Platform logical architecture

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.

Overview

The Registry Platform is a distributed system with microservice architecture. Its design is based on the following fundamental ideas:

Deployment infrastructure agnosticism
Centralized development and updating
Provision of sufficient level of registry isolation
Joint (re-)using of typical services by the registries
Usage of secure transport for integrations
Registry compliance with security, scalability and fault-tolerance requirements

Architecture principles

The Registry Platform is built using open standards, based on open source technologies.
The Registry Platform is a distributed system with microservice architecture, where each component has a defined function, and inter-component interaction is based on standardized data exchange protocols. The Registry Platform is a Cloud_native system, based on the OpenShift container orchestration platform to ensure reliability, scalability and infrastructure agnosticism.
The Registry Platform uses GitOps-approach to automate infrastructure configuration, component deployment, and the system as a whole.
The Registry Platform is based on Zero-Trusr security principles to ensure protected inter-service interaction with mandatory authentication, authorization, and traffic encryption.
External access to the Registry Platform components is provided via API-gateway with mandatory authentication and authorization.
The Registry Platform components use a standardized approach to monitoring metrics exporting, business-transactions data tracing, and event logging.
The Registry Platform component instances don’t store critical data on system state, or any user session data in the memory.
All user actions with the data, and system-critical events of the Registry Platform are subject to mandatory recording in audit log.
Registry business-data deployed Registry Platform are subject to mandatory encryption for long-term storing.

High-level structure

On this structure diagram you can see the decomposition of the Registry Platform on the zone and subsystem levels, and the general interaction scenarios.

A separate system level may contain two zones with subsystems that are responsible for the servicing of administration and operational traffic.

The subsystems are composed of services that address a block of functional and non-functional requirements.

Infrastructure

The Registry Platform supports deployment in public and private cloud environment.

Container orchestration platform

You can learn more about the container orchestration platform here:

Container orchestration platform

Central components of the Platform

Every Registry Platform instance includes a level of Central components of the Platform, which is comprised of two logical zones:

Platform administrative zone - subsystems that provide administrative functions for the Platform instance and the registries deployed in it
Platform operational zone - subsystems that provide general functions for the joint platform usage

Registries

One Registry Platform instance can service a group of registries, isolated from each other. Each registry tenant is presented by two separate zones:

Registry administrative zone - subsystems that provide development functions, deployment functions, and the service of digital registry regulations
Registry operational zone - subsystems that provide the functioning of the registry according to the deployed digital regulations

Platform resource state management component

You can learn more about the Platform resource state management component here:

Component for managing the state of Platform resources

Technology stack

The following high-level diagram displays the key technologies and their usage in the realization of functional and non-functional requirements of the Registry Platform.

The full list of technologies used in Registry Platform development can be found here.