Optiqor catches cost waste in every Helm, Kustomize, and ArgoCD PR, ships the optimized commit in one click, and verifies the savings against the real cloud bill 30 days later.
Kubernetes is where modern cloud waste hides. Teams over-provision pod requests by 3 to 5x. Clusters run at 20% utilization. Every Helm values change, Kustomize overlay, or ArgoCD Application PR is the moment the cost decision is made. Nobody is there.
Dashboards show you yesterday's spend. Autopilots take over your cluster as a black box. Cost calculators stopped at v0.1.1. The PR-time remediation layer is empty.
Optiqor lives in the PR. Writes the diff. Verifies the savings. Catches the regression.
Within 30 seconds of opening a Helm change, you get a comment with cost impact and a one-click Apply Fix button that pushes the optimized commit. We monitor every merged change for 7 days under the Auto-Rollback Guarantee. 30 days later we issue a cryptographically signed Receipt against the real cloud bill.
Obvious Kubernetes security misconfigurations get flagged in the same comment as a bonus. Cost is the wedge. Security is the side effect of parsing your chart anyway.
| Project | What it is | Status | License |
|---|---|---|---|
| optiqor-cli | npx @optiqor/cli analyze ./my-chart. Zero-install Helm cost analyzer that runs offline in three seconds. The free, honest, directional answer. Bonus: flags obvious security misconfigurations on the way through. |
Active | Apache-2.0 |
| Optiqor Platform | GitHub App + in-cluster agent + SaaS backend. Reads 30 days of Prometheus data, generates Apply Fix commits, issues signed savings Receipts, ships Auto-Rollback when reality drifts. Closed beta. | Beta | Proprietary (agent is Apache-2.0) |
| kerno | eBPF kernel incident diagnosis. The kernel knew minutes before your APM did. Kerno tells you what. Sibling open-source project, separate product line. | Active | Apache-2.0 |
1. PR opens → Optiqor parses the Helm / Kustomize / ArgoCD diff
2. Within 30s → PR comment with cost delta, Apply Fix button (security findings bundled in)
3. Click Apply Fix → We push a commit to your branch with the optimized values
4. Merge → We start a 7-day Auto-Rollback watch
5. Day 30 → Signed Receipt: actual dollars saved, verified against the cloud bill
Three things are unique:
- Apply Fix, not just commentary. Every other tool tells you a number. We open the PR with the change.
- Receipts, not promises. We sign every claim against AWS Cost Explorer, Azure Cost Management, or a Hetzner capacity ledger. The savings are auditable.
- Auto-Rollback, not "good luck." If cost or reliability drifts beyond bounds in the 7 days after merge, we open the rollback PR ourselves.
The other public product. Different problem space, same philosophy: live in the place where the decision is made, ship the answer in your terminal.
When something breaks in production, your APM dashboard is green and the kernel already knew minutes ago. Application logs say "connection refused" but the actual cause is DNS. Traces show 5-second latency but the bottleneck is cgroup CPU throttling. Engineers spend hours chasing the symptom because the cause lives below the application layer.
kerno runs 30 seconds of eBPF signal collection across six dimensions (syscall latency, TCP flows, OOM events, disk I/O, scheduler delays, FD leaks), evaluates deterministic rules, and prints a ranked report of findings with copy-paste fixes. Optional AI enrichment adds plain-English root-cause analysis. Works on bare metal, VMs, EC2, GCE, and Kubernetes from a single Go binary.
curl -sfL https://raw.githubusercontent.com/optiqor/kerno/main/scripts/install.sh | sudo bash
sudo kerno doctor| Highlights | |
|---|---|
| Six eBPF programs, CO-RE portable | Tested on kernel 5.15 through 6.17 |
| Zero false positives at idle | Rules that fire on a quiet host get pulled |
| Optional AI providers | Anthropic, OpenAI, Ollama (raw HTTP, no SDK lock-in) |
| Kubernetes-native | Helm chart, DaemonSet, Prometheus metrics, ServiceMonitor |
| Auto-graceful degradation | A failed eBPF program logs and skips, never bails the daemon |
| Single binary | Bare metal, VMs, EC2, GCE, Hetzner, K8s. One install path each. |
Try the cost CLI (no account, no cluster connection):
npx @optiqor/cli analyze ./my-helm-chartA directional cost report in under three seconds, fully offline. Security findings come along for free.
Diagnose a production incident with kerno:
curl -sfL https://raw.githubusercontent.com/optiqor/kerno/main/scripts/install.sh | sudo bash
sudo kerno doctorA 30-second eBPF capture, ranked findings, plain-English fixes.
Want exact savings in your PRs? The full Platform is in closed beta. Reach out at team.optiqor@gmail.com to join the wait list.
We own Kubernetes in 12 months instead of trying to own everything in 24.
Clusters: AWS EKS, Azure AKS, Hetzner Cloud K8s. GKE follows in Year 2. GitOps: ArgoCD, Flux CD. VCS: GitHub, GitLab. Bitbucket follows in Year 2. Templating: Helm, Kustomize.
- OSS by default for what runs in your cluster. Both public products and the in-cluster agent are Apache-2.0. The SaaS backend is proprietary. Regulated customers don't run closed-source binaries in production. We respect that.
- Single-binary delivery. No separate control plane, no Helm chart with 47 values.
curl,npx, orhelm installand you have it. - Few false positives. A rule that fires on a quiet system gets pulled. Operator trust compounds, alert fatigue is permanent.
- Boring technology. Stdlib over framework. Postgres over the latest. Polling when polling is enough.
- Build in the open. Roadmaps, ADRs, and post-mortems live in GitHub Discussions.
Both public repos have full contributor guides:
Common ground:
- Conventional Commits. Squash merges. DCO sign-off (
git commit -s). - Good-first-issues are labeled in both repos.
- Slash commands in PRs:
/assign,/take,/lgtm,/merge,/hold,/retest. - Auto-release of stale claims after 10 days, contributor cap of 2 concurrent claims.
Built for platform engineers who got tired of being the cost department.
Security disclosure: GitHub Security Advisories. Never a public issue.
