Bring Your Own Cloud

Northflank in Your Infrastructure

Deploy Northflank’s platform into your own AWS, GCP, Azure, Oracle, or CoreWeave accounts. Run workloads in your VPC with complete control over data residency, compliance, and cloud expenses. Support for multi-cloud, hybrid cloud, and bring your own Kubernetes (BYOK) for on-premises deployments.

Try Northflank now d

Platform meets infrastructure

Northflank platform, your cloud account

Bring Your Own Cloud (BYOC) combines Northflank’s powerful platform experience with your own cloud infrastructure. Deploy into AWS, GCP, Azure, Oracle Cloud, or CoreWeave accounts while maintaining complete control over data residency, network configuration, and cloud billing.

Northflank provisions and manages Kubernetes clusters within your cloud environment, handling upgrades, scaling, and maintenance. You get the full platform experience—services, databases, jobs, GitOps, preview environments—running on infrastructure you own and control.

Your infrastructure, our platform

Connect your cloud accounts and Northflank provisions production-grade Kubernetes clusters within your VPC. All workloads and data remain in your cloud boundary while the Northflank control plane manages deployments, scaling, and operations.

Complete control and visibility

Retain full control over cloud resources, networking, security groups, and IAM policies. View all infrastructure costs directly in your cloud billing console. Northflank never has access to your workload data or secrets.

Same platform, everywhere

Identical developer experience across managed PaaS and BYOC. Use the same templates, pipelines, CLI, and API. Move workloads between managed and BYOC environments without changing deployment workflows.

Supported cloud providers

Deploy to any major cloud platform

Northflank BYOC supports the world’s leading cloud providers with native integrations for cluster provisioning, networking, and storage. Connect multiple cloud accounts for true multi-cloud and hybrid cloud architectures.

Screenshot of Northflank cluster provisioning

Amazon Web Services (AWS)

Deploy with EKS (Elastic Kubernetes Service) in any AWS region. Native integration with VPC networking, EBS storage, ALB load balancers, and IAM for service accounts. Support for Graviton ARM instances and GPU nodes.

Google Cloud Platform (GCP)

Run on GKE (Google Kubernetes Engine) across all GCP regions. Integrated with VPC networking, persistent disks, Cloud Load Balancing, and workload identity. Support for custom machine types and GPU accelerators.

Microsoft Azure

Deploy with AKS (Azure Kubernetes Service) in any Azure region. Integration with VNet networking, Azure Disks, Azure Load Balancer, and managed identities. Support for specialized VM types and GPU instances.

Oracle Cloud Infrastructure (OCI)

Leverage OKE (Oracle Kubernetes Engine) with OCI’s high-performance networking and block storage. Cost-effective compute with competitive pricing and enterprise-grade infrastructure.

CoreWeave

Access specialized GPU infrastructure on CoreWeave for AI/ML workloads. High-performance compute with NVIDIA H100, A100, and other accelerators. Kubernetes-native platform optimized for training and inference.

Multi-cloud support

Connect multiple cloud providers simultaneously. Run different workloads on different clouds based on regional requirements, pricing, or specialized capabilities. Unified management across all environments.

Run in your VPC

Complete network isolation and security

All workloads run within your Virtual Private Cloud (VPC) with complete network isolation. Configure security groups, network policies, and firewall rules according to your security requirements. Northflank integrates with your existing network architecture.

Screenshot of Northflank VPC configuration

Private VPC deployment

Kubernetes clusters and all workloads run within your VPC boundaries. Configure private subnets, NAT gateways, and VPC peering. No public internet exposure required for cluster operations.

Network architecture control

Design network topology to meet your requirements—multi-tier architectures, DMZs, or fully private clusters. Integrate with existing VPNs, Direct Connect, or ExpressRoute for hybrid connectivity.

Security group management

Configure security groups and network policies for fine-grained traffic control. Implement zero-trust networking with service mesh and mutual TLS. All network traffic remains within your cloud boundary.

Testimonials from Sentry

From the front lines

Northflank is way easier than gluing a bunch of tools together to spin up apps and databases. It’s the ideal platform to deploy containers in our cloud account, avoiding the brain damage of big cloud and Kubernetes. It’s more powerful and flexible than traditional PaaS – all within our VPC. Northflank has become a go-to way to deploy workloads at Sentry.

David Cramer

Co-Founder and CPO @ Sentry

Read a testimonial from Sentry

Everything where you expect it to be

Optimized for developer happiness

We designed every part of Northflank with one goal: simplify complex infrastructure and give developers the controls they need. So they can focus on what they do best: building.

Built for scale

You’re in good company

Since 2019, teams have used Northflank to run everything from enterprise products to high-scale AI infrastructure. Whether it’s one container or one thousand, Northflank holds the line.

Millions

of containers

130B+

Requests processed

$24M+

Raised in funding

50k+

Developers in production

330+

Availability zones

Multi-cloud and hybrid cloud

Deploy across clouds without vendor lock-in

Build true multi-cloud and hybrid cloud architectures with Northflank. Run workloads across AWS, GCP, Azure, and on-premises infrastructure with a unified platform experience. No vendor lock-in—move workloads between clouds as business needs evolve.

