Design Overview
The OSDU SPI Infrastructure deploys on AKS Automatic across three independent layers: infrastructure, foundation operators, and application stacks, each with its own Terraform state and lifecycle.
Infrastructure evolves without redeploying services, operators upgrade independently, and multiple OSDU stacks share the same foundation safely. Upstream Helm charts stay unforked through a local chart with baked-in compliance.
Design Topics
Section titled “Design Topics”How three layers, implemented through four Terraform states, enable independent lifecycle management and multi-stack isolation.
The Azure and AKS foundation: cluster provisioning, PaaS resources, networking, and identity.
The in-cluster middleware layer that OSDU depends on: Elasticsearch, Redis, PostgreSQL, and Airflow.
How OSDU services are packaged using a local Helm chart, deployed via a reusable Terraform module, and controlled with feature flags.
How requests reach services: Gateway API ingress, DNS, TLS, Istio mesh, and async messaging via Service Bus.
The security model from cluster to pod: AKS Deployment Safeguards, Istio mTLS, Workload Identity, and pod security standards.