NationTech/harmony
3
0
Fork 2
Code Issues 38 Pull Requests 29 Actions Packages Projects Releases 1 Wiki Activity

Upate HTML for fleet/ARCHITECTURE.html #298

Merged
johnride merged 1 commits from docs/update-fleet-architecture into master 2026-05-25 12:40:34 +00:00
Conversation 1 Commits 1 Files Changed 2 +36 -31
2 changed files with 36 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
fleet/ARCHITECTURE.html
View File

@@ -211,6 +211,19 @@
text-align: center; text-align: center;
overflow-x: auto; overflow-x: auto;
} }
.diagram {
background: var(--paper);
border: 1px solid var(--rule);
border-radius: 8px;
padding: 1.2rem;
margin: 1.5rem 0;
overflow-x: auto;
}
.diagram img {
display: block;
width: 100%;
height: auto;
}
hr { hr {
border: none; border: none;
border-top: 1px solid var(--rule); border-top: 1px solid var(--rule);
@@ -257,13 +270,13 @@ each layer adds one idea on top of the previous one.</p>
<h2><span class="layer">Layer 0</span> One picture</h2> <h2><span class="layer">Layer 0</span> One picture</h2>
<p>Topologie physique. Tout ce qui n'est pas un humain ou un device <p>Physical topology. Everything that is not a human or an edge device
tourne <b>dans le cluster Kubernetes</b> : Fleet Operator, NATS + runs <b>inside the Kubernetes cluster</b>: Fleet Operator, NATS +
JetStream, l'Auth Callout, Zitadel — tous des pods. Les devices JetStream, the auth callout, and Zitadel — all as pods. Devices
(Raspberry Pi, VM, bare-metal) sont à l'extérieur, et se branchent (Raspberry Pi, VM, bare-metal) live outside the cluster and connect to
sur NATS via la callout pour s'authentifier. Un opérateur pousse NATS through the callout-authenticated path. An operator pushes
les déploiements depuis le haut via le dashboard ou <code>kubectl</code>; deployments from the top via the dashboard or <code>kubectl</code>; a
un sysadmin enrôle chaque device une fois en SSH.</p> sysadmin enrolls each device once over SSH.</p>
<div class="mermaid"> <div class="mermaid">
flowchart TB flowchart TB
@@ -278,7 +291,7 @@ flowchart TB
subgraph CLUSTER [Kubernetes cluster &nbsp;k3d / OKD / any] subgraph CLUSTER [Kubernetes cluster &nbsp;k3d / OKD / any]
direction LR direction LR
KAPI["Kubernetes Control Plane<br/><i>deployment.harmony</i>, <i>device.harmony</i> CRDs"]:::kube KAPI["Kubernetes Control Plane<br/><i>Deployment</i> and <i>Device</i> CRDs"]:::kube
OP["Harmony Fleet Operator<br/>reconciles CRDs ↔ KV"]:::kube OP["Harmony Fleet Operator<br/>reconciles CRDs ↔ KV"]:::kube
KV[("NATS JetStream<br/>desired-state · device-info<br/>device-state · device-heartbeat")]:::bus KV[("NATS JetStream<br/>desired-state · device-info<br/>device-state · device-heartbeat")]:::bus
CALLOUT["NATS Auth Callout"]:::auth CALLOUT["NATS Auth Callout"]:::auth
@@ -286,7 +299,7 @@ flowchart TB
KAPI --- OP KAPI --- OP
OP -- writes / watches KV --> KV OP -- writes / watches KV --> KV
KV -- delegates auth --> CALLOUT KV -- NATS delegates auth --> CALLOUT
CALLOUT -- validates JWT --> ZITADEL CALLOUT -- validates JWT --> ZITADEL
end end
@@ -447,7 +460,7 @@ sequenceDiagram
<tr> <tr>
<td><code>device-info</code></td> <td><code>device-info</code></td>
<td>Agent</td> <td>Agent</td>
<td>Operator (reflects to <code>Device</code> CR)</td> <td>Operator (watches; creates/patches <code>Device</code> CR)</td>
<td><code>info.&lt;device&gt;</code></td> <td><code>info.&lt;device&gt;</code></td>
<td>Routing labels, inventory snapshot, agent version</td> <td>Routing labels, inventory snapshot, agent version</td>
</tr> </tr>
@@ -461,24 +474,12 @@ sequenceDiagram
</tbody> </tbody>
</table> </table>
<div class="mermaid"> <figure class="diagram">
flowchart LR <img
OP[Operator] src="harmony-fleet-assets/layer-3-kv-buckets.svg"
AG[Agent] alt="Layer 3 KV bucket data flow between the operator, NATS stores, and agent"
DS[(desired-state)] >
ST[(device-state)] </figure>
IN[(device-info)]
HB[(device-heartbeat)]
OP -- writes --> DS
DS -- watches --> AG
AG -- writes --> ST
AG -- writes --> IN
AG -- writes --> HB
ST -- watches --> OP
IN -- reflects to Device CR --> OP
HB -. queries .- OP
</div>
<p>These four bucket names are <b>the contract</b> between agent and operator. They live in one place to keep cross-component drift from happening:</p> <p>These four bucket names are <b>the contract</b> between agent and operator. They live in one place to keep cross-component drift from happening:</p>
@@ -551,8 +552,8 @@ sequenceDiagram
<li>Drops the agent binary at <code>/usr/local/bin/fleet-agent</code>.</li> <li>Drops the agent binary at <code>/usr/local/bin/fleet-agent</code>.</li>
<li>Enables <code>fleet-agent.service</code> (systemd).</li> <li>Enables <code>fleet-agent.service</code> (systemd).</li>
<li>Agent boots, connects to NATS with bearer token from the keyfile.</li> <li>Agent boots, connects to NATS with bearer token from the keyfile.</li>
<li>Agent publishes initial DeviceInfo into <code>device-info.&lt;device_id&gt;</code>.</li> <li>Agent publishes initial DeviceInfo into the <code>device-info</code> bucket at key <code>info.&lt;device_id&gt;</code>.</li>
<li>Agent starts watching <code>desired-state.&lt;device_id&gt;.&gt;</code>.</li> <li>Agent starts watching the <code>desired-state</code> bucket for keys matching <code>&lt;device_id&gt;.&gt;</code>.</li>
<li>Agent answers <code>device-commands.&lt;device_id&gt;.ping</code>.</li> <li>Agent answers <code>device-commands.&lt;device_id&gt;.ping</code>.</li>
</ol> </ol>
@@ -590,7 +591,7 @@ flowchart TB
OP <-->|in-cluster NATS| NATS OP <-->|in-cluster NATS| NATS
NATS -. callout .- CO NATS -. callout .- CO
CO -. JWT introspect .- ZT CO -. JWT introspect .- ZT
OP --- ZT OP -. dashboard SSO / JWKS .- ZT
</div> </div>
<hr> <hr>

4
fleet/harmony-fleet-assets/layer-3-kv-buckets.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB