Skip to content

System Architecture

The System Architecture of our end-to-end test incorporates an internal and an external cluster.


External Cluster

The external cluster represents the EuroDaT Client.

The client-controller serves as an interface allowing external applications operated by EuroDaT participants to interact with the EuroDaT platform: It manages the communication between these external applications and EuroDaT's controller.

In our test setup, we deploy the provider client and the consumer client in a separate external cluster that serves as our test environment. It is important to note that these designations represent a single entity - the EuroDaT-Client.

Internal Cluster

The internal cluster consists of five Namespaces:

  • control-plane: constitutes the core of the platform. Its purpose is to build the connection to the external applications, to provide API endpoints, and to ensure that data transactions are properly initiated and managed through restricted workflow-templates. It acts as a central point of control for managing data access and usage and consists of multiple microservices which are described below.
  • transaction-plane: initiates the transaction-workflow using the provided workflow-templates via Argo Workflows, an open-source container-native workflow engine for orchestrating parallel jobs on Kubernetes.
  • data-plane: hosts the temporary databases for each transaction, as well as the associated workflow and the workflow-template which will be provided by the external user. The registration process of these workflow-templates is managed by the controller.
  • base: Keycloak provides the IAM and monitoring functionalities.
  • prometheus: Prometheus is an open source metrics monitoring tool.



The controller offers the possibility to start and end the transaction and to start the app workflow.

Backmessaging service

This service is responsible for communication with RabbitMQ and includes functions for declaring and deleting exchanges and queues, as well as publishing messages.

Credential service

This service is responsible for the creation and management of the database credentials.

Transaction service

This service offers the possibility to start, find or end a transaction.

Database service

This service creates and deletes the transaction and safe deposit databases.