Ona (formerly Gitpod) - Linux Development Environments in the Cloud

Gitpod rebranded to Ona in September 2025 because they realized "cloud IDE" doesn't justify enterprise pricing. Now they're an "AI agent platform" - same environments, but with bots that write code.

The rebrand coincides with ditching Kubernetes after 6 years. They finally figured out what every k8s admin knows: running unpredictable dev workloads on Kubernetes is a fucking nightmare. I watched their old system die every time someone ran a webpack build - your 16-core environment would crawl because some asshole was compiling Rust in the next container over.

Their new "Gitpod Flex" architecture actually works. Environments start in 2-3 minutes instead of the 10+ minute startup times that made people rage-quit and go back to Docker Desktop.

What You Actually Get

The Environment: Still a Linux VM in the cloud with your repo, dependencies, and VS Code. Now uses devcontainer.json instead of their proprietary .gitpod.yml format. The migration breaks some custom configurations - budget time for fixes if you're moving from the old format.

The AI Agents: Here's the weird part - they actually don't suck. Ona claims their agents co-author 60% of PRs in their own codebase, which is bullshit unless you count adding docstrings as "co-authoring." But when they work, they write decent code. Not just autocomplete - actual features.

I watched one write a complete React component with proper TypeScript types and error handling. Still suggested react-scripts for a Next.js project, but hey, nobody's perfect. The agents are like having a junior developer who's really fast but needs supervision.

The Enterprise Stuff: SOC2 compliance, RBAC, audit logs - all the boxes enterprise security teams need checked. You can deploy in your own AWS VPC if you're paranoid about data leaving your infrastructure.

The Kubernetes Migration Nobody Talks About

The most interesting change isn't the AI bullshit - it's ditching Kubernetes. They spent 6 years fighting the "noisy neighbor" problem where one person's webpack build would slow everyone else to a crawl. K8s resource management assumes predictable workloads, but dev environments are pure chaos. I've seen a single npm run build kill performance for 20+ developers.

Their custom control plane shipped in October 2024 and fixed the actual problems. No more 10-minute startup times while some asshole compiles WASM modules on the same node. Environment startup is now predictable, which alone makes it better than GitHub Codespaces (still randomly fails with "Creation failed for unknown reasons").

Real Talk on Pricing

They quadrupled enterprise revenue year-over-year, which means the pricing went from "reasonable" to "bend over." The free tier exists to get you hooked - you'll need the paid tier for actual work. Their "8-figure contracts" with banks suggest enterprise pricing is in the "if you have to ask, you can't afford it" territory.

Getting started with Ona means dealing with some quirks, but once you figure out the gotchas, it's pretty solid. The migration from `.gitpod.yml` to `devcontainer.json` breaks things in ways they don't tell you about.

Configuration Hell (And How to Survive It)

They switched to devcontainer.json which looks simple until you need anything custom. The Dev Container specification is solid, but Ona's implementation has quirks. Here's what actually works:

{
  "name": "Environment That Won't Break",
  "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
  "features": {
    "ghcr.io/devcontainers/features/docker-in-docker": {},
    "ghcr.io/devcontainers/features/node": {"version": "18"}
  },
  "remoteUser": "vscode",
  "postCreateCommand": "npm install"
}

What they don't tell you: The postCreateCommand fails silently if your package.json is fucked - no error, no logs, just hangs forever on "Setting up environment..." VS Code extensions install when they feel like it, usually after you've already given up and refreshed 3 times.

I spent 3 hours debugging why my environment wouldn't start. Turns out I had a space in my Windows username (John Smith instead of johnsmith). Half the features break with spaces in usernames. The error? Generic "Environment failed to start." Helpful as always.

Pro tip: Test your devcontainer locally first with VS Code. If it doesn't work locally, it definitely won't work in Ona.

The AI Agents - Actually Pretty Good

OK, here's the surprising part: the AI agents actually work. Not 60% of PRs good (that's marketing bullshit), but they can:

• Write decent code if you give them good context
• Fix obvious bugs without breaking everything
• Generate tests that actually test something useful
• Document code in a way humans can understand

Reality check: They hallucinate about 20% of the time and love deprecated packages. I watched one suggest node-sass in 2025 (deprecated since 2020), and last week it tried to install react-dom@15 for a new project. Always review their shit.

Think of them as junior developers who copy-paste from Stack Overflow without checking the date. The accepted answer is from 2018, but hey, it has the most upvotes so it must be right, right?

The agents run in isolated environments, which is nice because when they fuck up (and they will), they can't break your main environment.

Deployment Options That Matter

Cloud (Multi-tenant): Works fine for most teams. US and Europe regions exist. Performance is decent since they ditched Kubernetes. Expect 2-3 minute startup times.

Private VPC: For paranoid enterprises. Costs more, takes weeks to set up, but your security team will love you. You can choose your own AI models if you don't trust OpenAI with your code.

What breaks: Network connectivity is absolute dogshit with corporate firewalls. VPN drops every 20 minutes like clockwork. I lost a 4-hour debugging session because the connection died while I was in the middle of refactoring - auto-save failed, git wasn't pushed, and I got to start over.

Save your shit manually every 5 minutes or you'll be staring at your laptop at 3am wondering why you didn't just use local Docker.

Security Theater vs Real Security

The security model is actually pretty good:

• Environments die after your session, so persistent attacks are hard
• Everything gets logged (useful for compliance, annoying for privacy)
• RBAC that actually works (unlike most enterprise tools)
• SOC2 compliance if your auditors care

Real security concern: Your code flows through their AI models unless you use private VPC. If that bothers you, pay for the private deployment.

Performance and Resource Management

Since they abandoned Kubernetes, the performance is actually predictable. No more "my environment is slow because someone else is running a webpack build."

Resource limits that matter:

• Free tier: Basically useless for real work
• Paid tier: 32 cores, 128GB RAM if you need it
• OCU billing: Confusing but cheaper than GitHub Codespaces for heavy usage

What still breaks: Environments randomly die during long-running tasks. I learned this when a 2-hour ML model training died at 90% completion - no warning, no error, just gone. Found out later there's an undocumented 2-hour timeout for free tier environments. They didn't mention that anywhere obvious.

Auto-save everything religiously or you'll hate yourself. GPU support exists but costs extra and only works in US-East, EU-West, and one random Asian region nobody uses.