Enterprise-Grade Multi-Tenant Research Computing Platform
CMBCluster is a scalable, secure multi-tenant platform that provides isolated research environments for teams. Built with modern cloud-native technologies (Kubernetes, FastAPI, Next.js), it delivers professional-grade infrastructure for collaborative scientific computing.
graph TB
Users[π₯ Users] --> Ingress[π NGINX Ingress<br/>Load Balancer & TLS]
Ingress --> Frontend[π Next.js Frontend<br/>React-based Dashboard]
Ingress --> API[βοΈ FastAPI Backend<br/>REST API Server]
API --> Auth[π OAuth 2.0<br/>Google Authentication]
API --> DB[(π¦ Database<br/>SQLite/PostgreSQL)]
API --> K8s[βΈοΈ Kubernetes API<br/>Pod Management]
K8s --> ImageRegistry["π³ Docker Images<br/>β’ Docker Hub<br/>β’ Private Registries<br/>β’ Local Images"]
ImageRegistry --> AppPods["π Multi-Agent Research<br/>Environments<br/>β’ CMBAgent (Agentic)<br/>β’ Denario (ML)<br/>β’ Custom Research Apps"]
K8s --> Storage[πΎ Persistent Volumes<br/>User Workspaces]
CloudVolumes[βοΈ GCP Cloud Storage<br/>Object Storage] --> AppPods
subgraph "Kubernetes Cluster"
Ingress
Frontend
API
Auth
DB
K8s
ImageRegistry
AppPods
Storage
end
style Users fill:#f9f,stroke:#333,stroke-width:2px,color:#000
style Ingress fill:#52c41a,stroke:#333,stroke-width:2px,color:#fff
style Frontend fill:#1890ff,stroke:#333,stroke-width:2px,color:#fff
style API fill:#1890ff,stroke:#333,stroke-width:2px,color:#fff
style Auth fill:#ff7a45,stroke:#333,stroke-width:2px,color:#fff
style DB fill:#ff7a45,stroke:#333,stroke-width:2px,color:#fff
style K8s fill:#52c41a,stroke:#333,stroke-width:2px,color:#fff
style ImageRegistry fill:#ff6b6b,stroke:#333,stroke-width:2px,color:#fff
style AppPods fill:#faad14,stroke:#333,stroke-width:2px,color:#000
style Storage fill:#13c2c2,stroke:#333,stroke-width:2px,color:#fff
- π Enterprise Security - Google OAuth 2.0, RBAC, TLS 1.3, Network Policies
- π Scalable Infrastructure - Auto-scaling, load balancing, multi-cloud ready
- π¬ Research-Focused - Pre-installed scientific libraries, persistent workspaces
- π Modern Dashboard - Next.js-based UI with real-time monitoring
- βοΈ Cloud-Native - Kubernetes-native, Helm charts, CI/CD ready
| Component | Technology | Purpose |
|---|---|---|
| Frontend | Next.js (React) | Professional dashboard and management UI |
| Backend | FastAPI (Python) | REST API server with async support |
| Authentication | Google OAuth 2.0 | Enterprise single sign-on |
| Orchestration | Kubernetes | Container orchestration and pod management |
| User Environment | Multi-Agent Research | Isolated multi-agent research environments |
| Ingress | NGINX | Load balancing and TLS termination |
| Certificates | cert-manager + Let's Encrypt | Automated SSL/TLS management |
# 1. Clone and setup
git clone https://github.com/archetana/cmbcluster.git
cd cmbcluster
cp compose.env.example .env
# 2. Start services
docker-compose up --build
# 3. Access
# Dashboard: http://localhost:3000
# Backend API: http://localhost:8000
# API Docs: http://localhost:8000/docs# Prerequisites: GCP account, kubectl, helm
# 1. Setup infrastructure
./scripts/setup-cluster.sh YOUR_PROJECT_ID us-central1
# 2. Configure OAuth in Google Cloud Console
# Add redirect URI: https://your-domain.com/auth/callback
# 3. Build and deploy
./scripts/build-images.sh YOUR_PROJECT_ID
./scripts/deploy.sh YOUR_PROJECT_ID your-domain.comSee DEPLOYMENT.md for detailed production setup instructions.
