eSlider/flamingo-tech-test
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
6adc52830f6f769a7fccce47e7415300d47575ba
flamingo-tech-test/docs/architecture-hld.md
Andriy Oblivantsev e6176999c1
Helm Chart CI & Release / Lint Helm Chart (push) Successful in 10s
Details
Helm Chart CI & Release / Semantic Release (push) Failing after 9s
Details
Add containerisation strategy details and CI image build step 
Expand architecture doc section 4.5 with image building process,
container registry management, and deployment pipeline prose.
Add Docker build & push to Gitea OCI registry in CI workflow.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-19 21:19:31 +00:00

125 lines
3.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# High-Level Architecture Diagram: Company Inc.
## Cloud Infrastructure (GCP + GKE)
```mermaid
flowchart TB
subgraph Internet
Users((Users))
end
subgraph GCP["Google Cloud Platform"]
subgraph Projects["Project Structure (3 projects)"]
Prod[company-inc-prod]
Staging[company-inc-staging<br/>QA + dev namespaces]
Shared[company-inc-shared]
end
subgraph Edge["Edge / Networking"]
LB[Cloud Load Balancer<br/>HTTPS · TLS termination]
CDN[Cloud CDN<br/>Static Assets]
NAT[Cloud NAT<br/>Egress · shared]
end
subgraph VPC["VPC — Private Subnets"]
subgraph GKE["GKE Autopilot Cluster"]
Ingress[Ingress Controller]
subgraph BlueGreen["Blue-Green Deployment"]
Green[Green — stable<br/>receives traffic]
Blue[Blue — new release<br/>smoke tests]
end
subgraph Workloads
API[Backend — Python / Flask<br/>HPA · 23 replicas]
SPA[Frontend — React SPA<br/>Nginx]
end
Redis[Redis — Memorystore<br/>Session / Cache]
Monitoring[Prometheus + Grafana<br/>Observability]
end
end
subgraph Managed["Managed Services"]
Mongo[(MongoDB Atlas<br/>3-node Replica Set<br/>Private Endpoint)]
Secrets[Secret Manager]
Registry[Artifact Registry]
end
end
subgraph CICD["CI / CD"]
Git[Git Repository]
Actions[Gitea / GitHub Actions<br/>Build · Test · Scan]
Argo[ArgoCD + Argo Rollouts<br/>GitOps · Blue-Green]
end
Users --> LB
Users --> CDN
LB --> Ingress
CDN --> SPA
Ingress -->|traffic| Green
Ingress -.->|after switch| Blue
Green --> API
Blue --> API
Ingress --> SPA
API --> Redis
API --> Mongo
API --> Secrets
GKE --> Registry
GKE --> NAT
Git --> Actions
Actions --> Registry
Argo ----> GKE
```
## Blue-Green Deployment Flow
```mermaid
flowchart LR
subgraph Cluster["GKE Cluster"]
LB[Load Balancer<br/>Service Selector]
Green[Green — v1.2.0<br/>current stable]
Blue[Blue — v1.3.0<br/>new release]
end
Deploy[ArgoCD<br/>Argo Rollouts] -->|deploy new version| Blue
Blue -->|smoke tests| Check{Tests pass?}
Check -->|yes| LB
LB -->|switch 100%| Blue
Check -->|no| Rollback[Rollback<br/>keep Green]
LB -.->|instant rollback| Green
```
## CI / CD Pipeline
```mermaid
flowchart LR
Dev[Developer] -->|push| Repo[Git Repo]
Repo -->|webhook| CI[CI Pipeline<br/>lint · test · build]
CI -->|docker build + push| Registry[Container Registry<br/>Artifact Registry / Gitea OCI]
CI -->|scan image| Trivy[Trivy<br/>CVE scan]
CI -->|update manifests| GitOps[GitOps Repo]
GitOps -->|sync| Argo[ArgoCD]
Argo -->|blue-green deploy| GKE[GKE Cluster]
GKE -->|pull image| Registry
```
## Network Security Layers
```mermaid
flowchart LR
Internet((Internet)) --> FW[VPC Firewall<br/>Default deny]
FW --> LB[Load Balancer<br/>HTTPS only]
LB --> NP[K8s Network Policies]
NP --> Pods[Application Pods<br/>Private IPs only]
Pods --> PE[Private Endpoint<br/>MongoDB Atlas]
```
## Cost Profile (Early Stage)
```mermaid
pie title Monthly Cost Breakdown (~$200)
"GKE Autopilot" : 120
"MongoDB Atlas M10" : 60
"LB + NAT" : 30
"Registry + Secrets" : 5
```
Reference in New Issue View Git Blame Copy Permalink