Skip to main content

Orchestr8 Architecture

Overview

Orchestr8 (O8) implements a GitOps-based "App of Apps" pattern for managing enterprise Kubernetes applications. This architecture enables:

  • Namespace Isolation: Each module runs in its own namespace
  • Service Independence: Modules can be deployed, scaled, and updated independently
  • Compliance Ready: Built-in support for SOC2, HIPAA, and other compliance frameworks
  • Enterprise Scale: Designed to handle hundreds of microservices across multiple clusters

Core Principles

1. GitOps Everything

  • All configuration is stored in Git
  • Changes are made through Pull Requests
  • ArgoCD automatically syncs desired state

2. Module Isolation

  • Each module has its own namespace
  • Network policies enforce communication boundaries
  • RBAC limits access between modules

3. Security First

  • Pod Security Standards enforced by default
  • Network policies for all modules
  • Secrets managed through Sealed Secrets or External Secrets Operator

4. Observability Built-in

  • Prometheus metrics for all services
  • Distributed tracing with Jaeger
  • Centralized logging with Fluentd

Architecture Layers

Platform Layer

┌─────────────────────────────────────────┐
│           ArgoCD (GitOps Engine)        │
├─────────────────────────────────────────┤
│    Istio Service Mesh (Traffic Mgmt)   │
├─────────────────────────────────────────┤
│   Security & Compliance (Policies)      │
├─────────────────────────────────────────┤
│     Observability (Metrics, Logs)       │
└─────────────────────────────────────────┘

Application Layer

┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│  VoiceFuse   │ │   Langfuse   │ │  Your App    │
│  Namespace   │ │  Namespace   │ │  Namespace   │
└──────────────┘ └──────────────┘ └──────────────┘

Module Communication

Modules communicate through:

  1. Service Mesh: Istio manages inter-service communication
  2. API Gateway: External traffic routes through ingress
  3. Event Bus: Async communication via NATS/Kafka
  4. Shared Data: PostgreSQL with schema isolation

Deployment Flow

  1. Developer commits changes to module repository
  2. CI/CD builds and pushes container images
  3. ArgoCD detects changes and syncs
  4. Kubernetes applies new configuration
  5. Service mesh handles traffic shifting

Disaster Recovery

  • Backup: Velero backs up all resources
  • Multi-Region: Supports active-active deployments
  • Failover: Automatic failover with health checks
  • Data Recovery: Point-in-time recovery for databases