Voidburn
Menu
HomeOperations LedgerInstallationCheckpointingPricingContactLog in

VOIDBURN — ENTERPRISE GOVERNANCE

Deterministic Governance for Compute Spend

Voidburn is an enforcement authority for Kubernetes infrastructure. It gates termination behind verified checkpoint proof, captures snapshot evidence before terminate, and produces audit-grade receipts suitable for finance, platform, and compliance review.

Principles
No proof. No termination.
Strict receipts gate enforcement actions.
No inbound access.
Sentinel is outbound-only HTTPS. No inbound connections to your cluster.
No blind enforcement.
Mutating AWS actions are tag-scoped and auditable.
Configuration-scoped behavior.
Determinism is guaranteed only for a validated configuration (until drift).

Why Voidburn Exists

Autoscalers optimize for performance. Cost dashboards optimize for visibility. Voidburn optimizes for financial containment.

When budgets are breached, Voidburn enforces boundaries deterministically.

What Makes It Deterministic

  • Strict checkpoint gating (receipt-verified)
  • Snapshot-before-terminate evidence chain
  • ASG MaxSize containment on breach
  • Manual resume semantics (explicit re-enable)
  • Tag-scoped IAM boundaries (mutating actions constrained)
  • Supply-chain verified agent (digest, cosign, SBOM)

What Finance Sees

Each enforcement produces an exportable receipt (CSV, JSON, Markdown):

  • Instance ID + snapshot ID (evidence)
  • Checkpoint marker + confirmed timestamp
  • Validated receipt status
  • Monthly prevented (USD)
  • Chronological timeline of events

Governance Guarantees (Configuration-Scoped)

Termination + resume are guaranteed when:

  • Target nodegroups are ASG-backed
  • Capacity is ON_DEMAND (resumable)
  • A healthy scaler exists (Cluster Autoscaler or equivalent)
  • Strict checkpoint mode is enabled and confirmed
  • Persistent storage supports resumability (prefer EFS for multi-AZ)

Until environment drift occurs, behavior is deterministic and auditable.

Enforcement Flow (Strict)

1) Budget breach detected
2) Checkpoint window opened
3) Workload returns validated receipt
4) Snapshot created (evidence)
5) Instance terminated
6) ASG MaxSize capped
7) Receipt filed (CSV/JSON/MD export)
8) Manual resume restores capacity

Strict mode blocks termination if proof is missing or invalid.

Evidence Artifacts (Download)

Example exports from Operations Ledger (masked IDs): receipts + snapshot evidence + prevented compute waste.

Sample CSVSample JSONSample MD
Sample operations timeline showing checkpoint confirmation and termination evidence
Show sample JSON receipt
{
  "instanceId": "i-0eca...a348",
  "snapshotId": "snap-0279...3075",
  "monthlyWastePrevented": 383.98,
  "resumableStatus": "confirmed",
  "checkpointAt": "2026-02-14T05:02:29Z",
  "checkpointMarker": "configmap:vb-workloads/voidburn-checkpoint#last_checkpoint",
  "timestamp": "2026-02-14T05:06:18Z"
}