Best tools for Self-Hosted Deployment

Self-hosted cloud development environments for teams and AI agents

Coder provisions self-hosted cloud development environments on any infrastructure including Kubernetes, Docker, AWS, GCP, and Azure. Developers connect through VS Code, JetBrains IDEs, or browser-based editors to standardized environments with pre-configured dependencies. Features template-based provisioning, automatic shutdown, and audit logging. Over 12,800 GitHub stars with growing AI agent use cases.

ClickHouse-powered APM with 100% trace sampling and affordable retention

Uptrace is an OpenTelemetry-native APM platform that stores traces, metrics, and logs in ClickHouse for high-performance querying with 100% trace sampling. Unlike platforms that sample traces to control costs, Uptrace retains every trace for complete visibility into system behavior. Self-hosted under BSL license or available as a managed cloud service with affordable per-event pricing.

Open-source replacement for Datadog, PagerDuty, and StatusPage combined

OneUptime is an MIT-licensed observability platform that combines infrastructure monitoring, incident management, status pages, and APM in a single self-hosted solution. It replaces the need for separate Datadog, PagerDuty, and Atlassian StatusPage subscriptions. Features OpenTelemetry-native data ingestion, on-call scheduling, automated incident workflows, and public status page hosting.

Nix-powered reproducible development environments

devenv uses Nix to create reproducible, declarative development environments that work consistently across machines. Define project dependencies, services, environment variables, and pre/post hooks in a single devenv.nix file. Supports automatic shell activation, process management for databases and services, and integration with direnv for seamless directory-based environment switching.

Fast and lightweight Docker Desktop alternative for macOS

OrbStack is a macOS application that replaces Docker Desktop with dramatically faster container and Linux VM management. It starts containers in seconds, uses significantly less CPU and memory than Docker Desktop, and provides native macOS integration with menu bar controls, file sharing, and network access to containers by name. Supports Docker, Kubernetes, and full Linux VMs.

Linux Foundation fork of HashiCorp Vault for secrets management

OpenBao is the Linux Foundation's community-driven fork of HashiCorp Vault created after Vault's license change from open-source to BSL. It provides secrets management, encryption as a service, dynamic credentials, and PKI certificate management. Maintains API compatibility with Vault while developing under truly open-source governance with over 5,700 GitHub stars.

Self-hosted customer identity management with no per-user pricing

FusionAuth is a customer identity and access management platform that can be self-hosted or cloud-deployed with no per-user fees. It supports OAuth2, OIDC, SAML, passwordless login, social providers, MFA, and advanced threat detection. Features a drag-and-drop theme builder for login page customization and supports multi-tenant application architectures with unlimited users on the community edition.

Modular open-source identity infrastructure with Kratos, Hydra, and Keto

Ory provides a suite of modular open-source identity components: Kratos for user management and authentication, Hydra for OAuth2 and OIDC, Oathkeeper for API gateway authorization, and Keto for fine-grained permission management. Used by OpenAI and other major organizations. API-first design with Go-based microservices that deploy independently or together as Ory Network cloud.

Open-source identity provider for self-hosted SSO and access management

Authentik is an open-source Identity Provider supporting SAML, OAuth2/OIDC, LDAP, RADIUS, and SCIM for self-hosted single sign-on. It provides customizable authentication flows, multi-factor authentication, user management, and proxy-based SSO for applications without native support. Positioned as a modern, simpler alternative to Keycloak with over 14,000 GitHub stars and enterprise features.

Lightweight Kubernetes distribution for edge, IoT, and development

k3s is a CNCF Sandbox lightweight Kubernetes distribution packaged as a single binary under 100MB. Created by Rancher Labs and now maintained by SUSE, it strips non-essential components and bundles containerd, Flannel, CoreDNS, and Traefik into a minimal but fully conformant K8s distribution. Ideal for edge computing, IoT, ARM devices, and local development environments.

Heroku-like PaaS built on Kubernetes with YC backing

Porter is a YC-backed platform-as-a-service that provides a Heroku-like deployment experience on top of Kubernetes. It abstracts away cluster management while giving teams full access to underlying infrastructure when needed. Supports deploying from Git repos, Docker images, or Helm charts with automatic HTTPS, scaling, and preview environments. Runs on AWS, GCP, or Azure.

Production-grade Terraform modules and infrastructure library

Gruntwork provides a library of battle-tested, production-grade Terraform modules covering AWS, GCP, and Azure infrastructure patterns. Modules handle networking, compute, databases, security, monitoring, and compliance with best practices built in. Terragrunt, their open-source Terraform wrapper with 15k+ stars, adds DRY configuration, remote state management, and multi-account orchestration.

Zero-friction single-binary Kubernetes distribution by Mirantis

k0s is a lightweight, CNCF-certified Kubernetes distribution packaged as a single binary with zero host dependencies. Backed by Mirantis, it simplifies cluster deployment by bundling all required components into one executable that works on any Linux system. Supports x86-64, ARM64, and ARMv7 architectures with automatic upgrades and a built-in control plane load balancer.

