[{"data":1,"prerenderedAt":955},["ShallowReactive",2],{"\u002Fblog":3},[4,782],{"id":5,"title":6,"authors":7,"badge":13,"body":15,"date":767,"description":768,"extension":769,"image":770,"meta":772,"navigation":202,"path":773,"seo":774,"stem":775,"tags":776,"__hash__":781},"posts\u002F3.blog\u002F2.implement-on-open-standards.md","Alpha: Leveraging Open Standards for Edge Deployments",[8],{"name":9,"to":10,"avatar":11},"Mathieu Sabatier","https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fmathieu-s-b32630a4\u002F",{"src":12},"\u002Fblog\u002Fms.jpeg",{"label":14},"Platform Engineering",{"type":16,"value":17,"toc":761},"minimark",[18,28,31,34,37,40,45,48,58,61,520,524,527,649,652,655,658,661,665,668,678,737,740,744,747,750,757],[19,20,21,22,27],"p",{},"In our previous article, ",[23,24,26],"a",{"href":25},"\u002Fblog\u002Fbuilding-for-edge","Building for Real Edge Deployments",", we outlined how a sound architecture for edge deployments must be built on three pillars: a unified system definition, reconciliation everywhere, and a unified telemetry.",[19,29,30],{},"While the principles are simple, building a secure, scalable, extensible platform that integrates into existing ecosystems is challenging. In practice, teams usually face two options.",[19,32,33],{},"One option is to buy a vendor-provided solution that relies on a proprietary Domain Specific Language (DSL) and opaque agents. Even though this can simplify initial deployments, it creates long-term liabilities because of vendor lock-in and talent friction. Indeed, one may be constrained by the vendors' choice such as feature depreciations or pricing updates.",[19,35,36],{},"The alternative is to build the platform in-house. It requires orchestrating more than ten distinct CNCF components. First, this complexity collides with the \"skill gap\". Edge workloads, being more specialized, exacerbate this challenge. Second, building and maintaining a secure, edge-capable control plane requires months of sustained investment from a team of seasoned engineers. Moreover, an incomplete solution can increase deployment time and introduce security gaps, resulting in increased engineering costs, a degraded developer experience, and customer dissatisfaction from delays and failed rollouts.",[19,38,39],{},"Alpha follows a third approach by offering a vendor-neutral solution built upon proven standards and designed for operational ease. First, blueprints are introduced and play an important part in avoiding vendor lock-in. Secondly, the rollout reliability is addressed by agents, continuously running target state reconciliation. Finally, in case of exit, the workload definition can safely be extracted.",[41,42,44],"h2",{"id":43},"unified-definition-one-file-instead-of-many","Unified definition: one file instead of many",[19,46,47],{},"The biggest friction in edge computing is fragmentation. For instance, in the case of a quality control system in an industrial context, to deploy the solution in a single factory, engineering and operations teams must manage multiple, disconnected files: a set of Kubernetes manifests for the containerized workloads, Systemd units for the various firmware components and drivers, Terraform scripts for the cloud infrastructure, and custom glue scripts.",[19,49,50,51,57],{},"To unify the system definition and still provide a solid developer experience, we leverage ",[23,52,56],{"href":53,"rel":54},"https:\u002F\u002Fkro.run\u002F",[55],"nofollow","Kro",". This Kubernetes community project is gaining traction as a standard approach. Using Alpha, platform engineers define the entire solution as a single composite resource: the Blueprint. The system definition is established for all teams - engineering, operations, and security - and reused consistently across deployments. Blueprints rely