Skip to main content

Infrastructure Integration

This document describes the infrastructure flow for tenant silo sharding in the Aventian SaaS umbrella platform.

It explains how resources are provisioned per tenant, how inter-project connectivity is enabled, and the integration points with the Aventian Meta Database.

Overview

  • Cluster Environment: All tenant silos are deployed on a Google Kubernetes Engine (GKE) cluster hosted in the Aventian GCP project.

  • Node Service (Provisioner): A custom Node.js service listens for new tenant registration requests.

  • Input: Pub/Sub event when a new team registers.

  • Action: Creates tenant-specific resources via a custom Helm chart.

  • Persistence: Stores metadata in Aventian Meta DB.

  • Networking: To enable product GCP projects to connect to the tenant cluster or databases, one-time setup is required:

  • VPC Peering between the product project and Aventian project.

  • DNS Peering for service discovery.

Workflow

  1. Team Registration

    • A new team registers via a product.

    • The product backend publishes a message to Google Pub/Sub.

  2. Provisioning Service Trigger

    • The Aventian Node Service receives the Pub/Sub event.

    • It generates required Kubernetes manifests using a custom Helm chart.

    • Resources are deployed into the postgres namespace inside GKE.

    • Tenant metadata (DB info) is persisted into the Aventian Meta DB.

  3. Network Connectivity Setup

    • By default, product GCP projects cannot access Aventian-managed silos.

    • To establish connectivity:

      • VPC Peering is configured between the product project and Aventian infra project.

      • DNS Peering is set up so product services can resolve internal hostnames for clusters and databases.

  4. Private Access

    • Once peering is configured, product services connect to the tenant silo’s GKE cluster or database using dns host.

    • No public internet exposure is required.

Components

ComponentDescription
Aventian GKE ClusterHosts tenant silos with isolated namespaces.
Node ProvisionerA Node.js microservice that handles tenant resource provisioning.
Pub/Sub TopicEvent bus for team registration messages.
Custom Helm ChartDefines baseline infra resources for each tenant (DB, services, monitoring).
Aventian Meta DBStores tenant metadata, connectivity details, and status.
VPC PeeringOne-time networking setup for cross-project private communication.
DNS PeeringEnsures service discovery across projects.

Integration Steps for Product Teams

  1. Request Access

    Contact the Aventian Team to request VPC and DNS peering setup between your project and Aventian.

  2. Peering Configuration

    Aventian team will configure the following:

    • VPC peering (your project ↔ Aventian project).

    • DNS peering (to resolve cluster and DB hostnames).

  3. Validation

    • Verify that your services can resolve Aventian DB/Cluster hostnames privately (Using a vm try ping of nslookup to test the integration).

    • Ensure traffic does not route over the public internet.

Infra Flow Diagram

Tenant Creation Flow

GCP Aventian Project → GCP Product Project Connectivity & Traffic Flow

Notes

  • Security: All connections are private; public IP exposure is strictly avoided.

  • Scalability: Each tenant is provisioned in a postgres namespace with isolated resources.

  • Support: For integration setup and troubleshooting, contact the Aventian Team.