Release 2.5.0

Co-authored-by: Andreas Schlosser <andreas.schlosser@sap.com>
Co-authored-by: Maximilian Lenkeit <maximilian.lenkeit@sap.com>
Co-authored-by: Maximilian Lenkeit <maximilian.lenkeit@sap.com>Co-authored-by: hyperspace-insights[bot] <106787+hyperspace-insights[bot]@users.noreply.github.tools.sap>
Co-authored-by: Vasu Chandrasekhara <vasu.chandrasekhara@sap.com>
Co-authored-by: Vedran Lerenc <vlerenc@gmail.com>
Co-authored-by: apeirora-service-user[bot] <138167+apeirora-service-user[bot]@users.noreply.github.tools.sap>
Co-authored-by: hyperspace-insights[bot] <106787+hyperspace-insights[bot]@users.noreply.github.tools.sap>
Co-authored-by: ospo-renovate[bot] <40221+ospo-renovate[bot]@users.noreply.github.tools.sap>

Author: 7 people

.github/workflows/gh-pages.yml

@@ -12,7 +12,7 @@ jobs:
     name: Build VitePress site
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - uses: actions/setup-node@v6

.vitepress/components/Project.vue

@@ -33,10 +33,10 @@ onMounted(() => {
 
   const project =  projects[projectName.trim()] || projects[projectName.toLowerCase().trim()];
   if (!project) {
-    throw new Error("Project '" + project + "' does not exist!");
+    throw new Error("Project '" + projectName + "' does not exist!");
   }
 
-  projectText.value = projectName
+  projectText.value = project.name
   projectUrl.value = project.url
   descriptionText.value = project.description
   iconSrc.value = project.icon ?? undefined

.vitepress/theme/docs-sidebar.ts

@@ -22,6 +22,12 @@ type SidebarItemAugmented = SidebarItem & {
   __frontmatter?: any
 }
 
+const topLevelFolderSequenceLowerCase = [
+  'showroom',
+  'best-practices',
+  'resources'
+]
+
 const sortByFrontmatterSidebarPosition  = (items: SidebarItemAugmented[]) => {
   const augmentedItems = items.map(it => {
     if (it.link) {
@@ -38,6 +44,13 @@ const sortByFrontmatterSidebarPosition  = (items: SidebarItemAugmented[]) => {
     if (it.items) {
       it.items = sortByFrontmatterSidebarPosition(it.items)
     }
+
+    // manual sequence corrections
+    if (topLevelFolderSequenceLowerCase.includes(it.text?.toLowerCase() || '')) {
+      it.__frontmatter = it.__frontmatter || {}
+      it.__frontmatter.sidebar_position = topLevelFolderSequenceLowerCase.indexOf(it.text.toLowerCase())
+    }
+
     if (it.text?.toLowerCase() === 'best-practices') {
       it.text = 'Best Practices'
     }

apeiro-projects.json

@@ -46,5 +46,41 @@
         "url": "https://openmfp.org",
         "description": "The Open Micro Front End Platform (OpenMFP) brings together micro front ends and APIs into a cohesive platform, allowing teams to contribute components while maintaining their independence.",
         "icon": "/img/projects/openmfp.png"
+    },
+    "gardenlinux": {
+        "name": "Garden Linux",
+        "url": "https://github.com/gardenlinux",
+        "description": "Garden Linux is a Debian GNU/Linux derivate that aims to provide small, auditable Linux images for most cloud providers (e.g. AWS, Azure, GCP etc.) and bare-metal machines.",
+        "icon": "/img/projects/gardenlinux.svg"
+    },
+    "platformmesh": {
+        "name": "Platform Mesh",
+        "url": "https://platform-mesh.io",
+        "description": "The Platform Mesh is the main Platform API for users and technical services to order and orchestrate capabilities attached to the environment. Its guiding and design principle is inherited from Kubernetes’s declarative API approach with its digital twin manifests, the Kubernetes Resource Model (KRM). It utilizes and refines the upstream project KCP for its purpose.",
+        "icon": "/img/projects/platformmesh.svg"
+    },
+    "ord": {
+        "name": "Open Resource Discovery",
+        "url": "https://open-resource-discovery.github.io/specification/",
+        "description": "ORD is an open protocol for the decentralized publishing and discovery of application and service metadata. It provides a structured schema for metadata such as endpoints, capabilities, documentation links, and ownership details, ensuring that application resources like APIs, events, data products and AI agents can be discovered, understood, and integrated consistently across different systems and marketplaces.",
+        "icon": "/img/projects/ord.svg"
+    },
+    "konfidence": {
+        "name": "Konfidence",
+        "url": "https://konfidence.cloud",
+        "description": "Konfidence is an open-source software delivery framework. It ensures that only tested and approved versions reach production, addressing a common challenge in complex IT landscapes.",
+        "icon": "/img/projects/konfidence.svg"
+    },
+    "greenhouse": {
+        "name": "Greenhouse",
+        "url": "https://github.com/cloudoperators/greenhouse",
+        "description": "Greenhouse is a Kubernetes based day 2 operations platform focusing on providing a set of opinionated tools & operational processes for managing cloud native infrastructure.",
+        "icon": "/img/projects/greenhouse.svg"
+    },
+    "openmcp": {
+        "name": "Open Managed Control Plane",
+        "url": "https://github.com/openmcp-project",
+        "description": "OpenMCP is a managed Infrastructure-as-data orchestration layer, designed to streamline and automate the management of cloud resources and corresponding services. It involves the coordination and management of various Infrastructure-as-data services, to support the automation of workflows such as provisioning and scaling of workloads.",
+        "icon": "/img/projects/omcp.svg"
     }
 }

changelog.md

@@ -2,6 +2,16 @@
 title: Changelog
 ---
 
+## v2.5.0 (2025-12-22)
+
+**New content**
+
+- [Showroom Hardware Recommendations](./docs/showroom/hardware-recommendations/index.md) - hardware recommendations for setting up an Apeiro-based cloud infrastructure
+
+**Updated content**
+
+- [Architecture Overview](./docs/architecture/index.md#_8ra-and-the-ipcei-cis-reference-architecture) - mapping between IPCEI-CIS Reference Architecture layers and Apeiro components
+
 ## v2.4.0 (2025-11-12)
 
 **New content**

docs/architecture/index.md

@@ -57,3 +57,38 @@ Apeiro conceptually pursues a _declarative approach_ across its components, just
 
 [^cncf-landscape]: CNCF Cloud Native Landscape, see https://landscape.cncf.io
 [^kubeception]: see [Hosted Control Planes](./../best-practices/multi-cluster-federation/hosted-control-planes.md)
+
+## 8ra and the IPCEI-CIS Reference Architecture
+
+The Apeiro reference architecture is developed as part of the [8ra](https://www.8ra.com) and [IPCEI-CIS](https://www.8ra.com/ipcei-cis/) initiative. 
+The IPCEI-CIS published an overall [reference architecture](https://www.8ra.com/resources/) that provides the framework to all IPCEI-CIS projects and partners for describing their specific contributions to an overall cloud-edge infrastructure.
+The Apeiro reference architecture and its components fit well into the holistic IPCEI-CIS architecture and the structures, layers, and domains prescribed in this central document.
+<!-- add reference to https://landscape.apeirora.eu -->
+
+<ApeiroFigure src="/architecture/apeiro-icra.png"
+  alt="The Apeiro components mapped to the IPCEI-CIS Reference Architecture"
+  caption="Mapping the Apeiro components to the IPCEI-CIS Reference Architecture"
+  width="100%"/>
+
+These Apeiro components are part of the **Virtualization** layer:
+- <Project name="gardenlinux">Garden Linux</Project>
+- <Project>CobaltCore</Project>
+- <Project>IronCore</Project>
+
+These Apeiro components are part of the **Cloud Edge Platform** layer:
+- <Project>Gardener</Project>
+
+These Apeiro components are part of the **Service Orchestration** layer:
+- <Project name="platformmesh">Platform Mesh</Project>
+
+These Apeiro components are part of the **Data** layer:
+- <Project name="ord">Open Resource Discovery</Project>
+
+These Apeiro components are part of the **Application** layer:
+- <Project>Konfidence</Project>
+
+These Apeiro components are part of the **Management** domain:
+- <Project>Greenhouse</Project>
+- <Project name="openmfp">Open Micro Frontend Platform</Project>
+- <Project name="openmcp">Open Managed Control Plane</Project>
+- <Project name="ocm">Open Component Model</Project>

docs/getting-started/index.md

@@ -42,6 +42,6 @@ Explore the following Apeiro components for existing workloads:
 
 ## Next Steps
 
-- **Assemble Apeiro** - the [Showroom](./../showroom/index.md) demonstrates how Apeiro assembles the individual components as a working environment.
+- **Assemble Apeiro** - the [Showroom](./../showroom/scenarios.md) demonstrates how Apeiro assembles the individual components as a working environment.
 - **Adapt Apeiro** - most components of Apeiro are extensible and adjustable, you can adapt them to your own infrastructure or environment constraints.
 - **Pick and choose** - Apeiro is a toolkit and you can pick-and-choose the components that provide the most value for your use case.

