Swisscom pioneers sovereign cloud with open source Kubernetes service, powered by KubeVirt and Kube-OVN
Summary
Swisscom developed a sovereign “Kubernetes Service” for Swiss-based enterprises using open source technologies, particularly KubeVirt and Kube-OVN as successor to their existing Container service offering. This initiative reduced vendor dependency, improved scalability, and ensured data sovereignty while providing a competitive alternative to public cloud providers. Launched in August 2025, the platform now serves both internal and external customers with 390 clusters, 2100 worker nodes, and 160 TB of persistent storage in production.
Company Overview
Swisscom is Switzerland’s leading ICT company, providing mobile, Internet, TV, and comprehensive IT and digital services to private and business customers. With over 15,000 employees, Swisscom is a CNCF Silver Member and Kubernetes Certified Service Provider (KCSP) partner, committed to open source and cloud native technologies.
Projects used
Challenges
The aim was to reduce dependency on vendor-specific implementations, improve scalability, and ensure data sovereignty and regulatory compliance, while competing with public cloud providers. Technical challenges included building a platform capable of handling 600+ clusters with 4000 workers across four datacenters and facilitating multi-tenancy for 20+ companies. Operational challenges involved implementing new infrastructure, acquiring cloud-native expertise, and training in-house engineers.
Solution
Swisscom addressed its sovereignty, scalability, and vendor independence challenges by designing a fully open, Kubernetes-based platform built on cloud native principles. Rather than extending its existing container service, the team developed a new, two-layer architecture that separates infrastructure management from customer-facing Kubernetes operations.
At the foundation, the Cloud Native Infrastructure Platform (CNIP) runs on bare metal and uses Kubernetes to orchestrate virtual machines via KubeVirt, with Kube-OVN providing networking and CSI-based storage enabling persistent workloads. On top of this, the Swisscom Kubernetes Platform (SKP) delivers fully managed, highly available Kubernetes clusters to customers, leveraging Kubermatic for lifecycle management and Argo CD for GitOps-driven operations.
This approach allows Swisscom to standardize cluster provisioning, enforce policies consistently using Kyverno, and automate operations across environments—while maintaining full control over data, infrastructure, and platform evolution.
The architecture uses Kubernetes to manage resources across multiple availability zones and physical datacenters, enhancing scalability, resilience, and flexibility. Key CNCF projects used include Kubernetes, KubeVirt, Kube-OVN, containerd, CNI, CSI (Trident-CSI and kubevirt-csi), Kyverno, Helm, Argo CD, Prometheus, and CloudNativePG.
To enable comprehensive security features and support multi-tenancy across all layers, Swisscom implemented Kyverno as the policy enforcement engine on both platforms. This empowered administrators and users to define, validate, and enforce policies directly within the Kubernetes API at every level, eliminating the need for external tools or complex integrations.
Given the complex, distributed architecture, Swisscom relied on full automation and orchestration to manage resources from VMs to policies and configurations. They chose Argo CD as their GitOps tool for Kubernetes, enabling declarative, continuous delivery by using Git as the single source of truth for application management.
Results
- Successfully launched by August 2025, serving 390 clusters, 2100 worker nodes, and 160 TB of storage.
- Ongoing migration from legacy container service, projected for completion by Q1/2027.
- Reduced vendor dependency, enhanced scalability, and operational agility.
- Competitive against public cloud providers, with improved data sovereignty and compliance.
Compared to the legacy container offering, enhancements include:
- Upstream Kubernetes versions with faster updates.
- Node Autoscaling.
- Integrated Backup functionalities.
- Native Kubernetes Load Balancer.
- Modern customer self-service portal.
From the customer’s perspective, user clusters provide additional functionalities, enabling them to make independent decisions, e.g. choosing a default CNI from the available options (Cilium, Canal, None).
Quantifiable Improvements
- The platform scales to >600 clusters with 4000 workers across 4 datacenters.
- Supports multi-tenancy for 20+ companies and has successfully migrated 49 internal applications (144 clusters, 23,000 pods, 100 TB storage) within 12 months.
- First enterprise-grade solution in Switzerland using KubeVirt and Kube-OVN.
Lessons Learned
- Cloud native technologies can face enterprise-readiness challenges.
- Limited 24/7 support for open source technologies required advanced in-house support capabilities.
- Importance of automation and orchestration for managing complex, distributed architectures.
- Value of policy enforcement engines like Kyverno for compliance and governance.
Future Plans
- Expand to hybrid and multi-cloud deployments.
- Finalize implementation of “Kubernetes Service On-Prem” for edge computing.
- Integrate GPU support for compute-intensive workloads.
- Explore hosting traditional VM workloads on the CNIP.
- Introduce shared cluster/namespace concepts.
- Continue participation in open-source communities.
With the launch of its Kubernetes Service in August 2025, Swisscom has established a sovereign, cloud native platform capable of supporting both internal and external workloads at scale. By combining open source technologies with a layered platform design, the company has reduced reliance on vendor-specific solutions while improving operational flexibility and scalability.
The platform already supports hundreds of clusters in production and continues to expand as workloads are migrated from legacy systems. Customers benefit from faster access to upstream Kubernetes features, integrated operational capabilities such as autoscaling and backups, and a self-service experience aligned with modern cloud expectations.
“By embracing open source and cloud native technologies, we’ve created a truly sovereign cloud solution that modernizes our container offering while reducing external dependencies and providing advanced features to our customers. This platform represents a significant leap forward in our ability to serve both internal and external clients with a scalable, secure, and flexible Kubernetes service.”
Christian Dietrich, Product Manager Cloud at Swisscom
Swisscom’s approach demonstrates how telecommunications providers can leverage Kubernetes and the broader cloud native ecosystem to build competitive, enterprise-ready platforms that meet strict data sovereignty and compliance requirements—without sacrificing innovation or control. The successful implementation and ongoing migration highlight Swisscom’s commitment to innovation and its position as a leader in cloud native technologies in Switzerland.