kldload is a re-packer.
Instead of downloading an ISO from your vendor, kldload uses the vendor's own CDNs and package repositories to assemble the OS of your choice — CentOS Stream 9, Debian 13, Ubuntu 24.04, Fedora 43, RHEL 10, Rocky 9, Arch, or Alpine — with ZFS on root, WireGuard, Cilium eBPF, a Kubernetes control plane, a KVM hypervisor, a multi-distro test platform (klab), a local AI assistant (Bob), and the tools that should have been there from the start. Nothing is patched. Nothing is forked. Nothing is modified. Every package is stock, verified, and pulled directly from your vendor's repos.
The result can be deployed as a bootable USB image for bare metal installs, an in-place deployment tool for existing systems, or a remote/mass deployment pipeline for fleet provisioning. The ISO also carries offline package mirrors (RPM + APT for CentOS, Debian, Ubuntu, Fedora, Rocky) so you can install in air-gapped environments with zero internet. RHEL pulls from its CDN; Arch is rolling release; Alpine carries a partial apk cache. The Fedora 44 live environment (kernel 6.19, OpenZFS 2.4.1) hosts the installer and the web UI.
What comes out the other side is your distro — not ours. Whatever userland you like.
Whatever package manager you prefer. kldload just makes sure the foundation — ZFS, WireGuard,
eBPF, boot environments — is done right. Updates come from your vendor, not from us.
kldload delivers the OS tuned to the current OpenZFS stable branch. After that, it's your system —
dnf update, apt upgrade, pacman -Syu, whatever you normally do. Fill your boots.
Every script is readable bash. No compiled binaries. No vendor SDK. No magic.
cat any file and read what it does. Point it at any apt, dnf, or pacman repo
and the tool will most likely already work — it's distro-agnostic by design.
Kernel modules, services, & tools — bundled on first boot.
✓ ZFS on Root (OpenZFS 2.4.1)
Checksummed, compressed, snapshot-capable root filesystem. Boot environments via ZFSBootMenu. Self-healing on mirrors. lz4 compression default, dedup optional, encryption optional.
✓ WireGuard
Kernel-level encrypted networking. Mesh and site-to-site templates ready to enable. Tutorials cover multi-site, dynamic peers, and BGP underlay.
✓ Cilium eBPF + Hubble + Tetragon
L3/L4/L7 datapath in the kernel — no kube-proxy, no iptables, no sidecars. Hubble flow visibility, Tetragon process/syscall security, NetworkPolicy + ClusterMesh + service mesh without Envoy.
✓ Kubernetes (KVM-hosted)
Single-node or three-node K8s cluster on ZFS-backed zvol VMs. CRI-O, Cilium, MetalLB, local-path-provisioner with WaitForFirstConsumer auto-binder, ArgoCD demo. kube-cluster up ⇒ production cluster in < 20 minutes.
✓ klab — Multi-Distro Test Platform
Pre-built golden VM images for every supported distro, ZFS-instant-clone blue/green deploys, fault injection (network/disk/OOM), Distro Matrix Runner, live Hubble traffic map, "What Just Happened" diff capture.
✓ KVM Hypervisor
libvirt + qemu-kvm + virtio-scsi + io=native cache=none. Every VM on a ZFS zvol. Instant clones (~100ms via ZFS COW), atomic snapshots, app-consistent points-in-time via qemu-guest-agent fs-freeze, incremental zfs send replication.
✓ Bob — Local AI Assistant
Ollama-served local LLM with RAG over the kldload codebase + docs (ChromaDB + nomic-embed-text). Hands-free voice control, multi-terminal awareness, packet-flow vision. No cloud, no telemetry, runs on consumer NVIDIA cards.
✓ NVIDIA Drivers + CUDA
GPU drivers + CUDA baked into the image. CUDA time-slicing lets multiple workloads (Bob + a guest VM) share one consumer GPU — no PCIe passthrough required. No nouveau conflicts.
✓ ZFSBootMenu + Boot Environments
UEFI bootloader that understands ZFS. Boot-environment selection on every boot, 15-second rollback to last-known-good. No GRUB hacks. kbe new before any risky change.
