Naftiko Skipper
Naftiko Skipper is the Kubernetes operator that turns Capability custom
resources into running integration workloads. You write a YAML spec describing
what your service exposes and what it consumes — the operator handles the rest.
Core Concepts
| Component |
Purpose |
Capability |
User-facing CRD describing a capability |
CapabilityClass |
Operational defaults (CPU/memory/autoscaling/resilience) |
Skipper Operator |
Reconciliation engine |
ikanos runtime |
Executes the capability spec |
Philosophy
Skipper follows the Kubernetes operator model:
desired state → reconciliation → converged cluster state
Users declare intent. The operator continuously enforces it.
Developer writes Skipper reconciles Engine runs
──────────────── ────────────────── ───────────
Capability CR (YAML) → ConfigMap → /data/capability.yaml
Deployment → ikanos container
Service → ClusterIP :port
Ingress (optional) → public route
Features
Placement & lifecycle
| Feature |
Description |
| Fleet manifest |
Declarative YAML — naftiko.fleet.yaml describes every capability and its desired state |
| Kubernetes operator |
Reconciles Capability CRDs into running pods |
| Multi-environment |
Same manifest, environment-specific overrides via binds |
| Version pinning |
Per-env capability version locks with promotion workflows |
| Rolling strategies |
Canary, blue/green, progressive (Argo Rollouts compatible) |
Routing
| Feature |
Description |
| Service mesh integration |
Linkerd, Istio, Consul out of the box |
| Native routing |
Built-in router when no mesh is present |
| MCP gateway |
Single MCP entry point with per-tool routing across capabilities |
| REST gateway |
Path-based routing to REST exposes |
Observability
| Feature |
Description |
| Trace propagation |
OpenTelemetry across capability boundaries |
| Centralized metrics |
Prometheus scrape config for all Control ports |
| Fleet dashboard |
Health, latency, error rate per capability and per operation |
| Alerting |
Pre-built rules for latency, error budget, capability outage |
Security & governance
| Feature |
Description |
| Warden distribution |
Push signed Rego bundles to every Warden instance |
| Secret management |
Vault, AWS Secrets Manager, Azure Key Vault, Doppler integration |
| mTLS rotation |
Automatic certificate provisioning and rotation |
| Audit aggregation |
Centralized audit log from all Warden instances |
Operations
| Feature |
Description |
| CLI |
skipper apply, skipper diff, skipper status, skipper logs |
| GitOps |
Argo CD / Flux compatible (manifest is the source of truth) |
| Hot reload |
Capability config updates without restart, where safe |
| Disaster recovery |
Cross-region failover and capability replay |