on standard Kubernetes manifests rather than a proprietary DSL, allowing existing workloads and team practices to remain unchanged. For platform teams, managing an edge site becomes comparable to managing a cloud microservice: a single definition is authored, then the controller handles expansion and distribution to the appropriate resources.",[19,59,60],{},"Continuing with the previous example of the quality inspection system, below is an example Blueprint definition that unifies a deployment, a Systemd Service (the driver), and a cloud resource (Pub\u002FSub) into one schema.",[62,63,68],"pre",{"className":64,"code":65,"language":66,"meta":67,"style":67},"language-yaml shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","apiVersion: start-alpha.io\u002Fv1alpha1\nkind: Blueprint\nmetadata:\n  name: quality-inspection\nspec:\n  schema:\n    apiVersion: v1alpha1\n    kind: QualityInspection\n    spec:\n      name: string\n      image: string\n      replicas: integer | default=3\n\n  resources:\n    - id: deployment\n      template:\n        apiVersion: apps\u002Fv1\n        kind: Deployment\n        metadata:\n          name: ${schema.spec.name}\n        spec:\n          replicas: ${schema.spec.replicas}\n          template:\n            spec:\n              containers:\n                - name: inference\n                  image: ${schema.spec.image}\n\n    - id: cloud\n      template:\n        apiVersion: pubsub.cnrm.cloud.google.com\u002Fv1beta1\n        kind: PubSubTopic\n        metadata:\n          name: ${schema.spec.name}-topic\n\n    - id: driver\n      template:\n        apiVersion: compute.start-alpha.io\u002Fv1alpha1\n        kind: SystemdService\n        metadata:\n          name: ${schema.spec.name}-driver\n        spec:\n          unit: |\n            [Unit]\n            Description=Camera Driver\n            After=network.target\n            [Service]\n            ExecStart=\u002Fusr\u002Fbin\u002Fdriver --daemon\n            Restart=always\n","yaml","",[69,70,71,88,99,108,119,127,135,146,157,165,176,186,197,204,212,226,234,245,256,264,275,283,294,302,310,318,332,343,348,360,367,377,387,394,404,409,421,428,438,448,455,465,472,484,490,496,502,508,514],"code",{"__ignoreMap":67},[72,73,76,80,84],"span",{"class":74,"line":75},"line",1,[72,77,79],{"class":78},"swJcz","apiVersion",[72,81,83],{"class":82},"sMK4o",":",[72,85,87],{"class":86},"sfazB"," start-alpha.io\u002Fv1alpha1\n",[72,89,91,94,96],{"class":74,"line":90},2,[72,92,93],{"class":78},"kind",[72,95,83],{"class":82},[72,97,98],{"class":86}," Blueprint\n",[72,100,102,105],{"class":74,"line":101},3,[72,103,104],{"class":78},"metadata",[72,106,107],{"class":82},":\n",[72,109,111,114,116],{"class":74,"line":110},4,[72,112,113],{"class":78},"  name",[72,115,83],{"class":82},[72,117,118],{"class":86}," quality-inspection\n",[72,120,122,125],{"class":74,"line":121},5,[72,123,124],{"class":78},"spec",[72,126,107],{"class":82},[72,128,130,133],{"class":74,"line":129},6,[72,131,132],{"class":78},"  schema",[72,134,107],{"class":82},[72,136,138,141,143],{"class":74,"line":137},7,[72,139,140],{"class":78},"    apiVersion",[72,142,83],{"class":82},[72,144,145],{"class":86}," v1alpha1\n",[72,147,149,152,154],{"class":74,"line":148},8,[72,150,151],{"class":78},"    kind",[72,153,83],{"class":82},[72,155,156],{"class":86}," QualityInspection\n",[72,158,160,163],{"class":74,"line":159},9,[72,161,162],{"class":78},"    spec",[72,164,107],{"class":82},[72,166,168,171,173],{"class":74,"line":167},10,[72,169,170],{"class":78},"      name",[72,172,83],{"class":82},[72,174,175],{"class":86}," string\n",[72,177,179,182,184],{"class":74,"line":178},11,[72,180,181],{"class":78},"      image",[72,183,83],{"class":82},[72,185,175],{"class":86},[72,187,189,192,194],{"class":74,"line":188},12,[72,190,191],{"class":78},"      