Architecture
Chef Automate 2 Architecture
Component overview
Automate Gateway
The Automate Gateway serves as the application layer of Chef Automate’s architecture. All public-facing requests go through the gateway, and authentication/authorization occurs here.
Deployment Service
This service collects the initial service configuration from the user. It does everything required to set up Chef Automate initially. The deployment service manages configuration patches, as well.
Configuration Management Service
This service serves all configuration management related information to the API and user interface, including Chef Infra Server action data and Chef Infra Client run data.
Ingest Service
This service is the primary ingress event handler for configuration management related events such as Chef Infra Client runs and Chef Infra Server actions. It also manages the data related to these domains, such as cleanup, migration, and index initialization.
Compliance Service
This service handles InSpec and scans job-related data, including event ingestion and reporting.
Notification Service
This service is responsible for sending notifications based on configured rules in response to events.
License Control Service
This service provides policy information to the rest of the system derived from the license file. It also includes telemetry configuration.
AuthZ Service
This service provides the API to determine which actions a requester is allowed to take on in Chef Automate.
AuthN Service
This service provides the API to verify a requester is allowed to interact with Chef Automate.
Teams Service
This service is an API for defining local teams used as part of the authorization model for Chef Automate.
Users Service
This service manages users local to Chef Automate (as opposed to users defined in an external identity provider).
Session Service
This service stands between the browser and Dex. It acts as an OpenID Connect client to Dex, and uses the Authorization Code Grant Flow.
Secrets Service
Service securely stores credentials for other services.
OpenSearch Sidecar Service
This service runs alongside OpenSearch. It provides standard OpenSearch functionality to monitor disk usage and handle index purges.
Dex
Dex is a federated OpenID Connect (OIDC) provider that allows Chef Automate to integrate with external identity providers via LDAP, SAML, or OpenID Connect.