Metoro has made visibility into our Kubernetes environment effortless with on-demand event analysis and AI-driven root-cause investigations. Nothing is hidden anymore.
Bring your own cloud·SOC 2 Type IIKubernetes observability,
Kubernetes observability,
inside your own cloud.Kubernetes observability,inside your own cloud.
Full coverage across every cluster you run - cloud or on-prem - with telemetry that stays inside your own account.
One-minute install
Install
Live in 60 seconds
- Single Helm command
- Zero code changes
- 7 signals out of the box across every node, pod and container
Trusted by hundreds of the best at
Porter
Remy Security
Porter
Remy Security
DocioHealth
Porter
The problem
SaaS observability often isn't an option.
For teams in regulated industries, sending production telemetry to a vendor's cloud is a non-starter. Logs leak PII. Traces leak request shapes. Metrics expose the shape of the business.
But building observability in-house is its own tax: months of platform work, then an ongoing pager rotation for Prometheus, OpenSearch, and tracing infrastructure.
What teams need is a managed observability product that runs inside their account - your data, your network boundary, someone else's on-call.
Data residency
Auditors who require every byte of telemetry to stay inside your cloud account
Compliance
Regulatory controls that block sending production traces to a third-party SaaS
Huge data volumes
At a certain scale, per GB ingest costs can outweigh the savings of SaaS.
The solution
Metoro BYOC - managed inside your boundary.
Metoro BYOC installs into your AWS, GCP, or Azure account with Terraform and Helm. Ingest, storage, and query stay inside your VPC.
The Metoro team operates from a separate, data-free control plane.
Your security team keeps the boundary. Your engineers get observability without operating it.
Technical docs0 bytesleave your account
Data residency by design
Traces, logs, metrics, and profiles all persist to storage you own.
up to 50×cheaper than Datadog
Pay your cloud, not your vendor
Compute and storage run on your existing AWS / GCP / Azure commit.
Capabilities
The control of self-hosted, the ops of SaaS.
Everything you would have asked for in a security review - already implemented, already enforced, already running on your account.
Complete data sovereignty
Telemetry never leaves your account. Storage backs to your-bucket, encryption uses your-kms-key, and audit logs land in your trail.
Fully managed remotely
We own upgrades, patches, scaling decisions, and 24×7 on-call - over a pull-based control channel that never reads customer data.
Cloud-native by default
Native support for EKS, GKE, and AKS. Storage on S3 / GCS / Azure Blob, metadata on RDS / CloudSQL, secrets on KMS / Secret Manager.
No inbound exposure
Runs entirely inside your VPC. Use PrivateLink, VPC peering, or an outbound-only tunnel - nothing has to be reachable from the internet.
Inherits your controls
Running inside your cloud account means Metoro inherits your existing compliance posture - tenant-isolated by design, with full audit logs of every admin action.
Architecture
A clean line between your data and our operations.
The data plane lives in your cloud. The control plane lives in ours. They communicate over a pull-only channel - no inbound network, no shared credentials, no access to your telemetry.
Your cloud account
tenant-ownedvpc-prod · 3 AZ · private subnets
- Ingest, query, storage workers
Run as a Helm release on your EKS / GKE / AKS cluster. Same product as Metoro Cloud, packaged for self-hosted runtime.
- Telemetry storage
Traces, metrics, logs, and profiles persist to your own S3 / GCS / Azure Blob bucket - encrypted with your KMS keys.
- Identity and IAM
IAM roles, service accounts, and KMS policies live in your account. Metoro never holds long-lived credentials to your data.
- Network boundary
Workloads are confined to your VPC. No inbound port. Egress is mTLS, outbound-only, to a single Metoro endpoint.
Metoro control plane
remote-managedSOC 2 Type II · audit-logged
- Signed version manifests
We publish signed manifests describing the desired version and config. Your cluster pulls and reconciles on its own schedule.
- Pull-only reconcile loop
A small operator pulls config every 5 minutes. The control plane never opens a connection to your cluster.
- Operational telemetry only
We receive operator health, version, and resource metadata - nothing about your services, traces, or users.
- No customer data access
Metoro engineers cannot read traces, logs, or metrics. Break-glass access requires customer approval and is fully audited.
AI in your cloud
The AI runs in your VPC too.
Metoro's AI SRE - root cause analysis, deployment verification, alert triage, and agent monitoring - runs as part of the BYOC data plane. No traces, logs, or prompts are sent to a vendor LLM. Inference uses your own model provider - Bedrock, Vertex, Azure OpenAI, or a self-hosted endpoint - inside the same account.
AI root cause analysis
Investigates incidents by reading the same telemetry your engineers do - entirely from inside your VPC.
AI deployment verification
Watches every rollout against live production behavior. Verdict, evidence, and rollback PR - all generated in-cluster.
AI alert investigation
Triages each alert before a human gets paged. Pulls traces, logs, and recent diffs from your storage, never ours.
AI agent monitoring
Profiles the agents you ship to production. Token, latency, and tool-call signals stay in your account.
Security
Designed to clear your security review.
The same controls your platform team would put in place themselves - inherited from your account, enforced by the architecture, audited continuously.
Your boundary, your audit
Telemetry never leaves your cloud account, so the data is already covered by your existing audit, retention, and DLP controls.
- Zero data egress - auditors see no third-party storage
- Your CloudTrail / Cloud Audit Logs / Activity Log capture every read
- Tenant-isolated storage in your account, never co-mingled
- BAA / DPA signable; sub-processor list available on request
Encryption with your keys
All telemetry at rest is encrypted with KMS keys you own and rotate. Metoro never holds long-lived credentials that can decrypt your data.
