Orchestration infrastructure for a new generation of workloads.
Stop running etcd, cert-manager, an ingress controller, a service mesh, and a CNI plugin as four independent failure domains. Overdrive ships them as one binary, with three-node HA that fits in 80 MB of memory.
See the architecture →Every eBPF event carries cryptographic workload identity. The native SRE agent correlates across alerts via SQL joins, attaches signed BPF probes to verify hypotheses, and proposes typed remediations through a graduated approval gate.
See the SRE agent →Prompt injection becomes structurally inert. The credential proxy holds the real keys. Domain allowlists run in-kernel via TC eBPF. BPF LSM blocks raw sockets. Security is enforced by infrastructure, not by the model's judgment.
See agent isolation →Persistent microVMs, structural credential isolation, per-workload WASM sandboxes, and global-gossip service catalogs compose into operational shapes other orchestrators have to bolt together from third-party pieces.
State accumulates across turns. 100 GB persistent rootfs per agent. Fast resume from snapshot between turns. The credential proxy holds the real API keys; the content inspector scans every tool response for injection payloads before the model sees them.
overdrive-fsuserfaultfd lazy pagingWarm layer caches survive across builds. Artifact working sets persist. Scale-to-zero between jobs without paying cold-start on the next one. Per-repo kernel isolation and no shared node state between tenants.
Per-user persistent rootfs. User filesystem survives across restarts, migrations, and idle eviction. Instant resume when the developer reconnects. Cross-workload volume sharing via virtiofs for team-scale data sets.
Per-tenant kernel-level isolation. Defense in depth across four independent layers: WASM/VM boundary, BPF LSM, kTLS + SPIFFE, XDP network policy. Compromise one, the other three still hold.
Each region runs its own Raft. Global observation converges via CRDT gossip in seconds. Under partition, every region keeps submitting jobs and serving traffic. The dataplane never reads remote state. Replay across regions via a single response header.
overdrive-replay header for app-driven routing~1 ms cold start. Scale-to-zero. The credential proxy and content inspector ship by default — so functions processing untrusted content hit the same structural walls as full AI agents. TypeScript, Rust, Go, Python via the WASM Component Model.
Not micro-optimizations. These are direct consequences of the design — the kind of differences that turn three racks back into one.
When the dataplane, the identity model, the telemetry pipeline, and the service mesh all emerge from the same kernel primitive with the same workload identity attached, you stop gluing together products that were never designed to know about each other.
| Component | Kubernetes | Overdrive |
|---|---|---|
| Service routing | iptables · O(n) per packet | XDP BPF · O(1) in-kernel |
| mTLS | Envoy sidecar · ~0.5 vCPU each | kTLS · NIC offload ~0 overhead |
| Control-plane RAM | ~1 GB | ~30–80 MB |
| Network policy | Per-packet iptables walk | BPF map lookup |
| Workload types | Containers | Process · microVM · VM · unikernel · WASM |
| Observability | Scraped logs & Prometheus | Kernel-native · identity-tagged |
| Multi-region | Stretched Raft or federation plane | Per-region Raft + global CRDT gossip |
| Extension model | Go operators with cluster-admin | WASM · sandboxed · hot-reloadable |
| Node join | 2–5 minutes | < 10 seconds |
The source-available core is FSL-1.1-ALv2 and ships in one binary. Every release converts to Apache 2.0 two years after publication. The cloud platform sells the operational complexity we already absorbed for ourselves — metered exactly, by kernel telemetry. No estimation. No sampling.
A full Overdrive cluster as a service. Control plane, worker pool, and CLI — the way you'd run it yourself, only without running it.
Submit jobs directly. No cluster to size. No control plane to patch. Nomad-style ergonomics with Overdrive's identity and isolation model underneath.
Sub-10 ms cold start. Scale-to-zero. The credential proxy and content inspector ship by default — built for the AI agent workloads no one else has a story for.
Dedicated physical nodes inside the platform. Full hardware performance. Full Overdrive operational stack. No VM overhead between you and the silicon.
Enterprise self-hosted licensing — FIPS crypto, HSM integration, air-gap tooling, DORA / NIS2 / SOC2 / HIPAA policy packs — available alongside the source-available release.
Stable eBPF APIs, kernel TLS offload, production Rust systems libraries, and embeddable WASM only matured in the last two years. Overdrive is the orchestrator that becomes possible when all four exist at once.