Open-source AI coding agent with self-hosted deployment option

Refact.ai is an open-source AI coding agent that handles engineering tasks end-to-end with code completion, refactoring, and context-aware chat. It ranks #1 on SWE-bench Verified among open-source agents. Supports self-hosted on-premise deployment, BYOK with 20+ LLMs, and RAG-powered codebase understanding. Available for VS Code and JetBrains IDEs with integrations for GitHub, Docker, and PostgreSQL.

Autonomous Kubernetes and GPU infrastructure optimization

ScaleOps provides autonomous real-time management of Kubernetes and GPU infrastructure, reducing cloud costs by up to 80 percent without manual configuration. Backed by 130 million in Series C funding at an 800 million dollar valuation, it serves enterprises including Adobe, Wiz, DocuSign, and Salesforce. The platform continuously rightsizes pods, optimizes replicas, manages nodes, and allocates GPUs based on live workload demand rather than static configurations.

Kubernetes-native framework for DevOps AI agents

kagent is a Kubernetes-native AI agent framework developed at Solo.io and accepted into the CNCF sandbox. It provides a structured environment for running DevOps-focused agents directly within Kubernetes clusters, with a dedicated kmcp toolkit for cloud-native operations. Unlike general-purpose agent frameworks, kagent targets platform engineers and SREs who need AI assistance with cluster management, troubleshooting, and infrastructure automation workflows.

Self-hosted UI and API for Ansible, Terraform, and scripts

Semaphore UI provides a web interface and REST API for running Ansible playbooks, Terraform and OpenTofu configurations, Bash scripts, and PowerShell commands from a centralized self-hosted platform. With over 13,000 GitHub stars and 2 million Docker pulls, it replaces AWX and manual terminal execution with a polished dashboard for scheduling, access control, notifications, and execution history across mixed infrastructure automation environments.

IaC orchestration layer for scaling Terraform and OpenTofu

Terragrunt is an infrastructure-as-code orchestration tool that wraps Terraform and OpenTofu to keep configurations DRY, manage remote state, and coordinate multi-module deployments. The 1.0 release introduced stacks, filters, run reports, and backward compatibility guarantees after 900+ releases and tens of millions of infrastructure deployments. It provides a thin orchestration layer that eliminates duplication across environments without replacing the underlying IaC tools.

On-device AI inference engine for mobile and wearable applications

Cactus is a YC-backed open-source inference engine built specifically for running LLMs, vision models, and embeddings on smartphones, tablets, and wearable devices. It provides native SDKs for iOS, Android, Flutter, and React Native with optimized ARM CPU and Apple NPU execution paths. Cactus achieves the fastest inference speeds on ARM processors with 10x lower RAM usage compared to generic runtimes, enabling privacy-first AI applications that run entirely on-device.

Microsoft's framework for running 1-bit large language models on consumer CPUs

BitNet is Microsoft's official inference framework for 1-bit quantized large language models that enables running models with up to 100 billion parameters on standard consumer CPUs without requiring a GPU. By leveraging extreme quantization where weights use only 1.58 bits on average, BitNet achieves dramatic reductions in memory footprint and computational cost while maintaining competitive output quality for many practical use cases.

Rust-based agent OS with built-in security, WASM sandboxing, and multi-agent runtime

OpenFang is an open-source agent operating system built in Rust that provides a secure multi-agent runtime with WASM sandboxing, auditability layers, and multi-channel communication. It goes beyond typical orchestration SDKs by treating agent security and operational isolation as first-class concerns, making it suitable for teams deploying agents in environments where trust boundaries and audit trails matter.

Run frontier AI models across a cluster of everyday devices

exo turns a collection of everyday devices — laptops, desktops, phones — into a unified AI compute cluster capable of running large language models that no single device could handle alone. It automatically partitions models across available hardware using dynamic model sharding, supports heterogeneous device types including Apple Silicon, NVIDIA, and AMD GPUs, and communicates over standard networking without requiring specialized interconnects.

Multi-model database for the AI era — document, graph, vector, and relational in one

SurrealDB is a multi-model database that natively combines document, graph, relational, key-value, and vector storage in a single engine. It eliminates the need for separate databases by handling structured queries, graph traversals, full-text search, and vector similarity in one SQL-like query language called SurrealQL. Built in Rust for performance and safety, it supports real-time subscriptions, row-level permissions, and embedded or distributed deployment modes.

Git for data — version-controlled SQL database with branch, merge, and diff

Dolt is a SQL database that implements Git-style version control directly on your data. Every write creates a commit, and you can branch, merge, diff, and revert tables just like source code. It speaks the MySQL wire protocol so existing MySQL clients, ORMs, and tools work out of the box. Dolt is used for AI training data management, reproducible analytics, collaborative data editing, and agent memory stores.