Collected sources and patterns will appear here. Add from search or the patterns library.
Hardened, air-gap-ready Kubernetes distribution and secure software delivery platform for regulated environments (DoD/GovSec).
Utility
stars
161
forks
38
UDS-Core (Unicorn Delivery Service) occupies a specialized niche in the defense and highly regulated infrastructure market. While its technical components are largely standard CNCF tools (Istio, Keycloak, Prometheus), its value proposition lies in 'Security-by-Default' hardening and its integration with Zarf for air-gapped delivery. Compared to a more defensible project like Red Hat OpenShift, UDS-Core lacks the massive corporate ecosystem and broad enterprise market share. However, it is significantly more defensible than a generic 'hardened K8s' script due to its alignment with U.S. Federal requirements (NIST, SRG) and the brand equity of Defense Unicorns in the DoD space. The quantitative signals (161 stars, 38 forks) are low for general open source but substantial for the niche defense sector, where much of the usage occurs behind classified firewalls and isn't reflected in GitHub telemetry. The primary moat is not the code itself, but the 'path to ATO' (Authorization to Operate) it provides to government program offices. Frontier labs (OpenAI/Anthropic) have zero interest in the 'schlep' of air-gapped federal infrastructure. The primary threat comes from hyperscalers (AWS GovCloud, Azure Government) building more integrated managed services, or from the government's own internal efforts like Platform One's Big Bang. UDS-Core survives by being more modular and less bloated than Big Bang, targeting 'Day 2' operations and edge deployments where cloud-native managed services cannot reach.
TECH STACK
INTEGRATION
cli_tool
READINESS
The reusable building blocks distilled from this project — each a mechanism you could lift into your own.
Package container images, Helm charts, and manifest files into an offline-ready archive for airgapped environments.