Fleet overview
23 products · 14 environments · 4 regions · airgap: 2
Fleet health
98.2%
▲ 0.4 vs 24h
Active rollouts
3
2 canary · 1 wave
Policy violations
2
▲ 1 new · 4h
Mean reconcile
4.7s
▼ 0.2 vs p7d
Current rollout wave ingest-pipeline · v2.3.1 → v2.4.0
ROLLINGdev
staging
prod-canary
prod-us
prod-eu
Environment health
liveaws-us-east-1-prod
Cloud · AWS
Products
18
Drift
0
SLO
99.97
gcp-eu-west-prod
Cloud · GCP
Products
16
Drift
1
SLO
99.92
onprem-dc-chicago
On-prem · bare metal
Products
9
Drift
0
SLO
99.99
airgap-site-delta
Airgapped · highside
Products
6
Drift
0
SLO
—
edge-fleet-mobile
Edge · ruggedized
Products
4
Drift
3
SLO
97.4
azure-gov-east
Cloud · Azure Gov
Products
11
Drift
2
SLO
98.1
Event stream
tail -f11:57:05INFOreconcile loop tick Δ=4.7s targets=14 products=23
11:57:05OKbundle-transport airgap-site-delta synced size=142MB age=4h 12m
11:57:05INFOpolicy check sla.wave-throttle-25pct PASS (fleet %/h = 12)
11:57:05WARNedge-fleet-mobile drift detected: telemetry-agent v1.8.4 ≠ desired v1.9.0
11:57:05OKartifact verify cosign://trusted-ca digest=sha256:a1b2f7...
11:57:05INFOcanary wave 2 (25%) → prod-canary 7/40 pods healthy
11:57:05OKreconcile ingest-pipeline → aws-us-east-1-prod desired=v2.4.0 drift=0
Releases
declarative rollouts · reconciliation-based · no imperative pipelines
Active 3 rollouts in flight
| Product | From → to | Strategy | Progress | Owner | Status |
|---|---|---|---|---|---|
ingest-pipeline stream processor | v2.3.1 → v2.4.0 | canary · 10% | 3/8 env | j.okonkwo | ROLLING |
auth-service identity broker | v5.1.0 → v5.2.0 | blue-green | 6/8 env | m.sato | ROLLING |
telemetry-agent edge collector | v1.8.4 → v1.9.0 | airgap bundle | 2/8 env | sre-ops | AWAITING SYNC |
Recent last 7 days
| Product | Version | Strategy | Duration | Result | Started |
|---|---|---|---|---|---|
| billing-api | v3.14.2 | wave | 18m | SUCCESS | 2h ago |
| search-indexer | v0.9.7 | canary | 42m | SUCCESS | 8h ago |
| notification-svc | v2.0.1 | canary | 6m | AUTO-ROLLBACK | 1d ago |
| auth-service | v5.1.0 | blue-green | 24m | SUCCESS | 2d ago |
| report-generator | v1.2.0 | wave | 1h 14m | SUCCESS | 3d ago |
Environments
14 targets · unified reconciliation regardless of topology
Registered targets
| Name | Type | Region | Products | Drift | Agent | Status |
|---|---|---|---|---|---|---|
| aws-us-east-1-prod | Cloud (AWS) | us-east-1 | 18 | 0 | v4.2.1 | HEALTHY |
| aws-us-west-2-prod | Cloud (AWS) | us-west-2 | 15 | 0 | v4.2.1 | HEALTHY |
| gcp-eu-west-prod | Cloud (GCP) | europe-west1 | 16 | 1 | v4.2.1 | ROLLING |
| azure-gov-east | Cloud (Azure Gov) | usgovvirginia | 11 | 2 | v4.1.9 | DEGRADED |
| onprem-dc-chicago | On-prem (bare metal) | ord1 | 9 | 0 | v4.2.1 | HEALTHY |
| onprem-dc-frankfurt | On-prem (VMware) | fra1 | 7 | 0 | v4.2.1 | HEALTHY |
| airgap-site-delta | Airgapped (highside) | classified | 6 | 0 | v4.2.0 | SYNCED 4h |
| airgap-site-sigma | Airgapped (highside) | classified | 6 | 1 | v4.2.0 | PENDING BUNDLE |
