jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/docs/book/architecture/ARCHITECTURE_OVERVIEW.html
Jesús Pérez 6a59d34bb1
chore: update provisioning configuration and documentation 
Update configuration files, templates, and internal documentation
for the provisioning repository system.

Configuration Updates:
- KMS configuration modernization
- Plugin system settings
- Service port mappings
- Test cluster topologies
- Installation configuration examples
- VM configuration defaults
- Cedar authorization policies

Documentation Updates:
- Library module documentation
- Extension API guides
- AI system documentation
- Service management guides
- Test environment setup
- Plugin usage guides
- Validator configuration documentation

All changes are backward compatible.
2025-12-11 21:50:42 +00:00

1375 lines
83 KiB
HTML
Raw Blame History

<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Architecture Overview - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, KCL, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/architecture/ARCHITECTURE_OVERVIEW.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="provisioning-platform---architecture-overview"><a class="header" href="#provisioning-platform---architecture-overview">Provisioning Platform - Architecture Overview</a></h1>
<p><strong>Version</strong>: 3.5.0
<strong>Date</strong>: 2025-10-06
<strong>Status</strong>: Production
<strong>Maintainers</strong>: Architecture Team</p>
<hr />
<h2 id="table-of-contents"><a class="header" href="#table-of-contents">Table of Contents</a></h2>
<ol>
<li><a href="#executive-summary">Executive Summary</a></li>
<li><a href="#system-architecture">System Architecture</a></li>
<li><a href="#component-architecture">Component Architecture</a></li>
<li><a href="#mode-architecture">Mode Architecture</a></li>
<li><a href="#network-architecture">Network Architecture</a></li>
<li><a href="#data-architecture">Data Architecture</a></li>
<li><a href="#security-architecture">Security Architecture</a></li>
<li><a href="#deployment-architecture">Deployment Architecture</a></li>
<li><a href="#integration-architecture">Integration Architecture</a></li>
<li><a href="#performance-and-scalability">Performance and Scalability</a></li>
<li><a href="#evolution-and-roadmap">Evolution and Roadmap</a></li>
</ol>
<hr />
<h2 id="executive-summary"><a class="header" href="#executive-summary">Executive Summary</a></h2>
<h3 id="what-is-the-provisioning-platform"><a class="header" href="#what-is-the-provisioning-platform">What is the Provisioning Platform?</a></h3>
<p>The Provisioning Platform is a modern, cloud-native infrastructure automation system that combines the simplicity of declarative configuration (KCL) with the power of shell scripting (Nushell) and high-performance coordination (Rust).</p>
<h3 id="key-characteristics"><a class="header" href="#key-characteristics">Key Characteristics</a></h3>
<ul>
<li><strong>Hybrid Architecture</strong>: Rust for coordination, Nushell for business logic, KCL for configuration</li>
<li><strong>Mode-Based</strong>: Adapts from solo development to enterprise production</li>
<li><strong>OCI-Native</strong>: Extends leveraging industry-standard OCI distribution</li>
<li><strong>Provider-Agnostic</strong>: Supports multiple cloud providers (AWS, UpCloud) and local infrastructure</li>
<li><strong>Extension-Driven</strong>: Core functionality enhanced through modular extensions</li>
</ul>
<h3 id="architecture-at-a-glance"><a class="header" href="#architecture-at-a-glance">Architecture at a Glance</a></h3>
<pre><code>┌─────────────────────────────────────────────────────────────────────┐
│ Provisioning Platform │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ User Layer │ │ Extension │ │ Service │ │
│ │ (CLI/UI) │ │ Registry │ │ Registry │ │
│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │
│ │ │ │ │
│ ┌──────┴──────────────────┴──────────────────┴───────┐ │
│ │ Core Provisioning Engine │ │
│ │ (Config | Dependency Resolution | Workflows) │ │
│ └──────┬──────────────────────────────────────┬───────┘ │
│ │ │ │
│ ┌──────┴─────────┐ ┌───────┴──────────┐ │
│ │ Orchestrator │ │ Business Logic │ │
│ │ (Rust) │ ←─ Coordination → │ (Nushell) │ │
│ └──────┬─────────┘ └───────┬──────────┘ │
│ │ │ │
│ ┌──────┴───────────────────────────────────────┴──────┐ │
│ │ Extension System │ │
│ │ (Providers | Task Services | Clusters) │ │
│ └──────┬───────────────────────────────────────────────┘ │
│ │ │
│ ┌──────┴───────────────────────────────────────────────────┐ │
│ │ Infrastructure (Cloud | Local | Kubernetes) │ │
│ └───────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────┘
</code></pre>
<h3 id="key-metrics"><a class="header" href="#key-metrics">Key Metrics</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Metric</th><th>Value</th><th>Description</th></tr></thead><tbody>
<tr><td><strong>Codebase Size</strong></td><td>~50,000 LOC</td><td>Nushell (60%), Rust (30%), KCL (10%)</td></tr>
<tr><td><strong>Extensions</strong></td><td>100+</td><td>Providers, taskservs, clusters</td></tr>
<tr><td><strong>Supported Providers</strong></td><td>3</td><td>AWS, UpCloud, Local</td></tr>
<tr><td><strong>Task Services</strong></td><td>50+</td><td>Kubernetes, databases, monitoring, etc.</td></tr>
<tr><td><strong>Deployment Modes</strong></td><td>5</td><td>Binary, Docker, Docker Compose, K8s, Remote</td></tr>
<tr><td><strong>Operational Modes</strong></td><td>4</td><td>Solo, Multi-user, CI/CD, Enterprise</td></tr>
<tr><td><strong>API Endpoints</strong></td><td>80+</td><td>REST, WebSocket, GraphQL (planned)</td></tr>
</tbody></table>
</div>
<hr />
<h2 id="system-architecture"><a class="header" href="#system-architecture">System Architecture</a></h2>
