Infrastructure Architecture β
Vulcan runs on Azure, deployed to Azure Kubernetes Service (AKS) in Sweden Central for GDPR compliance.
Resource Names β
Actual Production Resources
Some resources have non-standard names due to Azure global uniqueness requirements:
- Key Vault:
vulcan-kv-se-prod(notvulcan-kv-prod) - Storage:
vulcanstprod(notvulcanstorageprod)
Azure Resources β
Compute β
| Resource | Name | SKU | Purpose |
|---|---|---|---|
| AKS Cluster | vulcan-aks-prod | Standard_D4s_v3 (3-10 nodes) | Kubernetes 1.32 with Cilium CNI |
| Container Registry | vulcanacrprod | Standard | Docker images |
Data β
| Resource | Name | SKU | Purpose |
|---|---|---|---|
| PostgreSQL Flexible (core) | vulcan-pg-core-prod | Standard_D4s_v3 | Core databases (coresetup, contracts, documents) |
| PostgreSQL Flexible (ops) | vulcan-pg-ops-prod | Standard_D8s_v3 | Ops databases with pgvector (leads, quotation, projects, invoicing, planning, ai) |
| Redis Cache | vulcan-redis-prod | Premium P1 | Caching, sessions |
| Storage Account | vulcanstprod | Standard_LRS | Blob storage |
AI β
| Resource | Name | Model | Purpose |
|---|---|---|---|
| Azure OpenAI | vulcan-openai-prod | GPT-4o | Quote evaluation, contract analysis |
| Azure OpenAI | vulcan-openai-prod | text-embedding-3-large | Document embeddings (1536 dim) |
| Azure OpenAI | vulcan-openai-prod | whisper | Voice transcription |
| Content Safety | vulcan-content-safety-prod | - | AI guardrails (jailbreak, PII, moderation) |
Messaging β
| Resource | Name | SKU | Purpose |
|---|---|---|---|
| Service Bus | vulcan-sb-prod | Premium | MassTransit async messaging |
Security β
| Resource | Name | Purpose |
|---|---|---|
| Key Vault | vulcan-kv-se-prod | Secrets management (RBAC enabled) |
| Application Insights | - | Monitoring |
| Log Analytics | - | Centralized logging |
Database Distribution β
PostgreSQL Flexible Servers
βββ vulcan-pg-core-prod (Standard_D4s_v3, 64GB)
β βββ coresetup β vulcan-be-coresetup
β βββ contracts β vulcan-be-contracts
β βββ documents β vulcan-be-documents
β
βββ vulcan-pg-ops-prod (Standard_D8s_v3, 128GB, pgvector)
βββ leads β vulcan-be-leads
βββ quotation β vulcan-be-quotation
βββ projects β vulcan-be-projects
βββ invoicing β vulcan-be-invoicing
βββ planning β vulcan-be-planning
βββ ai β vulcan-be-ai (vector embeddings)Architecture Diagram β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Azure Region: Sweden Central β
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Azure Kubernetes Service (K8s 1.32) β β
β β Cilium CNI β β
β β βββββββββββββββ βββββββββββββββ βββββββββββββββ β β
β β β vulcan-be- β β vulcan-be- β β vulcan-be- β β β
β β β coresetup β β leads β β quotation β ... β β
β β ββββββββ¬βββββββ ββββββββ¬βββββββ ββββββββ¬βββββββ β β
β β β β β β β
β βββββββββββΌββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββ β
β β β β β
β βββββββββββΌββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββ β
β β PostgreSQL Flexible Servers β β
β β βββββββββββββββββββββββ βββββββββββββββββββββββ β β
β β β vulcan-pg-core β β vulcan-pg-ops β β β
β β β (D4s_v3, 64GB) β β (D8s_v3, 128GB) β β β
β β β coresetup β β leads, quotation β β β
β β β contracts β β projects, invoicingβ β β
β β β documents β β planning, ai β β β
β β βββββββββββββββββββββββ βββββββββββββββββββββββ β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ β
β β Redis Cache β β Service Bus β β Key Vault β β
β β (Premium P1) β β (Premium) β β (RBAC) β β
β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ β
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β Azure OpenAI ββ
β β GPT-4o β text-embedding-3-large β whisper ββ
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββKubernetes Architecture β
yaml
# Cluster configuration
cluster:
name: vulcan-aks-prod
version: "1.32"
