Platform Architecture

Purpose: For platform engineers, explains the end-to-end system design covering YAML config → infrastructure → Kubernetes → GitOps manifests → running services.

Architecture Overview

openCenter transforms a single YAML configuration into a production-ready Kubernetes cluster through a multi-stage pipeline:

Pipeline Stages

Stage 1: Configuration

The cluster configuration YAML defines:

Infrastructure provider (OpenStack, VMware, Baremetal, Kind)
Node topology (control plane, workers)
Kubernetes version and settings
Platform services to deploy
Security policies

Stage 2: Generation

The CLI generates:

Terraform/OpenTofu: Infrastructure-as-code for the target provider
Kubespray Inventory: Ansible inventory with security hardening
FluxCD Manifests: GitOps configuration pointing to gitops-base

Stage 3: Provisioning

Terraform provisions:

Virtual machines or cloud resources for automated providers
Network configuration
Load balancers
Storage volumes

For VMware and Baremetal, openCenter can also operate against pre-provisioned hosts where the infrastructure lifecycle stays outside the tool.

Stage 4: Kubernetes Deployment

Kubespray deploys:

HA control plane (3 nodes)
Worker nodes
Calico CNI
ContainerD runtime
Security hardening (PSA, admission controllers)

Stage 5: GitOps Reconciliation

FluxCD continuously reconciles:

Platform services from gitops-base
Customer applications from managed-services
Security policies and configurations

Key Design Principles

Declarative Configuration: Everything defined in Git
Separation of Concerns: Infrastructure, Kubernetes, and applications managed independently
Security by Default: Hardened configurations out of the box
Extensibility: Kustomize overlays for customization

Architecture Overview​

Pipeline Stages​

Stage 1: Configuration​

Stage 2: Generation​

Stage 3: Provisioning​

Stage 4: Kubernetes Deployment​

Stage 5: GitOps Reconciliation​

Key Design Principles​