docs/index.md

@@ -83,7 +83,6 @@ const steps = [
     step: "5",
     name: "Platform Mesh",
     url: "./best-practices/platform-mesh",
-    main: true,
     technologies: [],
   },
   {

docs/showroom/hardware-recommendations/control-plane.md

@@ -0,0 +1,79 @@
+---
+sidebar_position: 1
+title: Control Plane Hardware
+---
+
+The minimal control plane footprint is designed for reliability and cost efficiency.
+We do not include the required capacity to run other optional Apeiro services from the COS layer and above in this consideration for the control plane sizing.
+Depending on the complete target scenario, additional capacity needs to be reserved to run Gardener and other services on the control plane.
+This page focuses on the recommended size of the control plane for a plain installation of the BOS layer and bare metal automation to manage the infrastructure in the data plane that will carry the workload.
+
+Additional sizing optimization for minimal footprint installations might be achieved by merging control and data plane into a single rack.
+Our focus here is on a sustainable setup that can also be scaled out during productive operations, depending on increased resource demand.
+
+## Bare Metal Hardware Specifications
+The Control Plane of a pure bare metal setup that focuses on managing hardware resources without the additional IaaS capabilities requires a single rack for the complete stack.
+
+The minimal setup for a bare metal offering includes:
+- Management Nodes: Minimum of three servers to ensure high availability and redundancy for orchestration, monitoring, and API endpoints.
+- Network Switch: One management switch for interconnecting control and data plane components, supporting both internal and external traffic.
+- Compute Nodes: Two or more servers dedicated to workload execution and storage, sized according to anticipated resource demand.
+- Storage: Shared storage system accessible by all compute nodes for persistent data and VM images.
+- Firewall: At least one firewall for basic network segmentation and security between control, data plane, and external connections.
+- Console/Management Access: One console for out-of-band management and troubleshooting.
+
+This list presents the essential hardware components for a minimal yet scalable single rack deployment, combining both control plane and data plane functions for the Apeiro cloud infrastructure.
+Please refer to the subsequent sections for more detail on the respective components.
+
+## CobaltCore Hardware Specifications
+The Control Plane of CobaltCore, i.e. BareMetal management plus IaaS functionality provided by OpenStack, consists typically of two racks, one for hosting the required network management functionality and one for providing the necessary compute power.
+
+A typical **network fabric** pod for a Cobalt Core deployment in a modern data center environment generally consists of these key components designed to ensure robust connectivity, scalability, and high availability:
+- Spine Switches: Usually three or more high-capacity switches that serve as the backbone of the network, interconnecting with all leaf switches to provide non-blocking bandwidth and low latency across the pod.
+- Leaf Switches: Typically, two switches that connect directly to servers, storage devices, and other endpoints. The leaf-spine topology helps facilitate east-west traffic within the pod and supports scalable expansion.
+- Core Switches: Two or more switches that aggregate traffic from the spine layer and connect the pod to external networks or additional data center pods, contributing to redundancy and load balancing.
+- Firewalls: At least two firewalls are deployed for security, ensuring traffic inspection, segmentation, and protection against unauthorized access.
+- Management Switch: A dedicated switch for out-of-band management, providing secure access to network and server management interfaces.
+- Console Server: One or more console servers for centralized access to the serial management ports of network and compute devices, supporting remote troubleshooting and maintenance.
+
+Specifications for each component may vary depending on performance requirements and vendor selection, but common features include support for high-speed interfaces (such as 100G QSFP28), redundant power supplies, and advanced network protocols (e.g., DMTF Redfish, VXLAN, EVPN).
+This general architecture is designed to provide scalable, resilient, and secure networking for control plane and data plane operations in bare metal and IaaS environments.
+
+A typical **compute pod** deployment is designed to deliver scalable, efficient, and manageable compute resources.
+These pods commonly consist of a set of servers, network switches, and management components that together provide the necessary performance, connectivity, and operational flexibility for a wide variety of workloads.
+- Compute Nodes: Usually between 8 and 32 servers per pod, each equipped with single- or dual-socket CPUs from leading manufacturers like Intel or AMD. These nodes often feature high core counts (ranging from 64 to 144 cores per socket), a substantial amount of RAM (256GB to 1TB per node), and fast local storage (such as NVMe SSDs) to support demanding applications. Single-socket configurations are preferred for lower power consumption and easier scaling, while dual-socket options are chosen for memory-intensive workloads.
