Management Platform
The Management Platform is where you define, configure, and deploy ContentGrid applications. It runs as a SaaS service—you don’t need to host or manage it yourself. This page explains its internal architecture and how it transforms application models into deployable artifacts.
Platform Overview
The Management Platform consists of three primary components that work together to enable the full application lifecycle: from model definition through artifact generation to deployment orchestration.
graph TB
subgraph "Management Platform"
Architect[Architect<br/>Model Definition]
Scribe[Scribe<br/>Artifact Generation]
Captain[Captain<br/>Deployment Orchestration]
end
subgraph "Runtime Platform"
K8sResources[Resources<br/>ConfigMaps, Secrets, Deployments]
end
subgraph "Persistent Storage"
DB[(PostgreSQL<br/>Metadata & Structure)]
S3[(S3-Compatible<br/>Content Storage)]
end
ArtifactStorage[(S3 Artifact Storage)]
Architect --> Scribe
Scribe --> Captain
Captain -->|Upload Artifact| ArtifactStorage
Captain -->|Deploy| K8sResources
Captain -->|Provision database| DB
Captain -->|Provision bucket| S3
Captain -->|Provision realm| Keycloak[Keycloak<br/>Authentication]
Core Components
Architect
Architect serves as the source of truth for application models. It stores and manages all configuration that defines how your ContentGrid application behaves. The concepts Architect manages are described in the concepts section.
What Architect Stores:
- Domain Model: Entity definitions with attributes and relations
- Permission Model: Access control policies and rules
- Automation Configurations: Settings for external automation integrations
Versioning and History: Architect maintains a complete history of model changes, enabling audit trails and the ability to understand how the application evolved over time.
API Access: Architect provides an API for retrieving application models. When you make changes through the management interface, Architect persists them and makes them available to other components.
Scribe
Scribe transforms application models from Architect into deployable artifacts. It’s the compilation step that bridges the gap between high-level model definitions and concrete implementation artifacts.
Artifact Generation Process:
- Fetch Model: Scribe retrieves the complete application model from Architect
- Generate Migrations: Analyzes model changes and generates SQL migration scripts (Flyway format)
- For new applications, generates CREATE TABLE statements
- For updates, compares current model to previous version and generates ALTER TABLE statements
- Ensures database schema stays synchronized with the model
- Compile Policies: Converts permission definitions into Rego policies for OPA
- Translates user-friendly permission rules into efficient policy evaluation code
- Generates policy packages with proper namespacing per application
- Generate OpenAPI Specification: Creates OpenAPI documentation for the REST API based on the model
- Package Artifact: Creates a ZIP file containing:
application-model.json: Complete model definitionmigrations/: SQL scripts for database schema changespolicies.rego: Access control policiesopenapi.yaml: API specificationmanifest.json: Metadata (organization, project, version, changeset, timestamps)
Artifact Metadata: The manifest includes traceability information—which changeset triggered the build, what version of Scribe generated it, and when. This enables audit trails and troubleshooting.
Reproducibility: Given the same input model and version of Scribe, the output artifact is deterministic. This ensures consistent behavior across environments and deployments.
Captain
Captain orchestrates the entire deployment process. It coordinates between Scribe, infrastructure provisioning, and Kubernetes deployment, handling all the complexity of getting an application from model to running service.
Responsibilities:
- Application Configuration: Storing application settings
- IAM: Creating Realms, managing users, groups and attributes
- Artifact Management: Request artifact generation from Scribe and upload to shared artifact storage
- Infrastructure Provisioning: Provision databases, S3 buckets, and Keycloak realms for new applications
- Kubernetes Orchestration: Create and update Kubernetes resources (Deployments, Services, ConfigMaps, Secrets)
- Lifecycle Management: Handle application creation, updates, deletion
- Credential Management: Generate and distribute database credentials, S3 access keys, and authentication secrets
- Environment Configuration: Inject environment-specific configuration (database URLs, domain names, etc.)
Zero-Configuration Deployment: Captain abstracts away the complexity of Kubernetes and cloud infrastructure, providing a simple “deploy this application” interface to the management platform. When you deploy an application, Captain handles all the details automatically.
Deployment Flow
When you deploy an application, the Management Platform components work together to transform application models into running services. The high-level flow involves:
- Deploy Request: User initiates deployment through the management interface
- Artifact Generation: Captain requests Scribe to generate an artifact from Architect’s model
- Infrastructure Deployment: Captain stores artifact, provisions infrastructure and coordinates Kubernetes deployment
- Application Startup: Application Server fetches artifacts and begins serving
For detailed information about the deployment pipeline and lifecycle, see Deployment Pipeline.
Summary
The Management Platform provides a complete application lifecycle management system:
- Architect: Source of truth for application models
- Scribe: Transforms models into deployable artifacts with migrations and policies
- Captain: Orchestrates infrastructure provisioning and Kubernetes deployment
The platform abstracts away the complexity of cloud infrastructure and deployment orchestration, providing a simple interface for defining and deploying applications. Its artifact-based approach ensures reproducible, auditable deployments with full version history.
For details on how applications run after deployment, see Runtime Platform.