Technology Stack
================
Implementation
--------------
The `Go\* language `_ is the primary development language for the
Application Orchestration components.
Each API that a component exposes is implemented using `gRPC `_ ,
which is a high-performance, open-source universal RPC, with interface definitions
in the `Protobuf `_ language.
Where the API is exposed through the Multi-Tenancy Gateway, it is done using
`gRPC-Gateway `_, which converts
the gRPC definition to an `OpenAPI* `_ specification and
exposes a REST interface using `Gin `_ (a Go-based web server).
Where the component has a backing database (e.g. Application Catalog) it is implemented
using `ENT `_, which is a Go library for Entity Resource Mapping (ERM)
and is used to define the schema of the database and the queries that are used.
ENT is used with the `PostgreSQL\* database `_. In cloud-based
deployments, a managed service such as `AWS\* Aurora `_
may be used.
`Skupper `_ is used to provide the secure network used by
the Interconnect system.
The Tenant Provisioner component is built in Go and uses a plugin approach for extending
the actions it takes during the creation and deletion of Multi-Tenant Projects.
`Keycloak\* solution `_ is the Identity and Access Management (IAM) system
used by the |software_prod_name| and the Application Orchestration components handle JWT
bearer tokens from it that are attached to API requests to validate the call is
authenticated and to drive any authorization checks.
`Open Policy Agent `_ is used by some of the Application
Orchestration components to enforce RBAC authorization policies (checked against a set of
REGO rules) on the data presented in an API call.
`Harbor\* OCI Registry `_ is used to store and distribute Docker images
and Helm charts.
`Argo\* CD tool `_ is used to deploy the initial
components of the application.
`Vault\* system `_ is used to store secrets and configuration data.
System Diagram
--------------
.. .. mermaid::
.. :hidden:
.. graph TD
.. subgraph Core_Components
.. A[Application Orchestration]
.. B[Application Catalog]
.. C[Multi-Tenancy Gateway]
.. D[Tenant Provisioner]
.. E["Keycloak IAM"]
.. F["Open Policy Agent (OPA)"]
.. G["Vault (Secrets Management)"]
.. end
.. subgraph External_Integrations
.. H["OCI Registries (Harbor)"]
.. I["Argo CD"]
.. J["Cluster Orchestration"]
.. end
.. subgraph Databases
.. K["Postgres Database"]
.. end
.. %% Relationships
.. A --> C
.. C --> E
.. C --> F
.. B --> K
.. B --> H
.. A --> I
.. A --> J
.. G --> A
.. D --> A
.. image:: ./images/tech_stack_of_app_orch.svg
:alt: Technology Stack of Application Orchestration
:align: center
:width: 100%
Figure 1: Technology Stack of Application Orchestration
Integrations
------------
The principal points of integration between Application Orchestration and other
|software_prod_name| components are:
- Cluster Orchestration for the deployment of the applications to the Edge Node
Clusters
- PostgreSQL Database for the Application Catalog
- Keycloak solution for Identity and Access Management (IAM)
- Argo CD tool for the initial deployment of the components
- Tenant Manager for the creation and deletion of Multi-Tenant Projects
The principal points of integration between Application Orchestration and external
systems are:
- OCI Registries for the storage and distribution of Docker\* images and Helm\* charts.
The registry definition can be configured in the Application Catalog and be shared
across many applications.