replicas",[72,193,83],{"class":82},[72,195,196],{"class":86}," integer | default=3\n",[72,198,200],{"class":74,"line":199},13,[72,201,203],{"emptyLinePlaceholder":202},true,"\n",[72,205,207,210],{"class":74,"line":206},14,[72,208,209],{"class":78},"  resources",[72,211,107],{"class":82},[72,213,215,218,221,223],{"class":74,"line":214},15,[72,216,217],{"class":82},"    -",[72,219,220],{"class":78}," id",[72,222,83],{"class":82},[72,224,225],{"class":86}," deployment\n",[72,227,229,232],{"class":74,"line":228},16,[72,230,231],{"class":78},"      template",[72,233,107],{"class":82},[72,235,237,240,242],{"class":74,"line":236},17,[72,238,239],{"class":78},"        apiVersion",[72,241,83],{"class":82},[72,243,244],{"class":86}," apps\u002Fv1\n",[72,246,248,251,253],{"class":74,"line":247},18,[72,249,250],{"class":78},"        kind",[72,252,83],{"class":82},[72,254,255],{"class":86}," Deployment\n",[72,257,259,262],{"class":74,"line":258},19,[72,260,261],{"class":78},"        metadata",[72,263,107],{"class":82},[72,265,267,270,272],{"class":74,"line":266},20,[72,268,269],{"class":78},"          name",[72,271,83],{"class":82},[72,273,274],{"class":86}," ${schema.spec.name}\n",[72,276,278,281],{"class":74,"line":277},21,[72,279,280],{"class":78},"        spec",[72,282,107],{"class":82},[72,284,286,289,291],{"class":74,"line":285},22,[72,287,288],{"class":78},"          replicas",[72,290,83],{"class":82},[72,292,293],{"class":86}," ${schema.spec.replicas}\n",[72,295,297,300],{"class":74,"line":296},23,[72,298,299],{"class":78},"          template",[72,301,107],{"class":82},[72,303,305,308],{"class":74,"line":304},24,[72,306,307],{"class":78},"            spec",[72,309,107],{"class":82},[72,311,313,316],{"class":74,"line":312},25,[72,314,315],{"class":78},"              containers",[72,317,107],{"class":82},[72,319,321,324,327,329],{"class":74,"line":320},26,[72,322,323],{"class":82},"                -",[72,325,326],{"class":78}," name",[72,328,83],{"class":82},[72,330,331],{"class":86}," inference\n",[72,333,335,338,340],{"class":74,"line":334},27,[72,336,337],{"class":78},"                  image",[72,339,83],{"class":82},[72,341,342],{"class":86}," ${schema.spec.image}\n",[72,344,346],{"class":74,"line":345},28,[72,347,203],{"emptyLinePlaceholder":202},[72,349,351,353,355,357],{"class":74,"line":350},29,[72,352,217],{"class":82},[72,354,220],{"class":78},[72,356,83],{"class":82},[72,358,359],{"class":86}," cloud\n",[72,361,363,365],{"class":74,"line":362},30,[72,364,231],{"class":78},[72,366,107],{"class":82},[72,368,370,372,374],{"class":74,"line":369},31,[72,371,239],{"class":78},[72,373,83],{"class":82},[72,375,376],{"class":86}," pubsub.cnrm.cloud.google.com\u002Fv1beta1\n",[72,378,380,382,384],{"class":74,"line":379},32,[72,381,250],{"class":78},[72,383,83],{"class":82},[72,385,386],{"class":86}," PubSubTopic\n",[72,388,390,392],{"class":74,"line":389},33,[72,391,261],{"class":78},[72,393,107],{"class":82},[72,395,397,399,401],{"class":74,"line":396},34,[72,398,269],{"class":78},[72,400,83],{"class":82},[72,402,403],{"class":86}," ${schema.spec.name}-topic\n",[72,405,407],{"class":74,"line":406},35,[72,408,203],{"emptyLinePlaceholder":202},[72,410,412,414,416,418],{"class":74,"line":411},36,[72,413,217],{"class":82},[72,415,220],{"class":78},[72,417,83],{"class":82},[72,419,420],{"class":86}," driver\n",[72,422,424,426],{"class":74,"line":423},37,[72,425,231],{"class":78},[72,427,107],{"class":82},[72,429,431,433,435],{"class":74,"line":430},38,[72,432,239],{"class":78},[72,434,83],{"class":82},[72,436,437],{"class":86}," compute.start-alpha.io\u002Fv1alpha1\n",[72,439,441,443,445],{"class":74,"line":440},39,[72,442,250],{"class":78},[72,444,83],{"class":82},[72,446,447],{"class":86}," SystemdService\n",[72,449,451,453],{"class":74,"line":450},40,[72,452,261],{"class":78},[72,454,107],{"class":82},[72,456,458,460,462],{"class":74,"line":457},41,[72,459,269],{"class":78},[72,461,83],{"class":82},[72,463,464],{"class":86}," ${schema.spec.name}-driver\n",[72,466,468,470],{"class":74,"line":467},42,[72,469,280],{"class":78},[72,471,107],{"class":82},[72,473,475,478,480],{"class":74,"line":474},43,[72,476,477],{"class":78},"          