| edge-fleet-mobile | Edge (ruggedized) | tactical | 4 | 3 | v4.1.5 | PARTIAL |
| customer-priv-acme | Private SaaS | customer-owned | 5 | 0 | v4.2.1 | HEALTHY |
Products
registered software · manifest-defined · signed artifacts
Catalog 23 products
| Product | Latest | Deployed | Health | Targets | SLA |
|---|---|---|---|---|---|
ingest-pipeline Kafka → parquet stream processor | v2.4.0 | v2.3.1 / 2.4.0 | 8 | 99.9% | |
auth-service identity & session broker | v5.2.0 | v5.1.0 / 5.2.0 | 14 | 99.99% | |
billing-api invoice & payment orchestration | v3.14.2 | v3.14.2 | 6 | 99.95% | |
notification-svc fanout & delivery (email, sms, push) | v2.0.2 | v1.9.4 | 9 | 99.5% | |
telemetry-agent metrics/log collector · edge | v1.9.0 | v1.8.4 / 1.9.0 | 14 | 99.9% | |
search-indexer document & vector index builder | v0.9.7 | v0.9.7 | 7 | 99.9% | |
report-generator scheduled reporting pipeline | v1.2.0 | v1.2.0 | 4 | 99% |
Policies
security, compliance, SLA constraints · policy-as-code · enforced pre-apply
Active policies 18 rules · 2 violations
All artifacts must be signed by trusted CA
artifact.signature.trusted == true · scope: all envs · severity: block
No deployment during customer change-freeze window
env.freeze_window == false · scope: customer-priv-* · severity: block
Max rollout wave: 25% of fleet per hour
rollout.fleet_percent_per_hour <= 25 · scope: prod-* · severity: block
Automatic rollback on error rate > 1%
telemetry.error_rate > 0.01 · window: 5m · severity: rollback
FedRAMP High: azure-gov-east drift > 0
azure-gov-east has 2 products drifted from desired · severity: warn
SOC 2: audit log retention >= 365d
all environments must retain audit events ≥ 365 days · severity: block
telemetry-agent on edge-fleet behind version cap
edge-fleet-mobile has v1.8 pinned but product latest is v1.9 · severity: warn
DORA metrics
30-day rolling window · computed from audit log · fleet-wide
Deployment frequency● ELITE
34/ day
▲ 12% vs previous window
Lead time for changes● ELITE
2.3hrs
▼ 18% vs previous window
Change failure rate● HIGH
8.4%
▼ 2.1pp vs previous window
Mean time to recovery● ELITE
11min
▼ 34% auto-rollback driven
Manifest spec
declarative product definition · the single source of truth
Example · ingest-pipeline v2.4.0
apollo.yaml# Declarative product manifest — reconciled, not executed. # The control plane makes reality converge to this spec. apiVersion: apollo/v1 kind: Product metadata: name: ingest-pipeline version: 2.4.0 owner: team-data-platform spec: artifacts: - name: ingest image: registry.apollo.io/ingest:2.4.0@sha256:a1b2... signature: cosign://trusted-ca dependencies: - product: auth-service minVersion: 5.1.0 targets: - selector: env.class == prod AND env.region == us-* replicas: 12 rollout: strategy: canary waves: [10, 25, 50, 100] bakeTime: 10m - selector: env.class == airgap replicas: 4 rollout: strategy: bundle transport: signed-tarball slo: availability: 99.9% errorBudgetBurnRate: 14.4x/1h → rollback policies: - sec.artifacts-signed - sla.wave-throttle-25pct - cmp.audit-retention-365d