One hardened baseline image. 100 toggleable add-ons. Zero Critical or High CVEs — guaranteed on every weekly rebuild. Select your OS, enable the tools you need, and deploy.
registry.opencentric.ai/baseline:wolfiSelect a cloud to unlock Terraform templates for each add-on that supports it. $79 one-time per template.
Weekly automated Trivy scans across all OS packages and application dependencies.
Every build is signed with Cosign — verify authenticity before any pull.
CycloneDX and SPDX bill of materials generated automatically on each rebuild.
Real-time kernel-level threat detection for running containers.
Open Policy Agent enforces admission and runtime policies as code.
Secrets management, dynamic credentials, and encryption-as-a-service.
Automatic TLS certificate provisioning and renewal via Let's Encrypt or custom CA.
Kubernetes-native policy engine for validating and mutating resources.
Vulnerability scanning for container images and filesystems using Grype's database.
CIS Level 1 & 2 hardening profiles applied at build time.
Mandatory access control profiles for reduced syscall attack surface.
Default-deny network policies to isolate workloads by namespace.
Kubernetes PSS restricted profile — no privileged containers, no host PID.
Mozilla SOPS for encrypting secrets in Git with KMS, PGP, or age.
OCI-native image signing and verification with Notation CLI.
Open-source monitoring with a powerful query language (PromQL).
Visualization dashboards for metrics, logs, and traces from any source.
Horizontally scalable log aggregation built for Kubernetes.
High-scale distributed tracing backend, natively integrated with Grafana.
Vendor-agnostic telemetry pipeline for metrics, logs, and traces.
End-to-end distributed tracing for microservices with Jaeger backend.
Handles alerts from Prometheus with routing, grouping, and silencing.
Forward critical alerts directly to PagerDuty on-call rotations.
New Relic APM agent for full-stack performance visibility.
Datadog infrastructure and APM agent with auto-discovery.
Lightweight log processor and forwarder for Kubernetes environments.
High-performance observability data pipeline for logs, metrics, and events.
In-memory data structure store used as cache, session store, and pub/sub.
Advanced open-source relational database with full ACID compliance.
Document-oriented NoSQL database for flexible, schema-less storage.
Widely deployed open-source RDBMS with strong replication support.
Distributed event streaming platform for high-throughput pipelines.
Distributed search and analytics engine for structured and unstructured data.
S3-compatible object storage for on-prem or air-gapped deployments.
Column-oriented OLAP database for real-time analytics at petabyte scale.
Message broker with support for multiple messaging protocols.
Change data capture for streaming database changes to Kafka.
Cloud-native messaging system for microservices, IoT, and edge computing.
Distributed reliable key-value store used by Kubernetes control plane.
Production-grade Kubernetes ingress controller with load balancing.
Edge router with native Kubernetes integration and automatic TLS.
Full-featured service mesh with mTLS, traffic management, and telemetry.
Ultralight service mesh focused on simplicity, security, and observability.
High-performance L7 proxy and communication bus for large service meshes.
Flexible, extensible DNS server used as the Kubernetes cluster DNS.
Bare-metal load-balancer implementation for Kubernetes clusters.
eBPF-based networking, observability, and security for Kubernetes.
Declarative GitOps continuous delivery for Kubernetes.
Cloud-native CI/CD pipelines running directly in Kubernetes.
Extensible open-source automation server for CI/CD pipelines.
Run GitLab CI/CD jobs inside your container environment.
Next-generation Docker image builder with cache mounts and secrets.
Build container images inside Kubernetes without a Docker daemon.
Fast inner-loop development with automatic build, push, and deploy.
The Kubernetes package manager for defining, installing, and upgrading applications.
Kubernetes native configuration management without templates.
Repeatable builds combining Dockerfile and Makefile syntax.
Open-source machine learning framework with GPU acceleration support.
Flexible, high-performance serving system for ML models.
Distributed computing framework for scaling AI and Python workloads.
Platform for the ML lifecycle including experimentation and deployment.
Machine learning toolkit for Kubernetes with pipeline orchestration.
NVIDIA Triton for high-throughput, multi-framework model inference.
Platform for deploying, scaling, and monitoring ML models on Kubernetes.
High-performance vector similarity search engine for AI applications.
Cloud-native vector database with built-in vectorization modules.
Run large language models locally with a simple container-native interface.
Latest LTS Node.js runtime with npm and yarn.
Python 3.12 with pip, virtualenv, and common scientific libraries.
Go toolchain with modules and cross-compilation support.
Rust stable toolchain with Cargo and common crates.
Eclipse Temurin JDK 21 with Maven and Gradle.
Render and interact with OpenAPI specifications in a browser UI.
Essential HTTP and JSON processing tools for debugging and scripting.
Git Large File Storage for versioning large assets and models.
HashiCorp Terraform for infrastructure-as-code provisioning.
Agentless IT automation for configuration management and deployments.
Terminal-based UI for interacting with Kubernetes clusters in real time.
Kubernetes command-line tool for cluster management.
Official CLI for creating and managing EKS clusters.
Command-line interface for managing AWS services.
CLI tools for interacting with Google Cloud Platform services.
Command-line tools for managing Azure resources.
Backup and restore Kubernetes cluster resources and persistent volumes.
Fast, encrypted, and deduplicated backups to any storage backend.
Synchronizes Kubernetes Ingresses and Services with DNS providers.
Kubernetes-native infrastructure provisioning via CRDs.
All builds include weekly Trivy scans, Cosign signing, SBOM, and zero Critical/High CVE guarantee.