CI/CD reaches private infra
A GitHub Actions or GitLab job reaches a private database, a staging cluster’s API, or an internal service — with no public endpoint, no bastion, and no long-lived key sitting in CI secrets.
Longbridge Mesh · Exploring
A managed, Tailscale-compatible mesh — flat per tailnet, never per user or device. EU-hosted, and built to be driven by automation: CI, ephemeral environments, laptops, clusters, clouds.
Tell us if you'd use this— Delaunay triangulation · drifting peers · hue by link length
The idea
A mesh network should be infrastructure you declare — ephemeral, reviewable, programmable — not a directory of seats you pay for one by one. Longbridge Mesh is the connectivity layer a platform team actually wants: the same span-across-clouds idea as the Control Plane, one layer down. Here's the work it's built to do.
A GitHub Actions or GitLab job reaches a private database, a staging cluster’s API, or an internal service — with no public endpoint, no bastion, and no long-lived key sitting in CI secrets.
Preview environments join the mesh on create and vanish on teardown. Two hundred short-lived nodes a day cost the same as two — flat pricing never punishes automation.
Wire laptops, private services, cluster nodes, and clouds onto one network you control — declared and version-controlled like the rest of your infrastructure.
Why it's different
A real API, a Terraform/Pulumi provider, and ACL policy as code. The mesh is configured the way you configure infrastructure — GitOps-friendly, reviewable, reproducible.
Short-lived, OIDC/workload-identity join: a CI job presents its token, gets a scoped, ephemeral mesh identity, joins, and deregisters itself. No long-lived keys in CI — ever.
Never per user, never per device. The exact opposite of per-seat billing — so adding people, laptops, and ephemeral nodes doesn’t grow the bill.
Better together
If you run Longbridge Control Plane, your cluster nodes already ride a private mesh. Longbridge Mesh exposes that network as a product: your CI, laptops, private services, and cluster nodes live on one tailnet you control — and you reach your private cluster API over it, with no public endpoint and no bastion. Take it bundled with a cluster, or stand-alone if you don't run managed Kubernetes with us — yet.
Pricing
The same doctrine as the Control Plane: flat for the service, metered only where our cost genuinely scales. Direct and hole-punched traffic costs us nothing, so it's free and unmetered. Only relay-forwarded bytes meter — and that meter has a cap, an alert before it, and an opt-out that guarantees a zero bill.
Solo
~€6/mo · per tailnet
A small network, flat-priced.
TeamFor automation
~€15–19/mo · per tailnet
The programmable tier.
Relay
~€0.04/GB · forwarded
Only when a direct path can't form.
Ex-VAT, and indicative while we explore this — the model is settled (flat per tailnet; only relay metered; capped and opt-out-to-zero), the numbers are not. Bundled with Control Plane, an org tailnet is included or discounted.
The honest part
If you’re a solo homelabber, the incumbents’ free tier serves you better than we would — and we’ll say so. Mesh is for teams past the free tier, automation-heavy setups, and EU-sovereignty buyers.
It speaks the standard client protocol, but that compatibility is goodwill, not a contract. We run this stack ourselves and keep a documented fall-back path — we won’t strand you.
A GDPR-resident, EU-jurisdiction coordination plane — and someone else’s pager. If the coordinator ever blips, your existing tunnels keep flowing; it’s off the data path.
Help us decide
Longbridge Mesh isn't a shipping product yet; it's a direction we're weighing. If the flat-priced, programmable, EU-hosted mesh is something you'd actually use — especially for CI or platform work — tell us. Real demand is what moves it from exploration to roadmap.
hello@longbridge.fi