<h3 id="high-level-architecture"><a class="header" href="#high-level-architecture">High-Level Architecture</a></h3>
<pre><code>┌────────────────────────────────────────────────────────────────────────────┐
│ PRESENTATION LAYER │
├────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌──────────────┐ ┌──────────────┐ ┌────────────┐ │
│ │ CLI (Nu) │ │ Control │ │ REST API │ │ MCP │ │
│ │ │ │ Center (Yew) │ │ Gateway │ │ Server │ │
│ └─────────────┘ └──────────────┘ └──────────────┘ └────────────┘ │
│ │
└──────────────────────────────────┬─────────────────────────────────────────┘
┌──────────────────────────────────┴─────────────────────────────────────────┐
│ CORE LAYER │
├────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ Configuration Management │ │
│ │ (KCL Schemas | TOML Config | Hierarchical Loading) │ │
│ └──────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐ │
│ │ Dependency │ │ Module/Layer │ │ Workspace │ │
│ │ Resolution │ │ System │ │ Management │ │
│ └──────────────────┘ └──────────────────┘ └──────────────────┘ │
│ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ Workflow Engine │ │
│ │ (Batch Operations | Checkpoints | Rollback) │ │
│ └──────────────────────────────────────────────────────────────────┘ │
│ │
└──────────────────────────────────┬─────────────────────────────────────────┘
┌──────────────────────────────────┴─────────────────────────────────────────┐
│ ORCHESTRATION LAYER │
├────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ Orchestrator (Rust) │ │
│ │ • Task Queue (File-based persistence) │ │
│ │ • State Management (Checkpoints) │ │
│ │ • Health Monitoring │ │
│ │ • REST API (HTTP/WS) │ │
│ └──────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ Business Logic (Nushell) │ │
│ │ • Provider operations (AWS, UpCloud, Local) │ │
│ │ • Server lifecycle (create, delete, configure) │ │
│ │ • Taskserv installation (50+ services) │ │
│ │ • Cluster deployment │ │
│ └──────────────────────────────────────────────────────────────────┘ │
│ │
└──────────────────────────────────┬─────────────────────────────────────────┘
┌──────────────────────────────────┴─────────────────────────────────────────┐
│ EXTENSION LAYER │
├────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌────────────────┐ ┌──────────────────┐ ┌───────────────────┐ │
│ │ Providers │ │ Task Services │ │ Clusters │ │
│ │ (3 types) │ │ (50+ types) │ │ (10+ types) │ │
│ │ │ │ │ │ │ │
│ │ • AWS │ │ • Kubernetes │ │ • Buildkit │ │
│ │ • UpCloud │ │ • Containerd │ │ • Web cluster │ │
│ │ • Local │ │ • Databases │ │ • CI/CD │ │
│ │ │ │ • Monitoring │ │ │ │
│ └────────────────┘ └──────────────────┘ └───────────────────┘ │
│ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ Extension Distribution (OCI Registry) │ │
│ │ • Zot (local development) │ │
│ │ • Harbor (multi-user/enterprise) │ │
│ └──────────────────────────────────────────────────────────────────┘ │
│ │
└──────────────────────────────────┬─────────────────────────────────────────┘
┌──────────────────────────────────┴─────────────────────────────────────────┐
│ INFRASTRUCTURE LAYER │
├────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌────────────────┐ ┌──────────────────┐ ┌───────────────────┐ │
│ │ Cloud (AWS) │ │ Cloud (UpCloud) │ │ Local (Docker) │ │
│ │ │ │ │ │ │ │
│ │ • EC2 │ │ • Servers │ │ • Containers │ │
│ │ • EKS │ │ • LoadBalancer │ │ • Local K8s │ │
│ │ • RDS │ │ • Networking │ │ • Processes │ │
│ └────────────────┘ └──────────────────┘ └───────────────────┘ │
│ │
└────────────────────────────────────────────────────────────────────────────┘
</code></pre>
<h3 id="multi-repository-architecture"><a class="header" href="#multi-repository-architecture">Multi-Repository Architecture</a></h3>
<p>The system is organized into three separate repositories:</p>
<h4 id="provisioning-core"><a class="header" href="#provisioning-core"><strong>provisioning-core</strong></a></h4>
<pre><code>Core system functionality
├── CLI interface (Nushell entry point)
├── Core libraries (lib_provisioning)
├── Base KCL schemas
├── Configuration system
├── Workflow engine
└── Build/distribution tools
</code></pre>
<p><strong>Distribution</strong>: <code>oci://registry/provisioning-core:v3.5.0</code></p>
<h4 id="provisioning-extensions"><a class="header" href="#provisioning-extensions"><strong>provisioning-extensions</strong></a></h4>
<pre><code>All provider, taskserv, cluster extensions
├── providers/
│ ├── aws/
│ ├── upcloud/
│ └── local/
├── taskservs/
│ ├── kubernetes/
│ ├── containerd/
│ ├── postgres/
│ └── (50+ more)
└── clusters/
├── buildkit/
├── web/
└── (10+ more)
</code></pre>
<p><strong>Distribution</strong>: Each extension as separate OCI artifact</p>
<ul>
<li><code>oci://registry/provisioning-extensions/kubernetes:1.28.0</code></li>
<li><code>oci://registry/provisioning-extensions/aws:2.0.0</code></li>
</ul>
<h4 id="provisioning-platform"><a class="header" href="#provisioning-platform"><strong>provisioning-platform</strong></a></h4>
<pre><code>Platform services
├── orchestrator/ (Rust)
├── control-center/ (Rust/Yew)
├── mcp-server/ (Rust)
└── api-gateway/ (Rust)
</code></pre>
<p><strong>Distribution</strong>: Docker images in OCI registry</p>
<ul>
<li><code>oci://registry/provisioning-platform/orchestrator:v1.2.0</code></li>
</ul>
<hr />
<h2 id="component-architecture"><a class="header" href="#component-architecture">Component Architecture</a></h2>
<h3 id="core-components"><a class="header" href="#core-components">Core Components</a></h3>
<h4 id="1-cli-interface-nushell"><a class="header" href="#1-cli-interface-nushell">1. <strong>CLI Interface</strong> (Nushell)</a></h4>
<p><strong>Location</strong>: <code>provisioning/core/cli/provisioning</code></p>
