One control plane.
Every runtime.
ProxGuard is a universal, declarative application control plane. Deploy, simulate, operate, and govern containerized applications across Docker, Kubernetes, or Nomad — without vendor lock-in. Safety first: simulate before you deploy.
Define once, deploy anywhere
The Service Manifest is the heart of ProxGuard. A single YAML file describes everything about your service: container image, ports, environment variables, resource limits, scaling rules, DNS records, and health checks.
Manifests are runtime-agnostic. The same file deploys to Docker, Kubernetes, or Nomad without modification. Version-controlled and declarative — your infrastructure is always reproducible.
apiVersion: proxguard.io/v1
kind: Service
metadata:
name: my-api
workspace: production
spec:
image: registry.io/my-api:1.2.0
ports:
- 8080:8080
resources:
cpu: "0.5"
memory: "512Mi"
scaling:
min: 2
max: 10
dns:
- domain: api.example.com
provider: cloudflare
healthCheck:
path: /health
interval: 30sSee the future before you deploy
Every deployment starts with a simulation. ProxGuard builds a complete execution plan, validates it against your infrastructure, and produces a risk-flagged evidence pack — all before touching production.
Simulations catch port conflicts, resource exhaustion, DNS misconfigurations, policy violations, and dependency issues. Each finding is classified by severity with clear remediation steps.
Resource Validation
CPU and memory requests within cluster capacity.
Port Conflict Check
Port 8080 is available but used by 2 other services in the workspace.
DNS Propagation
api.example.com will resolve correctly via Cloudflare.
TLS Certificate
SSL certificate will be automatically provisioned via Let's Encrypt.
One manifest. Three runtimes. Zero lock-in.
ProxGuard translates your Service Manifest into runtime-specific configurations automatically. Switch runtimes without rewriting a single line of configuration.
Docker
Single containers or Docker Swarm mode. ProxGuard generates docker-compose files and manages container lifecycle, networking, and volumes. Perfect for development, staging, and small production workloads.
- docker-compose.yml generation
- Swarm mode orchestration
- Volume management
- Network isolation
Kubernetes
Full Kubernetes support with Deployments, Services, Ingress, ConfigMaps, and Secrets. ProxGuard manages the complete lifecycle — from initial deployment to rolling updates to safe rollbacks.
- Deployment + Service + Ingress
- Rolling updates
- ConfigMap & Secret sync
- HPA auto-scaling
Nomad
HashiCorp Nomad for lightweight, edge, and multi-region deployments. ProxGuard generates Nomad job specifications and handles service discovery, Consul integration, and Vault secrets.
- Job spec generation
- Consul service mesh
- Vault secrets integration
- Multi-region scheduling
The deployment flow
Every deployment follows a safe, auditable path from manifest to production.
Write Manifest
Define your service in a single YAML file. Commit to version control.
Simulate
Run a dry-run simulation. Review the execution plan and risk assessment.
Apply
Deploy to your chosen runtime. ProxGuard handles DNS, TLS, and monitoring.
Monitor
Track health, audit actions, and roll back safely if anything goes wrong.
Built secure by default
Security is not an add-on. Every layer of ProxGuard is designed with defense-in-depth principles.
Authentication
Native JWT-based authentication with refresh token rotation. No external identity provider required. Enterprise plans support SSO via SAML 2.0 and LDAP.
Authorization
5-tier RBAC model: Owner, Admin, Operator, Viewer, Billing. Each role has workspace-scoped permissions. Granular API token management for CI/CD integration.
Encryption
TLS everywhere — API, dashboard, service endpoints. Automatic certificate provisioning via Let's Encrypt. Secrets encrypted at rest with AES-256.
Audit & Compliance
Append-only PostgreSQL audit log with cryptographic integrity. Every action is timestamped, attributed, and immutable. Export logs in SIEM-compatible formats.
Ready to simplify your deployments?
Simulate first. Deploy safely. Audit everything.