⚡️ Achieving 6x faster tests ⚡️ Learn how to accelerate e2e testing with virtual clusters →
Architecture
Networking

Networking Architecture

This article provides an overview of Uffizzi networking design for virtual and dev clusters, as well as compose environments.

All Uffizzi environments prohibit direct IP connections with all other environments. Your workloads may access the Uffizzi load balancer and the Internet, including other environments that are exposed to the Internet. This is implemented by an IP firewall configured by a NetworkPolicy automatically provisioned for each environment.

Virtual Clusters & Dev Clusters

When you create an Ingress, you may choose for Uffizzi to implement it or implement it yourself. You can read more about these in detail here.

Compose Environments

All containers of a given compose environment are deployed within a single Kubernetes Pod. Containers within this Pod share their IP network stack—including a single IP address. This means that containers within an environment can all reach each other on localhost. This is similar to using Docker's host network.

This also means that containers must coordinate port usage, but this is no different from processes on a workstation or virtual machine. Be careful not to configure two or more containers to bind to the same TCP port.

Ingress & Load Balancing

Every compose environment includes a load balancer that receives incoming HTTPS requests and routes them to the HTTP port specified (opens in a new tab) for the container which receives incoming requests. These load balancers are set up and managed automatically, so you don't need to enable or configure them. The load balancer also handles HTTPS certificates for you; the certificate authority is trusted by all popular web browsers and devices.

The load balancer will also set up an external IP address and DNS record, so you and your stakeholders can access it from anywhere via a public HTTPS URL.

Separate compose environments do not share an internal network, so they may only communicate over the public Internet.

⚠️

Networking Limitations of Compose Environments

  • Only HTTP traffic is forwarded by the load balancer, and only to one container within each compose environment. If your application needs external traffic that is not HTTP, and/or needs to route external traffic to more than one container, please let us know on Slack (opens in a new tab)!

  • Since all containers in a compose deployment exist within a Kubernetes Pod, they necessarily share the same lifecycle. By default, Uffizzi monitors the health of a Pod and will restart containers that fail or otherwise exit. While this design simplifies networking, scaling and other factors, it can lead to unexpected behavior when some of your containers are intended to persist while others terminate by design (such as a migration process). As a workaround, you may need to wrap your process in a shell command to execute sequentially and/or prevent it from terminiating. One-time jobs are on the Uffizzi roadmap to support this use case.

OverviewIsolation