If your control plane lives in someone else’s cloud, it’s not yours.

True platform resilience begins where provider dependency ends
Written by
Neil Cresswell
,
Portainer CEO
5 min read
October 14, 2025
October 22, 2025
Last updated:
October 23, 2025

The Kubernetes (or even Docker, for that matter) management control plane is the brain of your platform. It manages API access, workload scheduling, policy enforcement, and lifecycle automation across every cluster you operate. Whoever controls the control plane effectively controls the platform.

Many teams now run that brain as a cloud-hosted service, delivered by their cloud vendor or a third-party SaaS provider. It’s convenient. It removes patching, upgrades, and backend complexity. But it also changes your security model. The most privileged system in your environment now runs outside your perimeter, on infrastructure you do not control, operated by people you do not employ (nor govern).

This is not about trust in your provider’s integrity (although you absolutely need that, and validate it); it is about attack surface and dependency. A compromise, outage, or policy change at their end directly affects your production systems. You cannot delay or stage updates, you cannot restrict where their analytics or “call-home” telemetry goes (or what gets sent), and you cannot fully isolate your clusters from their management network.

Running a self-hosted control plane gives you back that control. You decide when upgrades occur and how they are validated. You determine what product analytics, if any, are transmitted externally. You can restrict the management network to trusted subnets, enforce strict firewall rules between environments, and integrate with your existing identity and audit systems. Most importantly, you define the trust boundary yourself instead of inheriting someone else’s.

Think back to VMware. Nobody would have considered running their entire vSphere estate from another company’s vCenter instance. vCenter was treated as sacred infrastructure; isolated, protected, and tightly governed. Kubernetes management deserves the same discipline.

Cloud-hosted control planes are perfectly fine for non-critical workloads. But for businesses that run essential services, or operate under regulatory or contractual constraints, self-hosting is not about nostalgia or ideology. It is about resilience, sovereignty, and control.

Portainer was built around that philosophy; to deliver the simplicity and speed of SaaS, but entirely within your perimeter. You host it, you govern it, you decide how it connects, and you control every update. It gives you the same operational experience that cloud-hosted control planes promise, without surrendering the most privileged layer of your stack.

If your control plane defines who can touch production, then owning it is not a preference. It is a requirement.

Neil Cresswell
Portainer CEO
Share this post
This is some text inside of a div block.
Related content

Practical. Relevant.
Real insights.

View all articles
Technology
October 5, 2025
October 6, 2025
Light coloured arrow icon
OPA Gatekeeper rules got you tearing your hair out?
Neil Cresswell
,
Portainer CEO
Technology
October 1, 2025
October 2, 2025
Light coloured arrow icon
The Hidden Headache of Kubernetes RBAC
Neil Cresswell
,
Portainer CEO
September 9, 2025
September 9, 2025
Light coloured arrow icon
Unlocking Data at the Edge Without Touching Your Control Systems
Matt McLendon
,
Product Steward - Industrial and IoT