chore: rename cameleer3 to cameleer
Rename Java packages from net.siegeln.cameleer3 to net.siegeln.cameleer, update all references in workflows, Docker configs, docs, and bootstrap. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -10,12 +10,12 @@
|
||||
|
||||
## 1. Product Definition
|
||||
|
||||
**Cameleer SaaS** is a Camel application runtime platform with built-in observability. Customers deploy Apache Camel applications and get zero-configuration tracing, topology mapping, payload lineage, distributed correlation, live debugging, and exchange replay — powered by the cameleer3 agent (auto-injected) and cameleer3-server (managed per tenant).
|
||||
**Cameleer SaaS** is a Camel application runtime platform with built-in observability. Customers deploy Apache Camel applications and get zero-configuration tracing, topology mapping, payload lineage, distributed correlation, live debugging, and exchange replay — powered by the cameleer agent (auto-injected) and cameleer-server (managed per tenant).
|
||||
|
||||
### Three Pillars
|
||||
|
||||
1. **Runtime** — Deploy and run Camel applications with automatic agent injection
|
||||
2. **Observability** — Per-tenant cameleer3-server (traces, topology, lineage, correlation, debugger, replay)
|
||||
2. **Observability** — Per-tenant cameleer-server (traces, topology, lineage, correlation, debugger, replay)
|
||||
3. **Management** — Auth, billing, teams, provisioning, secrets, environments
|
||||
|
||||
### Two Deployment Modes
|
||||
@@ -27,8 +27,8 @@
|
||||
|
||||
| Component | Role | Changes Required |
|
||||
|-----------|------|------------------|
|
||||
| cameleer3 (agent) | Zero-code Camel instrumentation, auto-injected into customer JARs | MOAT features (lineage, correlation, debugger, replay) |
|
||||
| cameleer3-server | Per-tenant observability backend | Managed mode (trust SaaS JWT), license module, MOAT features |
|
||||
| cameleer (agent) | Zero-code Camel instrumentation, auto-injected into customer JARs | MOAT features (lineage, correlation, debugger, replay) |
|
||||
| cameleer-server | Per-tenant observability backend | Managed mode (trust SaaS JWT), license module, MOAT features |
|
||||
| cameleer-saas (this repo) | SaaS management platform — control plane | New: everything in this document |
|
||||
| design-system | Shared React component library | Used by both SaaS shell and server UI |
|
||||
|
||||
@@ -81,7 +81,7 @@ Single Spring Boot application with well-bounded internal modules. K8s ingress h
|
||||
```
|
||||
[Browser] → [Ingress (Traefik/Envoy)] → [SaaS Platform (modular Spring Boot)]
|
||||
↓ (tenant routes) ↓ (provisioning)
|
||||
[Tenant cameleer3-server] [Flux CD → K8s]
|
||||
[Tenant cameleer-server] [Flux CD → K8s]
|
||||
```
|
||||
|
||||
### Component Map
|
||||
@@ -114,7 +114,7 @@ Single Spring Boot application with well-bounded internal modules. K8s ingress h
|
||||
│ (PostgreSQL) │ │ API │ │ │
|
||||
│ - tenants │ └────────┘ │ ┌─────────────────────┐ │
|
||||
│ - users │ │ │ tenant-a namespace │ │
|
||||
│ - teams │ ┌─────┐ │ │ ├─ cameleer3-server │ │
|
||||
│ - teams │ ┌─────┐ │ │ ├─ cameleer-server │ │
|
||||
│ - audit log │ │Flux │ │ │ ├─ camel-app-1 │ │
|
||||
│ - licenses │ │ CD │ │ │ ├─ camel-app-2 │ │
|
||||
└──────────────┘ └──┬──┘ │ │ └─ NetworkPolicies │ │
|
||||
@@ -144,7 +144,7 @@ Same management platform routes to dedicated cluster(s) per customer. Dedicated
|
||||
| Management Platform backend | Spring Boot 3, Java 21 |
|
||||
| Management Platform frontend | React, @cameleer/design-system |
|
||||
| Platform database | PostgreSQL |
|
||||
| Tenant observability | cameleer3-server (Spring Boot), PostgreSQL, OpenSearch |
|
||||
| Tenant observability | cameleer-server (Spring Boot), PostgreSQL, OpenSearch |
|
||||
| GitOps | Flux CD |
|
||||
| K8s distribution | Talos (production), k3s (dev) |
|
||||
| Ingress | Traefik or Envoy |
|
||||
@@ -192,7 +192,7 @@ Stores all SaaS control plane data — completely separate from tenant observabi
|
||||
|
||||
### Tenant Data (Shared PostgreSQL)
|
||||
|
||||
Each tenant's cameleer3-server uses its own PostgreSQL schema on the shared instance (dedicated instance for high/business). This is the existing cameleer3-server data model — unchanged:
|
||||
Each tenant's cameleer-server uses its own PostgreSQL schema on the shared instance (dedicated instance for high/business). This is the existing cameleer-server data model — unchanged:
|
||||
|
||||
- Route executions, processor traces, metrics
|
||||
- Route graph topology
|
||||
@@ -215,12 +215,12 @@ Completely separate: Prometheus TSDB for metrics, Loki for logs.
