Architect / Evaluator Learning Path
Purpose: For architects and evaluators, provides a guided reading order focused on architecture decisions, trade-offs, and deployment models.
Reading Order
| # | Phase | Topic | Link | Time |
|---|---|---|---|---|
| 1 | Overview | What is openCenter | Overview | 5 min |
| 2 | Overview | Platform architecture | Architecture | 10 min |
| 3 | Overview | Ecosystem (5 repos, how they connect) | Ecosystem | 10 min |
| 4 | Overview | Editions & pricing | Editions | 10 min |
| 5 | Design | Deployment models (connected vs air-gapped) | Models | 10 min |
| 6 | Design | Reference topologies | Topologies | 10 min |
| 7 | Design | Capacity sizing | Sizing | 10 min |
| 8 | Security | Defense in depth (5 layers) | Defense | 15 min |
| 9 | Security | Kyverno policies (17 ClusterPolicies) | Kyverno | 10 min |
| 10 | Security | SOPS secrets lifecycle (90-day Age, 180-day SSH) | Secrets | 10 min |
| 11 | GitOps | Three-repo layering (base → enterprise → cluster) | GitOps | 10 min |
| 12 | GitOps | Service delivery model (Kustomize overlays) | Delivery | 10 min |
| 13 | Services | Platform service catalog (20+ services, versions) | Catalog | 10 min |
| 14 | Operations | Lifecycle model (init → validate → generate → deploy) | Lifecycle | 5 min |
| 15 | Operations | Drift detection & reconciliation | Drift | 10 min |
| 16 | Air-gap | Three-zone architecture (Factory → Airlock → Field) | Air-gap | 10 min |
| 17 | Scale | Multi-cluster fleet management | Fleet | 10 min |
Architecture at a Glance
openCenter-cli (configuration + generation)
↓ generates
Customer GitOps Repository (infrastructure + applications)
↓ references
openCenter-gitops-base (20+ platform services, Kyverno policies)
↑ imported by (Enterprise/Regulated editions)
openCenter-gitops-enterprise (private sources, hardened values, managed services)
↓ deployed by
FluxCD → Production Kubernetes Cluster
Evaluation Checklist
After completing this path, you should be able to answer:
- Does openCenter's provider model fit our infrastructure (OpenStack, VMware, Bare Metal)?
- Does the GitOps workflow align with our change management process?
- Are the security controls sufficient (Kyverno policies, PSA, SOPS, Keycloak RBAC)?
- Can the platform scale to our projected cluster count and node density?
- Do we need Enterprise edition (private chart sources, 24×7 support) or Regulated (FIPS, air-gap, evidence automation)?
- What is the operational burden compared to our current tooling?
Key Differentiators
- 100% open-source core — no proprietary APIs, no vendor lock-in
- Configuration-first: single YAML file → complete cluster with GitOps
- Three-repo layering: base (community), enterprise (private hardened), cluster (local overrides)
- Defense-in-depth security: PSA + Kyverno + SOPS + Keycloak RBAC + NetworkPolicies
- Air-gap capable: Zarf-based packaging with SBOM and cryptographic signatures