1. Concepts for Release 1.7
  2. Architecture

3 Architecture

Oracle Cloud Native Environment is built from several discrete components. You interact with the environment directly using the Platform CLI. The Platform API Server interacts with the Platform Agent on each Kubernetes node. The Platform Agent is responsible for handling host-level operations on behalf of the Platform API Server.

Figure 3-1 Architecture


This figure shows the Oracle Cloud Native Environment architecture, which consists of the Platform CLI, connecting to the Platform API Server, which then connects to the Platform Agent on each node. Authentication is performed between each node type.

Platform API Server

The Platform API Server performs the business logic and manages all entities, from hosts to microservices. The Platform API Server is responsible for managing the state of the environment, including the deployment, and configuration of modules to one or more nodes in a cluster.

Platform Agent

The Platform Agent runs on each host to proxy requests from the Platform API Server to small worker applications. The primary reason for this is to ensure the Platform Agent process uses as little memory as possible. The Platform Agent refers to the union of the Platform Agent process and associated worker applications.

The Platform Agent knows how to gather the state of resources on its host and to change the state of those resources. The Platform Agent knows if a firewall port is open or closed, or if a package is installed and at which version. It also knows how to close that port if it's open, upgrade the package if it's old, or install the package if it's not installed.

Platform CLI

The Platform CLI is used to communicate with the Platform API Server. The Platform CLI is an application (the olcnectl command) that converts the input to Platform API Server calls. No business logic takes place in the Platform CLI. Parsing of the commands entered into the Platform CLI takes place in the Platform API Server.

The Platform CLI must be installed on an operator node.

Authentication

Standard X.509 certificates are used to establish node identity and authentication. The Platform API Server, Platform CLI, and the Platform Agent on Kubernetes nodes require a valid certificate chain for each component to mutually authenticate. Without these certificates, connections between the components and nodes are rejected.

X.509 certificates can be created and distributed manually, or using an authentication server such as Vault by HashiCorp.