Mendix for Private Cloud Architecture
Table of contents
How Are Mendix Environments Operated?
Mendix for Private Cloud allows you to host Mendix apps on your Kubernetes-based private cloud. To do so, you need to add the Mendix Operator and, optionally, the Mendix Gateway Agent. The Mendix Operator automates the operation of Mendix app environments and the Mendix Gateway Agent supports secure communication between your cloud and the Mendix Platform.
Mendix for Private Cloud is based on the Kubernetes native operator framework, making the Mendix Operator responsible for the provisioning, building, deployment, and scaling of Mendix applications and minimizing the intervention of a human operator. To perform all these activities, the Mendix Operator leverages your infrastructure, such as database servers, file storage, image registry, and networking, but you control how they will be used by setting the proper configuration of the Mendix Operator.
On the Mendix Platform, to allow the developers to interact with the Kubernetes-based private cloud using the Developer Portal, a bi-directional secured connection is established between the Mendix Gateway Agent and the Interactor running on the Mendix Developer Portal. This connection is generated by the Mendix Gateway Agent so there is no need to open incoming ports and expose your Kubernetes-based private cloud over the internet. This maximizes your cloud security while keeping the ease of use of the Mendix platform.
How Do I Plan My App Environments?
The Mendix Operator is installed in a namespace of a Kubernetes-based private cloud cluster. Each namespace can have a single Mendix Operator, but this can operate multiple app environments. You can also install Mendix Operators in different namespaces of the same Kubernetes-based private cloud cluster. Mendix For Private Cloud uses Kubernetes namespaces to distribute the app environments to achieve the level of security and release management that you need. A single Mendix Operator controls all the app environments in the same namespace.
You can see the relationship between the Mendix app environments and the Kubernetes namespaces in the image below.
There is no single correct way to distribute the Mendix app environments across your Kubernetes-based private cloud. What you do depends on your security model and how you do release management. For examples of how to implement different app environment schemas, please see Environment Planning for Private Cloud Clusters.
How Are Air-Gapped Scenarios Supported?
Mendix for Private Cloud standalone supports air-gapped scenarios, where data within the Kubernetes-based private cloud cannot leave the private network for security or compliance reasons. Because there is no internet connection, the Mendix Developer Portal cannot be accessed. This means that some Mendix platform capabilities such as local source version control and CI/CD must be moved into the private network. These can be implemented alongside the Mendix Operator to fill the gap left when the Mendix platform activities are removed. Mendix consultancy services can help you define these if you need advice.
How Does the Developer Portal Support Development Roles?
The Developer Portal is set up so that different users have their own roles in setting up the deployment of Mendix apps to a Kubernetes-based private cloud. The roles are split into cluster management and app environment management, and each user is given a role which gives access to the page which allows them them to perform the required operations.
Cluster Manager Page
This page is for the users with a role which makes them responsible for managing and controlling the Kubernetes-based private cloud used to host Mendix apps. It supports cluster wide activities, such as:
- Installation and upgrade of Mendix for Private Cloud components (Mendix Gateway Agent and Mendix Operator)
- Management of the access given to fellow developers
- Provision of links to metering and logging to make them available in the Mendix Developer Portal
App Environment Management
This page is for app developers to manage the app environments hosted in a Kubernetes-based private cloud to which they have access. The user experience parallels that of other Mendix deployment models, such Mendix Cloud or SAP BTP. The user has access only to the features approved by the Cluster manager.
What Is the App Operations Experience?
The operation experience is defined by the metering & logging tools available in your Kubernetes-based private cloud. It is up to the cluster manager to set the access points for the tools which are hosted on your site. This allows the developers to navigate to them from the Mendix Developer Portal, simplifying the operation of your apps.
