Console module

The console module implements the web interface of Deckhouse Kubernetes Platform (DKP), simplifying platform management and enabling the system state monitoring.

Module architecture

The following simplifications are made in the diagram:

  • The diagram shows containers in different pods interacting directly with each other. In reality, they communicate via the corresponding Kubernetes Services (internal load balancers). Service names are omitted if they are obvious from the diagram context. Otherwise, the Service name is shown above the arrow.
  • Pods may run multiple replicas. However, each pod is shown as a single replica in the diagram.

The Level 2 C4 architecture of the console module and its interaction with other DKP components are shown in the following diagram:

Console module architecture

The numbers in the diagram indicate the order in which the module components are accessed: access to frontend, backend, and nginx goes through the Ingress NGINX Controller, with mandatory user authentication in Dex.

Module components

The module consists of the following components:

  1. Frontend: Consists of a single frontend container and provides the web interface for DKP users and administrators.

  2. Backend: Consists of a single backend container and implements an API interface that provides the following capabilities:

    • Retrieving, creating, deleting, and modifying DKP resources according to the user’s permissions.
    • Generating a kubeconfig with the user’s profile.
    • Determining the environment in which the DKP cluster is deployed.
    • Detecting DKP and Kubernetes versions.
    • Loading metrics and logs.
    • Loading platform availability information.
    • Downloading VM disks (when the virtualization and storage-volume-data-manager modules are enabled).

  3. Observability-gw: Consists of a single nginx container and proxies requests to Grafana to embed dashboards into the platform’s main web UI, as well as to work with metrics and logs for the selected project.

  4. Dex-authenticator: Performs user verification and authentication using the platform’s unified authentication system implemented by the user-authn module. For more information about the user-authn module architecture, refer to the corresponding documentation section.

Module interactions

The module interacts with the following components:

  1. Kube-apiserver:
    • Establishing VM connections via console and VNC.
    • Creating, deleting, modifying, and tracking DKP resources.

  2. Upmeter: Retrieves DKP availability information.

  3. Deckhouse-tools: Forwards requests to download the Deckhouse CLI utility.

  4. Prometheus: Retrieves system metrics for the platform, such as CPU and RAM usage.

  5. Observability: Retrieves metrics and logs for the selected project.

  6. Storage-volume-data-manager: Exports VM disk images.

The following external component interacts with the module:

  • Controller nginx: Forwards external user requests to the module web interface.

Documentation module

The documentation module provides a web interface for documentation corresponding to the running version of DKP.

Module architecture

The following simplifications are made in the diagram:

  • The diagram shows containers in different pods interacting directly with each other. In reality, they communicate via the corresponding Kubernetes Services (internal load balancers). Service names are omitted if they are obvious from the diagram context. Otherwise, the Service name is shown above the arrow.
  • Pods may run multiple replicas. However, each pod is shown as a single replica in the diagram.

The Level 2 C4 architecture of the documentation module and its interaction with other DKP components are shown in the following diagram:

Documentation module architecture

Module components

The module consists of the following components:

  1. Documentation: A component that provides the documentation web interface.

    It consists of the following containers:

    • web: Main container.

    • kube-rbac-proxy: Sidecar container with an authorization proxy based on Kubernetes RBAC that provides secure access to the main container. It is an open source project.

    • builder: Sidecar container that dynamically extends the documentation when new DKP modules are installed. The Hugo static site generator is used to render and generate the up-to-date site content.

      The builder container automatically creates and updates a Kubernetes Lease resource, placing an endpoint for documentation updates. This endpoint is used by the deckhouse module controller to initiate documentation updates when modules are updated or installed. This ensures that changes are promptly rendered in the web interface.

  2. Dex-authenticator: Performs user verification and authentication using the platform’s unified authentication system implemented by the user-authn module. For more information about the user-authn module architecture, refer to the corresponding documentation section.

Module interactions

The module interacts with the following components:

  • Kube-apiserver:
    • Creates and updates the Lease resource.
    • Authorizes requests to the documentation web interface.

The following external components interact with the module:

  1. Deckhouse: Sends requests to update the documentation when the set of modules changes.

  2. Prometheus: Collects module metrics.

  3. Controller nginx: Forwards external user requests to the module web interface.

Deckhouse-tools module

The deckhouse-tools module provides a web interface with links to download the Deckhouse CLI utility for various operating systems.

Module architecture

The following simplifications are made in the diagram:

  • The diagram shows containers in different pods interacting directly with each other. In reality, they communicate via the corresponding Kubernetes Services (internal load balancers). Service names are omitted if they are obvious from the diagram context. Otherwise, the Service name is shown above the arrow.
  • Pods may run multiple replicas. However, each pod is shown as a single replica in the diagram.

The Level 2 C4 architecture of the deckhouse-tools module and its interaction with other DKP components are shown in the following diagram:

Deckhouse-tools module architecture

Module components

The module consists of the following components:

  1. Deckhouse-tools: Consists of a single web container and provides a web interface with links to download the Deckhouse CLI utility.

  2. Dex-authenticator: Performs user verification and authentication using the platform’s unified authentication system implemented by the user-authn module. For more information about the user-authn module architecture, refer to the corresponding documentation section.

Module interactions

The following external component interacts with the module:

  • Controller nginx: Forwards external user requests to the module web interface.

Additional resources