The sovereign supply chain for
Canada's classified Kubernetes.
Canadian-jurisdictional trust path from build to apply, for the cleared engineering teams already running Protected B and Secret Kubernetes. No foreign vendor in the path.
One trust path. Built for what Canada must build.
A complete deploy-time substrate for classified Kubernetes. Built, signed, attested, and audited inside Canadian boundaries.
- 01
A Canadian-jurisdictional trust path
Every artifact bound for a classified Kubernetes cluster bundled, signed, attested, and applied under Canadian jurisdiction. The vendor is Canadian-incorporated and the supply chain is Canadian-jurisdictional. Foreign-jurisdictional dependencies are removed from the trust path by design, not minimized by policy.
- 02
Hardened artifact attestation
Every artifact entering a classified cluster is signed, attested, and accompanied by a software bill of materials. Inspectable end to end. Auditable by your own people, not just ours.
- 03
Air-gap operations
A productized one-way transfer protocol with attestation chain and tamper-evident audit trail. Designed for SCIFs where the high-side machine has never seen the internet, and never will.
- 04
Accreditable compliance and audit
ITSG-33 controls mapped to Northfleet's capabilities. Auditor-ready evidence collection by default. Every signature, attestation, and audit entry is produced by Northfleet and verifiable on the customer's terms.
The sovereignty requirement is now a procurement requirement.
Canada's Defence Industrial Strategy committed the country to a domestic defence industrial base, with explicit procurement preference for Canadian-controlled infrastructure. The DSRB is now headquartered in Canada. BDC's Defence Platform is deploying capital to operators that can hold the jurisdiction line.
Every meaningful Kubernetes platform in production at Canadian defence primes today operates under foreign jurisdiction. The CLOUD Act reaches into all of them. The sovereign supply chain into those platforms is the part this strategy still has to buy.
Buyers operating where jurisdiction matters.
-
Defence primes
Engineering and accreditation teams running classified Kubernetes for federal customers under domestic-controlled procurement.
-
Federal departments
CIO and CTO offices building Protected B and Secret capability inside Canadian boundaries, on Canadian-operated infrastructure.
-
Allied multilateral buyers
DSRB-aligned partners standing up sovereign-by-default infrastructure for cross-jurisdictional defence programs.
Sovereignty is the substrate, not the slogan.
- ·
Supplied by a Canadian-incorporated vendor with a Canadian-jurisdictional supply chain.
- ·
Deployed on Canadian-jurisdictional infrastructure by cleared engineering teams.
- ·
Built on upstream Kubernetes. No fork. No lock-in.
- ·
Inspectable from artifact to admission. Audit is a default, not a feature.
- ·
Designed for accreditation against ITSG-33 from the first commit.
Ship classified workloads
on Canadian terms.
Northfleet is built for defence primes, federal departments, and allied buyers running classified workloads on Canadian-jurisdictional infrastructure. A briefing follows first contact.