Unit 2.7: AI and Container Services
Introduction
As cloud platforms mature, organizations need more than basic compute and storage. They need intelligent services that can analyze data and generate content, and container platforms that can run modern microservices at scale. IONOS Cloud provides both: AI services that bring machine learning capabilities to your applications without requiring you to manage GPU infrastructure, and container orchestration services that handle the complexity of deploying and scaling containerized workloads.
In this unit, you will explore two essential service categories that build on the core infrastructure covered in earlier units. We will cover AI services for inference and document intelligence, followed by container services for running production Kubernetes workloads with managed registries and enterprise platform options.
1. Artificial Intelligence Services
IONOS Cloud provides a managed AI inference service that brings machine learning capabilities to your applications without requiring you to manage GPU infrastructure or become a machine learning expert.
1.1 AI Model Hub
AI Model Hub is IONOS's inference service that provides a catalog of pre-trained foundation models ready to be used directly through REST APIs. These models have already been trained on large public datasets by their original developers, and you can use them immediately for inference without training or fine-tuning.
Types of pre-trained models available:
| Category | Example Models | Primary Use Case |
|---|---|---|
| Large Language Models (text to text) | Mistral Small 24B, Llama 3.1 8B, Mistral Nemo, Llama 3.3 70B, GPT-OSS 120B, Llama 3.1 405B | Text generation, chat, code assistance, multilingual coverage |
| Multimodal Models (text + image to text) | Mistral Small 24B | Vision-augmented chat, image analysis with text context |
| Embedding Models (text to vector) | BGE Large v1.5, BGE m3, Paraphrase Multilingual MPNet v2 | Semantic search, similarity, clustering |
| Text-to-Image Models (text to image) | FLUX.1-schnell, FLUX.2-Klein-4B | Image creation from prompts |
| OCR Models (image to text) | LightOnOCR-2-1B | Document text extraction and digitization |
| Specialized Models (coding) | Qwen3 Coder Next 80B | Code generation and assistance |
When to use AI Model Hub:
You should use AI Model Hub whenever you need advanced AI capabilities (text generation, image creation, embeddings, semantic search) without the operational burden of hardware, model training, or compliance work. The service is particularly valuable for text generation and chatbots, image generation for marketing or design, semantic search, and Retrieval-Augmented Generation (RAG) where LLM answers are grounded in your own documents.
Key benefits:
- Managed hosting with no servers or GPU clusters to maintain
- Security and compliance with data staying in Germany, GDPR-aligned
- Scalability that auto-adjusts to meet request volume
- Unified, OpenAI-compatible API for easy integration
- Token-based billing that provides transparent, usage-driven pricing
All models are exposed through a single, OpenAI-compatible API, and you can switch models on the fly without redeploying infrastructure. Tool-calling capabilities let supported LLMs invoke external APIs and functions during a conversation, enabling real-world actions like database lookups or order placement. For Retrieval-Augmented Generation, you combine Hub embedding and language models with a vector database. The recommended path for new builds is IONOS Managed PostgreSQL with the pgvector extension as the vector store, with AI Model Hub providing the embedding and text-generation models. The older native Document Collections feature (a managed vector store) is deprecated and closed to new deployments, and it will be retired on 2026-08-31; existing collections keep working until then, but new RAG projects should use the self-managed pgvector path. Several of the available models are multilingual, supporting European data sovereignty scenarios where broad language coverage within a GDPR-compliant environment is essential.
2. Container Services
Container technology has become the standard way to package and run modern applications. IONOS Cloud provides managed container services that handle the complexity of running containerized workloads at scale.
2.1 Managed Kubernetes
Managed Kubernetes is IONOS's fully-automated service for running production-ready Kubernetes clusters without the operational overhead of managing the control plane and underlying infrastructure yourself.
Key benefits of Managed Kubernetes:
| Benefit | What It Means | Value to You |
|---|---|---|
| Fully-automated cluster provisioning | The service creates the control plane and worker nodes automatically | No manual VM or networking setup required |
| Automatic updates and security patches | IONOS applies Kubernetes version upgrades and security fixes | No intervention needed to stay current and secure |
| High-availability control plane | Control plane runs across multiple VMs in a region | Built-in fault tolerance and continuous operation |
| Full administrator access | Complete control over Kubernetes API | Retain control over workloads while IONOS manages infrastructure |
| Pay-as-you-go compute | Worker nodes billed only for resources used | Cost-effective, no hidden admin overhead |
| Node-pool abstraction | Resources grouped into node pools | Simple, consistent scaling and resource allocation |
| Built on vanilla Kubernetes | Standard open-source Kubernetes | Maximum compatibility with ecosystem tools |
| Integrated monitoring | Kubernetes Manager shows status and provides kubeconfig | Easy visibility into cluster health |
Cluster deployment models:
Managed Kubernetes supports two deployment models that affect how your cluster connects to the network. In a public cluster, worker nodes receive Internet-routable IP addresses, making them directly reachable from outside your Virtual Data Center. In a private cluster, worker nodes are placed on private LANs behind a NAT Gateway, with no direct Internet exposure. You can further restrict access to the Kubernetes API server by configuring an IP allowlist, ensuring only trusted networks can manage the cluster. Choosing between public and private is one of the most important architectural decisions when creating a cluster, because it determines your security posture and how external traffic reaches your workloads.
