Architecture, Security & Networking

FluxEdge Architecture, Security & Networking

FluxEdge's technical architecture combines Kubernetes orchestration, Docker containerization, and the Flux decentralized infrastructure layer to deliver a secure, globally distributed GPU compute platform. This article covers the architecture, security model, networking, and storage systems in depth.

Architecture Overview

• •Kubernetes orchestration: All workloads run as Kubernetes pods. Providers join regional Kubernetes clusters via FluxCore's Service Module.
• •Docker containers: Any hardened Dockerized application can run. Standard OCI-compatible images from any registry.
• •Decentralized provider network: Thousands of providers globally contribute GPU hardware through FluxCore.
• •Premium partner network: Enterprise-grade GPUs from Hyperstack (NexGen Cloud / NVIDIA) complement the community network.
• •ArcaneOS layer: The secure operating system with cryptographic chain-of-trust handles container isolation on provider machines.
• •Flux Domain Manager (FDM): HAProxy-based service handling domains, SSL certificates, and load balancing for deployed applications.

Security Model

FluxEdge implements multiple security layers to protect both renters and providers:

1. 1

   Container Isolation

   All workloads run in isolated containers with strict access controls. Renters cannot access the host system or other tenants' workloads.

2. 2

   ArcaneOS Chain-of-Trust

   Every install step on provider machines is cryptographically secured. The System Attestation Service validates OS integrity with active state and memory protection.

3. 3

   Encrypted Disk Allocation

   Disk space allocated to renters is cryptographically separated, ensuring complete data isolation between users.

4. 4

   Provider Data Privacy

   Provider personal data and host-level configuration remain secure and inaccessible to renters at all times.

5. 5

   Permissioned Access Controls

   Compute containers are secured with fine-grained permission controls. Shell access is scoped to the pod level, not the host.

6. 6

   Data Encryption

   Both data-at-rest and data-in-transit encryption are enforced across the platform.

Account Security Features

Networking

• •Port mapping: Container ports are mapped to public ports with TCP or HTTP protocol selection. Multiple ports supported per deployment.
• •Custom domains: Attach your own domains to deployments or specific ports. Multiple domains can be comma-separated.
• •FDM load balancing: Applications are accessible at YOURAPPNAME.app.yourroot.domain. Multi-port apps use YOURAPPNAME_PORT.app.yourroot.domain.
• •Zero egress fees: All bandwidth is unlimited and included in pricing. No per-GB charges for data transfer.
• •Regional deployment: Filter machines by geographic region to optimize for latency or data sovereignty requirements.

Decentralized Resilience

Unlike centralized cloud providers where a single data center outage can take down services, FluxEdge's distributed architecture provides inherent redundancy. Providers are spread across thousands of locations worldwide. If one provider goes offline, users can migrate their workload to another available machine. The roadmap includes Automated Machine Failover to handle this migration automatically.