1.0.0: Mission Control, Distributed
Overlock 1.0 is here. The biggest theme of this release is distributed control planes: a new k3s-docker engine, multi-node environments by default, remote SSH-attached nodes, and WireGuard-encrypted inter-node traffic out of the box. From an empty laptop to a full Crossplane lab — across multiple Linux hosts — in a single command.
Highlights
The k3s-docker engine
A new engine that runs each Kubernetes node as its own Docker container with WireGuard tunneling between them. By default you get an agentless K3s server plus two agent nodes — workloads (user pods, system services) and engine (Crossplane, providers, functions, Kyverno, CertManager). Spin up with:
overlock environment create my-env --engine k3s-docker
Multi-node and remote nodes
Add a Linux host as a worker over SSH:
overlock env node create my-remote-node \
--env my-env \
--host 192.168.1.100 \
--scopes engine
Inter-node traffic is WireGuard-encrypted automatically. Remote nodes start and stop with the environment lifecycle.
CPU limits, taints, mounts
--cpu 2/--cpu 0.5/--cpu 50%per node.--taints key=value:NoSchedulewith auto-generated node labels for each taint.--mount /host:/containeronnode createandenv createfor bind-mount workflows.
Registry improvements
registry create --updateto update an existing registry secret in place.--label key=valueonregistry create, with label merging on update.- Server, username and password are now stored in the secret data fields.
Bug fixes
- IP conflicts on environment start are gone — the server container starts before agents now.
- Port conflicts for local nodes on host networks resolved (host networking on remotes for WireGuard peering,
--node-external-ipset on local nodes). env createwaits for the API server before starting remote nodes.- Duplicate node names are rejected; environments and nodes that already exist are skipped gracefully.
- SSH
Runno longer returns EOF on successful commands.
For the full list, browse the closed PRs against the v1.0.0 milestone.
Welcome to v1.