CNAP

AppDat’s “Cloud-native Access Point” (CNAP) #

AppDat provides a centralized, cloud-native, access point for cloud resources hosted on any of the three major cloud platforms: Google Cloud Platform, Amazon Web Services and Azure. This core service provides the platform with fully managed, automation centric, dynamic, Domain Name System (DNS) that is also integrated with a mutual TLS (mTLS) management system integrated with the nonprofit Certificate Authority: Let’s Encrypt launch .

As a core service the AppDat CNAP provides platform tenants with turn key DNS and mTLS capabilities for all their cloud based resources that need HTTPS accessibility.

Overview Diagram #

AppDat Core Services

Cloud DNS #

AppDat base DNS services are managed with GCP’s Cloud DNS launch . NASA has provided AppDat with a delegated DNS zone around appdat.jsc.nasa.gov which allows AppDat to automatically provision subdomains off this core NASA DNS for tenants. Around this AppDat has a created a standard operational model for routing DNS traffic across the fleet of kubernetes clusters managed by the platform. This convention is understood as:

https://*.{{tenant}}.{{environment}}.appdat.jsc.nasa.gov

Examples of each node could be understood as:

  • “tenant” - The name of the tenant organization. (“eva”, “sti”, “mmod”. etc…)
  • “environment” - The environment name. (“production”, “staging”)

Cloud DNS entries are routed to kubernetes clusters provisioned by AppDat on behalf of tenants where the wildcard (*) routing is handled downstream by an Ingress Controller, described in the next section.

Nginx Ingress Controller #

AppDat manages the ingress to all cloud resources through platform managed Kubernetes NGINX-Ingress Controllers launch . Cloud DNS entries are configured as described above with the specific resource routing being handled by the NGINX-Ingress Controller within the cluster or even to resources located externally.

Cert-Manager #

In conjunction with the Nginx-Ingress Controller, AppDat integrates the powerful and extensible X.509 certificate controller: Cert-Manager launch . Cert-manager obtains certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry. AppDat generally utilizes Lets Encrypt as the primary public Issuer.