clust

A self-healing container runtime with built-in mTLS mesh. Zero external dependencies.

GitHub

What it does

No external dependencies.

No etcd. No consul. No platform team. Raft consensus and an embedded CA are built in.

Deploy and forget.

Name it, ship it, walk away. Placement, networking, certificates: all handled.

Reconciles drift.

Nodes fail. Containers crash. The runtime compares what should be running with what is running and closes the gap.

Network isolation.

Each container gets a private point-to-point link to its host. No shared bridge, no network to sniff.

mTLS on every connection.

Between nodes, every connection is mutual TLS over HTTP/2. gRPC and HTTP share the same path with per-request load balancing. No sidecars, no SDK, no TLS config in your app.

Open standards.

SPIFFE workload identity. X.509 mTLS. Raft consensus. CloudEvents 1.0. OCI containers. OpenMetrics. W3C Trace Context.

Install

curl -sfL https://raw.githubusercontent.com/clustrun/install/main/install.sh | sh

Installs to ~/.clust/bin. Override with INSTALL_DIR.

© 2026 clust.run