Base concepts¶
Introduction¶
Cloudboostr enhances upstream Kubernetes with ops automation, built-in monitoring system, hardened security and integrated workload management tools, all backed up with our dedicated enterprise support.
The whole platform is managed by single control plane called OpsControl. It manages deployment of one or more envs.
OpsControl¶
OpsControl is the heart of Cloudboostr. It is a place where operators work. It consists of multiple key operation components, like Keycloak, Vault, Concourse, Harbor, Velero and telemetry components, like OpenSearch, Prometheus and Grafana.
- Concourse is used to create each of envs.
- Keycloak is the central login point and could be proxy to external authentication provider.
- Vault stores and generates passwords and certificates for OpsControl components.
- OpenSearch collects logs, while OpenSearch Dashboards (Kibana) visualises them.
- Prometheus collects metrics, while Grafana visualises them.
- Velero is used to backup and restore the data
- Harbor stores container images used locally on the Jumpboxes or in Concourse pipelines.
Env¶
Env is a place where developers work. There are Kubernetes and all helpful elements, like metrics and logs exporters, Velero for environment backups, and others. There could be more than one environment per OpsControl (e.g. dev-team1, dev-team2, qa, pre-prod, prod).
Network structure¶
In OpsControl there are 3 networks:
- DMZ
- Management
- ControlPlane
And each of env use 4 networks:
- DMZ
- Management
- Kubernetes
- Services
Each network is connected to one central router, which is also connected to external network. In each network there is only one subnet and if required by underyling provider single router.
OpsControl¶
| Network/subnet | Default IP mask | Notes |
|---|---|---|
| Mgmt | 26 | Contains Kubernetes control plane VMs |
| ControlPlane | 26 | Contains Kubernetes worker VMs where all tools are installed (Concourse, OpenSearch, Prometheus, Harbor) |
| DMZ | 26 | Contains Jumpbox VM, DNS and Load Balancers |
Env¶
| Network/subnet | IP mask | Notes |
|---|---|---|
| Mgmt | 26 | Contains Kubernetes control plane VMs |
| Services | 26 | Reserved for custom services |
| DMZ | 26 | Contains Jumpbox VM, DNS and Load Balancers |
| K8s | 26 | Contains Kubernetes worker VMs |
Load Balancers¶
Used to proxy traffic to VMs and to balance traffic between Availability Zones. Used also for SSL termination.
- OpsControl ControlPlane Ingress (Concourse, Grafan, Kibana, Keycloak, Vault and Harbor web acces)
- Env Kubernetes API connection
- Env Kubernetes Ingress
Security Groups¶
Used to define access control lists for deployments.
- OpsControl Jumpbox
- OpsControl DNS
- OpsControl Control-plane services
- Env Jumpbox
- Env DNS
- Env K8s services
- Env public
Keypairs¶
Used to allow SSH access to the Jumpbox from public network, and to Kubernetes or DNS VMs from Jumpbox.
- OpsControl Jumpbox keypair
- OpsControl DNS keypair
- OpsControl Kubernetes keypair
- Env Jumpbox keypair
- Env DNS keypair
- Env Kubernetes keypair
Storage buckets¶
Used to store permanent data (manually created) and ephemeral data (others) needed by Cloudboostr.
- OpsControl Ansible and Terraform state (bucket has to be created manually)
- Env Ansible and Terraform state
- Sensitive data for private, public keys and certificates (bucket has to be created manually)
- Backups (bucket has to be created manually)