Technology Stack#

Implementation#

The Go* language is the primary development language for the Application Orchestration components.

Each API that a component exposes is implemented using gRPC , which is a high-performance, open-source universal RPC, with interface definitions in the Protobuf language.

Where the API is exposed through the Multi-Tenancy Gateway, it is done using gRPC-Gateway, which converts the gRPC definition to an OpenAPI* specification and exposes a REST interface using Gin (a Go-based web server).

Where the component has a backing database (e.g. Application Catalog) it is implemented using ENT, which is a Go library for Entity Resource Mapping (ERM) and is used to define the schema of the database and the queries that are used.

ENT is used with the PostgreSQL* database. In cloud-based deployments, a managed service such as AWS* Aurora may be used.

Skupper is used to provide the secure network used by the Interconnect system.

The Tenant Provisioner component is built in Go and uses a plugin approach for extending the actions it takes during the creation and deletion of Multi-Tenant Projects.

Keycloak* solution is the Identity and Access Management (IAM) system used by the Edge Orchestrator and the Application Orchestration components handle JWT bearer tokens from it that are attached to API requests to validate the call is authenticated and to drive any authorization checks.

Open Policy Agent is used by some of the Application Orchestration components to enforce RBAC authorization policies (checked against a set of REGO rules) on the data presented in an API call.

Harbor* OCI Registry is used to store and distribute Docker images and Helm charts.

Argo* CD tool is used to deploy the initial components of the application.

Vault* system is used to store secrets and configuration data.

System Diagram#

Technology Stack of Application Orchestration

Figure 1: Technology Stack of Application Orchestration

Integrations#

The principal points of integration between Application Orchestration and other Edge Orchestrator components are:

  • Cluster Orchestration for the deployment of the applications to the Edge Node Clusters

  • PostgreSQL Database for the Application Catalog

  • Keycloak solution for Identity and Access Management (IAM)

  • Argo CD tool for the initial deployment of the components

  • Tenant Manager for the creation and deletion of Multi-Tenant Projects

The principal points of integration between Application Orchestration and external systems are:

  • OCI Registries for the storage and distribution of Docker* images and Helm* charts. The registry definition can be configured in the Application Catalog and be shared across many applications.