Architecture

Platform Overview

Kloudlite platform consists of graphql federation on top of APIs. This graphql will serve frontend portal and Kloudlite CLI.

APIs will take care of managing the resources and configurations across the network.

All communication with the clusters is done through the Message Office, which operates on top of the NATS streaming server. Within each cluster, the Kloudlite agent and operators are responsible for reconciling resources and configurations.

Kloudlite APIs also serve DNS queries for service discovery in the network.

Network Overview

Kloudlite creates a secure wireguard network for each team. All the clusters and devices in the team are part of this network connected via wireguard edge gateway.

Kloudlite will reconcile and sync the configurations across the network. All the apps in environments and managed services created in the team will be accessable from any other workload running in the network.

Each pod and device is assigned a unique IP address, and all services are exposed with a unique IP, ensuring seamless access and communication.

Note: To avoid any conflicts with existing networks, all the ip addresses are in a private range of 100.64.0.0/10.

All devices, clusters and developer's workspaces of a team are connected to wireguard mesh

In kubernetes clusters all apps in the environments and workloads of managed services are connected to wireguard mesh via wireguard gateway. And all the services managed by kloudlite will be exposed to wireguard network via reverse proxy running in gateway container

Note: Workspace is connected to wireguard mesh as a wireguard device.

App Intercept

Apps in the environment can be intercepted and traffic can be redirected to any other ip in the network. This allows developers to test and debug the apps running in the environment with out building and deploying the code.

Service Discovery

To ensure the service discovery, all the apps in the environment and managed serivces are registered with the DNS server. This DNS service is in turn exposed to for public access. Now All the domains can be resolved to ips inside the VPN network with out any DNS configurations on the developer's machine.