No etcd. No Envoy. No SPIRE. No CNI. Every critical subsystem is built into the platform or is a standard Rust library. External processes you didn't write are operational liabilities — they get cut.
Service routing, network policy, load balancing, mTLS, and telemetry happen at line rate in the kernel via aya-rs. No sidecar tax. No proxy reconfigurations. No tail-latency spikes from a userspace hop.
Every connection is wrapped in kTLS with a SPIFFE identity. Policy is enforced in-kernel by BPF LSM. A compromised workload, a misconfigured pod, and a malicious dependency all hit the same walls.
Control plane and node agent ship in a single Rust binary. Role is declared at bootstrap — single node, three-node HA, dedicated ingress tier, multi-region. No second installer. No second upgrade path.
┌────────────────────────────────────────────────────────────────────┐ │ CLI / API (gRPC + REST, tonic) │ ├────────────────────────────────────────────────────────────────────┤ │ CONTROL PLANE — co-located with node agent or dedicated │ │ │ │ IntentStore Reconcilers Built-in CA (SPIFFE) │ │ single: redb Rust traits Scheduler │ │ ha: openraft+redb WASM extensions Regorus + WASM policy │ │ per region DuckLake telemetry │ ├────────────────────────────────────────────────────────────────────┤ │ NODE AGENT │ │ │ │ ▸ aya-rs eBPF dataplane │ │ XDP (routing/LB) · TC (egress) · sockops (mTLS) │ │ BPF LSM (MAC) · kprobes (telemetry) │ │ │ │ ▸ Drivers: process · microvm · vm · unikernel · wasm │ │ ▸ Gateway: hyper · rustls · ACMEv2 · in-process route table │ ├────────────────────────────────────────────────────────────────────┤ │ ObservationStore (Corrosion — CR-SQLite + SWIM/QUIC gossip) │ │ alloc status · service backends · node health · regional peers │ ├────────────────────────────────────────────────────────────────────┤ │ Object Storage (Garage, S3-compatible) │ └────────────────────────────────────────────────────────────────────┘
VMs, processes, unikernels, containers, and WASM functions share the same SPIFFE identity, the same eBPF dataplane, the same policy engine. Match the primitive to the workload — a VM for hard isolation, WASM for cold-start, a process for native speed.
Daemons under cgroups v2, kernel-enforced isolation, zero VM overhead.
~200 ms cold start. Hardware isolation. Optional persistent rootfs.
Live CPU and memory hotplug. virtiofs sharing. AArch64 first-class.
Single-purpose images on a hypervisor. Minimal kernel surface.
~1 ms cold start. Scale-to-zero. Sandbox the model can't talk its way out of.
A single TOML composes drivers, sidecars, security profiles, and ingress. The same spec deploys to a single node and to a multi-region fleet — the platform absorbs the difference.
# An AI agent with structural credential isolation # and prompt-injection scanning on ingress. [job] name = "ai-research-agent" driver = "wasm" [[job.sidecars]] name = "credential-proxy" module = "builtin:credential-proxy" hooks = ["egress"] [job.sidecars.config] allowed_domains = ["api.anthropic.com"] credentials = { ANTHROPIC_KEY = { secret = "prod" } } [[job.sidecars]] name = "content-inspector" module = "builtin:content-inspector" hooks = ["ingress"] [job.security] no_raw_sockets = true no_privilege_escalation = true egress.mode = "intercepted"
$ overdrive job submit job.toml → ai-research-agent · scheduled · alloc a1b2c3 $ overdrive alloc status a1b2c3 state : running driver : wasm node : node-04 (eu-west-1) identity : spiffe://overdrive.local/ : job/ai-research-agent : alloc/a1b2c3 cert ttl : 58m 12s sidecars : 2 attached, healthy $ overdrive cluster upgrade \ --mode ha \ --peers node-2,node-3 → snapshot exported (LocalStore) → RaftStore bootstrapped on 3 peers → leader: node-1 · zero downtime
Every event in Overdrive carries cryptographic SPIFFE identity. Correlation isn't a label-matching heuristic — it's a SQL join. Investigations are first-class resources with a budget, a transcript, and a typed proposal at the end.
Per-region Raft for intent. Global CRDT gossip for observation. Each region keeps writing through a partition. The dataplane never reads remote state.
Standing on production-grade Rust primitives
One binary. Every workload type. Built on the primitives Kubernetes never had.
