Open source · Self-hosted · Apache-2.0

Platz manages your Helm deployments.

A self-hosted control plane for Kubernetes. Install Platz once, point it at your registries and clusters, and give every team a typed UI for every chart — backed by environments, role-based permissions, full history, and live metrics from each running deployment.

Read the docs Source on GitHub

Deployments

A deployment is one Helm release Platz manages for you

Each deployment maps one-to-one to a Kubernetes namespace and a Helm release inside it. You give it a name, pick a chart version, choose the cluster, and fill in the form. Platz writes a task, the in-cluster agent runs helm install or helm upgrade, and the result lands back in the UI.

Deployments overview

One namespace per deployment. Labelled platz=yes so resource-sync picks it up automatically.
Enable / disable without losing state. Disabling uninstalls the release but keeps the config and history.
Values override as an escape hatch. Owner-only raw YAML layered on top of the form values when the form can't express it.

Charts & Extensions

Charts are discovered automatically and described in YAML

The platz-chart-discovery worker watches your Helm OCI registries — ECR via SQS events, generic OCI registries via polling — and surfaces every new version within seconds. Charts that bundle a platz/ directory get richer treatment: values-ui.yaml becomes a typed form, features.yaml declares status and ingress, actions.yaml defines custom operations, and resources.yaml registers child resource types your service owns.

Chart Extensions

Auto-discovery from any OCI registry. ECR uses push/delete events on SQS; generic OCI registries are polled.
Upgrades surface as a one-click action. When a newer version of an installed chart lands, every deployment of that kind shows an upgrade badge.
Reinstall on dependency change. Reference an env secret or another deployment from a chart input and Platz triggers a Reinstall when the dependency changes — with a recorded reason.
Git metadata via Chart.yaml annotations. Stamp platz.io/git/commit, branch, repo, and provider on the chart and Platz threads them through the UI — so the deployment list shows the exact commit and branch a release came from.
Chart Playground. An in-app sandbox for chart extension authors to validate inputs against real env data before publishing a new chart version.
Cardinality control. Declare a chart OnePerCluster (singleton) or Many (multiple instances per cluster).

apiVersion: platz.io/v1beta1
kind: ValuesUi
inputs:
  - id: domain_name
    type: text
    label: Domain name
    required: true

  - id: replica_count
    type: number
    label: Replica count
    initialValue: 1
    minimum: 1
    maximum: 10

  - id: database
    type: CollectionSelect
    label: Database
    collection: Secret

  - id: enable_delivery
    type: checkbox
    label: Enable delivery

  - id: delivery_zones
    type: text
    label: Delivery zones
    showIf: { var: enable_delivery }

outputs:
  values:
    - path: [ image, tag ]
      value: "{{ chart.image_tag }}"
    - path: [ replicaCount ]
      value: { input: replica_count }

platz/values-ui.yaml — excerpt

In-app Metrics

Live status and metrics, reported by the chart itself

When a chart opts in to the Status feature, the platz-status-updates worker polls a status endpoint on the deployment's standard ingress and writes the result back to the database. The UI shows a color-coded badge, an optional primary metric directly in the deployment list, and a full metrics grid on the deployment page — with no Prometheus or Grafana required to get started.

Status feature

Per-deployment primary metric. One number you care about most, surfaced right on the list row.
Notices for chart-defined warnings. Charts can report soft problems that show up as banners.
Updates streamed live. Status changes broadcast over WebSocket so the UI never goes stale.

Environments

Envs are Platz's top-level boundary

An env is a named group of clusters, the deployments that run on them, and the people who can touch any of it. Production lives in one env, staging in another, your dogfood cluster in a third — each isolated, each with its own settings and roster. Switching between them is a single click in the navbar, and every form on the page is scoped to the env you're in.