True multi-cloud portability

Deploy identical workloads across different cloud providers using the same templates and pipelines. Northflank abstracts cloud-specific details while preserving access to native cloud services. Switch providers without rewriting applications.

Global distribution

Run workloads in over 60 regions across multiple cloud providers. Position services close to users worldwide. Implement active-active architectures spanning multiple clouds for maximum availability and performance.

Hybrid cloud deployment

Connect cloud and on-premises infrastructure in a unified platform. Run sensitive workloads on-premises while leveraging cloud elasticity for variable workloads. Seamless networking between environments.

Disaster recovery across clouds

Implement cross-cloud disaster recovery strategies. Replicate workloads and data across providers for geographic redundancy. Automated failover to secondary clouds during regional outages.

Bring Your Own Kubernetes (BYOK)

Import existing clusters and on-premises infrastructure

Already have Kubernetes clusters? Import them into Northflank with Bring Your Own Kubernetes (BYOK). Connect existing EKS, GKE, AKS clusters, or on-premises Kubernetes installations to gain the full Northflank platform experience.

BYOK is ideal for organizations with existing cluster management processes, on-premises requirements, or specialized infrastructure. You manage cluster lifecycle, Northflank handles application deployment and operations.

Import any Kubernetes cluster

Connect any CNCF-certified Kubernetes cluster to Northflank. Works with managed Kubernetes services (EKS, GKE, AKS, OKE), self-managed clusters, or on-premises installations. Northflank agent runs within your cluster to enable platform features.

On-premises and bare metal

Deploy Northflank to on-premises data centers or bare-metal infrastructure. Meet air-gap requirements, leverage existing hardware investments, or satisfy compliance mandates requiring on-premises deployment.

Keep your cluster management

Retain full control over cluster provisioning, node management, and upgrades. Use your preferred cluster management tools, custom configurations, or specialized setups. Northflank operates as an application platform layer on top.

Screenshot of Northflank resource scaling

Data residency and compliance

Meet regulatory requirements with confidence

BYOC ensures all workloads and data remain within your cloud boundary, simplifying compliance with GDPR, HIPAA, SOC 2, ISO 27001, and other regulatory frameworks. Control exactly where data resides and how it’s processed.

Complete data residency control

Runtime environment and data plane remain entirely within your cloud account. All application data, databases, logs, and secrets stay in your VPC. Northflank control plane only manages orchestration metadata.

Data sovereignty compliance

Deploy in specific regions to comply with data sovereignty laws. Keep EU citizen data in EU regions, US data in US regions. Prevent cross-border data transfers when required by regulation.

Regulatory compliance

Simplified compliance with HIPAA, SOC 2, ISO 27001, PCI DSS, and FedRAMP. Inherit cloud provider certifications and compliance attestations. Maintain audit trails showing data never leaves your environment.

Encryption and key management

Use your own encryption keys for data at rest and in transit. Integrate with AWS KMS, Azure Key Vault, or Google Cloud KMS. Northflank never has access to encryption keys or encrypted data.

Cost optimization

Maximize cloud investments and minimize overhead

Leverage existing cloud commitments, credits, and enterprise agreements. Northflank optimizes infrastructure utilization while you maintain direct visibility and control over cloud spending in your billing console.

Screenshot of Northflank cost optimization

Use existing commitments

Apply existing cloud credits, reserved instances, savings plans, and enterprise discounts. Maximize value from AWS EDPs, GCP commits, or Azure reservations. All cloud costs appear directly in your billing console.

Right-sized infrastructure

Northflank minimizes infrastructure sprawl and optimizes resource allocation. Automatic bin-packing of workloads onto nodes. Intelligent autoscaling reduces waste while maintaining performance.

Reduced operational overhead

Eliminate the engineering cost of building and maintaining internal platforms. Free teams from writing Kubernetes YAML and managing infrastructure. Focus resources on delivering business value instead of platform operations.

Enterprise security

Security and governance for regulated industries

BYOC provides enterprise-grade security with sandboxed workload execution, network isolation, and comprehensive audit logging. Built-in multi-tenancy enables secure isolation between teams, projects, and customers.

Secure multi-tenancy out of the box

Enable multi-tenancy in minutes with sandboxed runtimes, namespace isolation, and network policies. Service mesh with mutual TLS for encrypted inter-service communication. Secret injection and rotation without application downtime.

Sandboxed execution

Workloads run in isolated sandboxes with Kata Containers or gVisor for VM-grade isolation. Complete separation between tenants prevents cross-tenant access. Additional security layer beyond standard Kubernetes isolation.

Audit and compliance logging

Complete audit trails of all infrastructure changes, deployments, and access. Track who made changes, when, and from which interface. Export logs to SIEM systems for security monitoring and compliance reporting.

Regional data controls

Configure data residency policies per project or customer. Prevent workloads from deploying to non-compliant regions. Enforce geographic boundaries programmatically through templates and policies.

Testimonials from Pebblebed