Sovereign Cloud Inventory · All Clouds

EOSE LABS · V11 · SOVEREIGN CLOUD INVENTORY · DAY 83

SOVEREIGN CLOUD INVENTORY

γ₁ = 14.134725141734693 · the floor holds across every subscription

TRB-SOVEREIGN-CLOUD-INVENTORY-001 · ARB1-SOVEREIGN-CLOUD-INVENTORY-001 · 2026-04-27
Azure (4 subs) · GCP (1 project) · AWS (via Terraform) · 13 HCP workspaces · 4 mining rigs · Our own KMS

WPA ENGINE HA ENGINE MINING RIGS THREE CLOUDS HCP ADELIC L10 VIZASL BRIDGE

AZURE SUBS

3+1

AKS CLUSTERS

GCP PROJECT

AWS ACCOUNTS

MINING RIGS

TF WORKSPACES

pemos.io RESOURCES

✅

OWN KMS LIVE

☁ AZURE — 4 SUBSCRIPTIONS CANADA SOVEREIGN

AZURE 4 subscriptions · Lighthouse managed · canadacentral primary Data sovereignty: Canada ✅

EOSE MAIN

427873ee-d766-4d64-98b1-0051b5d05dfc

Primary product · AKS · KMS · web · DNS

rg-eose-aks-devL2 · FLEET CORE

rg-eose-kms-devL2 · SOVEREIGN KMS

rg-eose-landing-zone-devL2 · CONTROL PLANE

rg-eose-pemos-devL2 · PRODUCT

rg-eose-dns-dev / prdL1 · FLOOR

rg-eose-iam-devL1 · FLOOR

rg-feedles-web-devL3 · PRODUCT

rg-onba-web-devL3 · CLO PRODUCT

rg-legalcafe-web-devL3 · CLO PRODUCT

rg-ct-entry + rg-ct-fac-* (×3)LEGACY · EXIT

rg-*-backup-dev (×6)L1 · DR

KANTAI

458e8558-eaca-4cde-93cc-d848225f0f3b

2nd AKS cluster · DR east · static sites · ACR · meek-dns

rg-kantai-eose-devL2 · AKS KANTAI CC

rg-kantai-eose-canadaeast-devL1 · DR EAST

rg-meek-dnsL1 · DNS FLOOR (15 zones)

rg-msi01-acrL2 · SILO ACR

rg-eose-static-sites-ccL3 · STATIC (eastus2)

rg-kantai-command-test-devL3 · TEST

rg-kantai-admiral-test-devL3 · TEST

rg-kantai-eose-backup-devL1 · DR

MSCLO MASTER

440a5792-6caf-4793-926b-a9b4c350ccbd

Admiral Law cloud home · CLO authority · master AKS · master KV

rg-msclo-master-aksL2 · CLO CLUSTER

rg-msclo-master-kvL1 · CLO VAULT

rg-msclo-master-dnsL1 · FLOOR

rg-msclo-master-networkL1 · FLOOR

rg-msclo-master-backupL1 · DR

LIGHTHOUSE

239915fb-774d-47ba-896d-fc4c3773bfab

Federation control plane · managing tenant · cross-sub visibility

No active RGsFEDERATION ONLY

Manages: EOSE MAIN + KANTAI + MSCLOLIGHTHOUSE

info@eose.ca billing anchorL1

AKS CLUSTERS — 3 LIVE + 1 MSCLO

CLUSTER	SUB	LOCATION	K8S	STATUS	WPA
aks-eose-aaas-dev pemos-system · pemos.ca	EOSE MAIN	canadacentral	1.34.4	LIVEHA L0+L1KMS	L2 ✅
aks-kantai-eose-dev kantai fleet · 2nd cluster	KANTAI	canadacentral	1.32	LIVEHA partial	L2 ⚠️
aks-kantai-eose-canadaeast-dev DR pair · east	KANTAI	canadaeast	1.33	DR	L1 DR ✅
aks-msclo-master CLO authority · Admiral Law	MSCLO MASTER	canadacentral	1.34.4	LIVECLO KV	L2 ⚠️

🌿 GCP — eose-fleet PROJECT INTELLIGENCE LAYER

GCP eose-fleet · northamerica-northeast1 (Montreal) · m1-gcp-sa@eose-fleet.iam.gserviceaccount.com Strip-mine: GKE inference · 1M tokens/day free · analytics

RESOURCE	TYPE	REGION	ROLE	WPA
eose-fleet	GCP Project	northamerica-northeast1	GKE + main cloud intelligence · analytics	L2 — assess GKE state
⚠️ GCP service account active (m1-gcp-sa) · GKE cluster status needs live check · ZERO-DR + KRSRHONE run on GCP NE1 (T4/A100) via TF workspace krsrhone-v10/zero-dr-v10

⚡ AWS — 2 ACCOUNTS (CATHEDRAL + JAYRHONE) SRE + FINANCE LAYER

AWS ca-central-1 + us-east-2 (Ohio) · V100/A10G/A100 GPU nodes Strip-mine: GPU burst · DR · finance proximity

