Private preview opening soon

Strictly declarative Kubernetes. Anywhere.

Operate edge devices, bare-metal rigs, and cloud instances as a single, cohesive cluster. Otroid injects immutable OS images and auto-configures WireGuard meshes, enforcing strict GitOps convergence across fragmented infrastructures.

Notify Me at Launch See the Flow
AWS GCP Azure Hetzner Bare Metal ARM64 + AMD64

otroid.cluster.yaml

ready 
# Otroid Declarative Cluster Specification
apiVersion: otroid.io/v1alpha1
kind: DecentralizedCluster
metadata:
  name: edge-production-fleet
spec:
  runtime:
    engine: k0s
    version: v1.36.1+k0s.1
  infrastructure:
    os: kairos-immutable
    imageStream: cryptographically-signed
    hardwareTrust: tpm-secureboot
  networking:
    cni: cilium-ebpf
    mesh: wireguard-p2p
  gitops:
    controller: fluxcd
    reconciliation: strict
    sourceRef: git://fleet-state.git

BOOT

cloud-config injected

JOIN

peers coordinate

SYNC

Git reconciles

PRIVATE PREVIEW WAITLIST

Be first in line when Otroid opens.

We are inviting teams who need Kubernetes outside the managed-cloud happy path: edge sites, multi-cloud VPCs, ARM fleets, bare metal, and constrained environments.

No spam. Only private preview and launch updates.

edge/cloud/bare-metal

USER JOURNEY

From cloud access to declared state.

Your infrastructure, your billing, our orchestration. Otroid keeps the path intentionally narrow: connect securely, boot immutable nodes, let peers coordinate via P2P, and hand the cluster to GitOps.

terminal

# Verify IAM policy across multi-cloud

$ otroid provider add aws --role arn:aws:iam::123:role/otroid

✓ AWS credentials verified

$ otroid provider add hetzner --token $HCLOUD_TOKEN

✓ Hetzner API connected

_

CORE PLATFORM

Opinionated plumbing, unlocked ecosystem.

We provide the hardened foundation so you can hit the ground running, but it's 100% upstream Kubernetes under the hood. Bring your own CRDs, operators, and manifests without fighting the platform.

Zero Configuration Drift

Immutable Kairos OS upgrades eliminate SSH access, ensuring nodes remain perfectly declarative and reproducible.

Continuous Validation

Cryptographically signed release artifacts undergo automated end-to-end testing before promotion.

eBPF Native Networking

Cilium replaces legacy iptables with high-performance eBPF data planes for strict network policies.

Native GitOps Engine

FluxCD continuously pulls manifests, ensuring your live cluster strictly converges with Git source.

Multi-Tenant Isolation

vCluster provisions lightweight, fully isolated control planes atop shared worker node pools.

Hardware-Backed Trust

TPM integration and Secure Boot readiness ensure tamper-evident OS lifecycles at the remote edge.

Heterogeneous Targets

Deploy identical declarative manifests across AWS VPCs, Hetzner VMs, and bare-metal edge boxes.

Automated Reconciliation

Declarative CAPI primitives treat node provisioning as continuous background reconciliation loops.

DAY-2 OPERATIONS

Lifecycle controls without server drift.

Once the cluster exists, Otroid keeps upgrades, snapshots, restores, and rebuilds tied to declared state instead of hand-maintained machines.

Fearless Rollouts

A/B OS partitioning guarantees atomic rollbacks if nodes fail to boot new containerized OS tags.

etcd Snapshots

Automate highly-available etcd snapshots and seamlessly restore cluster state during disaster recovery.

Ephemeral Clusters

Terminate environments cleanly, leaving zero lingering IAM roles, load balancers, or orphaned volumes.

CRD Compatibility

100% upstream Kubernetes compliance ensures your operators, Helm charts, and custom controllers just work.

upgrade-plan.yaml
scheduled 
# Otroid Automated Fleet Upgrade
apiVersion: otroid.io/v1alpha1
kind: ClusterUpgrade
metadata:
  name: edge-prod-rollout
spec:
  clusterRef:
    name: edge-production-fleet
  strategy:
    type: ABPartitionRolling
    maintenanceWindow: "02:00-04:00"
  targetOS:
    image: ghcr.io/otroid/node-immutable
    tag: v1.36.1-hardened
  preflightChecks:
    - etcd-snapshot-quorum
    - cilium-ebpf-health
    - flux-kustomization-sync
  rollback:
    onFailure: true
    keepPreviousPartition: true

YOUR INFRASTRUCTURE

Run across your cloud, edge, and on-prem environments.

Bring the environments you already operate: public cloud accounts, private networks, edge sites, and bare-metal estates. Otroid connects to each location with scoped access, keeps workloads in your infrastructure, and supports hybrid topologies when clusters span networks or providers.

Scoped Access

Connect target environments using strict, cryptographically auditable RBAC instead of wide-open platform credentials.

Pre-flight Validation

Automatically assert API permissions, image registries, and network reachability before applying declarative cluster specs.

Hybrid Topologies

Bridge disparate VPCs, public clouds, and bare-metal edge locations seamlessly with decentralized coordination planes.

Dynamic Integration

Wire ExternalDNS, cert-manager, Git repositories, and ingress controllers exclusively on-demand via cluster profiles.

LAUNCHING SOON

A strict, production-ready path to Kubernetes anywhere.

Join the private preview for immutable clusters across cloud, edge, and bare metal.

Request Early Access