An Indianapolis-area technology company was preparing for SOC 2, HIPAA, HiTrust, and NIST 800-53 audits at the same time. We built an on-premise Kubernetes platform with the compliance controls built into the infrastructure.

AWS Advanced Tier Partner★ 4.9/5 on Clutch (9 reviews)Replies within 1 business dayAn Indianapolis-area technology company ran sensitive workloads that could not move to public cloud. It had no container platform, and access was managed through individual SSH keys and local accounts.
There was no audit trail for changes and no encryption for internal network traffic. Four compliance frameworks were in scope at once: SOC 2, HIPAA, HiTrust, and NIST 800-53.
We deployed RKE2 on bare metal with a 3-node high-availability control plane, managed through Rancher for its hardened defaults and CIS profile support.
We used Cilium as the CNI with kube-proxy replacement, enabled WireGuard encryption between pods by default, and added Hubble for network observability that doubles as audit evidence. Network policies default to deny.
We enforced Entra ID single sign-on across the Rancher UI, kubectl, and SSH. No local accounts, no shared keys. That was a hard auditor requirement.
We ran ArgoCD so every cluster change is tracked in Git and nothing is applied by hand. That gives auditors a complete, reviewable change history.
We added Longhorn distributed storage, Velero backups with a tested restore path, and GPU worker nodes through the NVIDIA GPU Operator for machine learning workloads.
We built Prometheus and Grafana dashboards oriented around audit evidence, and fed alarm coverage into a continuous compliance evidence platform, so the compliance team pulls evidence without engineering time.
Tell us what you are building and we will show you how we would approach it, with a free, no-obligation review.
Book a free consultation