Elastisys Compliant Kubernetes

Elastisys Compliant Kubernetes (ECK) is an enterprise-grade cloud native container platform, built with security and compliance in mind.

A container platform that puts security first

If you’re working in a highly regulated industry like healthcare, fintech or iGaming you have two options if you want to run modern, containerized workloads on Kubernetes — either you build and maintain a compliant infrastructure yourself and manage the control plane, the operating system and the underlying infrastructure to stay compliant, or you take the risk of falling out of compliance by using an generic managed container platform.

Elastisys Compliant Kubernetes (ECK) is a highly secure container platform that allows you to run modern, containerized workloads while fulfilling regulatory requirements. ECK accelerates application development and delivery, simplifies installation and operations and helps fulfill regulatory standards like ISO-27001, GDPR and PCI.

It’s 100% open-source and compatible with upstream Kubernetes. No proprietary lock-in ensures your future success and freedom to choose providers.

ECK can be run both on-premise (VMware vSphere or OpenStack) or in public clouds (AWS, GCE, Azure, Digital Ocean, City Cloud) and can be run either as a managed service by Elastisys or as your own stand-alone container platform.

This is the most secure Kubernetes cluster available.
Deployments include logging, monitoring, intrusion detection, network segmentation, audit trails and more tailored to adher to the strict security demands placed by regulations like GDPR, ISO27000-1 and international betting regulations. ECK is fully open source and built on upstream Kubernetes but comes pre-configured for compliance and security out of the box.

Features

Security

  • Private Docker repository
  • Minimal Linux-based operating system
  • Intrusion detection systems (IDS) for alerting in case of breaches
  • Automated image vulnerability scanning and antivirus checking
  • Best practice security policies
  • Container sandboxing, limiting what containers can do on a kernel level
  • Persistent storage with backups and Disaster Recovery functionality
  • Optional service mesh for seamlessly enforcing encrypted network traffic
  • Optional distributed tracing
  • Optional automated certificate handling

Observability

  • Prometheus, AlertManager, and Grafana used to monitor applications and the platform itself
  • Logging from the platform and applications stored either in a deployed ElasticSearch cluster or to your log handling service of choice, e.g. Datadog, Splunk, or a (remote) syslog server.
  • Distributed tracing supported by OpenTracing and Jaeger for tracing API calls through a set of services, which helps developers debug and improve performance along critical paths.
  • Full Kubernetes API Audit trails

Enterprise-readiness

  • Deploys on-premise or in the cloud, including entirely regional cloud providers for legal reasons (due to e.g. US Cloud Act, EU GDPR, or national data security regulations)
  • Installation possible on offline (“air-gapped”) on-premise machines
  • Authentication integration with Active Directory, SAML, and Google logins
  • Network isolation and tight firewalls, allowing only permitted network traffic in the platform. Inbound traffic to the cluster is securely handled using the NGINX Ingress Controller
  • Integration with popular CI/CD systems
  • Support for up to 5000 worker nodes and high availability setups for your Kubernetes masters

Would you like us to install or manage it for you?

Kubernetes Certified Service Provider logotype
We’ve got you covered: Elastisys is Kubernetes Certified Service Providers with long experience offering professional services around the Kubernetes and cloud native ecosystem. We also run one of the worlds best managed Kubernetes services, operated 24/7 by Elastisys’ Kubernetes experts on the public or private cloud of your choice.