unit",[72,479,83],{"class":82},[72,481,483],{"class":482},"s7zQu"," |\n",[72,485,487],{"class":74,"line":486},44,[72,488,489],{"class":86},"            [Unit]\n",[72,491,493],{"class":74,"line":492},45,[72,494,495],{"class":86},"            Description=Camera Driver\n",[72,497,499],{"class":74,"line":498},46,[72,500,501],{"class":86},"            After=network.target\n",[72,503,505],{"class":74,"line":504},47,[72,506,507],{"class":86},"            [Service]\n",[72,509,511],{"class":74,"line":510},48,[72,512,513],{"class":86},"            ExecStart=\u002Fusr\u002Fbin\u002Fdriver --daemon\n",[72,515,517],{"class":74,"line":516},49,[72,518,519],{"class":86},"            Restart=always\n",[41,521,523],{"id":522},"reconciliation-everywhere","Reconciliation everywhere",[19,525,526],{},"Blueprints capture workload definitions, but also where those workloads are intended to run. For the same example of the solution quality control system, provisioning it for the Western European plants requires just a few lines:",[62,528,530],{"className":64,"code":529,"language":66,"meta":67,"style":67},"apiVersion: v1alpha1\nkind: QualityInspection\nspec:\n  name: west-europe\n  image: my-organization\u002Fquality-system\u002Fvariant-A:1.0.0\n  replicas: 2\n  placement:\n    fieldSelector:\n      matchExpressions:\n      - key: zone\n        operator: In\n        values: [\"west-europe\"]\n",[69,531,532,540,548,554,563,573,584,591,598,605,618,628],{"__ignoreMap":67},[72,533,534,536,538],{"class":74,"line":75},[72,535,79],{"class":78},[72,537,83],{"class":82},[72,539,145],{"class":86},[72,541,542,544,546],{"class":74,"line":90},[72,543,93],{"class":78},[72,545,83],{"class":82},[72,547,156],{"class":86},[72,549,550,552],{"class":74,"line":101},[72,551,124],{"class":78},[72,553,107],{"class":82},[72,555,556,558,560],{"class":74,"line":110},[72,557,113],{"class":78},[72,559,83],{"class":82},[72,561,562],{"class":86}," west-europe\n",[72,564,565,568,570],{"class":74,"line":121},[72,566,567],{"class":78},"  image",[72,569,83],{"class":82},[72,571,572],{"class":86}," my-organization\u002Fquality-system\u002Fvariant-A:1.0.0\n",[72,574,575,578,580],{"class":74,"line":129},[72,576,577],{"class":78},"  replicas",[72,579,83],{"class":82},[72,581,583],{"class":582},"sbssI"," 2\n",[72,585,586,589],{"class":74,"line":137},[72,587,588],{"class":78},"  placement",[72,590,107],{"class":82},[72,592,593,596],{"class":74,"line":148},[72,594,595],{"class":78},"    fieldSelector",[72,597,107],{"class":82},[72,599,600,603],{"class":74,"line":159},[72,601,602],{"class":78},"      matchExpressions",[72,604,107],{"class":82},[72,606,607,610,613,615],{"class":74,"line":167},[72,608,609],{"class":82},"      -",[72,611,612],{"class":78}," key",[72,614,83],{"class":82},[72,616,617],{"class":86}," zone\n",[72,619,620,623,625],{"class":74,"line":178},[72,621,622],{"class":78},"        operator",[72,624,83],{"class":82},[72,626,627],{"class":86}," In\n",[72,629,630,633,635,638,641,644,646],{"class":74,"line":188},[72,631,632],{"class":78},"        values",[72,634,83],{"class":82},[72,636,637],{"class":82}," [",[72,639,640],{"class":82},"\"",[72,642,643],{"class":86},"west-europe",[72,645,640],{"class":82},[72,647,648],{"class":82},"]\n",[19,650,651],{},"Instead of a proprietary targeting engine, Kubernetes selectors are used. The placement section is then a standard, readable field within the Blueprint.",[19,653,654],{},"Once provisioned, the