Zero Trust Without Lock-In: What We Heard at KubeCon EU 2025

We’re back from KubeCon EU 2025 in London, and one thing came through loud and clear: European teams want control. Not just for security or performance—but for regulatory peace of mind.

Whether we were speaking with platform engineers, SREs, or DevOps leads, the message was the same:

“We need auditability. We need data locality. And we want to run it ourselves.”

That’s why Pomerium resonated so strongly. It’s open core, always self-hosted, and designed for privacy-respecting access control in the real world—not just in slide decks.

A Platform You Own, Not Just Use

Pomerium isn’t just a proxy—it’s a building block for secure, context-aware access that integrates cleanly into your stack. You run it. You control it. No hidden cloud, no opaque control planes.

With our latest v0.29.0 release, we’re doubling down on visibility, flexibility, and fit:

• End-to-end tracing with OpenTelemetry for full observability

• UDP tunneling support for securing DNS, syslog, and other non-HTTP protocols

• New Routes Portal for better user navigation and discovery of routes

• Improved ergonomics for API clients and debugging access flows

These aren’t just features—they’re tools that help teams enforce Zero Trust policies without slowing down developers.

Why It Resonated

The excitement around Pomerium wasn’t just technical—it was philosophical:

• Self-hosted by design – Run everything on your own infra. No managed dependencies.

• Open core – Transparent and extensible.

• Keep data local – Supports sovereignty, GDPR, and airgapped deployments.

• Zero Trust that adapts – Secure anything from internal dashboards to kubectl to in the near future, AI agents.

SSH Access—Without the Lock-In

Yes, competitors have SSH—but not like this.

Pomerium supports native SSH, using the client your devs already have. No extra installs. And unlike other solutions, access policies can be deeply granular, scoped to identity, time, device posture, and more—all centrally managed.

You get the power of identity-aware SSH, without introducing another UX burden or client dependency.

Multicloud Is Here—And It’s a Mess

Across the board, teams told us: “Multicloud isn’t aspirational anymore—it’s a messy reality.”

From hybrid cloud to on-prem to the edge, today’s workloads are scattered. A consistent, policy-driven access layer is critical—and it has to run anywhere:

• No cloud-specific assumptions

• Works in VMs, containers, or bare metal

• Portable Zero Trust access across environments

As the API surface grows (especially with AI agents accessing tools dynamically), this kind of unified access control is only becoming more essential.

From the Show Floor to Submarines

One conversation stood out: an engineer told us about running Kubernetes in an airgapped submarine for the German military. For them, cloud wasn’t just disallowed—it was impossible.

In that kind of setting, inspectable, self-contained, locally hosted systems aren’t a preference—they’re mandatory. Pomerium made sense because it works without assuming cloud.

This wasn’t an outlier. Teams in banking, healthcare, and critical infrastructure echoed the same thing: they need solutions they can audit, extend, and run entirely on-prem—without giving up modern features or developer speed.

What’s Next

Thanks to everyone who dropped by, gave feedback, or grabbed some stress cubes. 

We’re continuing to invest in:

• Better observability (OpenTelemetry, trace context)

• Native Protocol support beyond HTTP (UDP, SSH)

Didn’t make it to our booth? No worries.

• Get started with open source

• Or try Pomerium Zero

• Explore enterprise features

• Or just reach out—we’d love to hear what you're building.