Active-Active Dual-Datacenter Architecture with OPA and ETCD

Cloud Architecture · flowchart diagram · unknown license

A high-availability, active-active dual-datacenter architecture featuring APISIX gateway, CMS, OPA, RAG services, etcd, and managed databases for robust co

Source: https://github.com/ReachAnup/Configuration-Management-Service-OPA-ETCD-Bundle-Architecture/blob/d165ab5cf294f485b0c60b9a894505bee02f45d5/readme/readme18.md
Curated by ReachAnup
Cloud Architecture High Availability Disaster Recovery Microservices API Gateway OPA etcd

Mermaid source

graph TD
    %% Users
    PLATFORM_ADMIN[Platform Admin]
    PROJECT_USER[Project User]

    %% Network Layer
  LB[Load Balancer HA Pair]

    %% DC1
  subgraph DC1[Datacenter 1 Active]
    APISIX1[APISIX Gateway]
    CMS1[CMS Service]
    OPA1[OPA Service]
    RAG1[RAG Service]
    ETCD1[etcd]
    VDB1[Vector DB]
  end

    %% DC2
  subgraph DC2[Datacenter 2 Active]
    APISIX2[APISIX Gateway]
    CMS2[CMS Service]
    OPA2[OPA Service]
    RAG2[RAG Service]
    ETCD2[etcd]
    VDB2[Vector DB]
  end

    %% Managed/External
    subgraph MANAGED[External and Managed Services]
      ATLAS[MongoDB Atlas - Platform Data]
      COSMOS[Azure Cosmos DB - RAG App Data]
      VAULT[Managed Vault HCP]
      LLM[External LLMs]
    end

    %% Ingress
    PLATFORM_ADMIN --> LB
    PROJECT_USER --> LB
    LB --> APISIX1
    LB --> APISIX2

    %% Routing to services
    APISIX1 --> CMS1
    APISIX1 --> OPA1
    APISIX1 --> RAG1

    APISIX2 --> CMS2
    APISIX2 --> OPA2
    APISIX2 --> RAG2

    %% Services to self-hosted data
    CMS1 --> ETCD1
    CMS1 --> ETCD2
    CMS2 --> ETCD1
    CMS2 --> ETCD2

    OPA1 --> ETCD1
    OPA1 --> ETCD2
    OPA2 --> ETCD1
    OPA2 --> ETCD2

    RAG1 --> VDB1
    RAG1 --> VDB2
    RAG2 --> VDB1
    RAG2 --> VDB2

    %% Managed services connectivity
    CMS1 --> ATLAS
    CMS2 --> ATLAS
    RAG1 --> COSMOS
    RAG2 --> COSMOS
    APISIX1 --> VAULT
    APISIX2 --> VAULT

    %% Hairpin to LLM via APISIX
  RAG1 --> APISIX1
  RAG2 --> APISIX2
  APISIX1 --> LLM
  APISIX2 --> LLM

    %% Replication links
  ETCD1 --> ETCD2
  ETCD2 --> ETCD1
  VDB1 --> VDB2
  VDB2 --> VDB1

What this diagram shows

The diagram illustrates an active-active, dual-datacenter architecture for a configuration management system, incorporating OPA for policy enforcement and RAG services. It details user access via a Load Balancer to redundant APISIX gateways in two datacenters. Each DC hosts CMS, OPA, and RAG services, interacting with replicated etcd and Vector DBs. External managed services like MongoDB Atlas, Azure Cosmos DB, Managed Vault, and External LLMs are also integrated.

When to use it

This architecture is ideal for applications requiring high availability, disaster recovery, and low latency across geographical regions. It's suitable for critical services needing centralized configuration management, policy enforcement, and AI-driven capabilities (RAG) with robust data persistence and security.

How to adapt it for your project

This design can be adapted by integrating different API gateways, replacing etcd with other distributed key-value stores, or using alternative vector databases. Security can be enhanced by adding WAFs or more granular access controls. The RAG component can be extended with various LLM providers or fine-tuned models. Scaling can be achieved by adding more instances within each DC or additional datacenters.

Key concepts

• Active-Active Architecture
• Dual-Datacenter Deployment
• Distributed Key-Value Store (etcd)
• Policy Enforcement (OPA)
• API Gateway (APISIX)