BETA — GA coming soon From the team behind Kamaji

Take Kubernetes
down to the metal

Bare metal, virtualization, networking, and operating system — unified under one cloud-native control plane.

Built for Enterprises, Cloud Providers, and AI Factories.

01 Why kMetal

Three things hypervisor stacks can't give you.

kMetal is the distillation of years operating Kubernetes at scale. It removes the layers you don't need and unifies the ones you do.

01 Unification

No hypervisor. One team.

Bare metal plus Kubernetes-native virtualization collapses the platform / infrastructure divide. The team that runs Kubernetes runs the virtualization layer too — same API, same tools, same on-call rotation.

02 Isolation

True multi-tenancy, not namespaces.

Independent clusters per tenant. Independent OVN networks per tenant. Resource quotas and policy enforcement applied at the boundary. Real isolation, the kind you can actually sell as a service.

03 Declarative

Everything as Kubernetes — even the OS.

Build immutable OS artifacts declaratively as Kubernetes objects. No more Packer, no more Ansible, no more importers. The same declarative loop, end-to-end.

02 Architecture

One control plane.
Every layer of the stack.

kMetal exposes the entire stack — from the OS image up to the tenant cluster — through a single Kubernetes-native API. No bolt-ons. No second operations plane. No glue scripts pretending to be infrastructure.

  • kubectl apply, all the way down
  • GitOps-native by default
  • No proprietary CLI, no out-of-band consoles
L04

Tenant clusters

KamajiCluster API

Independent Kubernetes clusters, one per tenant. Isolated control plane, isolated network, isolated lifecycle.

L03

Networking

OVNOVSBGP

Tenant VPCs. Logical networks, Virtual routers, LoadBalancers, no shared L2 broadcast domain across tenants.

L02

Virtualization

KVMKubeVirt

KVM-backed virtual machines orchestrated as Kubernetes objects. No vCenter, no separate operations plane.

L01

Bare metal & OS

Cluster APIKairos

Immutable OS artifacts built declaratively as Kubernetes objects. Provisioning, lifecycle, drift control — all native.

03 Multi-tenancy

Real isolation.
The kind you can sell.

"Multi-tenant" usually means "shared namespace with extra YAML." kMetal means independent clusters, independent networks, and independent lifecycles — engineered for operators who put a price tag on a Kubernetes cluster.

Hosted control planes

Each tenant gets their own dedicated Kubernetes API server, isolated etcd, independent lifecycle. Control planes run as pods on shared management infrastructure.

Network isolation

OVN gives every tenant their own L2/L3 fabric. No shared broadcast domain, no leaked traffic, no compromise.

Resource quotas

CPU, memory, GPU, storage — quota and policy enforcement applied at the boundary, observable in Prometheus.

Policy enforcement

Admission policies, security baselines, and platform guardrails enforced declaratively per tenant.

04 Immutable Images, the Kubernetes way

Goodbye Packer. Goodbye Ansible. Welcome Immutable OS.

Operators define their immutable OS artifact as a Kubernetes object — kMetal builds, signs, and rolls it out. The same declarative loop you already trust for your workloads, applied to the metal underneath them.

os-image.yaml
apiVersion: images.kmetal.io/v1alpha1
kind: ImmutableOS
metadata:
  name: tenant-gpu-node
spec:
  base: flatcar-stable
  kernel:
    modules: [nvidia, vfio_pci]
  packages:
    - name: cuda-toolkit
      version: "12.4"
  signing:
    secretRef: cosign-keys
  rollout:
    strategy: RollingDrain
    maxUnavailable: 10%

// Illustrative example. API surface subject to change before GA.

05 Built for three audiences

Three stages. Same band.

Enterprises, Cloud Providers, and AI Factories ask the same questions of their infrastructure — isolation, density, repeatability, control. kMetal answers them with the same architecture.

For Enterprises

Your private cloud, hyperscaler-clean.

  • Hyperscaler patterns running on hardware you already own.
  • Business-unit isolation as a Kubernetes primitive.
  • License-free virtualization — KVM, no VMware tax.
  • One platform across dev, staging, and edge sites.
For Cloud Providers

Run Kubernetes worth selling.

  • Independent control plane and OVN network per tenant.
  • Self-service tenant provisioning with hosted control planes.
  • Resource quotas observable from your existing Prometheus stack.
  • No hypervisor licensing tax priced into your margin.
For AI Factories

GPU fleets, isolated by tenant.

  • Pin GPUs per tenant cluster, not per namespace.
  • Build CUDA / driver-stamped OS images declaratively.
  • Reclaim, reschedule, and re-provision nodes in minutes.
  • Quotas and policy at the tenant boundary — not the workload.
06 Standing on giants

Built on the open source you already trust.

kMetal isn't a re-implementation. It's an opinionated, hardened, supported integration of the open source projects you already have a strong opinion about — wired together so the operating model is consistent from the metal up.

// No proprietary forks. No hidden dependencies.

  • Kubernetes

    The substrate. kMetal is Kubernetes — not a layer alongside it.

  • Kamaji

    Hosted control planes. One Kubernetes API server per tenant, no shared kube-apiserver fate.

  • Cluster API

    Declarative cluster lifecycle. Provisioning, upgrades, and scaling as Kubernetes objects.

  • KubeVirt

    Virtual machines as first-class Kubernetes workloads, scheduled alongside pods.

  • KVM

    The hypervisor inside the kernel. No vendor virtualization stack to license or operate.

  • OVN

    Programmable networking per tenant. Logical switches, routers, and policies, declared and reconciled.

07Encore

Ready to unify
your infrastructure?

kMetal is in private BETA. We work hands-on with each design partner to make sure it lands clean in your environment. Tell us about your fleet — we'll bring an engineer to the call.

// BETA → GA on the way