Open components for the cloud-edge continuum
Apeiro Reference Architecture is built from proven open-source components. Each project addresses a specific layer of the stack - from bare metal hardware management up through cloud orchestration and service interoperability. Together they form a neutral, standards-based foundation that works across providers, environments, and organisational boundaries.
Data Fabric
Applications deployed across cloud and edge environments often have no common way to discover each other, share data, or coordinate business processes. Each integration becomes a bespoke connection that must be built and maintained separately.
Data Fabric defines the standardised interfaces - APIs, resource discovery protocols, and event formats - that allow distributed services to find each other and work together without central coordination or manual pre-wiring. The result is that applications can be composed into business processes automatically, based on shared metadata and open standards rather than point-to-point integrations.
Knowledge Graph
The Knowledge Graph (KG) builds a connected network leveraging the metadata aggregated by UMS and covering relationships across a distributed service landscape. The KG is then further enriched via AI powered modeling on top of the extracted metadata. In this way, KG becomes the basis for generating a semantic representation, tailored for consumption by agentic AI. The representation is used in crucial steps like API discovery and query generation and enables agents to achieve data access within and across enterprises at scale.
Public links coming soon.
Open Resource Discovery
Open Resource Discovery (ORD) is a protocol for decentralized metadata discovery that lets software providers describe and publish their APIs, events, capabilities, and data products in a machine-readable way. Consumers and platforms can then automatically discover and integrate these resources without manual coordination. It establishes a common standard for publishing this metadata in a structured, machine-readable way across a distributed cloud-edge landscape.
ORD is the foundation of the Data Fabric. The metadata it produces is collected by UMS and used by the Knowledge Graph to map relationships between business objects across providers.
WebsiteGitHub
Unified Metadata Service
The Unified Metadata Service (UMS) is a central service that collects and aggregates ORD-based metadata from all participating services in a given landscape, making it queryable by platforms and AI agents without requiring direct integration with each individual provider.
Together with ORD, UMS enables seamless and automatic integration between services hosted across different providers, without requiring centralized manual pre-design or hard-wiring.
Public links coming soon.
Cloud Operating System
Running workloads across multiple infrastructure providers - or across cloud and edge simultaneously - normally requires separate tooling, separate operations teams, and painful trade-offs about where to deploy. Switching providers means rebuilding.
The Cloud Operating System layer provides the software that abstracts these differences: a consistent operational environment for deploying, managing, and moving workloads across the continuum, regardless of the underlying provider. Application teams work with one set of interfaces; the infrastructure underneath can change without requiring application changes.
Garden Linux
A distributed system spawns over multiple individual machines, where Linux as an operating system of choice abstracts the underlying, possibly heterogeneous, hardware resources. This makes Linux strategic to ApeiroRA which requires elevated attention. ApeiroRA includes Garden Linux, a Debian GNU/Linux derivate that aims to provide a small, secure, and auditable Linux. Garden Linux has a highly customizable feature set that can be adjusted to fit your needs, and prebuilt images are provided for cloud providers and major hypervisors. While ApeiroRA allows for any compatible Linux distribution to be used, all ApeiroRA components will be streamlined and qualified/supported by SAP on Garden Linux only.
WebsiteGitHub
Gardener
The Gardener Project is a robust, scalable, and production-hardened, certification ready, open-source system that manages Kubernetes clusters across many infrastructure providers. It's designed to handle the heavy lifting of cluster provisioning, management, and operations, freeing up teams to focus on their core competencies. With its extensible architecture, Gardener ensures seamless integration with existing infrastructure/cloud providers, making it an ideal choice for the diverse and complex cloud and near edge needs. It embodies the principles of the European Union's digital strategy, promoting open standards, interoperability, and hence serves as a bootstrap building block in ApeiroRA.
WebsiteGitHub
Konfidence
Konfidence is an open-source software delivery framework. It ensures that only tested and approved versions reach production, addressing a common challenge in complex IT landscapes.
Instead of relying on fragmented deployment processes, Konfidence uses immutable, versioned application packages. These packages contain all the necessary components for consistent and traceable deployments across development, testing, and production environments.
Konfidence reduces complexity, improves security, and facilitates predictable daily releases. It supports modern deployment practices, such as progressive rollouts and feature toggles, providing a structured process for faster, more stable, and more transparent software delivery.
