Infrayard builds Kubernetes on Oracle Cloud for you

A simple portal for teams that need production-ready Kubernetes clusters on Oracle Cloud without writing all the Terraform, networking, access, approvals, and day-2 automation by hand. It runs in your tenancy, so your credentials, logs, and operational data stay with you.

Read the Docs
Create clusters from a portal Terraform handled under the hood Admin approvals and limits Runs inside your tenancy
1. Request
Pick a template
2. Review
See cost + limits
3. Apply
Terraform runs safely
4. Operate
Scale, upgrade, audit
Built by Solvia Lab for Oracle Cloud Infrastructure and Oracle Kubernetes Engine
No markup on Oracle Cloud resources - billed directly by Oracle
Overview

What Infrayard actually does

Infrayard gives your engineers a controlled button for creating Kubernetes environments on Oracle Cloud. Your platform team defines the templates, limits, network rules, identity rules, and approval rules. Users request a cluster, Infrayard runs the infrastructure workflow, and everyone gets a visible audit trail.

It creates

Kubernetes clusters, worker pools, networking, access files, cost estimates, and lifecycle jobs.

It does not replace

Oracle Cloud. Resources are still created in your tenancy and billed by Oracle.

Terraform role

Terraform is the engine underneath. Engineers use the portal; admins decide what can be created.

Who it is for

Platform, DevOps, and cloud teams standardizing Kubernetes on Oracle Cloud.

What you get

One place to request, create, and operate clusters

The landing page version: fewer tools, fewer handoffs, fewer manual cloud steps. The docs can go deep on the exact Terraform, Oracle Cloud, and security details.

Create a cluster

Engineers choose an approved template or custom configuration. Infrayard creates the Oracle Kubernetes Engine cluster and the required cloud resources.

Scale and upgrade

Add or remove worker pools, change CPU and memory, scale environments down, run Kubernetes upgrades, and clean up clusters through guided workflows.

Preview cost

See hourly and monthly estimates before creating or changing a cluster. Admins can review total estimated spend across active clusters.

Approve risky changes

Require approval for protected destroys and higher resource limits. Users and admins get a clear history of what happened, who approved it, and when.

Manage network ranges

Admins define the available network ranges. Infrayard allocates one per cluster, prevents overlap, and releases it when the cluster is destroyed.

Give users access

Authorized users can download Kubernetes access files without learning the Oracle Cloud CLI. Network access still follows your private or VPN design.

See what Terraform is doing

Terraform runs are visible during deploy, scale, upgrade, and destroy, so the platform team can inspect the infrastructure workflow instead of guessing.

Use existing cloud pieces

Point Infrayard at existing compartments, virtual cloud networks, or subnets when your organization already owns those foundations.

Set resource limits

Define global and per-user limits for clusters, worker pools, CPU, memory, and storage. Users can request more when they need it.

Templates & access

Turn your preferred setups into safe choices

Admins define approved cluster templates: Kubernetes version, machine shape, worker pools, expiry time, destroy protection, and who can use them. Users only see the choices they are allowed to use, so the portal stays simple.

Template: PROD - HA requires: production
Destroy protection TTL: 720h VM.Standard3.Flex 3 node pools

Users without the production role never see this template - clean UI, no error messages.

Login role mapping (Keycloak / Azure AD / Okta)
DEV - Small
No role required → all users
TEST - Medium
Role: testing → QA team
UAT - Large
Role: uat → release managers
PROD - HA
Role: production → SRE only
Cost visibility

Show the cost before and after changes

Users see estimates while they configure a cluster. Admins can track estimated spend across active clusters and adjust rates for custom Oracle contracts.

Before creation

Hourly and monthly estimates update as users choose worker pools, machine shape, and cluster tier.

$0.025/OCPU·hr + $0.0015/GB RAM

Per cluster

Dashboard cards and detail pages show estimated cost per cluster, including worker pools and control plane tier.

For admins

Admins see total estimated monthly spend across active clusters and can use custom rates for enterprise contracts.

Identical server-side & client-side cost engine

OCI Pay-As-You-Go rates + admin overrides for custom enterprise contracts.

