Release 2.2.1

Adding proposed NVIDIA co-author
Co-authored-by: Andreas Schlosser <[email protected]>
Co-authored-by: Darren Hague <[email protected]>
Co-authored-by: Erwin Margewitsch <[email protected]>
Co-authored-by: Florian Mueller <[email protected]>
Co-authored-by: Florian Müller <[email protected]>
Co-authored-by: Florian Wilhelm <[email protected]>
Co-authored-by: Marc Vornetran <[email protected]>
Co-authored-by: Marco Skradde <[email protected]>
Co-authored-by: Maximilian Lenkeit <[email protected]>
Co-authored-by: Maximilian Lenkeit <[email protected]>Co-authored-by: Vasu Chandrasekhara <[email protected]>
Co-authored-by: Nele Hornbostel <[email protected]>
Co-authored-by: Niclas Moldenhauer <[email protected]>
Co-authored-by: Pavel Pavlov <[email protected]>
Co-authored-by: Pavel Pavlov <[email protected]>
Co-authored-by: Simon Olander <[email protected]>
Co-authored-by: Vasu Chandrasekhara <[email protected]>
Co-authored-by: apeirora-service-user[bot] <138167+apeirora-service-user[bot]@users.noreply.github.tools.sap>
Co-authored-by: hyperspace-insights[bot] <106787+hyperspace-insights[bot]@users.noreply.github.tools.sap>
Co-authored-by: klocke-io <[email protected]>
Co-authored-by: mskradde <[email protected]>
Co-authored-by: mskradde <[email protected]>
Co-authored-by: ospo-renovate[bot] <40221+ospo-renovate[bot]@users.noreply.github.tools.sap>
Co-authored-by: rfranzke <[email protected]>

Author: 19 people

.github/workflows/gh-pages.yml

@@ -15,7 +15,7 @@ jobs:
       - uses: actions/checkout@v5
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version: 18
           cache: npm

.vitepress/components/Figure.vue

@@ -14,7 +14,7 @@ const hrefVal = computed(() => props.href ? withBase(props.href) : '')
     <a v-if="hrefVal" :href="hrefVal" target="_blank" rel="noopener noreferrer">
       <img :src="srcVal" :alt="altVal" />
     </a>
-    <img v-else :src="srcVal" :alt="altVal" />
+    <img v-else :src="srcVal" :alt="altVal" :width="width" />
     <figcaption>
       {{ captionVal }}
       <div class="source" v-if="sourceLink">

.vitepress/theme/blog-sidebar.ts

@@ -1,6 +1,8 @@
 import { generateSidebar } from 'vitepress-sidebar';
 import { SidebarItem } from 'vitepress-sidebar/types';
 import { getBlogDate, rewriteBlogPath } from '../util/blog';
+import matter from 'gray-matter';
+import { readFileSync } from 'fs';
 
 export const blogSidebarConfig = {
     documentRootPath: '/',
@@ -19,13 +21,19 @@ export default function blogSidebar () {
   const blogPostItems: SidebarItem[] = generatedSidebar['/blog/'].items
   const byYear = blogPostItems
     .map(it => {
+        const filepath = `./blog/${it.link}${it.link?.endsWith('.md') ? '' : '.md'}`
+        const contents = readFileSync(filepath, 'utf-8');
+        const { data } = matter(contents);
       return {
         ...it,
         link: rewriteBlogPath('/blog/' + it.link),
+        __filepath: filepath,
+        __frontmatter: data,
         __date: getBlogDate(it.link!)
       }
     })
     .filter(it => !!it.__date)
+    .filter(it => it.__frontmatter.published !== false)
     .sort((a, b) => {
       // sort descending by date
       return a.__date! < b.__date! ? 1 : -1

apeiro-terms.json

@@ -282,5 +282,9 @@
     },
     "Unified Metadata Service": {
         "alias": "ums"
+    },
+    "audit relevant logs": {
+        "description": "Audit Logging and Audit Relevant Logs are usually system-generated logs of security-related events or user actions. These often contains data that can be crucial for maintaining system integrity, compliance or investigating malicious activity. For example, logs emitted on write-operations to sensitive files, login attempts or delete-operations made on a system.",
+        "url": "/docs/best-practices/observability"
     }
 }

blog/2025-03-25-kcp-multi-tenant-control-planes.md

@@ -73,7 +73,7 @@ The paradigm shift is clear: **move from managing fleets of clusters to managing
 
