Platform
Part of PLANA Pulse
The Platform is the infrastructure layer of PLANA Pulse — the foundation that runs Business Cloud and BOS for you. As a customer, you don't see the Platform directly — PLANA operates it. This section is public anyway so you can verify exactly what you're dealing with.
This section documents the infrastructure that runs every PLANA Pulse component — PLANA Business Cloud, BOS, the website, the integrations, and the internal tools.
Audience
PLANA staff and technical partners. Customers do not need to read this section to use PLANA Pulse — but it is open so anyone evaluating us, or integrating with our APIs, can see exactly what they are dealing with.
What the platform is
A single Kubernetes cluster running in Exoscale bg-sof-1 (Sofia, Bulgaria), fronted by a single ingress gateway, with one PostgreSQL server, one Redis server, and one NFS filestore shared across all tenants:
┌───────────────────────────────────────────┐
│ Internet (HTTPS / WebSocket) │
└─────────────────────┬─────────────────────┘
│
▼
┌───────────────────────────────────────────┐
│ Exoscale NLB 194.182.177.67 │
└─────────────────────┬─────────────────────┘
│
▼
┌───────────────────────────────────────────┐
│ Envoy Gateway eg-gateway │
│ (single ingress for everything) │
└──┬──────────┬──────────┬──────────┬───────┘
│ │ │ │
▼ ▼ ▼ ▼
plana- pulse- authentik bos-
odoo account portal
(+v18, (account (BOS UI)
+v19) portal)
│ │
├──────────┴──────────┐
▼ ▼
pg01 redis nfs Exoscale SOS (object storage)A single cluster, single ingress, dedicated namespace per product family — this is the simplest architecture that still gives us tenant isolation, clean upgrades, and a real disaster-recovery story.
Read this section in order
The left sidebar is grouped by concern:
| Group | What's covered |
|---|---|
| Architecture | The high-level picture — Kubernetes, Envoy Gateway, Crossplane, domains, data stores, tenant isolation, the multi-version Odoo strategy, our overall tech stack |
| Services | Per-page documentation for each pulse-* service and ai-agents |
| Identity and access | Authentik staff SSO, Google federation, tenant authentication, API keys, 2FA |
| Shared infrastructure | The tools we self-host — Forgejo, Matrix, Nextcloud, Penpot, Vaultwarden, Matomo, Grafana, Mailu, Exoscale |
| Operations | Runbooks for provisioning, upgrading, restoring, the annual Odoo port, alert response, incident retros, Flux GitOps, CI/CD |
| Security | Threat model, network policies, WAF + CrowdSec, audit logging, secrets management, runtime security, compliance |
| Policies | FOSS-first, data residency, change management, support tiers |
| Reference | Glossary, naming conventions, API index, repo map |
Conventions
| Topic | Choice |
|---|---|
| Cloud | Exoscale, zone bg-sof-1 (Sofia, Bulgaria) — no other cloud provider |
| Kubernetes | Exoscale SKS, currently v1.35.3, 3 nodes |
| Ingress | Envoy Gateway v1.7.1, Kubernetes Gateway API |
| TLS | cert-manager + Let's Encrypt; wildcard for *.planapulse.app |
| Provisioning | Crossplane composite resources (CRs) — no custom orchestrator |
| Storage | pg01 (PostgreSQL VM), Valkey (Redis), Exoscale SOS (S3-compatible), NFS for shared filestores |
| Source control | Self-hosted Forgejo at git.planapulse.com — not GitHub or GitLab |
| CI/CD | Forgejo Actions, shared workflows in ci-templates |
| Secrets | SOPS-encrypted YAML in infra/secrets/ + mirror in Vaultwarden |
| Observability | Prometheus, Grafana, Alertmanager, Loki, Blackbox Exporter |
| Alerting | Matrix only (no email pages) |
| Identity | Authentik Community Edition for staff SSO; PLANA-only client tokens for tenant users |
| Naming | Modules plana_*, repos pulse-*, env vars PLANA_* |
Where to read what
- New to the platform? Start with Architecture → High-level overview.
- Looking for a specific service? Open Services in the sidebar.
- Hit a problem in production? Operations has the runbooks.
- Building an integration? Reference → API index is the entry point.
What is not in this section
- End-user documentation for the ERP lives under PLANA Business Cloud.
- End-user documentation for the AI interface lives under BOS.
- Connector setup guides live under Integrations.