Private preview opening soon

Strictly declarative Kubernetes.
Anywhere._

Transform fragmented infrastructure into a single, cohesive cluster. Otroid injects immutable OS images, auto-configures WireGuard meshes, and enforces strict GitOps convergence—giving you absolute control over your entire fleet.

Notify Me at Launch See the Flow
AWS GCP Azure Hetzner Bare Metal ARM64 + AMD64

nexus-core-cluster

otroid.io/v1alpha1

Ready

Runtime

k0s v1.36.1

Infrastructure

Kairos (Immutable OS)

GitOps Sync

FluxCD Strict

git://fleet-state.git

Networking

Cilium eBPF

wireguard-p2p

Storage

Rook-Ceph Distributed Block

Gateway API

Envoy L7 Gateway

Observability

Prometheus Metrics & Logs

BOOT

cloud-config

JOIN

peers link

SYNC

git reconciles

PRIVATE PREVIEW WAITLIST

Be first in line when Otroid opens.

We are inviting teams who need Kubernetes outside the managed-cloud happy path: edge sites, multi-cloud VPCs, ARM fleets, bare metal, and constrained environments.

No spam. Only private preview and launch updates.

edge/cloud/bare-metal

USER JOURNEY

From cloud access to declared state.

Your infrastructure, your billing, our orchestration. Otroid keeps the path intentionally narrow: connect securely, boot immutable nodes, let peers coordinate via P2P, and hand the cluster to GitOps.

terminal

# Verify IAM policy across multi-cloud

$ otroid provider add aws --role arn:aws:iam::123:role/otroid

✓ AWS credentials verified

$ otroid provider add hetzner --token $HCLOUD_TOKEN

✓ Hetzner API connected

_

CORE PLATFORM

Opinionated plumbing, unlocked ecosystem.

We provide the hardened foundation so you can hit the ground running, but it's 100% upstream Kubernetes under the hood. Bring your own CRDs, operators, and manifests without fighting the platform.

Zero Configuration Drift

Immutable Kairos OS upgrades eliminate SSH access, ensuring nodes remain perfectly declarative and reproducible.

Continuous Validation

Cryptographically signed release artifacts undergo automated end-to-end testing before promotion.

eBPF Native Networking

Cilium replaces legacy iptables with high-performance eBPF data planes for strict network policies.

Native GitOps Engine

FluxCD continuously pulls manifests, ensuring your live cluster strictly converges with Git source.

Multi-Tenant Isolation

vCluster provisions lightweight, fully isolated control planes atop shared worker node pools.

Hardware-Backed Trust

TPM integration and Secure Boot readiness ensure tamper-evident OS lifecycles at the remote edge.

Heterogeneous Targets

Deploy identical declarative manifests across AWS VPCs, Hetzner VMs, and bare-metal edge boxes.

Automated Reconciliation

Declarative CAPI primitives treat node provisioning as continuous background reconciliation loops.

DAY-2 OPERATIONS

Lifecycle controls without server drift.

Once the cluster exists, Otroid keeps upgrades, snapshots, restores, and rebuilds tied to declared state instead of hand-maintained machines.

Fearless Rollouts

A/B OS partitioning guarantees atomic rollbacks if nodes fail to boot new containerized OS tags.

etcd Snapshots

Automate highly-available etcd snapshots and seamlessly restore cluster state during disaster recovery.

Ephemeral Clusters

Terminate environments cleanly, leaving zero lingering IAM roles, load balancers, or orphaned volumes.

CRD Compatibility

100% upstream Kubernetes compliance ensures your operators, Helm charts, and custom controllers just work.

Active Rollout

edge-prod-rollout • A/B Partition

In Progress
etcd quorum cilium health flux sync

aws-worker-1

v1.36.1-hardened

hetzner-worker-1

rebooting to partition B...

baremetal-edge-1

pending

YOUR INFRASTRUCTURE

Run across your cloud, edge, and on-prem environments.

Bring the environments you already operate: public cloud accounts, private networks, edge sites, and bare-metal estates. Otroid connects to each location with scoped access, keeps workloads in your infrastructure, and supports hybrid topologies when clusters span networks or providers.

Scoped Access

Connect target environments using strict, cryptographically auditable RBAC instead of wide-open platform credentials.

Pre-flight Validation

Automatically assert API permissions, image registries, and network reachability before applying declarative cluster specs.

Hybrid Topologies

Bridge disparate VPCs, public clouds, and bare-metal edge locations seamlessly with decentralized coordination planes.

Dynamic Integration

Wire ExternalDNS, cert-manager, Git repositories, and ingress controllers exclusively on-demand via cluster profiles.

LAUNCHING SOON

A strict, production-ready path to Kubernetes anywhere.

Join the private preview for immutable clusters across cloud, edge, and bare metal.

Request Early Access