Infrastructure Special Interest Group

Capabilities of hybrid cloud platform (functional architecture)

Core container platform

• Self-service portal
• Multi-tenancy (isolation between security zones / values streams)
• Container registry
• Kubernetes support
• Knative support (FaaS)
• Trusted and up to date base images for popular tools/frameworks/middleware
• Host affinity (e.g. graphics cards for ML).

Hybrid cloud

• Cloud-bursting
• Single management pane
• Supported for major cloud vendors

Networking

• Ingress gateway / load balancer
• Service Mesh
• API Gateway
• Software-defined networking
• Secure access to network zones in classic stack

Storage

• CSI support (Container Storage Interface)
• Hot/cool/cold storage tiers (operational/archive/disaster recovery)

Security

• Secrets management (e.g. Vault integration)
• SSO (OpenID Connect service)
• PKI service (with local CA)
• Container security & vulnerability scanning
• Automated infra provisioning, repave underlying nodes
• CIS benchmark for underlying nodes
• Intrusion detection

Observability

• Monitoring/metrics (OpenMetrics, Prometheus Stack)
• Central logging (Elasticsearch)
• Distributed tracing (Jaeger)

CI/CD

• CI/CD support
• K8S-native CI/CD pipelines
• GitOps framework, support for composite application services

Support

• Generally supported by commercial third party vendors (e.g. middleware, databases, low code platforms)
• Generally available knowledge/training
• Should run on development devices (shift-left)

Data infra as a service (vision: Data Mesh; will share more as vision / use cases evolve)

• Event Log (Kafka): for event-driven microservices, integration, IoT streams
• Object Store (S3, e.g. Minio): cloud-native alternative to file systems; message store for claim-check pattern
• Cloud-friendly RDBMS (e.g. Postgres)
• Wide-column database (e.g. Cassandra): for discrete time series vectors
• Graph DB (e.g. Neo4j): for provenance