Sovereign Alternatives to Hyperscalers – Does It Always Have to Be Another “Cloud”?
The debate about sovereignty in the cloud in Europe often revolves around the question: Do we need our own hyperscalers to be independent? Many see the solution in a “European cloud” that should replace AWS, Azure, or Google Cloud. But the reality is much more complex—and in many ways, more pragmatic. Most services offered by hyperscalers are based on well-known open-source projects. The difference lies in branding, integration, and pricing. Those truly seeking sovereignty don’t necessarily need to build a new hyperscaler. The real alternative is closer: Kubernetes as a foundation and open tools instead of proprietary “cloud services.”
Hyperscaler Services Are Often Just Open Source with Branding
A large part of the hyperscaler product range consists of open-source tools that are repackaged under their own name and come with a price tag. Examples:
- Amazon RDS is based on PostgreSQL or MySQL.
- Azure Cosmos DB also offers PostgreSQL-compatible interfaces.
- Google Cloud SQL is simply a managed PostgreSQL or MySQL service.
The innovation lies less in the actual software and more in the integration into the respective hyperscaler ecosystem: IAM integration, monitoring, autoscaling, and billing are seamlessly integrated. This makes it convenient—but not sovereign.
European Clouds: Vanilla Open Source with Their Own Label
Many European cloud providers take a different approach: They offer the official community version of open-source projects like PostgreSQL, MariaDB, or Kubernetes—often with their own branding and sometimes with opaque pricing. The advantage: No forks, no proprietary APIs. The disadvantage: Less deep integration and sometimes a “reseller” feel—in the end, you’re just running a PostgreSQL that carries a different name in the frontend.
This leads to a paradoxical situation: European clouds sometimes seem less innovative than American hyperscalers, who integrate the same tools so deeply that their additional costs at least appear technically justifiable.
The Reality: VMs with Software on Top
A closer look reveals: Many cloud offerings are ultimately just “virtual machines with pre-installed software.” This may be practical for smaller projects but quickly becomes unattractive when it comes to performance, isolation, and costs. Shared systems are not uncommon, and “noisy neighbor” problems—performance losses due to overloaded neighboring systems—occur even with premium providers.
The question is: Why take an expensive detour via hyperscalers or second-tier clouds when you’re only running software on VMs anyway? Why not use Kubernetes directly and operate the same open-source tools sovereignly?
Kubernetes as a Foundation for Sovereignty
Kubernetes offers everything needed to build a sovereign infrastructure:
- Built-in High Availability: Pods and deployments are inherently fault-tolerant and automatically restarted.
- Self-Healing: Nodes or containers that fail are automatically replaced.
- Scalability: Workloads can be scaled horizontally and vertically—independent of a cloud provider’s business model.
- Portability: Kubernetes runs on AWS, Azure, GCP, Oracle, but also on-premises or in European clouds. Those who master Kubernetes are not tied to a single provider.
- Ecosystem: Operators, CRDs, and a multitude of open-source projects make it possible to operate complex systems sovereignly.
With Kubernetes, the cloud is not replaced but demystified: The “cloud magic” becomes a set of tools that can run on any infrastructure.
| AWS | Azure | Google Cloud | Oracle Cloud | Kubernetes / Open Source Alternative |
|---|---|---|---|---|
| Elastic Compute Cloud (EC2) | Virtual Machine | Compute Engine | Virtual Machine | KubeVirt |
| Elastic Kubernetes Service | Azure Kubernetes Service (AKS) | Google Kubernetes Engine (GKE) | Oracle Container Engine | Native Kubernetes |
| Lambda | Azure Functions | Cloud Functions | OCI Functions | Knative / OpenFaaS |
| Simple Storage Service (S3) | Blob Storage | Cloud Storage | Object Storage | MinIO / Rook |
| Elastic Block Store | Managed Disk | Persistent Disk | Persistent Volume | Rook / Longhorn |
| Elastic File System | File Storage | File Store | File Storage | Rook |
| Virtual Private Cloud | Virtual Network | Virtual Private Cloud | Virtual Cloud Network | Cilium / Wireguard |
| Route 53 | DNS | Cloud DNS | DNS | CoreDNS / Knot |
| Elastic Load Balancing | Load Balancer | Cloud Load Balancing | Load Balancer | MetalLB / Cilium |
| Web Application Firewall | Web Application Firewall | Cloud Armor | Web Application Firewall | NGINX Ingress Controller + ModSecurity |
| RDS | SQL Database | Cloud SQL | ATP | CloudnativePG |
| DynamoDB | Cosmos DB | Firebase Realtime Database | NoSQL Database | Cassandra / ScyllaDB |
| Redshift | Synapse Analytics | BigQuery | Autonomous Data Warehouse | Apache Druid / Presto / Trino |
| Elastic MapReduce | HDInsight | Dataproc | Big Data | Apache Spark |
| Kinesis | Streaming Analytics | Dataflow | Streaming | Apache Kafka / Strimzi |
| SageMaker | Machine Learning | Vertex AI | Data Science | Kubeflow |
| Glue | Data Factory | Data Fusion | Data Integration | Apache Airflow / Argo Workflows |
| EventBridge | Event Grid | Eventarc | Events | Argo Events / Knative Eventing |
| Simple Queueing Service | Storage Queues | Pub/Sub | Streaming (Notifications) | RabbitMQ / NATS |
| Simple Notification Service | Service Bus | Firebase Cloud Messaging | Notifications | Kafka Topics / NATS JetStream |
| CloudWatch | Monitor | Cloud Monitoring | Monitoring | Prometheus / VictoriaMetrics / Grafana |
| CloudFormation | Resource Manager | Deployment Manager | Resource Manager | Helm / Crossplane / ArgoCD |
| IAM | Active Directory | Cloud Identity | IAM | Keycloak / Authentik |
| KMS | Key Vault | Cloud KMS | Vault | HashiCorp Vault / Infisical |
Practical Examples
Based on the comparison table for AWS, Azure, GCP, and Oracle, some core services can be examined in more detail. For each of these services, there are mature open-source alternatives in Kubernetes.
