Control Plane
The Riptides control plane is hosted and operated by Riptides. You do not need to deploy or manage it yourself. Your daemons connect to the hosted control plane, and you manage resources (WorkloadIdentities, Services, CredentialSources, etc.) through it.
On-premises control plane deployment is planned as a future option.
Accessing the Control Plane
Section titled “Accessing the Control Plane”Log in to the control plane web UI at your tenant URL using your GitHub credentials.
For programmatic access (e.g., kubectl apply for Riptides resources), use the kubeconfig provided after signup.
Architecture
Section titled “Architecture”The hosted control plane exposes the following endpoints to your daemons:
| Port | Protocol | Service | Description |
|---|---|---|---|
| 8443 | HTTPS | Front Proxy | Primary API endpoint for daemons and users |
| 8080 | HTTP | HTTP Proxy | Health checks, readiness probes |
| 8001 | TCP | Tunnel | Persistent daemon tunnel connections |
| 9443 | gRPC/TLS | gRPC Server | Daemon attestation, certificate signing |
Trust Domain
Section titled “Trust Domain”Your trust domain is assigned when you register at console.riptides.io. It must match across the control plane and all daemons. This is typically a domain you own (e.g., example.com).
Tunnel Server
Section titled “Tunnel Server”The tunnel server on port 8001 provides a persistent connection channel for daemons behind NAT or restrictive firewalls.
gRPC Server
Section titled “gRPC Server”The gRPC server on port 9443 handles daemon-to-control-plane RPCs including attestation and certificate signing.
Connecting Daemons
Section titled “Connecting Daemons”Daemons authenticate to the hosted control plane using one of the following methods:
- JoinToken: A pre-shared token created in the control plane. Suitable for initial setup and on-premises nodes.
- AWSIID: Automatic attestation using the EC2 instance identity document. No shared secrets needed.
- GCPIIT: Automatic attestation using GCP instance identity tokens.
See the Getting Started guide for a walkthrough of connecting your first daemon, or the daemon deployment guides for Kubernetes and bare metal / VM environments.