Platform Overview
What is Cloud Orbiter?
Cloud Orbiter is a comprehensive, centralized Universal Application Control Plane that allows enterprises to manage the complete application lifecycle of CKP Kubernetes clusters — from on-premise deployments to bare metal environments.
It is designed to handle the complexity of managing large-scale distributed applications across different data centres and on-premise environments — all from a single intuitive dashboard.
Cloud Orbiter follows a zero-trust security principle, providing highly secure infrastructure management with centralized IAM and RBAC. It supports integration with any external identity provider and automates workflows across any infrastructure type.
Core Capabilities
Universal Application Control Plane
Cloud Orbiter manages your entire infrastructure from a single, centralized dashboard — streamlining application deployment and infrastructure management, reducing complexity, and enabling production-scale efficiency.
Multi-Cluster Management at Scale
- Deploy, manage, monitor, and upgrade multiple CKP clusters across geo-distributed environments
- Provision Kubernetes clusters with zero-downtime updates and upgrades
- Remotely manage clusters through a centralized console
- Connect multiple clusters so that all management flows through Cloud Orbiter
Complete Kubernetes Resource Management
Cloud Orbiter manages all Kubernetes resources including:
- Nodes, events, namespaces, and workloads
- Pods, ReplicaSets, Deployments, DaemonSets, StatefulSets
- Access control: Roles, RoleBindings, ClusterRoles, ClusterRoleBindings, ServiceAccounts
- Network policies, storage classes, secrets, ConfigMaps, and more
Automatic Application Deployment
Deploy applications automatically on any cluster — whether in the cloud, on-premise, or at the edge. Integration with Helm and GitOps repositories enables automated delivery pipelines.
Centralized IAM & RBAC
Cloud Orbiter provides centralized identity and access management with:
- Multi-tenant isolation per organization
- Three pre-defined roles: Tenant Admin, Project Admin, Default User
- SSO integration with Okta, Google, Microsoft, and any OpenID Connect provider
- Fine-grained permissions governing every action across the platform
Observability & Monitoring
Comprehensive observability tools provide complete visibility into infrastructure and applications:
- Real-time CPU, memory, and node health monitoring (Prometheus-based)
- Access logs with per-user, per-API audit trails
- Live log streaming from running containers
- Alerting for cluster state changes and deployment events
Platform Architecture Summary
| Layer | Capability | Technology |
|---|---|---|
| Cluster Orchestration | Create and manage CKP Kubernetes clusters | CKP, CAPI, Orbiter Baremetal |
| Application Delivery | Helm, GitOps, app repositories, lifecycle management | Helm, ArgoCD / GitOps, Container Registry |
| Identity & Access | Multi-tenant IAM, RBAC, SSO federation | Keycloak, OpenID Connect, Okta, Google, Microsoft |
| Observability | Metrics, logs, tracing, alerting | Prometheus, Grafana, Access Logs |
| Backup & Recovery | Namespace backup, PV snapshots, cluster migration | Velero, S3-compatible storage |
| VM Management | Virtual machine lifecycle on Kubernetes nodes | KubeVirt add-on |
| Host Management | Baremetal host provisioning and lifecycle | Cloud Orbiter Agent, Host Groups |
| Notifications | Real-time dashboard notifications for cluster and app events | WebSocket, event-driven notifications |
Tenant & Project Model
Cloud Orbiter organizes resources in a two-level hierarchy:
- Tenant — An organization that registers with the platform. Each tenant has its own isolated environment, users, and resources. A default project is created automatically on tenant onboarding.
- Project — A logical environment within a tenant representing a specific initiative, application, or team. Each project has its own isolated set of clusters, applications, and resources.
Users and groups are assigned to projects with specific roles, enabling delegation while maintaining centralized governance.
Connectivity Model
Cloud Orbiter manages clusters using an outbound connection model:
- A Cloud Orbiter Agent is deployed on each target cluster
- The agent initiates an outbound connection to the Cloud Orbiter control plane
- Once connected, the control plane can issue commands, proxy Kubernetes API calls, and stream logs — all without inbound firewall rules on the target cluster
- Connections route through NAT Gateway for private network-to-internet traversal
This model enables management of clusters across private data centres and on-premise environments — even behind strict firewalls.