|
| 1 | +<<<<<<< HEAD |
1 | 2 | # Architecture |
2 | 3 |
|
3 | 4 | <p align="center"> |
@@ -69,3 +70,77 @@ while those that don't are called _peripheral resources_. |
69 | 70 |
|
70 | 71 | Each resource may also be _persistent_ or _ephemeral_ depending on whether |
71 | 72 | they're destroyed on workspace stop. |
| 73 | +||||||| 555cbd78 |
| 74 | +======= |
| 75 | +# Architecture |
| 76 | + |
| 77 | +<p align="center"> |
| 78 | + <img src="./images/architecture.png" width="700px"> |
| 79 | +</p> |
| 80 | + |
| 81 | +## Agents |
| 82 | + |
| 83 | +An agent is the Coder service that runs within a user's remote workspace. |
| 84 | +It provides a consistent interface for coderd and clients to communicate |
| 85 | +with workspaces regardless of operating system, architecture, or cloud. |
| 86 | + |
| 87 | +It offers the following services along with much more: |
| 88 | + |
| 89 | +- SSH |
| 90 | +- Port forwarding |
| 91 | +- Liveness checks |
| 92 | +- `startup_script` automation |
| 93 | + |
| 94 | +## Service Bundling |
| 95 | + |
| 96 | +While coderd, provisionerd and Postgres can be orchestrated independently, |
| 97 | +our default installation paths bundles them all together into one system service. |
| 98 | +It's perfectly fine to run a production deployment this way, but there are |
| 99 | +certain situations that necessitate decomposition: |
| 100 | + |
| 101 | +- Reducing global client latency (distribute coderd and centralize database) |
| 102 | +- Running untrusted provisioners (separate provisionerd from nodes with DB access) |
| 103 | +- Achieving greater availability and effeciency (horizontally scale individual services) |
| 104 | + |
| 105 | +## coderd |
| 106 | + |
| 107 | +coderd is the service created by running `coder server`. It is a thin |
| 108 | +API to the workspaces and the provisioner. coderd stores all of its state in |
| 109 | +Postgres and is the only service that communicates with Postgres. |
| 110 | + |
| 111 | +It offers: |
| 112 | + |
| 113 | +- Dashboard |
| 114 | +- HTTP API |
| 115 | +- Dev URLs (HTTP reverse proxy to workspaces) |
| 116 | +- Workspace Web Applications (e.g easily access code-server) |
| 117 | +- Agent registration |
| 118 | + |
| 119 | +## provisionerd |
| 120 | + |
| 121 | +provisionerd is the execution context for infrastructure modifying providers. |
| 122 | +At the moment, the only provider is Terraform (running `terraform`). |
| 123 | + |
| 124 | +Since the provisionerd can be separated from coderd, it can run the provider |
| 125 | +in a myriad of ways on the same Coder deployment. For example, provisioners |
| 126 | +can have different `terraform` versions to satisfy the requirements of different |
| 127 | +templates. |
| 128 | + |
| 129 | +Separability is also advantageous for security. Since provisionerd has no |
| 130 | +database access, infrastructure admins that are not necessarily Coder admins |
| 131 | +can be safely given access to the provisionerd node. As Coder scales and |
| 132 | +multiple infrastructure teams appear, each can be given access to their own |
| 133 | +set of provisionerd nodes, with each set of nodes having their own cloud credentials. |
| 134 | + |
| 135 | +## Workspaces |
| 136 | + |
| 137 | +At the highest level, a workspace is a set of cloud resources. These resources |
| 138 | +can be VMs, Kubernetes clusters, storage buckets, or whatever else Terraform |
| 139 | +lets you dream up. |
| 140 | + |
| 141 | +The resources that run the agent are described as _computational resources_, |
| 142 | +while those that don't are called _peripheral resources_. |
| 143 | + |
| 144 | +Each resource may also be _persistent_ or _ephemeral_ depending on whether |
| 145 | +they're destroyed on workspace stop. |
| 146 | +>>>>>>> 606b062a7b1a807ce5a93cf3c6fe059b4e446b71 |
0 commit comments