Skip to main content

Containers - Deployment model

This view presents a bird's-eye view of the system, showing how the different components are deployed and how they relate with each other.

architecture-deployment_2.svg

The components with dashed borders refer to components that are not necessary to deploy FA Platform.

Cloud / IaaS / Data center

The FA platform is designed to run on cloud provider. The platform is designed to be flexible and to be able to run on other cloud and service providers, as well as on-premises.

Kubernetes

The FA platform is deployed on Kubernetes via utilizing Helm to manage the installation. Kubernetes is a container orchestration system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes is an open-source system originally designed by Google and is maintained by the Cloud Native Computing Foundation. The workloads are automatically spread across multiple nodes in a cluster. These nodes are virtual or physical machines, depending on the cluster.

Supportive services

Supportive services are services that are not part of the FA platform but are used to support the features of the platform.

  • Proxy layer. The proxy layer consists of Istio – a service mesh that layers transparently onto existing distributed applications. It is responsible for traffic management, policy enforcement, and telemetry collection. Istio is a platform to connect, manage, and secure microservices. Istio provides a straightforward way to create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more, without requiring any changes in service code. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data. Istio’s control plane provides an abstract layer over the underlying cluster management platform, such as Kubernetes.

  • Security scanning. The security scanning service is deployed on our Kubernetes services to monitor CVE and other configuration security issues. The CVE detection service is a simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for CI. It detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Maven, npm, yarn, etc.).

  • Scaling service. The scaling service consists of KEDA which is a Kubernetes-based event-driven autoscaling component. It provides event-driven scale for any container running in Kubernetes. KEDA can monitor event sources like Kafka, RabbitMQ, Azure Queue Storage, and many more, and then scale the related deployments and jobs. KEDA is a community-driven project, and it is maintained by Microsoft and Red Hat.

  • Certificate manager. Certificate manager or better known as cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will ensure certificates are valid and up to date periodically and attempt to renew certificates at an appropriate time before expiry. It will also manage the creation and renewal of ACME certificates that are stored in a Kubernetes secret resource.

FA Platform

FA Platform consists of multiple applications and services which are spread across the Kubernetes worker-nodes. The same Kubernetes cluster may have multiple FA Platforms on it, each segregated logically as well as isolated by resource usage, for example in network layer.

Platform service providers

Platform service providers are services which are utilized by the FA Platform to provide functionality.

Platforms integration VMs

Platform integration VMs are used in cases where we need to have integrations which come as inbound connections or require specialized software to integrate. It is not a common case for FA Platform to require such integrations, but it is a possibility.

System external service providers

The system external service providers are services which are utilized by the infrastructure and FA Platform to provide its functionalities.

Image repository

This repository is used for storing images for the FA Platform. On-premises it can be replaced with another image repository, for example Nexus, which would be propagated from the FA’s image repository.

Holistic monitoring solution

This solution is used for monitoring the FA Platforms and the infrastructure. For on-premises it can be left out.

FA App store

The FA Platform is highly dependent on the FA App store as the platform installs processes and extensions via it. It also receives updates from it. The FA App store is a private repository, which is not accessible to the public and cannot be replaced by other means.

Platforms external service providers and integrations

The platforms external service providers and integrations are services which are utilized by the FA Platform to provide its functionalities. These can be for example trading systems, payment systems, market data providers, etc.