Technology Stack#

Implementation#

The Go* programming language is the primary development language for the Application Orchestration components.

Each API that a component exposes is implemented using gRPC , which is a high-performance, open-source universal RPC, with interface definitions in the Protobuf language.

Where the API is exposed through the Multi-Tenancy Gateway, it is done using gRPC-Gateway, which converts the gRPC definition to an OpenAPI* specification and exposes a REST interface using Gin (a Go-based web server).

Where the component has a backing database (e.g., Application Catalog) it is implemented using ENT, which is a Go library for Entity Resource Mapping (ERM). It is used to define the schema of the database and the queries that are used.

ENT is used with the PostgreSQL* database. In cloud-based deployments, a managed service such as AWS* Aurora may be used.

Skupper is used to provide the secure network used by the Interconnect system.

The Tenant Provisioner component is built in Go and uses a plugin approach for extending the actions it takes during the creation and deletion of Multi-Tenant Projects.

Keycloak* solution is the Identity and Access Management (IAM) system used by Edge Orchestrator. The Application Orchestration components handle JWT bearer tokens from it that are attached to API requests to validate that the call is authenticated and to drive any authorization checks.

Open Policy Agent is used by some of the Application Orchestration components to enforce RBAC authorization policies (checked against a set of REGO rules) on the data presented in an API call.

Harbor* OCI Registry is used to store and distribute Docker* images and Helm* charts.

Argo* CD tool is used to deploy the initial components of the application.

Vault* system is used to store secrets and configuration data.

System Diagram#

Technology Stack of Application Orchestration

Figure 1: Technology Stack of Application Orchestration

Integrations#

The principal points of integration between Application Orchestration and other Edge Orchestrator components are:

  • Cluster Orchestration for the deployment of the applications to the Edge Node Clusters

  • PostgreSQL* Database for the Application Catalog

  • Keycloak solution for Identity and Access Management (IAM)

  • Argo CD tool for the initial deployment of the components

  • Tenant Manager for the creation and deletion of Multi-Tenant Projects

The principal points of integration between Application Orchestration and external systems are:

  • OCI Registries for the storage and distribution of Docker images and Helm charts. The registry definition can be configured in the Application Catalog and can be shared across many applications.