✓ Automatic Snapshots (sanoid)
Before every dnf/apt/pacman transaction. 15-minute snapshots for /srv. Hourly/daily/monthly boot environments. Retention policy editable per dataset. syncoid replicates incrementally to a peer.
✓ Observability Stack
Prometheus + Grafana + Loki + Alertmanager + zed-to-Loki bridge. Four Go exporters (kldload, ZFS, KVM, klab), eight pre-wired dashboards (host, VMs, K8s, eBPF rationale, Cilium datapath, ZFS pool health, latency distributions, ARC).
✓ 50+ CLI Tools
kst, ksnap, kbe, kdf, kdir, kpkg, kupgrade, krecovery, kvm-*, klab, kube-*, kzfs-*, kexport, kldload-console — short names, no flags to memorize.
✓ Web UI & Console
Browser-based control plane covering Dashboard, VMs, K8s, ZFS, klab, OpenZFS Suite, Ansible, Helm, Metrics, Bob. Plus a tmux-based F-key cockpit with live eBPF panels (tcplife, tcpconnect, execsnoop) for the keyboard-first crowd.
✓ Secure Boot / MOK
Per-machine key generation. Automatic module signing. DKMS auto-sign on kernel upgrades. Works with Secure Boot enabled on Dell, Lenovo, HP, ASUS, and most consumer firmware.
✓ Offline / Air-Gap Ready
Complete RPM + APT package mirrors baked in for CentOS, Debian, Ubuntu, Fedora, Rocky. No internet needed at install time, no phone home. The USB drive is the deployment.
✓ Image Export Pipeline
Install once, export as qcow2, VMDK, VHD, OVA, or raw. Auto-seals the image (machine-id cleared, SSH host keys removed, cloud-init enabled with multi-datasource config) ready for Packer or direct hypervisor import.
Pick the platform you need.
Same ISO, same darksites, same ZFS-on-root foundation — what changes per profile is which userland, services, and tools get assembled on first boot. Pick one that matches the job; kpkg can add layers from another profile afterward.
Desktop
GNOME workstation + ZFS on root + Firefox + GPU drivers + all k* tools + web UI + sanoid automatic snapshots + offline RPM/APT darksites. WireGuard, eBPF, and Bob AI assistant ready on first login.
For workstations, dev machines, and NVIDIA AI rigs.
Server
Headless + SSH + ZFS on root + all k* tools + web UI + sanoid + WireGuard + eBPF + offline darksites. NFS, Samba, iSCSI, and observability exporters ready to enable. No desktop, no GPU stack.
For production servers, NAS, and edge boxes.
KVM Host
Bare-metal hypervisor. libvirt + qemu-kvm + virtio. Every VM on a ZFS zvol with volblocksize=16K, compression=lz4, io=native cache=none. Instant clones (~100ms, 0 bytes via ZFS COW), atomic snapshots, incremental zfs send replication, qemu-guest-agent fs-freeze for app-consistent points-in-time. NVIDIA GPU sharing via CUDA time-slicing — no PCIe passthrough required.
For bare-metal hypervisors and homelab clouds.
Kubernetes
KVM Host + a turnkey single-node or three-node Kubernetes cluster. Cilium eBPF networking (no kube-proxy, datapath in the kernel) + Hubble flow visibility + Tetragon runtime security. CRI-O, MetalLB, ZFS-backed persistent volumes, local-path-provisioner with auto-binder for WaitForFirstConsumer storage classes. kube-cluster up spins production K8s in < 20 minutes; kube-demo deploys PetClinic + ArgoCD as a smoke test.
For K8s clusters with eBPF observability built in. New in 1.0.4.
klab — Multi-Distro Test Platform
KVM Host + pre-built golden images of every supported distro (CentOS, Rocky, Fedora, Debian, Ubuntu, RHEL) running ZFS on root. Blue/green deploys via ZFS instant clone — spin a full distro VM in ~2 seconds, run a change, snapshot, promote or roll back. Live Hubble eBPF traffic map, fault injection (network/disk/OOM), Distro Matrix Runner to run the same playbook against every distro in parallel.
