How it works

Signadot consists of a Web-based Dashboard, a public API and a Kubernetes Operator. You create Workspaces using the Dashboard or API. Workspaces contain customized versions of one or more Services that you wish to validate/test in isolation.

Workspaces are accessed via Preview URLs managed by Signadot. Preview URLs are authenticated public URLs that provide connectivity and routing to Services deployed in Workspaces.

Connecting Clusters to Signadot

As shown in the diagram below, when you install the Signadot Operator in a cluster, it establishes a secure connection to Signadot's tunnel server. Once this communication channel is set up, Signadot enables you to manage the lifecycle of Workspaces in that cluster through the Dashboard or API. You can connect multiple clusters to Signadot.

Deploying customized versions of Services

You can deploy customized versions of Services from a source branch or Pull Request into a Workspace. These Services can have code and/or configuration changes and live in the same Kubernetes cluster along with the baseline versions of Services without conflict.

By only deploying services that have changed in Workspaces you realize the following benefits:

  • Test every change in isolation against stable baseline versions of all the other services.
  • Enable Workspaces at scale that can be spun up quickly and at low cost.
  • Reuse shared components across Workspaces that are already deployed in the environment, including 3rd party integrations.

Accessing Previews

Signadot Previews provide a way to access the services within Workspaces, including internal services that are not exposed outside the cluster.

Signadot Preview URLs offer several benefits over traditional methods of accessing services within a Kubernetes cluster:

  • Signadot acts like an identity-aware proxy that allows Preview URLs to be accessed with a single click, securely from anywhere, without a VPN or port-forwarding, by anyone in your organization.
  • Signadot enables access to internal services without exposing any ports to the internet or incurring additional load-balancer charges.
  • New Workspaces are immediately accessible as soon as they're created, without having to configure any new infrastructure (DNS, TLS certs, load-balancers, etc.) for each one.
  • Preview URL requests automatically embed the headers used to dynamically route requests to services in Workspaces as described in Dynamic Routing.

Did this page help you?