# High-Level Architecture Diagram: Company Inc.

## Cloud Infrastructure (GCP + GKE)

```mermaid
flowchart TB
    subgraph Internet
        Users((Users))
    end

    subgraph GCP["Google Cloud Platform"]
        subgraph Projects["Project Structure (3 projects)"]
            Prod[company-inc-prod]
            Staging[company-inc-staging<br/>QA + dev namespaces]
            Shared[company-inc-shared]
        end

        subgraph Edge["Edge / Networking"]
            LB[Cloud Load Balancer<br/>HTTPS · TLS termination]
            CDN[Cloud CDN<br/>Static Assets]
            NAT[Cloud NAT<br/>Egress · shared]
        end

        subgraph VPC["VPC — Private Subnets"]
            subgraph GKE["GKE Autopilot Cluster"]
                Ingress[Ingress Controller]
                subgraph BlueGreen["Blue-Green Deployment"]
                    Green[Green — stable<br/>receives traffic]
                    Blue[Blue — new release<br/>smoke tests]
                end
                subgraph Workloads
                    API[Backend — Python / Flask<br/>HPA · 2–3 replicas]
                    SPA[Frontend — React SPA<br/>Nginx]
                end
                Redis[Redis — Memorystore<br/>Session / Cache]
                Monitoring[Prometheus + Grafana<br/>Observability]
            end
        end

        subgraph Managed["Managed Services"]
            Mongo[(MongoDB Atlas<br/>3-node Replica Set<br/>Private Endpoint)]
            Secrets[Secret Manager]
            Registry[Artifact Registry]
        end
    end

    subgraph CICD["CI / CD"]
        Git[Git Repository]
        Actions[Gitea / GitHub Actions<br/>Build · Test · Scan]
        Argo[ArgoCD + Argo Rollouts<br/>GitOps · Blue-Green]
    end

    Users --> LB
    Users --> CDN
    LB --> Ingress
    CDN --> SPA
    Ingress -->|traffic| Green
    Ingress -.->|after switch| Blue
    Green --> API
    Blue --> API
    Ingress --> SPA
    API --> Redis
    API --> Mongo
    API --> Secrets
    GKE --> Registry
    GKE --> NAT

    Git --> Actions
    Actions --> Registry
    Argo ----> GKE
```

## Blue-Green Deployment Flow

```mermaid
flowchart LR
    subgraph Cluster["GKE Cluster"]
        LB[Load Balancer<br/>Service Selector]
        Green[Green — v1.2.0<br/>current stable]
        Blue[Blue — v1.3.0<br/>new release]
    end

    Deploy[ArgoCD<br/>Argo Rollouts] -->|deploy new version| Blue
    Blue -->|smoke tests| Check{Tests pass?}
    Check -->|yes| LB
    LB -->|switch 100%| Blue
    Check -->|no| Rollback[Rollback<br/>keep Green]
    LB -.->|instant rollback| Green
```

## CI / CD Pipeline

```mermaid
flowchart LR
    Dev[Developer] -->|push| Repo[Git Repo]
    Repo -->|webhook| CI[CI Pipeline<br/>lint · test · build]
    CI -->|push image| Registry[Artifact Registry]
    CI -->|update manifests| GitOps[GitOps Repo]
    GitOps -->|sync| Argo[ArgoCD]
    Argo -->|blue-green deploy| GKE[GKE Cluster]
```

## Network Security Layers

```mermaid
flowchart LR
    Internet((Internet)) --> FW[VPC Firewall<br/>Default deny]
    FW --> LB[Load Balancer<br/>HTTPS only]
    LB --> NP[K8s Network Policies]
    NP --> Pods[Application Pods<br/>Private IPs only]
    Pods --> PE[Private Endpoint<br/>MongoDB Atlas]
```

## Cost Profile (Early Stage)

```mermaid
pie title Monthly Cost Breakdown (~$200)
    "GKE Autopilot" : 120
    "MongoDB Atlas M10" : 60
    "LB + NAT" : 30
    "Registry + Secrets" : 5
```