Andriy Oblivantsev
e6176999c1
Expand architecture doc section 4.5 with image building process, container registry management, and deployment pipeline prose. Add Docker build & push to Gitea OCI registry in CI workflow. Co-authored-by: Cursor <cursoragent@cursor.com>
3.5 KiB
3.5 KiB
High-Level Architecture Diagram: Company Inc.
Cloud Infrastructure (GCP + GKE)
flowchart TB
subgraph Internet
Users((Users))
end
subgraph GCP["Google Cloud Platform"]
subgraph Projects["Project Structure (3 projects)"]
Prod[company-inc-prod]
Staging[company-inc-staging<br/>QA + dev namespaces]
Shared[company-inc-shared]
end
subgraph Edge["Edge / Networking"]
LB[Cloud Load Balancer<br/>HTTPS · TLS termination]
CDN[Cloud CDN<br/>Static Assets]
NAT[Cloud NAT<br/>Egress · shared]
end
subgraph VPC["VPC — Private Subnets"]
subgraph GKE["GKE Autopilot Cluster"]
Ingress[Ingress Controller]
subgraph BlueGreen["Blue-Green Deployment"]
Green[Green — stable<br/>receives traffic]
Blue[Blue — new release<br/>smoke tests]
end
subgraph Workloads
API[Backend — Python / Flask<br/>HPA · 2–3 replicas]
SPA[Frontend — React SPA<br/>Nginx]
end
Redis[Redis — Memorystore<br/>Session / Cache]
Monitoring[Prometheus + Grafana<br/>Observability]
end
end
subgraph Managed["Managed Services"]
Mongo[(MongoDB Atlas<br/>3-node Replica Set<br/>Private Endpoint)]
Secrets[Secret Manager]
Registry[Artifact Registry]
end
end
subgraph CICD["CI / CD"]
Git[Git Repository]
Actions[Gitea / GitHub Actions<br/>Build · Test · Scan]
Argo[ArgoCD + Argo Rollouts<br/>GitOps · Blue-Green]
end
Users --> LB
Users --> CDN
LB --> Ingress
CDN --> SPA
Ingress -->|traffic| Green
Ingress -.->|after switch| Blue
Green --> API
Blue --> API
Ingress --> SPA
API --> Redis
API --> Mongo
API --> Secrets
GKE --> Registry
GKE --> NAT
Git --> Actions
Actions --> Registry
Argo ----> GKE
Blue-Green Deployment Flow
flowchart LR
subgraph Cluster["GKE Cluster"]
LB[Load Balancer<br/>Service Selector]
Green[Green — v1.2.0<br/>current stable]
Blue[Blue — v1.3.0<br/>new release]
end
Deploy[ArgoCD<br/>Argo Rollouts] -->|deploy new version| Blue
Blue -->|smoke tests| Check{Tests pass?}
Check -->|yes| LB
LB -->|switch 100%| Blue
Check -->|no| Rollback[Rollback<br/>keep Green]
LB -.->|instant rollback| Green
CI / CD Pipeline
flowchart LR
Dev[Developer] -->|push| Repo[Git Repo]
Repo -->|webhook| CI[CI Pipeline<br/>lint · test · build]
CI -->|docker build + push| Registry[Container Registry<br/>Artifact Registry / Gitea OCI]
CI -->|scan image| Trivy[Trivy<br/>CVE scan]
CI -->|update manifests| GitOps[GitOps Repo]
GitOps -->|sync| Argo[ArgoCD]
Argo -->|blue-green deploy| GKE[GKE Cluster]
GKE -->|pull image| Registry
Network Security Layers
flowchart LR
Internet((Internet)) --> FW[VPC Firewall<br/>Default deny]
FW --> LB[Load Balancer<br/>HTTPS only]
LB --> NP[K8s Network Policies]
NP --> Pods[Application Pods<br/>Private IPs only]
Pods --> PE[Private Endpoint<br/>MongoDB Atlas]
Cost Profile (Early Stage)
pie title Monthly Cost Breakdown (~$200)
"GKE Autopilot" : 120
"MongoDB Atlas M10" : 60
"LB + NAT" : 30
"Registry + Secrets" : 5