Alpha control plane handles the projection of the blueprint and prepares the required elements for the rollout. This is where this model diverges from traditional CI\u002FCD \"push\" models. Responsibility instead lies with the agents, which regularly poll for new target state definitions and ensure that the solution is deployed and remains healthy.",[19,656,657],{},"Because agents record the latest known target state, resilience is ensured by design. This shift from centralized orchestration to distributed reconciliation enables the implementation of a self-stabilizing system. These are the same principles that power Kubernetes itself.",[19,659,660],{},"Agents are autonomous components, continuously reconciling, even if entirely offline and disconnected. Assessing rollout success, however, remains challenging. The workload fragmentation increases the challenge to clearly identify healthy solutions. To address the challenge of assessing rollout success, Alpha relies on the OpenTelemetry standard. Since all workloads are able to emit OTel signals, the agent can aggregate and process these signals locally to compute a unified view of system health. Combined with the agent's ability to act autonomously, this approach significantly reduces mean time to repair (MTTR) at the edge.",[41,662,664],{"id":663},"the-exit-strategy-ensuring-portability-and-reversibility","The exit strategy: ensuring portability and reversibility",[19,666,667],{},"For CTOs adopting a new platform, the exit scenario is an important question. What happens if we leave Alpha? Do we lose our infrastructure? With proprietary platforms, keeping the developed logic when leaving is not insured. Because Alpha is built on open standards, it provides a standardized eject strategy. Since the Blueprint is just a composite definition of standard resources, it can always be \"unzipped\".",[19,669,670,671,674,675,677],{},"In practice, an ",[69,672,673],{},"eject"," command is available in the CLI. For instance, in the case of the previous deployment, the ",[69,676,673],{}," command generates a file for each component and each active deployment:",[62,679,683],{"className":680,"code":681,"language":682,"meta":67,"style":67},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","$ alphactl blueprint eject --blueprint quality-system.yaml --output-dir .\u002Fexit-plan\n\n# Output Created:\n# .\u002Fexit-plan\u002Fwest-europe\u002Fdeployment.yaml      (Kubernetes Manifest)\n# .\u002Fexit-plan\u002Fwest-europe\u002Fotel-config.yaml     (OpenTelemetry Collector Config)\n# .\u002Fexit-plan\u002Fwest-europe\u002Fcamera-driver.unit   (Systemd Unit)\n","bash",[69,684,685,712,716,722,727,732],{"__ignoreMap":67},[72,686,687,691,694,697,700,703,706,709],{"class":74,"line":75},[72,688,690],{"class":689},"sBMFI","$",[72,692,693],{"class":86}," alphactl",[72,695,696],{"class":86}," blueprint",[72,698,699],{"class":86}," eject",[72,701,702],{"class":86}," --blueprint",[72,704,705],{"class":86}," quality-system.yaml",[72,707,708],{"class":86}," --output-dir",[72,710,711],{"class":86}," .\u002Fexit-plan\n",[72,713,714],{"class":74,"line":90},[72,715,203],{"emptyLinePlaceholder":202},[72,717,718],{"class":74,"line":101},[72,719,721],{"class":720},"sHwdD","# Output Created:\n",[72,723,724],{"class":74,"line":110},[72,725,726],{"class":720},"# .\u002Fexit-plan\u002Fwest-europe\u002Fdeployment.yaml      (Kubernetes Manifest)\n",[72,728,729],{"class":74,"line":121},[72,730,731],{"class":720},"# .\u002Fexit-plan\u002Fwest-europe\u002Fotel-config.yaml     (OpenTelemetry Collector Config)\n",[72,733,734],{"class":74,"line":129},[72,735,736],{"class":720},"# .