# Managed Kubernetes Switzerland

> Lifecycle-managed, Talos-based Kubernetes on Swiss sovereign cloud. Simpler and lower cost than enterprise platforms, with a clear responsibility model.


VSHN runs the full Kubernetes lifecycle for you: version upgrades, the immutable Talos OS, networking, ingress, and storage, on Swiss sovereign cloud. A standardized platform with predictable scope, for teams who want production clusters without operating them, and without enterprise overhead.


## Pages

- [Homepage](https://www.managed-kubernetes.ch/): Managed Kubernetes on Swiss Sovereign Cloud | VSHN
- [Managed Kubernetes vs DIY, CSP Control Planes, and OpenShift](https://www.managed-kubernetes.ch/comparison.md)
- [Swiss Sovereign Kubernetes on cloudscale.ch and Talos](https://www.managed-kubernetes.ch/sovereignty.md)

## Features

- **Operated, not just provisioned**: We take responsibility for running Kubernetes, not just spinning it up. VSHN owns cluster provisioning, version upgrades, OS updates, and the core platform components on a defined maintenance schedule. Your engineers stop coordinating upgrades and chasing add-on compatibility, and get back to shipping applications on a platform that stays current.

- **One opinionated platform**: A consistent, standardized stack instead of bespoke per-cluster setups: Talos as the immutable OS, Cilium for networking, the Gateway API for ingress, and Rook / Ceph for storage. Standardization is what makes the service predictable to run and predictable to price, and what lets us operate it reliably at scale.

- **Fewer platform decisions**: You do not need to evaluate CNIs, ingress controllers, storage backends, or upgrade strategies. Those decisions are already made, validated, and operated by VSHN. That reduced cognitive load is the point: a smaller, well-bounded platform your team can reason about instead of a sprawling DIY stack nobody fully owns.

- **Predictable, productized scope**: Managed Kubernetes is a product with a defined scope, not an open-ended consulting engagement. You know what the platform includes, what VSHN operates, and what stays yours. That predictability extends to a productized commercial model rather than effort-based or per-project billing that is hard to forecast.

- **Swiss sovereign by default**: The platform runs on Swiss sovereign infrastructure, starting with cloudscale.ch, a Swiss provider operating data centers exclusively in Switzerland. Your data and control plane stay in Switzerland, under Swiss law, with no hyperscaler dependency. Sovereignty without the cost and overhead of an enterprise platform.

- **A clear responsibility line**: You always know exactly what we operate and what stays with you. VSHN owns the platform lifecycle; you own your workloads and their behaviour. This bounded model is deliberate: it keeps the service simple, lower cost, and honest about where platform responsibility ends and application responsibility begins.

- **A dedicated cluster, not a shared slice**: You get a dedicated Kubernetes cluster, not a tenant slice of a shared platform. That matters for advanced teams: you can install your own custom operators, cluster-wide CRDs, admission webhooks, and node-level configuration that multi-tenant platforms have to restrict. You get full control of the cluster, with VSHN still running the platform underneath.


## The platform we operate for you

- Immutable, API-driven OS base on Talos Linux: no SSH, no configuration drift
- Cluster lifecycle management via Cluster API
- Autoscaling of worker nodes
- Full, unrestricted Kubernetes API access: standard kubectl and cluster-admin, no proprietary abstraction layer
- Networking with Cilium (open source)
- Ingress via the Kubernetes Gateway API, with cloud load balancing
- Persistent storage via Rook / Ceph
- Identity and access: OIDC single sign-on with Kubernetes RBAC
- Cloud-native integration: CSI storage drivers and the cloud controller manager (CCM)
- Basic observability: platform logs and metrics
- API-first, built entirely on open-source components with no enterprise licensing

## Managed Kubernetes FAQ

### What is Managed Kubernetes from VSHN?

Managed Kubernetes is a standardized, lifecycle-managed Kubernetes platform operated by VSHN on Swiss sovereign cloud. VSHN provisions the cluster, runs version upgrades, updates the immutable Talos operating system, and operates the core platform components, so your team can run production workloads without operating the cluster themselves.


### How is this different from a managed control plane like Exoscale SKS or STACKIT?

Managed control planes operate the API server and etcd, then leave node lifecycle, upgrades, ingress, storage, and observability to you. Managed Kubernetes extends responsibility into the full platform lifecycle: VSHN owns the upgrades and the opinionated platform stack, so a managed control plane becomes an actually managed Kubernetes platform.


### How is this different from Managed OpenShift?

Managed OpenShift is the enterprise option: continuous operations, higher service levels, and the broader tooling that regulated industries need. Managed Kubernetes is deliberately simpler and lower cost, with a bounded scope and business-hours support. It targets non-regulated teams for whom an enterprise platform is more than they need.


