We removed the DIY from
fleet operations

PodWarden turns your servers — bare metal, VMs, or LXC containers — into a managed fleet. Bring your own workload, or pick from 2,500+ templates. Choose a server, deploy. Kubernetes runs under the hood, but you never have to touch it.

Most teams don't need to become a Kubernetes company. They just need the outcomes.

AnyDocker workload
2,500+curated templates
Freeforever

The cost of doing it yourself

Every team that self-hosts eventually hits the same wall.

Without PodWarden

  • Hire senior DevOps to build fleet tooling from scratch
  • Months of trial-and-error with K3s on mixed hardware
  • Fragile upgrades — every deploy is a risk event
  • Knowledge trapped in one engineer's head
  • Storage and volumes are YAML puzzles you solve per workload
  • Deploy to the wrong network and debug silent mount failures
  • Port forwarding, reverse proxy, DNS, SSL — all manual
  • Scaling means SSH into each box and figure it out

With PodWarden

  • Fleet management is a product, not a project
  • GPU placement works out of the box
  • Deployments are tracked, versioned, and rollback-safe
  • Repeatable operations, not hero engineering
  • Storage connections, volumes, and credentials — built in
  • Network compatibility checks before every deploy
  • Public access with DDNS, reverse proxy, and auto-HTTPS built in
  • Add a server, define your workload, deploy — done

Your workload, your code — just deploy it.

PodWarden is built for teams who have their own software to run. If you have a Docker container, a Dockerfile, or a docker-compose file — you can turn it into a managed, versioned deployment in minutes. Define your image, ports, environment variables, storage, and resource requirements. That's it. No Kubernetes expertise needed.

Docker run

Map your -p, -e, -v flags directly to template fields

docker-compose

Each service becomes a template with the same config

Custom images

Private registries, GPUs, NFS — all supported

Application Catalog

Deploy anything in one click

Ready-to-deploy templates for media servers, databases, AI tools, monitoring, home automation, and more — curated and pre-configured.

Kubernetes consumption, not Kubernetes research

Setting up K3s correctly across bare metal, VMs, and mixed hardware with GPUs is not a weekend project — it's an ongoing competency. PodWarden packages that competency so you don't have to.

Fleet-first, not box-first

Designed to behave like a system, not a collection of individual servers. Automatic discovery, smart placement, and fleet-wide operations from day one.

Upgrades as routine, not risk

Every deployment is tracked with full history. Roll back to any previous version in one click. Updates become a business operation, not an outage window.

Reliability as default

Multi-cluster management, resource tracking, and built-in secrets storage are included — not bolted on as a custom project after the first outage.

Read the guide: Architecture & Design

Buy fleet operations, don't build them

A senior DevOps engineer costs $150k+/year. A Kubernetes platform project takes months before it's production-ready. PodWarden gives you the same outcomes — and for most users, it's free.

Most users
Free
forever
  • Unlimited servers
  • All templates & GPU placement
  • Secrets, logs, full history
  • Ingress, HTTPS & 1 DDNS subdomain

Homelabs, individuals, small teams

$19/mo
per organization
  • 5 team members, 5 clusters
  • 50 DDNS subdomains + custom slugs
  • Cloud catalog & registry (50 GB)

Growing teams

$79/mo
per organization
  • Unlimited members & clusters
  • Unlimited DDNS + bring your own domain
  • Private catalogs, SSO, audit logs

Compliance & larger teams

Custom
let's talk
  • On-premise control plane
  • Managed operations
  • Dedicated account manager

Organizations at scale

Unlimited servers on every plan. See why → Your hardware, your electricity.

CapEx → OpEx

From “build a platform” to “use a product”

Risk → Product

From project uncertainty to product certainty

Heroes → Process

From hero engineers to repeatable operations

If you don't pay for reliability upfront, you pay for it later in downtime, emergency engineering, and lost projects.

Real teams, real infrastructure

The common thread: teams that self-host critical software and need it managed professionally — without hiring a platform team.