PostgreSQL Databases: CNPG Instead of RDS & Co.
Amazon RDS, Google Cloud SQL, or Azure Database for PostgreSQL are popular managed services. But in the end, it’s “just” PostgreSQL behind a proprietary management layer.
A sovereign alternative is CloudNativePG (CNPG):
- Point-in-Time Recovery (PITR): Precise time recovery, as known from enterprise databases.
- Metrics Integration: Native Prometheus/Grafana integration for monitoring.
- Dashboards: Clear dashboards for cluster status and performance.
- Clustering & High Availability: Multi-node setups with automatic failover.
CNPG is a Kubernetes operator that fully integrates PostgreSQL clusters into Kubernetes. The operation remains with the users—but with much more transparency and sovereignty than with hyperscalers.
Object Storage: S3 vs. Rook-Ceph
S3 has become the de facto standard for object storage. AWS coined the term, Azure and Google offer corresponding APIs, and even European providers rely on “S3-compatible storage.”
In Kubernetes environments, Rook-Ceph is a suitable option:
- Self-Managed Storage: Full control over data and architecture.
- Scalability: Horizontally and vertically expandable.
- S3 Compatibility: Applications that use S3 today work seamlessly.
- Flexibility: In addition to object storage, also block and file storage.
This eliminates dependency on AWS & Co.—and the risk of vendor lock-in.
Monitoring: VictoriaMetrics vs. Cloud Monitoring
Monitoring is one of the most underestimated cost factors with hyperscalers. Google Cloud Monitoring or AWS CloudWatch are often billed by metrics or time series—which can cause astronomical costs for large installations.
A Kubernetes-native setup with VictoriaMetrics offers enormous advantages:
- Cost Reduction: Up to 1000% less operating costs compared to hyperscaler pricing.
- Compatibility: Prometheus-compatible, making it easy to integrate.
- Efficiency: High-performance storage of millions of metrics.
In combination with Grafana, a complete, sovereign monitoring setup is created without the cost trap.
Identity Provider: Keycloak vs. Cloud IAM
Identity and user management is another area where hyperscalers incur high costs. AWS IAM, Azure Active Directory, or Google Identity often charge per user or per authentication.
A sovereign counterproposal is Keycloak:
- Scalability: A single instance can manage millions of users.
- Open Source: No licensing costs, full control.
- Flexibility: Support for OIDC, SAML, LDAP, and social logins.
- Cost Advantage: No user-based billing—huge savings for platforms with many users.
Keycloak runs natively in Kubernetes and enables companies to operate their own IAM solution sovereignly and cost-effectively.
Conclusion: Sovereignty Does Not Mean “Building Our Own Hyperscalers”
The discussion about European sovereignty in the cloud is often too narrowly focused. It’s not about replacing AWS or Google Cloud with a “European hyperscaler.” Sovereignty arises from the ability to operate open tools on one’s own infrastructure, thereby reducing dependencies.
Kubernetes is the key: It makes workloads portable, scalable, and resilient—and enables the use of the same open-source tools that hyperscalers rely on. Those who master Kubernetes are free to view cloud providers only as suppliers of computing resources—not as operators of the entire ecosystem.
The question is not: Do we need European hyperscalers?—but: How do we use Kubernetes to make ourselves independent of hyperscaler business models?
At ayedo, we are working precisely on this point: Sovereign Kubernetes infrastructures that enable companies to operate cloud services independently and efficiently. The tools are available—you just have to use them consistently.