\u002Fexit-plan\u002Fwest-europe\u002Fcamera-driver.unit   (Systemd Unit)\n",[19,738,739],{},"The single Blueprint file thus becomes multiple standard files. The convenience of the Alpha controller is lost, but infrastructure definitions are kept. You are then able to distribute them to your Kubernetes clusters and VMs, orchestrate rollout, detect unhealthy situations and act upon them.",[41,741,743],{"id":742},"conclusion-reliability-with-extensibility","Conclusion: reliability with extensibility",[19,745,746],{},"In conclusion, Alpha is built upon Kubernetes, Kro, and OpenTelemetry, providing unified system definition with continuous reconciliation and consistent observability, while remaining a portable and extensible platform. This complete set of benefits makes Alpha uniquely valuable compared with traditional \"build\" and \"buy\" approaches.",[19,748,749],{},"Beyond its technical foundations, Alpha is designed to integrate into the full solution lifecycle. It streamlines workflows across design, deployment, and operations, reducing overall engineering time and effort.",[19,751,752,753],{},"If you are operating edge environments, we would love to help you build a reliable and secured platform for edge operations tailored to your needs and challenges, ",[23,754,756],{"href":755},"\u002Fcontact","so reach out to us!",[758,759,760],"style",{},"html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}",{"title":67,"searchDepth":90,"depth":90,"links":762},[763,764,765,766],{"id":43,"depth":90,"text":44},{"id":522,"depth":90,"text":523},{"id":663,"depth":90,"text":664},{"id":742,"depth":90,"text":743},"2025-12-28","How we use Kubernetes, Kro and OpenTelemetry to build an extensible platform engineering solution that fits into your existing ecosystem.","md",{"src":771},"\u002Fblog\u002F2-composable.png",{},"\u002Fblog\u002Fimplement-on-open-standards",{"title":6,"description":768},"3.blog\u002F2.implement-on-open-standards",[777,778,779,780],"kubernetes","opentelemetry","edge-computing","kro","37fpS8zRuWafuedNNt2q__J3tYxNTFPoLCTB4rUNwgM",{"id":783,"title":26,"authors":784,"badge":787,"body":789,"date":944,"description":945,"extension":769,"image":946,"meta":948,"navigation":202,"path":25,"seo":949,"stem":950,"tags":951,"__hash__":954},"posts\u002F3.blog\u002F1.building-for-edge.md",[785],{"name":9,"to":10,"avatar":786},{"src":12},{"label":788},"Edge Computing",{"type":16,"value":790,"toc":934},[791,794,797,800,803,807,810,813,816,855,859,862,865,868,872,875,880,883,889,892,895,900,904,907,912,916,919,922,925,928],[19,792,793],{},"We are witnessing a quiet shift in how infrastructure is built. For the last decade, the center of gravity was the Cloud. The goal was centralization: move everything to AWS, Azure, or GCP, and orchestrate it with Kubernetes.",[19,795,796],{},"In sectors like Energy, Transportation, Industrial Manufacturing and Retail, the pendulum is swinging back. The need for resilience against network failure, low latency and data sovereignty is forcing compute power back to the edge - into substations, factory floors or rolling stock.\nOnce these nodes are expected to host multiple workloads from different, increasingly intelligent systems, this is no longer \"edge computing\" in the traditional sense. It is fog computing: autonomous, multi-tenant, locally operated infrastructure acting as an extension of the cloud. Fog nodes are re-emerging not as a theoretical model, but as a structural requirement for operating large industrial fleets at scale.",[19,798,799],{},"However, the tooling we have today hasn't caught up, driving up the operational cost of edge solutions. We are currently trying to force-fit \"cloud native\" tools into environments that are fundamentally different from the data center of a hyperscaler.",[19,801,802],{},"We will first explore the unique realities and constraints of edge deployments, then define the three architectural pillars required for a reliable, enterprise-grade