Loading Software-Architecture/README.md +19 −16 Original line number Diff line number Diff line Loading @@ -4,7 +4,6 @@ This section defines the MEC Sandbox _architecture concepts_ and high-level repr ## Architecture Concepts #### Assumptions & Prerequisites MEC Sandbox... - is based on AdvantEDGE open-source project and re-uses several components - uses Dockers container technology & Kubernetes for orchestration Loading Loading @@ -40,15 +39,15 @@ A common web-service used by a set of users to control the lifecycle of their re - Cardinality - Typically a single global portal - Multiple independent instances possible (ex. development vs production portal) - Security & privacy - MEC Sandbox runs behind a firewall with port 443 (HTTPS) opened - Security, Authentication, Authorization - MEC Sandbox runs behind a firewall - HTTPS requests are directed to an Ingress Controller - Only valid request are routed to the appropriate micro-service - HTTPS terminated at the ingress controller - Authentication using GitHub or GitLab (ETSI Forge EOL) as OAuth providers - Authorization via user roles to authorize HTTP endpoint access - Backend - Backend is divided into a Control plane and a User plane - Controls plane for controlling user sandboxes lifecycle - User plane for routing user specific traffic to its sandbox - User plane for routing user specific traffic to a user sandbox - Each user-sandbox is associated to a dynamically generated UUID for: - naming user-namespace - creating user specific ingress paths (ex: `.../<uuid>/location/...` ) Loading @@ -57,7 +56,6 @@ A common web-service used by a set of users to control the lifecycle of their re A scenario area reserved for a specific user to experiment with MEC Services - Cardinality - Typically a single user-sandbox per signed in user - Multiple user-sandboxes may be allowed for super-users/developers/etc. - Backend - Composed of MEC services and some scenario control micro-services Loading @@ -72,11 +70,13 @@ _Note: MEC Sandbox is a Single Page Application (SPA)_ - Un-authenticated user - can view generic details about MEC Sandbox - can authenticate - can access help resources - can sign-in - Authenticated user - can view generic details about MEC Sandbox - can access help resources - can view & interact with his User Sandbox - can logout - can sign out **2- Sandbox instantiation**<br> - on user successful sign in, portal backend creates user sandbox Loading @@ -85,10 +85,10 @@ _Note: MEC Sandbox is a Single Page Application (SPA)_ - deploys sandbox backend micro-services & resources - opens ingress controller path for user sandbox **3- Sandbox API gets enabled in SPA** - sandbox info is relayed back to SPA - enables the user-sandbox tab in SPA - configures user-sandbox info in SPA **3- Sandbox API gets enabled in frontend** - sandbox info is relayed back to frontend - enables the user-sandbox tab - configures user-sandbox info **4- User configures user-sandbox**<br> - using the browser, user can Loading Loading @@ -118,6 +118,10 @@ _Note: MEC Sandbox is a Single Page Application (SPA)_ - Routes incomming HTTPS request to the correct micro-service (L7 HTTP router) - Docker registry - image registry for the cluster - Cert manager - CA certificate management - Auth service - Authorization control - **Platform Control Subsystem** - Platform controller - Platform control plane for user-sandbox lifecycle management Loading @@ -144,5 +148,4 @@ _Note: MEC Sandbox is a Single Page Application (SPA)_ - **GIS Engine** - Controls run-time GIS aspects of sandbox - **MEC Services** - User location/mobility events/RSSI/etc. - MEC Services - Location / RNIS / BWM / etc. - MEC Services added as the platform evolves Loading
Software-Architecture/README.md +19 −16 Original line number Diff line number Diff line Loading @@ -4,7 +4,6 @@ This section defines the MEC Sandbox _architecture concepts_ and high-level repr ## Architecture Concepts #### Assumptions & Prerequisites MEC Sandbox... - is based on AdvantEDGE open-source project and re-uses several components - uses Dockers container technology & Kubernetes for orchestration Loading Loading @@ -40,15 +39,15 @@ A common web-service used by a set of users to control the lifecycle of their re - Cardinality - Typically a single global portal - Multiple independent instances possible (ex. development vs production portal) - Security & privacy - MEC Sandbox runs behind a firewall with port 443 (HTTPS) opened - Security, Authentication, Authorization - MEC Sandbox runs behind a firewall - HTTPS requests are directed to an Ingress Controller - Only valid request are routed to the appropriate micro-service - HTTPS terminated at the ingress controller - Authentication using GitHub or GitLab (ETSI Forge EOL) as OAuth providers - Authorization via user roles to authorize HTTP endpoint access - Backend - Backend is divided into a Control plane and a User plane - Controls plane for controlling user sandboxes lifecycle - User plane for routing user specific traffic to its sandbox - User plane for routing user specific traffic to a user sandbox - Each user-sandbox is associated to a dynamically generated UUID for: - naming user-namespace - creating user specific ingress paths (ex: `.../<uuid>/location/...` ) Loading @@ -57,7 +56,6 @@ A common web-service used by a set of users to control the lifecycle of their re A scenario area reserved for a specific user to experiment with MEC Services - Cardinality - Typically a single user-sandbox per signed in user - Multiple user-sandboxes may be allowed for super-users/developers/etc. - Backend - Composed of MEC services and some scenario control micro-services Loading @@ -72,11 +70,13 @@ _Note: MEC Sandbox is a Single Page Application (SPA)_ - Un-authenticated user - can view generic details about MEC Sandbox - can authenticate - can access help resources - can sign-in - Authenticated user - can view generic details about MEC Sandbox - can access help resources - can view & interact with his User Sandbox - can logout - can sign out **2- Sandbox instantiation**<br> - on user successful sign in, portal backend creates user sandbox Loading @@ -85,10 +85,10 @@ _Note: MEC Sandbox is a Single Page Application (SPA)_ - deploys sandbox backend micro-services & resources - opens ingress controller path for user sandbox **3- Sandbox API gets enabled in SPA** - sandbox info is relayed back to SPA - enables the user-sandbox tab in SPA - configures user-sandbox info in SPA **3- Sandbox API gets enabled in frontend** - sandbox info is relayed back to frontend - enables the user-sandbox tab - configures user-sandbox info **4- User configures user-sandbox**<br> - using the browser, user can Loading Loading @@ -118,6 +118,10 @@ _Note: MEC Sandbox is a Single Page Application (SPA)_ - Routes incomming HTTPS request to the correct micro-service (L7 HTTP router) - Docker registry - image registry for the cluster - Cert manager - CA certificate management - Auth service - Authorization control - **Platform Control Subsystem** - Platform controller - Platform control plane for user-sandbox lifecycle management Loading @@ -144,5 +148,4 @@ _Note: MEC Sandbox is a Single Page Application (SPA)_ - **GIS Engine** - Controls run-time GIS aspects of sandbox - **MEC Services** - User location/mobility events/RSSI/etc. - MEC Services - Location / RNIS / BWM / etc. - MEC Services added as the platform evolves
