Our Stack
Volt
A lightweight container runtime built on systemd-nspawn instead of Docker's containerd. By leveraging systemd's battle-tested process isolation, we achieve stronger security guarantees with a dramatically smaller footprint.
- Native systemd integration for process management
- Kernel namespace isolation (PID, network, mount, user)
- Seccomp syscall filtering and capability dropping
- No daemon required—containers are systemd units
Stellarium
Content-addressed storage that powers both containers and VMs. Stellarium deduplicates at the block level across your entire fleet — not just per-image like Docker's overlay2.
- Block-level deduplication across all workloads
- Immutable, content-addressed artifacts
- Built-in CDN prefetch for edge deployments
- Shared by both Voltainer containers and VoltVisor VMs
VoltVisor
A KVM-based micro virtual machine monitor built from scratch. When container isolation isn't enough, VoltVisor gives you a full kernel boundary with sub-millisecond boot times.
- Sub-millisecond cold boot
- Under 32MB memory footprint per VM
- Virtio device support (block, net)
- Snapshot and restore with CAS integration
The Difference
Traditional containers carry significant overhead. We built ArmoredGate to show there's a better way.
These aren't cherry-picked benchmarks—they're typical results for real-world workloads. Smaller images mean faster deploys, lower storage costs, and reduced attack surface.
Architecture Principles
Every design decision at ArmoredGate is guided by these principles:
- →Simplicity over features. We'd rather do fewer things well than everything poorly.
- →Security by default. The safest configuration should be the easiest one.
- →No magic. Everything should be inspectable and understandable.
- →Unix philosophy. Build on proven primitives, not reinvented wheels.