eSlider/flamingo-tech-test
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
8e99fe7614591e5b6ef6f356a853e3e0e889b012
flamingo-tech-test/docs/architecture-hld.md
Andriy Oblivantsev 8e99fe7614
Helm Chart CI & Release / Lint Helm Chart (push) Successful in 9s
Details
Helm Chart CI & Release / Semantic Release (push) Successful in 2m1s
Details
Add Trivy CVE scan, container registry docs, and update diagrams 
- Add Trivy vulnerability scan step to CI (HIGH/CRITICAL, warn-only)
- Add Container Registry section to README with pull examples
- Update architecture doc and HLD with crane + Trivy details

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-19 21:38:05 +00:00

126 lines
3.5 KiB
Markdown
Raw Blame History

# High-Level Architecture Diagram: Company Inc.
## Cloud Infrastructure (GCP + GKE)
```mermaid
flowchart TB
subgraph Internet
Users((Users))
end
subgraph GCP["Google Cloud Platform"]
subgraph Projects["Project Structure (3 projects)"]
Prod[company-inc-prod]
Staging[company-inc-staging<br/>QA + dev namespaces]
Shared[company-inc-shared]
end
subgraph Edge["Edge / Networking"]
LB[Cloud Load Balancer<br/>HTTPS · TLS termination]
CDN[Cloud CDN<br/>Static Assets]
NAT[Cloud NAT<br/>Egress · shared]
end
subgraph VPC["VPC — Private Subnets"]
subgraph GKE["GKE Autopilot Cluster"]
Ingress[Ingress Controller]
subgraph BlueGreen["Blue-Green Deployment"]
Green[Green — stable<br/>receives traffic]
Blue[Blue — new release<br/>smoke tests]
end
subgraph Workloads
API[Backend — Python / Flask<br/>HPA · 2-3 replicas]
SPA[Frontend — React SPA<br/>Nginx]
end
Redis[Redis — Memorystore<br/>Session / Cache]
Monitoring[Prometheus + Grafana<br/>Observability]
end
end
subgraph Managed["Managed Services"]
Mongo[(MongoDB Atlas<br/>3-node Replica Set<br/>Private Endpoint)]
Secrets[Secret Manager]
Registry[Artifact Registry]
end
end
subgraph CICD["CI / CD"]
Git[Git Repository]
Actions[Gitea / GitHub Actions<br/>Build · Test · Scan]
Argo[ArgoCD + Argo Rollouts<br/>GitOps · Blue-Green]
end
Users --> LB
Users --> CDN
LB --> Ingress
CDN --> SPA
Ingress -->|traffic| Green
Ingress -.->|after switch| Blue
Green --> API
Blue --> API
Ingress --> SPA
API --> Redis
API --> Mongo
API --> Secrets
GKE --> Registry
GKE --> NAT
Git --> Actions
Actions --> Registry
Argo ----> GKE
```
## Blue-Green Deployment Flow
```mermaid
flowchart LR
subgraph Cluster["GKE Cluster"]
LB[Load Balancer<br/>Service Selector]
Green[Green — v1.2.0<br/>current stable]
Blue[Blue — v1.3.0<br/>new release]
end
Deploy[ArgoCD<br/>Argo Rollouts] -->|deploy new version| Blue
Blue -->|smoke tests| Check{Tests pass?}
Check -->|yes| LB
LB -->|switch 100%| Blue
Check -->|no| Rollback[Rollback<br/>keep Green]
LB -.->|instant rollback| Green
```
## CI / CD Pipeline
```mermaid
flowchart LR
Dev[Developer] -->|push| Repo[Git Repo]
Repo -->|webhook| CI[CI Pipeline<br/>lint · test · build]
CI -->|crane copy / docker push| Registry[Container Registry<br/>Artifact Registry / Gitea OCI]
Registry -->|scan image| Trivy[Trivy<br/>HIGH + CRITICAL CVEs]
Trivy -->|pass| CI2[Publish Release]
CI -->|update manifests| GitOps[GitOps Repo]
GitOps -->|sync| Argo[ArgoCD]
Argo -->|blue-green deploy| GKE[GKE Cluster]
GKE -->|pull image| Registry
```
## Network Security Layers
```mermaid
flowchart LR
Internet((Internet)) --> FW[VPC Firewall<br/>Default deny]
FW --> LB[Load Balancer<br/>HTTPS only]
LB --> NP[K8s Network Policies]
NP --> Pods[Application Pods<br/>Private IPs only]
Pods --> PE[Private Endpoint<br/>MongoDB Atlas]
```
## Cost Profile (Early Stage)
```mermaid
pie title Monthly Cost Breakdown (~$200)
"GKE Autopilot" : 120
"MongoDB Atlas M10" : 60
"LB + NAT" : 30
"Registry + Secrets" : 5
```
Reference in New Issue View Git Blame Copy Permalink