Node pools support autoscaling, where you define minimum and maximum node counts and the cluster automatically adds or removes worker nodes based on workload demand. Networking between pods is handled by Calico, a built-in Container Network Interface (CNI) plugin that provides network policy enforcement and pod-to-pod communication. Clusters run standard, vanilla Kubernetes releases, and IONOS manages version upgrades so your cluster stays on a supported release track.
Managed vs Self-Managed Kubernetes:
The primary difference between managed and self-managed Kubernetes is who is responsible for the control plane, updates, and infrastructure management. With Managed Kubernetes, IONOS handles cluster provisioning, control plane management (including geo-redundant high availability), security patches, scaling, and node lifecycle. You focus on container workloads, CI/CD pipelines, and application scaling.
With self-managed Kubernetes, you must install control plane components, handle HA architecture, apply security patches, manage VM lifecycle, and design backup strategies. While self-managed gives you full control over every component, it requires significant expertise and resources to maintain properly.
When to use Managed Kubernetes:
Choose Managed Kubernetes when your priority is rapid time-to-value, reduced operational overhead, and a reliable, automatically updated control plane. It is ideal for development teams that want to focus on building applications rather than managing infrastructure, organizations that need production-ready Kubernetes without dedicated platform engineering teams, and scenarios where you need to scale container workloads quickly without infrastructure concerns.
Self-managed Kubernetes may be justified only if you need deep customization of the control plane or must run Kubernetes on infrastructure you control yourself, though you will need the expertise and resources to maintain it.
2.2 Private Container Registry
Container Registry is IONOS Cloud's managed, private Docker/OCI artifact store. It provides an authenticated registry where OCI-compliant artifacts (Docker images, Helm charts, and other container artifacts) can be pushed, stored, and pulled over the public Internet, but only after valid credentials are presented.
What Container Registry provides:
- A repository for Docker images and other OCI artifacts
- Storage for multiple repositories within each registry
- Access control via registry-access tokens with scoped permissions and optional expiration
- Fully managed infrastructure with continuous patching and updates
- Encryption at rest for all stored images
- Integration with CI/CD pipelines and Kubernetes workloads
Why use Private Container Registry:
Instead of relying on external providers like Docker Hub or managing your own registry infrastructure, IONOS Container Registry gives you a secure, highly-available registry that lives in the same cloud environment as your other resources. This eliminates the need to pull images across the public Internet from external providers, provides better control over who can access your container images, and ensures that proprietary application code and images remain private.
When to use Container Registry:
You should use Container Registry whenever you are deploying containerized applications on IONOS Cloud, especially with Managed Kubernetes. It is essential for organizations that need to store proprietary container images securely, teams that want to integrate container builds into CI/CD pipelines, and environments where you need fine-grained access control over who can push and pull images.
The registry integrates seamlessly with Managed Kubernetes clusters, allowing your applications to pull images directly from the registry using the credentials you configure. This creates a complete container platform where you can build, store, and deploy containerized applications entirely within the IONOS Cloud environment.
2.3 Red Hat OpenShift
Red Hat OpenShift is an enterprise Kubernetes platform that Red Hat Certified Cloud Service Provider (CCSP) partners deploy and manage themselves on IONOS Cloud infrastructure (IONOS does not offer a managed OpenShift control plane, and access is through an approved CCSP partner rather than direct self-service), extending standard Kubernetes with integrated developer tools, CI/CD pipelines, and enhanced security features. OpenShift provides a complete application platform with built-in support for building, testing, and deploying containers, along with centralized logging, monitoring, and role-based access control.
When to use Red Hat OpenShift vs Managed Kubernetes:
Choose Red Hat OpenShift when your organization needs an enterprise-grade Kubernetes platform with integrated developer tooling, built-in CI/CD pipelines, and Red Hat enterprise support. OpenShift is particularly suited for regulated industries that require enhanced security controls and compliance features out of the box. Choose Managed Kubernetes when you need standard, open-source Kubernetes without additional enterprise tooling, prefer a simpler setup, or want to minimize costs for basic container orchestration.
2.4 SUSE Rancher Prime
SUSE Rancher Prime is a sovereign Kubernetes management platform that customers self-deploy and self-manage on IONOS Cloud infrastructure (IONOS does not operate it as a managed service), providing centralized management of multiple Kubernetes clusters across cloud, on-premises, and edge environments. Rancher Prime offers a unified management console, policy-driven governance, and integrated security features while maintaining full data sovereignty within European infrastructure.
When to use SUSE Rancher Prime vs Managed Kubernetes:
Choose SUSE Rancher Prime when your organization operates multiple Kubernetes clusters across different environments and needs centralized management, consistent policy enforcement, and multi-cluster visibility from a single control plane. Rancher Prime is particularly valuable for organizations with European data sovereignty requirements and hybrid or multi-cloud Kubernetes strategies. Choose Managed Kubernetes when you need a single, straightforward Kubernetes cluster without multi-cluster management overhead.
