You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Codefresh GitOps is built around an enterprise version of the Argo Ecosystem, fully GitOps-compliant with industry-standard security.
9
-
To cater to differing requirements and degrees of enterprise security, Codefresh offers hosted and hybrid installation environments.
10
-
Both hosted and hybrid environments share a similar architecture, with the key difference being the location of the Codefresh Runtime.
8
+
Codefresh GitOps is built around an enterprise version of the Argo Ecosystem, fully compliant with the GitOps paradigm, with industry-standard security.
9
+
To cater to differing requirements and degrees of enterprise security, Codefresh supports hosted and hybrid installation environments for Codefresh runtimes.
11
10
12
-
The sections that follow illustratehosted and hybrid architecture, and describe the main components in the Codefresh Platform.
11
+
The sections that follow illustratethe architecture of the different installation environments, starting with a high-level overview of the Codefresh Platform.
13
12
13
+
###Codefresh architecture
14
14
15
-
###Hosted GitOps runtime architecture
16
-
In the hosted environment, the Codefresh Runtime is located on a K8s cluster managed by Codefresh.
15
+
The diagram shows a high-level view of the Codefresh Platform and its core components, the Codefresh Control Plane, the Codefresh Runtime, and the Codefresh Clients.
* Codefresh Runtime with the Codefresh Application Proxy and Argo Project
46
-
* Codefresh Clients, the Codefresh UI and the Codefresh CLI
47
-
48
27
{::nomarkdown}
49
-
<br><br>
28
+
<br>
50
29
{:/}
51
30
52
-
####Codefresh Control Plane
53
-
The Codefresh Control Plane is the SaaS component in the platform. External to the enterprise firewall, it does not have direct communication with the Codefresh Runtime, Codefresh Clients, or the customer's organizational systems. The CodefreshApplication Proxy and the Codefresh Clients communicate with the Codefresh Control Plane to retrieve the required information.
31
+
####Codefresh Control Plane
32
+
The Codefresh Control Plane is the SaaS component in the platform. External to the enterprise firewall, it does not have direct communication with the Codefresh Runtime, Codefresh Clients, or the customer's organizational systems. The CodefreshRuntime and the Codefresh Clients communicate with the Codefresh Control Plane to retrieve the required information.
54
33
55
-
The Codefresh Control Plane:
56
-
57
-
* Securely stores user accounts, and retrieves
58
-
* Enforces the permissions model
59
-
* Controls authentication, user management, and billing
60
34
61
35
{::nomarkdown}
62
36
<br>
63
37
{:/}
64
38
65
39
####Codefresh Runtime
66
40
The Codefresh Runtime is installed on a Kubernetes cluster, and houses the enterprise distribution of the Codefresh Application Proxy and the Argo Project.
41
+
Depending on the type of installation environment, the Codefresh Runtime is installed either in the Codefresh platform (hosted), or in the customer environment (hybrid). Read more in[Codefresh runtime architecture](#codefresh-runtime-architecture).
67
42
68
-
* Hosted runtimes are installed on a_Codefresh-managed cluster_ in the Codefresh platform
69
-
* Hybrid runtimes are installed on a_customer-managed cluster_
70
-
71
-
The Codefresh Runtime:
72
-
73
-
* Integrates with Argo Workflows and Argo Events to run Delivery Pipelines (hybrid environment), and with Argo CD and Argo Rollouts (both hosted and hybrid environments) to implement GitOps deployments for progressive delivery
74
-
* Ensures that the installation repository and the Git Sources are always in sync, and applies Git changes back to the cluster
75
-
* Receives events and information from the customer's organizational systems to execute workflows
76
43
77
44
{::nomarkdown}
78
45
<br>
79
46
{:/}
80
47
81
-
####Codefresh Application Proxy
82
-
The Codefresh Application Proxy (App-Proxy) functions as the Codefresh agent. Deployed as a service in the Codefresh Runtime, the App-Proxy is exposed externally through ingress controllers/load-balancers. It is the single point-of-contact from the Codefresh Clients, the Codefresh Platform, and any organizational system to the Codefresh Runtime.