|
||||
|
||||
### Architecture
|
||||
|
||||
The SaaS management platform is the single identity plane. It owns authentication and authorization. Per-tenant cameleer3-server instances trust SaaS-issued tokens.
|
||||
The SaaS management platform is the single identity plane. It owns authentication and authorization. Per-tenant cameleer-server instances trust SaaS-issued tokens.
|
||||
|
||||
- Spring Security OAuth2 for OIDC federation with customer IdPs
|
||||
- Ed25519 JWT signing (consistent with existing cameleer3-server pattern)
|
||||
- Ed25519 JWT signing (consistent with existing cameleer-server pattern)
|
||||
- Tokens carry: tenant ID, user ID, roles, feature entitlements
|
||||
- cameleer3-server validates SaaS-issued JWTs in managed mode
|
||||
- cameleer-server validates SaaS-issued JWTs in managed mode
|
||||
- Standalone mode retains its own auth for air-gapped deployments
|
||||
|
||||
### RBAC Model
|
||||
@@ -252,7 +252,7 @@ Customer signs up + payment
|
||||
→ Create tenant record + Stripe customer/subscription
|
||||
→ Generate signed license token (Ed25519)
|
||||
→ Create Flux HelmRelease CR
|
||||
→ Flux reconciles: namespace, ResourceQuota, NetworkPolicies, cameleer3-server
|
||||
→ Flux reconciles: namespace, ResourceQuota, NetworkPolicies, cameleer-server
|
||||
→ Provision PostgreSQL schema + per-tenant credentials
|
||||
→ Provision OpenSearch index template + per-tenant credentials
|
||||
→ Readiness check: server healthy, DB migrated, auth working
|
||||
@@ -297,7 +297,7 @@ Full Cluster API automation deferred to future release.
|
||||
### JAR Upload → Immutable Image
|
||||
|
||||
1. **Validation** — File type check, size limit per tier, SHA-256 checksum, Trivy security scan, secret detection (reject JARs with embedded credentials)
|
||||
2. **Image Build** — Templated Dockerfile: distroless JRE base + customer JAR + cameleer3-agent.jar + `-javaagent` flag + agent pre-configured for tenant server. Image tagged: `registry/{tenant}/{app}:v{N}-{sha256short}`. Signed with cosign. SBOM attached.
|
||||
2. **Image Build** — Templated Dockerfile: distroless JRE base + customer JAR + cameleer-agent.jar + `-javaagent` flag + agent pre-configured for tenant server. Image tagged: `registry/{tenant}/{app}:v{N}-{sha256short}`. Signed with cosign. SBOM attached.
|
||||
3. **Registry Push** — Per-tenant repository in platform container registry
|
||||
4. **Deploy** — K8s Deployment in tenant namespace with resource limits, secrets mounted, config injected, NetworkPolicy applied, liveness/readiness probes
|
||||
|
||||
@@ -350,7 +350,7 @@ Central UI for managing each deployed application:
|
||||
|
||||
### Architecture
|
||||
|
||||
Each tenant gets a dedicated cameleer3-server instance:
|
||||
Each tenant gets a dedicated cameleer-server instance:
|
||||
- Shared tiers: deployed in tenant's namespace
|
||||
- Dedicated tiers: deployed in tenant's cluster
|
||||
|
||||
@@ -359,7 +359,7 @@ The SaaS API gateway routes `/t/{tenant}/api/*` to the correct server instance.