network_plugin: azure
network_dataplane: cilium
# Namespace structure
namespaces:
- vulcan-staging # Staging environment
- vulcan-prod # Production environment
# Per namespace deployments
deployments:
- vulcan-web
- vulcan-be-coresetup
- vulcan-be-leads
- vulcan-be-quotation
- vulcan-be-contracts
- vulcan-be-projects
- vulcan-be-invoicing
- vulcan-be-documents
- vulcan-be-ai
- vulcan-be-planning
services:
- ClusterIP for internal communication
- LoadBalancer for public endpoints
ingress:
- Nginx Ingress Controller
- TLS termination
- Path-based routingKey Vault Secrets β
| Secret | Purpose |
|---|---|
pg-admin-password | PostgreSQL admin password |
servicebus-connection | Service Bus connection string |
redis-connection | Redis connection string |
storage-connection | Storage account connection string |
openai-api-key | Azure OpenAI API key |
openai-endpoint | Azure OpenAI endpoint URL |
Deployment Pipeline β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β Push β β GitLab CI β β AKS β
β to Branch β β β Pipeline β β β Deployment β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
Pipeline Stages:
1. Build - Compile code, run tests
2. Docker - Build and push image to ACR
3. Deploy - Update Kubernetes deployment
4. Verify - Health checkEnvironment Configuration β
Staging β
URL: https://staging.hack.aceve.cloud
Branch: develop
Deployment: Automatic after tests pass
Approval: None requiredProduction β
URL: https://vulcan.aceve.cloud
Branch: main
Deployment: Manual trigger
Approval: RequiredInfrastructure as Code β
vulcan-infrastructure/
βββ terraform/
β βββ modules/
β β βββ aks/
β β βββ postgresql/
β β βββ redis/
β β βββ keyvault/
β β βββ openai/
β βββ environments/
β β βββ staging/
β β βββ production/
β βββ main.tf
βββ kubernetes/
β βββ base/
β β βββ deployments/
β β βββ services/
β β βββ ingress/
β βββ overlays/
β βββ staging/
β βββ production/
βββ scripts/
βββ deploy.sh
βββ rollback.shObservability β
OpenTelemetry β
All services export telemetry via OpenTelemetry OTLP to Datadog Agent:
- Traces: Distributed tracing with ASP.NET Core, HTTP client, and EF Core instrumentation
- Metrics: Runtime, ASP.NET Core, and custom application metrics
- Logs: Structured logging via OpenTelemetry logging provider
Datadog Agent β
- Deployed as DaemonSet in AKS (
datadognamespace) - OTLP receiver on
http://datadog-agent.datadog:4317(gRPC) - Automatic correlation of traces, metrics, and logs
Configuration β
Services are configured via environment variables:
yaml
env:
- name: OTEL_SERVICE_NAME
value: "vulcan-be-<service>"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: "http://datadog-agent.datadog:4317"
- name: OTEL_EXPORTER_OTLP_PROTOCOL
value: "grpc"
- name: OTEL_RESOURCE_ATTRIBUTES
value: "deployment.environment=prod,service.namespace=vulcan,team=platform"Dashboards β
- Datadog APM for traces and service maps
- Datadog Logs for centralized log aggregation
- Datadog Dashboards for custom metrics visualization
Security β
Network β
- AKS with Cilium CNI
- Network policies
- Private endpoints for PaaS (planned)
Identity β
- Azure AD integration
- Managed Identity for services
- RBAC for resources
Secrets β
- Key Vault for all secrets
- No secrets in code or config
- Automatic rotation where supported
Disaster Recovery β
| Component | RPO | RTO | Strategy |
|---|---|---|---|
| Database | 5 min | 1 hour | Point-in-time restore (35-day retention) |
| Storage | 0 | 0 | GRS replication |
| AKS | N/A | 30 min | Multi-replica deployments |
Cost Estimation β
| Resource | Monthly Cost |
|---|---|
| AKS (3 nodes) | ~$600 |
| PostgreSQL (2 servers) | ~$1,000 |
| Azure OpenAI | ~$300-800 |
| Service Bus Premium | ~$400 |
| Redis Premium | ~$500 |
| Storage | ~$100 |
| Other (KV, ACR, etc.) | ~$100 |
| Total | ~$3,000-3,500 |