48
+
####Codefresh Clients
49
+
50
+
Codefresh Clients include the Codefresh UI and the Codefresh CLI.
51
+
The Codefresh UI provides a unified, enterprise-wide view of deployments (runtimes and clusters), and CI/CD operations (Delivery Pipelines, workflows, and deployments) in the same location.
52
+
The Codefresh CLI includes commands to install hybrid runtimes, add external clusters, and manage runtimes and clusters.
53
+
54
+
###Codefresh runtime architecture
55
+
The sections that follow show detailed views of runtime architecture in the different installation environments, and descriptions of the Codefresh Runtime components.
In this installation environment, the Codefresh Runtime is installed on a_Codefresh-managed cluster_ in the Codefresh platform.
59
+
* Hybrid runtime architecture:
60
+
In this installation environment, the Codefresh Runtime is installed on a_customer-managed cluster_ in the customer environment. The Codefresh Runtime with or without ingress controllers:
Runtimes with ingress use an ingress controller to control communication between the Codefresh Runtime in the customer cluster and the Codefresh Platform. Ingress controllers are optimal when the cluster with the Codefresh Runtime is exposed to the internet.
Ingress-less runtimes uses tunneling to control communication between the Codefresh Runtime in the customer cluster and the Codefresh Platform. Ingress-less runtimes are optimal when the cluster with the Codefresh Runtime is not exposed to the internet.
The Codefresh Application Proxy (App-Proxy) functions as the Codefresh agent, and is deployed as a service in the Codefresh Runtime.
116
+
For hybrid runtimes with ingress, the App-Proxy is the single point-of-contact between the Codefresh Runtime, and the Codefresh Clients, the Codefresh Platform, and any organizational systems in the customer environment.
117
+
For ingress-less hybrid runtimes, the Tunnel Client forwards the incoming traffic from the Tunnel Server using internal reverse proxy to the App-Proxy.
118
+
85
119
The App-Proxy:
86
120
* Accepts and serves requests from Codefresh Clients either via the Codefresh UI or CLI
87
121
* Retrieves a list of Git repositories for visualization in Codefresh Clients
88
-
89
-
**Authentication and authorization**
90
-
The App-Proxy retrieves permissions from the Codefresh Control Plane to authenticate and authorize users for the required operations.
91
-
92
-
**Write operations**
93
-
The App-Proxy performs write and state-change operations:
94
-
* Commits for GitOps-controlled entities, such as Delivery Pipelines and other CI resources
95
-
* State-change operations for non-GitOps controlled entities, such as terminating Argo Workflows
122
+
* Retrieves permissions from the Codefresh Control Plane to authenticate and authorize users for the required operations.
123
+
* Implements commits for GitOps-controlled entities, such as Delivery Pipelines and other CI resources
124
+
* Implements state-change operations for non-GitOps controlled entities, such as terminating Argo Workflows
96
125
97
126
{::nomarkdown}
98
127
<br>
@@ -106,67 +135,65 @@ The Argo Project includes:
106
135
* Argo Workflows as the workflow engine
107
136
* Argo Events for event-driven workflow automation framework
108
137
138
+
109
139
{::nomarkdown}
110
-
<br>
140
+
<br><br>
111
141
{:/}
112
142
113
-
####Codefresh Clients
114
-
Codefresh Clients include the Codefresh UI and the Codefresh CLI.
143
+
####Request Routing Service
144
+
The Request Routing Service is installed on the same cluster as the Codefresh Runtime in the customer environment.
145
+
It receives requests from the ingress controller (ingress) or the Tunnel Client (ingress-less), and forwards the request URLs to the Application Proxy, and webhooks directly to the Event Sources.
115
146
116
-
**Codefresh UI**
147
+
>Important:
148
+
The Request Routing Service is available from runtime version 0.0.543 and higher.
