foundation-techstack

PURPOSE

This project space is dedicated to the prototyping of Foundation TechStack initial version. Main goal is to validate the compatibility of technologies set assembly, their promises reality and to support the acceptance step (step 2) of the demonstrator V0

PROTOTYPE PERIMETER

EVALUATED SET

| TECHNOLOGY | VERSION | COMMENTS | HELP / SUPPORT | | :— | :— | :— | :— | | ReactBootstrap |v2.5.0 (Bootstrap 5.2)|POC state: OK build/run with ReactJS|- Getting started| | ReactJS |18.2.0|POC state: OK build/run based on NodeJS sdk|- Documentations
- Node.js and NPM installation
- Node.js documentation
- react-keycloak/web
- keycloak-js| | Eclipse Vert.x Event Bus Client |1.0.0-3-SNAPSHOT|@vertx/eventbus-bridge-client.js NodeJS module used with ReactJS|- NodeJS tutorial and libraries usage examples documentation | | Eclipse Vert.x SockJS Client |1.6.1|Library version 1.6.1 used from Babel script; version 1.0.0-3 library of vertx/eventbus-bridge-client.js used from ReactJS over NodeJS module| | | NodeJS |16.17.0|Used as application container of Frontend UI server
- Integrate NPM 8.15.0 version
- POC state: OK build/run| | | Eclipse Vert.x Web |4.3.2|POC state: OK build/run on Eclipse Temurin JRE|- Documentation| | Eclipse Vert.x Core |4.3.2|POC state: OK build/run with Eclipse Temurin JDK/JRE|Jackson Databind 2.13 required for POJO/JSON mapping of event via Redis channels
- Documentation
- JDK 1.8+
- GitHub project
- Vert.x Vault
- Kafka Connector
- Lettuce messaging plugin with Redis
- Vert.x OAuth2 Provider| | Eclipse Vert.x Redis Client |4.3.2|POC state: OK build/run with Vert.x Core and Redis server|- Documentation| | Eclipse Vert.x JWT |4.3.2|POC state: OK build/run with Vert.x Core|- vertx-auth-jwt extension module| | Eclipse Vert.x OAuth2 Provider |4.3.2|POC state: OK build/run with Vert.x Core|- vertx-auth-oauth2 extension module documentation| | Lettuce Client |6.2.0|POC state: OK build/run with Vert.x Core and Redis server|- Documentation| | Eclipse Vert.x Kafka Client |4.3.2|POC state: OK build/run with Vert.x kafka client and Kafka server|- Documentation| | Apache Directory Server |2.0.0| |- Apache directory studio LDAP browser| | midPoint | | |- Installation requirements
- Docker Alpine image installation
- Tutorial| | Vault | | |- docker image
- Installations
- Helm example
- Vault Helm Charts| | Keycloak |18.0.2|POC state: OK build/run|- based on Bitnami Docker image
- Extensions
- Theming extension with React
- PostgreSQL (14.0.5 version) docker image based on Debian
- “keycloak-js” adapter| | PostgreSQL |14.0.5|POC state: OK build/run under Bitnami Docker image| | | Redis |7.0.4-alpine|POC state: OK build/run based on Bitnami docker image|- Documentations
- Official Docker Hub image of Redis 7| | Apache Kafka |2.7.0|POC state: OK build/run, based on Debian, and linked via Zookeeper|- Documentations| | Apache Flink | | |- Installation
- Visualizer web app
- Redis Connector
- Connectors| | Telegraf Agent | | |- Documentation| | InfluxDB | | |- Installation| | Apache Zookeeper |3.6.2|POC state: OK build/run based on Bitnami docker image including Debian 10|- Documentation
- Java example
- Standalone local instance installation| | Eclipse Temurin JRE |JDK/JRE 11.0.15|POC state: OK build/run with Linux Alpine|- OpenJDK distribution from Adoptium
- Installation of Eclipse Adoptium Temurin JDK
- Official images for OpenJDK binaries built by Eclipse maintained by Adoptium
| | Linux Alpine OS |3.16.0|POC state: OK build/run with Docker| | | Linux Debian OS |10|POC state: OK build/run with Docker| | | Docker |Engine 20.10.17, Compose v2.6.1|POC state: OK image build and run over docker-compose|- Documentations| | MicroK8s | | |- Snapd install|

