Infragate by Solvia Lab turns OKE into a governed internal platform: self-service provisioning, scaling, Kubernetes upgrades, kubeconfig access, BYON networking, cost visibility, approval workflows, and durable Activity history through a single web portal. No Terraform to write, no CLI to learn, no OCI Console to navigate. Runs entirely in your tenancy.
Infragate is more than a provisioning UI: it combines OKE lifecycle automation, network ownership boundaries, access delivery, FinOps visibility, approval workflows, and audit-ready Activity history in one in-tenancy platform.
Engineers provision fully managed OKE clusters from admin-approved templates or custom configs with automatic compartment, VCN, subnet, security list, and node pool creation - no manual steps.
Add or remove node pools, scale to zero, adjust OCPU, RAM, and storage per pool from the UI. Dedicated Kubernetes upgrade flow filters OCI-compatible versions and renders Basic-tier worker refresh steps from live pool counts.
Monthly and hourly estimates update live as you configure pools. Cost visible on deploy form, dashboard cards, detail page, and admin panels.
Protected destroys, limit-increase requests, TTL warnings, lifecycle events, and admin limit changes all flow into durable Activity history with unread tracking, so users see what changed and admins keep control.
Admin-managed /24 ranges - each cluster consumes one on deploy and releases on destroy. No overlaps, automatic allocation.
Download kubectl-ready kubeconfig without OCI CLI or local OCI config. Admins can expose the OKE API only to runner and VPN/corporate CIDRs; future agent mode removes direct endpoint access.
Watch terraform init, plan, and apply output stream in real time via SSE during deploy, scale, upgrade, and destroy.
Supply existing VCN, compartment, or subnet OCIDs via the Advanced tab. Managed networks support a dedicated public API endpoint subnet restricted to VPN/runner CIDRs; BYO resources stay read-only.
Two-tier limit system: global defaults + per-user overrides for clusters, pools, nodes, OCPU, RAM, storage, and tier. Users can submit higher-limit requests from deploy/scale; admins approve granted values from Requests.
Admins define pre-approved templates (K8s version, shape, image, pools, TTL, destroy protection, and role access). Assign required Keycloak or Azure AD roles so users only see templates they're authorised for. Selecting a template pre-fills and locks resource fields - users can still set cluster name, CIDR, and advanced overrides. Template values can exceed user limits since they represent admin-approved configurations, and template shape/K8s choices are compatibility-checked before save.
Users without the production role never see this template - clean UI, no error messages.
testing → QA teamuat → release managersproduction → SRE onlyReal-time cost previews, cluster-level breakdowns, and global spend dashboards - no surprises. Both server-side and client-side cost engines produce identical results.
Hourly & monthly cost updates live as you configure node pools, shape, and tier. Also shown in the deploy plan confirm modal.
Dashboard cards show estimated monthly cost per cluster. Detail page shows full breakdown: per-pool cost, control plane cost, total with hourly rate.
Total monthly spend across all active clusters in the admin stats bar. Shape-specific rate overrides supported for custom OCI enterprise contracts.
OCI Pay-As-You-Go rates + admin overrides for custom enterprise contracts.
Global oversight, resource limits, configuration, templates, Requests, Activity-backed approvals, and audit logs - all changes take effect immediately.
Every cluster across all users with status, owner, CIDR, K8s version, tier, resources, cost, and age. Stats bar with total spend.
Per-user overrides for any combination of limits and tier. Users can request higher limits; admins approve, adjust, deny, or reset to global defaults with Activity notifications.
CIDR pool, OCI-synced VM shapes, refreshed K8s versions, node images, global resource limits, and fallback manual curation. No restart needed.
Template table with live cost preview in add/edit modal. Enable/disable toggle and permanent delete.
Shared approval queue for protected-cluster destroy requests and higher-limit requests. Live nav badges; destroy approval opens the Terraform plan before force-destroy, while limit approval writes granted overrides. Denials include user-visible notes.
Append-only record of every deploy, scale, upgrade, and destroy. Filterable by user, operation, status, and duration.
imagePullSecrets for private registries.Zero external dependencies. No data leaves your tenancy. No SaaS control plane.
Keycloak (bundled), Azure AD, Okta, Google Workspace - any OIDC-compliant IdP.
Authorization Code + PKCE. No client secrets stored in the frontend. Auto token refresh.
No user directory needed. Users auto-provisioned on first login from JWT sub claim.
Well-known config cached in sessionStorage + nginx proxy layer. Zero network round-trips on load.
Designed for teams that want faster platform delivery while keeping control-plane operations, governance, and secrets management within their OCI boundary.
Clear separation between production capabilities and planned capabilities. Roadmap items are phased, customer-validated, and release-gated.
Infragate is delivered as a private commercial product. Packaging scales with evaluation scope, production licensing, support response, and operating guarantees.
Prices are listed in EUR. USD invoicing is available on request using the exchange rate agreed at contracting.
For qualified teams validating Infragate in their own OCI tenancy. Non-production scope, hard 14-day window.
For teams running Infragate in production with self-managed day-2 operations.
For regulated or mission-critical organizations that require formal operating guarantees and shared responsibility.
A small group of production teams helping us build the first year of the roadmap. Early-access program with discounted pricing and direct product feedback.
First-year discount on the €36,000 Business plan. Renewal returns to standard Business pricing.
Monthly roadmap calls, private Slack / email with engineering. Your feedback shapes what ships next.
Near-term scope: read-only troubleshooting explanations for Terraform, OCI, OKE, IAM, quota, and networking failures. Gatekeeper policy, drift, cost watcher, and approval-gated remediation stay on the roadmap for customer-shaped v1.1.
In exchange: monthly feedback calls and the right to publish a sanitized case study. That's it.
Not ready for a commitment? See standard pricing
Short answers for platform teams, security reviewers, and buyers. The deeper implementation details live in the documentation.
Infragate by Solvia Lab is an OCI-native Internal Developer Platform for Oracle Kubernetes Engine. It gives platform teams governed self-service provisioning, lifecycle automation, kubeconfig access, BYON networking, approvals, Activity history, and cost visibility inside the customer tenancy.
Inside your OCI tenancy or customer-managed Kubernetes environment. There is no external SaaS control plane; application services, credentials, logs, and operational data stay inside your boundary.
Production deployments are designed for VPN-first access. The Infragate runner and approved corporate/VPN CIDRs need network reachability to the OKE API endpoint; public access can stay restricted.
No. Engineers use the portal for provisioning and day-2 actions. Platform administrators control templates, limits, OCI configuration, approvals, RBAC, protected destroy rules, and audit history.
Yes. Authorized users can download kubeconfig for clusters they are allowed to access. Network reachability still follows your cluster API endpoint design and VPN/private access model.
BYON means bring your own network. Infragate can deploy OKE into existing customer VCN, subnet, route table, security list, and gateway patterns instead of always creating a new network.
The core OKE lifecycle platform is available today: deploy, scale, upgrade, destroy, kubeconfig access, BYON networking, cost visibility, approvals, Activity history, and admin controls. AI advisor and Gatekeeper-style automation are roadmap items.
Customers receive released container images, registry access, Helm values, and deployment runbooks. Infragate is installed into the customer environment rather than consumed as a hosted SaaS service.
Standard delivery includes released images, Helm deployment assets, documentation, and support. Source code and release automation stay private unless a separate commercial agreement says otherwise.