Provider Compliance Overview
This page provides a comprehensive overview of how different Infrastructure as a Service (IaaS) providers comply with Haven+ requirements and operational best practices.
Compliance Matrix
The following table shows the compliance status for each provider across all Haven+ requirements and additional operational capabilities.
| Check Category | Requirement | Local | Cyso | ODC-Noord (Quattro) | OVHcloud | Previder |
|---|---|---|---|---|---|---|
| INFRASTRUCTURE | ||||||
| Multiple (>=1) AZs in use | ⬜ | ✅ | ✅ | ✅ | ✅ | |
| 3 AZs available | ⬜ | ✅ | ⬜ | ✅ | ⬜ | |
| Running a highly available control plane | ⬜ | ✅ | ✅ | ✅ | ✅ | |
| Running at least 3 worker nodes | ⬜ | ✅ | ✅ | ✅ | ✅ | |
| Node hardening | ⬜ | ✅ | ✅ | ✅ | ✅ | |
| Private networking topology | ⬜ | ✅ | ✅ | ✅ | ✅ | |
| Node Autoscaling | ⬜ | ✅ | ✅ | ✅ | ✅ | |
| Multiple node pools available | ⬜ | ✅ | ✅ | ✅ | ⬜ | |
| CLUSTER | ||||||
| Kubernetes Version (latest/max 3 minor behind) | ✅ | ✅ | ✅ | ✅ | ✅ | |
| RBAC Enabled | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Limited Kube API Access Control | ✅ | ⬜ | ✅ | ✅ | ✅ | |
| STORAGE | ||||||
| ReadWriteOnce (RWO) Volumes | ✅ | ✅ | ✅ | ✅ | ✅ | |
| ReadWriteMany (RWX) Volumes | ✅ | ✅ | ✅ | ⬜ [1] | ✅ | |
| S3 Compatible Object Storage | ✅ (MinIO) | ✅ | ✅ | ✅ | ✅ | |
| OPERATIONS | ||||||
| Self-provisioned Load Balancers | ✅ | ✅ | ✅ | ✅ | ⬜ | |
| OpenTofu IaC or KaaS | ⬜ | ✅ | ⬜ | ✅ | ✅ | |
| ExternalDNS compatible DNS Service | ⬜ | ✅ [2] | ⬜ | ✅ | ✅ | |
| EXTERNAL & DEPLOYMENT | ||||||
| CNCF K8s Conformance | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Automated HTTPS Certificates | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Log Aggregation | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Metrics Server | ✅ | ✅ | ✅ | ✅ | ✅ |
References
- [1] OVHcloud supports RWX with Enterprise File Service as storage backend (and the alpha stage FSaaS).
- [2] Cyso Cloud offers the ExternalDNS compatible DNS service Designate by OpenStack https://cyso.cloud/docs/enterprise-managed-kubernetes/more/use-external-dns-from-within-emk/.