TARGETED ACTIONS

• Installation of each technology according to the Foundation architecture;
• Test of configuration per technology allowing their technical collaboration;
• Implementation of a basic test (e.g HelloWorld) with basic source codes allowing to check the good integration between each technology;
• Update of results and observations into the technology stack analysis page of Demonstrator V0.

PROTOTYPE IMPLEMENTATION

SYSTEMS BOUNDARY

A specific systems area is built and prepared for execution test as Proof-Of-Concept (POC) of integrated technologies.

The main applications focused for the POC is:

• Asset Control application as deployable CYBNITY system including a sample of read capability (e.g read a sample of asset description)
  • Frontend UI server (asset control UI frontend implementation module) as UI system;
  • Backend UI server (asset control UI backend implementation module) as server-side backend system;
  • Domain Gateway server (asset control application implementation module) as domain application services layer system managing stateless anti-corruption layer;
  • RTS Computation Unit server (asset control RTS computation unit implementation module) as domain model system providing domain feature about Asset.

The main infrastructure services focused for the POC are:

• For integration tests between UI layer’s components and application layer
  • Users Interactions broker (users interactions infrastructure implementation module) as UI layer’s collaboration area.
• For integration tests between collaboration spaces and gateway layer
  • Domains Interactions broker
• For check of security integration tests between applicative systems
  • Access Control SSO server (access control and Single-Sign-On infrastructure implementation module) as security manager of frontend access;
  • Identities & Access management server (identity and access management infrastructure implementation module) as UIAM system;
  • Secret management server (secret management infrastructure implementation module) as strong-box system.
• For check of tracking capabilities regarding systems
  • Event Logging server (event logging infrastructure implementation module) as activity/event logs store.

flowchart LR
    subgraph domain[Access Control Domain]
        frontui[Frontend UI server]:::system --> backend[Backend UI server]:::system;
        backend --> uispace[(Users Interactions broker)]:::techcomp;
        gateway[Domain Gateway server]:::system --> domainspace[(Domains Interactions broker)]:::techcomp;
        rtscomput[RTS Computation Unit server]:::system --> domainspace;
    end
    subgraph infrastructure[Infrastructure Services]
        sso[Access Control SSO server]:::techsys --> secret[Secret management server]:::techsys;
        idm[Identities & Access management server]:::techsys;
        logging[Event Logging Server]:::techsys;
    end
    backend -.-> idm;
    backend -.-> sso;
    uispace -.-> logging;
    gateway --> uispace;
    domain:::area -.-> infrastructure:::area;

	classDef system fill:#3a5572,stroke:#3a5572,color:#fff;
	classDef techcomp fill:#fff,stroke:#3a5572,color:#3a5572;
	classDef techsys fill:#e5302a,stroke:#e5302a,color:#fff;
	classDef area fill:#fff,stroke:#3a5572,color:#3a5572,stroke-width:1px,stroke-dasharray: 5 5;

SYSTEMS IMPLEMENTATION PROJECTS

The implementation projects are managed over several sub-directories:

• proto-asset-control regarding CYBNITY prototyped domains;
• proto-infrastructures regarding the technical and transversal services.

TECHNOLOGY

Several technologies are selected into the stack version for implementation of components and systems.