|
||||
### Agent Connection
|
||||
|
||||
- Agent bootstrap tokens generated by the SaaS platform
|
||||
- Agents connect directly to their tenant's cameleer3-server instance
|
||||
- Agents connect directly to their tenant's cameleer-server instance
|
||||
- Agent auto-injected into customer Camel apps deployed on the platform
|
||||
- External agents (customer-hosted Camel apps) can also connect using bootstrap tokens
|
||||
|
||||
@@ -448,7 +448,7 @@ K8s NetworkPolicies per tenant namespace:
|
||||
- **Allow:** tenant namespace → shared PostgreSQL/OpenSearch (authenticated per-tenant credentials)
|
||||
- **Allow:** tenant namespace → public internet (Camel app external connectivity)
|
||||
- **Allow:** SaaS platform namespace → all tenant namespaces (management access)
|
||||
- **Allow:** tenant Camel apps → tenant cameleer3-server (intra-namespace)
|
||||
- **Allow:** tenant Camel apps → tenant cameleer-server (intra-namespace)
|
||||
|
||||
### Zero-Trust Tenant Boundary
|
||||
|
||||
@@ -546,7 +546,7 @@ Completely separate from tenant observability data.
|
||||
- TLS certificate expiry < 14 days
|
||||
- Metering pipeline stale > 1 hour
|
||||
- Disk usage > 80% on any PV
|
||||
- Tenant cameleer3-server unhealthy > 5 minutes
|
||||
- Tenant cameleer-server unhealthy > 5 minutes
|
||||
- OOMKill on any tenant workload
|
||||
|
||||
### Dashboards
|
||||
@@ -577,7 +577,7 @@ K8s Metrics → Metrics Collector → Usage Aggregator (hourly) → Stripe Usage
|
||||
|-----------|------|--------|
|
||||
| CPU | core·hours | K8s metrics (namespace aggregate) |
|
||||
| RAM | GB·hours | K8s metrics (namespace aggregate) |
|
||||
| Data volume | GB ingested | cameleer3-server reports |
|
||||
| Data volume | GB ingested | cameleer-server reports |
|
||||
|
||||
- Aggregated per tenant, per hour, stored in platform DB before Stripe submission
|
||||
- Idempotent aggregation (safe to re-run)
|
||||
@@ -613,7 +613,7 @@ K8s Metrics → Metrics Collector → Usage Aggregator (hourly) → Stripe Usage
|
||||
| **App → Status** | Pod health, resource usage, agent connection, events |
|
||||
| **App → Logs** | Live stdout/stderr stream |
|
||||
| **App → Versions** | Image history, promotion log, rollback |
|
||||
| **Observe** | Embedded cameleer3-server UI (topology, traces, lineage, correlation, debugger, replay) |
|
||||
| **Observe** | Embedded cameleer-server UI (topology, traces, lineage, correlation, debugger, replay) |
|
||||
| **Team** | Users, roles, invites |
|
||||
| **Settings** | Tenant config, SSO/OIDC, vault connections |
|
||||
| **Billing** | Usage, invoices, plan management |
|
||||
@@ -621,7 +621,7 @@ K8s Metrics → Metrics Collector → Usage Aggregator (hourly) → Stripe Usage
|
||||
### Design
|
||||
|
||||
- SaaS shell built with `@cameleer/design-system`
|
||||
- cameleer3-server React UI embedded (same design system, visual consistency)
|
||||
- cameleer-server React UI embedded (same design system, visual consistency)
|
||||
- Responsive but desktop-primary (observability tooling is a desktop workflow)
|
||||
|
||||
---
|
||||
@@ -681,4 +681,4 @@ K8s Metrics → Metrics Collector → Usage Aggregator (hourly) → Stripe Usage
|
||||
| 12 | Platform Operations & Self-Monitoring | epic, ops |
|
||||
| 13 | MOAT: Exchange Replay | epic, observability |
|
||||
|
||||
MOAT features (Debugger, Lineage, Correlation) tracked in cameleer/cameleer3 #57–#72.
|
||||
MOAT features (Debugger, Lineage, Correlation) tracked in cameleer/cameleer #57–#72.
|
||||
|
||||
Reference in New Issue
Block a user