provisioning/docs/src/architecture/README.md

99 lines
4.1 KiB
Markdown
Raw Normal View History

2026-01-17 03:58:28 +00:00
<p align="center">
<img src="../resources/provisioning_logo.svg" alt="Provisioning Logo" width="300"/>
</p>
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
<p align="center">
<img src="../resources/logo-text.svg" alt="Provisioning" width="500"/>
</p>
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Architecture
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Deep dive into Provisioning platform architecture, design principles, and
architectural decisions that shape the system.
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
## Overview
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
The Provisioning platform uses modular, microservice-based architecture for
enterprise infrastructure as code across multiple clouds. This section
documents foundational architectural decisions and system design that enable:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- **Multi-cloud orchestration** across AWS, UpCloud, Hetzner, Kubernetes, and on-premise systems
- **Workspace-first organization** with complete infrastructure isolation and multi-tenancy support
- **Type-safe configuration** using Nickel language as source of truth
- **Autonomous operations** through intelligent detectors and automated incident response
- **Post-quantum security** with hybrid encryption protecting against future threats
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
## Architecture Documentation
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### System Understanding
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
<p align="center">
<img src="../resources/diagrams/architecture/system-overview.svg"
alt="System Architecture Overview with 12 Microservices" width="800"/>
</p>
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- **[System Overview](./system-overview.md)** - Platform architecture with 12
microservices, 80+ CLI commands, multi-tenancy model, cloud integration
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- **[Design Principles](./design-principles.md)** - Configuration-driven design,
workspace isolation, type-safety mandates, autonomous operations, security-first
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- **[Component Architecture](./component-architecture.md)** - 12 microservices:
Orchestrator, Control-Center, Vault-Service, Extension-Registry, AI-Service,
Detector, RAG, MCP-Server, KMS, Platform-Config, Service-Clients
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- **[Integration Patterns](./integration-patterns.md)** - REST APIs, async
message queues, event-driven workflows, service discovery, state management
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
<p align="center">
<img src="../resources/diagrams/architecture/microservices-communication.svg"
alt="Microservices Communication Patterns REST Async Events" width="800"/>
</p>
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Architectural Decisions
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- **[Architecture Decision Records (ADRs)](./adr/README.md)** - 10 decisions:
modular CLI, workspace-first design, Nickel type-safety, microservice
distribution, communication, post-quantum cryptography, encryption,
observability, SLO management, incident automation
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
## Key Architectural Patterns
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Modular Design (ADR-001)
- Decentralized CLI command registration reducing code by 84%
- Dynamic command discovery and 80+ keyboard shortcuts
- Extensible architecture supporting custom commands
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Workspace-First Organization (ADR-002)
- Workspaces as primary organizational unit grouping infrastructure, configs, and state
- Complete isolation for multi-tenancy and team collaboration
- Local schema and extension customization per workspace
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Type-Safe Configuration (ADR-003)
- Nickel language as source of truth for all infrastructure definitions
- Mandatory schema validation at parse time (not runtime)
- Complete migration from KCL with backward compatibility
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Distributed Microservices (ADR-004)
- 12 specialized microservices handling specific domains
- Independent scaling and deployment per service
- Service communication via REST + async queues
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Security Architecture (ADR-006 & ADR-007)
- Post-quantum cryptography with CRYSTALS-Kyber hybrid encryption
- Multi-layer encryption: at-rest (KMS), in-transit (TLS 1.3), field-level, end-to-end
- Centralized secrets management via SecretumVault
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Observability & Resilience (ADR-008, ADR-009, ADR-010)
- Unified observability: Prometheus metrics, ELK logging, Jaeger tracing
- SLO-driven operations with error budget enforcement
- Autonomous incident detection and self-healing
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
## Navigation
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- **For implementation details** → See `provisioning/docs/src/features/`
- **For API documentation** → See `provisioning/docs/src/api-reference/`
- **For deployment guides** → See `provisioning/docs/src/operations/`
- **For security details** → See `provisioning/docs/src/security/`
- **For development** → See `provisioning/docs/src/development/`