<p><strong>Purpose</strong>: Primary user interface for all provisioning operations</p>
<p><strong>Architecture</strong>:</p>
<pre><code>Main CLI (211 lines)
Command Dispatcher (264 lines)
Domain Handlers (7 modules)
├── infrastructure.nu (117 lines)
├── orchestration.nu (64 lines)
├── development.nu (72 lines)
├── workspace.nu (56 lines)
├── generation.nu (78 lines)
├── utilities.nu (157 lines)
└── configuration.nu (316 lines)
</code></pre>
<p><strong>Key Features</strong>:</p>
<ul>
<li>80+ command shortcuts</li>
<li>Bi-directional help system</li>
<li>Centralized flag handling</li>
<li>Domain-driven design</li>
</ul>
<h4 id="2-configuration-system-kcl--toml"><a class="header" href="#2-configuration-system-kcl--toml">2. <strong>Configuration System</strong> (KCL + TOML)</a></h4>
<p><strong>Hierarchical Loading</strong>:</p>
<pre><code>1. System defaults (config.defaults.toml)
2. User config (~/.provisioning/config.user.toml)
3. Workspace config (workspace/config/provisioning.yaml)
4. Environment config (workspace/config/{env}-defaults.toml)
5. Infrastructure config (workspace/infra/{name}/config.toml)
6. Runtime overrides (CLI flags, ENV variables)
</code></pre>
<p><strong>Variable Interpolation</strong>:</p>
<ul>
<li><code>{{paths.base}}</code> - Path references</li>
<li><code>{{env.HOME}}</code> - Environment variables</li>
<li><code>{{now.date}}</code> - Dynamic values</li>
<li><code>{{git.branch}}</code> - Git context</li>
</ul>
<h4 id="3-orchestrator-rust"><a class="header" href="#3-orchestrator-rust">3. <strong>Orchestrator</strong> (Rust)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/orchestrator/</code></p>
<p><strong>Architecture</strong>:</p>
<pre><code class="language-rust">src/
├── main.rs // Entry point
├── api/
│ ├── routes.rs // HTTP routes
│ ├── workflows.rs // Workflow endpoints
│ └── batch.rs // Batch endpoints
├── workflow/
│ ├── engine.rs // Workflow execution
│ ├── state.rs // State management
│ └── checkpoint.rs // Checkpoint/recovery
├── task_queue/
│ ├── queue.rs // File-based queue
│ ├── priority.rs // Priority scheduling
│ └── retry.rs // Retry logic
├── health/
│ └── monitor.rs // Health checks
├── nushell/
│ └── bridge.rs // Nu execution bridge
└── test_environment/ // Test env management
├── container_manager.rs
├── test_orchestrator.rs
└── topologies.rs</code></pre>
<p><strong>Key Features</strong>:</p>
<ul>
<li>File-based task queue (reliable, simple)</li>
<li>Checkpoint-based recovery</li>
<li>Priority scheduling</li>
<li>REST API (HTTP/WebSocket)</li>
<li>Nushell script execution bridge</li>
</ul>
<h4 id="4-workflow-engine-nushell"><a class="header" href="#4-workflow-engine-nushell">4. <strong>Workflow Engine</strong> (Nushell)</a></h4>
<p><strong>Location</strong>: <code>provisioning/core/nulib/workflows/</code></p>
<p><strong>Workflow Types</strong>:</p>
<pre><code>workflows/
├── server_create.nu // Server provisioning
├── taskserv.nu // Task service management
├── cluster.nu // Cluster deployment
├── batch.nu // Batch operations
└── management.nu // Workflow monitoring
</code></pre>
<p><strong>Batch Workflow Features</strong>:</p>
<ul>
<li>Provider-agnostic (mix AWS, UpCloud, local)</li>
<li>Dependency resolution (hard/soft dependencies)</li>
<li>Parallel execution (configurable limits)</li>
<li>Rollback support</li>
<li>Real-time monitoring</li>
</ul>
<h4 id="5-extension-system"><a class="header" href="#5-extension-system">5. <strong>Extension System</strong></a></h4>
<p><strong>Extension Types</strong>:</p>
<div class="table-wrapper"><table><thead><tr><th>Type</th><th>Count</th><th>Purpose</th><th>Example</th></tr></thead><tbody>
<tr><td><strong>Providers</strong></td><td>3</td><td>Cloud platform integration</td><td>AWS, UpCloud, Local</td></tr>
<tr><td><strong>Task Services</strong></td><td>50+</td><td>Infrastructure components</td><td>Kubernetes, Postgres</td></tr>
<tr><td><strong>Clusters</strong></td><td>10+</td><td>Complete configurations</td><td>Buildkit, Web cluster</td></tr>
</tbody></table>
</div>
<p><strong>Extension Structure</strong>:</p>
<pre><code>extension-name/
├── kcl/
│ ├── kcl.mod // KCL dependencies
│ ├── {name}.k // Main schema
│ ├── version.k // Version management
│ └── dependencies.k // Dependencies
├── scripts/
│ ├── install.nu // Installation logic
│ ├── check.nu // Health check
│ └── uninstall.nu // Cleanup
├── templates/ // Config templates
├── docs/ // Documentation
├── tests/ // Extension tests
└── manifest.yaml // Extension metadata
</code></pre>
<p><strong>OCI Distribution</strong>:
Each extension packaged as OCI artifact:</p>
<ul>
<li>KCL schemas</li>
<li>Nushell scripts</li>
<li>Templates</li>
<li>Documentation</li>
<li>Manifest</li>
</ul>
<h4 id="6-module-and-layer-system"><a class="header" href="#6-module-and-layer-system">6. <strong>Module and Layer System</strong></a></h4>
<p><strong>Module System</strong>:</p>
<pre><code class="language-bash"># Discover available extensions
provisioning module discover taskservs
# Load into workspace
provisioning module load taskserv my-workspace kubernetes containerd
# List loaded modules
provisioning module list taskserv my-workspace
</code></pre>
<p><strong>Layer System</strong> (Configuration Inheritance):</p>
<pre><code>Layer 1: Core (provisioning/extensions/{type}/{name})
Layer 2: Workspace (workspace/extensions/{type}/{name})
Layer 3: Infrastructure (workspace/infra/{infra}/extensions/{type}/{name})
</code></pre>
<p><strong>Resolution Priority</strong>: Infrastructure → Workspace → Core</p>
<h4 id="7-dependency-resolution"><a class="header" href="#7-dependency-resolution">7. <strong>Dependency Resolution</strong></a></h4>
<p><strong>Algorithm</strong>: Topological sort with cycle detection</p>
