Proven compliance with regulatory requirements
The verifiable encryption and isolation of data from access by third parties makes it possible to meet the requirements of supervisory authorities in regulated areas.
Protect complete container workloads easily and verifiably from unauthorized access by third parties
STACKIT Confidential Kubernetes combines the advantages of the popular Kubernetes orchestration tool with the high security standards of confidential computing. The solution is based on the Kubernetes Engine Constellation from Edgeless Systems. It enables users to deploy and operate self-managed Kubernetes clusters with extensive security features with little effort. The highlight: the clusters are completely isolated from the underlying cloud infrastructure and third-party access. They are fully encrypted throughout, including the storage at runtime. These properties are verifiable to third parties.
Applications of STACKIT Confidential Kubernetes
The following use cases can be realized with STACKIT Confidential Kubernetes:
Migrate sensitive workloads to the cloud
Protection against unauthorized access using STACKIT Confidential Kubernetes makes it possible to migrate even particularly sensitive workloads to the cloud. This turns the STACKIT public cloud into a private cloud for users.
Increase protection of containerized workloads against unauthorized access
The complete encryption and isolation of the Kubernetes cluster from the underlying infrastructure effectively protects the data processed in it and the control plane from access by unauthorized third parties.
STACKIT Confidential Kubernetes functions
- All Kubernetes nodes are executed in STACKIT Confidential Virtual Machines (CVMs). While Runtime Encryption encrypts data over the entire runtime, Network and Storage Encryption encrypts network communication and storage - at rest, during transmission and at runtime.
- Cryptographic keys are managed automatically within the CVMs and transparent key management ensures simple and secure use.
- Based on the principle of node attestation and verification, the integrity of each new node in the cluster is checked using "remote attestation" before commissioning. Only "good nodes" receive the cryptographic keys to access the cluster's network and memory.
- DevOps engineers benefit from "whole cluster attestation": they can check the security and integrity of an entire cluster using a single certificate bound to hardware.
- The security features are supplemented by DevOps features integrated into the application, for example for the highly available operation of clusters, day-2 operations (upgrades and recovery) and infrastructure-as-code.
Advantages of STACKIT Confidential Kubernetes
- You can independently, quickly and easily protect containerized workloads from unauthorized access and prevent data leaks.
- You can migrate critical workloads to the public cloud and transform the public cloud into a private cloud
- You increase the trustworthiness of your own SaaS offerings on STACKIT.
- You demonstrably fulfill regulatory and compliance requirements for data protection.
STACKIT Confidential Kubernetes price table
Billing
Server Flavor (Type) | RAM | CPU | Billing | Price |
|---|---|---|---|---|
Confidential Kubernetes License-EU01 | Hourly | 0.15092590000 € | ||
Confidential Kubernetes License-EU02 | Hourly | 0.15092590000 € |
* All price indications are net plus applicable taxes and duties. Subject to change without notice.
The services are billed per billing unit or part thereof and according to the price list valid at the time the contract is concluded. Price indications per month are extrapolated values and always refer to a notional usage period of 720 hours (30-day month). The conditions stipulated in the individual contract apply.
Contact form
Would you like to find out more about STACKIT cloud solutions? Do you have questions about cloud services, would you like an individual price estimate or would you like to find out more about our company? Use our contact form to get in touch with our experts directly. We will be happy to help you!