Containers
Containers, simplified.
Containers gave teams a better way to ship software. Operating them across real infrastructure is still complex. Starlight runs your existing containers under one consistent operating model. No central control plane, no third-node tax, no separate ingress to license.
You already have OCI images, Helm charts, and CI/CD pipelines. Keep what you have. Starlight runs them under one consistent operating model from data center to tactical edge.
Run what you have
Existing OCI images, Helm charts, and CI/CD pipelines. Pull from your registries, on-premises mirrors, or airgapped sites.
Peer mesh
Every node independently operational. Peers coordinate as a mesh, not through a central control plane that can fail.
Runtime Protection
eBPF monitoring, BPF-LSM enforcement, Process-level, File system, Network monitoring and enforcement
Run your existing containers exactly as they are.
Your container images and your delivery pipeline do not need to change.
- Run any OCI-compliant container image
- Pull from your existing registries, on-premises mirrors, or airgapped sites
- Helm-based applications adapt without redesigning the application itself
- CI/CD pipelines continue to build and deliver the same artifacts
- Move at your pace; run alongside existing platforms during transition
Bring what you have. Standardize when you are ready.
Starlight vs Kubernetes at the edge.
Kubernetes is hub-and-spoke. Worker nodes depend on a central control plane to schedule, route, and recover workloads. When that control plane is unreachable, the cluster stops making decisions. At the edge, that reachability is exactly what you cannot guarantee.
Starlight is a peer mesh. Every host runs its full control plane locally. Peers coordinate when reachable and operate independently when not.
- Every node is independently operational
- Peers coordinate as a mesh, not through a central broker
- No single point of failure to architect around
- Workloads keep running through network partitions
- One operating model from data center to tactical edge
There is no central system to lose.
Two-node high availability.
Kubernetes needs three nodes for HA at the edge so etcd can reach quorum. Across a fleet of edge sites, that third-node tax adds up to a meaningful percentage of total infrastructure cost.
Starlight delivers deterministic HA with two nodes. Workloads pre-stage on both at install; the surviving node takes over in seconds, with no consensus protocol, no witness, and no cloud connectivity required.
- High availability with two nodes instead of three
- Workloads pre-staged on both nodes for fast failover
- No quorum, no witness, no third-node tax
- Designed for disconnected and intermittent environments
- Lower hardware, power, cooling, and operational cost at every site
One fewer server per site. At fleet scale, that is the difference between a deployable footprint and a non-starter.
Operate containers without added complexity.
Running containers should not require managing multiple layers of infrastructure.
- Deploy and manage containers through one consistent API
- Standards-based metrics ready to feed your existing dashboards and alerting
- Built-in log and metric forwarding to any SIEM or observability backend
- Full automation through declarative infrastructure-as-code and scripting
- Same control plane for containers, VMs, and AI workloads
Operations stay predictable whether you are running a single host or a distributed deployment.
Service mesh networking.
Modern service-mesh capabilities for container workloads, with no sidecar to manage and no separate mesh control plane to license.
- Identity-aware policy enforcement in front of every service
- Declarative network intent compiled into firewall rules and an L7 gateway with TLS or mutual TLS termination
- Hostname, path, and port-based routing built into the platform
- Validated and previewed before any change affects traffic
- One policy model across containers and VMs
Designed for real-world conditions.
Container workloads should not depend on ideal conditions to stay available.
- Hosts continue operating during network interruptions
- Nodes function independently when needed
- Peers synchronize state when connectivity is available
- Pre-staged workloads are ready to take over the moment they are needed
Designed for environments that do not always behave the same way.
Security that goes beyond the container.
Most container platforms stop at the workload boundary. Starlight extends protection across the whole stack.
- Confidential computing with AMD SEV, SEV-ES, SEV-SNP, and Intel TDX
- Immutable, hardened host with STIG and FIPS alignment
- Cryptographically signed builds with full attestation
- Quantum random number generation from Qrypt and post-quantum cryptographic algorithms built into the platform
Security is built in. Nothing layered on after the fact.
Runtime protection inside the container.
Starlight extends visibility and enforcement into the container itself.
- Process-level monitoring and execution control
- File system access restrictions
- Network policy enforcement
- Capability and system call controls
Policies are applied based on workload identity and enforced in real time.
One platform. One license.
Compute, networking, storage, security, lifecycle management, and operations console. All included. Traditional container platforms charge you per node, per add-on, per cluster. Starlight does not.
- No per-core or per-socket licensing
- No quotas on the number or type of containers you can run
- No bundled SKUs that force you to buy what you do not use
Predictable pricing. Full capability. Scale without cost penalties.