Published in


Building a Container Platform at Cruise

The backend for Cruise self-driving cars runs on Kubernetes.

  1. Building a Container Platform
  2. Container Platform Security
  3. Container Platform Networking


Environments & Tenants

Infrastructure Boundaries

  1. Vertically: GCP folders and projects separate development, staging, and production environments from each other. These environments each have their own VPC, which is shared between GCP projects in the same environment. Each network has its own subnets, firewalls, interconnects, NAT gateways, and private DNS. The networks are connected, but traffic between them can be easily audited and regulated.
  2. Horizontally: GCP projects within each environment allow for distinct permission management and visibility constraints between tenants. Projects make it easy for tenants to focus on what matters to them. Separation between tenants makes it harder for malicious actors to gain unauthorized access, and prevents tenants from accidentally impacting each other.
GCP Environment Matrix

Platform Boundaries

  1. Vertically: Each environment and region gets its own Kubernetes cluster, aligning with infrastructure boundaries. These clusters each have distinct subnets, requiring traffic between them to route through ingress and egress channels which can be monitored and controlled using firewalls and proxies. This provides highly available load balancing which tenants don’t need to implement themselves, while simultaneously discouraging them from making their production workloads depend on non-production services.
  2. Horizontally: Kubernetes namespaces act as tenant boundaries between workloads. This allows cluster admins to manage permissions, quota, and resources at the cluster level while delegating similar control on a smaller scale to tenants as namespace admins. Namespaces are used as security boundaries for role based access control (RBAC) both in Kubernetes and in integrated systems, like Vault and Spinnaker. Namespace are similar to GCP Projects in that they make it easy for tenants to focus on what matters to them.
GKE Environment Matrix

Platform as a Service

Cruise PaaS
  • Security
  • Ingress
  • Observability
  • Deployment

To Be Continued…



Cruise is building the world’s most advanced self-driving vehicles to safely connect people with the places, things and experiences they care about. Join us in solving the engineering challenge of a generation:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Karl Isenberg

Cloud Guy. Anthos Solutions Architect at Google (opinions my own). X-Cruise, X-Mesosphere, & X-Pivotal.