Architecture
A governance-first architecture that decouples policy enforcement from workflow execution. Control plane manages rules. Data plane runs workloads. Each tenant stays fully isolated.
Governance is decoupled from execution. The control plane manages policies, costs, licensing, and compliance centrally. Each tenant receives an isolated data plane on Kubernetes with its own namespace, network policies, and autoscaling worker pods.
Centralized governance layer. Evaluates policies, tracks costs, manages tenants, and enforces licensing — all before a single workflow pod is scheduled.
Isolated Kubernetes namespace per tenant with dedicated resources, network boundaries, and auto-scaling worker pods.
Each service owns a single domain, scales independently, and communicates via gRPC and async events. No monolith. No bottlenecks.
Unified entry point for all API traffic. Handles rate limiting, request routing, TLS termination, and per-tenant request isolation.
OPA-powered authorization engine. Evaluates Rego policies in real time for every API call, supporting RBAC, ABAC, and custom policy models.
Manages tenant lifecycle — provisioning, namespace creation, resource quota assignment, and tenant-level configuration management.
Handles workflow CRUD, version control with checksum validation, approval workflows, and license enforcement per node type.
Enforces license tiers, tracks node-type entitlements, validates usage against purchased quotas, and manages trial/upgrade flows.
Per-tenant, per-execution cost tracking with budget alerts, FinOps dashboards, quota enforcement, and chargeback report generation.
Schedules and dispatches workflow executions across tenant data planes. Manages execution queues, retries, and priority scheduling.
Per-tenant worker pods that execute workflows in isolated namespaces. Auto-scales via HPA from 1 to 50 pods based on queue depth.
Deployment
From fully managed SaaS to air-gapped on-premise — Vharta adapts to your infrastructure requirements and compliance posture.
Zero-ops deployment. We manage the control plane and data plane infrastructure. You focus on building workflows.
Control plane in our cloud, data plane in yours. Keep sensitive data within your network while we handle governance.
Full deployment within your infrastructure. Complete control over every component with our support and tooling.
Distribute workloads across multiple Kubernetes clusters in different regions for high availability and data sovereignty.
Walk through the architecture with our team. We will show you how control plane governance and data plane isolation work together.