How Gravity Works

Gravity puts applications and all their dependencies onto hardened Kubernetes clusters that can reliably and securely run in any Linux environment: edge, multi-cloud, private cloud, on-prem, and air-gapped.

Download Gravity

What is Gravity

Gravity is an open source tooklit for packaging Kubernetes applications for running in remote, restricted and regulated environments, i.e. environments an application developer may not even have access to.

Gravity packages an entire Kubernetes cluster including the applications running inside, into a single deployable file. The resulting file is called a cluster image and it is just a .tar archive.

A cluster image can be used in two ways.

  • To create numerous identical replicas of the original cluster from scratch, on any infrastructure. All public clouds, private clouds and bare metal servers are supported.
  • To inject applications contained within a cluster image into an existing Kubernetes cluster.

Who is Gravity for

Gravity has a narrow focus on packaging, deploying and updating Kubernetes applications in restricted, regulated and remote envrionments, i.e. environments an application developer may not have direct access to, when traditional CI/CD is not applicable. Some examples of Gravity usage include:

  • Delivering cloud applications to on-premise, single-tenant environments for use by enterprise customers.
  • Delivering cloud applications to large number of remote edge locations for use by retail, restaurant and energy industries.

Gravity vs …

Traditional Kubernetes distributions aim to be flexible, general purpose platforms. They follow the traditional cloud-native approach of deploying Kubernetes, i.e. as a layer on top of infrastructure and usually require an active ongoing management.

Gravity packages Kubernetes itself, as well as all of its dependencies and even SSH access into an application itself, allowing developers to make no assumptions about the target infrastructure. If there’s already a Kubernetes cluster on-site, Gravity will deploy and update application in it. But if there is not, Gravity will create a cluster from scratch. This enables true application portability.

  • Gravity clusters are idempotent, i.e. clusters created from the same bundle are always identical. There is no configuration drift over time; no “special snowflakes”.
  • Gravity clusters are always “wrapped” with a privileged access gateway called Teleport, which unifies k8s and SSH authentication and keeps a detailed audit log for compliance purposes.
  • Gravity includes tools to perform infrastructure validation prior to cluster provisioning. This allows cluster designers to prevent users from installing clusters on infrastructure that does not meet the system requirements.
  • Gravity clusters only allow Kubernetes components that have been thoroughly tested by our team for compatibility and stability. These components are called a “Kubernetes Runtime”. Users can pick a Runtime but Gravity does not allow any customization of individual components of Kubernetes.

Cluster Images

A Cluster Image produced by Gravity includes:

  • All Kubernetes binaries and their dependencies.
  • Built-in container registry.
  • De-duplicated layers of all application containers inside a cluster.
  • Built-in cluster orchestrator which guarantees HA operation, in-place upgrades and auto-scaling.
  • Installation wizard for both CLI and web browser GUI.

A cluster image is all one needs to re-create the complete replica of the original Kubernetes cluster, with all deployed applications inside, even in an air-gapped server room.

A cluster image can be quite large, because it contains everything an application needs to be deployed on a “clean” infrastructure, but they also be quite small, if a developer only packages an application update from a previous version.

Remote Access and Compliance

Each cluster provisioned with Gravity includes the built-in SSH/Kubernetes gateway called Teleport. Teleport provides the following benefits:

  • One-step SSO authentication which issues credentials for both Kubernetes and SSH.
  • Ability to implement compliance rules like “developers must never touch production data”.
  • Ability to grant remote access to the cluster via SSH or via k8s API, even if the cluster is located behind NAT with no open ports.
  • Keeps a detailed audit log (including fully recorded interactive sessions) for all SSH commands and all kubectl commands executed on cluster nodes.

Teleport can also be used independently without Gravity, it has been audited multiple times by reputable cyber security companies and it has been deployed in production in multiple organizations.

Open Source

The Gravity Community Edition is open-sourced under Apache 2.0 license and can be found on Github.

Trusted by leading organizations

Try Teleport today

In the cloud, self-hosted, or open source

Get started
View developer docs

This site uses cookies to improve service. By using this site, you agree to our use of cookies. More info.