solution.",[41,804,806],{"id":805},"the-specific-architecture-of-the-edge","The specific architecture of the edge",[19,808,809],{},"First, let's contrast the architecture of the modern cloud with the demands of the edge.",[19,811,812],{},"The cloud's primary strength is its architectural homogeneity: a consistent landscape of containerized microservices, caches, and databases, managed by Kubernetes and distributed across regions.",[19,814,815],{},"In contrast, edge solutions are inherently diverse and operate in a mixed reality. A complete solution is not just a container, it is a wider system, requiring orchestration across several distinct layers. To deploy securely and reliably a simple application, an enterprise will need to consider :",[817,818,819,831,837,843,849],"ul",{},[820,821,822,826,827,830],"li",{},[823,824,825],"strong",{},"Workloads",": They can be of diverse forms, containerized or not. For instance: applications running in containers, C++ & Rust executables and legacy SCADA interfaces requiring ",[823,828,829],{},"direct hardware access"," - CAN bus, PLCs, ...",[820,832,833,836],{},[823,834,835],{},"Cloud dependencies",": The edge interacts with cloud resources that need to be provisioned, including for instance: S3 buckets for logs, Pub\u002FSub topics for telemetry, and IAM roles for identity.",[820,838,839,842],{},[823,840,841],{},"Device configuration",": the OS layer itself needs to be managed-network interfaces, firewall rules (UFW\u002FIPTables), and kernel modules.",[820,844,845,848],{},[823,846,847],{},"Cyber compliance",": security is not a \"day 2\" concern, and security posture often requires enforcing system-level policies-disk encryption, secure boot, SELinux\u002FAppArmor profiles.",[820,850,851,854],{},[823,852,853],{},"Observability",": metrics might come from Kubernetes pods, but also from systemd services, the hardware sensors (temperature, voltage) underneath and the network interfaces.",[41,856,858],{"id":857},"what-is-missing-in-the-tooling-landscape-for-edge-applications","What is missing in the tooling landscape for edge applications",[19,860,861],{},"The modern tooling works well for the cloud-native layer, despite being fragmented. The current offering could be summarized as two extremes, neither of which entirely solves the problem.",[19,863,864],{},"A first set of solutions are bespoke, and fragmented, leading to the \"script hell\" reality. Teams cobble together Bash scripts, Ansible playbooks, and manual SSH sessions. At scale, this approach becomes brittle: if - or more pragmatically when - a network connection drops during an update, devices are bricked, left in an inconsistent state. There is no unified state; just a collection of disconnected scripts. This 'script hell' creates a massive maintenance burden, effectively turning platform teams into glue-code maintainers.",[19,866,867],{},"Hyperscalers propose an alternative: on site, tethered extensions of their data centers - AWS Outposts, Google Anthos, Azure Stack. The edge is considered as a limb of the cloud brain. This model assumes constant connectivity ; offline is treated as an error state. But in a factory or on a ship, offline is the standard state. A fog node must be the autonomous brain for its local environment, capable of healing and operating indefinitely without a cloud heartbeat.",[41,869,871],{"id":870},"a-sound-solution-to-support-edge-deployments","A sound solution to support edge deployments",[19,873,874],{},"So, what should an edge computing platform look like? It isn't just \"better scripts\" or a \"cloud extension\". We believe three pillars define the foundation for a sound, scalable and reliable platform.",[876,877,879],"h3",{"id":878},"unified-system-definition","Unified System Definition",[19,881,882],{},"The system's target state must be explicitly defined. Current