# Netdata Cloud On-Prem
Netdata Cloud is built as microservices and is orchestrated by a Kubernetes cluster, providing a highly available and auto-scaled observability platform.
The overall architecture looks like this:
```mermaid
flowchart TD
agents("🌍 Netdata Agents
Users' infrastructure
Netdata Children & Parents")
users[["🔥 Unified Dashboards
Integrated Infrastructure
Dashboards"]]
ingress("🛡️ Ingress Gateway
TLS termination")
traefik((("🔒 Traefik
Authentication &
Authorization")))
emqx(("📤 EMQX
Agents Communication
Message Bus
MQTT"))
pulsar(("⚡ Pulsar
Internal Microservices
Message Bus"))
frontend("🌐 Front-End
Static Web Files")
auth("👨💼 Users & Agents
Authorization
Microservices")
spaceroom("🏡 Spaces, Rooms,
Nodes, Settings
Microservices for
managing Spaces,
Rooms, Nodes and
related settings")
charts("📈 Metrics & Queries
Microservices for
dispatching queries
to Netdata agents")
alerts("🔔 Alerts & Notifications
Microservices for
tracking alert
transitions and
deduplicating alerts")
sql[("✨ PostgreSQL
Users, Spaces, Rooms,
Agents, Nodes, Metric
Names, Metrics Retention,
Custom Dashboards,
Settings")]
redis[("🗒️ Redis
Caches needed
by Microservices")]
elk[("🗞️ Elasticsearch
Feed Events Database")]
bridges("🤝 Input & Output
Microservices bridging
agents to internal
components")
notifications("📢 Notifications Integrations
Dispatch alert
notifications to
3rd party services")
feed("📝 Feed & Events
Microservices for
managing the events feed")
users --> ingress
agents --> ingress
ingress --> traefik
ingress ==>|agents
websockets| emqx
traefik -.- auth
traefik ==>|http| spaceroom
traefik ==>|http| frontend
traefik ==>|http| charts
traefik ==>|http| alerts
spaceroom o-...-o pulsar
spaceroom -.- redis
spaceroom x-..-x sql
spaceroom -.-> feed
charts o-.-o pulsar
charts -.- redis
charts x-.-x sql
charts -..-> feed
alerts o-.-o pulsar
alerts -.- redis
alerts x-.-x sql
alerts -..-> feed
auth o-.-o pulsar
auth -.- redis
auth x-.-x sql
auth -.-> feed
feed <--> elk
alerts ----> notifications
%% auth ~~~ spaceroom
emqx <.-> bridges o-..-o pulsar
```
## Requirements
The following components are required to run Netdata Cloud On-Prem:
- **Kubernetes cluster** version 1.23+
- **Kubernetes metrics server** (for autoscaling)
- **TLS certificate** for secure connections. A single endpoint is required but there is an option to split the frontend, api, and MQTT endpoints. The certificate must be trusted by all entities connecting to it.
- Default **storage class configured and working** (persistent volumes based on SSDs are preferred)
The following 3rd party components are used, which can be pulled with the `netdata-cloud-dependency` package we provide:
- **Ingress controller** supporting HTTPS
- **PostgreSQL** version 13.7 (main database for all metadata Netdata Cloud maintains)
- **EMQX** version 5.11 (MQTT Broker that allows Agents to send messages to the On-Prem Cloud)
- **Apache Pulsar** version 2.10+ (message broken for inter-container communication)
- **Traefik** version 2.7.x (internal API Gateway)
- **Elasticsearch** version 8.8.x (stores the feed of events)
- **Redis** version 6.2 (caching)
- imagePullSecret (our ECR repos are secured)
Keep in mind though that the pulled versions are not configured properly for production use. Customers of Netdata Cloud On-Prem are expected to configure these applications according to their needs and policies for production use. Netdata Cloud On-Prem can be configured to use all these applications as a shared resource from other existing production installations.