Before you Begin
This article assumes you've read Intro to Architect for a fundamental understanding of Architect's Service, Environment, and Platform constructs.
Architect asks you to BYOI- bring your own infrastructure. This allows you to choose the infastructure you are most comfortable working with and ensures that your services are always under your control in your cloud. A Platform is Architect's primary abstraction for the connection details and credentials that we require to connect to your infrastructure and deploy services on your behalf. A Platform can support as many Environments as you'd like.
It is a goal of Architect to abstract the infrastructure provider from the Services and even Environments that are running on top. We aim to help you avoid the vendor lock-in that is increasingly common in today's cloud services world. As a result, we intend on supporting as diverse an array of Platform types as possible. Today Architect natively supports any running Kubernetes cluster, whether you are running in GCP, AWS, Azure, or on your own bare-metal servers. And stay tuned for the Amazon ECS platform, it is early on our roadmap and it is our goal to support both their serverless Fargate configurations as well as the more traditional EC2 deployment scheme.
Architect manages services in your Kubernetes cluster on your behalf using a Kubernetes Service Account. Think of the Service Account as a machine User; it allows Architect to manage your cluster as any normal User might with a simple API token.
You have two options to configuring a Service Account, each method is outlined below:
Regardless of which mechanism you use, Architect securely stores the credentials using industry best-practices. Once uploaded, the credentials are irretrievable.
If you have the kubectl CLI installed on your machine and have previously used it to connect to your Kubernetes cluster, Architect can read the configuration details and create a Service Account on your behalf. This happens under the hood in the
environment:create flow. Simply select the kubernetes context that points to the cluster to which you'd like to connect and we'll do the rest! You will be prompted to name the Service Account; we recommend naming it
architect to distinguish it from any other service accounts you may be operating.
If you'd prefer to create a Service Account manually (we understand the desire for a trustless relationship) then follow the Kubernetes documentation and be sure to note down the following associated secrets:
Then, during the
environment:create flow, simply pass them in as flags:
environment:create --cluster_ca_cert="/path/to/the/ca.crt" --service_token="eyJ..."
During Platform configuration, we make a remote call to your platform with the credentials you provided to ensure that we can successfully connect. So assuming this command succeeds, you can be sure that your platform is properly accessible. If you'd like to verify connectivity again at any point in the future, bounce over to the platforms page (https://app.architect.io/your-account/platforms) and click the "Verify Connection" button.