JACO

v0.3.8

The idea

Kubernetes is overkill for a handful of nodes, but plain Docker Compose stops being enough the moment you want more than one machine, real failover, and HTTPS that just works. JACO sits in that gap: a single self-contained orchestrator you can run across a few servers without standing up a control-plane zoo.

It ships as two binaries — jacod, the long-running daemon managed by systemd, and jaco, the operator CLI that talks to a local daemon over a unix socket and to peer daemons over TCP. Bring up one node, mint a join token, point the others at the leader, and you have a cluster.

What it does

JACO replicates cluster state through a HashiCorp Raft state machine, so the control plane survives node restarts and leader changes. A leader-only scheduler reconciles deployments with spread, pack, or pinned-host placement, performing rolling updates that never drop below your replica count.

Workloads run on the Docker engine driver, with a per-replica health watcher, image pulls that back off exponentially, and orphan reconciliation when a daemon reboots. Networking is where JACO gets opinionated: every (deployment, network) pair gets its own Docker bridge with deterministic /24 IPAM, joined into a WireGuard mesh and firewalled with nftables so east-west traffic is isolated by default, each bridge with its own DNS.

Ingress is handled by an embedded Caddy v2 reverse proxy. Per-route certificates are issued via ACME, with HTTP-01 challenge coordination and certificate storage backed by Raft — so any node can serve any route with valid TLS.

Installation

Releases ship .deb, .rpm, .apk, and a generic .tar.gz for linux/amd64 and linux/arm64, plus a SHA256SUMS manifest.

curl -fsSL -O https://github.com/PatrickRuddiman/JACO/releases/latest/download/jaco_<arch>.deb
sudo dpkg -i jaco_<arch>.deb
sudo systemctl enable --now jaco

Initialise the first node, then join the rest:

sudo jaco cluster init
JACO_TOKEN=<operator_token> jaco node issue-join-token
sudo jaco node join --peer <leader-host>:7000 --token <single-use>

License

MIT

JACO logo

Features

  • Raft-replicated control plane with a gRPC API and on-disk snapshots that survive restarts
  • Leader-only scheduler with spread/pack/hosts placement and rolling updates
  • Docker runtime driver with per-replica health watching and orphan reconciliation
  • Per-(deployment, network) bridges with deterministic IPAM, WireGuard mesh, and nftables east-west isolation
  • Embedded Caddy v2 ingress with per-route ACME backed by Raft-replicated CertMagic storage
  • Ships as two binaries — jacod (systemd daemon) and jaco (operator CLI) — with .deb, .rpm, .apk, and tarball releases
Release Date: May 20, 2026
Category: CLI Tool
Back to Software