<p><strong>Features</strong>:</p>
<ul>
<li>Hard dependencies (must exist)</li>
<li>Soft dependencies (optional enhancement)</li>
<li>Conflict detection</li>
<li>Circular dependency prevention</li>
<li>Version compatibility checking</li>
</ul>
<p><strong>Example</strong>:</p>
<pre><code class="language-kcl">import provisioning.dependencies as schema
_dependencies = schema.TaskservDependencies {
name = "kubernetes"
version = "1.28.0"
requires = ["containerd", "etcd", "os"]
optional = ["cilium", "helm"]
conflicts = ["docker", "podman"]
}
</code></pre>
<h4 id="8-service-management"><a class="header" href="#8-service-management">8. <strong>Service Management</strong></a></h4>
<p><strong>Supported Services</strong>:</p>
<div class="table-wrapper"><table><thead><tr><th>Service</th><th>Type</th><th>Category</th><th>Purpose</th></tr></thead><tbody>
<tr><td>orchestrator</td><td>Platform</td><td>Orchestration</td><td>Workflow coordination</td></tr>
<tr><td>control-center</td><td>Platform</td><td>UI</td><td>Web management interface</td></tr>
<tr><td>coredns</td><td>Infrastructure</td><td>DNS</td><td>Local DNS resolution</td></tr>
<tr><td>gitea</td><td>Infrastructure</td><td>Git</td><td>Self-hosted Git service</td></tr>
<tr><td>oci-registry</td><td>Infrastructure</td><td>Registry</td><td>OCI artifact storage</td></tr>
<tr><td>mcp-server</td><td>Platform</td><td>API</td><td>Model Context Protocol</td></tr>
<tr><td>api-gateway</td><td>Platform</td><td>API</td><td>Unified API access</td></tr>
</tbody></table>
</div>
<p><strong>Lifecycle Management</strong>:</p>
<pre><code class="language-bash"># Start all auto-start services
provisioning platform start
# Start specific service (with dependencies)
provisioning platform start orchestrator
# Check health
provisioning platform health
# View logs
provisioning platform logs orchestrator --follow
</code></pre>
<h4 id="9-test-environment-service"><a class="header" href="#9-test-environment-service">9. <strong>Test Environment Service</strong></a></h4>
<p><strong>Architecture</strong>:</p>
<pre><code>User Command (CLI)
Test Orchestrator (Rust)
Container Manager (bollard)
Docker API
Isolated Test Containers
</code></pre>
<p><strong>Test Types</strong>:</p>
<ul>
<li>Single taskserv testing</li>
<li>Server simulation (multiple taskservs)</li>
<li>Multi-node cluster topologies</li>
</ul>
<p><strong>Topology Templates</strong>:</p>
<ul>
<li><code>kubernetes_3node</code> - 3-node HA cluster</li>
<li><code>kubernetes_single</code> - All-in-one K8s</li>
<li><code>etcd_cluster</code> - 3-node etcd</li>
<li><code>postgres_redis</code> - Database stack</li>
</ul>
<hr />
<h2 id="mode-architecture"><a class="header" href="#mode-architecture">Mode Architecture</a></h2>
<h3 id="mode-based-system-overview"><a class="header" href="#mode-based-system-overview">Mode-Based System Overview</a></h3>
<p>The platform supports four operational modes that adapt the system from individual development to enterprise production.</p>
<h3 id="mode-comparison"><a class="header" href="#mode-comparison">Mode Comparison</a></h3>
<pre><code>┌───────────────────────────────────────────────────────────────────────┐
│ MODE ARCHITECTURE │
├───────────────┬───────────────┬───────────────┬───────────────────────┤
│ SOLO │ MULTI-USER │ CI/CD │ ENTERPRISE │
├───────────────┼───────────────┼───────────────┼───────────────────────┤
│ │ │ │ │
│ Single Dev │ Team (5-20) │ Pipelines │ Production │
│ │ │ │ │
│ ┌─────────┐ │ ┌──────────┐ │ ┌──────────┐ │ ┌──────────────────┐ │
│ │ No Auth │ │ │Token(JWT)│ │ │Token(1h) │ │ │ mTLS (TLS 1.3) │ │
│ └─────────┘ │ └──────────┘ │ └──────────┘ │ └──────────────────┘ │
│ │ │ │ │
│ ┌─────────┐ │ ┌──────────┐ │ ┌──────────┐ │ ┌──────────────────┐ │
│ │ Local │ │ │ Remote │ │ │ Remote │ │ │ Kubernetes (HA) │ │
│ │ Binary │ │ │ Docker │ │ │ K8s │ │ │ Multi-AZ │ │
│ └─────────┘ │ └──────────┘ │ └──────────┘ │ └──────────────────┘ │
│ │ │ │ │
│ ┌─────────┐ │ ┌──────────┐ │ ┌──────────┐ │ ┌──────────────────┐ │
│ │ Local │ │ │ OCI (Zot)│ │ │OCI(Harbor│ │ │ OCI (Harbor HA) │ │
│ │ Files │ │ │ or Harbor│ │ │ required)│ │ │ + Replication │ │
│ └─────────┘ │ └──────────┘ │ └──────────┘ │ └──────────────────┘ │
│ │ │ │ │
│ ┌─────────┐ │ ┌──────────┐ │ ┌──────────┐ │ ┌──────────────────┐ │
│ │ None │ │ │ Gitea │ │ │ Disabled │ │ │ etcd (mandatory) │ │
│ │ │ │ │(optional)│ │ │ (stateless) │ │ │ │
│ └─────────┘ │ └──────────┘ │ └──────────┘ │ └──────────────────┘ │
│ │ │ │ │
│ Unlimited │ 10 srv, 32 │ 5 srv, 16 │ 20 srv, 64 cores │
│ │ cores, 128GB │ cores, 64GB │ 256GB per user │
│ │ │ │ │
└───────────────┴───────────────┴───────────────┴───────────────────────┘
</code></pre>
<h3 id="mode-configuration"><a class="header" href="#mode-configuration">Mode Configuration</a></h3>
<p><strong>Mode Templates</strong>: <code>workspace/config/modes/{mode}.yaml</code></p>
<p><strong>Active Mode</strong>: <code>~/.provisioning/config/active-mode.yaml</code></p>
<p><strong>Switching Modes</strong>:</p>
<pre><code class="language-bash"># Check current mode
provisioning mode current
# Switch to another mode
provisioning mode switch multi-user
# Validate mode requirements
provisioning mode validate enterprise
</code></pre>
<h3 id="mode-specific-workflows"><a class="header" href="#mode-specific-workflows">Mode-Specific Workflows</a></h3>
<h4 id="solo-mode"><a class="header" href="#solo-mode">Solo Mode</a></h4>
<pre><code class="language-bash"># 1. Default mode, no setup needed
provisioning workspace init
# 2. Start local orchestrator
provisioning platform start orchestrator
# 3. Create infrastructure
provisioning server create
</code></pre>
<h4 id="multi-user-mode"><a class="header" href="#multi-user-mode">Multi-User Mode</a></h4>
