s cluster worker create, shrink with worker delete. The meter follows the VM.

Compute billing docs

Worker typeSpecRate
t1a.micro 2 vCPU · 1 GiB, burstable ₹0.236/hr
t1a.medium 2 vCPU · 4 GiB, burstable ₹0.945/hr
m1a.large 2 vCPU · 8 GiB, dedicated ₹1.889/hr
m1a.xlarge 4 vCPU · 16 GiB, dedicated ₹3.778/hr
m1a.2xlarge 8 vCPU · 32 GiB, dedicated ₹7.556/hr
m1a.4xlarge 16 vCPU · 64 GiB, dedicated ₹15.112/hr

Workload identity

Every cluster is its own OIDC issuer.

Kubernetes signs ServiceAccount tokens with a cluster-specific key, and we publish the matching JWKS at a public URL. Point AWS IAM, Vault, or any OIDC-federating IdP at that URL and your pods exchange short-lived tokens for credentials. Nothing long-lived gets mounted into a container.

  • Projected ServiceAccount tokens, refreshed before expiry
  • Issuer URL is per cluster; trust survives key rotation
  • Works with AWS IAM, GCP federation, Vault, Auth0

The wiring is a pod-spec volume and a trust policy. The workload identity docs have both.

per-cluster issuer

https://k8sapi.excloud.in/c/<cluster_id>/
  .well-known/openid-configuration
https://k8sapi.excloud.in/c/<cluster_id>/
  openid/v1/jwks

Both URLs are public. Give them to whatever IdP needs to verify a token your cluster issued.

Day two

Scale workers and rotate access from one CLI.

A cluster isn't done once it's created. Add capacity before a launch, remove it after, and pull a fresh kubeconfig whenever a laptop changes hands — all without touching the console.

  • Add workers with exc k8s cluster worker create
  • Remove them with exc k8s cluster worker delete
  • Re-issue the admin kubeconfig any time with kubeconfig get
exc — terminal
$ exc k8s cluster worker create \
    --cluster_id 7 --type m1a.large
worker-2 created, joining cluster…
$ exc k8s cluster worker delete \
    --cluster_id 7 --worker_id worker-1
$ exc k8s cluster kubeconfig get \
    --cluster_id 7 -o ~/.kube/excloud.yaml
kubeconfig written, previous cert still valid until expiry

The details

Things worth knowing before you create one.

Versions ride the image

The Kubernetes version comes from the control-plane and worker image IDs you pick at create time. In-place upgrades are on the roadmap; today you re-create with newer images when you want to move up.

You run the add-ons

Ingress controllers, cert-manager, and your observability stack are yours to install and own. The cluster ships with tested CNI, CSI, and CCM defaults and stays out of the rest.

Availability scope

A three-node control plane gives you HA within the current zone. We document the scope plainly and do not present it as multi-region.

Get started

Run a pod, then decide if it fits.

The quickstart goes from nothing to a running pod. A t1a.micro worker costs ₹0.236/hr while you try it. Delete the cluster and billing stops immediately.

Open the console Kubernetes docs

$ exc k8s cluster kubeconfig get --cluster_id 7