Pricing

Our flexible pricing options tailored to your needs

Simple pricing from the start, no hidden tiers and no surprises.

MonthlyYearly
€ EUR$ USD

Standard Plan

Ideal for medium to large businesses requiring core features with transparent pricing.
Contact us to become an early adopter and try Cloudinspector 6 months for free!

250 billed monthly
  • 1 Kubernetes cluster with up to 250 nodes included.
  • Additional clusters can be added as needed.
  • On-Premise installation.
  • Graph and table views.
  • CSV Export.
  • Includes 5 users. Additional users can be added for a small extra fee.
  • Adaptations possible upon request.
Select Standard Plan

Enterprise Plan

Recommended

Perfect for long term planning and scaling.

  • Everything from the standard plan.
  • For teams that run Kubernetes at scale.
  • Advanced On-Premise installation.
  • Priority support.
Get started

FAQ

Frequently Asked Questions

Straight answers about CloudInspector

CloudInspector comes with an installer and free installation support.
We offer free support to install the CloudInspect Kubernetes Operator and to keep you up and running. Anything beyond that, like customized installs, trainings etc are billed with an hourly rate.
The standard plan allows installing CloudInspector in 1 Kubernetes cluster with up to 250 nodes. Please contact us if you need more.
You decide where CloudInspector stores data. Your data never leaves your network.
You decide on the retention time of any data that CloudInspector collects from your Kubernetes clusters.
  • The pod has no egress network access.
  • NetworkPolicies enforce default deny.
  • No external endpoints are configured.
  • No DNS resolution is allowed.
No. The ServiceAccount has:
  • No write permissions.
  • No patch permissions.
  • No delete permissions.
Kubernetes RBAC enforces this at the API level.
No. CloudInspector has:
  • No access to mutate resources.
  • No admission controller role.
  • No webhook registration.
  • No operator privileges.
  • No CRD modification rights.
CloudInspector is not an operator.
No. The RBAC role does not include resources and secrets. If secret metadata access is required, it is explicitly limited and documented.
No.
  • Egress is blocked at the CNI level.
  • DNS egress is blocked.
  • No raw socket capabilities.
  • No NET_ADMIN capability.
Options available:
  • Version pinning via image digest.
  • Image signing verification.
  • Admission policy enforcement.
  • Supply chain attestation.
  • Internal artifact registry mirroring.
Deployment can require manual approval for version upgrades.
Yes. Your options are:
  • Enable Kubernetes Audit Logs.
  • Use Falco / runtime detection.
  • Use eBPF monitoring.
  • Monitor network flows.
  • Inspect container logs.
Even in that scenario:
  • No egress = no exfiltration.
  • No write RBAC = no mutation.
  • No privileges = no escalation.
  • No host access = no node compromise.
The blast radius is limited to read-only API access.
No. It works with namespace-scoped, read-only permissions.
Yes. You can:
  • Perform penetration testing.
  • Perform static code review.
  • Validate RBAC via policy tools (OPA/Gatekeeper).
  • Enforce Pod Security Standards (restricted level).
  • Enforce Kyverno policies.
  • Run kube-bench.
cta-image

Discover your clusters

Begin uncovering the real structure of your Kubernetes environment. CloudInspector gives you an immediate visual understanding of how your applicationss connect and interact.

Get Started