The fundamentals of the Managed Kubernetes offering
Managed Kubernetes by Cloud Temple is a fully managed Kubernetes platform that combines the power of container orchestration with the security and sovereignty of the SecNumCloud cloud. This offering is positioned as the premium solution for organisations requiring a secure, compliant and fully managed Kubernetes environment.
Our compliance procedures
Our Managed Kubernetes offering is HDS and ISO 27001 certified, and available on SecNumCloud-qualified and C5-compliant services.
The benefits of Cloud Temple's Managed Kubernetes offering
Ensuring high availability and scalability
To ensure maximum availability, our Managed Kubernetes service is based on a robust production architecture, distributed over three distinct Availability Zones (AZ). If one zone fails, the service remains fully operational. The heart of the system, the control plane, is tripled, with a node in each AZ for seamless resilience. Data storage is distributed and replicated on dedicated nodes in the three zones, protecting your critical information. This infrastructure guarantees an SLA of 99.90%. Add or resize workers according to your computing power requirements to dynamically adapt to the load of your applications.
Simplify the orchestration of your containers
Our service is designed to free you from the complexity of orchestration. We provide you with an “out-of-the-box” platform, fully managed by our experts, allowing you to focus on developing your applications rather than managing the infrastructure. The platform incorporates automation, monitoring and backup tools that save you precious time. Accelerate your production launches and gain peace of mind by relying on a robust, sovereign infrastructure operated by our experts. The promise? Powerful Kubernetes, without the management burden.
Benefit from flexibility and portability
Take back control of your cloud strategy with a solution founded on the freedom of open source. Managed Kubernetes offers you a pure Kubernetes experience, with no proprietary overlay, and rigorously aligned with Cloud Native Computing Foundation (CNCF) standards. This approach guarantees total portability of your applications and frees you from any technological dependency: your environment is reversible and your skills remain universal. To make this promise a reality, we include the Veeam Kasten tool, specially designed to simplify migrations between different clouds. Let your infrastructure evolve freely, in line with your strategy.
Opting for safety by design
Our approach to security is based on the “Zero-Trust” principle, integrated at every level of the platform. The foundation is Talos OS, an immutable operating system with no shells or SSH access. This unique design drastically reduces the attack surface and prevents unauthorised alterations. We reinforce this solid foundation with advanced governance tools. Kyverno acts as a gatekeeper, enforcing your security policies across the entire cluster, while Capsule provides fine-grained, partitioned management of access rights. The Harbor container registry systematically scans your images for vulnerabilities. All this is hosted on our sovereign infrastructure, a trusted environment for your most critical applications.
Our Managed Kubernetes features
CNI Cilium & Hubble
Advanced NIC, network policies, advanced observability with the Hubble graphical interface.
MetalLB & Ingress NGINX
LoadBalancer L2 and 3 Ingress NGINX (external secure, external, internal) for service exposure.
Rook-Ceph
High-performance distributed storage (block, bucket, filesystem) (7500 IOPS/TB) for persistent volumes.
CertManager
Natively integrated OpenSource TLS certificate manager.
ArgoCD
Automated GitOps deployment for platform components and applications.
Stack Prometheus
Full observability: Prometheus (metrics), Grafana (dashboards), Loki & Promtail (centralised logs on S3).
Harbor
Private container registry with vulnerability scanning and image signing.
OpenCost
FinOps tool for fine-grained monitoring of resource consumption and under-billing by project.
Kyverno & Capsule
Security policies (Kyverno) and multi-tenant permissions management (Capsule) for advanced governance.
Veeam Kasten K10
Backup and restore of workloads (manifests, volumes) with application support (Kanister).
Technical specifications
Thinking about a cloud-native project? Let's talk
Are you planning to modernise your existing applications, migrate to a microservices architecture or secure critical containerised deployments? Our team of experts can help you define your needs, size your cluster and assess the relevance of our Managed Kubernetes offering to your performance, automation and sovereignty challenges.
Share some information about your project with us using the form: we'll get back to you as soon as possible to discuss it.
Pricing
| Managed Kubernetes Work Units – (excluding infrastructure) | Unit | Unit price € excl. tax/month | Commitment |
|---|---|---|---|
| KUBERNETES MANAGE – PRODUCTION (including 3 Worker Nodes) | 1 virtual cluster | 2 250,00 € | 1 month |
| KUBERNETES MANAGE – DEVELOPMENT/TESTING/ACCEPTANCE (including 3 Worker Nodes) | 1 virtual cluster | 1 500,00 € | 1 month |
| Additional WORKER NODE for Managed Kubernetes – PRODUCTION | 1 additional worker node | 450,00 € | 1 month |
| Additional WORKER NODE for Managed Kubernetes – DEVELOPMENT/TESTING/ACCEPTANCE | 1 additional worker node | 300,00 € | 1 month |
Use cases
The best of both worlds: cloud-native performance and absolute sovereignty.
Unlike solutions from US hyperscalers, our Kubernetes cluster is hosted on SecNumCloud-qualified infrastructure in France, guaranteeing immunity from extraterritorial laws. Technically, we offer an ultra-secure “Zero-Trust” environment (based on Talos OS, immutable and with no SSH access), while natively including 11 premium components (Cilium, ArgoCD, Rook-Ceph, Harbor, etc.) at no extra licence cost, where others charge for each brick separately.
We manage the base, you manage your applications.
Cloud Temple (as MSP) takes care of the operational maintenance of the underlying infrastructure, the high availability of the Control Plane, OS (Talos) and Kubernetes updates, and the management of native components (storage, ingress, CNI). For your part, you retain total control via the Kubernetes API to deploy your workloads, manage your namespaces and administer your application rights policies.
No, continuity of service is guaranteed.
We provide major updates (3 times a year) and the application of critical security patches transparently using the rolling update method (node-by-node updates). For multi-AZ production environments, your cluster and applications remain 100% available to your users for the duration of the operation.
Yes, the platform is 100% interoperable.
Our Managed Kubernetes is CNCF (Cloud Native Computing Foundation) certified, which guarantees total compatibility with market standards. What's more, the solution natively includes a GitLab Runner and ArgoCD to facilitate a GitOps approach from day one, but you can also connect your own pipelines (Jenkins, GitHub Actions, Azure DevOps...) via the standard Kubernetes API.
Total freedom, with no Vendor Lock-in.
Our Kubernetes distribution is open-source and standardised (with no proprietary overlay). If you decide to migrate to another platform, you can export your Kubernetes YAML manifests quickly and free of charge (15-day SLA). What's more, the natively included Veeam Kasten K10 tool makes it easy to back up and port your data volumes to any other S3-compatible environment.
Yes, a strong commitment to Production environments.
For our production clusters deployed in a multi-AZ architecture (spread over 3 datacentres), we guarantee a monthly availability rate of 99.90 % for the Kubernetes API and for the availability of Ceph distributed storage (Note: Dev/Test environments, deployed on a single datacentre, are not subject to SLA commitments).