Basic CP: $0 · Enhanced CP: $0.10/hr
Admin controls

The platform team stays in control

Admins manage allowed resources, templates, requests, approvals, configuration, and audit history from one place.

All clusters

See every cluster, owner, status, Kubernetes version, resources, cost, and age.

Users & limits

Set global defaults and per-user exceptions for resource limits.

Configuration

Manage network ranges, machine shapes, Kubernetes versions, images, and default limits.

Cluster templates

Publish approved cluster sizes and settings for different teams or environments.

Requests

Review protected destroy requests and higher-limit requests before they take effect.

Audit log

Keep a searchable record of deploy, scale, upgrade, and destroy actions.

How it is installed

Installed in your environment

  • Existing Oracle Kubernetes Engine cluster - deploy Infrayard into your own cluster with Helm.
  • Helm chart - configurable deployment values for ingress, storage, identity, limits, and Oracle Cloud settings.
  • Customer delivery model - read-only registry token, released images, and Helm values. Customers pull images into their own tenancy; no source access or build system required.
  • Single VM (k3s) on OCI Always Free - ARM-compatible, control-plane tolerations for single-node scheduling.
  • Your identity provider - use bundled Keycloak or connect Azure AD, Okta, or Google Workspace.
Customer Install Path
Receive registry token
Read-only PAT scoped to Infrayard images
Create imagePullSecret
Kubernetes regcred uses the PAT
Configure Helm values
OCI, OIDC, ingress, storage, and limits
Helm install / upgrade
Pods pull released images in their cluster
Validate and operate
Login works; first cluster deploy proves readiness
Customers only receive released images and a Helm runbook; Infrayard source and release automation stay private.
Access & security

Use your login system and keep data in your boundary

Infrayard is installed in your environment. There is no hosted SaaS control plane that needs your credentials or operational data.

Your identity provider

Use bundled Keycloak or connect Azure AD, Okta, Google Workspace, or another OpenID Connect provider.

Browser-safe login

Uses the Authorization Code flow with PKCE, so frontend code does not store client secrets.

User onboarding

Users can be created on first login, then governed by roles, templates, and resource limits.

Faster auth startup

Identity configuration is cached so normal page loads avoid unnecessary discovery calls.

Why Infrayard

Less platform assembly work, more control than hosted tools

For teams that want Kubernetes self-service on Oracle Cloud, but still need the platform, secrets, and operations to stay inside their own boundary.

Designed for in-tenancy operation No external SaaS control plane required Secrets stay in the customer boundary
Control plane location
DIYInside tenancy (self-managed)
RafayVendor SaaS (self-host optional)
QualiVendor SaaS
InfrayardInside your OCI tenancy
Outbound egress to third-party control plane
DIYDepends on integrations
RafayCommonly required
QualiCommonly required
InfrayardNot required by default
Governance guardrails and limits
DIYCustom policy workflows
RafayPlatform policy framework
QualiPlatform policy framework
InfrayardLimits + requests
Day-2 ops effort
DIYHigh
RafayMedium
QualiMedium
InfrayardLow for OCI ops
Comparison reflects publicly documented default architectures and common deployment patterns as of April 24, 2026. Validate against your internal security, compliance, and operating model.
12-20m
Typical deploy time
4
Lifecycle ops
Paths
Approved templates
Cost
Live estimates
TTL
Auto-cleanup
Roles
Role-based access
Provisioning time depends on Oracle Cloud region capacity, shape/image availability, and tenancy limits.
Product status

What works today, what comes later

Clear separation between available product capabilities and roadmap ideas. Every phase keeps the same customer-boundary model: no Solvia-hosted control plane and no credentials, Terraform state, audit logs, or cluster data sent to a vendor SaaS.