<pre><code class="language-bash"># 1. Switch mode and authenticate
provisioning mode switch multi-user
provisioning auth login
# 2. Lock workspace
provisioning workspace lock my-infra
# 3. Pull extensions from OCI
provisioning extension pull upcloud kubernetes
# 4. Work...
# 5. Unlock workspace
provisioning workspace unlock my-infra
</code></pre>
<h4 id="cicd-mode"><a class="header" href="#cicd-mode">CI/CD Mode</a></h4>
<pre><code class="language-yaml"># GitLab CI
deploy:
stage: deploy
script:
- export PROVISIONING_MODE=cicd
- echo "$TOKEN" &gt; /var/run/secrets/provisioning/token
- provisioning validate --all
- provisioning test quick kubernetes
- provisioning server create --check
- provisioning server create
after_script:
- provisioning workspace cleanup
</code></pre>
<h4 id="enterprise-mode"><a class="header" href="#enterprise-mode">Enterprise Mode</a></h4>
<pre><code class="language-bash"># 1. Switch to enterprise, verify K8s
provisioning mode switch enterprise
kubectl get pods -n provisioning-system
# 2. Request workspace (approval required)
provisioning workspace request prod-deployment
# 3. After approval, lock with etcd
provisioning workspace lock prod-deployment --provider etcd
# 4. Pull verified extensions
provisioning extension pull upcloud --verify-signature
# 5. Deploy
provisioning infra create --check
provisioning infra create
# 6. Release
provisioning workspace unlock prod-deployment
</code></pre>
<hr />
<h2 id="network-architecture"><a class="header" href="#network-architecture">Network Architecture</a></h2>
<h3 id="service-communication"><a class="header" href="#service-communication">Service Communication</a></h3>
<pre><code>┌──────────────────────────────────────────────────────────────────────┐
│ NETWORK LAYER │
├──────────────────────────────────────────────────────────────────────┤
│ │
│ ┌───────────────────────┐ ┌──────────────────────────┐ │
│ │ Ingress/Load │ │ API Gateway │ │
│ │ Balancer │──────────│ (Optional) │ │
│ └───────────────────────┘ └──────────────────────────┘ │
│ │ │ │
│ │ │ │
│ ┌───────────┴────────────────────────────────────┴──────────┐ │
│ │ Service Mesh (Optional) │ │
│ │ (mTLS, Circuit Breaking, Retries) │ │
│ └────┬──────────┬───────────┬────────────┬──────────────┬───┘ │
│ │ │ │ │ │ │
│ ┌────┴─────┐ ┌─┴────────┐ ┌┴─────────┐ ┌┴──────────┐ ┌┴───────┐ │
│ │ Orchestr │ │ Control │ │ CoreDNS │ │ Gitea │ │ OCI │ │
│ │ ator │ │ Center │ │ │ │ │ │Registry│ │
│ │ │ │ │ │ │ │ │ │ │ │
│ │ :9090 │ │ :3000 │ │ :5353 │ │ :3001 │ │ :5000 │ │
│ └──────────┘ └──────────┘ └──────────┘ └───────────┘ └────────┘ │
│ │
│ ┌────────────────────────────────────────────────────────────┐ │
│ │ DNS Resolution (CoreDNS) │ │
│ │ • *.prov.local → Internal services │ │
│ │ • *.infra.local → Infrastructure nodes │ │
│ └────────────────────────────────────────────────────────────┘ │
│ │
└──────────────────────────────────────────────────────────────────────┘
</code></pre>
<h3 id="port-allocation"><a class="header" href="#port-allocation">Port Allocation</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Service</th><th>Port</th><th>Protocol</th><th>Purpose</th></tr></thead><tbody>
<tr><td>Orchestrator</td><td>8080</td><td>HTTP/WS</td><td>REST API, WebSocket</td></tr>
<tr><td>Control Center</td><td>3000</td><td>HTTP</td><td>Web UI</td></tr>
<tr><td>CoreDNS</td><td>5353</td><td>UDP/TCP</td><td>DNS resolution</td></tr>
<tr><td>Gitea</td><td>3001</td><td>HTTP</td><td>Git operations</td></tr>
<tr><td>OCI Registry (Zot)</td><td>5000</td><td>HTTP</td><td>OCI artifacts</td></tr>
<tr><td>OCI Registry (Harbor)</td><td>443</td><td>HTTPS</td><td>OCI artifacts (prod)</td></tr>
<tr><td>MCP Server</td><td>8081</td><td>HTTP</td><td>MCP protocol</td></tr>
<tr><td>API Gateway</td><td>8082</td><td>HTTP</td><td>Unified API</td></tr>
</tbody></table>
</div>
<h3 id="network-security"><a class="header" href="#network-security">Network Security</a></h3>
<p><strong>Solo Mode</strong>:</p>
<ul>
<li>Localhost-only bindings</li>
<li>No authentication</li>
<li>No encryption</li>
</ul>
<p><strong>Multi-User Mode</strong>:</p>
<ul>
<li>Token-based authentication (JWT)</li>
<li>TLS for external access</li>
<li>Firewall rules</li>
</ul>
<p><strong>CI/CD Mode</strong>:</p>
<ul>
<li>Token authentication (short-lived)</li>
<li>Full TLS encryption</li>
<li>Network isolation</li>
</ul>
<p><strong>Enterprise Mode</strong>:</p>
<ul>
<li>mTLS for all connections</li>
<li>Network policies (Kubernetes)</li>
<li>Zero-trust networking</li>
<li>Audit logging</li>
</ul>
<hr />
<h2 id="data-architecture"><a class="header" href="#data-architecture">Data Architecture</a></h2>
<h3 id="data-storage"><a class="header" href="#data-storage">Data Storage</a></h3>
<pre><code>┌────────────────────────────────────────────────────────────────┐
│ DATA LAYER │
├────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Configuration Data (Hierarchical) │ │
│ │ │ │
│ │ ~/.provisioning/ │ │
│ │ ├── config.user.toml (User preferences) │ │
│ │ └── config/ │ │
│ │ ├── active-mode.yaml (Active mode) │ │
│ │ └── user_config.yaml (Workspaces, preferences) │ │
│ │ │ │
│ │ workspace/ │ │
│ │ ├── config/ │ │
│ │ │ ├── provisioning.yaml (Workspace config) │ │
│ │ │ └── modes/*.yaml (Mode templates) │ │
│ │ └── infra/{name}/ │ │
│ │ ├── settings.k (Infrastructure KCL) │ │
│ │ └── config.toml (Infra-specific) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ State Data (Runtime) │ │
│ │ │ │
│ │ ~/.provisioning/orchestrator/data/ │ │
│ │ ├── tasks/ (Task queue) │ │
│ │ ├── workflows/ (Workflow state) │ │
│ │ └── checkpoints/ (Recovery points) │ │
│ │ │ │
│ │ ~/.provisioning/services/ │ │
│ │ ├── pids/ (Process IDs) │ │
│ │ ├── logs/ (Service logs) │ │
│ │ └── state/ (Service state) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Cache Data (Performance) │ │
│ │ │ │
│ │ ~/.provisioning/cache/ │ │
