External traffic management subsystem: Registry operational zone

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.

1. Overview

The subsystem is designed to manage external traffic and control access to API services of the registry operational zone.

2. Subsystem functions

  • Authentication and authorization of requests

  • Traffic routing to API services of the registry operational zone subsystems

  • Configuration and control of rate limits

  • Transformation of requests and responses

  • Logging of incoming requests

3. Subsystem technical design

registry ext traffic subsystem.drawio

4. Subsystem components

Component name Presentation in the registry Origin Repository Purpose

Registry operational zone external API gateway

kong-kong

3rd-party

github:/epam/edp-ddm-kong

Provides traffic management, authorization, API access control, load balancing, request/response transformation, and analytics/monitoring.

ServiceMesh gateway

istio-ingressgateway

3rd-party

github:/istio/proxy

Network gateway operating on the edge of the Istio service-mesh, receiving incoming HTTP/TCP connections.

Operational user sessions storage

redis:sessions

3rd-party

-

Storage of user JWT tokens

5. Technology stack

The following technologies were used in the design and development of the subsystem:

6. Subsystem quality attributes

6.1. Scalability

The external traffic management subsystem of the registry operational zone supports both horizontal and vertical scalability.

For more details on subsystem scalability, please refer to Container orchestration platform

6.2. Observability

The external traffic management subsystem of the registry operational zone supports logging of incoming requests and collects performance metrics for further analysis through web interfaces of the corresponding Platform subsystems.

For more details on subsystem design, please refer to the relevant sections:

6.3. Portability

The external traffic management subsystem of the registry operational zone can be easily transported, deployed, and reliably managed across different container orchestration platforms in various cloud environments or in proprietary infrastructure within data centers.

For more details, please refer to the Container orchestration platform.