Skip to main content
v1.29.0Connect Snowflake and schedule warehouses to cut idle spend.

The platform engineering layer
your cloud doesn't ship with.

Landing zone. Deploy pipeline. Audit trail. Built once, runs on AWS, GCP, and Azure. Your team gets push-to-deploy speed without the six-month internal-platform project.

AWS · GCP · Azure · BYOC · ISO 27001 · SOC 2 Type II · open-source roots

customer
McAfee
running platform engineering on zopday in production
AWS accounts
12
multi-cloud landing zones, BYOC
K8s clusters
48
across regions
throughput
1,000+
req/sec sustained on production
see the product

The console. Every cluster, every cloud, one workspace.

Provision, datastores, clusters, deployment spaces, projects, audit logs, all on the same surface.

zopday deployment spaces console listing GCP, AWS, and Azure clusters
PROBLEM
section 1 · the problem

Building a platform is hard.
Renting one is worse.

Hosted PaaS rents you their stack. Internal platforms cost millions to build and a permanent team to keep alive. Raw cloud is five engineers, a YAML graveyard, and onboarding by tribal knowledge. None of the three are working.

$400K–1.2M to build a serious internal platform 3–8 engineers over 12–18 months before a single product team is onboarded. Then forever to maintain.
12 weeks to ramp a new engineer on cloud VPCs, IAM, EKS, Helm, ArgoCD, Terraform — before a line of feature code ships. Half quit before they ship.
500+ lines of Terraform per EKS cluster Hand-written, lifted from a stale Gist, copy-pasted across environments. The drift accrues. The audit fails.
  • Cluster spin-up time Days of Terraform + manual approvals.
  • Cross-cloud parity Works on AWS. Breaks on GCP. Rewritten for Azure.
  • Helm rollout debugging kubectl get pods… CrashLoopBackOff. Tail the logs. Pray.
  • New engineer onboarding Weeks of tribal knowledge before first deploy.
  • Platform-team headcount A growing tax on every product team's velocity.
SOLUTION
section 2 · three stages

One platform. Three stages. Security baked in at every step.

Day 0 to landing zone. Every day to deploys. Every minute to live state.

Landing Zone

Production-ready clusters in minutes.

Production-grade compute, datastores, networks. 30 minutes, every cloud. GKE · EKS · AKS via wizard. MySQL · Postgres · Redis with HA, backups, deletion protection. RBAC and secrets from minute zero. IRDAI controls applied by default.

DAY 0

Deployment

Push code → production.

Push code → production via Helm. No Dockerfile required, zopday auto-builds from your repo. Security scans on every build. DORA-grade visibility. One-click rollback. Sensitive env vars masked, stored in your cloud-native secret manager, never ours.

EVERY DAY

Live State

Cluster, live. Audited, every change.

K8s state, real-time, 21 resource pages with detail drawers across every connected cluster. Cluster reachability probed every 60 seconds; transient hiccups retry silently. If a cluster goes inactive, deleted, RBAC revoked, cert expired, Sync, Connect Datastore, and Install Component gate cleanly. Audit trail captures every change.

EVERY MINUTE
DEPTH
section 3 · features

The depth behind
the three stages.

Seven more features you’d otherwise build internally, each one validated against the changelogs from v1.1.1 forward.

section 4 · how it actually works

From git push to live URL, without leaving the editor.

A real deploy, in real time — mock data, real flow.
~/your-repo · main · zopday deploy ACTIVE
$ git push origin main
  1. 01 CONNECT OAuth verified for AWS · GCP · Azure · read-only first, write scoped on opt-in +30s
  2. 02 REPO GitHub webhook HMAC-verified · branch main · auto-deploy on push +30s
  3. 03 SCAN Railpack detected Go 1.21 · port 8080 · no Dockerfile required +60s
  4. 04 CONFIG 4 env vars masked → AWS Secrets Manager · never ours +60s
  5. 05 DEPLOY helm upgrade --install · ingress + cert-manager TLS · rollout 1/1 ready +90s
  6. 06 LIVE https://your-service.app · audit log written · Slack notified 4m 30s ✓
$
section 5 · proof

McAfee runs platform engineering on zopday.

McAfee multi-cloud platform engineering customer story illustration McAfeemulti-cloud platform engineering
Real estate
“Twelve AWS accounts. Forty-eight clusters. Same wizard, same hardening defaults, same audit trail across every cluster. One credential, one platform layer.”
Mahesh Tyagarajan VP Platform Engineering, McAfee
12 AWS accounts · 48 K8s clusters · 1,000+ req/sec in production
AWS accounts 12 multi-cloud landing zones
K8s clusters 48 across regions
Deployments 60% faster pipeline-driven, standardised
Audit prep 40% less compliance centralised
MTTR 30% faster full-stack observability
section 6 · where zopday fits

Hosted PaaS rents you their stack. Internal platforms cost you a team.