Environments & permissions

Rich, env-scoped settings. Attached clusters, env secrets (referenced from chart inputs), ingress defaults, role assignments, and a per-env Playground for chart authors.
Three RBAC layers that compose. Site admin is the global override. Env-level roles (Admin, User) decide who sees and configures an env. Deployment-level roles (Owner, Maintainer) decide who can create or modify deployments of a specific kind inside it.
OIDC for humans, bots for automation. Users authenticate via any OIDC provider (Auth0, Keycloak, Dex, Google). CI pipelines and GitOps controllers use scoped bot tokens — no shared human credentials.
Cluster ↔ env is a one-way attach. A cluster belongs to at most one env. Site admins do the attaching; env users see only what's been attached.

History

Every action is recorded as a task

Install, Upgrade, Reinstall, Recreate, Uninstall, InvokeAction, RestartK8sResource — every operation Platz performs against a deployment is a row in the deployment_tasks table, with the user (or bot) who triggered it, when, and the captured output. If a task fails, the stderr from the helm pod is in the task itself, so debugging is a click rather than a hunt through three log aggregators.

Tasks & History

Pending → Started → Done / Failed / Canceled. The lifecycle every task moves through.
Acting user, bot, or deployment. Exactly one of the three is recorded — so cross-service automation stays auditable.
Why a reinstall happened. Reinstall tasks carry the reason (a secret changed, a dependency was redeployed).

What Platz supports

Clusters, registries, and everything in between

Platz is designed to live next to what you already run. Cluster providers and chart registries are pluggable; the workers ship in two modes each.

Category	What	Discovery	Notes
Kubernetes clusters	Amazon EKS	Auto-discovered	`k8s-agent` in `eks` mode walks every AWS region in the account and registers every EKS cluster it can reach.
	Local / kubeconfig	Manual	`k8s-agent` in `local` mode registers a single cluster from a kubeconfig context. Used by the dev stack and bring-your-own-cluster installs.
Helm registries	Amazon ECR	Auto-discovered	`chart-discovery` in `ecr` mode subscribes to an SQS queue fed by ECR push/delete events — new chart versions appear in seconds.
	Generic OCI	Auto-discovered	`chart-discovery` in `oci` mode polls any registry that implements the OCI Distribution Spec on a configurable interval.
Authentication	Any OIDC provider	Standard	Auth0, Keycloak, Dex, Google, GitHub via an OIDC bridge — anything that speaks OpenID Connect.
Database	PostgreSQL 15+	External	Managed RDS / Aurora / Cloud SQL or self-managed — Platz treats it as external. Built and tested against PostgreSQL 17.
Ingress	Any v1 Ingress controller	Existing	`ingress-nginx`, AWS Load Balancer Controller, Traefik, and others. `cert-manager` optional for auto-issued certificates.

Reference app

See Platz on a real codebase

Pizza-Platz is an open-source set of repositories — shop, bank, farm, supplier, agency, customer — each shipped as a Helm chart with a Chart Extension. It's a worked example of how real services use Platz: how their values-ui.yaml is structured, how they surface status, how they wire deployment-to-deployment references, and how their Chart.yaml stamps the Git metadata Platz threads through the UI.

apiVersion: v2
name: shop
version: 0.1.0
appVersion: "0.1.0"

annotations:
  platz.io/git/commit: a8c1da83308d93b111c14f0c79e0b9acf7f01686
  platz.io/git/branch: main
  platz.io/git/repo: https://github.com/pizza-platz/shop
  platz.io/git/provider: github

Chart.yaml — Git annotations Platz surfaces in the UI

github.com/pizza-platz

Built with

The tech under the hood

Platz is open source under Apache-2.0 across every repo. The big pieces:

RustBackend, five workers, the SDKs
Vue 3Single-page web frontend
PostgreSQLSource of truth for state
BootstrapUI styles, dark mode
DieselSchema and migrations
Tokio + ActixAsync runtime and HTTP server
WebSocketLive UI updates from DB events
HelmWhat Platz manages
KubernetesWhere Platz runs and deploys
OpenID ConnectUser authentication
OCI DistributionChart registry protocol
DocusaurusThis site

Get started

Install Platz with Helm

You'll need a Kubernetes cluster, a PostgreSQL database, and an OIDC provider. The full install guide walks through the secrets, ingress, and per-cluster agent setup.

helm repo add platzio https://platzio.github.io/helm-charts
helm install platz platzio/platzio -n platzio

Install guide What is Platz?