Speed. Security. Simplicity. Rancher Government Transforms Kubernetes Operations in Classified Environments

From IC Insider Rancher Government Solutions

With IC Cloud Support, Intelligence Community teams can now provision and manage clusters faster and more securely, simplifying operations across the most restricted networks.

For mission owners across the Intelligence Community, secure modernization has long meant trade-offs: classified environments often lag behind commercial clouds in automation, speed, and usability. Rancher Government Solutions (RGS) helps close that gap.

RGS, a leader in secure, enterprise-grade Kubernetes management for the U.S. Government, has announced the General Availability (GA) of IC Cloud Support. This breakthrough capability brings full provisioning and lifecycle management to classified cloud environments without requiring access keys, custom software development kits (SDKs), or manual workarounds.

“Our customers in classified environments deserve the same operational simplicity and resiliency they get in commercial cloud,” said Adam Toy, Chief Technology Officer at RGS. “With IC Cloud Support, RGS brings that consistency to the most secure environments in government.”

The Challenge: Managing Kubernetes Behind the Airgap

Organizations operating in airgapped or restricted AWS and Azure regions face a radically different landscape from commercial cloud users. These classified environments are completely isolated by design, with no internet connectivity, external endpoints, or public resource exchange.

As a result, provisioning or managing Kubernetes infrastructure required manual, highly constrained processes:

• Physically moving software via burned discs or removable media into SCIFs
• Operating without identity access management (IAM) keys or secrets, since credential creation is prohibited
• Rewriting code to communicate with .gov API endpoints and custom certificate authorities
• Relying on imported clusters that limited access to Day-2 operations like scaling, shell access, or certificate rotation

This fragmentation left DevSecOps teams balancing compliance with complexity—manually managing infrastructure that, in commercial settings, takes minutes.

From Technical Preview to Full Operational Capability

When RGS first announced IC Cloud Support as a technical preview in March 2025, it was clear the capability filled a critical operational gap. The preview demonstrated that by leveraging a differentiated Rancher Government build, users could provision clusters in classified AWS regions by simply toggling the new “Carbide Instance Credential” option—removing the need for manually managed keys and secrets.

Since then, RGS engineers have expanded the feature set and hardened the integration for General Availability. The result: full RKE2 and EKS provisioning, native classified API endpoint compatibility, and seamless Day-2 lifecycle management—all inside the familiar Rancher Manager interface.

How It Works: Secure Automation Without Keys or Custom Code

At the core of IC Cloud Support is a Kubernetes-native approach that replaces manual access management with secure automation.

When IC Cloud Support is enabled, Rancher Manager uses the EC2 instance’s own IAM role (rather than user-managed credentials) to authorize access. This is powered by the Carbide Instance Credential, a hardened mechanism unique to RGS that uses instance metadata services to assume cloud permissions automatically.

This eliminates the need for:

• Handwritten SDKs or API scripts
• Local key storage or secrets rotation
• Custom certificate handling for classified domains

The outcome: a keyless, zero-trust-aligned provisioning workflow that meets the stringent security expectations of intelligence and defense networks.

Full Parity for Classified Cloud Operations

The General Availability release introduces a complete suite of enhancements designed for mission-critical continuity:

• Native provisioning for RKE2 and EKS clusters in classified AWS regions
• Instance-level authorization via Carbide Instance Credential
• Compatibility with classified API endpoints and certificates
• Expanded Day-2 operations including node scaling, certificate rotation, snapshot/restore, and encryption key rotation
• UI and UX parity across AWS Commercial, GovCloud, and classified regions

Together, these improvements eliminate operational gaps between environments, giving intelligence agencies feature parity and user experience consistency across classification levels.

Why It Matters for the Intelligence Community

For operators inside the Intelligence Community, the implications are significant.
Classified cloud environments support some of the nation’s most sensitive workloads—mission systems that demand both speed and assurance. IC Cloud Support means these systems can now be provisioned, scaled, and secured with the same simplicity and confidence found in commercial deployments.

Benefits include:

• Faster mission delivery: Full provisioning in minutes, not days
• Reduced human error: Eliminates manual configuration and scripting
• Operational continuity: Consistent Rancher UI across all classification levels
• Accelerated ATO cycles: Built-in compliance and evidence generation
• Improved security posture: No external keys or unmanaged secrets

This advancement directly supports the Intelligence Community’s goals of agile modernization, zero trust implementation, and mission-ready cloud operations.

Availability and Next Steps

IC Cloud Support is now available to all RGS customers through the Carbide Portal and Registry. After downloading the latest Rancher Government build for Rancher Manager, users can deploy directly in classified regions by toggling the Carbide Instance Credential option during cluster provisioning.

For more information or to schedule a technical consultation, contact info@ranchergovernment.com or visit us at ranchergovernment.com.

About IC Insiders

IC Insiders is a special sponsored feature that provides deep-dive analysis, interviews with IC leaders, perspective from industry experts, and more. Learn how your company can become an IC Insider.