- TLS 1.3 in transit, AES-256 at rest
- Customer-managed keys (CMEK / SSE-KMS / CMK)
- Per-tenant storage isolation, your bucket policies enforced
- Secrets stored in your AWS Secrets Manager / GCP / Azure equivalents
Identity and access
Bring your existing IdP and IAM. Metoro engineers do not have data-plane access - break-glass is opt-in, ticket-bound, and fully logged.
- SSO / SAML 2.0 (Okta, Google, Microsoft Entra)
- SCIM provisioning and deprovisioning
- Role-based access control with custom roles
- Break-glass to your data requires your approval
SOC 2 Type IIaudited annually
PrivateLinkAWS · GCP · Azure
Cloud providers
Native on the cloud you already run.
Metoro BYOC uses the managed primitives of each cloud - no hand-rolled databases, no shadow infrastructure, no surprises in your architecture review.
awsAmazon Web Services
- KubernetesEKS · self-managed nodes or Fargate
- Object storageS3 · in-account bucket, your bucket policy
- Metadata DBRDS for PostgreSQL · multi-AZ
- Private networkingPrivateLink · VPC peering · transit gateway
- Encryption keysKMS CMK · BYOK · CloudHSM optional
gcpGoogle Cloud Platform
- KubernetesGKE · standard or Autopilot
- Object storageCloud Storage · CMEK-encrypted bucket
- Metadata DBCloud SQL for PostgreSQL · regional HA
- Private networkingPrivate Service Connect · VPC peering
- Encryption keysCloud KMS · CMEK · Cloud HSM optional
azureMicrosoft Azure
- KubernetesAKS · system + user node pools
- Object storageAzure Blob Storage · customer-managed keys
- Metadata DBAzure Database for PostgreSQL · zone redundant
- Private networkingPrivate Link · VNet peering
- Encryption keysKey Vault · CMK · Managed HSM optional
Customer feedback
What teams are saying.
Metoro absolutely slaps, so good ❤️
Detection, investigation, and the fix PR - all before I finished reading the page. It's the first AI SRE that's actually earned its name.
Metoro has been a huge boon to our observability ecosystem; saving us time and effort getting the information we care about most out of our clusters. The only thing cooler than the tool has been the people behind it.
It found exactly what I was looking for in the logs. Amazing.
We used to spend an hour digging through dashboards when something broke. Now Metoro figures it out in minutes - our on-call engineers love it.
AI root cause analysis is just amazing. Helps us save a ton of time.
We installed Metoro, and it just worked.
I'm literally able to look up at a Slack notification from Metoro whilst having noodles, tap the link, access the Metoro dashboard, see what customers on Porter Cloud are doing and take a call in real-time. For me, that's the best thing ever.
In the last week, we've detected and blocked 10 malicious agents running on our infrastructure. Without Metoro, they would still likely be running.
Metoro made it incredibly simple for us to not just observe and trace logs, but also to dive into AI-driven investigations effortlessly - turning complex Kubernetes monitoring into a smooth, intuitive experience.
Anyone running user agents on their infrastructure needs a solution like Metoro. It's just a case of when, not if a malicious agent will be running.
FAQ
Frequently Asked Questions
Everything about Metoro BYOC.
How does Metoro BYOC actually work?
Metoro BYOC runs the entire data plane - ingest, storage, query - inside your AWS, GCP, or Azure account. We deploy it via Terraform and a Helm release. From our side, a small operator pulls signed config from a control plane every few minutes; nothing inbound, no shared credentials. Your telemetry never leaves your account.
Which cloud providers and Kubernetes flavors are supported?
AWS (EKS), GCP (GKE), and Azure (AKS) are first-class. We use each cloud's managed primitives - S3 / GCS / Azure Blob for storage, RDS / Cloud SQL / Azure Postgres for metadata, KMS / Cloud KMS / Key Vault for keys. PrivateLink, VPC peering, and outbound-only egress patterns are all supported.
How is BYOC different from running Metoro self-hosted on our own?
BYOC is the same product as Metoro Cloud, fully managed by us - but the data plane runs in your account. You do not operate it. Self-hosted Metoro is the same binaries with you on the pager: you handle upgrades, scaling, and incidents. Most regulated teams pick BYOC because it gives them data residency without an in-house observability team.
What does Metoro have access to under BYOC?
The control plane only sees operator health, version manifests, and resource-level metadata - never your traces, logs, metrics, or profiles. Break-glass access to a specific tenant's data plane is opt-in, requires customer approval per session, and is fully audited.
How do upgrades and patches work?
We publish signed version manifests to the control plane. The in-cluster operator pulls them on a schedule you control and reconciles the deployment. You can pin versions, defer upgrades during change-freeze windows, and roll back instantly. We handle the regression testing before any manifest is signed.
What are the infrastructure requirements?
A Kubernetes cluster of at least 3 nodes (production sizing scales linearly with ingest), an object-storage bucket, and a managed PostgreSQL instance. Typical starting footprint is 12 vCPU and 48 GB RAM. We provide sizing guidance based on your trace, log, and metric volumes during onboarding.
How is BYOC priced?
BYOC is sold as an annual contract priced per node, with a separate fee for the managed-service component. Compute and storage run on your own cloud commit. Talk to us - pricing depends on cluster size, retention, and the cloud provider you run on.