Available today
  • Create, scale, upgrade, and destroy Kubernetes clusters with visible Terraform logs
  • Admin controls for templates, limits, approvals, requests, notifications, and audit history
  • Compatibility checks for Kubernetes versions, machine shapes, and worker images
  • Private-network friendly access with Kubernetes access files and endpoint allowlists
  • Cost estimates at creation time, per cluster, and across active clusters
v1.1 Gatekeeper AI
  • Oracle-native Gatekeeper insights powered by OCI Generative AI / OCI Enterprise AI
  • Cost watcher: idle-cluster detection, anomaly alerts, right-sizing guidance, and weekly digests
  • Policy guardrails: drift detection, Kubernetes lifecycle risk flags, and compliance summaries
  • Optional Oracle AI Database / Autonomous Database backend for full Oracle-stack deployments
v1.2 Multicloud governance
  • Register existing EKS, AKS, and GKE clusters as observed resources
  • Unified Kubernetes inventory, ownership, environment, version, and compliance visibility
  • Read-only governance without Terraform import, state adoption, or cloud resource mutation
  • External cluster metadata stays inside the customer's Infrayard installation
  • Gatekeeper insights across OKE and observed external Kubernetes clusters
v2.0 Multicloud deployment
  • Full lifecycle automation for a first non-OCI Kubernetes provider chosen by customer demand
  • Provider-specific Terraform modules, networking, IAM, version, quota, and cost workflows
  • Infrayard-managed state only for clusters created by Infrayard
  • Provider credentials and Terraform state remain under customer control
  • Existing external clusters remain observed until explicitly migrated
Founding Customer Program - 5 spots - limited

Help shape Infrayard. Get in before the rest.

A small group of production teams helping us build the first year of the roadmap. Early-access program with discounted pricing and direct product feedback.

€30,000 standard Business annual first-five price
€18,000 first 12 months, paid upfront
12 monthsFounding
€1,500 / month equivalent
€18,000 upfront
First-five discountLimited
40% below standard annual Business
Save €12,000
5 spots case-study rights monthly feedback calls

Synced with Business

€18,000 for the first 12 months, compared with the €30,000 standard annual Business license.

Direct line to the team

Monthly roadmap calls, private Slack / email with engineering. Your feedback shapes what ships next.

Roadmap v1.1-v1.2

Gatekeeper AI + multicloud roadmap

Near-term scope: Oracle-native Gatekeeper insights for cost, policy drift, compliance, and troubleshooting. Founding feedback also shapes v1.2 multicloud governance for observed EKS, AKS, and GKE clusters without Terraform state adoption.

In exchange: monthly feedback calls and the right to publish a sanitized case study. That's it.

Not ready for a commitment? See standard pricing

Pricing

Simple, transparent pricing

Infrayard is delivered as a private commercial product, not a hosted SaaS control plane. Pricing is shown as a monthly equivalent, but production access is contracted upfront to keep procurement and support simple.

Prices are listed in EUR. USD invoicing is available on request using the exchange rate agreed at contracting.

Evaluation
€1,500 / 14 days
100% credited toward a fixed-term production contract within 30 days

For qualified teams validating Infrayard in their own OCI tenancy. Non-production scope, hard 14-day window.

  • Time-limited registry access (revokes at day 14)
  • Guided 60-minute deployment call in your tenancy
  • Email support during the evaluation window (business hours)
  • Evaluation runbook and onboarding checklist
  • Fee credited toward Founding, 6-month / annual Business, or Enterprise if you convert within 30 days
  • No production use, redistribution, or managed-service use
Enterprise
€7,500 / month list-rate anchor
€6,500 / month equivalent
6-month minimum, paid upfront.
6 monthsHigh-touch rollout
Instead of €45,000 list-rate
€39,000 upfront

For regulated or mission-critical organizations that require formal operating guarantees and shared responsibility.

  • Everything in Business
  • 6-month minimum contract for high-touch rollout and procurement support
  • 4h response SLA with named support engineer and shared Slack / Teams channel
  • Managed install plus upgrade planning and rollout assistance
  • Multi-tenancy and multiple OCI-tenancy organization scoping
  • Air-gapped / mirrored registry delivery - LTS pinning
  • Compliance support pack: SOC 2 / ISO questionnaires, DPA, and audit-evidence guidance
  • Production incident escalation support and change-advisory guidance
  • Quarterly architecture and cost governance reviews
Questions & answers

The questions people ask first

Short answers first. Deeper implementation details belong in the documentation.

Read technical docs