Container compliance made easy

Elastisys Compliant Kubernetes (CK8s) is a container platform built for strong security and full lifecycle compliance with ISO-27001, GDPR and PCI-DSS.

Want to run it yourself? Want us to manage it for you on a European cloud provider?

Why is security in Kubernetes so complicated?

If you’re familiar with Kubernetes, the question will probably resonate with you. And if you’re only just getting started on your cloud native journey, there’s still a good chance you’ve encountered some security-related headaches along the way. This is especially true if you are working in a highly regulated industry like healthcare, fintech, or gaming.


Competence is scarce and expensive: Hiring and retaining 4-5 Kubernetes experts to operate your clusters 24/7 might not be the most economical way. Switching to Kubernetes also requires new security considerations.


Day 2 operations are complex: Kubernetes is notoriously hard to operate for mission critical workloads under strict SLAs.


The landscape is rapidly evolving: Keeping up with the fast changing cloud native ecosystem is a huge challenge.


Security and compliance is hard: Ops people are not necessarily cloud native security and compliance experts, which makes it time-consuming to keep up with the latest CVEs and regulations.

Is this familiar for you? Running kubernetes at enterprise scale can be a huge operational challenge.

And until now, you basically had two options if you wanted to run modern, containerized workloads on Kubernetes and stay compliant — either you built and maintained a compliant infrastructure yourself and managed the control plane, the operating system and the underlying infrastructure, or you took the risk of falling out of compliance by using an generic managed container platform.

With Elastisys Compliant Kubernetes (CK8s), you now have a third option. 

Container velocity with the rigor of compliance

CK8s is a highly secure and compliant managed Kubernetes service tailored for regulated industries. In addition to managing the cluster control plane, CK8s configures the underlying operating system, and installs, configures, and manages a set of deployments required to achieve compliance.

Elastisys Compliant Kubernetes (CK8s) allows you to run modern, containerized workloads while fulfilling regulatory standards like ISO-27001, GDPR, and PCI-DSS.


CK8s can be run on-premise as your own stand-alone container platform (VMware vSphere or OpenStack) or in public clouds. It is also available as a managed service hosted on our European cloud provider partners.

This is the most secure Kubernetes cluster available.
Deployments include logging, monitoring, intrusion detection, network segmentation, audit trails and more tailored to adher to the strict security demands placed by regulations like GDPR, ISO27000-1 and international betting regulations. CK8s is fully open source and built on upstream Kubernetes but comes pre-configured for compliance and security out of the box.

Ensure compliance through the whole software development life cycle

Being compliant does not start when your applications run in production. Elastisys Compliant Kubernetes shifts security and compliance focus left, providing the means to secure your applications throughout the whole software development life cycle.

Ck8s SDLC (1)

CK8s does this by:

  • Audit logging the whole container journey
  • Analysing and verifying containers during build, deploy, and run-time
  • Providing easy to use management tools for enforcing policies during deployments – ensuring compliance for the whole application lifecycle
  • Providing operations and security teams with pre-configured logging, monitoring, intrusion detection, network segmentation, and audit trail capabilities tailored to adher to the strict security demands placed by regulations like ISO27000-1, GDPR, and PCI-DSS


Elastisys Compliant Kubernetes (CK8s) comes pre-configured for compliance and security out of the box. You’ll be completely freed from worries about being compliant with regulations such as GDPR, PCI-DSS, HIPAA, HITRUST CSF, GxP, and more – with no additional configuration on your end. It´s that easy. 

Ck8s architecture


  • Private Docker repository
  • Separation of duties through Role Based Access Control (RBAC)
  • Automated certificate handling
  • Secret management
  • Minimal and hardened Linux-based operating system
  • Intrusion detection systems (IDS) for alerting in case of breaches
  • Automated image vulnerability scanning and antivirus checking
  • Best practice security policies
  • Container sandboxing, limiting what containers can do on a kernel level
  • Persistent storage with backups and disaster recovery functionality
  • Optional service mesh for seamlessly enforcing encrypted network traffic
  • Optional distributed tracing


  • Prometheus, AlertManager, and Grafana used to monitor applications and the platform itself
  • Logging from the platform and applications stored either in a deployed ElasticSearch cluster or to your log handling service of choice, e.g. Datadog, Splunk, or a (remote) syslog server
  • Distributed tracing supported by OpenTracing and Jaeger for tracing API calls through a set of services, which helps developers debug and improve performance along critical paths
  • Full Kubernetes API Audit trails


  • Deploys on-premise or in the cloud, including entirely regional cloud providers for legal reasons (due to e.g. US Cloud Act, EU GDPR, or national data security regulations)
  • Installation possible on-premise, including air gapped systems
  • Authentication integration with Active Directory, SAML, and Google logins
  • Network isolation and tight firewalls, allowing only permitted network traffic in the platform. Inbound traffic to the cluster is securely handled using the NGINX Ingress Controller
  • Integration with popular CI/CD systems
  • Continuous updates and management of vulnerabilities in Kubernetes and surrounding projects
  • Support for up to 5000 worker nodes and high availability setups for your Kubernetes masters

Customer reference

Tempus is a fast growing and modern daycare planning platform, managing the trust and data privacy of thousands of parents every day.

“We decided on Elastisys as Compliant Kubernetes doesn’t lock you in to any specific cloud, it´s built on best practice projects from the cloud native community, and comes pre-configured for all our security and compliance needs, saving us a lot of effort”.


Tempus chose Compliant Kubernetes as a managed service, allowing them to focus on their customers without having to worry about keeping up with platform lifecycle management, security patching, backups and general cloud native and security awareness.


Elastisys Compliant Kubernetes (CK8s) offers you custom pricing plans that scales from individuals to the enterprise. Free for developers, flexible for business. Our Community edition is free forever, with 100% open source. The basic Business package with enterprise support is tailored for on-premise infrastructure, with 8×5 and 24×7 support options available. For the fully Managed Service, our operations team handles upgrades, backups, and security patching, etc. relieving you from all aspects of Day 2 operations. The Managed Service is offered on all major clouds, and can also be delivered from datacenter providers under European legal jurisdiction.

White star1


White_v_square Compliant Cluster
White_v_square Continuous compliance
White_v_square Policy enforcement
White_v_square Audit reports



White_v_squareCompliant Cluster
White_v_square Continuous compliance
White_v_square Policy enforcement
White_v_square Audit reports
White_v_square Enterprise support


Managed Service

White_v_squareCompliant Cluster
White_v_square Continuous compliance
White_v_square Policy enforcement
White_v_square Audit reports
White_v_square Enterprise support
White_v_square Upgrades
White_v_square Backup and disaster recovery
White_v_square Security patching
White_v_square SLA