Cloud Native at Swisscom – Empowering a Sovereign ‘Private Cloud Container-as-a-Service’ (CaaS) for Swiss-based Enterprises

As this CNCF article describes Swisscom has pioneered a Kubernetes Service, a sovereign ‘Private Cloud Container-as-a-Service’ (CaaS) built for Swiss-based enterprises.

It provides a modern, scalable, and highly available Kubernetes platform as part of Swisscom’s Enterprise Service Cloud (ESC), with all data hosted in Switzerland under Swiss law to ensure data sovereignty and protection from foreign regulations like the US Cloud Act.

Main Purpose

Swisscom developed the service to replace a previous vendor-specific container offering with an open-source, vendor-agnostic solution. The goal is to reduce dependencies and vendor lock-in, lower costs, enable faster updates, and deliver a competitive alternative to US hyperscalers — especially in terms of functionality and data privacy. It supports B2B customers running containerized workloads while allowing Swisscom to maintain full control and operational excellence in cloud-native technologies.

Key Features

Swisscom successfully built a robust, layered private Kubernetes service using CNCF technologies and KubeVirt on bare metal. This approach delivers a sovereign alternative to public clouds while maintaining operational control.

Challenges such as limited prior real-world experience with some components were addressed through internal development, testing, and partnerships. Future plans include hybrid/multi-cloud support, edge computing, GPU integration, and further enhancements based on customer feedback.

• Multi-tenancy with strong isolation — Multiple customer tenants run on shared infrastructure but are fully segregated using VPCs and network policies.
• High availability and scalability — Includes node autoscaling, integrated backups, native Kubernetes load balancers, and an Application Catalog for add-ons.
• Customer flexibility — Choice of Container Network Interfaces (e.g., Cilium, Canal, or none), persistent storage options, and self-service deployment in dedicated workload zones.
• Sovereign and secure — Data stays in Swiss data centers; policy-driven security with Kyverno as the default engine.
• Self-service portal — Customers can independently manage and deploy workloads.

Architecture Overview

The solution uses a layered architecture:

• Consolidated Infrastructure (COI): Bare-metal servers in Swisscom data centers, with KVM hypervisor.
• Cloud Native Infrastructure Platform (CNIP): Provisions ephemeral virtual machines via KubeVirt for Kubernetes control planes and worker nodes.
• Swisscom Kubernetes Platform (SKP): Uses Kubermatic Kubernetes Platform (KKP) to create and manage highly available customer-specific Kubernetes clusters (user clusters).

Environments are split into a management zone and workload zones for clear responsibility sharing. Networking relies on Kube-OVN (with VPC isolation), storage uses kubevirt-csi and Trident-CSI (NetApp integration), and GitOps with ArgoCD drives automation. MetalLB handles load balancing in the bare-metal setup.

A high-level diagram in the article shows multi-tenancy (e.g., BLUE and RED tenants on shared yellow resources) and another illustrates customer zones with control planes and user-managed abstractions.

Technologies Used (as of 2024–2025)

• Kubernetes: up to 1.32+ (CNIP) and 1.31–1.34 (SKP)
• KubeVirt, Kube-OVN, MetalLB, Kyverno, ArgoCD, Helm, CloudNativePG, and others — all open-source/CNCF projects.

Benefits and Use Cases

• Sovereignty & compliance — Full Swiss data residency and legal protection.
• Cost efficiency & agility — Open-source stack reduces lock-in and enables faster innovation.
• Enterprise readiness — Strong isolation, automation, self-service, and high availability.
• Primary use cases include container orchestration for Swiss enterprises in telecom, software, and regulated industries, as well as internal Swisscom workloads (over 60% migrated within 9 months).

Key Takeaways

The article highlights how this architecture balances shared infrastructure efficiency with strict tenant isolation and self-service capabilities, positioning Swisscom as a leader in sovereign European cloud services.