Base concepts¶
Introduction¶
Cloudboostr enhances upstream Kubernetes with ops automation, built-in monitoring system, hardened security and integrated workload management tools, all backed up with our dedicated enterprise support.
The whole platform is managed by single control plane called OpsControl. It manages deployment of one or more envs.
OpsControl¶
OpsControl is the heart of Cloudboostr. It is a place where operators work. It consists of multiple key operation components, like BOSH director, UAA, Credhub, Concourse, OpenDistro, Harbor and telemetry components, like ELK, Prometheus and Grafana.
- Concourse is used to create each of envs.
- UAA is the central login point and could be proxy to external authentication provider.
- Credhub stores and generates passwords and certificates for OpsControl components.
- Elk collects logs, while kibana visualises them.
- Prometheus collects metrics, while grafana visualises them.
Env¶
Env is a place where developers work. There are Cloud Foundry and Kubernetes and all helpful elements, like metrics and logs exporters, Credhub for environment components, and others. There could be more than one environment per OpsControl (e.g. dev-team1, dev-team2, qa, pre-prod, prod).
Network structure¶
In OpsControl there are 3 networks:
- DMZ
- Management
- Telemetry
And each of environments use 4 networks:
- DMZ
- Management
- Kubernetes
- CF
Each network is connected to one central router, which is also connected to external network. In each network there is only one subnet and if required by underyling provider single router.
OpsControl¶
| Network/subnet | IP mask | Notes |
|---|---|---|
| Mgmt | 24 | Contains BOSH director VM |
| Telemetry | 24 | Contains operations deployments VMs (Concourse, OpenDistro, Prometheus, Harbor, Kubernetes) |
| DMZ | 24 | Contains Jumpbox VM, DNS and Load Balancers |
Env¶
| Network/subnet | IP mask | Notes |
|---|---|---|
| Mgmt | 26 | Contains BOSH director VM |
| Services | 24 | |
| DMZ | 26 | Contains Jumpbox VM, DNS and Load Balancers |
| CF | 22 | Contains each vms of Cloud Foundry deployment, CF services, etc |
| K8s | 22 | Contains kubernetes deployment |
Load Balancers¶
Used to proxy traffic to vms and to balance traffic between Availability Zones. Used also for SSL termination.
- OpsControl UAA web access for SSO
- OpsControl Concourse web acces
- OpsControl Grafana web access
- OpsControl Kibana web access
- Env CF SSH
- Env CF router
- Env k8s master API connection
- Env k8s ingress
Security Groups¶
Used to define access control lists for deployments.
- OpsControl Jumpbox
- OpsControl BOSH
- OpsControl DNS
- OpsControl Concourse
- OpsControl Grafana
- OpsControl Control-plane
- Env Jumpbox
- Env BOSH
- Env DNS
- Env CF
- Env K8s
- Env public
Keypairs¶
Used to allow SSH access to the Jumpbox from public network, and to BOSH from Jumpbox.
- OpsControl Jumpbox keypair
- OpsControl BOSH keypair
- Env Jumpbox keypair
- Env BOSH keypair
Storage buckets¶
Used to store permanent data (manually created) and ephemeral data (others) needed by cloudboostr.
- OpsControl BOSH and Terraform state
- Env BOSH and Terraform state
- Env CF blobstore
- Sensitive data (private and public keys) (bucket has to be created manually)
- Backups (bucket has to be created manually)