Introduction
NodeHatch is designed based on Incus Service, leveraging Incus's standard API and extending it to enhance features such as delegated control, quotas, and control interfaces. With a completely unified account system, it facilitates the distribution and sharing of instances, as well as data migration between multiple servers, bringing great convenience to development and operations.
The entire NodeHatch system consists of three parts: the browser frontend, the control center, and the Incus server backend. The core information of instances and host machines is stored in the control center, while runtime data such as usage or traffic is dynamically fetched through APIs exposed by the Incus servers. Multiple LXC/KVM instances can be established on each Incus server.
The permission scope of Incus is well-designed, allowing operations within a specified range through APIs, such as instance lifecycle management, firewall adjustments, and image management. Incus's permissions are very restrained, making it impossible to execute any commands on the host machine, ensuring secure integration with the NodeHatch control center.