How it works
Control plane in our cloud, data plane in yours. Vanilla infrastructure you can walk away from.
Ownkube is a control plane that provisions and manages Kubernetes infrastructure inside your own AWS account. Your code, containers, databases, and traffic never leave your VPC.
Architecture
The control plane only ever receives configuration intent: "deploy this image, with these env vars, at this scale". The actual rollout happens through a role Ownkube assumes in your AWS account. Application data, logs, and runtime state stay inside your VPC.
What runs where
| Component | Where it runs | Who owns it |
|---|---|---|
| Your applications | Your AWS account, inside your VPC | You |
| Your databases | Your AWS account, inside your VPC | You |
| Functions (beta) | Your AWS account, tied to an account + region, not a cluster | You |
| Container images | Your registry (Amazon ECR, GitHub-built, or a public image) | You |
| Secrets + env vars | Your cluster's Kubernetes secret store | You, encrypted at rest |
| Cluster configuration | Ownkube control plane | Ownkube (intent only, no app data) |
| User accounts + billing | Ownkube control plane | Ownkube |
The three stages
Connect your cloud
Connect your AWS account in the AWS onboarding flow. A CloudFormation stack creates a least-privilege IAM role in your account that Ownkube assumes via a unique external ID. No root credentials, no access keys.
See Connect your AWS account for the full walkthrough.
Provision infrastructure
Create a cluster from your dashboard. Ownkube provisions standard AWS resources inside your VPC: VPC, subnets, EKS control plane (Production), or EC2 + K3s on one AWS instance (Starter), IAM, load balancers.
See Clusters for the EKS vs K3s split.
Deploy your workloads
Push an image to a connected registry, pick a tag in the create-deployment flow from your dashboard, and Ownkube rolls it out. Rolling updates, health checks, and zero-downtime rollouts are handled for you.
See Deployments.
Two cluster shapes
Starter (K3s)
One EC2 instance, lightweight Kubernetes, free Ownkube platform fee. You only pay AWS for the EC2 instance. Best for dev, staging, side projects, and small production workloads.
Production (managed EKS)
Managed Kubernetes with node autoscaling, highly available across availability zones. $5 / vCPU + $1 / GB RAM per month. Best for production at scale.
You can run both in the same organization. Dev workloads on a free Starter cluster (you only pay AWS for the small EC2 instance), production on EKS.
The deployment flow
Every config change (new image tag, env var update, autoscaling change) triggers a rolling update. New containers start and pass health checks before old containers receive traffic or terminate.
Security model
Security deep-dive
Trust model, compliance, and data residency in detail.
Clusters
The EKS vs K3s decision and how each cluster type works.
Don't see a feature you need? Email support@ownkube.io. Ownkube is shaped by the teams using it and we ship what our users ask for.