Connecting a Platform

Before you Begin

This article assumes you've read Intro to Architect for a fundamental understanding of Architect's Service, Environment, and Platform constructs.

Architect asks you to BYOI- bring your own infrastructure. This allows you to choose the infastructure you are most comfortable working with and ensures that your services are always under your control in your cloud. A Platform is Architect's primary abstraction for the connection details and credentials that we require to connect to your infrastructure and deploy services on your behalf. A Platform can support as many Environments as you'd like.

Platform Types

It is a goal of Architect to abstract the infrastructure provider from the Services and even Environments that are running on top. We aim to help you avoid the vendor lock-in that is increasingly common in today's cloud services world. As a result, we intend on supporting as diverse an array of Platform types as possible. Today Architect natively supports any running Kubernetes cluster, whether you are running in GCP, AWS, Azure, or on your own bare-metal servers. And stay tuned for the Amazon ECS platform, it is early on our roadmap and it is our goal to support both their serverless Fargate configurations as well as the more traditional EC2 deployment scheme.

Connecting to a Kubernetes Platform

Architect manages services in your Kubernetes cluster on your behalf using a Kubernetes Service Account. Think of the Service Account as a machine User; it allows Architect to manage your cluster as any normal User might with a simple API token.

You have two options to configuring a Service Account, each method is outlined below:

  • allow the Architect CLI to create a Service Account using kubetcl on your behalf (Recommended)
  • manually create a Service Account and pass the credentials to Architect

Regardless of which mechanism you use, Architect securely stores the credentials using industry best-practices. Once uploaded, the credentials are irretrievable.

Connect using kubectl config

If you have the kubectl CLI installed on your machine and have previously used it to connect to your Kubernetes cluster, Architect can read the configuration details and create a Service Account on your behalf. This happens under the hood in the environment:create flow. Simply select the kubernetes context that points to the cluster to which you'd like to connect and we'll do the rest! You will be prompted to name the Service Account; we recommend naming it architect to distinguish it from any other service accounts you may be operating.

Connect manually

If you'd prefer to create a Service Account manually (we understand the desire for a trustless relationship) then follow the Kubernetes documentation and be sure to note down the following associated secrets:

  • ca.crt
  • token

Then, during the environment:create flow, simply pass them in as flags:

environment:create --cluster_ca_cert="/path/to/the/ca.crt" --service_token="eyJ..."

During Platform configuration, we make a remote call to your platform with the credentials you provided to ensure that we can successfully connect. So assuming this command succeeds, you can be sure that your platform is properly accessible. If you'd like to verify connectivity again at any point in the future, bounce over to the platforms page (https://app.architect.io/your-account/platforms) and click the "Verify Connection" button.