Common Use Cases
Real-world scenarios where these AI and container services are used:
- AI-Powered Customer Support with RAG: A financial services company wants to build an intelligent support chatbot that answers questions based on their internal knowledge base of policies, procedures, and FAQs. Using AI Model Hub (Section 1.1), they generate embeddings for their documents with a Hub embedding model and store them in a vector database built on IONOS Managed PostgreSQL with the pgvector extension. They build a RAG pipeline that combines document retrieval with a Large Language Model. When customers ask questions, the system searches the stored documents for relevant policies and generates accurate, context-aware answers using the LLM. The token-based billing model and GDPR-compliant German data centers (mentioned in Section 1.1) ensure cost-effective operation while meeting regulatory requirements for financial data.
- Microservices Platform with Managed Kubernetes and Container Registry: A growing e-commerce startup deploys their application as microservices using Managed Kubernetes (Section 2.1). They store all their container images in Private Container Registry (Section 2.2), including images for their product catalog service, payment processing service, and order management service. Their CI/CD pipeline automatically builds new images when developers commit code, pushes them to the Container Registry with proper access tokens, and triggers rolling updates in the Kubernetes cluster. Because IONOS manages the Kubernetes control plane (automatic updates and patches as described in Section 2.1), the startup's small DevOps team can focus on application features rather than cluster maintenance. During holiday shopping peaks, they scale node pools up through the Kubernetes Manager, and scale back down after the rush, paying only for the resources used.
- Regulated Enterprise Choosing a Container Platform: A healthcare company needs to containerize their patient management system while meeting strict compliance requirements. They evaluate IONOS's container offerings: Managed Kubernetes (Section 2.1) provides a cost-effective vanilla Kubernetes environment, but their compliance team requires built-in security scanning and audit logging. They choose Red Hat OpenShift (Section 2.3) for its enterprise security controls, integrated CI/CD, and Red Hat support for regulated workloads. For their secondary analytics cluster running in a separate region, they add SUSE Rancher Prime (Section 2.4) to manage both clusters from a single control plane with consistent policy enforcement.
Summary
This unit explored two essential service categories that extend IONOS Cloud beyond basic infrastructure. AI services bring machine learning capabilities through pre-trained foundation models delivered as a managed inference API. Container services enable modern application deployment with Managed Kubernetes and private image registries.
AI Model Hub offers immediate access to pre-trained foundation models across six categories - large language models, multimodal, embedding, text-to-image, OCR, and coding - for inference without managing GPU infrastructure. RAG support and tool-calling capabilities make it a complete AI platform, with new RAG builds recommended on Hub embeddings plus a self-managed PostgreSQL and pgvector vector store. The service keeps data in German data centers for GDPR compliance.
Managed Kubernetes provides production-ready container orchestration with fully automated cluster provisioning, public or private cluster deployment models, node pool autoscaling, and automatic updates. Red Hat OpenShift extends Kubernetes with enterprise developer tools, CI/CD pipelines, and enhanced security for regulated environments. SUSE Rancher Prime provides centralized multi-cluster Kubernetes management with policy-driven governance and European data sovereignty. Private Container Registry offers secure storage for Docker images and Helm charts with access control and encryption. Together, these services create a complete platform for modern microservices architectures.
Key Points:
- AI Model Hub provides pre-trained foundation models across six categories (LLMs, multimodal, embedding, text-to-image, OCR, coding) with RAG support (recommended on self-managed PostgreSQL and pgvector) and tool-calling
- Managed Kubernetes handles control plane management, updates, and high availability with public or private cluster deployment models and node pool autoscaling
- Red Hat OpenShift provides enterprise Kubernetes with integrated developer tools, CI/CD, and enhanced security
- SUSE Rancher Prime enables centralized multi-cluster Kubernetes management with policy governance and data sovereignty
- Private Container Registry provides secure, encrypted storage for container images with fine-grained access control
Important Terminology:
- AI Model Hub: Inference service providing REST API access to pre-trained foundation models (LLMs, multimodal, embeddings, text-to-image, OCR) with tool-calling and RAG capabilities
- Managed Kubernetes: Fully-automated container orchestration service with managed control plane, public or private cluster deployment, automatic updates, and high availability
- Red Hat OpenShift: Enterprise Kubernetes platform with integrated developer tools, CI/CD pipelines, and enhanced security features
- SUSE Rancher Prime: Sovereign Kubernetes management platform for centralized multi-cluster operations with policy-driven governance
- Container Registry: Private, managed Docker/OCI artifact store with authentication, access control, and encryption at rest
Next Steps
Continue Learning: Unit 2.8: Knowledge Check - Architecture and Services
Related Topics:
- Unit 2.1: Core Architectural Components - Understanding VDCs and networking fundamentals
- Unit 2.6: Security Services - Network Security Groups, DDoS Protect, and credential management
- Unit 3.2: Identity and Access Management - Managing user access and permissions