SYSTEM	TYPE	TECHNOLOGIES	COMMENTS	STATUS
Asset Control FrontEnd UI server	Web Reactive FrontEnd	- Google Chrome web browser - ReactBootstrap - Keycloak js module - ReactJS Vert.x Event Bus Client - NodeJS	Keycloak authentication integrated, with SSO token reused for collaboration with independent (CORS approach) other systems	Integration & runtime OK with Vert.x event bus client ensuring call to Asset Control Backend UI server (with SSO token collected during user’s authentication) POSTPONED: HTTPS support, packaged Docker image, MicroK8s execution
Asset Control Backend UI server	Reactive BackEnd Server	-Vert.X Event Bus Client - Vert.x Web - Vert.x Redis client - OAuth2 auth provider - Vert.x Core - Temurin JVM - Alpine Linux OS - Docker Image - MicroK8s	JSON/HTTPS over SSO	Integration & runtime OK with Vert.x web module, Reactive ensured by Babel for html/css/js frontside, Keycloak server for accessToken check (got by connected user from FrontEnd server) used during event bus usage POSTPONED: HTTPS support, packaged Docker image, MicroK8s execution
Asset Control & SSO server	Security Services	- Keycloak - PostgreSQL database - OpenJDK JVM - Debian Linux OS - Docker Image - MicroK8s	Token management for front/backend’s user access	POSTPONED: HTTPS configuration, MicroK8s execution
Identities Access Management server	Security Services	- midPoint - Apache Directory Server - Temurin JVM - Alpine Linux OS - Docker Image - MicroK8s	Include test account allowing call of Access domain read feature, and access check by application layer when coming from UI layer	POSTPONED
Secret Management server	Security Services	- Vault - Ubuntu OS - Docker Image - MicroK8s	Test of storage/retrieve of user token used by Asset Control & SSO server	POSTPONED
Users Interactions broker	Users Interactions Space	- Redis Cluster - Telegraf Agent - Alpine Linux OS - Docker Image - MicroK8s	Telegraf agent (plugin for Redis cluster) push monitoring to Event Logging Server	Redis/Linux/Docker integration & runtime OK POSTPONED: Redis cluster mode with multiple instances, Telegraf agent, MicroK8S
Event Logging server	Logging	- InfluxDB - Ubuntu OS - Docker Image - MicroK8s	Logs repository regarding Redis instances’ activities	POSTPONED
Areas & Assets Protection Domain Gateway server	Domains Gateway Server	- Java POJO, JSON message - Zookeeper Client - Lettuce client library to Redis - Vert.x Core - Kafka Connector - Temurin JVM - Alpine Linux OS - Docker Image - MicroK8s	2 gateway simulated in only one instance for POC AREAS & ASSETS PROTECTION BOUNDARY Sample code which expose AAP UI capability api channel, and integrate the command/query events (e.g validate a request parameter like “command type, recipient domain”) of UI layer to domain, and execute the requested feature (e.g download of report UI capability) or delegate event when received on its API channel but supported by another domains (e.g asset control gateway server) ASSET CONTROL BOUNDARY Sample code which expose asset control api channel, integrate the command/query events of UI layer to dedicated domain, and forward the security features execution (e.g read of an asset description) via delegation to a RT computation unit (e.g domain model of Asset Control implementing the Security Feature named Asset); Java Processor/Consumer as domain application service layer	Integration & runtime OK POSTPONED: SSO integration
Domains Interactions Space cluster	Events Broker (Domains Interactions Space)	- Kafka Broker instances -Zookeeper Registries cluster (3 instances) - Debian OS - Docker Image - MicroK8s	Kafka and Zookeeper clusters are Bitnami images based on Debian 10 OS; Kafka cluster managed/administration (e.g topics, consumers) via an instance of CMAK web server	Kafka/Zookeeper/Linux/Docker integration & runtime OK
RTS Computation Unit server	Real-Time Stream Computation Unit	- Apache Flink - Zookeeper Client - Kafka Connector - Flink CEP - Temurin JVM - Docker Image	Asset feature java implementation with Flink; Flink CEP test for command chain pattern implementation that build the Asset description requested by the UI layer and provider by the Domain model	- Vert.x/Kafka/JVM/Docker integration & runtime OK POSTPONED: Flink

This site is open source. Improve this page.