 [^1]: [Enterprises To Adopt Composable Platforms For Flexibility In 2025 | Predictions by Mirantis](https://tfir.io/enterprises-to-adopt-composable-platforms-for-flexibility-in-2025-predictions-by-mirantis/) by Stephen Frassetti, Mirantis
 
-[^2]: [Crossplane: The cloud native control plane framework](https://www.crossplane.io/#:~:text=Upbound%20built%20Crossplane%20to%20help,to%20become%20an%20infrastructure%20expert)
+[^2]: [Crossplane: The cloud-native control plane framework](https://www.crossplane.io/#:~:text=Upbound%20built%20Crossplane%20to%20help,to%20become%20an%20infrastructure%20expert)
 
 [^3]: [Kubernetes CRDs = Huge Pain In Multi-Tenant Clusters](https://www.loft.sh/blog/kubernetes-crds-huge-pain-in-multi-tenant-clusters#:~:text=Compared%20to%20managing%20multiple%2C%20individual,managing%20individual%20clusters%20become%20more) by Volodymyr Grin
 

blog/2025-07-07-from-desired-state-to-the-status-of-a-resource.md

@@ -189,7 +189,7 @@ Even in the straight assignment case, you may want the controller to be highly a
 
 This opens up the question about the limits of scalability of a single, active controller instance. How much reconciliation work can one instance coordinate in parallel? How much memory is and how many threads are feasible?
 
-At cloud scale, you may want to distribute the required reconciliation work across multiple, simultaneously active controller instances. The following paper describes an approach that allows scaling horizontally without sacrificing availability or performance: [Horizontally Scalable Kubernetes Controllers](https://github.com/timebertt/masters-thesis-controller-sharding/releases/download/v1.0/Horizontally_Scalable_Kubernetes_Controllers.pdf)
+At cloud scale, you may want to distribute the required reconciliation work across multiple, simultaneously active controller instances. The following paper describes an approach that allows scaling horizontally without sacrificing availability or performance: [Horizontally Scalable Kubernetes Controllers](https://github.com/timebertt/kubernetes-controller-sharding) (or Kubernetes Controller Sharding). 
 :::
 
 The only other way to circumvent this synchronization is to establish a formal partitioning of the resource set. This leads to the next archetype: environment sharding.

blog/2025-08-07-kubernetes-api-server-and-controller-archetypes.md

@@ -2,6 +2,21 @@
 title: Changelog
 ---
 
+## v2.2.0 (2025-10-13)
+
+**New content**
+
+- [Konfidence](./docs/best-practices/lcm/konfidence/index.md) - software delivery framework for microservice-based software-as-a-service (SaaS) in Apeiro
+- [Gardener](./docs/best-practices/multi-cluster-federation/managed-kubernetes-as-a-service.md) - Kubernetes-as-a-Service in Apeiro
+- [Operating Systems](./docs/best-practices/operating-system/index.md) - modern cloud-native operating systems such as Garden Linux in Apeiro
+- [Baremetal](./docs/best-practices/baremetal/index.md) - control plane capable for managing the entire physical lifecycle of hardware resource
+- [Data and Control Plane State](./docs/best-practices/control-planes/data-and-control-plane-state.md) - about the role of state in Kubernetes data and control planes
+
+**Updated content**
+
+- [Architecture Overview](./docs/architecture/index.md) - link to Konfidence, Gardener, Garden Linux, and Baremetal
+- [Observability](./docs/best-practices/observability/index.md) - explanation of different observability signals
+
 ## v2.1.0 (2025-08-25)
 