cmbcluster/
βββ backend/ # FastAPI REST API server
βββ nextjs-frontend/ # Next.js React dashboard
βββ k8s/ # Kubernetes manifests (dev)
βββ helm/ # Helm charts (production)
βββ scripts/ # Deployment automation scripts
βββ compose.yml # Local development with Docker Compose
βββ README.md # This file
βββ docs/ # Detailed documentation
β βββ ARCHITECTURE.md # Component architecture
β βββ API.md # API reference
β βββ DEPLOYMENT.md # Production deployment
β βββ SECURITY.md # Security & authentication
β βββ TROUBLESHOOTING.md # Common issues & debugging
βββ planning/ # Architecture & implementation plans
- ARCHITECTURE.md - Detailed component design and data flow
- API.md - Complete REST API reference with examples
- DEPLOYMENT.md - Production deployment on GCP (AWS coming soon)
- SECURITY.md - Authentication, encryption, and security practices
- TROUBLESHOOTING.md - Common issues and debugging guides
- TESTING_README.md - Test suite and coverage information
PROJECT_ID=your-gcp-project-id
BASE_DOMAIN=your-domain.com
GOOGLE_CLIENT_ID=your-oauth-client-id
GOOGLE_CLIENT_SECRET=your-oauth-client-secret
SECRET_KEY=your-secure-random-key-min-32-charsDEV_MODE=false # Enable development features
DEBUG=false # Enable debug logging
TOKEN_EXPIRE_HOURS=8 # JWT token expiration
MAX_USER_PODS=1 # Pods per user
FREE_TIER_MAX_UPTIME_MINUTES=60 # Free tier uptime limitSee Configuration for all available options.
- Navigate to your domain and login with Google
- Click "Launch Environment" to start a multi-agent research environment
- Access your isolated research workspace with pre-installed scientific libraries and agent frameworks
- Manage files and environment variables from the dashboard
See [SECURITY.md](docs/SECURITY.md) for admin procedures and [TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) for common tasks.
## ποΈ Architecture
CMBCluster consists of:
- **NGINX Ingress**: Load balancing and TLS termination
- **Next.js Frontend**: React-based management dashboard
- **FastAPI Backend**: REST API with Kubernetes integration
- **User Pods**: Isolated multi-agent research environments
- **Persistent Volumes**: Per-user workspace storage
For detailed architecture diagrams and component responsibilities, see [ARCHITECTURE.md](docs/ARCHITECTURE.md).
## π Security
- Google OAuth 2.0 authentication
- Role-based access control (RBAC)
- TLS 1.3 encryption in transit
- Network policies for pod isolation
- Content Security Policy headers
- Encrypted file storage
- Regular security audits
See [SECURITY.md](docs/SECURITY.md) for comprehensive security documentation.
## π§ͺ Testing
```bash
# Backend tests
cd backend && python -m pytest tests/ -v
# Frontend tests
cd nextjs-frontend && npm test
# Local integration test
docker-compose up -d && sleep 30 && \
curl http://localhost:8000/health && \
curl http://localhost:3000/api/health
See TESTING_README.md for test coverage details.
Common issues and solutions are documented in TROUBLESHOOTING.md:
- Pods won't start
- Authentication errors
- DNS/ingress issues
- Storage problems
- Performance tuning
- Core platform infrastructure β
- Google OAuth integration β
- Kubernetes pod orchestration β
- Dashboard and API β
- Enhanced monitoring (in progress)
- Backup system (planned)
- AWS EKS integration (in development)
- Custom container images
- Enterprise SSO (SAML/LDAP)
See full roadmap in DEPLOYMENT.md.
We welcome contributions! Please see our CONTRIBUTING.md for:
- Development setup
- Code standards
- Pull request process
- Testing requirements
- π Documentation: See
docs/directory - π Bug Reports: GitHub Issues
- π¬ Discussions: GitHub Discussions
MIT License - see LICENSE file for details.
Built with: Kubernetes β’ FastAPI β’ Next.js β’ Docker β’ Helm
Status: β
Production Ready β’ Version: 1.0.0