Skip to main content

Infrastructure

Control Plane Infrastructure

Essential infrastructure components required to run the Control Plane

Infrastructure Overview

Required components

The Control Plane requires several infrastructure components to operate correctly. These components provide essential services for the platform's functionality.

The Control Plane is built on top of a foundation of reliable infrastructure components that provide essential services. These components work together to create a secure, scalable, and resilient platform for API management and workload orchestration.

Core Infrastructure

⎈ Kubernetes

The underlying container orchestration platform where the Control Plane is deployed. Currently tested with Kubernetes version 1.31.

🔒 cert-manager

Creates and manages TLS certificates for workloads in your Kubernetes cluster. Provides automated certificate management for secure communications.

🔐 trust-manager

Manages trust bundles in Kubernetes clusters. Ensures consistent and secure certificate validation across the platform.

📈 Prometheus CRDs

Enables monitoring based on Prometheus, required by the kubebuilder framework. Provides metrics collection and alerting capabilities.

API Management Infrastructure

🔎 Gateway (Kong)

A Kong-based managed gateway providing hybrid API management. Routes API traffic, enforces policies, and secures API endpoints.

👤 Iris (Keycloak)

A Keycloak-based Machine-to-Machine (M2M) Identity Provider for authentication and authorization. Manages identity and access for services and users.

Kubernetes Resource Requirements

The Control Plane components have specific resource requirements to ensure optimal performance. Below are the recommended resources for a standard deployment:

CPU and Memory Requirements

Component TypeCPU RequestCPU LimitMemory RequestMemory Limit
Operators100m500m128Mi512Mi
API Servers100m500m256Mi1Gi
Gateway500m1000m512Mi2Gi
Identity Provider500m1000m1Gi2Gi

Storage Infrastructure

The Control Plane uses a combination of storage solutions for different purposes:

Storage options

Depending on your deployment environment, different storage options may be appropriate. The Control Plane supports multiple storage backends.

Database Storage

PostgreSQL

Used for storing structured data such as user information, configuration settings, and relationship data. Required by components like the Identity Provider.

Redis

Used for caching and temporary storage of session data, improving performance for frequently accessed data.

File Storage

Amazon S3

Object storage service that provides scalable storage for files and large objects. Used by the File Manager component for storing files.

MinIO

Self-hosted S3-compatible object storage. Can be used as an alternative to Amazon S3 for on-premises deployments.

Network Infrastructure

The Control Plane requires specific network configurations to operate correctly:

Ingress and Egress

Ingress Controller

Manages external access to the services within the Kubernetes cluster. Routes HTTP and HTTPS traffic to appropriate services.

Network Policies

Kubernetes Network Policies define how pods communicate with each other and with external network endpoints. Used to secure communication between components.

Service Mesh (Optional)

Istio/Linkerd

A service mesh can be used to provide additional traffic management, security, and observability features. This is optional but recommended for production deployments.

High Availability Configuration

For production environments, consider the following high availability configurations:

Multiple Replicas

Deploy multiple replicas of each component to ensure continued operation even if some pods fail.

Pod Anti-Affinity

Configure pod anti-affinity to spread replicas across different nodes, reducing the risk of complete service failure.

Database HA

Use database clustering or replication for PostgreSQL and Redis to prevent data loss and ensure continuous availability.

Multi-Zone Deployment

Spread the deployment across multiple availability zones to protect against zone failures.

Deployment Considerations

When planning your Control Plane deployment, consider the following factors:

Scaling

Start with the recommended resource allocations and scale components based on load and performance monitoring.

Security

Implement network policies, use TLS for all communications, and follow the principle of least privilege for service accounts.

Monitoring

Set up monitoring and alerting for all infrastructure components using Prometheus and Grafana.

  • Components: Learn about the core components of the Control Plane
  • Operators: Explore the specialized controllers that manage Control Plane resources
  • Architecture: See how infrastructure components fit into the overall system design