hacktricks/cloud-security/concourse/concourse-architecture.md
2022-04-11 16:40:11 +00:00

1.9 KiB

Concourse Architecture

Architecture

ATC: web UI & build scheduler

The ATC is the heart of Concourse. It runs the web UI and API and is responsible for all pipeline scheduling. It connects to PostgreSQL, which it uses to store pipeline data (including build logs).

The checker's responsibility is to continously checks for new versions of resources. The scheduler is responsible for scheduling builds for a job and the build tracker is responsible for running any scheduled builds. The garbage collector is the cleanup mechanism for removing any unused or outdated objects, such as containers and volumes.

TSA: worker registration & forwarding

The TSA is a custom-built SSH server that is used solely for securely registering workers with the ATC.

The TSA by default listens on port 2222, and is usually colocated with the ATC and sitting behind a load balancer.

The TSA implements CLI over the SSH connection, supporting these commands.

Workers

In order to execute tasks concourse must have some workers. These workers register themselves via the TSA and run the services Garden and Baggageclaim.

  • Garden: This is the Container Manage API, usually run in port 7777 via HTTP.
  • Baggageclaim: This is the Volume Management API, usually run in port 7788 via HTTP.