See how DKP can radically simplify running production-grade Kubernetes in secure environments

Air Gapped On Premises

To balance between the myriad risks of connecting to the Web and the need to operate offline, air-gapped Kubernetes is ideal. For On-Premises or Private Cloud environments, D2iQ provides local repositories that keep Kubernetes humming without the need for a continuous connection and a secure Bastion node that communicates via secure tunnel at need.

AWS Air Gapped

To balance between the myriad risks of connecting to the Web and the need to operate offline, air-gapped Kubernetes is ideal. For Public Cloud environments, D2iQ provides local repositories that keep Kubernetes humming without the need for a continuous connection and a secure Install node within the Public Cloud that communicates via secure tunnel at need.

Benefits of Kubernetes in Air-Gapped Environments

Because the network is offline, air-gapped environments can keep critical systems and sensitive information safe from potential data theft or security breaches. As another layer of protection, organizations can vet the container images that they allow to run on their clusters to reduce the risk of a malicious attack. In addition, organizations are also not exposed to rate limiting on the downloads of these images. Finally, they can operate in low bandwidth or with a poor internet connection, ensuring the continuous availability of their mission-critical applications. While air-gapped environments offer many security and workflow advantages, they also introduce new challenges.

Challenges of Kubernetes in Air-Gapped Environments

Set-Up is Manual and Time-Consuming

Running Kubernetes in offline, air-gapped environments means having private registries and repositories in place for Kubernetes and Docker to run Kubernetes in production. In addition, your software and open-source components will need to be tightly integrated, secured, tested for vulnerabilities, and made locally accessible to your application and deployment environment. This is not only a very manual process, but requires a number of steps on top of that to make it work, making it difficult to build a robust production platform to support mission-critical workloads.

Lack of Two-Way Connectivity

Kubernetes simplifies and automates many of the operational tasks by providing a communication path between the control plane and clusters. However, in an air-gapped environment, the control plane may not have easy access to your clusters because they are behind a firewall, NAT gateway, or Proxy, or in a DMZ. When two-way connectivity isn’t available, there is no way to keep your clusters running in line with the specifications you set them up with, which can lead to an increase in failures, downtime, and operational costs.

How DKP Delivers Value for Federal and Public Sector Organizations

Leverage Pure Upstream, Open-Source Kubernetes

Harness Best-of-Breed Open-Source Components

While there are many Kubernetes distributions available, simply installing Kubernetes is not enough. Compliance-minded organizations require a broader set of services for their production environment. DKP is built on pure-upstream Kubernetes and the best supporting open-source components from the CNCF that are tightly integrated, secured, and tested at scale to ensure the continuous interoperability of key services. DKP is pure open-source and works out-of-the-box with air-gapped environments, offering tremendous flexibility to support the simplest of pilot projects to the most complex, highly advanced programs.

Simplify Air-Gapped Kubernetes Deployments

Standardize Kubernetes Across Projects, Teams, and Infrastructures

DKP leverages the new Cluster API (CAPI) from the CNCF to simplify the provisioning, upgrading, and operating of multiple air-gapped clusters. For on-premise deployments, the Konvoy image builder tool simplifies the creation of bundles containing every needed component. For air-gapped deployments on AWS, you can create an AMI with everything needed to stand up a production Kubernetes environment. And because you can run multiple, identical instances from a single API, you can standardize Kubernetes across different roles, responsibilities, and environments in a compliant and secure manner. The result is a consistent, repeatable approach to standing up Kubernetes in production and an accelerated time-to-market for new application needs.

D2iQ has shown us that they are a trusted partner and that their product is worth the relationship. They’ve never made any false promises. They back up what they say and they deliver a solid, production-grade product.

Sr. Cloud Executive

One of the largest Law Enforcement Agencies for the federal government

Centralized Multi-Cluster Management

Deliver Centralized Command and Control

The Kubetunnel feature allows for cluster management in environments with network restrictions. With this new capability, communication can take place unidirectionally, as needed, to remove the need for always-on bi-directional connectivity between the control plane and clusters. In addition, operators receive alerts, metrics, and Kubecost data to easily monitor and obtain insights about your organizational clusters and infrastructure at scale. With a single-view control plane for multi-cluster management, monitoring and logging dramatically reduce the time needed to troubleshoot issues and deliver better resource utilization.

Military-Grade Security, Governance, and Access Controls

Ensure Conformance and Compliance

DKP comes with built-in military-grade security, policy, and governance features to meet the strict demands of national security. With federated Role-Based Access Control (RBAC) and single sign-on across your clusters, teams can leverage their existing authentication mechanism already in place to access clusters and operators can centrally manage roles, access levels, policies, and more, securely and consistency. In addition, by obtaining Federal Information Processing Standards (FIPS) 140-2 validation, D2iQ eliminates your need to obtain domain-specific expertise in encryption protocols. We ensure that our infrastructure components automatically enforce encryption in-transit, vital to workload orchestration, and for the storage of sensitive data.

Unmatched Expertise

Deliver Open-Source Community Leadership and Direction

D2iQ is the only US based organization to serve as a Certified Kubernetes Service Provider, Certified Kubernetes Training Partner, and top 25 contributor to Kubernetes. As a founding member of the CNCF with numerous leadership roles in the community, we contribute to a broad set of open-source projects on behalf of our compliance-minded customers so they can tackle projects of great importance and make a huge impact on mission-critical initiatives. We also have a robust partner ecosystem to help organizations service missions, and a number of contract vehicles in place to remove barriers to entry, such as GSA, NASA SEWP, DoD ESI, DoD DevSecOps Software BOA, and more.

Key Features and Benefits


Container Orchestration

Leverage an industry standard distribution of open-source Kubernetes for cluster and container management.


Declarative Automated Installer

Accelerate time-to-production on any infrastructure with a highly automated installation process that includes all of the necessary open-source components needed for production.


Application Management and Deployment

Deploy applications and services within Kubernetes clusters with Helm.



Manage logs by tenant or workspace, for more granular control and simpler troubleshooting of problems.


Cluster Autoscaling

Save operational costs by scaling down capability when it’s not needed, and add capacity when there is greater demand.


Backup, Recovery, and Migration

Ensure business continuity and disaster recovery with Velero.


Networking and Routing

Enable unidirectional connectivity between the control plane and clusters with Kubetunnel.


Fine-Grained Cluster Upgrades

Reduce operational overhead with non-disruptive patching or parallel worker node upgrades.


Operational Dashboard

Provide instant visibility and operational efficiency into the Kubernetes landscape from a single-view control plane.


Lifecycle Automation

Ensure consistent upgrades, deployment, and security policies for both infrastructure (through CAPI) and applications (through FluxCD).


Centralized Observability

Gain deep insight into your Kubernetes clusters and applications with open-source metrics leveraging Telegraf, Prometheus, and Grafana.


Governance Policy Administration

Meet the requirements of security and audit teams with centralized cluster policy management.


Granular Cost Control

Drill down into cluster costs in real-time with an accurate and consolidated cost management across your cluster landscape.


Service Mesh Integration

Add advanced networking capabilities, such as multi-cluster and cross-cluster service discovery, load balancing, and security across a variety of hybrid, multi-cloud, and air-gapped environments.


Centralized Authorization and Authentication

Enable single sign-on (SSO) across an organization’s cluster footprint and govern authorization with RBAC and Open Policy Access to enhance security and reduce risk.

Ready to take the next step?
Request a demo
See how DKP can radically simplify running production-grade Kubernetes in secure environments