“We wanted to be custodians of our own patient data. We run Outline for docs, Keycloak for SSO, and Mattermost for internal chat — all on two servers in our office. Our previous IT person set it up with docker-compose and then left. Nobody knew how to upgrade anything safely. With PodWarden, every service is a tracked template. Our new contractor picked it up in a day.”

M
Medical clinic administrator
2 servers, 8 services, self-hosted for compliance

“We were paying $3,200/month for Atlassian, Salesforce, and Slack seats. Switched to GitLab, SuiteCRM, and Mattermost — $0 in licensing. What we didn't budget for was the DevOps. Two months in: five servers, twelve containers, zero documentation on how any of it was set up. PodWarden turned that mess into a managed fleet in an afternoon.”

R
Operations manager, 40-person agency
Replaced $38k/year in SaaS with self-hosted alternatives

“We build a marketing automation platform. When we needed to go from 3 servers to 15 for a product launch, our single DevOps engineer became the bottleneck. With PodWarden, our developers deploy to staging themselves — pick a template, choose a cluster, done. We added 12 servers in a week without hiring another DevOps person.”

D
CTO, marketing SaaS startup
Scaled from 3 to 15 servers with one DevOps engineer

“We generate AI videos for social media campaigns. Each render job needs a GPU for 2–4 hours. Before PodWarden, we'd SSH into each machine, pull the image, set env vars, pray it works. Now we have a template for our inference worker — spin up GPU nodes when a campaign drops, tear them down when it's done. GPU costs dropped 40% because we stopped leaving idle workers running.”

A
Tech lead, AI video production
8 GPU nodes, elastic scaling for render jobs

“I run 30+ containers across three mini PCs at home. Jellyfin, Home Assistant, Vaultwarden, Grafana — you name it. I used to manage everything with Portainer and scattered docker-compose files. After a drive failure, I realized I had no idea how to rebuild half of it. PodWarden tracks every deployment, every config. My whole setup is reproducible now.”

J
Homelab enthusiast
3 servers, 30+ containers, fully reproducible setup

Built for demanding distributed workloads

From AI training clusters to live streaming platforms — each of these stacks runs entirely on nodes you control, built from templates in the Hub catalog.

AI Model Training

Multi-node GPU clusters across rented cloud nodes, DGX workstations, and home servers. NCCL, shared storage, experiment tracking — all from the catalog.

Read the guide

Blender Render Farms

Homogeneous and heterogeneous render fleets. Elastic scaling for deadline crunches. Flamenco manager, NFS storage, and GPU workers deployed as workloads.

Read the guide

Video Transcoding

Jetson Orin NX clusters with dedicated NVENC/NVDEC engines, or traditional GPU servers. S3 storage, job queues, and multi-profile encoding — all self-hosted.

Read the guide

Live Video Streaming

Geo-distributed WebRTC ingest, GPU transcoding, and multi-region HLS egress. Ingest, transcode, archive, and egress tiers managed from one control plane.

Read the guide
Read the guide: Use Cases

How it works

From bare metal to production in four steps.

1

Add your servers

Discover machines automatically via Tailscale, or add them by hostname or IP. Bare metal, VMs, LXC — anything that runs Linux.

2

Define your workload

Bring your own app, container, or docker-compose file and define it as a template in minutes. Or pick from our catalog of 2,500+ pre-configured applications — databases, media servers, AI tools, and more.

3

Deploy & scale

PodWarden finds the right server, deploys the container, and tracks the history. Add servers when demand grows, remove when the project ends.

4

Monitor & maintain

View logs, check endpoint health, track resource usage across your fleet. Roll back any deployment, update templates, manage secrets — all from one dashboard.

Read the guide: Getting Started

Platform features

Not simpler. More operationally complete.

Smart Placement

Each template knows what it needs — GPU memory, CPU cores, disk space. PodWarden finds the right server in your fleet and deploys there automatically.

Multi-Cluster

Manage deployments across multiple groups of servers, environments, and locations from a single dashboard.

Host Discovery

Add servers via Tailscale auto-discovery, hostname, or IP address. Provision with Ansible or connect existing machines.