│ │ ├── oci/ (OCI artifacts) │ │
│ │ ├── kcl/ (Compiled KCL) │ │
│ │ └── modules/ (Module cache) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Extension Data (OCI Artifacts) │ │
│ │ │ │
│ │ OCI Registry (localhost:5000 or harbor.company.com) │ │
│ │ ├── provisioning-core:v3.5.0 │ │
│ │ ├── provisioning-extensions/ │ │
│ │ │ ├── kubernetes:1.28.0 │ │
│ │ │ ├── aws:2.0.0 │ │
│ │ │ └── (100+ artifacts) │ │
│ │ └── provisioning-platform/ │ │
│ │ ├── orchestrator:v1.2.0 │ │
│ │ └── (4 service images) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Secrets (Encrypted) │ │
│ │ │ │
│ │ workspace/secrets/ │ │
│ │ ├── keys.yaml.enc (SOPS-encrypted) │ │
│ │ ├── ssh-keys/ (SSH keys) │ │
│ │ └── tokens/ (API tokens) │ │
│ │ │ │
│ │ KMS Integration (Enterprise): │ │
│ │ • AWS KMS │ │
│ │ • HashiCorp Vault │ │
│ │ • Age encryption (local) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
└────────────────────────────────────────────────────────────────┘
</code></pre>
<h3 id="data-flow"><a class="header" href="#data-flow">Data Flow</a></h3>
<p><strong>Configuration Loading</strong>:</p>
<pre><code>1. Load system defaults (config.defaults.toml)
2. Merge user config (~/.provisioning/config.user.toml)
3. Load workspace config (workspace/config/provisioning.yaml)
4. Load environment config (workspace/config/{env}-defaults.toml)
5. Load infrastructure config (workspace/infra/{name}/config.toml)
6. Apply runtime overrides (ENV variables, CLI flags)
</code></pre>
<p><strong>State Persistence</strong>:</p>
<pre><code>Workflow execution
Create checkpoint (JSON)
Save to ~/.provisioning/orchestrator/data/checkpoints/
On failure, load checkpoint and resume
</code></pre>
<p><strong>OCI Artifact Flow</strong>:</p>
<pre><code>1. Package extension (oci-package.nu)
2. Push to OCI registry (provisioning oci push)
3. Extension stored as OCI artifact
4. Pull when needed (provisioning oci pull)
5. Cache locally (~/.provisioning/cache/oci/)
</code></pre>
<hr />
<h2 id="security-architecture"><a class="header" href="#security-architecture">Security Architecture</a></h2>
<h3 id="security-layers"><a class="header" href="#security-layers">Security Layers</a></h3>
<pre><code>┌─────────────────────────────────────────────────────────────────┐
│ SECURITY ARCHITECTURE │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Layer 1: Authentication &amp; Authorization │ │
│ │ │ │
│ │ Solo: None (local development) │ │
│ │ Multi-user: JWT tokens (24h expiry) │ │
│ │ CI/CD: CI-injected tokens (1h expiry) │ │
│ │ Enterprise: mTLS (TLS 1.3, mutual auth) │ │
│ └────────────────────────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Layer 2: Encryption │ │
│ │ │ │
│ │ In Transit: │ │
│ │ • TLS 1.3 (multi-user, CI/CD, enterprise) │ │
│ │ • mTLS (enterprise) │ │
│ │ │ │
│ │ At Rest: │ │
│ │ • SOPS + Age (secrets encryption) │ │
│ │ • KMS integration (CI/CD, enterprise) │ │
│ │ • Encrypted filesystems (enterprise) │ │
│ └────────────────────────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Layer 3: Secret Management │ │
│ │ │ │
│ │ • SOPS for file encryption │ │
│ │ • Age for key management │ │
│ │ • KMS integration (AWS KMS, Vault) │ │
│ │ • SSH key storage (KMS-backed) │ │
│ │ • API token management │ │
│ └────────────────────────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Layer 4: Access Control │ │
│ │ │ │
│ │ • RBAC (Role-Based Access Control) │ │
│ │ • Workspace isolation │ │
│ │ • Workspace locking (Gitea, etcd) │ │
│ │ • Resource quotas (per-user limits) │ │
│ └────────────────────────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Layer 5: Network Security │ │
│ │ │ │
│ │ • Network policies (Kubernetes) │ │
│ │ • Firewall rules │ │
│ │ • Zero-trust networking (enterprise) │ │
│ │ • Service mesh (optional, mTLS) │ │
│ └────────────────────────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Layer 6: Audit &amp; Compliance │ │
│ │ │ │
│ │ • Audit logs (all operations) │ │
│ │ • Compliance policies (SOC2, ISO27001) │ │
│ │ • Image signing (cosign, notation) │ │
│ │ • Vulnerability scanning (Harbor) │ │
│ └────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
</code></pre>
<h3 id="secret-management"><a class="header" href="#secret-management">Secret Management</a></h3>
<p><strong>SOPS Integration</strong>:</p>
<pre><code class="language-bash"># Edit encrypted file
provisioning sops workspace/secrets/keys.yaml.enc
# Encryption happens automatically on save
# Decryption happens automatically on load
</code></pre>
<p><strong>KMS Integration</strong> (Enterprise):</p>
<pre><code class="language-yaml"># workspace/config/provisioning.yaml
secrets:
provider: "kms"
kms:
type: "aws" # or "vault"
region: "us-east-1"
key_id: "arn:aws:kms:..."
</code></pre>
<h3 id="image-signing-and-verification"><a class="header" href="#image-signing-and-verification">Image Signing and Verification</a></h3>
<p><strong>CI/CD Mode</strong> (Required):</p>
<pre><code class="language-bash"># Sign OCI artifact
cosign sign oci://registry/kubernetes:1.28.0
# Verify signature
cosign verify oci://registry/kubernetes:1.28.0
</code></pre>
<p><strong>Enterprise Mode</strong> (Mandatory):</p>
<pre><code class="language-bash"># Pull with verification
provisioning extension pull kubernetes --verify-signature
# System blocks unsigned artifacts
</code></pre>
<hr />
<h2 id="deployment-architecture"><a class="header" href="#deployment-architecture">Deployment Architecture</a></h2>
<h3 id="deployment-modes"><a class="header" href="#deployment-modes">Deployment Modes</a></h3>
<h4 id="1-binary-deployment-solo-multi-user"><a class="header" href="#1-binary-deployment-solo-multi-user">1. <strong>Binary Deployment</strong> (Solo, Multi-user)</a></h4>
<pre><code>User Machine
├── ~/.provisioning/bin/
│ ├── provisioning-orchestrator
│ ├── provisioning-control-center
│ └── ...
