Skip to content


The SaaS, multi-tenant controller is built on a zero trust security model that only requires outbound Internet connectivity on TCP port 443 from the managed clusters to the Internet based SaaS controller for centralized management.

However, due to security and operational requirements, some organizations may be unable to allow even outbound connectivity on port 443 to the SaaS Controller. As a result, these organizations may be required to deploy and operate the controller itself in their infrastructure. Here are some examples:

  • A defence agency that needs to manage their clusters in GovCloud
  • A highly regulated business that needs to operate their clusters in a private network


The Controller itself is a containerized, microservices based application that is packaged and distributed as a Helm chart. In addition to the controller Helm chart, an installer is also provided to help provision and operate the Kubernetes and storage infrastructure layer for the controller software.


See the Cluster Architecture support article for more details. This content is only available to customers and partners, and requires a login to the support portal.

Air Gapped Environments

The self hosted controller can be deployed in "fully air gapped" environments.

All software and dependencies for the "controller" and "upstream Kubernetes clusters" are "pre-packaged" into the installer. Once the controller is installed, new upstream Kubernetes clusters can be provisioned, operated and kept up to date without requiring any software downloads from the Internet.

Management Options

Two management options are available for the self hosted controller

Self Managed

The customer deploys and operates the controller software on their network. The customer is responsible for installation, ongoing operations, upgrades etc.


With the managed option for the self hosted controller, the customer can offload the operational burden of provisioning and ongoing maintenance of the controller. The controller software will be operated on the customer's infrastructure with remote access provided to our operational/support personnel.