Orchestration infrastructure for a new generation of workloads.
Stop running etcd, cert-manager, an ingress controller, a service mesh, and a CNI plugin as four independent failure domains. Overdrive ships them as one binary, with three-node HA that fits in 80 MB of memory.
See the architecture →Every eBPF event carries cryptographic workload identity. The native SRE agent correlates across alerts via SQL joins, attaches signed BPF probes to verify hypotheses, and proposes typed remediations through a graduated approval gate.
See the SRE agent →Prompt injection becomes structurally inert. The credential proxy holds the real keys. Domain allowlists run in-kernel via TC eBPF. BPF LSM blocks raw sockets. Security is enforced by infrastructure, not by the model's judgment.
See agent isolation →Standing on production-grade Rust primitives
Stable eBPF APIs, kernel TLS offload, production Rust systems libraries, and embeddable WASM only matured in the last two years. Overdrive is the orchestrator that becomes possible when all four exist at once.
No etcd. No Envoy. No SPIRE. No CNI. Every critical subsystem is built into the platform or is a standard Rust library. External processes you didn't write are operational liabilities — they get cut.
Service routing, network policy, load balancing, mTLS, and telemetry happen at line rate in the kernel via aya-rs. No sidecar tax. No proxy reconfigurations. No tail-latency spikes from a userspace hop.
Every connection is wrapped in kTLS with a SPIFFE identity. Policy is enforced in-kernel by BPF LSM. A compromised workload, a misconfigured pod, and a malicious dependency all hit the same walls.
Not micro-optimizations. These are direct consequences of the design — the kind of differences that turn three racks back into one.
Control plane and node agent ship in a single Rust binary. Role is declared at bootstrap — single node, three-node HA, dedicated ingress tier, multi-region. No second installer. No second upgrade path.
┌────────────────────────────────────────────────────────────────────┐ │ CLI / API (gRPC + REST, tonic) │ ├────────────────────────────────────────────────────────────────────┤ │ CONTROL PLANE — co-located with node agent or dedicated │ │ │ │ IntentStore Reconcilers Built-in CA (SPIFFE) │ │ single: redb Rust traits Scheduler │ │ ha: openraft+redb WASM extensions Regorus + WASM policy │ │ per region DuckLake telemetry │ ├────────────────────────────────────────────────────────────────────┤ │ NODE AGENT │ │ │ │ ▸ aya-rs eBPF dataplane │ │ XDP (routing/LB) · TC (egress) · sockops (mTLS) │ │ BPF LSM (MAC) · kprobes (telemetry) │ │ │ │ ▸ Drivers: process · microvm · vm · unikernel · wasm │ │ ▸ Gateway: hyper · rustls · ACMEv2 · in-process route table │ ├────────────────────────────────────────────────────────────────────┤ │ ObservationStore (Corrosion — CR-SQLite + SWIM/QUIC gossip) │ │ alloc status · service backends · node health · regional peers │ ├────────────────────────────────────────────────────────────────────┤ │ Object Storage (Garage, S3-compatible) │ └────────────────────────────────────────────────────────────────────┘
VMs, processes, unikernels, containers, and WASM functions share the same SPIFFE identity, the same eBPF dataplane, the same policy engine. Pick the right primitive for the workload — not the only one your platform happens to support.
Daemons under cgroups v2, kernel-enforced isolation, zero VM overhead.
~200 ms cold start. Hardware isolation. Optional persistent rootfs.
Live CPU and memory hotplug. virtiofs sharing. AArch64 first-class.
Single-purpose images on a hypervisor. Minimal kernel surface.
~1 ms cold start. Scale-to-zero. Sandbox the model can't talk its way out of.
A single TOML composes drivers, sidecars, security profiles, and ingress. The same spec deploys to a single node and to a multi-region fleet — the platform absorbs the difference.
# An AI agent with structural credential isolation # and prompt-injection scanning on ingress. [job] name = "ai-research-agent" driver = "wasm" [[job.sidecars]] name = "credential-proxy" module = "builtin:credential-proxy" hooks = ["egress"] [job.sidecars.config] allowed_domains = ["api.anthropic.com"] credentials = { ANTHROPIC_KEY = { secret = "prod" } } [[job.sidecars]] name = "content-inspector" module = "builtin:content-inspector" hooks = ["ingress"] [job.security] no_raw_sockets = true no_privilege_escalation = true egress.mode = "intercepted"
$ overdrive job submit job.toml → ai-research-agent · scheduled · alloc a1b2c3 $ overdrive alloc status a1b2c3 state : running driver : wasm node : node-04 (eu-west-1) identity : spiffe://overdrive.local/ : job/ai-research-agent : alloc/a1b2c3 cert ttl : 58m 12s sidecars : 2 attached, healthy $ overdrive cluster upgrade \ --mode ha \ --peers node-2,node-3 → snapshot exported (LocalStore) → RaftStore bootstrapped on 3 peers → leader: node-1 · zero downtime
Every event in Overdrive carries cryptographic SPIFFE identity. Correlation isn't a label-matching heuristic — it's a SQL join. Investigations are first-class resources with a budget, a transcript, and a typed proposal at the end.
Per-region Raft for intent. Global CRDT gossip for observation. Each region keeps writing through a partition. The dataplane never reads remote state.
When the dataplane, the identity model, the telemetry pipeline, and the service mesh all emerge from the same kernel primitive with the same workload identity attached, you stop gluing together products that were never designed to know about each other.
| Component | Kubernetes | Overdrive |
|---|---|---|
| Service routing | iptables · O(n) per packet | XDP BPF · O(1) in-kernel |
| mTLS | Envoy sidecar · ~0.5 vCPU each | kTLS · NIC offload ~0 overhead |
| Control-plane RAM | ~1 GB | ~30–80 MB |
| Network policy | Per-packet iptables walk | BPF map lookup |
| Workload types | Containers | Process · microVM · VM · unikernel · WASM |
| Observability | Scraped logs & Prometheus | Kernel-native · identity-tagged |
| Multi-region | Stretched Raft or federation plane | Per-region Raft + global CRDT gossip |
| Extension model | Go operators with cluster-admin | WASM · sandboxed · hot-reloadable |
| Node join | 2–5 minutes | < 10 seconds |
The source-available core is FSL-1.1-ALv2 and ships in one binary. Every release converts to Apache 2.0 two years after publication. The cloud platform sells the operational complexity we already absorbed for ourselves — metered exactly, by kernel telemetry. No estimation. No sampling.
A full Overdrive cluster as a service. Control plane, worker pool, and CLI — the way you'd run it yourself, only without running it.
Submit jobs directly. No cluster to size. No control plane to patch. Nomad-style ergonomics with Overdrive's identity and isolation model underneath.
Sub-10 ms cold start. Scale-to-zero. The credential proxy and content inspector ship by default — built for the AI agent workloads no one else has a story for.
Dedicated physical nodes inside the platform. Full hardware performance. Full Overdrive operational stack. No VM overhead between you and the silicon.
Enterprise self-hosted licensing — FIPS crypto, HSM integration, air-gap tooling, DORA / NIS2 / SOC2 / HIPAA policy packs — available alongside the source-available release.
One binary. Every workload type. Built for the kernel of 2026, not the cluster of 2014.