Files
Beyhan Oğur 880f412e2c first commit
2026-04-26 21:52:23 +03:00

142 lines
4.8 KiB
Plaintext

---
title: "Overview"
description: "Deploy Bifrost Enterprise in your cloud environment with secure, private container image distribution"
icon: "info-circle"
---
Bifrost Enterprise provides private container image distribution through dedicated registries, enabling secure deployments in AWS, GCP, Azure, and on-premise environments.
## Architecture
Bifrost uses a hub-and-spoke model with two container registries optimized for each cloud platform:
```mermaid
flowchart TB
subgraph BifrostInfra[Bifrost Infrastructure]
CICD[CI/CD Pipeline]
GCR[GCP Artifact Registry]
ECR[AWS ECR]
end
subgraph Customers[Customer Environments]
subgraph AWSCustomer[AWS Customers]
EKS[EKS Cluster]
ECS[ECS Service]
end
subgraph GCPCustomer[GCP Customers]
GKE[GKE Cluster]
end
subgraph AzureCustomer[Azure Customers]
AKS[AKS Cluster]
end
subgraph OnPrem[On-Premise]
K8S[Kubernetes]
Docker[Docker]
end
end
CICD -->|Push| GCR
CICD -->|Push| ECR
ECR -->|IRSA| EKS
ECR -->|Task Role| ECS
GCR -->|Workload Identity| GKE
GCR -->|Azure WIF| AKS
GCR -->|Basic Auth| OnPrem
```
### Registry Distribution
| Customer Cloud | Registry Source | Why |
|----------------|-----------------|-----|
| AWS | AWS ECR | Native IAM integration, lowest latency within AWS |
| GCP | GCP Artifact Registry | Native Workload Identity, lowest latency within GCP |
| Azure | GCP Artifact Registry | Workload Identity Federation from Azure to GCP |
| On-Premise | GCP Artifact Registry | Basic auth with username/password credentials |
## Authentication Methods
Choose the authentication method based on your deployment environment:
| Environment | Method | Security Level | Setup Complexity |
|-------------|--------|----------------|------------------|
| AWS EKS | [IRSA](/deployment-guides/enterprise/aws#irsa-recommended) | High | Medium |
| AWS ECS | [IAM Task Roles](/deployment-guides/enterprise/aws#ecs-task-roles) | High | Low |
| GCP GKE | [Workload Identity](/deployment-guides/enterprise/gcp#workload-identity-recommended) | High | Low |
| Azure AKS | [Azure WIF](/deployment-guides/enterprise/azure) | High | Medium |
| On-Premise | [Basic Auth](/deployment-guides/enterprise/on-premise) | Medium | Low |
<Note>
Cloud-native identity federation (IRSA, Workload Identity, Azure WIF) is recommended over static credentials for production deployments.
</Note>
## Security Features
### Encryption
- **In-Transit**: All registry communication uses TLS 1.3
- **At-Rest**: Images encrypted using cloud-native encryption (AWS KMS, GCP CMEK)
### Access Control
- **IAM-based**: Fine-grained permissions using cloud IAM policies
- **Audit Logging**: All image pull operations are logged for compliance
- **IP Restrictions**: Optional VPC Service Controls (GCP) or VPC endpoints (AWS)
### Image Security
- **Vulnerability Scanning**: Automatic scanning on push
- **Immutable Tags**: Optional tag immutability to prevent overwrites
- **Signed Images**: Container image signatures for verification
## Prerequisites
Before deploying Bifrost Enterprise, ensure you have:
<Tabs>
<Tab title="AWS">
- AWS account with ECR access
- EKS cluster (v1.23+) or ECS cluster
- IAM permissions to create roles and policies
- `kubectl` and `aws` CLI configured
</Tab>
<Tab title="GCP">
- GCP project with Artifact Registry API enabled
- GKE cluster (v1.24+) with Workload Identity enabled
- IAM permissions for service account management
- `kubectl` and `gcloud` CLI configured
</Tab>
<Tab title="Azure">
- Azure subscription with AKS
- AKS cluster (v1.24+) with Workload Identity enabled
- Permissions to create Managed Identities
- `kubectl` and `az` CLI configured
</Tab>
<Tab title="On-Premise">
- Kubernetes cluster (v1.23+) or Docker runtime
- Network access to `us-central1-docker.pkg.dev`
- Docker credentials provided by Bifrost team
</Tab>
</Tabs>
## Getting Started
<CardGroup cols={2}>
<Card title="AWS Deployment" icon="aws" href="/deployment-guides/enterprise/aws">
Deploy on EKS or ECS with IRSA authentication
</Card>
<Card title="GCP Deployment" icon="google" href="/deployment-guides/enterprise/gcp">
Deploy on GKE with Workload Identity
</Card>
<Card title="Azure Deployment" icon="microsoft" href="/deployment-guides/enterprise/azure">
Deploy on AKS with Azure Workload Identity Federation
</Card>
<Card title="On-Premise" icon="server" href="/deployment-guides/enterprise/on-premise">
Deploy anywhere with Docker credentials
</Card>
</CardGroup>
## Support
For enterprise deployment assistance:
- **Email**: [contact@getmaxim.ai](mailto:contact@getmaxim.ai)
- **Slack**: Connect via Slack Connect for real-time support
- **Documentation**: Platform-specific guides linked above