Objective
This project is designed for professional use, particularly for application services. Its uses are diverse, ranging from a development environment to production. In an IT infrastructure, performance, security, and high availability are factors that define the quality of service.
1. Security
The security of an IT system is based on principles, conventions, and best practices. In an IT infrastructure, units are interconnected and likely exchange information. Most attacks exploit these exchanges to reach their targets. In IT security, network expertise is fundamental.
1.1. Network
In this project, we can see different networks. These segmentations are justified by security. Indeed, the infrastructure communicates mainly through a central network and is not directly accessible from the outside. This network topology strongly protects the system from attacks.
1.2. Certificates and TLS
Encrypted communication is one of the pillars of security. Indeed, encryption in the IT context consists of encoding the data exchanged between two entities. This mechanism makes it difficult to exploit this data. For this, we prioritize TLS exchanges.
1.3. Firewalls
Firewalls are more or less the border police. Indeed, firewalls control and authorize entries and exits. They are active within each server and define network accessibility based on the rules provided to them.
2. High Availability
High availability is an essential factor in IT, particularly in production environments. High availability is defined as the ability to ensure the continuous availability of services. It follows principles and conventions.
2.1. Point of Failure
In a request processing cycle, the request passes through several processing points (web server, proxy, servers, etc.). In case of a blockage at one of these points, the request may fail. From a service perspective, a point of failure, more commonly known as a "Point of Failure," is a point whose malfunction causes the total shutdown of one or more services. In an IT system, points of failure are antagonistic to high availability. The more points of failure exist, the lower the high availability. These are imperative points to eliminate. Replicating instances is one way to bypass them. In this project, we can divide the infrastructure into two:
-
The Kubernetes cluster, which allows exposing services (websites, REST APIs, database dashboards, etc.) to the outside. This type of service must not admit any point of failure, hence the need to replicate them.
-
The cluster management system, which is only used to manage the infrastructure. Among the entities of this system, we can mention monitoring services (Grafana, Prometheus, Consul, etc.) and software factory systems (GitLab, Container Registry, ArgoCD). Indeed, the malfunction of these services is not a fatality for the external user. Their failure only impacts the personnel (administrators, developers, etc.) managing the infrastructure. Therefore, their high availability can be relegated to the background.
2.2. Physical Replication
The physical replication of servers consists of duplicating a physical machine through a Floating
2.3. Application Replication
A good portion of modern applications operate in clustering mode, which is a set of duplicated and interconnected instances providing (relatively) the same services. Other applications are replicable outside of a cluster.
2.3. Kubernetes Masters Replication
In our infrastructure, we have three masters to ensure the high availability of our Kubernetes cluster. These three masters play the same role.
3. Performance
The performance of IT systems is relative to several factors. Performance strongly depends on the resources allocated to each machine. Our machines are calibrated based on usage. For databases and search engines, we use a large configuration, whereas for other machines, we have servers with low energy consumption and somewhat limited resources. Resources are not the only factor affecting performance. The architecture of IT systems and other elements also condition performance.