geoffsee/cluster
1
0
Fork 0
mirror of https://github.com/seemueller-io/cluster.git synced 2025-09-08 22:56:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve diagraming again

Browse Source
This commit is contained in:
geoffsee
2025-08-16 10:32:17 -04:00
parent 6acfa71dd9
commit 9576dcb315
1 changed files with 39 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
README.md
View File

@@ -23,90 +23,61 @@ packages/
## Architecture ## Architecture
```mermaid ```mermaid
%%{init: { flowchart LR
'theme': 'default',
'flowchart': { 'rankSpacing': 60, 'nodeSpacing': 60, 'diagramPadding': 48, 'htmlLabels': true },
'themeVariables': { 'fontSize': '18px', 'fontFamily': 'Inter, ui-sans-serif, system-ui, -apple-system, Segoe UI, Roboto, Helvetica, Arial, Noto Sans, sans-serif' }
}}%%
flowchart TB
%% ========================= %% ===== Local Machine =====
%% Local Machine (Entry Path) subgraph L[Local Machine]
%% =========================
subgraph local[Local Machine]
direction TB direction TB
user[Developer Browser] user[Developer Browser]
proxy[localhost-proxy<br/>HTTP → HTTPS] proxy[localhost-proxy HTTP]
host[localhost Port<br/>Mapping Layer] host[Port Mapping Layer]
registry[Local Docker Registry<br/>localhost:5001] registry[Local Docker Registry]
user -->|HTTP :3000| proxy
proxy -->|HTTPS :443| host user -->|HTTP 3000| proxy
proxy -->|HTTPS 443| host
end end
%% ========================= %% ===== Kind Cluster =====
%% Kind Cluster (Platform) subgraph K[Kind Cluster]
%% =========================
subgraph clusterSG[Kind Cluster — Local Kubernetes]
direction TB direction TB
ingress[Ingress Controller]
exampleApp[Example Web App]
apps[Backend Services]
zitadel[ZITADEL IAM]
pg[(PostgreSQL Identity Store)]
cert[Cert-Manager]
%% Edge / Entry %% Routing
ingress[Ingress Controller<br/>Kubernetes Entry Point] ingress --> exampleApp
ingress --> apps
%% Workloads behind ingress %% OIDC
subgraph workloads[Workloads] exampleApp -->|OIDC: /authorize, /callback| zitadel
direction LR apps -->|Validate OIDC tokens| zitadel
exampleApp[Example Web App<br/>Frontend UI] zitadel --> pg
apps[Backend Services<br/>Microservices API]
%% TLS automation (dotted)
cert -.-> ingress
cert -.-> exampleApp
cert -.-> apps
cert -.-> zitadel
end end
%% Identity & Data %% ===== Local ⇄ Cluster =====
subgraph iam[Identity & Access] host -->|80 -> 30080, 443 -> 30443| ingress
direction TB
zitadel[ZITADEL IAM<br/>OIDC Provider]
pg[(PostgreSQL<br/>Identity Store)]
zitadel --> pg
end
%% Cluster automation %% ===== Images into the cluster =====
cert[Cert-Manager<br/>Automated TLS]
%% Ingress routing to services
ingress --> exampleApp
ingress --> apps
%% OIDC flows
exampleApp -->|OIDC: /authorize, /callback| zitadel
apps -->|Validate OIDC tokens| zitadel
%% Cert-manager relationships (dotted = automation/control)
cert -.-> ingress
cert -.-> exampleApp
cert -.-> apps
cert -.-> zitadel
end
%% =========================
%% Image pulls into the cluster
%% =========================
registry -->|image pulls| exampleApp registry -->|image pulls| exampleApp
registry -->|image pulls| apps registry -->|image pulls| apps
%% ========================= %% ===== CDKTF Stacks =====
%% Local → Cluster networking subgraph T[CDKTF Stacks]
%% =========================
host -->|80 → 30080<br/>443 → 30443| ingress
%% =========================
%% CDKTF Stacks (Provision & Configure)
%% =========================
subgraph cdk[CDKTF Stacks]
direction TB direction TB
clusterStack[cluster — Provisions K8s] clusterStack[cluster]
componentsStack[components — Ingress, Cert-Manager, ZITADEL] componentsStack[components]
configurationsStack[configurations — App Deployments & Config] configurationsStack[configurations]
end end
%% Show where each stack applies
clusterStack --> ingress clusterStack --> ingress
componentsStack --> ingress componentsStack --> ingress
componentsStack --> cert componentsStack --> cert
@@ -114,24 +85,6 @@ componentsStack --> zitadel
configurationsStack --> exampleApp configurationsStack --> exampleApp
configurationsStack --> apps configurationsStack --> apps
%% =========================
%% Visual styling
%% =========================
classDef external fill:#E8F1FF,stroke:#3B82F6,color:#111,stroke-width:1px;
classDef service fill:#F8FAFC,stroke:#64748B,color:#111,stroke-width:1px;
classDef identity fill:#FFF7E6,stroke:#F59E0B,color:#111,stroke-width:1px;
classDef data fill:#FDEDED,stroke:#EF4444,color:#111,stroke-width:1px;
classDef ops fill:#ECFDF5,stroke:#10B981,color:#111,stroke-width:1px;
classDef infra fill:#EEF2FF,stroke:#6366F1,color:#111,stroke-width:1px;
class user,proxy,host,registry external
class ingress,workloads infra
class exampleApp,apps service
class zitadel identity
class pg data
class cert ops
class clusterStack,componentsStack,configurationsStack infra
``` ```
Access the dev UI at http://localhost:3000. The localhost-proxy accepts HTTP on port 3000 and forwards HTTPS to localhost:443; the Kind cluster maps host ports 80 -> 30080 and 443 -> 30443 to the ingress controller inside the cluster. Traffic is routed through ingress to services secured by ZITADEL and PostgreSQL, with Cert-Manager handling TLS. CDKTF provisions the cluster, core components, and app configs, using a local Docker registry for images. Access the dev UI at http://localhost:3000. The localhost-proxy accepts HTTP on port 3000 and forwards HTTPS to localhost:443; the Kind cluster maps host ports 80 -> 30080 and 443 -> 30443 to the ingress controller inside the cluster. Traffic is routed through ingress to services secured by ZITADEL and PostgreSQL, with Cert-Manager handling TLS. CDKTF provisions the cluster, core components, and app configs, using a local Docker registry for images.