Platform Documentation
Welcome to the documentation for our cloud management platform. This document provides a comprehensive overview of the platform's core concepts, resources, and guidance on how to utilize them to design systems for various applications. By the end of this documentation, you will have a clear understanding of how projects, servers, security groups, networks, and routers are interrelated and can be utilized effectively.
Concepts
1. Projects
A project serves as the primary organizational unit in the platform. Projects are containers for all resources such as servers, networks, security groups, and routers. Each project has:
- An account for billing and payments.
- A set of resources that belong to it.
- Access control, with an owner and additional members.
Default Project: The default project supports only server and SSH key resources. It is designed as a simpler starting point or for quick tasks where managing networks, routers, or security groups is unnecessary.
Use Case: Projects allow you to logically separate resources for different teams, applications, or environments (e.g., development, staging, production).
2. Servers
Servers are virtual machines (VMs) that provide the compute power for your applications. A server can have the following attributes:
- CPU, RAM, and storage configuration (determined by the flavor selected during creation).
- Attached networks, providing connectivity to other resources.
- Associated SSH keys for secure access.
- Security groups to enforce firewall rules.
Use Case: Servers can host application servers, databases, APIs, or any other workload requiring compute resources.
3. Security Groups
Security Groups act as virtual firewalls for your servers and other resources. Each security group defines a set of rules that:
- Allow or deny traffic based on protocol (e.g., TCP, UDP).
- Specify port ranges and IP address prefixes.
- Apply to incoming (ingress) or outgoing (egress) traffic.
Use Case: For example, you can create a security group that allows HTTP (port 80) and HTTPS (port 443) traffic to a web server while blocking all other incoming connections.
4. Networks
Networks provide isolated communication channels for resources within a project. Each network:
- Can have subnets defined by CIDR blocks.
- Allows servers and other resources to communicate within a private space.
- Can be linked to routers for external connectivity.
Use Case: A private network can be used for inter-server communication, such as between an application server and a database.
5. Routers
Routers connect private networks to external networks (e.g., the internet). They:
- Route traffic between subnets within a project.
- Provide external connectivity to resources by linking them to public networks.
- Enable the assignment of floating IPs for internet-accessible servers.
Use Case: A router allows servers in a private network to access the internet or communicate with external services.
Using the Platform
Step 1: Setting Up a Project
- Create a new project.
- Add team members to the project for collaboration.
- Make an initial payment to ensure resources can be provisioned.
Step 2: Creating Resources
1. Creating a Network
- Define the network name and CIDR block (e.g., 192.168.1.0/24).
- Optionally, link the network to a router for external connectivity.
2. Creating a Router
- Assign a name to the router.
- Link the router to a public network for internet access.
- Attach private networks to the router for inter-network communication.
3. Creating a Server
- Choose a flavor based on the desired CPU, RAM, and storage configuration.
- Attach the server to one or more networks.
- Select an SSH key for secure access.
- Assign a security group to enforce traffic rules.
4. Configuring Security Groups
- Define ingress and egress rules based on the application’s requirements.
- Apply the security group to servers to enforce these rules.
System Design Examples
Example 1: Basic Web Application
- Setup:
- One server for the web application.
- A security group allowing HTTP (port 80) and HTTPS (port 443) traffic.
-
A private network connected to a public network via a router.
-
Outcome:
- The web server is accessible from the internet.
- Internal traffic between servers is secure and isolated.
Example 2: Multi-Tier Architecture
- Setup:
- A private network with two subnets:
- Web subnet: Hosts web servers.
- Database subnet: Hosts database servers.
- Two security groups:
- Web security group: Allows traffic on HTTP and HTTPS from external clients.
- Database security group: Allows traffic only from the web subnet.
-
A router for external connectivity.
-
Outcome:
- Secure separation between web and database layers.
- Restricted access to the database.
Example 3: Kubernetes Cluster for Containerized Applications
- Setup:
- Multiple servers to form the cluster (e.g., one master and two workers).
- Security groups allowing Kubernetes API traffic and inter-node communication.
-
A private network for internal traffic.
-
Outcome:
- A fully functional Kubernetes cluster ready to host containerized workloads.
Best Practices
- Resource Isolation: Use separate projects for different environments (e.g., dev, staging, production).
- Network Design: Ensure private networks are used for internal communication to improve security.
- Security: Apply the principle of least privilege when defining security group rules.
- Monitoring and Optimization: Regularly monitor resource usage and optimize configurations to reduce costs.
FAQ
1. Can I move resources between projects?
No, resources are tied to the project they were created in. However, you can replicate configurations in another project.
2. How are payments managed?
Payments are made at the project level. Ensure the project account has sufficient balance to avoid resource interruptions.
3. Can I assign a floating IP to a server?
Yes, floating IPs can be assigned to servers connected to a router with access to a public network.
Contact Support
For further assistance, please contact our support team at support@faxter.com.