A self-hosted, Railway-style deploy platform for Kubernetes.
Connect a git repo or pick a pre-built image: Mortise handles builds, deploys, domains, TLS, environment variables, volumes, preview environments, and service-to-service bindings. Kubernetes is fully abstracted away from the user.
Two paths: pick one, then run through the Quickstart to create an admin account and deploy your first app.
One command. Installs k3s on Linux or k3d on macOS/Windows, then helm-installs
the full stack and port-forwards the UI to localhost:8090.
# macOS (requires Docker Desktop)
curl -fsSL https://mortise.me/install | bash
# Linux (requires sudo; installs k3s natively)
curl -fsSL https://mortise.me/install | bash
# Windows 10+ (requires Docker Desktop)
iwr -useb https://mortise.me/install.ps1 | iexhelm repo add mortise https://mortise-org.github.io/mortise
helm install mortise mortise/mortise \
--namespace mortise-system --create-namespacemortise is the batteries-included chart: operator + Traefik + cert-manager
- BuildKit + OCI registry. Traefik is a default dependency, not a runtime
hard requirement: you can disable it and use any ingress controller by setting
traefik.enabled=falseandmortise-core.operator.ingressClassName=<class>. For operator-only (BYO ingress / cert-manager / registry / buildkit), usemortise/mortise-coreinstead.
Full flow with prereqs, toggles, upgrade, and uninstall: docs/install.md.
| Component | Purpose |
|---|---|
| Operator | k8s controller that reconciles App/Project/GitProvider CRDs |
| REST API | Project, app, env var, deploy, rollback, domain management |
| SvelteKit UI | Canvas-based dashboard, app drawer, env var editor, settings |
| CLI | mortise login, mortise app create, mortise deploy, mortise env |
| Helm Charts | mortise (batteries-included) and mortise-core (operator only), published at https://mortise-org.github.io/mortise |
- Git-source deploys: connect GitHub/GitLab/Gitea, auto-build via Railpack or Dockerfile
- Image deploys: deploy any container image
- Docker Compose templates: one-click Supabase stack (6 services), or bring your own compose file
- Environment variables: Secret-based storage, masked values, source badges, multi-line paste, raw editor
- Shared variables: project-level vars shared across all services
- Auto-domain routing: public apps get
{app}.{platformDomain}automatically - Bindings: bind services together, auto-inject
DATABASE_HOST,DATABASE_PORT,DATABASE_URL - Per-environment namespaces: production, staging, preview each get their own k8s namespace
- CrashLoop detection: surfaces pod crash reasons in the UI
- GitHub device flow: one-click git provider connection from settings
One operator, one Helm chart. No addons, no plug-in protocol.
User -> UI / CLI / API
|
Mortise Operator (controller-runtime)
|
k8s primitives: Deployment, Service, Ingress, Secret, ConfigMap, PVC
External capabilities (OIDC, monitoring, backups, external secrets) are upstream projects: Mortise coexists with them through standard k8s primitives.
See ARCHITECTURE.md for system diagrams.
For users:
| Doc | Purpose |
|---|---|
| Quickstart | Zero to deployed app in 10 minutes |
| Install | Helm install, values reference, uninstall |
| Cluster setup | Getting a k8s cluster running (k3d, k3s, EKS, GKE, AKS) |
| Configuration | Domain, git providers, HTTPS, storage, environments |
| API quickstart | End-to-end API workflow with curl |
| API endpoints | Endpoint-by-endpoint implementation reference |
| OpenAPI spec | Machine-readable OpenAPI 3.0 spec |
| Systems overview | Runtime architecture, controllers, and reconciliation |
For contributors:
| Doc | Purpose |
|---|---|
| SPEC.md | Full product and engineering spec |
| ARCHITECTURE.md | System diagrams and interface contracts |
| CLAUDE.md | Project conventions and architecture rules |
| DEVELOPMENT.md | Local dev loop, tests, troubleshooting |
| RELEASING.md | How to cut a release; image/chart conventions |
| PROGRESS.md | What's implemented vs what's left |
- External CI: GitHub Actions / GitLab CI deploy via webhook
- OIDC: SSO with Authentik, Keycloak, Okta, Google
- Monitoring: Prometheus + Grafana
- External Secrets: Vault, AWS SM, GCP SM via ESO
- Backup: Velero backup and restore
- Cloudflare Tunnel: access without a public IP
# Dev cluster with live reload
make dev-up
make dev-reload # rebuild and redeploy without recreating cluster
# Tests
make test # unit + envtest
go test ./internal/... # specific packagesSee DEVELOPMENT.md for the full guide.
Pre-v1. Core platform is functional: apps deploy, routes work, env vars are managed, bindings auto-inject, templates work. See PROGRESS.md for detailed per-feature status.