The COMMONS SERVICES OPERATIONS CENTER (CSOC)
The CSOC architecture leverages industry-standard tools, such as Terraform, AWS CDK, and OpenTofu, to provision and manage complex AWS resources. With a focus on automation, security, and open-source integration, this design supports multi-tenant Gen3 environments across isolated EKS clusters, integrated with Rancher for cluster management and ArgoCD for GitOps-driven application deployment.
Scalable Multi-Cluster Design with
Deploy isolated Gen3 Commons environments across multiple Kubernetes clusters, each with its own secure VPC and dedicated data services.
Centralized Cluster Management
Rancher provides a unified dashboard for managing clusters, enforcing RBAC policies, and securing access to monitoring tools and secrets.
GitOps-Driven Deployments
Leverage ArgoCD to automate deployments from GitHub, ensuring consistency, version control, and streamlined operations for your Gen3 applications.
Data Services Integration
Pre-configured AWS services for object storage, indexing, and relational data - all seamlessly integrated with Gen3 microservices.
This architecture extends the original Gen3 CSOC model with several new components, tools, and design improvements for modern, cloud-native management, scalability, and automation, powered by open-source technologies.
Rancher for Cluster Management: An open-source Kubernetes management platform providing a centralized UI and API for managing multiple downstream Kubernetes clusters, RBAC enforcement, secrets management, and monitoring.
ArgoCD for GitOps Deployments: An open-source GitOps engine enabling declarative, automated application deployments synced from GitHub repositories.
Multiple Infrastructure-as-Code Tools: Supports Terraform, AWS CDK, and OpenTofu for provisioning infrastructure, offering flexibility beyond the standard Terraform used in the original CSOC.
Enhanced Security Components: Integrates with Rancher RBAC for fine-grained access control, providing a robust security layer.
Comprehensive Monitoring & Tooling Layer: Incorporates open-source tools like Prometheus and Grafana for monitoring and visualization, alongside logging pipelines, CI/CD workflows, and auxiliary services for a fully observable system.
GitHub as Source of Truth: Centralizes Helm charts, infrastructure code, and application manifests in GitHub repositories, forming the foundation for ArgoCD-driven automation.
For managing infrastructure and application deployments, we maintain the following repositories:
Infrastructure as Code Repository: This repository stores all Infrastructure-as-Code resources for repeatable deployments of AWS resources and services.
GitOps Deployment Repository: This repository manages GitOps-driven Kubernetes deployments for tooling, applications, and Gen3 workloads.
Please note: These repositories are currently in draft mode and not yet public.