Thalassa Cloud Thalassa Cloud
Console Sign up for free

Authoritative DNS now in Early Access

dns release
2026-06-18
By Thalassa Cloud
Teams running workloads on Thalassa Cloud still had to host DNS with a separate provider. For organisations that use Thalassa for European data sovereignty, that left domain records outside the platform. We heard from several customers that they prefer managing infrastructure and DNS through a single vendor: the same console, API, and audit trail they already use for VMs, Kubernetes, and load balancers, rather than maintaining zones at a third-party DNS service.
Read article

Topics

Latest Posts

RSS Feed

Authoritative DNS now in Early Access

2026-06-18
Teams running workloads on Thalassa Cloud still had to host DNS with a separate provider. For organisations that use Thalassa for European data sovereignty, that left domain records outside the platform. We heard from several customers that they prefer managing infrastructure and DNS through a single vendor: the same console, API, and audit trail they already use for VMs, Kubernetes, and load balancers, rather than maintaining zones at a third-party DNS service.

Secrets Manager now available in Early Access

2026-06-15
Teams running workloads on Thalassa Cloud often still store credentials with a separate secrets service. Some run OpenBao or HashiCorp Vault themselves — which works, but adds operational overhead on top of the application stack: deployment, upgrades, backup, and ongoing monitoring. Others rely on another third-party tool or vendor. For organisations that use Thalassa for European data sovereignty, that keeps sensitive values outside the platform they chose for compute and storage.

Thalassa Cloud Launches Key Management Service in Early Access

2026-06-11
Last year we shared that we were building KMS and Secrets Manager for Thalassa Cloud. Today we are happy to be opening our Key Management Service (KMS) in Early Access. What is KMS, and why does it matter? A Key Management Service (KMS) is where you create, store, and control the cryptographic keys used across your environment. Applications and platform services call the KMS API to encrypt data, verify signatures, or generate keyed hashes — instead of embedding key material in configuration files or managing crypto libraries per service.

Working with Thalassa Container Registry from Kubernetes

2026-06-11
You’ve pushed an image to Thalassa Cloud Container Registry. Now you want your Kubernetes cluster to pull it. Good news: there’s nothing exotic about this. It’s the same imagePullSecrets flow you’d use with any private registry - Docker Hub, ECR, whatever you’ve worked with before. This post walks you through it step by step, from credentials to a running pod. If you want the full reference, the Kubernetes guide has that covered.

Kubernetes Cluster provisioning, without hardcoded secrets

2026-05-27
You can deploy a Kubernetes cluster in 5 minutes using GitLab CI and Terraform—without storing any secrets in your pipeline. This guide shows you how to use OIDC (OpenID Connect) for secure authentication and deploy a production-ready cluster. By the end, you’ll have a working pipeline that creates and manages your Kubernetes cluster automatically. Why Use OIDC? Usually, CI/CD pipelines need API tokens stored as secrets. This causes problems. You must manually rotate tokens, which is easy to forget.

CVE-2026-31431 (Copy Fail): patched Kubernetes images on Thalassa Cloud

2026-05-01
CVE-2026-31431, known as Copy Fail, is a Linux kernel local privilege escalation affecting a wide range of kernels from 2017 until distributors ship the fix. On Kubernetes Clusters that may execute potentially malicious workloads (i.g. third party container images), the vulnerability may facilitate container escape scenarios (from a pod to the host). Utilising microVMs or other isolated runtime classes may mitigate impact. Thalassa Cloud Kubernetes images v1.34.7-1 and v1.35.4-1 include kernel module updates that address CVE-2026-31431 by applying the recommended mitigation from Canonical for Ubuntu.

Bootstrap workload identity with tcloud. GitHub, GitLab, and Kubernetes

2026-03-24
We want to eliminate static secrets wherever it is practical. Long-lived tokens in Git variables, copied into Terraform backends, or baked into cluster manifests rot slowly, leak easily, and rarely map cleanly to who actually called the API. Workload identity federation is a better default: a platform OIDC identity proves this pipeline or this service account ran the job, and Thalassa issues short-lived access in exchange. The tcloud iam workload-identity-federation bootstrap command is one piece of that puzzle.