Status: Proposal — not implemented.
Cross-host networking for Capsule (today every capsule is an island; br0 traffic does not leave the box). Adds a fabric: a WireGuard mesh between capsules giving every fabric-enrolled workload a stable address in 100.64.0.0/10, with declarative per-workload allow-list policy (default deny), enforced on both ends. Operator-driven enrollment, no relay/DERP/STUN, no central control plane. Workloads opt in via fabric: {}; everything else is unchanged. Survives reboot and capsule update push; manifests reference peers by name, not IP.
📄 Full proposal: https://github.com/Project-Capsule/capsule/blob/main/docs/fabric.md
Status: Proposal — not implemented.
Cross-host networking for Capsule (today every capsule is an island;
br0traffic does not leave the box). Adds a fabric: a WireGuard mesh between capsules giving every fabric-enrolled workload a stable address in100.64.0.0/10, with declarative per-workload allow-list policy (default deny), enforced on both ends. Operator-driven enrollment, no relay/DERP/STUN, no central control plane. Workloads opt in viafabric: {}; everything else is unchanged. Survives reboot andcapsule update push; manifests reference peers by name, not IP.📄 Full proposal: https://github.com/Project-Capsule/capsule/blob/main/docs/fabric.md