Atmosly
Login Connect cluster →
Core 03 · Cloud Provisioning

Import and manage any Kubernetes cluster you already run.

Connect EKS, GKE, AKS, or on-prem — with a cloud account or a single import token. Public or private, in any cloud or your own datacenter, Atmosly manages it end to end. Read-only to start, and for private clusters there's nothing to expose.

Import a cluster → How private clusters connect
  • Public or private
  • Cloud or on-prem
  • Read-only by default
Connected clusters · 6 Import cluster
ClusterProvider · regionEndpointConnectionHealth
prod-eu-west
EKS · eu-west-1
Private
Agent
Healthy
prod-us-east
EKS · us-east-1
Public
Cloud account
Healthy
staging-gke
GKE · us-central1
Public
Cloud account
Healthy
data-aks
AKS · westeurope
Private
Agent
Healthy
on-prem-dc1
On-prem · rack-3
Private
Agent
Healthy
edge-k3s-204
k3s · store-204
Private
Agent
Syncing
How import works

Connected in minutes, not a migration

Point Atmosly at a cluster you already run. Nothing to rebuild, no workloads to move — and read-only until you decide otherwise.

STEP 01

Choose a path

Connect a cloud account for clusters with a reachable API, or generate a one-time import token for everything else.

STEP 02

Agent checks in

For token or private clusters, a lightweight in-cluster agent dials out over TLS and registers — read-only by default.

STEP 03

Inventory syncs

Nodes, namespaces, workloads, and add-ons are discovered automatically — your fleet shows up populated.

STEP 04

Fully managed

SRE, security, cost, CI/CD, and day-2 ops all light up — public or private, the experience is identical.

Bring any cluster

Public, private, or air-gapped — connect them all

For a cluster whose API server has no public endpoint, the in-cluster agent dials out — so there's nothing to expose, no bastion, and no VPN peering to set up. The same outbound path carries every operation, forever.

Your cluster · private

No public API endpoint

EKS, GKE, AKS, or on-prem. A lightweight agent runs inside the cluster — read-only by default, mutation-capable only when you opt in.

outbound TLS · 443
Atmosly control plane

Receives the connection

The agent initiates every connection outbound. No inbound ports opened

Cloud-account import

Connect with your cloud credentials and Atmosly reaches the cluster API directly — the fast path for clusters with a reachable endpoint.

Token import + agent

Drop a lightweight agent into any conformant cluster with one command. Works across clouds and on-prem — no cloud account required.

Private-endpoint clusters

No public API server? The agent's outbound tunnel carries every operation — no inbound firewall rules, bastion host, or VPN to maintain.

Once connected

End-to-end management — even for private clusters

Import is just the start. Every capability on the platform operates on a connected cluster through the same path — and for private clusters, every action routes through the agent, so the management surface is identical whether the API server is public or not.

AI SRE remediation

Detect, diagnose, and apply ranked fixes — GitOps-only with the read-only agent, or one-click apply with the ops agent.

Security & compliance

Continuous posture scoring and drift detection against CIS, PCI DSS, SOC 2 — on every connected cluster.

Cost & right-sizing

Spend broken down by namespace and service, with right-sizing recommendations from real usage.

CI/CD & GitOps

Run pipelines and reconcile ArgoCD applications — the agent applies manifests even when the API isn't publicly reachable.

Helm marketplace

Install, upgrade, and roll back signed charts — routed through the agent for private clusters, with the same guardrails.

Logs, events & exec

Stream pod logs and cluster events, and exec into a pod to debug live — over the same outbound connection.

Secrets sync

Pull from your secret manager at deploy time and inject at runtime — nothing baked into images or stored in plain text.

Day-2 node & add-on ops

Scale node groups, manage add-ons, and run upgrades — all governed by the same guardrails and audit trail.

The payoff

Any cluster, fully managed — nothing exposed

Any cluster
EKS · GKE · AKS · on-prem, public or private
Outbound 443
no inbound ports, bastion, or VPN to maintain
Read-only
by default — opt in to write actions per cluster
End-to-end
the full platform, once a cluster is connected
Same control plane

Cluster import is one of three cores

Connect, ship, and run share one UI, one audit trail, and one permissions model.

Core 03 · Provisioning

Guardrails

The policy every action on a connected cluster runs through.
Core 03 · Provisioning

Cloud Resources

Databases, node groups & add-ons for your connected clusters.
Core 01 · Operations

AI SRE Agent

Detect, diagnose & fix incidents on every cluster you import.
Questions

What teams ask about importing clusters

Which clusters can I import?
Any conformant Kubernetes cluster — EKS, GKE, AKS, k3s, or a vanilla on-prem cluster. Connect it with a cloud account when the API is reachable, or a one-time import token plus the in-cluster agent for everything else.
What about a cluster with a private-only API endpoint?
That's the common case the agent is built for. It runs inside the cluster and dials out over TLS on 443, so Atmosly never needs to reach the API server directly — no inbound firewall rules, no bastion, and no VPN peering. Every operation flows back over that outbound connection.
What access does Atmosly get?
Read-only by default. The agent that ships first is a read-only fetcher — it can observe and diagnose but not change anything. Write actions (apply a fix, install a chart, scale a node group) require opting in to the mutation-capable agent, per cluster, and every action runs through your guardrails and the audit trail.
Does it work on-prem or air-gapped?
Yes. As long as the cluster can make an outbound HTTPS connection, the agent handles the rest — no cloud account, no public endpoint, and no inbound access required. The management experience is identical to a public cloud cluster.
From the blog

The latest on connecting clusters

View all posts →
The 3 Cloud Leaks Every Kubernetes Bill HidesCost Intelligence

The 3 Cloud Leaks Every Kubernetes Bill Hides

Your AWS invoice shows what you spent, never what you wasted. Here are the three Kubernetes cost leaks hiding in every EKS bill — and how to spot them.

Jun 2026
Portal IDP vs Execution IDP: The Difference That Actually MattersPlatform

Portal IDP vs Execution IDP: The Difference That Actually Matters

Portal IDPs show developers a button; execution IDPs run the action. Learn the difference, four tests to classify any IDP, and which one your team needs.

Jun 2026
Kubernetes Cost Allocation: Showback vs Chargeback (2026 Guide)Cost Intelligence

Kubernetes Cost Allocation: Showback vs Chargeback (2026 Guide)

Kubernetes cost allocation turns a shared cluster bill into per-team numbers. Learn showback vs chargeback, idle/shared-cost splitting, and the maturity path.

Jun 2026

Import your first cluster.

Connect a cluster read-only — public, private, or on-prem. See your fleet populate and the full management surface light up in minutes. Free, no sales call.

Import a cluster → Book a 15-min walkthrough