Architecture Overview

System Architecture

The Intelligent Command Center (ICC) is designed as a cloud-native, microservices-based control plane for managing and optimizing Kubernetes applications. It follows modern architectural patterns to ensure scalability, reliability, and maintainability.

Core Components

1. Main Service

The main orchestrator that coordinates the following ICC operations:

• API Gateway - RESTful API for all client interactions
• Authentication & Authorization - OAuth2/OIDC integration
• Service Mesh - Inter-service communication and load balancing
• Event Bus - Asynchronous message processing

2. Data Layer

ICC uses multiple specialized databases for different concerns:

• PostgreSQL Databases:

  • Activities Database - Audit logs and system events
  • Cluster Manager Database - Kubernetes cluster state
  • Control Plane Database - Core configuration and metadata
  • User Manager Database - User accounts and permissions
  • Scaler Database - Autoscaling rules and metrics
  • Compliance Database - Policy and compliance data
  • Cron Database - Scheduled job definitions
  • Cold Storage Database - Historical data archival
  • Trafficante Database - Traffic routing and analysis

• Caching Layer:

  • Valkey for application caching
  • Elasticache (AWS) for managed caching solutions

4. Application Integration

Applications integrate with ICC through:

• WattPro Runtime (@platformatic/wattpro) - Node.js runtime wrapper
• Telemetry Agent - Metrics and log collection
• Service Discovery - Automatic registration and health checking

Communication Patterns

Service-to-Service Communication

• Synchronous: RESTful APIs for real-time operations
• Asynchronous: Event-driven architecture for background processing
• Streaming: WebSockets for real-time updates to UI

External Integrations

• Prometheus: Metrics ingestion via PromQL
• Kubernetes API: Direct integration for cluster management
• OAuth Providers: GitHub, Google for authentication

Deployment Architecture

Kubernetes Deployment

ICC deploys as a set of Kubernetes resources:

┌───────────────────────────────────────┐
│           Kubernetes Cluster          │
├───────────────────────────────────────┤
│  ┌──────────────┐  ┌─────────────┐    │
│  │  ICC         │  │ Machinist   │    │
│  │  - API       │  │  - Worker   │    │
│  │  - UI        │  │  - Monitor  │    │
│  │  - Services  │  │             │    │
│  └──────────────┘  └─────────────┘    │
│                                       │
│  ┌──────────────────────────────┐     │
│  │     Application Pods         │     │
│  │   (with WattPro runtime)     │     │
│  └──────────────────────────────┘     │
└───────────────────────────────────────┘

Security Architecture

Authentication

• OAuth2/OIDC for user authentication
• Service accounts for machine-to-machine communication
• Session management with secure tokens

Authorization

• Role-Based Access Control (RBAC)
• Fine-grained permissions per resource
• Audit logging of all actions

Network Security

• TLS encryption for all communications
• Network policies for pod-to-pod communication
• Secret management via Kubernetes secrets

Scalability Patterns

Horizontal Scaling

• Stateless services for easy scaling
• Load distribution across instances
• Auto-scaling based on metrics

Monitoring and Observability

Metrics Collection

• Application metrics via Prometheus
• System metrics from Kubernetes
• Custom business metrics

Logging

• Centralized logging architecture
• Structured logging format
• Log aggregation and analysis

Tracing

• Distributed tracing for request flow
• Performance bottleneck identification
• Error tracking and debugging

Technology Stack

Backend

• Node.js: Primary runtime
• TypeScript: Type-safe development
• PostgreSQL: Primary database
• Valkey: Caching layer

Frontend

• React: User interface framework
• TypeScript: Type-safe frontend
• WebSockets: Real-time updates

Infrastructure

• Kubernetes: Container orchestration
• Helm: Package management
• Docker: Containerization
• Prometheus: Monitoring