Skip to content

Getting Started

Setting up Compliant Kubernetes consists of two parts: setting up at least two vanilla Kubernetes clusters and deploying compliantkubernetes-apps on top of them.

Pre-requisites for Creating Vanilla Kubernetes clusters

In theory, any vanilla Kubernetes cluster can be used for Compliant Kubernetes. We suggest the kubespray way. To this end, you need:

Ansible is best installed as follows:

git clone --recursive
cd compliantkubernetes-kubespray
pip3 install -r kubespray/requirements.txt

Optional: For debugging, you may want CLI tools to interact with your chosen cloud provider:

Pre-requisites for compliantkubernetes-apps

Using Ansible, these can be retrieved as follows:

git clone
cd compliantkubernetes-apps
ansible-playbook -e 'ansible_python_interpreter=/usr/bin/python3' --ask-become-pass --connection local --inventory, get-requirements.yaml


Compliant Kubernetes relies on SSH for accessing nodes. If you haven't already done so, generate an SSH key as follows:


Configuration secrets in Compliant Kubernetes are encrypted using SOPS. We currently only support using PGP when encrypting secrets. If you haven't already done so, generate your own PGP key as follows:

gpg --full-generate-key