Website
Luigi
Luigi is a micro frontend JavaScript framework for building modular, scalable, and technology-agnostic web applications with a unified user experience across distributed UI modules.
Luigi enables organizations to develop complex web applications by composing independent micro frontends, each potentially built with different technologies.
Its value proposition lies in simplifying integration, navigation, and communication between distributed UI modules, reducing development overhead and fostering team autonomy.
Luigi provides a consistent user experience, centralized authentication, and extensible configuration, making it ideal for enterprises seeking scalable, maintainable, and future-proof frontend architectures.
WebsiteGitHub
Open Component Model
The Open Component Model (OCM) allows describing software products and included versioned components and (security) related metadata in a standardized way. It is a Software Bill of Delivery (SBoD), comparable to a Software Bill of Materials (SBoM), but specifically focusing on delivery artifacts.
Tools built for OCM enable consistent and secure delivery of software products across the many organizational and physical boundaries of the continuum.
Furthermore, OCM becomes the operational source of truth and offers component identities to correlate information from and for the build, deployment, up to the runtime context.
OCM can be used to prove the end-to-end compliance and security posture of a software product (also see OCM Gear).
WebsiteGitHub
Open Key Chain Management (Crypto Key Management)
OpenKCM is an open-source Key and Crypto Management solution designed to provide secure, scalable, and flexible key management for cloud-native and enterprise environments. It supports key hierarchies, BYOK (Bring Your Own Key), and HYOK (Hold Your Own Key) scenarios, enabling customers to retain full control over their cryptographic keys and revoke access to sensitive data at any time.
OpenKCM integrates with various key management backends, offers extensible APIs for cryptographic operations and lifecycle management, and ensures compliance with stringent security and privacy standards across multi-tenant platforms.
WebsiteGitHub
Open Micro Front End Platform (openMFP)
The Open Micro Front End Platform (openMFP) brings together micro front ends and APIs into a cohesive platform, allowing teams to contribute components while maintaining their independence.
- Decoupled Development: Teams can work independently using their preferred technologies, promoting agility and innovation while contributing to shared objectives.
- Unified User Experience: OpenMFP integrates key systems like authentication, reducing redundancy and improving usability across services.
- Extension Mechanisms: The platform supports adding new micro front ends and APIs, ensuring scalability and adaptability to evolving needs.
WebsiteGitHub
OpenControlPlane
OpenControlPlane (openCP, formerly Open Managed Control Plane) enables extensible Infrastructure- and Configuration-as-Data capabilities as a Service. Based on the Kubernetes Resource Model, all resources in the cloud-edge continuum with ApeiroRA are accessible and managed via a declarative API and corresponding controllers and operators. Together with controllers that understand OCM and declarative deployment orchestrators, consumers can subscribe to a product release-train of software producers and implement an automated, GitOps-driven deployment workflow at the edges.
Website
GitHub
Platform Mesh
The Platform Mesh defines an environment that allows service providers to offer services of any kind and service consumers to discover those services, order capabilities, and control their lifecycle.
Platform Mesh powers complex multi-tenant environments without compromising security, delivering a foundation for globally distributed and highly scalable services. Built on the Kubernetes Resource Model, it provides a declarative API layer for seamless interaction between providers and consumers. With integrated control planes and support for decentralized marketplaces, consumers can easily discover APIs while providers publish services effortlessly.
WebsiteGitHub
Baremetal Operating System
The cloud-edge continuum requires physical hardware which can be housed in centralized, secure data centers or in more compact form factor at near edges, all with appropriate energy supply (preferably renewable) and cooling. Alongside the physical setup of cloud and edge locations, a software system is essential for managing this hardware - the Baremetal Operating System (BOS). The BOS is designed to create a stable and robust foundation that seamlessly integrates with the Cloud Operating System (COS). As spending on cloud infrastructure services continues to grow, BOS aims to facilitate an easily reproducible, fully automated, and end-to-end lifecycle for compute, storage, and network hardware from build to decommissioning. In addition to documentation, BOS will provide a reference implementation on qualified hardware, allowing companies to join the continuum.