  Hosted PaaS
Render, Railway, Heroku, fly.io
Internal Platform
Backstage, Spinnaker, DIY
Raw K8s + Terraform
DIY
zopday
BYOC (your cloud, your bill)-
Push-to-deploy UXdepends-
Hardened K8s, multi-cloud wizardn/aweeksweeks
Live K8s state + reachability-DIY-
Multi-cloud (AWS + GCP + Azure)partialDIYDIY
DORA-lite + audit baked inpartialDIYDIY
India residency · IRDAI · DPDP-DIYDIY
Engineer-time to maintain-highvery highlow
section 7 · pricing

Aligned pricing. Free where it matters.

  Free Team Growth Enterprise
  Connect + 1 service Up to 10 services · 1 cloud Up to 50 services · all 3 clouds Unlimited + SLA
Playground access
BYOC (AWS / GCP / Azure)1 cloud1 cloudall 3all 3
Push-to-deploy + auto-detect
Helm rollouts + rollback
Auto-DNS + cert-manager
Live K8s view (21 resource pages)
DORA-lite metrics-
Audit log-
Add Existing clusters-
In-place updates + cross-VPC peering--
SAML SSO, RBAC--
India residency / VPC deploy---
Supportcommunitybusiness hoursprioritydedicated + SLA
Price $0 $299 / mo* $999 / mo* Custom
  Connect a cloud → Start trial → Start trial → Talk to platform sales →
section · stakeholder grid

Built for every seat in the room.

01

CFO / FinOps

Predictable variance. Verified against your bill.

stops the Friday "why is the bill up" meeting.
02

CTO / CPO

One platform. Three clouds. Four lifecycle stages.

stops the six-tool stack that doesn't talk.
03

VP Engineering

Ship product, not platform overhead.

stops the platform project "almost done" since Q1.
04

Platform / SRE

Cross-cloud inventory. CDCR auto-fix.

stops 3 AM pages from dashboard ↔ ticket gaps.
05

InfoSec / Audit

Read-only by default. Append-only audit.

stops "yet another vendor with broad write access."
faq

Things teams ask before they sign.

How does zopday compare to our existing Terraform setup?

zopday generates Helm charts; you keep your Terraform. The deploy pipeline runs against whatever infrastructure you already have. zopday’s value is the build (Railpack, no Dockerfile required), the rollout (Helm with diagnostics), the rollback (one-click, build skipped), and the live K8s view on top, not in owning your IaC.

Do zopday templates replace our infrastructure code?

No. zopday configures services through structured inputs, port, replicas, probes, CPU/memory, env vars, networking. The platform discipline (audit, secrets in the cloud-native secret manager, RBAC) is what survives an eject; your existing modules slot into that discipline.

Can I bring my own Helm charts?

Yes. Point a service at an existing chart in your repo, or use zopday’s generated chart as a starting point and fork it. The deploy pipeline runs either way. Generated charts ship with structured config; manually-authored charts get a one-time validation that the resource limits are declared.

How does zopday see live K8s state?

Real-time across every connected cluster, 21 resource pages cover Pods, Deployments, StatefulSets, Services, Ingresses, Network Policies, and the rest. Cluster reachability is probed every 60 seconds; if a cluster goes inactive (deleted, RBAC revoked, cert expired), Sync, Connect Datastore, and Install Component gate cleanly. Transient network hiccups retry silently.

Do we need to give up our existing CI?

No. Trigger zopday deploys from any CI, GitHub Actions, GitLab CI, Jenkins, CircleCI. zopday handles the build (Railpack), the Helm rollout, the rollback. Your CI orchestrates whatever it already orchestrates; zopday slots in as the deploy surface.

What happens to our workloads if we leave zopday?

They keep running. zopday is BYOC and a control plane, no data-path dependency, no proprietary runtime. The services run as standard Helm releases on your clusters, backed by IaC you own. Eject the zopday control plane and the workloads stay where they are.

What’s the security model?

Read-only by default, no write IAM at credential connect. Write access is scoped, opt-in, and tag-conditioned: enabled per environment, narrowed to the resource types you allow, fenced to the resources tagged eligible. Every write goes through the audit middleware (actor, action, timestamp, body) and lands in the append-only log. SAML SSO, RBAC, SOC 2 controls all on the Growth and Enterprise tiers.

Stop building the platform.
Start shipping product.

See. Provision. Deploy. Audited.

Connect your first cloud account in under five minutes. See your first deploy live in under seven. No credit card required.

5 min cloud connect time
7 min first deploy live
3 clouds same wizard, same defaults
Three products. One platform.
Platform engineers · Scale-ups ◀ you are here FinOps leads · CFOs · Enterprises
zopday zopnight
Your cloud. Our platform layer. Continuous governance + cost optimisation.
→ zopday.dev → zopnight.com

No re-platform when you grow. No surprise bill when you scale. No drift when it’s running. Looking at the platform? → zop.dev

Multi-cloud automation· Production-ready in 30 min· SOC 2 · ISO 27001 · zero-trust· 30% average cloud cost cut· 4 platforms · 1 console· Multi-cloud automation· Production-ready in 30 min· SOC 2 · ISO 27001 · zero-trust· 30% average cloud cost cut· 4 platforms · 1 console·