Introducing Podplane: a faster way to ship your apps & agents, including support for fully air-gapped clusters

TL;DR

Podplane is a new Apache 2.0 licensed open source Kubernetes distribution and PaaS that runs on object storage.
In just a few minutes you can run secure clusters in your public or private cloud, on-prem, or locally on your laptop with the Podplane CLI. Initial provider support includes AWS, Google Cloud, and Proxmox.
Designed for low operational complexity, with cluster state stored in object storage instead of etcd on disk, thanks to Netsy.
Works fully offline / in air-gapped environments - whether you’re on a flight, working in a location with a slow internet connection, or running isolated production workloads in regulatory/compliance-constrained environments.
Nadrama’s open source building blocks for Podplane - Netsy, Nstance, Easy OIDC, s3lect, and puidv7 - are now sub-projects under the Podplane umbrella, and the Podplane project is officially accepting contributors.
A new Podplane Community Forum is also launching today at forum.podplane.dev.
Please show your support by starring the Podplane GitHub repository!

Today, Nadrama is launching Podplane: an open source Kubernetes distribution and Platform-as-a-Service that stores all cluster state on object storage and is designed to run the same way everywhere - public cloud, private cloud, on-prem, or locally on your laptop - all using the same VM image, and 100% open source components.

Podplane is available on GitHub today, with full documentation at podplane.dev/docs.

This is what Nadrama has been working towards ever since announcing the all-in on open source pivot back in September 2025, following the lessons learned from the single-node AWS clusters beta in July 2025.

If you’re interested in why Podplane was built, what makes it different, and where it’s headed, please read on!

The mission: make infrastructure easy

Nadrama’s mission has always been to make infrastructure easy. Developers and organisations want to move fast, on solid foundations, without the risk of proprietary configuration formats or vendor lock-in.

What we’ve consistently heard from developers, businesses, and enterprises throughout the Nadrama beta and the past 2+ years of building open source projects is:

You want ownership and control of your infrastructure.
You want engineering capacity focused on building your apps, not your infrastructure.
You want the same platform to work everywhere - whether it’s multi-cloud, on-prem, or locally.
You don’t want to be locked in to a single cloud provider or a proprietary platform.
You want to be able to work offline, or in air-gapped environments, without changing tools.

Podplane is Nadrama’s answer to this.

What Podplane is

Podplane is built on four ideas:

A secure & easy platform to run your apps and agents - using standard Kubernetes APIs, common and well-tested extensions & components, golden path templates, sensible defaults, and a CLI that gets out of your way.
All cluster state on object storage - no etcd quorum to manage, no persistent disks to manage. Storage scales with your cloud provider, object storage provider, or local object storage solution such as SeaweedFS.
From zero to many, to zero - clusters support scale-to-zero, and scaling up to many nodes. Results of performance and scalability tests demonstrating exactly how many will be shared in due course!
One platform, everywhere - the same VM image runs on AWS, Google Cloud, Proxmox VE, or QEMU on your laptop. Technically, it’s the stock Debian Trixie stable image with minimal scripts atop (more on that later!)

In practice, Podplane is:

A podplane CLI written in Go that creates, deploys, and manages clusters.
A minimal Debian-based VM configuration system.
A curated set of Helm charts for cluster components (CoreDNS, Cilium, Traefik, cert-manager, Flux CD, and more).
A set of opinionated, tested “golden path” templates for deploying apps (web, worker, etc).

CLI installation is straightforward:

brew install podplane/cli/podplane
# OR for Linux/Windows (more options coming soon):
go install github.com/podplane/podplane@latest

Creating a local cluster is a single command:

podplane local start

Creating a cluster in AWS or Google Cloud is two commands:

podplane cluster create
podplane login

And you can deploy apps using any standard Kubernetes method, or with one command:

podplane deploy web --name hello --image ghcr.io/podplane/hello:latest

That last command works the same for local and remote clusters, and once complete prints a URL to your app, with TLS and DNS configured for you. Under the hood, it’s just running helm upgrade --install. Quick to get started, easy to customise/extend.

A complete platform, batteries included (or not)

Podplane is both a Kubernetes distribution and a PaaS - but you can opt-out of the PaaS if you’d rather BYO platform components such as ingress, certificates, GitOps, observability, etc.

When you run podplane cluster create, you choose between three initial component sets:

Recommended - the core distribution plus a curated set of addon components covering most production needs. This is what most users want.
Minimal - just the core components needed to run Pods. Install additional addons later via podplane install.
None - a bare Kubernetes cluster with no Podplane components. Bring your own everything - useful if you want to use Podplane as a Kubernetes distribution alongside your existing platform tooling.

On every VM

Every Podplane VM uses the stock Debian stable (Trixie) image with a minimal set of services configured by vmconfig:

containerd + runc as the container runtime
kubelet + cni-plugins for running and networking Pods
nstance-agent for VM lifecycle (registration, health, certs)
fluent-bit for OTel-compatible log forwarding
kube2iam for providing IAM roles to Pods on AWS
A built-in container image registry (zot) so image pulls don’t need to depend on the public internet

Control plane VMs additionally run:

Netsy as the etcd alternative, backed by object storage
kube-apiserver, kube-scheduler, kube-controller-manager

In the cluster

Core components, always installed (unless you select None for a bare cluster):

Cilium for CNI and network policy
CoreDNS for cluster DNS
Flux CD for GitOps-based Podplane component configuration and upgrades
Gateway API CRDs for modern ingress patterns
Podplane’s own platform charts for namespaces, RBAC, default trust bundles, and certificate issuers

Recommended addon components, installed by default and managed via podplane install / podplane uninstall:

Traefik ingress controller with a Gateway API configuration
cert-manager + cert-manager-csi-driver for TLS certificate issuance
trust-manager for cluster-wide trust bundle distribution
Cluster API + Nstance operator for in-cluster node management

Optional addons planned to be available via podplane install:

metrics-server for Pod and Node metrics
cluster-autoscaler for automatic node scaling
node-problem-detector for surfacing node hardware/kernel/runtime issues
snapshot controller + cloud provider CSI drivers (e.g. AWS EBS) for persistent volumes
secrets-store-csi-driver for mounting secrets from external secret stores

Golden path templates for your apps

Once your cluster is up, podplane deploy uses opinionated, tested templates to deploy your workloads - currently web for HTTP services and (soon) worker for background workloads, with more on the way. Templates declare their addon dependencies, so podplane deploy web will prompt to install Traefik if it isn’t already there.

