INSTALLATION
Enterprise install (EKS)
Deploy Sentinel once per cluster using the enterprise install bundle. The installer validates scope, verifies strict checkpoint, and produces an evidence bundle suitable for change tickets and audit review.
Enterprise install bundle (download)
Deterministic governance install: one Bash installer, strict checkpoint verification, and an evidence bundle output.
voidburn-enterprise-install/
README.md
voidburnctl-install-eks.sh
voidburnctl-uninstall-eks.sh
templates/
EVIDENCE_SUMMARY.template.md
workload-deploy.yaml.tpl
examples/
env.exampleWhat the installer proves
- Target scope validation (ASG-backed ON_DEMAND nodegroup, or Karpenter NodePool/Provisioner)
- Scaler exists and is healthy (Cluster Autoscaler or Karpenter)
- Cosign signature verification + digest pinning
- SBOM attestation capture (if published)
- Strict checkpoint confirmation (validated + HMAC receipt)
- IAM scope simulation evidence (tag-scoped mutating actions)
- Evidence bundle output: voidburn-evidence-<timestamp>.tar.gz
Enterprise quickstart
# 0) Pick a vendor release manifest # REQUIRED: pin to a specific version for change control. MANIFEST_URL="https://voidburn.com/releases/v1.2.10/RELEASE_MANIFEST.json" # For non-production testing only: # MANIFEST_URL="https://voidburn.com/releases/latest/RELEASE_MANIFEST.json" # 1) Download the enterprise install bundle curl -fsSLO https://voidburn.com/downloads/voidburn-enterprise-install.zip unzip voidburn-enterprise-install.zip cd voidburn-enterprise-install # 2) Fill customer values (do not paste API keys into shared logs) cp examples/env.example env.customer $EDITOR env.customer # Karpenter target mode: set TARGET_NODEPOOL="<nodepool-or-provisioner-name>" (leave TARGET_NODEGROUP empty). # Ensure protected capacity exists outside the governed NodePool so Sentinel keeps running while targets are frozen. # 3) Pin the signed workload image + cosign OIDC contract from the manifest curl -fsS "$MANIFEST_URL" | jq -r ' "export COSIGN_ISSUER=" + (.cosign.issuer|@sh), "export COSIGN_IDENTITY_REGEX=" + (.cosign.identityRegex|@sh), "export WORKLOAD_IMAGE=" + (.images.workloadCheckpoint.ref|@sh) ' >> env.customer # 4) Run install (prompts for API key securely) source env.customer ./voidburnctl-install-eks.sh # 5) After heartbeat: create budgets in Voidburn (not AWS Budgets) and run an enforcement test. # Evidence will appear in Operations Ledger; resume is manual.
Need to implement the POST /checkpoint contract in your own service? See Checkpointing.
Deterministic enforcement guarantees (configuration-scoped)
Termination + resume are guaranteed when the requirements below are satisfied and an enforcement test succeeds on this cluster configuration (until the environment drifts).
Authority reachability: enforcement decisions require control-plane reachability (or a valid policy lease). If the authority is unreachable past the lease, new enforcement actions are paused and partition mode is applied (SAFE_STOP or CONSERVE_FREEZE).
Checkpoint scope note: checkpoint confirmed guarantees a recoverable state at checkpoint time, not zero-loss continuity. Work performed after the checkpoint can be replayed on resume unless your workload drains intake and flushes state before returning the receipt.
- Target scope is ASG-backed (EKS managed nodegroup or self-managed ASG) or Karpenter NodePool/Provisioner (Karpenter mode).
- Capacity is resumable: use On-Demand (Spot can fail to come back).
- A scaler exists and is healthy: Cluster Autoscaler or Karpenter can scale up when pods are pending.
- Agent stays alive on protected capacity (system nodegroup, template control nodegroup, or nodes labeled voidburn.com/protected=true). In Karpenter target mode, protected capacity must be outside the governed NodePool so Sentinel stays running while targets are frozen.
- Strict checkpoint is working: your workload endpoint returns a validated + signed receipt.
- Storage matches your topology: prefer EFS for multi-AZ workloads; EBS PVs are AZ-bound.