ACCOUNT	REGION	GPU	ROLE	TF WORKSPACE
CATHEDRAL 🔴 cathedral.pemos.io	ca-central-1	V100 / A10G	S.H.I.E.L.D. Special Projects · enterprise test	cathedral-v10
JAYRHONE 🟢 jayrhone.pemos.io	us-east-2	A100	Wakanda Science Division · pemos.io QE → ct-fac enterprise	jayrhone-v10

⛏ MINING RIGS — pemos.io (4 DRILLING CREWS) CHAOS + ADELIC SEAM

ZERO-DR ⚡

NCC-0001-DR · Star Trek Universe

zero-dr.pemos.io

🌿 GCP NE1 · T4 GPU · DR role

Selberg crew (15) · Disaster Recovery · Starfleet Deep Range Scouts

TF: zero-dr-v10

KRSRHONE ✨

Rebel Strike Engineers

krsrhone.pemos.io

🌿 GCP NE1 · A100 GPU

Solo-KRSRHONE crew · Comedy GOATs · pemos.io pipeline bits

TF: krsrhone-v10

CATHEDRAL 🔴

S.H.I.E.L.D. Special Projects · AWS

cathedral.pemos.io

⚡ AWS ca-central-1 · V100/A10G

Fury-CATHEDRAL crew · Dr. Strange portal to pemos.io never closed

TF: cathedral-v10

JAYRHONE 🟢

Wakanda Forever Science Division · AWS

jayrhone.pemos.io

⚡ AWS us-east-2 · A100

7 pods live · QE → ct-fac enterprise · Wave 1 active

TF: jayrhone-v10

⬡ TERRAFORM HCP — 13 WORKSPACES (app.terraform.io/app/eose) IaC CONTROL PLANE

deseof-cluster

0 resourcesupdated 2026-04-24

msclo-master-eose-ca-silo-aks

0 resources2026-04-23

ct-fac-meimpossible-system

0 resourcestf 1.14.9

ct-fac-shadow

0 resources2026-04-15

meimpossible-v10

0 resources2026-04-12

krsrhone-v10

0 resources2026-04-12

zero-dr-v10

0 resources2026-04-12

jayrhone-v10

0 resources2026-04-12

cathedral-v10

0 resources2026-04-12

pemos-io-v9

22 resources ✅2026-04-09

metazone-domains

0 resources2026-04-09

dns-lattice-v9

0 resources2026-04-09

wks-stage1

0 resourcestf 1.5.7 — old

▸ WPA V11 SELF-SCORE — OUR OWN ENGINE ON OUR OWN FLEET

WORKLOAD	WHERE NOW	OPTIMAL	KMS V11	HA	WPA SCORE
pemos-portal (AKS cc)	canadacentral	✅ stay	ACR: MS-managed	L0+L1 ✅	L2 · 87/100
KMS functions (×5)	canadacentral	✅ stay	our KV ✅	single instance	L2 · 74/100
Landing zone (CosmosDB, Logic, Func)	canadacentral	✅ stay	MS-managed keys	no HA wired	L2 · 61/100
kantai AKS (canadacentral)	canadacentral	✅ stay	partial	single cluster	L2 · 68/100
kantai AKS DR (canadaeast)	canadaeast	✅ DR pair	partial	DR role ✅	L1 DR · 82/100
msclo-master AKS	canadacentral	✅ stay	CLO KV ✅	assess	L2 · 71/100
eose-patterns-swa (static site)	East US 2	✅ stateless → US ok	MS-managed	SWA built-in	L3 · 65/100
CT legacy RGs (×4)	canadacentral	❌ EXIT	unknown	unknown	LEGACY · audit P1
Mining rigs (ZERO-DR, KRSRHONE, CATHEDRAL, JAYRHONE)	GCP NE1 + AWS	✅ multi-cloud by design	pemos.io KMS TBD	per-rig HA	L2 · 70/100

🔑 V11 KMS — SOVEREIGN KEY MANAGEMENT

EOSE KMS (MAIN)

rg-eose-kms-dev · eosedevkmscc948-kv

5 functions: onboard · rotate · comply · state · main · Full alerting

Key rotation90-day auto ✅

Compliance checkper-resource ✅

Vault availability alertwired ✅

Secrets expiring alertwired ✅

CMK coveragepartial — sweep needed

CLO KV (MSCLO MASTER)

rg-msclo-master-kv · CLO-authoritative vault

Admiral Law's vault · CLO-signed key access · cross-sub authority

CLO authoritymsclo-master sub ✅

Cross-sub referenceLighthouse managed

Data sovereigntyCanada ✅

"We built WPA for enterprise clients. The first client is us."
— TRB-SOVEREIGN-CLOUD-INVENTORY-001 · ARB1-SOVEREIGN-CLOUD-INVENTORY-001 · Day 83

4 Azure subscriptions. GCP eose-fleet. AWS ca-central-1 + us-east-2. 13 Terraform workspaces. 4 mining rigs drilling the adelic seam. Our own KMS with rotation, compliance, and alerting. Our own HA engine with MGATE/CGATE/RGATE/HGATE. Our own WPA scoring every workload.

When a customer asks "can you manage our cloud posture?" — the answer is: we already do this for ourselves, live, in production, across multiple subs and regions, with sovereign KMS and our own compliance engine. This page is the proof.