JavaScript must be enabled to correctly display this content

The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.

Chapter 3 Architecture

Oracle Cloud Native Environment is built from a number of discrete components. You interact with the environment directly using the Platform CLI. The Platform API Server interacts with the Platform Agent on each Kubernetes node. The Platform Agent is responsible for handling host-level operations on behalf of the Platform API Server.

Figure 3.1 Architecture

This figure shows the Oracle Cloud Native Environment architecture, which consists of the Platform CLI, connecting to the Platform API Server, which then connects to the Platform Agent on each node. Authentication is performed between each node type.

Click to view larger image ocne-architecture.png

3.1 Platform API Server

The Platform API Server performs the business logic and manages all entities, from hosts to microservices. The Platform API Server is responsible for managing the state of the environment, including the deployment and configuration of modules to one or more nodes in a cluster.

3.2 Platform Agent

The Platform Agent runs on each host to proxy requests from the Platform API Server to small worker applications. The primary reason for this is to make sure the Platform Agent process uses as little memory as possible. The Platform Agent refers to the union of the Platform Agent process and associated worker applications.

The Platform Agent knows how to gather the state of resources on its host and to change the state of those resources. That is, the Platform Agent knows if a firewall port is open or closed, or if a package is installed and at which version. It also knows how to close that port if it is open, upgrade the package if it is old, or install the package if it is not installed.

3.3 Platform CLI

The Platform CLI is used to communicate with the Platform API Server. The Platform CLI is a simple application (the olcnectl command) that converts the input to Platform API Server calls. No business logic takes place in the Platform CLI. Parsing of the commands entered into the Platform CLI takes place in the Platform API Server.

The Platform CLI must be installed on an operator node. The operator node is used to deploy an environment.

3.4 Authentication

Standard X.509 certificates are used to establish node identity and authentication. The Platform API Server, Platform CLI and the Platform Agent on Kubernetes nodes require a valid certificate chain that allow each component to mutually authenticate. Without these certificates, connections between the components and nodes are rejected.

X.509 certificates can be created and distributed manually, or using an authentication server such as Vault by HashiCorp.