Sovereignty

Kubernetes Secrets are not secrets. They’re base64-encoded plain text, stored in etcd, often visible to anyone with cluster access. This is the default, and it’s terrifying. Every cloud provider offers a Key Management Service. AWS has Secrets Manager, Google has Secret Manager, Azure has Key Vault. They work fine — until you need to migrate, or you want to understand what happens to your secrets, or you simply don’t want your most sensitive data in someone else’s infrastructure. ...

What happens when your Kubernetes cluster can’t reach the internet? Not “slow connection” — no connection at all. Ships at sea. Remote mining sites. Factory floors with air-gapped networks. Military deployments. This isn’t an edge case. It’s a design requirement for anyone who takes sovereignty seriously. Why This Matters: Beyond the Technical Running Kubernetes offline forces you to confront a question most cloud-native guides ignore: what are you actually depending on? ...