HomeGuidesChangelog
GuidesDiscussionChangelogLog In

Architecture

Team Server system architecture

Gigantum Team Server is a simplified, single-node deployment of the services provided by Gigantum Hub. It provides a centralized place for users to authenticate and sync their Projects and Datasets.

Team Server trades scalability and availability for simplicity in a single node configuration. The high-level system architecture is shown below.

High-level Architecture diagram for Team Server StandardHigh-level Architecture diagram for Team Server Standard

High-level Architecture diagram for Team Server Standard

Virtual Nodes

Team Server runs on two "virtual" Kubernetes nodes, allowing all the same software and tools used by larger SaaS and Enterprise deployments to be utilized as well. At installation time an administrator chooses to use Docker containers or Firecracker microVMs (coming soon) as the backend for these two virtual nodes. The Docker backend provides flexibility that should allow the Team Server to run on most hosts where Docker can run, while the microVM backend (coming soon) can add an additional layer of isolation and improved performance.

External Internet Access

The Team Server installation and update process requires external internet access. The following services are accessed:

  • Gigantum License Service: This is a REST API hosted at https://license.gigantum.com. This service is used to validate license files and exchange licenses for git and container registry credentials as needed.

  • Private GitOps Repository: The Team Server software configuration is maintained using "gitops". Manifests in a git repository hosted at github.com declare the resources that will be deployed. This process allows for easy, automatic updates of complex configurations.

  • Gigantum Container Registry: A container registry maintained by Gigantum that stores private container images used by the Team Server. This registry is hosted in AWS us-east-1.

  • DockerHub: DockerHub is a public container registry that stores some public containers used by the Team Server.

  • Quay: Quay is a public container registry that stores some public containers used by the Team Server.

  • Let's Encrypt: Let's Encrypt is a nonprofit Certificate Authority that provides free TLS certificates. If you do not provide a TLS certificate during the installation process, Let's Encrypt can be used to automatically generate one for you. The primary limiting factor with this approach is that, currently, your host must be open to the public internet on port 80 to accept the inbound ACME challenge request. Once the challenge is successful the temporary route created for this process is removed.

  • Yum Package Repositories: The Team Server software installs software packages from multiple Yum package repositories. The current list includes: download.docker.com, packages.cloud.google.com, mirrorlist.centos.org, and cloud.weave.works.

Team Server network access during installation and updatingTeam Server network access during installation and updating

Team Server network access during installation and updating

Storage

📘

Team Server Standard stores all data on the local file system

Note that all data is stored on the local file system, including backups. Make sure to consider your expected usage and backup frequency when provisioning storage for your Team Server host.

Team Server Standard keeps installation extremely simple with all data being stored on the local host's file system. At install time a data directory is specified (~/.gigactl by default) that contains all the Team Server data. Volume mounts are dynamically created in the ~/.gigactl/data directory for various services as needed, including git storage, database storage, and LFS & dataset objects.

The backup process in Team Server Standard snapshots to the local file system. This means your host must have adequate storage allocated or network attached storage available and configured. The location of the backup directory can be set in the Settings File at install time.

Team Server Pro (coming soon) expands storage options to allow LFS, dataset objects, and backups to be offloaded to external S3-compatible object stores.

User Accounts

By default the Team Server Standard installation uses the bundled GitLab installation as an OAuth2 provider. Users are then created and managed directly using GitLab as outlined in the User Management section. When a user adds a new Team Server to their Gigantum Client they will be redirected to create an account on the server. The authentication flow then remains completely internal to the private network and is controlled by the Team Server.

Team Server Pro (coming soon) can connect to external auth providers via protocols such as OAuth2, SAML, and LDAP.