The sovereign supply chain for classified Kubernetes.
Northfleet is a Canadian-incorporated Kubernetes supply chain vendor supplying the bundle protocol, attestation chain, and audit trail that cleared engineering teams apply to their Protected B and Secret clusters. The customer operates the cluster; Northfleet supplies the supply chain.
From build to apply
What Northfleet ships, in 75 seconds.
Four pillars. One platform.
Each pillar is built to the same standard: Canadian-jurisdictional supply chain, accreditation-ready evidence, deployable to existing cleared environments without rip-and-replace.
- 01
Sovereign supply chain
Every artifact entering a classified cluster bundled, signed, verified, and applied under Canadian jurisdiction. Foreign-jurisdictional dependencies are removed from the trust path by design, not minimized by policy. The customer's cleared engineering teams operate the cluster on upstream Kubernetes; Northfleet supplies the supply chain.
- 02
Hardened artifact attestation
Every artifact entering the trust path is signed, attested, and accompanied by a verifiable bill of materials. Inspectable end to end. Auditable by your security team without privileged access to ours.
- 03
Air-gap operations
A productized one-way transfer protocol with attestation chain and tamper-evident audit trail. Designed for classified facilities where the high-side environment has never seen the internet, and never will.
- 04
Accreditable compliance and audit
ITSG-33 controls mapped to Northfleet's capabilities. Evidence collection by default, ready for accreditation review. Northfleet produces the proof; the cleared engineering teams that operate the cluster sign off.
Where it runs.
-
On premises
Departmental data centres and prime-operated classified facilities. The default for Secret workloads.
-
Sovereign cloud
Canadian-owned, Canadian-operated cloud regions, region-locked, with no cross-border data flows and no foreign-jurisdiction parent.
-
Hybrid estates
Build and staging on Canadian commercial cloud; production on premises. The air-gap layer carries deployments across the classification boundary.
Designed against ITSG-33 from the first commit.
Canadian classified procurement runs on ITSG-33. Northfleet is structured around the controls procurement actually requires: access, audit, configuration management, identification and authentication, and system communications. Auditor-ready evidence is the default, not an add-on.
CCCS guidance and CSE technical bulletins shape the default policy posture. Departments with stricter overlays bring their own and Northfleet enforces both.
What Northfleet is not.
The shape of Northfleet is defined as much by what it refuses to be as by what it ships.
-
Not a Kubernetes distribution.
Northfleet runs on upstream Kubernetes. Defence procurement is allergic to vendor-specific control planes that drift from CNCF conformance, and rightly so.
-
Not a managed-services vendor.
Northfleet operates the trust path, not the cluster. The customer's cleared engineering teams operate the cluster, as they already do. There is no Northfleet operator with kubeconfig access to a customer environment.
-
Not a Red Hat reseller.
OpenShift is a fine product under foreign jurisdiction. That is the gap Northfleet exists to close, not narrow.
-
Not a generic cloud.
Northfleet exists for one reality: Canadian jurisdiction, cleared engineering teams, classified workloads. Everything outside that is out of scope.
-
Not consumer SaaS.
There is no self-serve sign-up. Procurement begins with a conversation with the people who will be on the line for the deployment.
Recent field notes
- Jul 07, 2026
A procurement checklist for the sovereign Kubernetes supply chain
Fifteen criteria for any vendor in the trust path of a classified Kubernetes deployment: the question to ask in an RFP, the evidence that answers it, and the red flag that fails it. The closing essay in the series.
- Jun 23, 2026
The cost Canada cannot measure
Canada is spending $81.8B to rebuild its defence industry and named Secure Cloud a sovereign capability. The platforms its primes run classified workloads on are still under US legal authority. The cost of that exposure is invisible by design, and the absence is itself the cost.
- Jun 16, 2026
Accreditation by emission, not collection
ITSG-33 evidence for a Protected B system is assembled by hand today, a year-or-more job repeated per system and redone on every significant change. What changes when the deployment chain emits that evidence at every signed apply, instead of a team collecting it after the fact.
For procurement conversation,
talk to us.
The architecture brief covers protocol, threat model, attestation chain, and accreditation mapping. It is shared after a first conversation with engineering and procurement leads who will be on the line for the deployment.