149
+
Older runtime versions are not affected as there is complete backward compatibility, and the ingress controller continues to route incoming requests.
117
150
118
-
The Codefresh UI provides a unified, enterprise-wide view of your deployment (runtimes and clusters), and CI/CD operations (Delivery Pipelines, workflows, and deployments) in the same location.
151
+
####Tunnel Server
152
+
Applies only to_ingress-less_ runtimes in hybrid installation environments.
153
+
The Codefresh Tunnel Server is installed in the Codefresh platform. It communicates with the enterprise cluster located behind a NAT or firewall.
119
154
120
-
* Multi-runtime and multi-cluster management: View all provisioned runtimes, and the clusters they manage in the Runtimes page.
121
-
*Dashboards for CI and CD visualizations: The Home dashboard for critical insights into CI and CD lifecycles,theDORA metrics dashboard for DevOps metrics, the Applications dashboard for GitOps details, and the Delivery Pipelines dashboard for workflow details.
122
-
*Wizards to simplify installation, Delivery Pipeline and application creation and management.
123
-
*Integrations for software delivery workflows
155
+
The Tunnel Server:
156
+
*Forwards traffic from Codefresh Clients totheclient (customer) cluster.
157
+
*Manages the lifecycle of the Codefresh Tunnel Client.
158
+
*Authenticates requests from the Codefresh Tunnel Client to open tunneling connections.
124
159
125
160
{::nomarkdown}
126
161
<br>
127
162
{:/}
128
163
129
-
**Codefresh CLI**
164
+
####Tunnel Client
165
+
Applies only to_ingress-less_ runtimes in hybrid installation environments.
130
166
131
-
Perform hybrid runtime installation, and runtime and cluster management operations.
132
-
133
-
###Customer environment
134
-
The customer environment that communicates with the Codefresh platform, generally includes:
135
-
* Ingress controller
136
-
* Managed clusters
137
-
* Organizational systems
138
-
139
-
{::nomarkdown}
140
-
<br><br>
141
-
{:/}
167
+
Installed on the same cluster as the Codefresh Runtime, the Codefresh Tunnel Client establishes the tunneling connection to the Codefresh Tunnel Server via the WebSocket Secure (WSS) protocol.
168
+
A single Codefresh Runtime can have a single Tunnel Client.
142
169
143
-
####Ingress Controller
144
-
In hybrid runtime environments,theingress controller implementstheingress traffic rules for theCodefreshRuntime. It is configured on the same Kubernetes cluster as the Codefresh Runtime.
* Forwards the incoming traffic from the Tunnel Server through the Request Routing Service to App-Proxy, and other services.
146
173
147
174
{::nomarkdown}
148
175
<br>
149
176
{:/}
150
177
151
-
####Managed clusters
152
-
Managed clusters are external clusters registered to a provisioned hosted or hybrid runtime(s).
153
-
154
-
* Hosted runtime: Requires you to connect to an external K8s cluster as part of setting up the Hosted GitOps environment. You can add more managed clusters after completing the setup.
155
-
* Hybrid runtimes: You can add external clusters after provisioning hybrid runtimes.
156
178
157
-
See[Add external clusters to runtimes]({{site.baseurl}}/docs/runtime/managed-cluster/).
158
-
159
-
{::nomarkdown}
160
-
<br>
161
-
{:/}
162
-
163
-
####Organizational Systems
164
-
Organizational Systems include the tracking, monitoring, notification, registries, Git providers, and other tools incorporated into the continuous integration and continuous deployment processes. They can be entirely on-premises or in the public cloud.
165
-
The tools send events to the Codefresh Application Proxy (via the ingress controller) to trigger and manage CI/CD flows.
179
+
###Customer environment
180
+
The customer environment that communicates with the Codefresh Runtime and the Codefresh Platform, generally includes:
181
+
* Ingress controller for ingress hybrid runtimes
182
+
The ingress controller is configured on the same Kubernetes cluster as the Codefresh Runtime, and implements the ingress traffic rules for the Codefresh Runtime.
