ICP · AI startup
Zero in-house DevOps
AI product running on EKS, Lambda, and a shared Bedrock gateway. Founders own the dashboard; the autopilot owns the platform. Ships features without a DevOps hire.
AI-native DevOpsin your cloud
DevOps that moves with you.
Connect Claude Code, Cursor, OpenCode, or Codex to Kuberly. We clone infrastructure into your GitHub repo, plan every change, apply safely into your AWS account, and wire MCPs for logs, metrics, VPN, deployments, and troubleshooting.
infra intelligence loop
TerraformOpenTofuTerragruntGitHubMCPCloudWatchArgoCDEKSECSLambdaBedrock
ICP · Compliance
SOC 2 — without the DevOps hire
Passed SOC 2 audit on Kuberly without ever standing up a platform team. The compliance baseline (AWS Secrets Manager + IRSA, private VPC, scanned IaC) ships with the autopilot.
ICP · Compliance
PCI DSS in 1.5 weeks
From a fresh AWS account to PCI DSS audit-ready in under two weeks. Same controls, same scoped IAM, same defensible posture every Kuberly customer inherits.
01 / Runtimes
Four runtimes. One operating model.
One OpenTofu + Terragrunt repo defines all four runtimes, sharing the same VPC, IAM model, secrets store, and observability stack. Multi-cloud-ready by design (GCP and Azure in beta). Security-scanned by Trivy + Checkov on every PR. Ships with reusable GitHub Actions workflows your service repos call remotely. The repo is the platform.
01 / EKS
Kubernetes for complex workloads
Private EKS with Karpenter, Istio in ambient mode, ArgoCD GitOps, and External Secrets pulling from AWS Secrets Manager — provisioned in minutes, scanned with Trivy + Checkov.
KarpenterIstio ambientArgoCDSecrets Manager
02 / ECS Fargate
Containers without Kubernetes
Fargate + FARGATE_SPOT, API Gateway with VPC Link, ADOT sidecar for traces, and AWS Cloud Map — when EKS is overkill.
API GatewayFARGATE_SPOTADOTCloud Map
03 / Lambda
Serverless inside your VPC
Container-image Lambdas in private subnets with Secrets Manager injection, IRSA, and CloudWatch — for the workloads you don't want a pod for.
Container imagesVPC-attachedARM64 / x86Secrets Manager
04 / Bedrock AgentCore
The only platform that runs Bedrock agents next to EKS, ECS, and Lambda — in your account.
Shared AgentCore gateway, per-agent runtime + IAM, optional memory, browser, code interpreter. Built by the AWS Smart Nation Expo AgentCore keynote speaker.
GatewayPer-agent IAMMemory storeOAuth2 providers
03 / Autopilot
Agents where work happens.
agent runtime
Cursor request
why did payments restart?
Kuberlyroutes to safe tools
MCP control
logs · metrics · events · VPN
GitHub PR
plan output attached
AWS account
live data, no mock answers
logs queried42ms
LokiPrometheusEventsTerraform plan
answer
restart loop isolated
risk
low · one module
apply
waiting on merge
01 / Dashboard chat
Operational answers from your live cluster
Ask why a deployment failed, what's burning CPU, or which pods are restarting. The autopilot queries Loki, Prometheus, and pod events directly — answers ship with the raw data they're built from.
"Show me error logs for payment-service in the last 30 minutes"
"What is the p99 latency for the checkout API today?"
"Is my database connection pool being exhausted?"
02 / AI in your IDE
Cursor, Claude Code, Copilot, Codex, OpenCode
Every Kuberly stack is one OpenTofu + Terragrunt repo, sitting in your Git provider — GitHub or Bitbucket today, GitLab coming. Open it in your AI tool, ask for a change — Kuberly comments the full plan output on the PR and auto-applies on merge. New resources appear in the dashboard immediately.
"Add a CloudNativePG cluster to staging"
"Set the KEDA HTTP scaler to 50 rps for the api workload"
"Bump RDS to db.t3.large for payments"
03 / MCP + agent toolkit
Two MCP servers — one for your repo, one for your monitoring stack
kuberly-graph exposes blast radius and dependencies inside your IaC repo. A second MCP server is scoped to your monitoring stack (Loki, Prometheus, Grafana) so you can query logs, metrics, and traces live from Claude Code or any MCP client while you debug. Plus ~25 reusable APM skills and OpenSpec change-management — agents reason over your actual repo and live cluster.
blast_radius: what breaks if I change shared-infra.json?
loki: error logs for payment-service in the last 30 minutes
prom: p99 latency for the checkout API today
Built for humans and agents.
Kuberly isn't only the autopilot — it's a managed DevOps service powered by AI. We supervise. The autopilot operates 24/7. You self-serve in the dashboard. It's collaboration: the AI takes the toil, the Kuberly engineer takes the judgment calls, your developers ship product. One Kuberly DevOps engineer comfortably handles tens of customers across hundreds of clusters because the autopilot handles the work that used to need a person.
For the platform team
The opinionated AWS baseline, already maintained.
Cluster management
EKS provisioned in your AWS account with Karpenter, Bottlerocket, and sensible defaults. Patches and upgrades are part of the subscription.
Traffic & service mesh
Istio ambient mode, automatic mTLS, path-based routing, weighted canaries, distributed tracing — wired by default.
Secrets & security
Cloud-native secrets — AWS Secrets Manager, GCP Secret Manager, Azure Key Vault — synced via External Secrets Operator. IRSA / Workload Identity / Managed Identity per workload. Trivy + Checkov on every IaC change.
GitOps CI/CD
Shipwright builds inside the cluster, ArgoCD continuous reconciliation, one-click rollback. Push to a branch, deploy automatically.
For developers
Self-service from day one.
Deployments
Push a Docker image or Git repo — Shipwright + ArgoCD handle build, sync, and rollback. Average time-to-production: 2–3 hours from a clean account.
Databases
Postgres, Aurora, Redis, DocumentDB, MongoDB Atlas, ClickHouse — provisioned via the dashboard with IRSA wired automatically.
Debugging
AI autopilot queries Loki, Prometheus, and pod events directly. Answers ship with the raw data they're built from.
Serverless & AI
Lambda + Bedrock AgentCore live next to your Kubernetes apps in the same project, same VPC, same IAM model.
09 / Pricing
Simple enough to start.
Pay what reflects what we manage. The autopilot fee scales with the size of the infrastructure under management — nothing else. Unlimited applications, unlimited users, every runtime included on every tier. AWS bills you directly for cloud usage. GCP and Azure runtimes available in beta on request.
01
Starter
AWS spend ≤ $2,500 / mo
$500
Where most AI founders begin.
02
Growth
$2,500 – $5,000 / mo
$750
Multiple environments, real traffic.
03
Scale
$5,000 – $7,500 / mo
$1,000
Production-critical, multiple services.
04
Team
$7,500 – $10,000 / mo
$1,250
Compliance posture, scaling team.
05
Enterprise
$10,000+ / mo
$1,500
Talk to us about SLAs.
10 / Talk to us
Stop waiting on infrastructure.
30-minute demo. Live cluster in a real AWS account. We'll show you exactly what gets provisioned in your account — and how the autopilot operates it without a DevOps hire.