Upsun User Documentation

Project isolation

Sign up

Get your free trial by clicking the link below.

Get your Upsun free trial

At Upsun, customer environments are strictly isolated from each other using namespaces, seccomp, and cgroups. Persistent data (uploaded files into mounts, database data, etc.) is stored on a region-wide storage layer. Data is stored redundantly and mounted into the environments on deployment.

Network is behind a firewall for incoming connections. Only a few ports are opened to incoming traffic: ???

There are no exceptions, so any incoming web service requests, ETL jobs, or otherwise need to transact over one of these protocols.

Outgoing TCP traffic isn’t behind a firewall, with the exception of port 25 which is blocked.

For containers to be allowed to connect to each other, the following requirements must be met:

  • The containers must live in the same environment.
  • You need to define an explicit relationship between the containers in your app configuration.

Is this page helpful?