Enterprise Deployment

Enterprise Deployment of Kubernetes

 

The Kubernetes deployment of Panopticon is similar in structure to the Docker Compose deployment, with an added Namespace abstraction layer.

Each namespace represents a completely isolated Panopticon tenant deployment and can be configured to meet specific requirements.

The configuration of the pods running in each namespace is controlled by a Helm Charts package.

 

Cloud Admin

The Cloud Admin app allows self-service creation, updating, deletion, backup, and restoration of Panopticon tenant instances. It is deployed as a namespace alongside the other Panopticon tenants. However, while Panopticon tenants can be configured for any type of authentication (LDAP, SAML, OAuth, Basic), the Cloud Admin app has fixed “superuser” authentication to keep it separate from application users.

Cloud Admin can be configured to operate in two modes:

Mode Description

Cloud Admin

  • Manage multiple tenants

  • Creation of new tenants is allowed

Tenant Admin

  • Manage one single tenant

  • Creation of new tenants is not allowed

 

 

Kubernetes Architecture for a Single Tenant / Namespace

 

 

Kubernetes Architecture in Detail for a Single Tenant /Namespace

The diagram above illustrates the various elements making up a single tenant deployment of Panopticon. It is designed to be scalable, secure, and performant using the industry-standard horizontal and vertical scaling approaches.

  • Ingress performs the functions of Load balancing and SSL termination and allows external traffic to reach the Panopticon server
  • The panoviz service directs all incoming traffic to the pods running Tomcat and Panopticon application deployed to them
  • The Rserve, Python, and MonetDB workloads are not exposed to the external world and are only accessible to the Panopticon application
  • All of the stateful sets support local storage like GP2, Standard, Azure-disk, etc. to store local data and nfs storage for shared content amongst the replicas
  • All of the configurations that can be modified are modeled using Config maps and can be edited or viewed at any time for better maintenance

 

 

 

(c) 2013-2024 Altair Engineering Inc. All Rights Reserved.

Intellectual Property Rights Notice | Technical Support