Updates, architecture notes, and release announcements.
Two extra layers on top of normal tests: property-based testing with proptest, and bounded model checking with Kani. Where they apply in kcore (Nix escaping, path safety, controller database CRUD) and why we run both.
RFC1918 lab addresses, curl before and after, and a security group manifest that DNATs host TCP/8080 to an overlay guest running nginx.
A practical look at how kcore uses TLA+ for replication modeling, what classes of bugs model checking catches before production, where to learn TLA+, and examples of teams using it in real-world distributed systems.
A conservative, operator-focused walkthrough for early containerd support in kcore: create, list, inspect, start, stop, and delete containers directly on a node with clear caveats on current scope.
New quickstart with an embedded asciinema: install and approve your first node, add an operator SSH key, create a Debian 12 VM, and SSH in. Includes links to the new user docs at github.com/rtacconi/kcore/docs/user.
Most distributed systems reach for Raft when they need replication. We chose CRDTs instead — here's how kcore uses a hybrid CRDT model to replicate controller state across datacenters without sacrificing availability during network partitions.
kcore started in Go. I rewrote it in Rust. No null errors, no GC pauses, a compiler that catches real bugs before they reach production — and it fits right into the NixOS ecosystem. Here's what pushed me to make the switch.
We've split the old monorepo and published the docs and website as separate public repos. The product docs are now at github.com/rtacconi/kcore and the site deploys to kcorehypervisor.com via GitHub Pages. The core codebase stays private for now as we work towards the first public release.
Proxmox does a lot of things right, but its API is an afterthought, upgrades are scary, and the Perl codebase is showing its age. I built kcore to get declarative, API-first infrastructure on bare metal.