### Which operating system and components run on the platform?

The platform is built on Talos Linux, an immutable, API-managed Kubernetes OS with no SSH and no configuration drift. Networking uses Cilium, ingress uses the Kubernetes Gateway API, persistent storage uses Rook and Ceph, and access uses OIDC. Cluster lifecycle is driven by Cluster API, all from open-source components.


### Where does it run, and is my data sovereign?

The first iteration runs on cloudscale.ch, a Swiss cloud provider operating data centers exclusively in Switzerland. Your workloads and the cluster control plane stay in Switzerland, under Swiss law, with no hyperscaler dependency. Additional Swiss sovereign providers may follow based on demand from early-access participants.


### What service level and support can I expect?

Managed Kubernetes is a baseline-tier service operated during business hours, with reactive support and platform-level monitoring rather than continuous around-the-clock operations. This bounded service model is intentional and keeps the platform affordable. Teams that need continuous coverage should look at VSHN's enterprise platforms instead.


### Who is responsible for my applications?

VSHN operates the platform lifecycle: control plane and node availability, Kubernetes and OS upgrades, and the core components. You remain responsible for your workloads, their compatibility across upgrades, scaling and resilience, and application-level security. The responsibility line is explicit so nothing falls through the cracks.


### Is the platform built on open source?

Yes. Every layer of the platform uses open-source components: Talos Linux, Cluster API, Cilium, the Gateway API, and Rook with Ceph. There is no enterprise licensing in the stack, which avoids vendor lock-in on the orchestration layer and keeps the cost structure of the service lower than license-heavy enterprise platforms.


### How do I get started, and when is it available?

Managed Kubernetes is in active development. Register your interest to join the early-access group, tell us about your clusters and workloads, and help shape the platform, the supported providers, and the service scope. We will follow up to discuss whether the platform fits your needs and your timeline.


## Register your interest in Managed Kubernetes

Managed Kubernetes is in active development. Tell us about your clusters and workloads to join the early-access group and help shape the platform. We will follow up to discuss fit and timing. There is no commitment.


Booking: #contact

## Wedge

- **Body**: Most "managed Kubernetes" offerings hand you a control plane and leave the rest to you: node lifecycle, version upgrades, ingress, storage, observability, and figuring out why an upgrade broke your add-ons. Managed Kubernetes takes ownership of the whole platform lifecycle instead, on one standardized, opinionated stack. You get Kubernetes as a first-class interface, not a platform abstracted away.


## Responsibility

- **Intro**: The responsibility line is drawn on purpose, and we make it explicit. VSHN operates the platform lifecycle. You operate your applications. Nothing in between is left ambiguous.

- **Vshn Heading**: VSHN operates
- **Customer Heading**: You operate
- **Note**: The service runs on standardized configurations during business hours, with reactive support rather than around-the-clock operations. That bounded scope is what keeps it simpler and lower cost than enterprise platforms. If you need continuous coverage or regulated-grade guarantees, [Managed OpenShift](https://www.managed-openshift.ch) is the better fit.

---

## Managed Kubernetes vs DIY, CSP Control Planes, and OpenShift

# Where Managed Kubernetes fits

Teams running Kubernetes in Switzerland choose between four layers of the market. Each makes a different trade-off between control, operational burden, and cost. This page maps those layers so you can see where VSHN Managed Kubernetes sits, and why we built it for the gap in the middle.

## The four layers

| | Do-it-yourself | CSP managed control plane | VSHN Managed Kubernetes | Enterprise OpenShift |
|---|---|---|---|---|
| **Examples** | kubeadm, Cluster API, your own stack | Exoscale SKS, STACKIT, IONOS, OVHcloud | This service | Managed OpenShift |
| **Who operates the cluster** | Your team | You (control plane only is managed) | VSHN | VSHN |
| **Version upgrades** | You | You | VSHN | VSHN |
| **OS lifecycle** | You | You | VSHN (immutable Talos) | VSHN |
| **Ingress, storage, networking** | You choose and operate | You choose and operate | Standardized and operated | Standardized and operated |
| **Service hours** | Your own | Provider-dependent | Business hours, reactive | Continuous operations |
| **Sovereignty** | Depends on hosting | Often hyperscaler-backed | Swiss sovereign (cloudscale.ch) | Swiss options available |
| **Best for** | Large platform teams | Teams happy to operate the rest | Teams who want the platform run for them, without enterprise scope | Regulated, enterprise workloads |

## Do-it-yourself Kubernetes

Self-managed Kubernetes gives you total control: you pick every component, set your own upgrade cadence, and run on any infrastructure. That control is also the cost. Running Kubernetes in production means owning the node lifecycle, version upgrades every few months, CNI and ingress decisions, storage operations, security patching, and the on-call rotation behind all of it.

**Consider DIY when:** you have a mature platform engineering team that treats Kubernetes operations as a core competency, and you need control over every layer.

