Infrastructure
Control Plane Infrastructure
Essential infrastructure components required to run the Control Plane
Infrastructure Overview
Required components
The Control Plane requires several infrastructure components to operate correctly. These components provide essential services for the platform's functionality.
The Control Plane is built on top of a foundation of reliable infrastructure components that provide essential services. These components work together to create a secure, scalable, and resilient platform for API management and workload orchestration.
Core Infrastructure
⎈ Kubernetes
The underlying container orchestration platform where the Control Plane is deployed. Currently tested with Kubernetes version 1.31.
🔒 cert-manager
Creates and manages TLS certificates for workloads in your Kubernetes cluster. Provides automated certificate management for secure communications.
🔐 trust-manager
Manages trust bundles in Kubernetes clusters. Ensures consistent and secure certificate validation across the platform.
📈 Prometheus CRDs
Enables monitoring based on Prometheus, required by the kubebuilder framework. Provides metrics collection and alerting capabilities.
API Management Infrastructure
👤 Iris (Keycloak)
A Keycloak-based Machine-to-Machine (M2M) Identity Provider for authentication and authorization. Manages identity and access for services and users.
Kubernetes Resource Requirements
The Control Plane components have specific resource requirements to ensure optimal performance. Below are the recommended resources for a standard deployment:
CPU and Memory Requirements
| Component Type | CPU Request | CPU Limit | Memory Request | Memory Limit |
|---|---|---|---|---|
| Operators | 100m | 500m | 128Mi | 512Mi |
| API Servers | 100m | 500m | 256Mi | 1Gi |
| Gateway | 500m | 1000m | 512Mi | 2Gi |
| Identity Provider | 500m | 1000m | 1Gi | 2Gi |
Storage Infrastructure
The Control Plane uses a combination of storage solutions for different purposes:
Storage options
Depending on your deployment environment, different storage options may be appropriate. The Control Plane supports multiple storage backends.
Database Storage
PostgreSQL
Used for storing structured data such as user information, configuration settings, and relationship data. Required by components like the Identity Provider.
Redis
Used for caching and temporary storage of session data, improving performance for frequently accessed data.
File Storage
Amazon S3
Object storage service that provides scalable storage for files and large objects. Used by the File Manager component for storing files.
MinIO
Self-hosted S3-compatible object storage. Can be used as an alternative to Amazon S3 for on-premises deployments.
Network Infrastructure
The Control Plane requires specific network configurations to operate correctly:
Ingress and Egress
Ingress Controller
Manages external access to the services within the Kubernetes cluster. Routes HTTP and HTTPS traffic to appropriate services.
Network Policies
Kubernetes Network Policies define how pods communicate with each other and with external network endpoints. Used to secure communication between components.
Service Mesh (Optional)
Istio/Linkerd
A service mesh can be used to provide additional traffic management, security, and observability features. This is optional but recommended for production deployments.
High Availability Configuration
For production environments, consider the following high availability configurations:
Multiple Replicas
Deploy multiple replicas of each component to ensure continued operation even if some pods fail.
Pod Anti-Affinity
Configure pod anti-affinity to spread replicas across different nodes, reducing the risk of complete service failure.
Database HA
Use database clustering or replication for PostgreSQL and Redis to prevent data loss and ensure continuous availability.
Multi-Zone Deployment
Spread the deployment across multiple availability zones to protect against zone failures.
Deployment Considerations
When planning your Control Plane deployment, consider the following factors:
Scaling
Start with the recommended resource allocations and scale components based on load and performance monitoring.
Security
Implement network policies, use TLS for all communications, and follow the principle of least privilege for service accounts.
Monitoring
Set up monitoring and alerting for all infrastructure components using Prometheus and Grafana.
Related Pages
- Components: Learn about the core components of the Control Plane
- Operators: Explore the specialized controllers that manage Control Plane resources
- Architecture: See how infrastructure components fit into the overall system design