| title | type |
|---|---|
Overview |
Architecture |
The diagram and steps describe the Kyma Environment Broker (KEB) workflow and the roles of specific components in this process:
-
The user sends a request to create a new cluster with Kyma Runtime.
a. The user sends a request to KEB through Istio VirtualService.
b. Istio redirects the request to the Ory Oathkeeper, which authorizes the request.
c. If the authorization ends with success, the request is redirected to KEB.
-
KEB proxies the request to create a new cluster to the Runtime Provisioner component.
-
Provisioner registers a new cluster in the Director component.
-
Provisioner creates a new cluster and installs Kyma Runtime (for Kyma 1.x).
-
KEB creates a cluster configuration in the Reconciler (for Kyma 2.x).
-
Reconciler installs Kyma (for Kyma 2.x).
-
When the operation is successful, KEB keeps sending a request for a Dashboard URL to the Management Plane (Director):
a. KEB sends a request to Hydra to refresh the OAuth token, if needed.
b. KEB passes the OAuth token to Director through Gateway.
c. Director returns the Dashboard URL to KEB through Gateway. The Dashboard URL is the URL to the newly created cluster.