Skip to content
/ control Public

InferaDB control plane — multi-tenant orchestration with headless APIs, Kubernetes-native deployment, and WebAuthn authentication.

inferadb.com

License

View license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

inferadb/control

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

157 Commits
.config
.config
 
 
.github
.github
 
 
crates
crates
 
 
docker/fdb-integration-tests
docker/fdb-integration-tests
 
 
docs
docs
 
 
k8s
k8s
 
 
loadtests
loadtests
 
 
scripts
scripts
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.markdownlint-cli2.yaml
.markdownlint-cli2.yaml
 
 
.markdownlint.yaml
.markdownlint.yaml
 
 
.mise.toml
.mise.toml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.prettierignore
.prettierignore
 
 
.prettierrc.json
.prettierrc.json
 
 
.rustfmt.toml
.rustfmt.toml
 
 
.taplo.toml
.taplo.toml
 
 
.tarpaulin.toml
.tarpaulin.toml
 
 
AGENTS.md
AGENTS.md
 
 
CLAUDE.md
CLAUDE.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
Dockerfile.integration
Dockerfile.integration
 
 
LICENSE.md
LICENSE.md
 
 
Makefile
Makefile
 
 
NOTICE.md
NOTICE.md
 
 
README.md
README.md
 
 
config.integration.yaml
config.integration.yaml
 
 
config.production.yaml
config.production.yaml
 
 
config.yaml
config.yaml
 
 
cspell.json
cspell.json
 
 
deny.toml
deny.toml
 
 
docker-compose.yml
docker-compose.yml
 
 
openapi.yaml
openapi.yaml
 
 
prometheus.yml
prometheus.yml
 
 
rust-toolchain.toml
rust-toolchain.toml
 
 

Repository files navigation

InferaDB Control Plane

Multi-tenant administration headless APIs, Kubernetes-native deployment, and WebAuthn authentication.

Important

Under active development. Not production-ready.

Quick Start

git clone https://github.com/inferadb/control && cd control
docker-compose up -d
export INFERADB_CTRL__AUTH__KEY_ENCRYPTION_SECRET=$(openssl rand -base64 32)
make setup && make dev

Register and login:

# Register
curl -X POST http://localhost:9090/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email": "alice@example.com", "password": "securepass123", "name": "Alice"}'

# Login
curl -X POST http://localhost:9090/v1/auth/login/password \
  -H "Content-Type: application/json" \
  -d '{"email": "alice@example.com", "password": "securepass123"}'
Endpoint URL
REST API http://localhost:9090
gRPC API http://localhost:9091
Mesh API http://localhost:9092
Health http://localhost:9090/healthz
Metrics http://localhost:9090/metrics

Features

Feature Description
Authentication Password, passkey, OAuth, email verification
Multi-Tenancy Organization-based isolation with RBAC
Vault Management Policy containers with access grants
Client Auth Ed25519 certificates, JWT assertions
Token Issuance Vault-scoped JWTs for Engine API

Key Concepts

Entity Description
User Account with auth methods (password, passkey)
Organization Workspace with members and roles
Vault Authorization policy container
Client Service identity with Ed25519 certs
Team Group-based vault access

Auth Flow: User → Session → Vault access → JWT → Engine API

Architecture

graph TD
    Bin[inferadb-control] --> API[inferadb-control-api]
    Bin --> Config[inferadb-control-config]
    API --> Core[inferadb-control-core]
    Core --> Config
    Core --> Storage[inferadb-control-storage]
    Storage --> FDB[(FoundationDB)]
    Core --> Engine[inferadb-control-engine-client]
Loading
Crate Purpose
inferadb-control Binary entrypoint
inferadb-control-api REST/gRPC handlers
inferadb-control-config Configuration loading
inferadb-control-const Shared constants
inferadb-control-core Business logic, entities
inferadb-control-storage Memory or FoundationDB
inferadb-control-types Shared type definitions
inferadb-control-engine-client Engine API client

Configuration

control:
  listen:
    http: "0.0.0.0:9090"
    grpc: "0.0.0.0:9091"
    mesh: "0.0.0.0:9092"

  webauthn:
    party: "localhost"
    origin: "http://localhost:9090"

Environment variables use INFERADB_CTRL__ prefix (e.g., INFERADB_CTRL__LISTEN__HTTP).

See config.yaml for all options.

Development

make setup                    # One-time setup
make dev                      # Dev server with auto-reload
make test                     # Run tests
make check                    # Format, lint, audit
cargo build --release         # Release build

Deployment

docker run -p 9090:9090 inferadb/control:latest
kubectl apply -k k8s/

See docs/deployment.md for Kubernetes.

Documentation

Topic Link
Getting Started docs/getting-started.md
Authentication docs/authentication.md
Architecture docs/architecture.md
API Reference openapi.yaml

License

InferaDB Non‑Commercial Source License

About

InferaDB control plane — multi-tenant orchestration with headless APIs, Kubernetes-native deployment, and WebAuthn authentication.

inferadb.com

Topics

rust jwt multi-tenant rest-api permissions grpc authorization rbac access-control webauthn audit-logging fine-grained-access-control zanzibar passkeys rebac inferadb

Resources

Readme

License

View license

Contributing

Contributing
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Contributors 4

  •  
  •  
  •  
  •  

Languages