For SREs validating changes before they reach production. New in 1.0.5.
OpenZFS Suite
KVM Host + a dedicated set of ZFS test goldens (separate from klab) wired into ztest and zloop. Stand up multi-vdev pools, run the full upstream OpenZFS test suite, reproduce kernel/userland bugs against any supported distro's zfs build. Includes the kzfs-lab tools and ZFS Test Lab tile in the web UI for one-click suite runs.
For OpenZFS contributors and storage teams chasing regressions.
Core
ZFS on root only. Stock distro. No k* tools, no web UI, no sanoid, no darksites. Just the kernel modules, DKMS, initramfs, and ZFSBootMenu chain done right. Roughly 200 MB on disk beyond the vendor's base install.
For advanced users who want ZFS on root and nothing else.
Every profile gives you ZFS on root with proper DKMS, initramfs, and ZFSBootMenu. Nothing is removed from the base distro. The k*, kvm-*, klab, and kube-* tools are additions, not replacements. apt, dnf, zfs, zpool, virsh, and kubectl always work directly. Profiles can be layered — install Server, add KVM Host with kpkg add kvm, then add Kubernetes with kpkg add k8s.
Whatever you want. kldload assembles it.
“I want ZFS on Debian”
Pick Debian. Pick Core. Done. ZFS on root, boot environments, DKMS. Stock Debian underneath, ~200 MB of additions, the rest is vanilla.
“I want a KVM hypervisor”
Pick any distro. Pick KVM Host. Clone VMs in ~100ms via ZFS COW. Snapshot atomically. App-consistent points-in-time via qemu-guest-agent. Incremental replication. See 1.0.3.
“I want a Kubernetes cluster”
Pick any distro. Pick Kubernetes. Three nodes on ZFS-backed zvol VMs with Cilium eBPF, Hubble, Tetragon, MetalLB, ArgoCD. kube-cluster up ⇒ production K8s in < 20 minutes. kube-demo deploys PetClinic to prove it.
“I want to test changes safely”
Pick klab. Six distro goldens, blue/green via ZFS instant clone, fault injection, distro matrix runner, live Hubble traffic map. Reproduce a prod issue across CentOS+Rocky+Fedora+Debian+Ubuntu+RHEL in parallel.
“I want a NAS”
Pick any distro. Pick Server. Add NFS or Samba. ZFS handles the rest — checksums, compression, snapshots, replication. sanoid + syncoid out of the box.
“I want to run AI models locally”
Pick Desktop or Server. Enable NVIDIA. Bob runs Ollama on the GPU with a local RAG index over the kldload codebase. Multiple models share one consumer GPU via CUDA time-slicing — no PCIe passthrough.
“I want an air-gapped server”
Boot the USB. Install. No internet needed for CentOS / Debian / Ubuntu / Fedora / Rocky — offline RPM and APT darksites are baked into the ISO. The USB drive is the deployment.
“I want a golden image for Packer”
Install once, pick an export format (qcow2 / VMDK / VHD / OVA / raw). kldload auto-seals (machine-id cleared, SSH host keys removed, cloud-init enabled) and SCPs the image where you want it — ready for any hypervisor or Packer pipeline.
“I want to hunt an OpenZFS regression”
Pick OpenZFS Suite. Multi-vdev test goldens, ztest + zloop integration, web-UI ZFS Test Lab tile for one-click suite runs across every supported distro's zfs build.
“I want to learn the primitives”
37 masterclasses. ~3,200 pages of documentation. ZFS, WireGuard, eBPF, KVM, Cilium, IPsec, Keycloak, nftables, BGP, VXLAN/EVPN, FIPS — every technology explained from first principles. Start here.
Each profile is an expertly crafted userland — a purpose-built assembly of packages, configs, and tools for a specific job. Appliance recipes and 37 masterclasses teach you to craft your own. BSD-3-Clause. No phone home, no telemetry, no SaaS backend. Cat any file. git clone the source. Build it yourself if you don't trust ours.