Skip to content

Introduction to the Contain Platform

Introduction

The Contain Platform is a fully managed, production-ready application platform built on security-first principles. application platform. It provides a complete, "batteries-included" environment for running containerized applications on a standardized, best-practice foundation.

This document provides a technical overview of the platform's core design principles and operational model. It explains the architectural philosophy of the platform, which is explored in further detail throughout the Concepts section.

The Managed Service Model

The platform is delivered as a managed service, meaning our team is responsible for the operational lifecycle of the cloud-native infrastructure.

The scope of the managed service includes:

  • 24/7/365 Operations

    Continuous monitoring and incident response for the platform.

  • Component Lifecycle Management

    Management of all provisioning, upgrades, patching, and scaling of platform components.

Services

  • Rigorous Component Curation

    Every open-source component integrated into the platform undergoes a strict vetting process that includes supply chain security analysis, license compliance checks, and operational readiness assessments.

  • Integrated Security Management

    Management of the platform's security posture, including network policies, admission controllers, and certificate rotation.

  • Disaster Recovery

    Implementation of backup and restore capabilities based on defined business continuity requirements.

Deployment Portability

The platform is engineered for portability and supports deployments across a wide range of environments to meet varying business, security, and data sovereignty requirements.

Supported environments include:

  • Our Datacenters

    Hosted and managed entirely within our own secure facilities.

  • Public Cloud

    Deployed and managed in public cloud subscriptions.

  • Private Cloud

    Runs on customer-owned on-premise hardware.

  • Air-Gapped Environments

    Fully supported for high-security environments with no internet connectivity.

Core Architectural Principles

The platform's architecture is built on four key principles, which are reflected in its components and operational procedures:

  • Secure Defaults

    The platform is configured with a security-first posture, including strict default network policies, security contexts, and automated certificate management.

  • GitOps-Driven

    The state of the platform and its applications is managed declaratively through Git, ensuring all changes are automated, auditable, and repeatable.

  • Production-Ready Operations

    Includes integrated solutions for disaster recovery, observability, and traffic management to support business-critical workloads.

  • Flexible & Extendable

    Avoids vendor lock-in by using standard Kubernetes interfaces and best-in-class open-source tools from the CNCF landscape.

Keep Reading

Now that you have an overview of the platform's core principles, you can explore the following documents to dive deeper into specific architectural areas:

  • Platform Architecture — Explore the high-level structure of the platform.
  • Shared Responsibility Model — Get a detailed breakdown of the division of responsibilities between the platform team and your team.
  • Infrastructure — Learn about the platform's infrastructure architecture and how it supports your applications.
  • Kubernetes — Understand the Contain Base service along with how the platform manages clusters and their lifecycle.
  • Platform Components — Learn about how we manage the lifecycle of components.