tools force you to manage the OS with Ansible, the Containers with Kubernetes, and the Cloud with Terraform. This is why teams spend weeks debugging issues that are actually OS drift, not application bugs. A sound solution requires a declarative - a Blueprint - definition that captures the entire state of the solution and its dependencies in a single view.",[19,884,885,888],{},[823,886,887],{},"The shift",": you define your AI model (containers), your camera driver (Systemd), your firewall rules (OS Config), and your S3 bucket (Cloud) in a unified view. If part of the definition changes, the corresponding part of the system adapts everywhere.",[876,890,891],{"id":522},"Reconciliation Everywhere",[19,893,894],{},"The edge is too fragile for \"push\" pipelines. Indeed, push-based automation follows a 'fire-and-forget' model, the final state for each individual system is hardly known. In contrast, a reconciliation loop enforces a \"ensure and repair\" logic. State is known, transition applied step by step.",[19,896,897,899],{},[823,898,887],{},": Edge nodes must run an intelligent agent that continuously pulls and reconciles against the system's target state: the blueprint. If a script fails or a config drifts (e.g., someone disables a firewall manually), the agent automatically reverts it to the safe state. Crucially, the reconciliation loop respects maintenance windows, to allow debugging manually during emergencies.",[876,901,903],{"id":902},"unified-telemetry","Unified Telemetry",[19,905,906],{},"We cannot afford to look at infrastructure components in isolation. A running container means nothing if the underlying hardware sensor is overheating.",[19,908,909,911],{},[823,910,887],{},": The platform must normalize signals across all layers-Systemd, Docker, and Hardware. It must calculate a global solution health as a product of all dependencies. If the hardware is hot, the agent detects the anomaly and can either alert or safely execute a defined remediation policy (e.g. graceful restart), preventing the 'flapping' that plagues naive automation.",[41,913,915],{"id":914},"conclusion","Conclusion",[19,917,918],{},"Edge is not a smaller version of the cloud. It is a fundamentally different environment, shaped by physical constraints, intermittent connectivity, and mixed execution models.",[19,920,921],{},"A robust edge deployment platform cannot rely on push-based automation, assume permanent connectivity, or tolerate observability blind spots. It must be autonomous by default, reconciliation-based as its core capability, enforcing policy, and assessing its own health locally.",[19,923,924],{},"This is the architectural direction we are taking with Alpha.",[19,926,927],{},"In the next post, we dive deep into how these principles translate into a concrete implementation, and why we deliberately built Alpha on open standards, so the platform remains transparent, interoperable, and never a black box.",[19,929,930,931],{},"If you are operating air-gapped or mixed runtime fleets at scale, we are onboarding a small number of design partners. ",[23,932,933],{"href":755},"Reach out to us!",{"title":67,"searchDepth":90,"depth":90,"links":935},[936,937,938,943],{"id":805,"depth":90,"text":806},{"id":857,"depth":90,"text":858},{"id":870,"depth":90,"text":871,"children":939},[940,941,942],{"id":878,"depth":101,"text":879},{"id":522,"depth":101,"text":891},{"id":902,"depth":101,"text":903},{"id":914,"depth":90,"text":915},"2025-12-22","Why the future of edge isn't just Kubernetes - it's a hybrid of containers, binaries, and air-gapped realities.",{"src":947},"\u002Fblog\u002F1-deployment.png",{},{"title":26,"description":945},"3.blog\u002F1.building-for-edge",[779,952,777,953],"fog-computing","infrastructure","FER0p-y1E_EWgkJXQSHXNJFCwMRT6ifZQc3g82CcRD8",1774389717391]