├── ~/.provisioning/orchestrator/data/
├── ~/.provisioning/services/
└── Process Management (PID files, logs)
</code></pre>
<p><strong>Pros</strong>: Simple, fast startup, no Docker dependency
<strong>Cons</strong>: Platform-specific binaries, manual updates</p>
<h4 id="2-docker-deployment-multi-user-cicd"><a class="header" href="#2-docker-deployment-multi-user-cicd">2. <strong>Docker Deployment</strong> (Multi-user, CI/CD)</a></h4>
<pre><code>Docker Daemon
├── Container: provisioning-orchestrator
├── Container: provisioning-control-center
├── Container: provisioning-coredns
├── Container: provisioning-gitea
├── Container: provisioning-oci-registry
└── Volumes: ~/.provisioning/data/
</code></pre>
<p><strong>Pros</strong>: Consistent environment, easy updates
<strong>Cons</strong>: Requires Docker, resource overhead</p>
<h4 id="3-docker-compose-deployment-multi-user"><a class="header" href="#3-docker-compose-deployment-multi-user">3. <strong>Docker Compose Deployment</strong> (Multi-user)</a></h4>
<pre><code class="language-yaml"># provisioning/platform/docker-compose.yaml
services:
orchestrator:
image: provisioning-platform/orchestrator:v1.2.0
ports:
- "8080:9090"
volumes:
- orchestrator-data:/data
control-center:
image: provisioning-platform/control-center:v1.2.0
ports:
- "3000:3000"
depends_on:
- orchestrator
coredns:
image: coredns/coredns:1.11.1
ports:
- "5353:53/udp"
gitea:
image: gitea/gitea:1.20
ports:
- "3001:3000"
oci-registry:
image: ghcr.io/project-zot/zot:latest
ports:
- "5000:5000"
</code></pre>
<p><strong>Pros</strong>: Easy multi-service orchestration, declarative
<strong>Cons</strong>: Local only, no HA</p>
<h4 id="4-kubernetes-deployment-cicd-enterprise"><a class="header" href="#4-kubernetes-deployment-cicd-enterprise">4. <strong>Kubernetes Deployment</strong> (CI/CD, Enterprise)</a></h4>
<pre><code class="language-yaml"># Namespace: provisioning-system
apiVersion: apps/v1
kind: Deployment
metadata:
name: orchestrator
spec:
replicas: 3 # HA
selector:
matchLabels:
app: orchestrator
template:
metadata:
labels:
app: orchestrator
spec:
containers:
- name: orchestrator
image: harbor.company.com/provisioning-platform/orchestrator:v1.2.0
ports:
- containerPort: 8080
env:
- name: RUST_LOG
value: "info"
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
httpGet:
path: /health
port: 8080
readinessProbe:
httpGet:
path: /health
port: 8080
volumes:
- name: data
persistentVolumeClaim:
claimName: orchestrator-data
</code></pre>
<p><strong>Pros</strong>: HA, scalability, production-ready
<strong>Cons</strong>: Complex setup, Kubernetes required</p>
<h4 id="5-remote-deployment-all-modes"><a class="header" href="#5-remote-deployment-all-modes">5. <strong>Remote Deployment</strong> (All modes)</a></h4>
<pre><code class="language-yaml"># Connect to remotely-running services
services:
orchestrator:
deployment:
mode: "remote"
remote:
endpoint: "https://orchestrator.company.com"
tls_enabled: true
auth_token_path: "~/.provisioning/tokens/orchestrator.token"
</code></pre>
<p><strong>Pros</strong>: No local resources, centralized
<strong>Cons</strong>: Network dependency, latency</p>
<hr />
<h2 id="integration-architecture"><a class="header" href="#integration-architecture">Integration Architecture</a></h2>
<h3 id="integration-patterns"><a class="header" href="#integration-patterns">Integration Patterns</a></h3>
<h4 id="1-hybrid-language-integration-rust--nushell"><a class="header" href="#1-hybrid-language-integration-rust--nushell">1. <strong>Hybrid Language Integration</strong> (Rust ↔ Nushell)</a></h4>
<pre><code>Rust Orchestrator
↓ (HTTP API)
Nushell CLI
↓ (exec via bridge)
Nushell Business Logic
↓ (returns JSON)
Rust Orchestrator
↓ (updates state)
File-based Task Queue
</code></pre>
<p><strong>Communication</strong>: HTTP API + stdin/stdout JSON</p>
<h4 id="2-provider-abstraction"><a class="header" href="#2-provider-abstraction">2. <strong>Provider Abstraction</strong></a></h4>
<pre><code>Unified Provider Interface
├── create_server(config) -&gt; Server
├── delete_server(id) -&gt; bool
├── list_servers() -&gt; [Server]
└── get_server_status(id) -&gt; Status
Provider Implementations:
├── AWS Provider (aws-sdk-rust, aws cli)
├── UpCloud Provider (upcloud API)
└── Local Provider (Docker, libvirt)
</code></pre>
<h4 id="3-oci-registry-integration"><a class="header" href="#3-oci-registry-integration">3. <strong>OCI Registry Integration</strong></a></h4>
<pre><code>Extension Development
Package (oci-package.nu)
Push (provisioning oci push)
OCI Registry (Zot/Harbor)
Pull (provisioning oci pull)
Cache (~/.provisioning/cache/oci/)
Load into Workspace
</code></pre>
<h4 id="4-gitea-integration-multi-user-enterprise"><a class="header" href="#4-gitea-integration-multi-user-enterprise">4. <strong>Gitea Integration</strong> (Multi-user, Enterprise)</a></h4>
<pre><code>Workspace Operations
Check Lock Status (Gitea API)
Acquire Lock (Create lock file in Git)
Perform Changes
Commit + Push
Release Lock (Delete lock file)
</code></pre>
<p><strong>Benefits</strong>:</p>
<ul>
<li>Distributed locking</li>
<li>Change tracking via Git history</li>
<li>Collaboration features</li>
</ul>
<h4 id="5-coredns-integration"><a class="header" href="#5-coredns-integration">5. <strong>CoreDNS Integration</strong></a></h4>
<pre><code>Service Registration
Update CoreDNS Corefile
Reload CoreDNS
DNS Resolution Available
Zones:
├── *.prov.local (Internal services)
├── *.infra.local (Infrastructure nodes)
└── *.test.local (Test environments)
</code></pre>
<hr />
<h2 id="performance-and-scalability"><a class="header" href="#performance-and-scalability">Performance and Scalability</a></h2>
<h3 id="performance-characteristics"><a class="header" href="#performance-characteristics">Performance Characteristics</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Metric</th><th>Value</th><th>Notes</th></tr></thead><tbody>
<tr><td><strong>CLI Startup Time</strong></td><td>&lt; 100ms</td><td>Nushell cold start</td></tr>
<tr><td><strong>CLI Response Time</strong></td><td>&lt; 50ms</td><td>Most commands</td></tr>
<tr><td><strong>Workflow Submission</strong></td><td>&lt; 200ms</td><td>To orchestrator</td></tr>
<tr><td><strong>Task Processing</strong></td><td>10-50/sec</td><td>Orchestrator throughput</td></tr>
<tr><td><strong>Batch Operations</strong></td><td>Up to 100 servers</td><td>Parallel execution</td></tr>