Built-in Secrets

Store API keys, registry credentials, and environment secrets in PodWarden's encrypted vault. No external secret manager needed.

Logs & Monitoring

Endpoint health checks, container logs, and fleet-wide status — first-class, not afterthoughts bolted on later.

Controlled Deployments

Full deployment history with one-click rollbacks. Every change is tracked, versioned, and reversible.

Persistent Storage

Connect NFS shares or S3-compatible storage once, reference them by name in any workload. PVC volumes, NFS mounts, and S3 credential injection — all managed through the UI.

Automated Backups

Restic-powered volume backups on a schedule. Choose hot mode (no downtime) or cold mode (guaranteed consistency). Restore any workload to any previous snapshot in one click.

Network Awareness

Tag hosts, storage, and workloads with network types — public, mesh, or LAN. PodWarden warns before deployment when a cluster can't reach the required storage or services.

Team Access

Sign in with Google, GitHub, or any identity provider. Role-based access control so operations aren't a one-person show.

Just Docker

Templates are Docker containers. If it runs in Docker, PodWarden can deploy it. No need to learn Kubernetes manifests, Helm charts, or kubectl.

No Lock-in

Standard K3s clusters underneath. kubectl still works. Uninstall PodWarden and your infrastructure keeps running. Templates are Docker containers, not a proprietary format.

Read the guide: Platform Features
DevOps + AI — native, not bolted on

Your AI talks to your infrastructure.
117 tools. Natural language.

PodWarden exposes your entire infrastructure as MCP tools — clusters, hosts, deployments, storage, networking, backups, secrets, and more. Connect Claude, Cursor, Windsurf, or any AI that speaks MCP. Ask questions, diagnose issues, deploy workloads, configure services. The AI sees what you see, and can do what you can do.

117MCP tools
16categories
3access tiers

How it connects

Your AI Client
Claude, Cursor, Windsurf…
MCP
PodWarden Hub
Auth, routing, audit log
Tunnel
Your Instance
On your network, your data

No ports to open. No VPN to configure. Hub proxies MCP tool calls through a secure WebSocket tunnel.

Clusters & Hosts

  • discover_hosts
  • provision_host
  • create_cluster
  • probe_host
  • + 20 more

Workloads

  • deploy_workload
  • get_workload_logs
  • rollback_deployment
  • troubleshoot_workload
  • + 10 more

Storage & Backups

  • create_storage_connection
  • run_backup_now
  • restore_backup_snapshot
  • list_backup_snapshots
  • + 16 more

Networking & Ingress

  • create_ingress_rule
  • check_ingress_tls
  • allocate_hub_ddns_subdomain
  • apply_ingress_rule
  • + 16 more

Secrets & Security

  • set_secret
  • generate_ssh_key_pair
  • test_oidc
  • update_system_config
  • + 11 more

GPU & Resources

  • find_gpu_capacity
  • check_network_compatibility
  • get_infrastructure_overview
  • get_cluster_storage_classes
  • + 5 more

Users & RBAC

  • create_user
  • update_user
  • set_user_password
  • list_users
  • + 2 more

Diagnostics

  • troubleshoot_workload
  • get_infrastructure_overview
  • check_ingress_dns
  • test_storage_connection
  • + more across all categories
Read-Only
41 tools — list, get, search, diagnose
Mutating
55 tools — create, update, deploy, configure
Destructive
21 tools — delete, wipe (explicit opt-in)

Configure a service

You

“Create a new realm called ‘production’ in Keycloak, add an admin user, and set up a client for my app”

Done. Created realm production, user admin@production with admin role, and client my-app with PKCE flow. Client secret saved to PodWarden secrets.

Diagnose an issue

You

“Grafana is showing 502 errors. Check the logs, see what's wrong, and fix it”

Found it. The Grafana pod ran out of memory (OOM killed 3x in the last hour). Increased memory limit from 256Mi to 512Mi and redeployed. Health check is passing now. Also created a backup before making changes.

