Automate 2 Architecture
The Automate Gateway serves as the application layer of Chef Automate’s architecture. All public facing requests go through the gateway and authentication/authorization takes place here.
This service collects the initial service configuration from the user. It does everything required to set up Chef Automate initially. The deployment service manages configuration patches, as well.
Configuration Management Service
This service serves all configuration management related information to the API and user interface, including Chef Server action data and Chef Client run data.
This service is the primary ingress event handler for configuration management related events such as Chef Client runs and Chef Server actions. It also manages the data related to these domains, such as cleanup, migration and index initialization.
This service handles InSpec and scan job-related data, including event ingestion and reporting.
This service is responsible for sending notifications based on configured rules in response to events.
License Control Service
This service provides policy information to the rest of the system derived from the license file. It also provides telemetry configuration.
This service provides the API to determine which actions a requestor is allowed to take on in Chef Automate.
This service provides the API to verify a requestor is allowed to interact with Chef Automate.
This service is an API for defining local teams that are used as part of the authorization model for Chef Automate.
This service is used to manage users local to Chef Automate (as opposed to users defined in an external identity provider).
Service securely stores credentials for other services.
Elasticsearch Sidecar Service
This service runs alongside Elasticsearch. It provides common Elasticsearch functionality such as monitoring disk usage and handling index purges.
Dex is a federated OpenID Connect (OIDC) provider that allows Automate to integrate with external identity providers via LDAP, SAML or OpenID Connect.