Ctrlk

Architecture

Comprehensive guide to Highflame's deployment architecture for enterprises

  • Highflame Platform Features:

    • Runtime guardrails for robust agent operations.

    • Typed Cedar policy enforcement ensures secure interactions.

    • Agent identity management for secure authentication.

    • MCP gateway security for protecting communication channels.

    • Model supply chain scanning for integrity verification.

    • Adversarial red teaming to test system defenses.

    • Unified detection and observability layer for comprehensive monitoring.

Deployment Architecture

Overview

Highflame leverages Kubernetes for container orchestration, using Helm charts to streamline application deployments. This approach ensures consistent and repeatable deployments across different cloud infrastructures, enabling high availability and easy scaling.

Key Components

  • Kubernetes Cluster: Acts as the foundational layer, providing the orchestration platform for containerized applications.

  • Helm Charts: Simplifies deployments with pre-configured templates, ensuring version control and facilitating rollback capabilities.

  • Cloud Provider Support: Compatible with AWS, GCP, and Azure, allowing for flexible hosting and integration with native services.

Infrastructure Components

Key Components
Description
Resource Options

Highflame modules

Highflame components for serving

Deployed as Kubernetes pods with high availability configurations, such as Pod Disruption Budgets (PDB) and Horizontal Pod Autoscalers (HPA).

Transactional database

Store the application data

Managed postgres from the cloud providers

Analytical database

Optimize storage for rapid analysis of large datasets.

Clickhouse in kubernetes

Cache system

Optimize application performance by caching data to expedite internal communication.

Redis cluster solution from the cloud providers

Authentication

For Application authentication and authorization

Clerk (Highflame team will setup this at the time of onboarding)

Blob store

Backup store for clickhouse database server from the kubernetes

Cloud native blob stores such as AWS S3, Azure blobe store, Google GCS

Ingress

Application load balancing for accessing the service by the end users

Application load balancer or other load balancer can integrate with kubernetes

Logging system

For storing the logs of the application

Cloud native logging integration with K8s

Infrastructure Requirements

  • Kubernetes Cluster: K8s 1.32+ with minimum 6 worker nodes and Helm 3.x

  • Postgres Server v17.2

  • Redis cluster v7.1

  • Outbound connectivity to

    • ghcr.io for pulling the application images

    • Clerk endpoints for authentication and authorization

  • Recommended Resource Requirements:

    • CPU: 8-16 cores, Memory: 16-32GB per k8s worker nodes

    • Memory: 4 GB per Redis node

    • CPU: 4 vCPU, Memory 8 GB Postgres

Data Security & Encryption

  • All data remains within your network

  • All data in Highflame is encrypted at rest (If your cloud resources are configured to encrypt, such as the Database server, K8s worker nodes, Redis server, etc)

  • Communication between the Highflame services over the ingress uses TLS encryption in transit

  • Highflame service-to-service communication is happening within the K8s cluster and not leaving the K8s

  • Sensitive data, such as an AI model's API keys, is stored in K8s secrets

Highflame Infra Setup

AWSAzureGCP
PreviousTroubleshootingNextAWS

Last updated