architecture diagram overview and in depth

docs/README.md

@@ -0,0 +1,7 @@
+# Documentation
+
+In-depth documentations are available in this directory.
+
+## Architecture
+
+See [architecture documentation](https://github.com/CSCfi/HPCS/tree/doc/readme_and_sequence_diagrams/docs/architecture.md).

docs/architecture.md

@@ -0,0 +1,142 @@
+# Architecture
+
+## Current architecture - Overview
+
+```mermaid
+flowchart LR
+
+subgraph UL["User laptop"]
+ HPCSC["HPCS Client"]
+ ULSPA["Spire Agent"]
+end
+
+subgraph SS["Supercomputing Site"]
+ subgraph CN["Compute node"]
+ CNSPA["Spire Agent"]
+ SBATCH["Sbatch"]
+ end
+ LN["Login node"]
+end
+
+subgraph UN["Utility node"]
+ subgraph k8s["Kubernetes cluster"]
+ SPS["Spire Server"]
+ HPCSS["HPCS Server"]
+ SPA["Spire Agent"]
+ Vault
+ end
+end
+
+UL <--"SSH"--> LN
+LN <--"Scheduling"--> CN
+UL <--"HTTPS (HPCS), HTTPS (Vault), TCP (Spire)"--> UN
+CN <--"HTTPS (HPCS), HTTPS (Vault), TCP (Spire)"--> UN
+```
+
+## Current architecture - In depth
+
+```mermaid
+flowchart LR
+
+subgraph UL["User laptop"]
+
+ subgraph HPCSCDP["Data preparation"]
+ HPCSCDPB["HPCS Client"]
+ SPADP["Spire Agent"]
+ end
+
+ subgraph HPCSCCP["Container preparation"]
+ HPCSCCPB["HPCS Client"]
+ SPACP["Spire Agent"]
+ end
+ subgraph HPCSCJP["HPCS Client - Job preparation"]
+ HPCSCJPB["HPCS Client"]
+ end
+end
+
+subgraph SS["Supercomputing Site"]
+ SC["Slurm Controller"]
+ LN["Login nodes"]
+ subgraph PCPU["CPU Partition"]
+ subgraph CN1["Compute node 1"]
+ CN1SBATCH["Sbatch"]
+ CN1SA["Spire Agent"]
+ end
+ subgraph CN2["Compute node 2"]
+ CN2SBATCH["Sbatch"]
+ CN2SA["Spire Agent"]
+ end
+ end
+ subgraph PGPU["GPU Partition"]
+ subgraph CN3["Compute node 3"]
+ CN3SBATCH["Sbatch"]
+ CN3SA["Spire Agent"]
+ end
+ subgraph CN4["Compute node 4"]
+ CN4SBATCH["Sbatch"]
+ CN4SA["Spire Agent"]
+ end
+ end
+end
+
+subgraph UN["Utility node"]
+ subgraph k8s["Kubernetes cluster"]
+ subgraph HPCSP["HPCS Pod"]
+ SPS["Spire Server"]
+ subgraph HPCSSC["HPCS Server Container"]
+ HPCSS["HPCS Server"]
+ SPA["Spire Agent"]
+ end
+ SPO["Spire OIDC"]
+ NI["Nginx Ingress"]
+ end
+ Vault
+ end
+end
+
+SPS <--"UNIX Socket"--> SPO
+SPO <--"UNIX Socket"--> NI
+
+HPCSS <--"CLI + UNIX Socket"--> SPS
+HPCSS <--"PYSPIFFE (UNIX SOCKET)"--> SPA
+
+SPA <--TCP--> SPS
+
+Vault <--"HTTPS"--> NI
+Vault <--"HTTPS (mTLS)"--> HPCSS
+
+LN <--"CLI"--> SC
+
+SC <--"Scheduling"--> PCPU
+SC <--"Scheduling"--> PGPU
+
+SPADP <--"TCP"--> SPS
+SPACP <--"TCP"--> SPS
+
+HPCSCDPB <--"HTTPS (mTLS)"--> HPCSS
+HPCSCCPB <--"HTTPS (mTLS)"--> HPCSS
+
+HPCSCDPB <--"HTTPS"--> Vault
+HPCSCCPB <--"HTTPS"--> Vault
+
+HPCSCCPB <--"CLI/Lib + UNIX Socket"--> SPACP
+HPCSCDPB <--"CLI/Lib + UNIX Socket"--> SPADP
+
+CN1SA <--"TCP"--> SPS
+CN2SA <--"TCP"--> SPS
+CN3SA <--"TCP"--> SPS
+CN4SA <--"TCP"--> SPS
+
+CN1SBATCH <--"HTTPS"--> Vault
+CN2SBATCH <--"HTTPS"--> Vault
+CN3SBATCH <--"HTTPS"--> Vault
+CN4SBATCH <--"HTTPS"--> Vault
+
+HPCSCDPB <--"SSH (As user - Data & Info files)"--> LN
+HPCSCCPB <--"SSH (As user - Container image & Info files)"--> LN
+
+HPCSCJPB --"SSH (As user - SBATCH file & CLI Call to SBATCH)"--> LN 
+LN --"SSH (As user - Info files)"--> HPCSCJPB
+```
+
+This diagram doesn't show the HTTPS requests from client/compute node to HPCS Server used to register the agents since this behaviour is a practical workaround.