Merge pull request #5 from faroshq/arch.changes

mjudeikis · web-flow · commit dd63b50f6930 · 2026-04-15T11:18:44.000+03:00
Reverse arch
diff --git a/src/components/Architecture.astro b/src/components/Architecture.astro
@@ -1,22 +1,20 @@
 ---
 const layers = [
   {
-    id: 'infrastructure',
-    number: '01',
-    title: 'Infrastructure',
-    subtitle: 'Bare metal to compute-ready Kubernetes',
-    description: 'Automated provisioning, networking, storage, GPU, and VM support on commodity hardware.',
-    color: 'blue',
-    gradient: 'from-blue-600 to-blue-500',
+    id: 'production',
+    number: '03',
+    title: 'Production',
+    subtitle: 'Billing, monitoring & day-2 operations',
+    description: 'Everything needed to run as a production service — metering, observability, backup, TLS.',
+    color: 'indigo',
+    gradient: 'from-indigo-600 to-indigo-500',
     components: [
-      { name: 'Metal3', badge: 'CNCF Sandbox', url: 'https://metal3.io' },
-      { name: 'Ubuntu 24.04 LTS', badge: 'Open Source', url: 'https://ubuntu.com/server' },
-      { name: 'Cluster API', badge: 'CNCF Incubating', url: 'https://cluster-api.sigs.k8s.io' },
-      { name: 'Kube-OVN', badge: 'CNCF Sandbox', url: 'https://kubeovn.github.io/docs/' },
-      { name: 'Rook-Ceph', badge: 'CNCF Graduated', url: 'https://rook.io' },
-      { name: 'KubeVirt', badge: 'CNCF Incubating', url: 'https://kubevirt.io' },
-      { name: 'NVIDIA GPU Operator', badge: 'Open Source', url: 'https://github.com/NVIDIA/gpu-operator' },
-      { name: 'gVisor', badge: 'Open Source', url: 'https://gvisor.dev' },
+      { name: 'OpenMeter', badge: 'Open Source', url: 'https://openmeter.io' },
+      { name: 'Prometheus', badge: 'CNCF Graduated', url: 'https://prometheus.io' },
+      { name: 'Grafana', badge: 'Open Source', url: 'https://grafana.com/oss/grafana' },
+      { name: 'VictoriaMetrics', badge: 'Open Source', url: 'https://victoriametrics.com' },
+      { name: 'Velero', badge: 'CNCF Incubating', url: 'https://velero.io' },
+      { name: 'cert-manager', badge: 'CNCF Incubating', url: 'https://cert-manager.io' },
     ],
   },
   {
@@ -29,26 +27,27 @@ const layers = [
     gradient: 'from-cyan-600 to-cyan-500',
     components: [
       { name: 'kcp', badge: 'CNCF Sandbox', url: 'https://kcp.io' },
-      { name: 'Cloud Operator', badge: 'Open Source', url: 'https://github.com/faroshq/neocloud' },
+      { name: 'Reference Architecture', badge: 'Open Source', url: 'https://github.com/faroshq/neocloud' },
       { name: 'Zitadel IAM', badge: 'Open Source', url: 'https://zitadel.com' },
-      { name: 'Cloud APIs', badge: 'Open Source' },
     ],
   },
   {
-    id: 'production',
-    number: '03',
-    title: 'Production',
-    subtitle: 'Billing, monitoring & day-2 operations',
-    description: 'Everything needed to run as a production service — metering, observability, backup, TLS.',
-    color: 'indigo',
-    gradient: 'from-indigo-600 to-indigo-500',
+    id: 'infrastructure',
+    number: '01',
+    title: 'Infrastructure',
+    subtitle: 'Bare metal to compute-ready Kubernetes',
+    description: 'Automated provisioning, networking, storage, GPU, and VM support on commodity hardware.',
+    color: 'blue',
+    gradient: 'from-blue-600 to-blue-500',
     components: [
-      { name: 'OpenMeter', badge: 'Open Source', url: 'https://openmeter.io' },
-      { name: 'Prometheus', badge: 'CNCF Graduated', url: 'https://prometheus.io' },
-      { name: 'Grafana', badge: 'Open Source', url: 'https://grafana.com/oss/grafana' },
-      { name: 'VictoriaMetrics', badge: 'Open Source', url: 'https://victoriametrics.com' },
-      { name: 'Velero', badge: 'CNCF Incubating', url: 'https://velero.io' },
-      { name: 'cert-manager', badge: 'CNCF Incubating', url: 'https://cert-manager.io' },
+      { name: 'Metal3', badge: 'CNCF Sandbox', url: 'https://metal3.io' },
+      { name: 'Ubuntu 24.04 LTS', badge: 'Open Source', url: 'https://ubuntu.com/server' },
+      { name: 'Cluster API', badge: 'CNCF Incubating', url: 'https://cluster-api.sigs.k8s.io' },
+      { name: 'Kube-OVN', badge: 'CNCF Sandbox', url: 'https://kubeovn.github.io/docs/' },
+      { name: 'Rook-Ceph', badge: 'CNCF Graduated', url: 'https://rook.io' },
+      { name: 'KubeVirt', badge: 'CNCF Incubating', url: 'https://kubevirt.io' },
+      { name: 'NVIDIA GPU Operator', badge: 'Open Source', url: 'https://github.com/NVIDIA/gpu-operator' },
+      { name: 'gVisor', badge: 'Open Source', url: 'https://gvisor.dev' },
     ],
   },
 ];
@@ -175,7 +174,7 @@ const colorMap: Record<string, { ring: string; bg: string; text: string; glow: s
         </div>
 
         <!-- Connecting lines between layers -->
-        <div class="absolute left-10 top-0 bottom-0 w-px pointer-events-none hidden md:block" style="background: linear-gradient(180deg, transparent, rgba(59,130,246,0.15) 20%, rgba(6,182,212,0.15) 50%, rgba(99,102,241,0.15) 80%, transparent);"></div>
+        <div class="absolute left-10 top-0 bottom-0 w-px pointer-events-none hidden md:block" style="background: linear-gradient(180deg, transparent, rgba(99,102,241,0.15) 20%, rgba(6,182,212,0.15) 50%, rgba(59,130,246,0.15) 80%, transparent);"></div>
       </div>
 
       <!-- Hardware base -->
diff --git a/src/pages/architecture.astro b/src/pages/architecture.astro
@@ -5,6 +5,100 @@ import Footer from '../components/Footer.astro';
 import '../styles/global.css';
 
 const layers = [
+  {
+    id: 'production',
+    number: '03',
+    title: 'Production Layer',
+    subtitle: 'Billing, monitoring & day-2 operations',
+    color: 'indigo',
+    gradient: 'from-indigo-600 to-indigo-500',
+    description: `The production layer is everything you need to run the platform as a real service. Metering and billing so you can charge tenants. Observability so you can debug problems. Backup so you can recover from failures. TLS automation so certificates don't expire at 3 AM. This layer is what separates a demo from a product.`,
+    projects: [
+      {
+        name: 'OpenMeter',
+        url: 'https://openmeter.io',
+        badge: 'Open Source',
+        role: 'Usage metering & billing',
+        why: 'OpenMeter ingests usage events (CPU hours, GPU time, storage bytes, network transfer) and aggregates them into billable meters. It handles the hard part of cloud billing: event deduplication, windowed aggregation, and real-time usage reporting. Connect it to Stripe or your billing system for invoicing. Without metering, you can\'t run a sustainable cloud.',
+        alternatives: 'Amberflo (SaaS, proprietary), custom metering (complex and error-prone). OpenMeter is open source and purpose-built for usage-based billing.',
+      },
+      {
+        name: 'Prometheus',
+        url: 'https://prometheus.io',
+        badge: 'CNCF Graduated',
+        role: 'Metrics collection',
+        why: 'Prometheus scrapes metrics from every component in the stack — kubelet, Kube-OVN, kcp, operators, and application workloads. It\'s the universal metrics standard in the Kubernetes ecosystem. Every project in this stack exposes Prometheus metrics natively, making it the obvious choice for platform-level monitoring.',
+        alternatives: 'Datadog (SaaS, expensive at scale), InfluxDB (less ecosystem integration). Prometheus is the CNCF standard and has the deepest Kubernetes integration.',
+      },
+      {
+        name: 'Grafana',
+        url: 'https://grafana.com/oss/grafana',
+        badge: 'Open Source',
+        role: 'Dashboards & visualization',
+        why: 'Grafana provides operator dashboards for platform health, capacity planning, and tenant resource usage. It connects to Prometheus, VictoriaMetrics, and logs to give a unified view. Pre-built dashboards exist for every component in the stack.',
+        alternatives: 'Kibana (Elastic-oriented), Chronograf (InfluxDB-oriented). Grafana is the most flexible and has the largest dashboard ecosystem.',
+      },
+      {
+        name: 'VictoriaMetrics',
+        url: 'https://victoriametrics.com',
+        badge: 'Open Source',
+        role: 'Long-term metrics storage',
+        why: 'Prometheus is great for real-time metrics but struggles with long-term retention at scale. VictoriaMetrics provides a Prometheus-compatible remote write target with superior compression, query performance, and storage efficiency. Keep months of metrics without the storage cost.',
+        alternatives: 'Thanos (more complex multi-cluster setup), Cortex (heavier). VictoriaMetrics is the simplest path to scalable long-term storage.',
+      },
+      {
+        name: 'Velero',
+        url: 'https://velero.io',
+        badge: 'CNCF Incubating',
+        role: 'Backup & disaster recovery',
+        why: 'Velero backs up Kubernetes resources and persistent volumes to object storage (S3-compatible, which Rook-Ceph provides). Scheduled backups, cross-cluster restores, and migration support. For a cloud platform, this protects both the platform state and tenant data.',
+        alternatives: 'Kasten (Veeam, proprietary), custom etcd snapshots (insufficient). Velero is the Kubernetes-native standard for backup.',
+      },
+      {
+        name: 'cert-manager',
+        url: 'https://cert-manager.io',
+        badge: 'CNCF Incubating',
+        role: 'TLS certificate automation',
+        why: 'cert-manager automates the issuance and renewal of TLS certificates from Let\'s Encrypt (or internal CAs). Every tenant domain, every API endpoint, every webhook — all get valid TLS without manual intervention. In a cloud platform with hundreds of tenant domains, manual certificate management is impossible.',
+        alternatives: 'Manual cert management (doesn\'t scale), Caddy (embedded use only). cert-manager is the standard for Kubernetes TLS automation.',
+      },
+    ],
+  },
+  {
+    id: 'platform',
+    number: '02',
+    title: 'Platform Layer',
+    subtitle: 'Multi-tenant cloud APIs via kcp',
+    color: 'cyan',
+    gradient: 'from-cyan-600 to-cyan-500',
+    description: `The platform layer is what turns infrastructure into a cloud. Tenants interact with high-level APIs — creating VMs, notebooks, storage — without ever seeing the underlying Kubernetes primitives. They get isolated workspaces with their own RBAC, resource quotas, and API surface. The platform controls the abstraction boundary.`,
+    projects: [
+      {
+        name: 'kcp',
+        url: 'https://kcp.io',
+        badge: 'CNCF Sandbox',
+        role: 'Multi-tenant control plane',
+        why: 'kcp provides logical clusters (workspaces) on a single Kubernetes API server. Each tenant gets their own isolated workspace with its own set of APIs, RBAC, and resources — without needing a dedicated Kubernetes cluster. This is the core innovation: instead of cluster-per-tenant (expensive) or namespace-per-tenant (weak isolation), kcp gives workspace-per-tenant with full API-level isolation.',
+        alternatives: 'vCluster (virtual clusters, more overhead), raw namespaces (insufficient isolation). kcp is purpose-built for multi-tenant cloud APIs.',
+      },
+      {
+        name: 'Reference Architecture',
+        url: 'https://github.com/faroshq/neocloud',
+        badge: 'Open Source',
+        role: 'Cloud operators & APIs',
+        why: 'The reference architecture provides the bridge between kcp workspaces and infrastructure — operators that reconcile tenant resources (VMs, storage, networking) into running infrastructure, plus a set of opinionated Cloud APIs (CRDs) that abstract Kubernetes primitives so tenants never see pods, nodes, or PVCs. When a tenant creates a VirtualMachine in their workspace, the operator provisions it via KubeVirt and reports status back. Designed to be forked and adapted to your specific cloud offering.',
+        alternatives: 'Build your own from scratch using controller-runtime and CRDs. The reference architecture saves you months of boilerplate and gives you proven patterns to extend.',
+      },
+      {
+        name: 'Zitadel IAM',
+        url: 'https://zitadel.com',
+        badge: 'Open Source',
+        role: 'Identity & access management',
+        why: 'Zitadel provides OIDC/OAuth2 authentication, user management, and organization-level multi-tenancy. It handles user registration, login flows, MFA, service accounts, and API keys. Each tenant organization maps to a kcp workspace, giving you unified identity across the platform. It\'s self-hosted, fully open source, and built for exactly this use case.',
+        alternatives: 'Keycloak (heavier, Java-based), Auth0 (SaaS, proprietary). Zitadel is lighter, Go-based, and has native multi-tenancy.',
+      },
+    ],
+  },
   {
     id: 'infrastructure',
     number: '01',
@@ -80,106 +174,6 @@ const layers = [
       },
     ],
   },
-  {
-    id: 'platform',
-    number: '02',
-    title: 'Platform Layer',
-    subtitle: 'Multi-tenant cloud APIs via kcp',
-    color: 'cyan',
-    gradient: 'from-cyan-600 to-cyan-500',
-    description: `The platform layer is what turns infrastructure into a cloud. Tenants interact with high-level APIs — creating VMs, notebooks, storage — without ever seeing the underlying Kubernetes primitives. They get isolated workspaces with their own RBAC, resource quotas, and API surface. The platform controls the abstraction boundary.`,
-    projects: [
-      {
-        name: 'kcp',
-        url: 'https://kcp.io',
-        badge: 'CNCF Sandbox',
-        role: 'Multi-tenant control plane',
-        why: 'kcp provides logical clusters (workspaces) on a single Kubernetes API server. Each tenant gets their own isolated workspace with its own set of APIs, RBAC, and resources — without needing a dedicated Kubernetes cluster. This is the core innovation: instead of cluster-per-tenant (expensive) or namespace-per-tenant (weak isolation), kcp gives workspace-per-tenant with full API-level isolation.',
-        alternatives: 'vCluster (virtual clusters, more overhead), raw namespaces (insufficient isolation). kcp is purpose-built for multi-tenant cloud APIs.',
-      },
-      {
-        name: 'Cloud Operator',
-        url: 'https://github.com/faroshq/neocloud',
-        badge: 'Open Source',
-        role: 'Reconciliation engine',
-        why: 'The Cloud Operator is the bridge between kcp workspaces and infrastructure. When a tenant creates a VirtualMachine resource in their workspace, the Cloud Operator watches that resource, provisions the actual VM via KubeVirt on the infrastructure cluster, and reports status back. It\'s the controller pattern applied to cloud services — declarative resources in, running infrastructure out.',
-        alternatives: 'This is custom to Sovereign Stack. You could build your own using controller-runtime, but this gives you the patterns and CRDs to start.',
-      },
-      {
-        name: 'Zitadel IAM',
-        url: 'https://zitadel.com',
-        badge: 'Open Source',
-        role: 'Identity & access management',
-        why: 'Zitadel provides OIDC/OAuth2 authentication, user management, and organization-level multi-tenancy. It handles user registration, login flows, MFA, service accounts, and API keys. Each tenant organization maps to a kcp workspace, giving you unified identity across the platform. It\'s self-hosted, fully open source, and built for exactly this use case.',
-        alternatives: 'Keycloak (heavier, Java-based), Auth0 (SaaS, proprietary). Zitadel is lighter, Go-based, and has native multi-tenancy.',
-      },
-      {
-        name: 'Cloud APIs',
-        role: 'Custom-built APIs for your cloud',
-        why: 'The platform ships with a set of reference APIs — VMs, compute, notebooks, storage, networking — that give you a starting point, not a final answer. These are opinionated abstractions over Kubernetes primitives so tenants never see pods, nodes, or PVCs. They\'re designed to be forked and adapted to your specific cloud offering. Contributions are welcome — this is not set in stone.',
-        alternatives: 'Build your own from scratch using controller-runtime and CRDs. The reference APIs save you months of boilerplate and give you proven patterns to extend.',
-      },
-    ],
-  },
-  {
-    id: 'production',
-    number: '03',
-    title: 'Production Layer',
-    subtitle: 'Billing, monitoring & day-2 operations',
-    color: 'indigo',
-    gradient: 'from-indigo-600 to-indigo-500',
-    description: `The production layer is everything you need to run the platform as a real service. Metering and billing so you can charge tenants. Observability so you can debug problems. Backup so you can recover from failures. TLS automation so certificates don't expire at 3 AM. This layer is what separates a demo from a product.`,
-    projects: [
-      {
-        name: 'OpenMeter',
-        url: 'https://openmeter.io',
-        badge: 'Open Source',
-        role: 'Usage metering & billing',
-        why: 'OpenMeter ingests usage events (CPU hours, GPU time, storage bytes, network transfer) and aggregates them into billable meters. It handles the hard part of cloud billing: event deduplication, windowed aggregation, and real-time usage reporting. Connect it to Stripe or your billing system for invoicing. Without metering, you can\'t run a sustainable cloud.',
-        alternatives: 'Amberflo (SaaS, proprietary), custom metering (complex and error-prone). OpenMeter is open source and purpose-built for usage-based billing.',
-      },
-      {
-        name: 'Prometheus',
-        url: 'https://prometheus.io',
-        badge: 'CNCF Graduated',
-        role: 'Metrics collection',
-        why: 'Prometheus scrapes metrics from every component in the stack — kubelet, Kube-OVN, kcp, operators, and application workloads. It\'s the universal metrics standard in the Kubernetes ecosystem. Every project in this stack exposes Prometheus metrics natively, making it the obvious choice for platform-level monitoring.',
-        alternatives: 'Datadog (SaaS, expensive at scale), InfluxDB (less ecosystem integration). Prometheus is the CNCF standard and has the deepest Kubernetes integration.',
-      },
-      {
-        name: 'Grafana',
-        url: 'https://grafana.com/oss/grafana',
-        badge: 'Open Source',
-        role: 'Dashboards & visualization',
-        why: 'Grafana provides operator dashboards for platform health, capacity planning, and tenant resource usage. It connects to Prometheus, VictoriaMetrics, and logs to give a unified view. Pre-built dashboards exist for every component in the stack.',
-        alternatives: 'Kibana (Elastic-oriented), Chronograf (InfluxDB-oriented). Grafana is the most flexible and has the largest dashboard ecosystem.',
-      },
-      {
-        name: 'VictoriaMetrics',
-        url: 'https://victoriametrics.com',
-        badge: 'Open Source',
-        role: 'Long-term metrics storage',
-        why: 'Prometheus is great for real-time metrics but struggles with long-term retention at scale. VictoriaMetrics provides a Prometheus-compatible remote write target with superior compression, query performance, and storage efficiency. Keep months of metrics without the storage cost.',
-        alternatives: 'Thanos (more complex multi-cluster setup), Cortex (heavier). VictoriaMetrics is the simplest path to scalable long-term storage.',
-      },
-      {
-        name: 'Velero',
-        url: 'https://velero.io',
-        badge: 'CNCF Incubating',
-        role: 'Backup & disaster recovery',
-        why: 'Velero backs up Kubernetes resources and persistent volumes to object storage (S3-compatible, which Rook-Ceph provides). Scheduled backups, cross-cluster restores, and migration support. For a cloud platform, this protects both the platform state and tenant data.',
-        alternatives: 'Kasten (Veeam, proprietary), custom etcd snapshots (insufficient). Velero is the Kubernetes-native standard for backup.',
-      },
-      {
-        name: 'cert-manager',
-        url: 'https://cert-manager.io',
-        badge: 'CNCF Incubating',
-        role: 'TLS certificate automation',
-        why: 'cert-manager automates the issuance and renewal of TLS certificates from Let\'s Encrypt (or internal CAs). Every tenant domain, every API endpoint, every webhook — all get valid TLS without manual intervention. In a cloud platform with hundreds of tenant domains, manual certificate management is impossible.',
-        alternatives: 'Manual cert management (doesn\'t scale), Caddy (embedded use only). cert-manager is the standard for Kubernetes TLS automation.',
-      },
-    ],
-  },
 ];
 
 const badgeStyles: Record<string, string> = {
