Architecture Overview
The Apeiro Reference Architecture is a collection of open-source components designed to establish the foundation for building the cloud-edge continuum in Europe, i.e. a uniform infrastructure from big data centers into small edge environments.
The following diagram provides an overview of the different layers of Apeiro. In such layer diagrams, a layer usually consumes functionality from a lower layer to provides functionality for a higher layer. While this generally applies to Apeiro and this diagram, note that communication between layers is largely facilitated through the Platform Mesh - a central and cross-cutting component in Apeiro. Additional cross-cutting concerns are depicted on the left.
Apeiro does not require adoption of all layers at once and allows to adopt layers and their components individually. Note that in case of individual adoption, components may need to be adjusted to integrate with non-Apeiro components.
Apeiro conceptually pursues a declarative approach across its components, just like Kubernetes does, and adopts the idea of kubeception[1], i.e. it's using Kubernetes to run Kubernetes. As a result, most lower layers are directly run on Kubernetes.
Layers Top to Bottom
Platform Mesh is a core component of Apeiro that allows service providers to offer services of any kind and service consumers to discover those services, order capabilities, and control their lifecycle.
Other layers of Apeiro usually act as both service provider and service consumers: they provide their functionality as capability and consume capabilities of other layers through the Platform Mesh. The Platform Mesh also acts as a single point of contact for integrating non-Apeiro services (not depicted) and making them available via the same cloud-native mechanisms.
Data Fabric provides standards and tooling for decentralized self-describing of application resources leading to a mesh architecture.
Konfidence is the software delivery framework of Apeiro for microservice-based SaaS applications. It comes with support for ring deployments, feature toggle management and a delivery process, all based on best practices from the CNCF landscape[2].
Note that additional information will be added in the future.
Kubernetes is the layer in Apeiro for hosting your cloud-native workloads. Note that this is vanilla Kubernetes.
Gardener provides managed Kubernetes-as-a-Service in Apeiro across infrastructure providers. It will come with support for IronCore and CobaltCore out of the box and be extended for additional IaaS stacks.
Gardener-managed Kubernetes nodes use Garden Linux - a small, reproducible and auditable Linux image based on Debian GNU/Linux with a focus on Linux containers and virtual machines.
Note that additional information will be added in the future.
IronCore and CobaltCore are two infrastructure flavors of Apeiro that provide compute, network, and storage. While CobaltCore exposes an OpenStack-compatible API, IronCore comes with a declarative Kubernetes-style interface.
Note that additional information will be added in the future.
Bare Metal Automation provides functionality to manage bare metal infrastructure in Apeiro through Kubernetes principles. By leveraging Baseboard Management Controllers (BMCs) and the Redfish API, it enables streamlined and automated server discovery, provisioning, and lifecycle management.
Note that additional information will be added in the future.
Cross Cutting Concerns
Lifecycle Tooling based on cloud-native principles is considered essential by Apeiro in order to managing software lifecycle at scale.
Security & Compliance are built into Apeiro across the different layers.
Zero-Trust is a security paradigm in Apeiro to improve the overall security posture.
Observability is available in Apeiro through its layers.
8ra and the IPCEI-CIS Reference Architecture
The Apeiro reference architecture is developed as part of the 8ra and IPCEI-CIS initiative. The IPCEI-CIS published an overall reference architecture that provides the framework to all IPCEI-CIS projects and partners for describing their specific contributions to an overall cloud-edge infrastructure. The Apeiro reference architecture and its components fit well into the holistic IPCEI-CIS architecture and the structures, layers, and domains prescribed in this central document.
These Apeiro components are part of the Virtualization layer:
- Garden Linux
Garden Linux Garden Linux is a Debian GNU/Linux derivate that aims to provide small, auditable Linux images for most cloud providers (e.g. AWS, Azure, GCP etc.) and bare-metal machines. - CobaltCore
CobaltCore CobaltCore is a reimagined and opinionated OpenStack distribution fully utilizing ApeiroRA. It complements IronCore as an alternative for traditional workloads and ensures backward compatibility. - IronCore
IronCore Project IronCore is an open source system for managing compute and storage workloads across multiple providers.
These Apeiro components are part of the Cloud Edge Platform layer:
- Gardener
Gardener The Gardener is an open source project that provides Kubernetes-based cluster management and automation at scale.
These Apeiro components are part of the Service Orchestration layer:
- Platform Mesh
Platform Mesh The Platform Mesh is the main Platform API for users and technical services to order and orchestrate capabilities attached to the environment. Its guiding and design principle is inherited from Kubernetes’s declarative API approach with its digital twin manifests, the Kubernetes Resource Model (KRM). It utilizes and refines the upstream project KCP for its purpose.
These Apeiro components are part of the Data layer:
- Open Resource Discovery
Open Resource Discovery ORD is an open protocol for the decentralized publishing and discovery of application and service metadata. It provides a structured schema for metadata such as endpoints, capabilities, documentation links, and ownership details, ensuring that application resources like APIs, events, data products and AI agents can be discovered, understood, and integrated consistently across different systems and marketplaces.
These Apeiro components are part of the Application layer:
- Konfidence
Konfidence Konfidence is an open-source software delivery framework. It ensures that only tested and approved versions reach production, addressing a common challenge in complex IT landscapes.
These Apeiro components are part of the Management domain:
- Greenhouse
Greenhouse Greenhouse is a Kubernetes based day 2 operations platform focusing on providing a set of opinionated tools & operational processes for managing cloud native infrastructure. - Open Micro Frontend Platform
OpenMFP The Open Micro Front End Platform (OpenMFP) brings together micro front ends and APIs into a cohesive platform, allowing teams to contribute components while maintaining their independence. - Open Managed Control Plane
Open Managed Control Plane OpenMCP is a managed Infrastructure-as-data orchestration layer, designed to streamline and automate the management of cloud resources and corresponding services. It involves the coordination and management of various Infrastructure-as-data services, to support the automation of workflows such as provisioning and scaling of workloads. - Open Component Model
Open Component Model (OCM) OCM is an open standard for describing software artifacts and lifecycle metadata. It is a technology-agnostic and machine-readable format and focuses on software artifacts that need to be delivered securely across boundaries. At the same time, it maintains integrity and provenance along the complete supply chain.
CNCF Cloud Native Landscape, see https://landscape.cncf.io ↩︎