Works with any MCP-compatible client. Bring your own LLM — or wait for our built-in AI assistant (coming soon).

Connect Claude Desktop, Cursor, Windsurf, VS Code + Copilot, or any MCP client. Every tool call is authenticated, scoped to your organization, and logged in the audit trail.

Read the guide: AI & MCP Integration

Make your workloads public in seconds

Running behind NAT with a dynamic IP? PodWarden handles DNS, reverse proxy, and TLS so your local network workloads are reachable from anywhere — no port-forwarding headaches.

Instant Subdomains

Connect to Hub and get a public URL like swift17.vxloc.com in one click. Pick your domain, optionally customize your slug on paid plans.

Automatic HTTPS

Built-in Caddy reverse proxy on your gateway node handles Let's Encrypt certificates automatically. Zero SSL configuration required.

Dynamic DNS

IP changed? PodWarden detects it within 5 minutes and updates your DNS records automatically. Supports Cloudflare, DuckDNS, custom webhooks, and Hub-managed domains.

Available domains: vxloc.com, ichinichi.ai|Free: 1 subdomain · Pro: 50 + custom slugs · Business: unlimited + BYOD
Read the guide: Ingress, Gateway Nodes & DDNS

PodWarden Cloud

2,500+ curated templates from trusted sources — LinuxServer.io, Portainer, and the Unraid community. Popularity data, version tracking, and detailed documentation for every app. One click to deploy on your fleet.

2,500+ Apps

Curated, categorized, ready to deploy

Fleet API

Connect instances via API key

AI Assist

Smart placement suggestions

MCP Proxy

AI manages infra via Hub tunnel

Common questions

Everything you need to know before getting started.

Is the free tier actually free?

No credit card, no trial period, no feature gates on core functionality. Unlimited servers, GPU placement, secrets, deployment history — all free, forever. PodWarden runs on your hardware, so there's no cost to us when you use it.

What happens when something breaks?

You still have full access. PodWarden runs on standard K3s clusters — kubectl works, standard Kubernetes debugging tools work. PodWarden is an abstraction layer, not a cage. If something fails, you can always drop down to the underlying system.

Can I leave PodWarden?

Yes, cleanly. Your clusters are standard K3s. Your templates are Docker containers. Uninstall PodWarden and everything keeps running. Migrate to ArgoCD, Flux, or raw kubectl anytime — no proprietary formats, no lock-in.

Where are my secrets stored?

On your PodWarden instance, encrypted at rest with AES-256. Secrets never leave your network unless you use PodWarden Cloud. The encryption key lives on your infrastructure, not ours.

How does persistent storage work?

Register your storage backends (NFS shares, S3 buckets) once in Storage Connections, then reference them by name in any workload. PodWarden handles the Kubernetes volumes, PVC lifecycle, and credential injection automatically. Your data survives pod restarts without you writing a single manifest.

What is network awareness?

Hosts, storage, and workloads are tagged with network types — public (internet), mesh (overlay VPN), or LAN. Before deploying, PodWarden checks whether the target cluster can actually reach the required storage and services. If there's a mismatch you get a clear warning, not a silent runtime failure.

Do I need to know Kubernetes?

No. You interact with servers, templates, and deployments. Kubernetes runs under the hood, but you never need to write manifests, learn kubectl, or understand pods. If you already know K8s, great — the tools still work.

What does PodWarden Cloud add?

The core tool is local and free. PodWarden Cloud adds a curated catalog of 2,500+ ready-to-deploy templates, fleet API for remote management, image registry caching, and team collaboration. Browse the full catalog to see what's available.

What is MCP and how does it work?

MCP (Model Context Protocol) is the open standard that lets AI assistants use tools. PodWarden exposes 117 infrastructure tools — from deploying workloads to restoring backups — as MCP tools. Connect your AI client directly to your instance, or through Hub for zero-config remote access. Hub authenticates the request, routes it through a secure tunnel to your instance, and logs every tool call. You choose the access tier: read-only for diagnostics, mutating for operations, or full access.