Platform logical architecture

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.

1. Overview

The Registries Platform is a distributed system with microservice architecture. Its design is based on the following fundamental ideas:

  • Deployment infrastructure agnosticism

  • Centralized development and updating

  • Provision of sufficient level of registry isolation

  • Joint (re-)use of typical services by the registries

  • Usage of secure transport for integrations

  • Registry compliance with security, scalability and fault-tolerance requirements

2. Architecture principles

  • The Registries Platform is built using open standards based on open-source technologies.

  • The Registries Platform is a distributed system with microservice architecture, where each component has a defined function, and inter-component interaction is based on standardized data exchange protocols.

The Registries Platform is a Cloud_native system based on the OpenShift container orchestration platform to ensure reliability, scalability, and infrastructure agnosticism.

  • The Registries Platform uses GitOps-approach to automatize infrastructure configuration, component deployment, and the system as a whole.

  • The Registries Platform is based on Zero-Trust security principles to ensure protected inter-service interaction with mandatory authentication, authorization, and traffic encryption.

  • External access to the Registries Platform components is provided via API-gateway with mandatory authentication and authorization.

  • The Registries Platform components use a standardized approach to monitoring metrics exporting, business-transactions data tracing, and event logging.

  • The Registries Platform component instances don’t store critical data on the system state or any user session data in the memory.

  • All user actions with the data and system-critical events of the Registries Platform are subject to mandatory recording in an audit log.

  • Registry business data deployed on the Registries Platform are subject to mandatory encryption for long-term storing.

3. High-level structure

This structure diagram shows the decomposition of the Registries Platform on the zone and subsystem levels, and the general interaction scenarios.

A separate system level may contain two zones with subsystems responsible for servicing administration and operational traffic.

The subsystems consist of services that address both functional and non-functional requirements.

ddm platform structural view

3.1. Infrastructure

The Registries Platform supports deployment in public and private cloud environments.

3.2. Container orchestration platform

You can learn more about the container orchestration platform here:

3.3. Central components of the Platform

Every Registries Platform instance includes a level of Central components of the Platform and comprises two logical zones:

3.4. Registries

One Registries Platform instance can service a group of isolated registries. Two separate zones present each registry tenant:

  • Registry administrative zone — subsystems that provide development functions, deployment functions, and the service of digital registry regulations

  • Registry operational zone — subsystems that provide the functioning of the registry according to the deployed digital regulations

3.5. Component for managing the state of platform resources

You can learn more about the Platform resource state management component here:

4. Technology stack

The following high-level diagram displays the key technologies and their usage in realizing functional and non-functional requirements of the Registries Platform.

The complete list of technologies used in the Registries Platform development can be found here.
ddm platform tech view.drawio