Annual at $4,000/year — DevOps autopilot, no hire required. 3-month money-back guarantee.
DevOps on autopilot
Bring a Git repo and a Dockerfile — the autopilot deploys it to your own AWS account as EKS, ECS, Lambda, or Bedrock, and provisions every layer around it: VPC, DNS, secrets, observability, and GitOps. OpenTofu + Terragrunt committed to your Git repo (GitHub or Bitbucket today, GitLab coming). GCP and Azure runtimes in beta. Security-scanned on every PR, applied on every commit. Live in hours, not weeks.
Built on the open-source stack your platform team already trusts
Outcomes our customers ship
Three customer profiles, three different bottlenecks. All three got past them on Kuberly's autopilot — without standing up a platform engineering function.
Zero in-house DevOps
AI product running on EKS, Lambda, and a shared Bedrock gateway. Founders own the dashboard; the autopilot owns the platform. Ships features without a DevOps hire.
SOC 2 — without the DevOps hire
Passed SOC 2 audit on Kuberly without ever standing up a platform team. The compliance baseline (AWS Secrets Manager + IRSA, private VPC, scanned IaC) ships with the autopilot.
PCI DSS in 1.5 weeks
From a fresh AWS account to PCI DSS audit-ready in under two weeks. Same controls, same scoped IAM, same defensible posture every Kuberly customer inherits.
01 / Runtimes
AWS-nativeGCP and Azure runtimes — in beta.
One OpenTofu + Terragrunt repo defines all four runtimes, sharing the same VPC, IAM model, secrets store, and observability stack. Multi-cloud-ready by design (GCP and Azure in beta). Security-scanned by Trivy + Checkov on every PR. Ships with reusable GitHub Actions workflows your service repos call remotely. The repo is the platform.
Multi-cloud-ready
01AWS today; GCP and Azure modules ready to flip on (beta).
Security-scanned
02Trivy + Checkov on every PR. Findings comment inline before apply.
Reusable GH Actions
03Your service repos call Kuberly's reusable workflows remotely — no copy-paste CI.
Private EKS with Karpenter, Istio in ambient mode, ArgoCD GitOps, and External Secrets pulling from AWS Secrets Manager — provisioned in minutes, scanned with Trivy + Checkov.
Fargate + FARGATE_SPOT, API Gateway with VPC Link, ADOT sidecar for traces, and AWS Cloud Map — when EKS is overkill.
Container-image Lambdas in private subnets with Secrets Manager injection, IRSA, and CloudWatch — for the workloads you don't want a pod for.
Shared AgentCore gateway, per-agent runtime + IAM, optional memory, browser, code interpreter. Built by the AWS Smart Nation Expo AgentCore keynote speaker.
02 / Platform
What a senior DevOps engineer would build for you, plus the self-service surface your developers actually want to touch.
For the platform team
01The platform layer your senior DevOps engineer would build for you over six months — already done, security-scanned, kept up to date, and committed to your repo as standard OpenTofu + Terragrunt.
Cluster management
EKS provisioned in your AWS account with Karpenter, Bottlerocket, and sensible defaults. Patches and upgrades are part of the subscription.
Traffic & service mesh
Istio ambient mode, automatic mTLS, path-based routing, weighted canaries, distributed tracing — wired by default.
Secrets & security
Cloud-native secrets — AWS Secrets Manager, GCP Secret Manager, Azure Key Vault — synced via External Secrets Operator. IRSA / Workload Identity / Managed Identity per workload. Trivy + Checkov on every IaC change.
GitOps CI/CD
Shipwright builds inside the cluster, ArgoCD continuous reconciliation, one-click rollback. Push to a branch, deploy automatically.
DNS & TLS
External DNS for Route 53 / Cloudflare, cert-manager with automatic Let's Encrypt renewal — no clickops.
For developers
02Push code, get a URL. Provision a database from the dashboard. Ask the AI autopilot why production is hot. No tickets, no DevOps wait queue.
Deployments
Push a Docker image or Git repo — Shipwright + ArgoCD handle build, sync, and rollback. Average time-to-production: 2–3 hours from a clean account.
Databases
Postgres, Aurora, Redis, DocumentDB, MongoDB Atlas, ClickHouse — provisioned via the dashboard with IRSA wired automatically.
Debugging
AI autopilot queries Loki, Prometheus, and pod events directly. Answers ship with the raw data they're built from.
Serverless & AI
Lambda + Bedrock AgentCore live next to your Kubernetes apps in the same project, same VPC, same IAM model.
Observability
Prometheus, Grafana, Loki, Tempo — pre-configured per cluster, dashboards included, no tickets to file.
03 / Autopilot
Kuberly's autopilot operates across three surfaces — your dashboard, your IDE, and your repo. All three are grounded in your real cluster state and IaC, so AI tools (and the developers using them) are productive on day one.
Ask why a deployment failed, what's burning CPU, or which pods are restarting. The autopilot queries Loki, Prometheus, and pod events directly — answers ship with the raw data they're built from.
Every Kuberly stack is one OpenTofu + Terragrunt repo, sitting in your Git provider — GitHub or Bitbucket today, GitLab coming. Open it in your AI tool, ask for a change — Kuberly comments the full plan output on the PR and auto-applies on merge. New resources appear in the dashboard immediately.
kuberly-graph exposes blast radius and dependencies inside your IaC repo. A second MCP server is scoped to your monitoring stack (Loki, Prometheus, Grafana) so you can query logs, metrics, and traces live from Claude Code or any MCP client while you debug. Plus ~25 reusable APM skills and OpenSpec change-management — agents reason over your actual repo and live cluster.
04 / Service
Kuberly isn't only the autopilot — it's a managed DevOps service powered by AI. We supervise. The autopilot operates 24/7. You self-serve in the dashboard. It's collaboration: the AI takes the toil, the Kuberly engineer takes the judgment calls, your developers ship product. One Kuberly DevOps engineer comfortably handles tens of customers across hundreds of clusters because the autopilot handles the work that used to need a person.
AI autopilot
Operates the platform 24/7 — provisions, patches, scales, watches Loki + Prometheus, surfaces issues before your phone buzzes.
Kuberly engineer
Supervises the autopilot. On call for you. Ships platform upgrades. Approves the changes the AI flags as judgment calls.
Your team
Push code through the dashboard. Provision databases. Ask the autopilot why production is hot. No tickets, no DevOps wait queue.
The leverage that makes this sustainable
Autopilot does the toil. Humans do the judgment.
05 / Ownership
Kuberly ships every line of infrastructure code into a repository in your Git provider — GitHub or Bitbucket today, GitLab coming. From there, the autopilot runs the GitOps loop: every PR triggers an automated terragrunt plan, an AI risk review comments on the diff, and merges trigger applies — with or without human approval, your call. Apply output is posted back to the PR or commit as proof. Your developers stay in their IDE; the autopilot runs the pipeline.
feat: add CloudNativePG to staging
Developer
Edits the IaC repo from Cursor or Claude Code. Pushes a branch, opens a PR.
kuberly-ci
✓ terragrunt plan succeeded · 12 changes (8 add · 4 modify · 0 destroy). Diff posted as a PR comment.
kuberly-ai
Risk: low. Adds CloudNativePG operator + 1 cluster in staging. No production impact. Recommendation: safe to merge.
Reviewer (optional)
You — or the on-call Kuberly engineer — read the AI summary and the raw plan, then approve.
kuberly-ci
✓ applied on merge · 1m 42s. Apply output posted back to the commit as proof.
your repo · your state · your cloud account · we operate via a scoped IAM role you can revoke
Shipped to your repo
The full OpenTofu + Terragrunt stack lands in your Git provider on day one — GitHub, Bitbucket; GitLab coming. Branch it, fork it, audit it, review every PR.
Plan + AI review on every PR
Push a change, the autopilot runs terragrunt plan, posts the diff as a comment, and the AI reviewer flags the change as safe or risky before anyone merges.
Apply on merge — with proof
Pick the policy: auto-apply on merge, or require a human approval first. Apply output ships back to the commit as a comment. Audit trail is the PR thread.
Real eject path
Cancel Kuberly and the cluster keeps running. The repo, the state, the cloud account — all stay with you. We operate via a scoped IAM role you can revoke.
06 / Why Kuberly
Most platforms tell you they save engineer-time. We can show you the line items. Side-by-side, the comparison stops being a marketing argument and starts looking like a procurement decision.
07 / Stack
We pick the upstream tools your team already evaluates. We keep them upgraded, scanned, and configured to work together. You can eject at any time — everything is standard OpenTofu + Terragrunt, AWS, and Kubernetes.
Networking
01Compute & orchestration
02Service mesh & GitOps
03Secrets & security
04Observability
05Autoscaling & data
0608 / Outcomes
Every line item below is a job description Kuberly removes from your roadmap — without trading away the underlying tools your team would have picked anyway.
Production in hours
From a connected AWS account to a production cluster in 2–3 hours. 15–20 minutes to a working EKS control plane.
Autopilot automation
Karpenter, KEDA, ArgoCD self-heal. The autopilot watches Loki + Prometheus and surfaces issues before your phone buzzes.
Compliance baseline
Cloud-native secrets managers (AWS Secrets Manager, GCP Secret Manager, Azure Key Vault), IRSA per workload, private VPC, mTLS via Istio, IaC scanned by Trivy + Checkov on every PR. SOC 2 / PCI DSS controls wired by default.
Self-serve
Every developer can deploy, scale, and debug their service without DevOps tickets. The dashboard is the platform.
Beyond AWS
AWS today, GCP and Azure runtimes in beta. Same OpenTofu + Terragrunt patterns, same dashboard, same autopilot.
09 / Pricing
Pay what reflects what we manage. The autopilot fee scales with the size of the infrastructure under management — nothing else. Unlimited applications, unlimited users, every runtime included on every tier. AWS bills you directly for cloud usage. GCP and Azure runtimes available in beta on request.
Replaces a senior DevOps hire — at autopilot cost.
Starter
AWS spend ≤ $2,500 / mo
Where most AI founders begin.
Growth
$2,500 – $5,000 / mo
Multiple environments, real traffic.
Scale
$5,000 – $7,500 / mo
Production-critical, multiple services.
Team
$7,500 – $10,000 / mo
Compliance posture, scaling team.
Enterprise
$10,000+ / mo
Talk to us about SLAs.
Every tier includes
AnnualAnnual billing — save 2 months on any tier. Limited offer for new customers: $4,000/year on Starter (Tier 01).
Book a demo10 / Talk to us
30-minute demo. Live cluster in a real AWS account. We'll show you exactly what gets provisioned in your account — and how the autopilot operates it without a DevOps hire.