Product Architecture

Understand the architecture of opencomply

High Level Architecture

opencomply is written in Go and runs on Kubernetes.

Core Services

Integration Service: Facilitate the ability for opencomply to connect with external provided
Compliance Service: Responsible for presenting compliance related
Scheduler Service: Responsible for scheduling Inventory and Compliance related Jobs
CloudQL: Enables the ability to run CloudQL Queries
Core: Provide Metadata and key inventory related information
Auth: Responsible for providing Authentication & Authorization

Additional Services

WebUI - UI for the app. Written in ReactJS
Dex - Used by Authentication service to provide OIDC)
Nginx responsible for routing API calls
NATS - The message bus for the whole platform
Vault - HashiCorp Vault for securely storing and retrieving credentials

Data

Postgres: Primary datastore for the entire product
opensearch: All inventory and compliance data are stored

Workers

In opencomply, "Workers" (most of which are implemented as Kubernetes Jobs) handle various scheduled tasks, such as running discovery, checking compliance, and performing housekeeping. KEDA is used to scale these Jobs, along with other opencomply components.

Compliance Workers: Responsible for executing compliance jobs
Describe Workers: Connects to integrations and
Migrator: Responsible for loading product metadata from git

PreviousFramework NextDeploy on DigitalOcean / Linode

Last updated 1 year ago

hashtagHigh Level Architecture

hashtagopencomply is written in Go and runs on Kubernetes.

hashtagCore Services

hashtagAdditional Services

hashtagData

hashtagWorkers