# Architecture Diagram

{% @mermaid/diagram content="graph TD
%% Define Distinct Subgraph Backgrounds for Better Contrast
style WorkloadCluster fill:#C7D5E0,stroke:#6D8299,stroke-width:2px,color:#333333
style Private fill:#D2DFE8,stroke:#6D8299,stroke-width:1px,color:#333333
style ControlCluster fill:#B3C2CF,stroke:#6D8299,stroke-width:2px,color:#333333
style BehindIngress fill:#C0CDD8,stroke:#6D8299,stroke-width:1px,color:#333333

```
%% Define Node Styles with More Contrast
classDef uniformNode fill:#A4B6C5,stroke:#495866,stroke-width:1px,color:#333333;
classDef specialNode fill:#7C9CBF,stroke:#495866,stroke-width:1px,color:#333333;

%% Define Arrow Color and Increased Stroke Width
linkStyle default stroke:#333333,stroke-width:2.5px;

%% Define Subgraphs
subgraph WorkloadCluster ["Workload Cluster"]
    subgraph Private ["No Ingress"]
        A["Workload Agent<br>&#91DaemonSet&#93<br>Generates metrics<br>and runs diagnostics"]:::uniformNode
        C["Metrics Forwarder<br>&#91Prometheus Instance&#93<br>Collects & forwards metrics to Thanos"]:::uniformNode
        B["Workload Manager<br>&#91Deployment&#93<br>Relay between the<br>Control Cluster and K8s API"]:::uniformNode
        D["Relay Client<br>&#91Deployment&#93<br>Relays requests from Control Cluster"]:::uniformNode
    end
end

subgraph ControlCluster ["Control Cluster"]
    E["Ingress<br>&#91Ingress&#93<br>Routes external requests and terminates TLS"]:::specialNode
    subgraph BehindIngress ["Behind Ingress"]
        F["Redis<br>&#91StatefulSet&#93<br>Persistent Data Store"]:::uniformNode
        G["Control API<br>&#91Deployment&#93<br>Entrypoint for web and CLI"]:::uniformNode
        H["Relay Server<br>&#91Deployment&#93<br>Workload cluster relay"]:::uniformNode
        I["Metrics Aggregator<br>&#91Thanos Instance&#93<br>Stores and queries metrics"]:::uniformNode
        K["Control SSO<br>&#91Deployment&#93<br>Session Management"]:::uniformNode
        L["Control IdP<br>&#91Deployment&#93<br>User Authentication"]:::uniformNode
        J["Control Portal<br>&#91Deployment&#93<br>Cluster Dashboard"]:::uniformNode
    end
end

Z["Web Browser"]:::specialNode

%% Connections with Enhanced Contrast for Arrows
E -->|Session Validation| K
K -->|Token Validation| L
E -->|User Authentication| L
A -->|Gathered Metrics| C
F -->|Relay configuration| H
G -->|Metric Queries| I
G -->|Workload cluster requests| H
E -->|Forwarded Metrics| I
C -->|Forwarded Metrics<br>#91;HTTPS&#93| E
B -->|Join Request<br>#91;HTTPS&#93| E
E -->|Join Request| G
E -->|API Requests| G
D -->|Relayed Requests| B
D -->|Relay Client<br>#91;TLS&#93| E
E -->|Relay Client| H
G -->|User & Cluster Data| F
E -->|Web Portal| J
Z -->|API Requests<br>#91;HTTPS&#93| E
Z -->|Web Portal<br>#91;HTTPS&#93| E" %}
```