## CSP managed control planes

Managed Kubernetes engines from a cloud service provider or managed service provider (Exoscale SKS, STACKIT, IONOS, OVHcloud and similar) operate the API server and etcd for you. This is genuinely useful, but the name oversells it. Node lifecycle, version upgrades of your workloads' dependencies, ingress, storage, observability, and add-on compatibility remain your job. A managed control plane is not a managed platform.

**Consider a CSP control plane when:** you want someone else to run the control plane but your team is ready and willing to operate everything above it.

## VSHN Managed Kubernetes (the missing middle)

This service takes ownership of the whole platform lifecycle on one opinionated, standardized stack: Talos as the immutable OS, Cilium for networking, the Gateway API for ingress, Rook / Ceph for storage, all driven by Cluster API. VSHN runs version upgrades, OS updates, and the core components on a defined maintenance schedule. You get Kubernetes as a first-class interface with the operational weight lifted, without paying for enterprise scope you do not need.

It is deliberately bounded: standardized configurations, business-hours operations, and a clear responsibility line. That is what keeps it simpler and lower cost than an enterprise platform.

**Consider VSHN Managed Kubernetes when:** you want production Kubernetes operated for you, you value Swiss sovereignty, and an enterprise platform like OpenShift is more than your workloads require.

## Enterprise OpenShift

Managed OpenShift is the enterprise option: continuous operations, higher service levels, integrated developer tooling, and the compliance posture regulated industries need. It is the right tool when your workloads demand around-the-clock operations and regulated-grade guarantees, and more than you need when they do not.

**Consider OpenShift when:** you operate regulated or business-critical workloads that justify continuous operations and a broader enterprise feature set. See [Managed OpenShift](https://www.managed-openshift.ch).

## Which layer is right for you?

If you want the cluster genuinely run for you but an enterprise platform is overkill, Managed Kubernetes is the layer built for that gap. [Register your interest](#contact) and tell us about your clusters. We will discuss whether the platform fits your team.


---

## Swiss Sovereign Kubernetes on cloudscale.ch and Talos

# Swiss sovereignty, by design

Managed Kubernetes runs on Swiss sovereign infrastructure from the first iteration. Your workloads and the cluster control plane stay in Switzerland, under Swiss law, with no dependency on a US or other foreign hyperscaler. Sovereignty here is a property of the platform, not an add-on.

## Where it runs: cloudscale.ch

The first iteration runs on [cloudscale.ch](https://www.cloudscale.ch/), an independent Swiss cloud provider that operates its data centers exclusively in Switzerland. That matters for three reasons:

- **Data location.** Your cluster data and persistent storage stay physically in Switzerland.
- **Governing law.** cloudscale.ch is a Swiss company operating under Swiss law. There is no foreign operator in the chain and no exposure to extraterritorial legislation such as the US CLOUD Act.
- **No hyperscaler dependency.** The platform does not lean on AWS, Azure, or Google Cloud primitives. You are not tied to a hyperscaler's networking, IAM, or storage model.

Additional Swiss sovereign providers may follow, driven by demand from early-access participants. The platform is built to be portable across Swiss infrastructure rather than locked to one provider's proprietary services.

## What makes the stack sovereign

Sovereignty is not only about where the servers are. It is also about what runs on them and who controls it.

### Immutable OS on Talos Linux

The platform runs on [Talos Linux](https://www.talos.dev/), an immutable, API-managed Kubernetes operating system. There is no SSH and no shell on the nodes; the entire system is configured through a declarative API. That eliminates configuration drift and shrinks the attack surface, and it means the OS layer is fully reproducible and auditable rather than hand-maintained.

### Open source, end to end

Every layer of the platform is open source: Talos, Cluster API, Cilium, the Gateway API, and Rook with Ceph. There is no proprietary enterprise licensing in the orchestration stack. Open source is a sovereignty property in its own right: you are not dependent on a single vendor's roadmap, licensing terms, or ability to continue supporting the product.

### Operated by a Swiss company

VSHN is a Swiss company based in Zurich, operating Kubernetes in production since 2016. The platform lifecycle is run by a Swiss operator under Swiss employment and data protection law.

## What sovereignty does and does not mean here

Managed Kubernetes is a deliberately bounded, business-hours service. It gives you Swiss data residency, Swiss governing law, and an open-source stack on independent Swiss infrastructure. It is not a regulated-grade enterprise platform with continuous around-the-clock operations. If your workloads require that, [Managed OpenShift](https://www.managed-openshift.ch) is the better fit. Being honest about that boundary is itself part of a trustworthy sovereignty story.

## Next steps

Sovereignty is one of the main reasons teams move to Swiss-operated Kubernetes. If keeping your clusters under Swiss law matters to you, [register your interest](#contact) and tell us about your requirements.