-
Notifications
You must be signed in to change notification settings - Fork 10.3k
[RAD] Programmable Plaforms #20856
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
[RAD] Programmable Plaforms #20856
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
7,393 changes: 7,393 additions & 0 deletions
7,393
...ages/reference-architecture/programmable-platforms/programmable-platforms-1.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7,421 changes: 7,421 additions & 0 deletions
7,421
...ages/reference-architecture/programmable-platforms/programmable-platforms-2.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7,419 changes: 7,419 additions & 0 deletions
7,419
...ages/reference-architecture/programmable-platforms/programmable-platforms-3.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7,485 changes: 7,485 additions & 0 deletions
7,485
...ages/reference-architecture/programmable-platforms/programmable-platforms-4.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7,449 changes: 7,449 additions & 0 deletions
7,449
...ages/reference-architecture/programmable-platforms/programmable-platforms-5.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7,409 changes: 7,409 additions & 0 deletions
7,409
...ages/reference-architecture/programmable-platforms/programmable-platforms-6.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
120 changes: 120 additions & 0 deletions
120
...tent/docs/reference-architecture/diagrams/serverless/programmable-platforms.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,120 @@ | ||
| --- | ||
| title: Programmable Platforms | ||
| pcx_content_type: reference-architecture-diagram | ||
| products: | ||
| - Workers | ||
| - KV | ||
| sidebar: | ||
| order: 1 | ||
| label: Programmable Platforms | ||
| updated: 2025-03-12 | ||
| --- | ||
|
|
||
|
|
||
| ## Introduction | ||
|
|
||
| A programmable platform is a software ecosystem that enables customers to extend and customize core functionality through code. Unlike traditional SaaS offerings with fixed features, programmable platforms empower customers to build bespoke solutions within the platform's infrastructure, creating unique experiences while leveraging the platform's core capabilities. | ||
|
|
||
| Cloudflare Workers for Platforms provides the ideal infrastructure for building programmable platforms by offering secure, isolated environments where customers can safely execute custom code without compromising the integrity or performance of the underlying platform. | ||
|
|
||
| ## Core Architecture Components | ||
|
|
||
| The Workers for Platforms architecture consists of several key components that work together to provide a secure, scalable, and efficient solution for multi-tenant applications: | ||
|
|
||
| 1. **Dynamic Dispatch Worker**: The entry point for client requests that routes traffic to the appropriate customer-specific worker based on request parameters. | ||
|
|
||
| 2. **Dispatch Namespace**: A logical grouping of customer-specific workers that isolates resources and execution environments. | ||
markdembo marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| 3. **User Workers**: Customer-specific workers that process isolated workloads within their own secure execution context. | ||
markdembo marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| 4. **Storage & Data Resources**: Various data storage options (D1, KV, R2, Durable Objects) that can be isolated per customer. | ||
|
|
||
| 5. **Observability Tools**: Logging and metrics collection services to monitor platform performance and troubleshoot issues. | ||
|
|
||
| ## Main Request Flow | ||
|
|
||
|  | ||
|
|
||
|
|
||
| 1. **Client Request**: A request is sent from a client application to the platform's Dynamic Dispatch Worker. | ||
|
|
||
| 2. **Tenant Identification & Routing**: The Dynamic Dispatch Worker identifies the appropriate customer environment using `env.namespace.get(customer-id)` and routes the request to the corresponding User Worker within the Dispatch Namespace. | ||
|
|
||
| 3. **Isolated Execution**: Each customer's workload runs in an isolated User Worker with its own resources and security boundaries. | ||
|
|
||
| ## Invocation & Metadata Flow | ||
|
|
||
|  | ||
|
|
||
|
|
||
|
|
||
| 1. **Request Routing**: Client requests are directed based on hostname or path patterns: | ||
| - Custom hostnames for specific customers | ||
| - Routing within a shared domain (hostname or path-based) | ||
|
|
||
| 2. **Metadata Lookup**: The Dynamic Dispatch Worker may interact with KV storage to retrieve customer-specific configuration data. | ||
|
|
||
| 3. **Worker Invocation**: Based on the retrieved metadata, requests are routed to the appropriate User Worker in the Dispatch Namespace. | ||
|
|
||
| ## Egress Control Pattern | ||
|
|
||
|  | ||
|
|
||
|
|
||
| 1. **Internal Routing**: The Dynamic Dispatch Worker routes requests to the appropriate User Worker within the Dispatch Namespace. | ||
|
|
||
| 2. **Controlled External Access**: User Workers can make `fetch()` calls to external services through a controlled Outbound Worker. | ||
|
|
||
| 3. **External Service Integration**: The Outbound Worker provides a standardized interface for communicating with external services, allowing for centralized policy enforcement, rate limiting, and audit logging. | ||
|
|
||
| ## Metrics & Logging Architecture | ||
|
|
||
|  | ||
|
|
||
|
|
||
| 1. **Comprehensive Logging**: All Workers in the request flow can send logs to Tail Worker and Logpush services. | ||
|
|
||
| 2. **Metrics Collection**: Performance and usage metrics are captured through Analytics Engine and exposed via GraphQL. | ||
|
|
||
| 3. **Third-party Integration**: Logs and metrics can be exported to various external monitoring and analytics platforms like Datadog, Splunk, Grafana, and others. | ||
|
|
||
| ## Resource Isolation Model | ||
|
|
||
|  | ||
|
|
||
| 1. **Client Request**: Requests are routed through the Dynamic Dispatch Worker. | ||
|
|
||
| 2. **Customer Identification**: The Dynamic Dispatch Worker identifies the appropriate customer environment. | ||
|
|
||
| 3. **Resource Access**: Each User Worker has access only to its customer-specific resources: | ||
| - D1 for relational database storage | ||
| - Durable Objects for strongly consistent data | ||
| - KV for high-read, eventually consistent key-value storage | ||
| - R2 for object storage | ||
|
|
||
| ## Deployment & Management Flow | ||
|
|
||
|  | ||
|
|
||
|
|
||
| 1. **Management Interface**: End users interact with the platform through GUI, API, or CLI interfaces. | ||
|
|
||
| 2. **Platform Processing**: The SaaS provider processes these interactions to: | ||
| - Transform and bundle code | ||
| - Perform security checks | ||
| - Apply configuration | ||
|
|
||
| 3. **API Deployment**: The processed workloads are deployed to the Dispatch Namespace via the Cloudflare REST API. | ||
|
|
||
|
|
||
|
|
||
|
|
||
| ## Conclusion | ||
|
|
||
| Cloudflare Workers for Platforms provides a robust foundation for building multi-tenant SaaS applications with strong isolation, global distribution, and scalable performance. By leveraging this architecture, platform providers can focus on delivering value to their customers while Cloudflare handles the underlying infrastructure complexity. | ||
|
|
||
| ## Related resources | ||
|
|
||
| - [Workers for Platforms: Get started](cloudflare-for-platforms/workers-for-platforms/get-started/) | ||
| - [Workers for Platforms: Outbound Workers](/cloudflare-for-platforms/workers-for-platforms/configuration/outbound-workers/) | ||
| - [Workers for Platforms: Observability](/cloudflare-for-platforms/workers-for-platforms/configuration/observability/) | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.