 - Blog post: Garden Linux: Enabling AI on Kubernetes with NVIDIA GPUs

changelog.md

@@ -282,5 +282,9 @@
     },
     "Unified Metadata Service": {
         "alias": "ums"
+    },
+    "audit relevant logs": {
+        "description": "Audit Logging and Audit Relevant Logs are usually system-generated logs of security-related events or user actions. These often contains data that can be crucial for maintaining system integrity, compliance or investigating malicious activity. For example, logs emitted on write-operations to sensitive files, login attempts or delete-operations made on a system.",
+        "url": "/:version/best-practices/observability"
     }
 }

docs/apeiro-terms.json

@@ -25,28 +25,29 @@ Apeiro conceptually pursues a _declarative approach_ across its components, just
 
 - **[Data Fabric](./../best-practices/data-fabric/index.md)** provides standards and tooling for decentralized self-describing of application resources leading to a mesh architecture.
 
-- **Konfidence** is the software development and release framework of Apeiro for microservice-based SaaS applications. It comes with support for ring deployments, feature toggle management and a delivery process, all based on best practices from the CNCF landscape[^cncf-landscape].
+- **[Konfidence](./../best-practices/lcm/konfidence/index.md)** is the software delivery framework of Apeiro for microservice-based SaaS applications. It comes with support for ring deployments, feature toggle management and a delivery process, all based on best practices from the CNCF landscape[^cncf-landscape].
 
     _Note that additional information will be added in the future._
 
-- **Kubernetes** is the layer in Apeiro for hosting your cloud native workloads. Note that this is vanilla Kubernetes.
+- **Kubernetes** is the layer in Apeiro for hosting your cloud-native workloads. Note that this is vanilla Kubernetes.
 
-- **Gardener** provides managed Kubernetes-as-a-Service in Apeiro across infrastructure providers. It will come with support for IronCore and CobaltCore out of the box and be extended for additional IaaS stacks.
+- **[Gardener](./../best-practices//multi-cluster-federation/managed-kubernetes-as-a-service.md)** provides managed Kubernetes-as-a-Service in Apeiro across infrastructure providers. It will come with support for IronCore and CobaltCore out of the box and be extended for additional IaaS stacks.
+
+    Gardener-managed Kubernetes nodes use **[Garden Linux](./../best-practices/operating-system/index.md)** - a small, reproducible and auditable Linux image based on Debian GNU/Linux with a focus on Linux containers and virtual machines.
 
     _Note that additional information will be added in the future._
 
 - **IronCore and CobaltCore** are two infrastructure flavors of Apeiro that provide compute, network, and storage. While CobaltCore exposes an OpenStack-compatible API, IronCore comes with a declarative Kubernetes-style interface.
 
     _Note that additional information will be added in the future._
 
-- **Bare Metal Automation** provides functionality to manage bare metal infrastructure in Apeiro through Kubernetes principles. By leveraging Baseboard Management Controllers (BMCs) and the [Redfish API](https://www.dmtf.org/standards/redfish), it enables streamlined and automated server discovery, provisioning, and lifecycle management.
+- **[Bare Metal Automation](./../best-practices/baremetal/index.md)** provides functionality to manage bare metal infrastructure in Apeiro through Kubernetes principles. By leveraging Baseboard Management Controllers (BMCs) and the [Redfish API](https://www.dmtf.org/standards/redfish), it enables streamlined and automated server discovery, provisioning, and lifecycle management.
 
     _Note that additional information will be added in the future._
 
-
 ## Cross Cutting Concerns
 
-- **[Lifecycle Tooling](./../best-practices/lcm/index.md)** based on cloud native principles is considered essential by Apeiro in order to managing software lifecycle at scale.
+- **[Lifecycle Tooling](./../best-practices/lcm/index.md)** based on cloud-native principles is considered essential by Apeiro in order to managing software lifecycle at scale.
 
 - **[Security & Compliance](./../best-practices/security/index.md)** are built into Apeiro across the different layers.