BOS extends the traditional definition of machine-centric Infrastructure-as-a-service (IaaS) by operationalizing and combining cloud-native concepts with robust and known open-source components. CobaltCore is an OpenStack distribution providing an IaaS API suited for non-cloud-native and heritage workloads. IronCore exposes a cloud-native IaaS API tailored for ephemeral, Kubernetes-native workloads. Both can optionally build on a shared foundation of Bare Metal Management and Network Automation, which are part of the IronCore product family. Other projects assist with production-grade monitoring and operations.
CobaltCore
CobaltCore is an opinionated OpenStack distribution providing an IaaS layer and API for non-cloud-native and heritage workloads, designed for backward compatibility with established IaaS interfaces, VM live migration, and traditional network configurations.
- Self-Service Portal: Aurora Dashboard provides a micro-frontend based interface for tenant self-service across compute, network, and storage resources.
- Advanced Scheduling: Cortex enables intelligent workload placement and scheduling across the compute fleet.
- Container Registry: Built-in container registry as a service for storing and distributing container images.
- Automated Operations: Zero-downtime maintenance with automatic server discovery, provisioning, and evacuation reduce operational overhead across the compute and storage fleet.
- Security & Compliance: Extended audit capabilities, customer telemetry, and security posture management are seamlessly integrated with the Greenhouse Operations Platform.
CobaltCore can optionally build on IronCore's Bare Metal Management and Network Automation for a fully integrated, end-to-end stack. It integrates with Gardener and GardenLinux, and follows OCM methodology with Kubernetes-based operators automating all lifecycle concerns.
WebsiteGitHub
Greenhouse
Greenhouse is a comprehensive platform designed to address the challenges of operating large-scale cloud infrastructures.
It offers a holistic dashboard and API to manage various operational aspects efficiently and transparently.
Moreover, it enables operations of a globally distributed cloud infrastructure in compliance with industry standards.
The platform addresses common operational challenges such as the complexity of tools, fragmentation of configuration, visibility and permission management.
Several plugins extend the core platform, providing cloud-native observability, security & compliance tooling and more.
These plugins come with sane default configurations and include all necessary components for application-specific needs such as production-proven alerts, playbooks, metric visualization dashboards.
Website GitHub
IronCore: Bare Metal Management
Bare Metal Management provides a comprehensive solution for managing physical servers in a Kubernetes-native way. It leverages Kubernetes Custom Resource Definitions (CRDs) to automate the full server lifecycle:
- Discovery: Automatically detect and register bare metal servers, ensuring seamless integration into the infrastructure.
- Provisioning: Deploy and configure servers using Ignition, automating OS installation and server setup.
- Day-2 Operations: Manage BIOS, firmware, and hardware inventory declaratively, keeping the fleet compliant and up to date without manual intervention.
- 3rd Party Integrations: Seamlessly integrate with existing vendor-specific management tools.
- Kubernetes Support: Run Kubernetes on bare metal servers with support for Cluster API and Gardener.
Core components include the Metal Operator for lifecycle management, the Boot Operator for iPXE/HTTP booting, and FeDHCP for in-band and out-of-band network configuration.
WebsiteGitHub
IronCore: Infrastructure as a Service
The IronCore Infrastructure as a Service layer exposes a unified, declarative API for managing compute, storage, and networking resources using modular, pluggable providers designed for hybrid and near edge deployments.
- Compute: Pluggable providers support diverse environments, with KVM via libvirt as the default compute backend.
- Storage: Block, shared, and object storage are backed by default with Ceph, a cloud-natively automated, vendor-neutral storage solution.
- Networking: Declarative networking resources are managed through the IronCore API.
The IaaS layer integrates natively with Gardener, CSI, CCM, and Cluster API. It is designed for cloud-native workloads where the compute interface is intentionally ephemeral, enabling Gardener to dynamically provision virtual and physical machines for Kubernetes clusters.
WebsiteGitHub
IronCore: Network Automation
Network Automation provides a robust framework for automating network management tasks using a Kubernetes-based architecture to streamline the deployment, configuration, and monitoring of network devices.
- Device Discovery: Automatically discover network devices across the data center.
- Provisioning: Automate the provisioning of network devices at scale.
- Configuration Management: Manage and apply configurations across multiple devices consistently.
The IronCore project supports different vendors and device types through dedicated operators, including the network-operator for Cisco NX-OS devices and the sonic-operator for Sonic Edgecore switches.
WebsiteGitHub