<tr><td><strong>OCI Pull Time</strong></td><td>1-5s</td><td>Cached: &lt;100ms</td></tr>
<tr><td><strong>Configuration Load</strong></td><td>&lt; 500ms</td><td>Full hierarchy</td></tr>
<tr><td><strong>Health Check Interval</strong></td><td>10s</td><td>Configurable</td></tr>
</tbody></table>
</div>
<h3 id="scalability-limits"><a class="header" href="#scalability-limits">Scalability Limits</a></h3>
<p><strong>Solo Mode</strong>:</p>
<ul>
<li>Unlimited local resources</li>
<li>Limited by machine capacity</li>
</ul>
<p><strong>Multi-User Mode</strong>:</p>
<ul>
<li>10 servers per user</li>
<li>32 cores, 128GB RAM per user</li>
<li>5-20 concurrent users</li>
</ul>
<p><strong>CI/CD Mode</strong>:</p>
<ul>
<li>5 servers per pipeline</li>
<li>16 cores, 64GB RAM per pipeline</li>
<li>100+ concurrent pipelines</li>
</ul>
<p><strong>Enterprise Mode</strong>:</p>
<ul>
<li>20 servers per user</li>
<li>64 cores, 256GB RAM per user</li>
<li>1000+ concurrent users</li>
<li>Horizontal scaling via Kubernetes</li>
</ul>
<h3 id="optimization-strategies"><a class="header" href="#optimization-strategies">Optimization Strategies</a></h3>
<p><strong>Caching</strong>:</p>
<ul>
<li>OCI artifacts cached locally</li>
<li>KCL compilation cached</li>
<li>Module resolution cached</li>
</ul>
<p><strong>Parallel Execution</strong>:</p>
<ul>
<li>Batch operations with configurable limits</li>
<li>Dependency-aware parallel starts</li>
<li>Workflow DAG execution</li>
</ul>
<p><strong>Incremental Operations</strong>:</p>
<ul>
<li>Only update changed resources</li>
<li>Checkpoint-based recovery</li>
<li>Delta synchronization</li>
</ul>
<hr />
<h2 id="evolution-and-roadmap"><a class="header" href="#evolution-and-roadmap">Evolution and Roadmap</a></h2>
<h3 id="version-history"><a class="header" href="#version-history">Version History</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Version</th><th>Date</th><th>Major Features</th></tr></thead><tbody>
<tr><td><strong>v3.5.0</strong></td><td>2025-10-06</td><td>Mode system, OCI distribution, comprehensive docs</td></tr>
<tr><td><strong>v3.4.0</strong></td><td>2025-10-06</td><td>Test environment service</td></tr>
<tr><td><strong>v3.3.0</strong></td><td>2025-09-30</td><td>Interactive guides</td></tr>
<tr><td><strong>v3.2.0</strong></td><td>2025-09-30</td><td>Modular CLI refactoring</td></tr>
<tr><td><strong>v3.1.0</strong></td><td>2025-09-25</td><td>Batch workflow system</td></tr>
<tr><td><strong>v3.0.0</strong></td><td>2025-09-25</td><td>Hybrid orchestrator</td></tr>
<tr><td><strong>v2.0.5</strong></td><td>2025-10-02</td><td>Workspace switching</td></tr>
<tr><td><strong>v2.0.0</strong></td><td>2025-09-23</td><td>Configuration migration</td></tr>
</tbody></table>
</div>
<h3 id="roadmap-future-versions"><a class="header" href="#roadmap-future-versions">Roadmap (Future Versions)</a></h3>
<p><strong>v3.6.0</strong> (Q1 2026):</p>
<ul>
<li>GraphQL API</li>
<li>Advanced RBAC</li>
<li>Multi-tenancy</li>
<li>Observability enhancements (OpenTelemetry)</li>
</ul>
<p><strong>v4.0.0</strong> (Q2 2026):</p>
<ul>
<li>Multi-repository split complete</li>
<li>Extension marketplace</li>
<li>Advanced workflow features (conditional execution, loops)</li>
<li>Cost optimization engine</li>
</ul>
<p><strong>v4.1.0</strong> (Q3 2026):</p>
<ul>
<li>AI-assisted infrastructure generation</li>
<li>Policy-as-code (OPA integration)</li>
<li>Advanced compliance features</li>
</ul>
<p><strong>Long-term Vision</strong>:</p>
<ul>
<li>Serverless workflow execution</li>
<li>Edge computing support</li>
<li>Multi-cloud failover</li>
<li>Self-healing infrastructure</li>
</ul>
<hr />
<h2 id="related-documentation"><a class="header" href="#related-documentation">Related Documentation</a></h2>
<h3 id="architecture"><a class="header" href="#architecture">Architecture</a></h3>
<ul>
<li><strong><a href="MULTI_REPO_ARCHITECTURE.html">Multi-Repo Architecture</a></strong> - Repository organization</li>
<li><strong><a href="design-principles.html">Design Principles</a></strong> - Architectural philosophy</li>
<li><strong><a href="integration-patterns.html">Integration Patterns</a></strong> - Integration details</li>
<li><strong><a href="orchestrator-integration-model.html">Orchestrator Model</a></strong> - Hybrid orchestration</li>
</ul>
<h3 id="adrs"><a class="header" href="#adrs">ADRs</a></h3>
<ul>
<li><strong><a href="adr/ADR-001-project-structure.html">ADR-001</a></strong> - Project structure</li>
<li><strong><a href="adr/ADR-002-distribution-strategy.html">ADR-002</a></strong> - Distribution strategy</li>
<li><strong><a href="adr/ADR-003-workspace-isolation.html">ADR-003</a></strong> - Workspace isolation</li>
<li><strong><a href="adr/ADR-004-hybrid-architecture.html">ADR-004</a></strong> - Hybrid architecture</li>
<li><strong><a href="adr/ADR-005-extension-framework.html">ADR-005</a></strong> - Extension framework</li>
<li><strong><a href="adr/ADR-006-provisioning-cli-refactoring.html">ADR-006</a></strong> - CLI refactoring</li>
</ul>
<h3 id="user-guides"><a class="header" href="#user-guides">User Guides</a></h3>
<ul>
<li><strong><a href="../user/getting-started.html">Getting Started</a></strong> - First steps</li>
<li><strong><a href="../user/MODE_SYSTEM_QUICK_REFERENCE.html">Mode System</a></strong> - Modes overview</li>
<li><strong><a href="../user/SERVICE_MANAGEMENT_GUIDE.html">Service Management</a></strong> - Services</li>
<li><strong><a href="../user/OCI_REGISTRY_GUIDE.html">OCI Registry</a></strong> - OCI operations</li>
</ul>
<hr />
<p><strong>Maintained By</strong>: Architecture Team
<strong>Review Cycle</strong>: Quarterly
<strong>Next Review</strong>: 2026-01-06</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../user/PLUGIN_INTEGRATION_GUIDE.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../architecture/integration-patterns.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../user/PLUGIN_INTEGRATION_GUIDE.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../architecture/integration-patterns.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<!-- Livereload script (if served using the cli tool) -->
<script>
const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload";
const socket = new WebSocket(wsAddress);
socket.onmessage = function (event) {
if (event.data === "reload") {
socket.close();
location.reload();
}
};
window.onbeforeunload = function() {
socket.close();
}
</script>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink