Architecture

Signadot consists of a Web-based Dashboard, a public API and a Kubernetes Operator. You create Workspaces using the Dashboard or API.

Workspaces are accessed via public Preview URLs managed by Signadot that provide connectivity and routing to Services deployed in Workspaces.

Connecting Clusters to Signadot

As shown in the diagram below, when you install the Signadot Operator in a cluster, it establishes a secure connection to Signadot's tunnel server. Once this communication channel is set up, Signadot enables you to manage the lifecycle of Workspaces in that cluster through the Dashboard or API. You can connect multiple clusters to Signadot.

"Forking" Deployments

The Signadot operator "forks" baseline deployments into Workspaces. These forked deployments live in the same Kubernetes cluster along with the baseline versions without conflict.

Accessing Preview URLs

Preview URLs are created and hosted by Signadot and provide a way to access the services within the Kubernetes clusters. They offer several benefits over traditional methods of accessing services within Kubernetes:

  • Signadot acts like an identity-aware proxy that allows Preview URLs to be accessed with a single click, securely from anywhere, without a VPN or port-forwarding, by anyone in your organization.
  • Signadot enables access to internal services without exposing any ports to the internet or incurring additional load-balancer charges.
  • New Workspaces are immediately accessible as soon as they're created, without having to configure any new infrastructure (DNS, TLS certs, load-balancers, etc.) for each one.
  • Requests to Preview URLs automatically include the headers used to dynamically route requests to services in Workspaces as described in Dynamic Routing.

Did this page help you?