The point of difference: it just works, even offline

What Podplane unlocks for offline and air-gapped use is the most exciting part of this release.

Because Podplane vertically integrates its dependency supply chain, and uses the same VM image for all environments, you can:

Spin up a real Kubernetes cluster on your laptop while flying between cities, with the same components you’re running in production.
Run a fully air-gapped production cluster in regulated or compliance-heavy environments, with a cluster that has no calls home, no telemetry leaving your network, and no dependency on a vendor’s control plane.
Develop comfortably on slow internet - whether that’s slow internet in your region, a cafe with terrible WiFi, or anywhere else the cloud assumes “always connected”.

The Podplane CLI downloads its dependencies once and caches them, so once you’ve created your first local cluster, subsequent podplane local start commands work entirely offline. The same files are reused when deploying real clusters, so you can just sync the CLI-cached artifacts to anywhere you need them for running your air-gapped production clusters. This doesn’t just apply to one category of runtime dependencies - it’s across VM packages, archives, & binaries, Kubernetes & component container images, and golden path templates and their container images too.

The journey: building blocks first

Getting here required creating the necessary building blocks.

After announcing Nadrama’s “all-in on open source” pivot, it was clear a new foundation was needed - one not built on top of existing managed services or single-cloud assumptions. Over the past 8 months, Nadrama has shipped:

Easy OIDC (November 2025) - a minimal OIDC server for Kubernetes authentication via Google or GitHub, with no database to manage.
S3lect (November 2025) - a Go package for leader election using S3 (or S3-compatible object storage) as the coordination mechanism.
Nstance (March 2026) - a fast, multi-cloud VM auto-scaler for AWS, Google Cloud, and Proxmox.
Netsy 1.0 (April 2026) - the multi-node release of Nadrama’s object-storage-backed etcd alternative.

Each one was built because Podplane needed it, and each one is genuinely useful on its own.

With Netsy 1.0 shipped, the last piece was in place. Podplane is the project that ties them all together into a coherent platform.

A growing ecosystem and community

To reflect this, Netsy, Nstance, Easy OIDC, s3lect, and puidv7 are now considered sub-projects under the broader Podplane project. They remain independently usable and independently versioned, but they share a roadmap, a community, and a contributor process.

And Podplane is now officially accepting contributors. The Podplane contributor guide walks you through joining the community forum, signing a CLA (derived from the Apache Software Foundation templates), and getting added to the relevant GitHub orgs.

The first external contributor has already had 5 pull requests accepted into Netsy mainline - thank you! 🎉 More contributors are very welcome, and Nadrama will be engaging with the community at various events in the coming months.

A new home for the community: the Podplane Community Forum

As part of opening up to contributors, the Podplane community is launching on an inclusive, public, and searchable platform: forum.podplane.dev, powered by Discourse.

Now that Discourse supports live chat and direct messages (DMs), it’s a better fit for an open source community than Discord. Threads can be public, don’t ever have to be archived, are indexed by search engines, and you can engage at your own pace.

What’s next

Today’s release is a developer preview. Between now and a 1.0 release, Nadrama’s focus is on rounding out the full vision and striving for a consistent experience across all providers and developer/CLI operating systems:

A consistent experience across all providers - Podplane supports AWS, Google Cloud, and Proxmox. The developer preview prioritised making AWS support robust; the focus is now shifting to Google Cloud and Proxmox to meet the same quality bar, and closing any gaps in the CLI automation and documentation along the way.
Stabilising the CLI contract - the CLI surface (commands, flags, config file format, generated infrastructure-as-code outputs, hook interfaces) will be stabilised ahead of 1.0.
Host OS test coverage - the CLI has been developed and dogfooded primarily on macOS so far. The test matrix will be expanded to cover Linux and Windows as first-class development hosts ahead of 1.0.
Production hardening - dogfooding Podplane for Nadrama’s own infrastructure, and incorporating feedback from early adopters.
More templates and components - expanding the library of golden path app templates and addon components.
The Nadrama managed Cloud - a managed Podplane offering will follow, for teams that want the platform without operating it themselves. Sign up to the Cloud console to join the waitlist.

For organisations wanting a managed service that’s on-prem or air-gapped, Nadrama can provide professional support and managed services. And if Podplane is close to what you’re looking for, and you want to sponsor feature development to close any gaps, Nadrama can make that happen too. If either of these things are of interest, please get in touch.

If you’ve made it this far, thank you. Podplane represents 2+ years of work, a lot of late nights, and a lot of coffee. It’s the platform Nadrama wished existed from day one - hopefully you’ll find it useful too.

Get involved

⭐ Star the Podplane GitHub repository
📖 Read the getting started guide
💬 Join the community forum
🛠️ Read the contributor guide and sign the CLA to start contributing PRs

Thanks for reading - looking forward to seeing what you build with Podplane.

Published: Jun 3, 2026 .