+- Network Connectivity: High-speed network interfaces, such as 25G, 40G, or 100G Ethernet ports, are standard for east-west traffic between compute nodes and for uplink to the broader network. SmartNICs (like NVIDIA Bluefield or Mellanox ConnectX) are often deployed to offload network processing, improve bandwidth, and reduce latency, especially in environments focused on virtualization, high-performance computing (HPC), or large-scale cloud operations.
+- Top-of-Rack (ToR) Switches: Each pod typically includes two or more ToR switches. These switches aggregate traffic from the compute nodes and provide connections to the spine/leaf fabric of the data center for redundancy and high availability.
+- Management Switch: A dedicated management switch is used for out-of-band management connections, allowing secure and reliable access to server and network management interfaces.
+
+Support for standardized management protocols, such as DMTF Redfish, is recommended to provide vendor-agnostic, RESTful API-based hardware management.
+This ensures seamless integration with automation tools and reduces complexity.
+Compute pods are architected to be modular, allowing for easy expansion and maintenance.
+Power efficiency, density, and cooling requirements are key factors in hardware selection.
+Network topology is optimized for low latency and high bandwidth, supporting both control plane and data plane operations.
+
+## IronCore Hardware Specifications
+The Control Plane of IronCore consists typically of a single rack, holding management functionality for network, compute, and storage.
+
+For **networking** in a modern data center compute pod, a typical stack includes a combination of high-performance switches and dedicated management infrastructure to ensure robust connectivity, redundancy, and operational flexibility:
+- Spine Switches: Two or more high-throughput, low-latency switches (commonly 32-port or higher, supporting 100G Ethernet) serve as the backbone of the data center's leaf-spine architecture. These switches aggregate traffic from leaf switches and provide scalable bandwidth for east-west and north-south data flows. Popular models include those from vendors such as Edgecore, Arista, Cisco, or Juniper.
+- Leaf Switches: Two or more top-of-rack (ToR) switches (often matching the spine switch in hardware family and supporting 25G or 100G uplinks) connect directly to compute nodes. These switches aggregate server traffic and uplink to the spine for high availability and load balancing.
+- Out-of-Band (OOB) Management Stack: Dedicated OOB switches (both spine and leaf) and a console server provide secure, isolated management access to all infrastructure devices. OOB switches typically support a mix of 1G and 10G ports for management traffic, while the console server (from vendors like Perle, Opengear, or Lantronix) offers serial and network-based remote access to device consoles.
+- Router Servers: Can share specification with the servers used for general management services. One or more high-performance x86 servers equipped with modern multi-core CPUs (such as AMD EPYC or Intel Xeon), large memory (e.g., 192GB+), NVMe SSDs, and multiple high-speed network interfaces (such as three or more dual-port 100G Ethernet NICs). These servers are used for routing, network services, or as network function virtualization (NFV) hosts, and often include features like TPM modules and support for Redfish or similar management standards.
+
+This architecture ensures high throughput, redundancy, and a clear separation between production and management networks.
+All network hardware should support advanced features such as Layer 2/Layer 3 switching, network automation (via APIs like DMTF Redfish), and hardware-based security modules for trusted operations.
+The use of white-box or branded switches is common, with hardware selection driven by performance, compatibility, and support requirements.
+
+For **management services**, it is recommended to deploy a set of dedicated management servers with robust hardware configurations to ensure reliable performance, security, and scalability.
+A typical setup includes three or more management servers, each equipped with the following or equivalent specifications:
+- Multi-core server-grade processor (such as AMD EPYC or Intel Xeon) with at least 32 cores to handle management workloads and virtualization tasks.
+- Large memory capacity, typically 192GB RAM or higher, to support concurrent management operations and monitoring tools.
+- High-performance NVMe SSD storage, around 3TB or more, for fast boot times, logging, and management software storage.
+- Multiple high-speed network interfaces, such as dual-port 100G Ethernet adapters (e.g., Mellanox/ConnectX series), to ensure high availability and rapid management traffic handling.
+- Additional network connectivity through 10G SFP+ and 1G RJ45 ports for versatile management network integration and out-of-band access.
+- Hardware-based security features, including a TPM 2.0 module, for secure boot and trusted operations.
+- Support for advanced management standards like BMC with Redfish API, allowing for remote and automated management of server hardware.
+
+These management servers are typically deployed in a redundant configuration to provide high availability and are integrated with the broader out-of-band management stack, ensuring secure, isolated access to critical infrastructure devices.
+Hardware selection should be based on compatibility with existing systems, support for automation, and the ability to scale as operational needs grow.