Security at Cloudfleet

Cloudfleet is built with security at every layer. From encrypted networks and hardened control planes to fine-grained access controls and compliance readiness, we protect your Kubernetes infrastructure so you can focus on your workloads.

Get started free
Infrastructure security

Secure by default

Cloudfleet encrypts all data in transit and at rest. Control plane communication, API traffic, and node-to-node networking are secured with TLS. Kubernetes secrets and the Kubernetes backend data stores are encrypted at rest. Cluster nodes connect through a WireGuard®-based encrypted overlay network, ensuring secure communication across clouds and regions. This is a step up for any infrastructure target, as Cloudfleet enforces encryption regardless of whether the underlying network provides it. Learn more about our networking architecture.

Network isolation

Every cluster operates in its own isolated network environment. Nodes are connected through encrypted tunnels, and control plane endpoints can be restricted to private networks on Enterprise plans. Network policies allow you to control traffic flow between workloads at the pod level. As a multi-cloud solution, Cloudfleet network policies can serve as a firewall between datacenter and cloud boundaries, giving you consistent security controls across all environments.

Control plane hardening

Cloudfleet manages the Kubernetes control plane in a dedicated, secure environment. Control plane components are deployed with least-privilege configurations, regularly patched, and monitored for anomalies. Multi-AZ replication ensures high availability on Pro and Enterprise plans.

Node security

Worker nodes are provisioned on demand and recycled regularly, reducing the window of exposure.

Secrets management

Kubernetes secrets are encrypted at rest in the Kubernetes backend. Cloudfleet supports integration with external secret management solutions. Service account tokens use short-lived, bound tokens following Kubernetes best practices.

Operational security

How we operate

Cloudfleet maintains strict internal security practices to protect customer infrastructure. Our operational security model is designed to minimize risk and ensure accountability.

Access controls

All Cloudfleet employee access to production infrastructure requires multi-factor authentication, follows least-privilege principles, and is logged for audit purposes. Access is reviewed regularly and revoked promptly when no longer needed.

Vulnerability management

We continuously scan our infrastructure and application stack for vulnerabilities. Critical CVEs are patched within 24 hours. We maintain a responsible disclosure program and welcome security reports at security@cloudfleet.ai.

Incident response

Cloudfleet maintains a documented incident response process with defined severity levels, escalation paths, and communication procedures. Customers on Enterprise plans receive direct incident notifications and post-incident reports.

Monitoring and detection

All infrastructure components are monitored 24/7 for anomalous behavior, unauthorized access attempts, and performance degradation. Alerts trigger automated responses and on-call engineer notifications.

Supply chain security

Container images used in the Cloudfleet platform are built from verified sources, scanned for vulnerabilities, and signed. We track dependencies and respond quickly to upstream security advisories.

Audit logging

Comprehensive audit logs capture all administrative actions, API calls, and infrastructure changes. Logs are retained and available for compliance reviews. Kubernetes audit logs are available for customer clusters.

FAQ

Security FAQ

Your Kubernetes clusters and their data stores are fully hosted in the availability zones you select. Cloudfleet offers availability zones in both EU and US regions, giving you control over data residency.

Cloudfleet is actively working toward SOC 2 Type II and ISO 27001 certifications. Many of the controls required by these standards are already implemented in our platform and operational processes. Enterprise customers can request detailed security documentation, architecture reviews, and a walkthrough of our security controls. Contact our sales team for more information.

Yes. Cloudfleet is fully GDPR compliant. We offer Data Processing Agreements (DPA) and maintain a list of sub-processors. Our privacy policy details how we handle personal data. For more information, see our privacy policy and terms of service.

All data in transit is encrypted with TLS. Node-to-node communication uses WireGuard® encryption. Data at rest, including the Kubernetes backend and Kubernetes secrets, is encrypted. API traffic between your kubectl client and the Kubernetes API server is always encrypted.

Cloudfleet manages the security of the Kubernetes control plane, node provisioning, networking infrastructure, platform patching, and cluster upgrades. Customers are responsible for securing their workloads, container images, application configurations, Kubernetes RBAC policies, network policies for their pods, and any data stored within their applications. This model follows Kubernetes community best practices for managed Kubernetes providers.

If you discover a security vulnerability, please report it to security@cloudfleet.ai. We acknowledge all reports within 48 hours and work with reporters to understand and address the issue. We follow responsible disclosure practices and appreciate the security community’s efforts to keep Cloudfleet safe.

Yes. All plans include Kubernetes RBAC and SSO integration for access control. Enterprise customers can additionally enable control plane private networking, restricting API server access to authorized networks only.

Cloudfleet accesses cluster control plane components for management operations such as upgrades, scaling, and health monitoring. Cloudfleet does not access customer workloads, application data, or Kubernetes secrets unless explicitly authorized by the customer for a limited time window, such as during a support session. All management access is audited and follows least-privilege principles.

Security built-in.

Access control & governance

Fine-grained role-based access control (RBAC) with organization and project scopes, least-privilege permissions, and comprehensive audit trails for all user actions.

User
User
Kubernetes
User
User

Identity federation

Enterprise Single Sign-On (SSO) via SAML and OIDC, integrating with Okta, Microsoft Entra ID, Google Workspace, and other compatible identity providers.

Cloudfleet Microsoft Entra integration
Cloudfleet Okta integration
Cloudfleet Google Workspaces integration

Enterprise-grade security

Governance, centralized audit logging, and compliance readiness aligned with SOC 2 and ISO 27001 standards (certifications in progress).

Cloudfleet GDPR badge
GDPR
COMPLIANT
Cloudfleet CCPA badge
CCPA
COMPLIANT
Learn more about security at Cloudfleet

Get started with a free Kubernetes cluster

Create your free Cloudfleet Kubernetes cluster in minutes - no setup hassle, no cost. Get started instantly with the always-free Basic plan.

Get started