Thalassa Cloud Thalassa Cloud
Sign in Sign up

Introducing Service Accounts in Thalassa Cloud

iam security
2025-10-10
By Thalassa Cloud

Service accounts are non‑human identities designed for automated systems, applications, and integrations. In Thalassa Cloud, they are organisation‑level principals with their own roles and one or more access credentials. Use them for CI/CD pipelines, controllers, monitoring, provisioning, or any workload that needs programmatic access. Service accounts separate machine access from human users, enabling least‑privilege policies, independent credential rotation, and clean audit trails. Each service account can hold multiple credentials, so you can rotate keys with zero downtime.

Read article

Latest Posts

2025-10-10

Introducing Service Accounts in Thalassa Cloud

Service accounts are non‑human identities designed for automated systems, applications, and integrations. In Thalassa Cloud, they are organisation‑level principals with their own roles and one or more access credentials. Use them for CI/CD pipelines, controllers, monitoring, provisioning, or any workload that needs programmatic access. Service accounts separate machine access from human users, enabling least‑privilege policies, independent credential rotation, and clean audit trails. Each service account can hold multiple credentials, so you can rotate keys with zero downtime.
2025-09-29

Pod Security Standards: Practical Hardening for Kubernetes

Pod Security Standards (PSS) are a low‑friction way to harden clusters by default. With Pod Security Admission (PSA), you can enforce least‑privilege at the namespace level and prevent risky pods from ever being created. It’s simple, auditable, and fits cleanly into GitOps. Improving your security posture Implementing Pod Security Standards is crucial as it helps reduce the blast radius by blocking privilege escalation and host-level access. It allows teams to catch misconfigurations early during the admission phase rather than after deployments, ensuring issues are addressed promptly.
2025-09-20

VPC‑Only Access for Kubernetes Clusters

We’ve added support for VPC‑only access to Kubernetes control planes. When enabled, the cluster’s public API endpoint is disabled and the Kubernetes API is reachable only from within your Virtual Private Cloud. This helps teams meet stricter security and compliance requirements without sacrificing operational access. VPC-only access is valuable for DevOps teams because it boosts security by removing the internet-facing API endpoint, which reduces the attack surface. It also makes network rules and identity limits clearer by using your VPC as the boundary.
2025-08-14

Kubernetes v1.33.4-0 and v1.32.8-0: Security Fixes and Component Updates

We’re excited to announce the release of two new Kubernetes versions in Thalassa Cloud: v1.33.4-0 and v1.32.8-0. These releases bring security fixes, component updates, and enhanced stability for your Kubernetes workloads. Security Fixes Both releases address a medium security vulnerability: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference A vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource.
2025-08-08

Building KMS and Secret Manager for the Dutch Cloud

We’re excited to announce that we’re building Key Management Service (KMS) and Secret Manager for Thalassa Cloud. These security services will provide the foundation for secure application development on our Dutch public cloud platform. Why We’re Building These Services Modern cloud-native applications need more than just basic infrastructure. They require robust security & Encryption services that integrate seamlessly with your development workflow. While we already offer IaaS, Kubernetes as a Service and databases, we’re expanding our platform to include the fine graind encryption services.
2025-01-04

Multi Tenancy in Private Cloud

In this post, we explore why multi-tenancy in your cloud platform is crucial for modern cloud operations by examining an example of a financial services company navigating common challenges in private cloud management. We highlight how the lack of multi-tenancy contributes to why development teams often advocate for public cloud. To illustrate, consider a large financial services company that operates its entire infrastructure on a private cloud, retaining ownership of its hardware to maximize control over data, performance, and compliance.