servicedemon/README.org

#+TITLE: Service Demon
#+AUTHOR: Adam Mohammed


Service Demon is a centralized configuration provider for Nautilus services.

This provides a way to do k8s native application deployment in a way that's simple
and requires almost no configuration on the client.


Service Demon runs in k8s and expects a service agent to be deployed alongside
your application.


** Workflow

This demon (playing off of "daemon") hosts an application registration process that,
the our agent is aware of. By simply deploying the agent in your namespace, it will kick off
the application registration process. On completion, the agent is able to respond to commands
from the configuration service to update k8s resources that your application can rely on.


The agent on deploy, will use TLS certificates generated for your applications ingress to
announce itself as an application that wishes to be registered.

Once the app announces that it would like to be registered, an authorized human must approve
the application.

Once the approval goes through, the application is registered, and can start to request application
configuration manifests.

The agent will fetch the manifests it needs and store them by talking to the k8s api. It will create
configuration maps, secrets, and other resources as necessary.


From there a client library loaded into your application will know how to read those manifests
and provide some baseline functionality to your service.


** Motivation

Although microservices are autonomous, they rely on common infrastructure to
reduce the operational overhead on the team maintaining them. Right now,
Nautilus has trouble performing authentication and authorization checks,
particularly between services.

By using a central configuration store, we can deploy and manage authorization policies
centrally, and push them down to the active services, so we can control authorization at runtime.