Building blocks

Harmonized ecosystem.
Proven interoperability.

Every component exposes structured CRDs, emits unified OTel telemetry, and is designed to be managed by Specter. This is not a collection of tools. It is an integrated, AI-manageable ecosystem.

Lifecycle

One tool from bootstrap to day-2

Catalyst

Bootstrap, operate, evolve

Catalyst handles the full platform lifecycle. It provisions your initial cluster, manages day-2 operations, provides an Internal Developer Platform for your teams, and gives operators a Workflow Explorer for visibility into every reconciliation.

Bootstrap

  • Provisions infrastructure and K3s cluster
  • Deploys all platform components via GitOps
  • Exits cleanly — safe to remove

Day-2 operations

  • Cloud resources managed as Kubernetes CRDs
  • Continuous drift detection and reconciliation
  • Self-service via IDP templates
Building blocks

Functional layers of the platform

Security
TLS AutomationSecrets SyncSecrets VaultVuln ScanRuntime SecuritySupply Chain TrustSBOM & CVEPolicy EngineIAM
AI Hub
Model ServingServerlessLLM InferenceVector DBGraph DBEmbeddingsChat UIAI GuardrailsLLM ObservabilityLLM Gateway
Data & Integration
PostgreSQLMongoDB WireRedis CacheEvent StreamingAnalytics DBStream ProcessingWorkflow EngineCDCData LakehouseBI & DashboardsOpen Banking
Communication
Email ServerVideo & AudioWebRTC GWChat ProtocolPush Notify
GitOps & IaC
GitOps EngineGit ServerIaCCloud CRDs
Networking & Mesh
CNI & MeshL7 ProxyWAFDNS SyncGSLBReverse TunnelMesh VPNIPsec Gateway
Scaling & Resilience
Vertical ScalingEvent ScalingConfig ReloadHA Orchestration
Storage & Registry
Object StorageBackup & RestoreContainer Registry
AIOps
AIOps BrainDashboardsTelemetry AgentLog AggregationMetrics StoreDistributed TracingInstrumentationSearch & AnalyticsChaos EngineeringUsage Metering
Bootstrap & Lifecycle
Initial SetupDay-2 Operations
Kubernetes (K3s)
Huawei Cloud
AWS
Oracle OCI
Hetzner
Components

All components

56 components
OpenTofu

Bootstrap IaC (MPL 2.0)

Infrastructure
Crossplane

Day-2 cloud resource provisioning

Infrastructure
Cilium

CNI + Service Mesh (eBPF, mTLS, L7)

Networking & Service Mesh
Envoy

L7 proxy (embedded in Cilium)

Networking & Service Mesh
Coraza

WAF (OWASP CRS)

Networking & Service Mesh
ExternalDNS

DNS sync to provider

Networking & Service Mesh
k8gb

GSLB (authoritative DNS)

Networking & Service Mesh
Flux

GitOps engine

GitOps & Git
Gitea

Internal Git + CI/CD

GitOps & Git
cert-manager

TLS certificates

Security
External Secrets

Secrets operator

Security
OpenBao

Secrets backend (per cluster, MPL 2.0)

Security
Trivy

Security scanning

Security
Falco

Runtime security (eBPF)

Security
Sigstore

Container image signing + verification

Supply Chain
Syft + Grype

SBOM generation + vulnerability matching

Supply Chain
Kyverno

Policy engine (validation, mutation, generation)

Policy
VPA

Vertical autoscaling

Scaling
KEDA

Event-driven horizontal autoscaling

Scaling
Reloader

Auto-restart on ConfigMap/Secret changes

Operations
Grafana Stack

Alloy, Loki, Mimir, Tempo, Grafana

Observability
OpenTelemetry

Application tracing (auto-instrumentation)

Observability
OpenSearch

Hot SIEM backend

Observability
Harbor

Container/artifact registry

Registry
MinIO

Object storage

Storage
Velero

Backup/restore

Storage
Continuum

Continuous availability orchestration

Failover
CNPG

PostgreSQL operator

Data Services
FerretDB

MongoDB wire protocol on PostgreSQL

Data Services
Strimzi

Apache Kafka streaming

Data Services
Valkey

Redis-compatible cache

Data Services
ClickHouse

OLAP analytics

Data Services
Stalwart

Email server (JMAP/IMAP/SMTP)

Communication
STUNner

K8s-native TURN/STUN (WebRTC)

Communication
LiveKit

Video/audio (WebRTC SFU)

Communication
Matrix

Team chat (federation)

Communication
Ntfy

Push notifications (HTTP/SSE/WebSocket)

Communication
Temporal

Saga orchestration

Workflow & Processing
Flink

Stream + batch processing

Workflow & Processing
Debezium

Change data capture (CDC)

Workflow & Processing
Iceberg

Open table format (data lakehouse)

Analytics
Superset

BI dashboards and data exploration

Analytics
KServe

Model serving

AI / ML
Knative

Serverless platform

AI / ML
vLLM

LLM inference

AI / ML
Milvus

Vector database

AI / ML
Neo4j

Graph database

AI / ML
LibreChat

Chat UI

AI / ML
BGE

Embeddings + reranking

AI / ML
LLM Gateway

Subscription proxy for Claude Code

AI / ML
Anthropic Adapter

OpenAI-to-Anthropic translation

AI / ML
NeMo Guardrails

AI safety firewall

AI Safety & Observability
LangFuse

LLM observability (traces, cost, eval)

AI Safety & Observability
Keycloak

FAPI Authorization Server

Identity & Monetization
OpenMeter

Usage metering

Identity & Monetization
Litmus Chaos

Chaos engineering experiments

Operations
Specter

The AI brain of the platform

Specter has pre-built semantic knowledge of every CRD schema, integration dependency, failure mode, health check, upgrade path, and compliance mapping across every component. It doesn’t dump logs into an LLM. It sends surgical, structured context.

DevOps Agent

Drift detection, resource optimization, scaling recommendations, deployment validation

DevSecOps Agent

CVE scanning, policy compliance, security posture assessment, vulnerability remediation

SRE Agent

Incident correlation, root cause analysis, auto-remediation, runbook execution

FinOps Agent

Cost anomaly detection, right-sizing, waste elimination, capacity forecasting

Compliance Agent

Continuous audit, evidence collection, report generation, regulatory mapping

AI Ops Agent

LLM inference monitoring, model drift detection, GPU utilization, AI safety policy enforcement

Multi-region

Built for disaster recovery

Independent clusters

  • 2 regions recommended (1 allowed)
  • NOT stretched clusters — independent and resilient
  • k8gb authoritative DNS for GSLB
  • Split-brain protection via external DNS witnesses

Data replication

PostgreSQL (CNPG) WAL streaming
Kafka (Strimzi) MirrorMaker2
Valkey REPLICAOF
Git (Gitea) Bidirectional mirror
Registry (Harbor) Replication
Secrets (OpenBao) PushSecrets via ESO

See it in action

Production-grade, deployed instantly.

Talk to us