Concepts

Before you create your first database or deploy a service, it helps to understand the building blocks of the SMLL platform.

Workspaces

A workspace is the top-level unit of organisation. It groups your team members, billing, and infrastructure together. Every resource you create belongs to a workspace.

Each workspace has its own billing account, member list with role-based access (Owner, Admin, Developer, Viewer), and one or more VPCs.

VPCs

A VPC (Virtual Private Cloud) is an isolated network environment within a workspace. All your databases, services, storage buckets, and secrets live inside a VPC.

Resources in one VPC are completely isolated from resources in another. This makes VPCs ideal for separating environments — for example, staging and production.

When you create a VPC, SMLL automatically provisions a Kubernetes namespace, container registry project, S3 credentials, resource quotas, and default alert rules.

Networking

Within a VPC, services and databases can communicate using internal DNS names. Services are exposed to the internet through an ingress controller with automatic SSL. Databases can optionally be made accessible externally via a connection endpoint on port 5432.

Resources in different VPCs cannot communicate directly. Use public endpoints if cross-VPC access is needed.

How they fit together

Workspace
├── Billing & Members
├── VPC (e.g. production)
│   ├── Databases
│   ├── Services
│   ├── Storage Buckets
│   └── Secrets
└── VPC (e.g. staging)
    ├── Databases
    ├── Services
    ├── Storage Buckets
    └── Secrets