Features / Kubernetes Native

Runs on any Kubernetes.

Nightshift is a Helm chart you install into the cluster you already operate. Cloud, on-premise, or fully air-gapped. Same install, same shape. Every backend behind the API is an interface, so your stack plugs in.

Nightshift architecture: data stores, kernel, workers, and telemetry flow. — nightshift-api schedules agent pods into Kubernetes and writes through to a set of pluggable stores: Storage, Secrets, IAM, Artifacts. Workers speak a stable agent-to-platform protocol on the wire, so anything that conforms to the spec drops in. Metrics, events, logs, and traces flow out to whatever telemetry stack you already run.

Kernel-level enforcement

Nightshift leverages Cilium and Tetragon for kernel-level enforcement. Agent pods run inside Kata micro-VMs with their own guest kernel, Cilium filters every packet leaving the pod via eBPF, and Tetragon hooks syscalls for runtime policy enforcement.

Cilium

First line of defense. eBPF network policies block agents from reaching anything you haven't explicitly allowed, enforced inline in the kernel before a single packet leaves the pod.

eBPFCiliumNetworkPolicyIdentity-aware

Tetragon

If traffic gets past the network layer, Tetragon hooks syscalls at the kernel level via kprobes. Malicious behavior is blocked before it ever touches userspace.

kprobesTracingPolicyReal-time

Kata Containers

Last resort. Even if every other defense is bypassed, the agent is trapped inside a hardware-isolated micro-VM with its own guest kernel. A kernel exploit can't escape to the host.

HypervisorGuest kernelVM boundary

Tetragon

If traffic gets past the network layer, Tetragon hooks syscalls at the kernel level via kprobes. Malicious behavior is blocked before it ever touches userspace.

kprobesTracingPolicyReal-time

nightshift-api · REST

Operators query any running agent on demand.

Running Agents

each pod exposes metrics + logs at the kernel

Tetragon / Cilium

kernel-level event and metric pipeline

Prometheus

metrics time-series

Loki

log aggregation

Grafana

operator dashboards · alerts · OpenTelemetry

Full visibility into every agent

Query logs, metrics, and processes from any running agent via REST API. Nightshift captures kernel-level events through Tetragon and Cilium and ships everything to Grafana, Prometheus, and Loki for your operator team.

One Helm chart. Any cluster.

The full stack on any cluster in seconds: API, Agent Worker, Storage, Auth, and the Nightshift UI. Same chart deploys to your production cluster, cloud, on-premise, or fully air-gapped.

# Spin up the full stack on a local cluster
make eks-quickstart

# Port-forward and open your browser
kubectl -n nightshift port-forward
  svc/nightshift-nightshift-ui 13000:3000

→ http://localhost:13000

Six gRPC services. One open spec.

Storage, Config, Secrets, Workers, Scheduling, and Artifacts are the six gRPC services that make up the platform. Each one is a wire contract, not a vendor. SQLite or Postgres. Filesystem or S3. OpenBao or Vault. The reference Anthropic worker or your own. Anything that speaks the protocol is a conformant backend. The same chart runs in a laptop kind cluster, a multi-region production fleet, and a fully air-gapped on-prem deployment.

Modular by default.

Every layer of the Nightshift platform is a pluggable interface. Bring your own. Nightshift is designed to work in complex business environments.

Storage
S3, GCS, MinIO, or any S3-compatible store.
Compute
Your GPUs, your committed cloud, any inference provider.
Model
Anthropic, OpenAI, Mistral, Llama, your own fine-tune.

Identity
Map agents to your IdP and service accounts.
Auth
Plug in any OIDC provider for SSO.
Secrets
HashiCorp Vault, OpenBao, or any KMS you already run.

Bring Nightshift to your cluster.

We will scope a deployment that fits your cloud, your stack, and your compliance posture.

Book a demo Star on GitHub