One control plane for your entire fleet.
WireGuard mesh networking, Magic DNS, SSH Certificate Authority, a private Docker registry, and Kubernetes orchestration — all in one place. Built for Raspberry Pi, bare-metal servers, and cloud VMs.
Features
Everything your fleet needs
Watchgrid replaces five different tools with a single control plane — secure networking, identity, orchestration, image distribution, and observability all in one place.
WireGuard + Magic DNS
Every device joins a WireGuard mesh automatically. Reach any device by name (device.watchgrid.local) from anywhere in your fleet — no more juggling IPs.
SSH Certificate Authority
Issue short-lived SSH certificates instead of managing static authorized_keys files. Certificates expire automatically, reducing attack surface.
Kubernetes Orchestration
Provision K3s on any device and deploy workloads with a single API call. Watchgrid manages cluster state and applies manifests across your fleet.
Private Docker Registry
Push images once; Watchgrid distributes them over the encrypted tunnel. Fast local pulls with no reliance on public registries.
Fleet Visibility
Real-time status, metrics, and logs for every device in one dashboard. Know immediately when something goes offline or misbehaves.
GitOps-Friendly
Declare your fleet as code. Push a manifest to Git and Watchgrid reconciles the desired state across every target device automatically.
Your fleet. Under control.
Join the teams running Watchgrid in production. Open source and free for small fleets, forever.