Managed clusters are external clusters registered to provisioned hosted or hybrid runtimes for application deployment.
186
+
Hosted runtimes requires you to connect at least one external K8s cluster as part of setting up the Hosted GitOps environment.
187
+
Hybrid runtimes allow you to add external clusters after provisioning the runtimes.
188
+
See[Add external clusters to runtimes]({{site.baseurl}}/docs/runtime/managed-cluster/).
189
+
* Organizational systems
190
+
Organizational Systems include the customer's tracking, monitoring, notification, container registries, Git providers, and other systems. They can be entirely on-premises or in the public cloud.
191
+
Either the ingress controller (ingress hybrid environments), or the Tunnel Client (ingress-less hybrid environments), forwards incoming events to the Codefresh Application Proxy.
166
192
167
193
###Related articles
168
194
[Set up a hosted runtime environment]({{site.baseurl}}/docs/runtime/hosted-runtime/)
169
195
[Install a hybrid runtime]({{site.baseurl}}/docs/runtime/installation/)
>Unless specified otherwise, management options are common to both hybrid and hosted runtimes. If an option is valid only for hybrid runtimes, it is indicated as such.
16
37
17
38
* Add managed clusters to hybrid or hosted runtimes (see[Adding & managing external clusters]({{site.baseurl}}/docs/runtime/managed-cluster/))
18
39
* Add and manage Git Sources associated with hybrid or hosted runtimes (see[Adding & managing Git Sources]({{site.baseurl}}/docs/runtime/git-sources/))
@@ -83,6 +104,7 @@ Here is a description of the information in the Topology view.
83
104
|**Search and View options**| {::nomarkdown}<ul><li>Find a runtime or its clusters by typing part of the runtime/cluster name, and then navigate to the entries found. </li> <li>Topology view options: Resize to window, zoom in, zoom out, full screen view.</li></ul> {:/}|
84
105
85
106
107
+
86
108
###(Hybrid) Upgrade provisioned runtimes
87
109
88
110
Upgrade provisioned hybrid runtimes to install critical security updates or to install the latest version of all components. Upgrade a provisioned hybrid runtime by running a silent upgrade or through the CLI wizard.
@@ -159,6 +181,23 @@ For both silent or CLI-wizard based upgrades, make sure you have:
159
181
* To manually define the shared configuration repo, add the`--shared-config-repo` flag with the path to the repo.
160
182
1. Confirm to start the upgrade.
161
183
184
+
185
+
186
+
<!---### (Hybrid) Migrate ingress-less runtimes
187
+
To migrate an ingress-less runtime to an ingress-based one, you must uninstall the ingress-less runtime and then install a runtime with an ingress controller.
188
+
You can retain the installation repo used to install the ingress-less runtime. Though empty after uninstalling the ingress-less The new installation creates the new manifests in this re
189
+
190
+
191
+
>Before uninstalling the ingress-less runtime, you can save specific patches in a temporary location or retrieve the same from the Git history, and re-apply them after installing the ingress-based runtime.
192
+
193
+
**Before you begin**
194
+
* Make sure the ingress controller for the new runtime meets [requirements and is configured as needed]({{site.baseurl}}/docs/runtime/requirements/)
195
+
196
+
**How to**
197
+
1. Uninstall the ingress-less runtime, as described in [Uninstall provisioned runtimes](#uninstall-provisioned-runtimes) in this article.
198
+
2. Install the new ingress-based runtime, as described in [Install hybrid runtimes]({{site.baseurl}}/docs/runtime/installation/).
199
+
200
+
--->
162
201
###Uninstall provisioned runtimes
163
202
164
203
Uninstall provisioned hybrid and hosted runtimes that are not in use. Uninstall a runtime by running a silent uninstall, or through the CLI wizard.