Platform Base
This document provides an overview of the core functionalities and design principles of the Rocket Pad Platform.
This document serves as a high-level overview. Refer to specific service documentation for detailed configuration and usage instructions.
Argo CD: Enabling GitOps Workflows
Argo CD plays a pivotal role in implementing GitOps principles within the Rocket Pad Platform. Here's how it facilitates this approach:
- Declarative Infrastructure: Argo CD works with infrastructure described as code (IaC) stored in Git repositories. Developers define the desired state of the infrastructure (e.g., deployments, services) using IaC manifests.
- Versioned and Immutable Source of Truth: Git serves as the single source of truth for your infrastructure and application configurations. All changes are version controlled, allowing for rollbacks and easy auditing.
- Pull-Based Deployments: Argo CD operates in a pull-based manner. It continuously monitors Git repositories for changes and triggers deployments in the Kubernetes cluster when it detects new commits. This ensures the cluster state remains aligned with the desired state defined in Git.
- Automatic Reconciliation: Argo CD constantly reconciles the actual state of the Kubernetes cluster with the desired state defined in Git. If any discrepancies arise, Argo CD automatically applies the necessary changes to bring the cluster back into sync. This ensures continuous delivery and automated rollbacks in case of unintended modifications.
By automating these actions, Argo CD simplifies GitOps workflows and streamlines infrastructure and application management within the Rocket Pad Platform. It empowers developers to focus on building applications while ensuring their deployments are always in sync with the latest configuration stored in Git.
Single Sign-On (SSO) Support with Keycloak
Our Rocket Pad Platform integrates with Keycloak, an open-source identity and access management (IAM) system. Keycloak offers:
- Zero Trust Security: By eliminating reliance on implicit trust, Keycloak enforces granular access controls based on user roles and permissions. This aligns with zero-trust security principles.
- Remote Work Enablement: SSO simplifies authentication across all platform services, regardless of user location. This facilitates seamless remote work experiences.
- GitOps Configuration: Keycloak configuration can be managed as IaC within Git repositories, ensuring consistency and version control for IAM policies.
Pre-Configured Observability Stack
The Rocket Pad Platform features a pre-configured observability stack, enabling developers and operations teams to gain deep insights into platform health and application performance:
- Comprehensive Monitoring: The platform collects logs, metrics, and traces from all deployed services.
- Grafana Integration: Grafana provides a user-friendly interface for visualizing collected data. Users can create custom dashboards for real-time monitoring and troubleshooting.
Hybrid and Private Cloud Deployment
The Rocket Pad Platform offers deployment flexibility:
- Multi-Cloud Support: The platform can be deployed on various cloud providers (e.g. AWS, GCP, Azure and Hetzner) or on bare-metal infrastructure.
- Hybrid Cloud Capable: Deployment across multiple cloud providers is possible, facilitating hybrid cloud architectures.
- Private Cloud Option: For complete isolation and data governance compliance, the Rocket Pad Platform can be set up as a private cloud, ideal for specific industry sectors with stringent data protection regulations.
Open-Source Philosophy
The Rocket Pad Platform core components are open-source, providing several advantages:
- Transparency and Trust: Open source provides the needed trust by allowing you to inspect and understand the platform's codebase.
- Customization and Control: You have the freedom to modify the platform to meet your specific needs.
- Regular Updates and Security Fixes: We push update frequently, add new features and ensure the stability and security of our platform by security patches and provide you with the newest version of our platform.
📄️ Quick Start
On this page a simple deployment of {constants.productName} is being described.
📄️ Requirements and Limitations
The {constants.productName} base consists of many services and operators which add additional resource usage to the basic Kubernetes cluster setup. Also some components might add limitations to the platform. Those limitations and the hardware requirements are described on this page.
📄️ Identity and Access Management
Platform Base includes a Keycloak instance for central identity and access management (IAM). The instance is managed by Kubernetes operators and is stateless to ensure the configuration in Keycloak will not diverge from the configuration in the operator manifests. Therefore the users and groups/roles have to be managed using a separate identity provider. Applications which are part of the platform like Argo CD and Grafana are pre-configured to use single sign-on (SSO) via Keycloak.