Architecture Overview
Network topology
Internet → Route 53 → ALB (public) → EKS nodes (private) → RDS (isolated)
↘ ElastiCache (private)
Services map
| Service |
Technology |
Owner |
Namespace |
| API |
Rust/Axum |
backend team |
nexus |
| Frontend |
React/Vite (static CDN) |
frontend team |
— |
| Data pipeline |
Python/Airflow |
data team |
airflow |
| Auth |
OIDC (Keycloak) |
platform team |
auth |
| Monitoring |
Prometheus + Grafana |
platform team |
monitoring |
Deployment flow
PR merged to main
→ GitHub Actions CI
→ Docker build + push to registry.nexus.local
→ Helm upgrade (nexus-staging) — auto
→ Smoke tests
→ Manual approval gate
→ Helm upgrade (nexus-prod)