Overview
Compass is a central, multi-tenant system that allows you to connect Applications and manage them across multiple Kyma Runtimes. Using Compass, you can control and monitor your Application landscape in one central place. As an integral part of Kyma, Compass uses a set of features that Kyma provides, such as Istio, Prometheus, Monitoring, and Tracing. It also includes Compass UI Cockpit that exposes Compass APIs to users.
Compass allows you to:
- Connect and manage Applications and Kyma Runtimes in one central place
- Store Applications and Runtimes configurations
- Group Applications and Runtimes to enable integration
- Communicate the configuration changes to Applications and Runtimes
- Establish a trusted connection between Applications and Runtimes using various authentication methods
Compass by design does not participate in direct communication between Applications and Runtimes. It only sets up the connection. In case the cluster with Compass is down, the Applications and Runtimes cooperation still works.
For more information about the Compass architecture, technical details, and components, read the project documentation.
Prerequisites
Installation
Install Compass locally or on a cluster. See the installation document for details.
Testing
Compass uses Octopus for testing both locally and on a cluster. To run the Compass tests, use this script:
./installation/scripts/testing.sh
Usage
Currently, the Compass Gateway is accessible under three different hosts secured with different authentication methods:
https://compass-gateway.{domain}
- secured with JWT token issued by Identity Service, such as Dex
https://compass-gateway-mtls.{domain}
- secured with client certificates (mTLS)
https://compass-gateway-auth-oauth.{domain}
- secured with OAuth 2.0 access token issued by Hydra
You can access Director GraphQL API under the /director/graphql
endpoint, and Connector GraphQL API under /connector/graphql
.
To access Connectivity Adapter, use the https://adapter-gateway.{DOMAIN}
host secured with one-time tokens or https://adapter-gateway-mtls.{DOMAIN}
secured with client certificates (mTLS).