Skip to main content

Architecture

Architecture Overview

Cloud Orbiter — Platform ArchitectureUniversal Application Control Plane · Zero-Trust · Multi-CloudUSER INTERFACE & APIManagement DashboardREST API GatewayCLI / kubectl ProxyWebSocket NotificationsIDENTITY & ACCESS MANAGEMENTKeycloak · OpenID ConnectRBAC · Multi-TenantSSO: Okta · Google · MicrosoftSession ManagementCLUSTER ORCHESTRATIONCKP — Coredge Kubernetes PlatformPrimary · Enterprise-Grade · On-Premise · Edge · IoTEdge ClustersRemote Sites · DistributedBrownfield ImportExisting K8s ClustersPLATFORM SERVICESApp LifecycleHelm · GitOpsObservabilityPrometheus · LogsBackup & RestoreVelero · S3VM ManagementKubeVirtTest SuitesPre-packagedAdd-onsPrometheus · VeleroNotif-icationsCONNECTIVITY MODEL (OUTBOUND AGENT)Cloud Orbiter Control Plane←→NAT Gateway / Internet←→Orbiter Agent (Target Cluster)outbound onlyNo inbound firewall rules required · Supports on-premise, edge, and private cloud clusters

Platform Component Model

Cloud Orbiter is organized into four functional layers:

LayerComponentsTechnology
User Interface & APIManagement Dashboard, REST API, kubectl Proxy, WebSocket NotificationsReact, REST, WebSocket
Identity & AccessAuthentication, RBAC, SSO federation, session managementKeycloak, OpenID Connect, Okta, Google, Microsoft
Cluster OrchestrationCKP cluster provisioning and lifecycle managementKubernetes API, CKP, CAPI
Platform ServicesApp Lifecycle, Observability, Backup, VMs, Test Suites, Add-onsHelm, Prometheus, Velero, KubeVirt

CKP Architecture

CKP (Coredge Kubernetes Platform) operates across two functional layers:

LayerFunctionComponents
Distribution LayerDelivers custom-built, validated Kubernetes packageskubeadm, kubelet, kubectl, Coredge-hosted core images
Management LayerHandles cluster lifecycle through CAPICluster API, Provisioning, Scaling, Upgrades

Supported Configurations

SpecificationDetails
Kubernetes Versionsv1.33.7, v1.34.3, v1.35.1 (CNCF Certified)
Operating SystemsUbuntu 22.04, Ubuntu 24.04, Red Hat Enterprise Linux 9
Infrastructure ProviderOrbiter Baremetal (BMS)
ArchitecturesAMD64, ARM64

Connectivity Model

Cloud Orbiter uses an outbound agent model for cluster connectivity:

ComponentRole
Cloud Orbiter Control PlaneCentral management engine — hosts all APIs, dashboards, and orchestration logic
Orbiter AgentLightweight agent deployed on each target cluster; initiates outbound connection to control plane
NAT GatewayTranslates private network addresses for internet-bound agent connections
kubectl ProxyControl plane acts as proxy for all Kubernetes CLI and API access to target clusters

This model means:

  • No inbound firewall rules are required on target clusters
  • Clusters behind strict enterprise firewalls, private networks, and edge sites can all be managed
  • Cluster access is always mediated through the control plane — enabling centralized audit logging

Tenant & Project Isolation

Tenant & Project Isolation ModelMulti-Tenant Hierarchy · RBAC · Resource ScopingCONTROL PLANECloud OrbiterTENANT (ORGANIZATION)Isolated Identity RealmQuota PoliciesTenant Admin RoleAudit LoggingPROJECT ATeam / Application ScopeClustersCKP · EdgeApplicationsHelm · GitOpsUsersProject MembersRolesAdmin · UserObservability · Backup · Add-onsPROJECT BTeam / Application ScopeClustersCKP · EdgeApplicationsHelm · GitOpsUsersProject MembersRolesAdmin · UserObservability · Backup · Add-onsProjects are fully isolated · No cross-project resource visibility · RBAC enforced at every layer
LevelDescriptionIsolation
TenantTop-level organizational boundary (enterprise, department, customer)Fully isolated identity realm per tenant
ProjectLogical grouping within a tenant for teams or applicationsResources, clusters, and apps scoped to project
Users & RolesAssigned to projects with explicit RBAC rolesTenant Admin, Project Admin, Default User

Add-On Architecture

Cloud Orbiter extends cluster capabilities through pre-configured, tested Add-Ons:

Add-OnPurpose
PrometheusMetrics collection and alerting for cluster observability
VeleroNamespace backup, restore, disaster recovery, and cluster migration
KubeVirtVirtual machine lifecycle management on Kubernetes nodes

Add-Ons are installed and uninstalled directly from the cluster dashboard without manual Helm commands or YAML editing.