DevOps Stack
Vulcan uses GitLab CI/CD for automation, Docker for containerization, and Azure AKS for Kubernetes orchestration.
CI/CD
| Technology | Purpose |
|---|---|
| GitLab CI | Continuous integration and deployment pipelines |
| Lefthook | Fast, parallel Git hooks manager |
Containerization
| Technology | Purpose |
|---|---|
| Docker | Containerization for consistent development and deployment |
| Azure Container Registry | Private Docker image registry |
Orchestration
| Technology | Purpose |
|---|---|
| Azure Kubernetes Service (AKS) | Managed Kubernetes for container orchestration |
| Nginx Ingress Controller | Kubernetes ingress and load balancing |
Infrastructure as Code
| Technology | Purpose |
|---|---|
| Terraform | Infrastructure provisioning and management |
| Kustomize | Kubernetes configuration management |
Monitoring
| Technology | Purpose |
|---|---|
| Azure Application Insights | Application performance monitoring |
| Azure Log Analytics | Centralized log aggregation |
CI/CD Pipeline
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Push │ │ GitLab CI │ │ AKS │
│ to Branch │ → │ Pipeline │ → │ Deployment │
└──────────────┘ └──────────────┘ └──────────────┘
Pipeline Stages:
1. Build - Compile code, run tests
2. Docker - Build and push image to ACR
3. Deploy - Update Kubernetes deployment
4. Verify - Health checkGit Hooks (Lefthook)
| Hook | Action |
|---|---|
pre-commit | ESLint + Prettier on staged files |
commit-msg | commitlint validation |
pre-push | Type check + test suite |
Environment Configuration
Staging
URL: https://staging.vulcan.hantverksdata.se
Branch: develop
Deployment: Automatic after tests pass
Approval: None requiredProduction
URL: https://vulcan.hantverksdata.se
Branch: main
Deployment: Manual trigger
Approval: RequiredDocker Multi-Stage Build
dockerfile
# Build stage
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
WORKDIR /src
COPY . .
RUN dotnet publish -c Release -o /app
# Runtime stage
FROM mcr.microsoft.com/dotnet/aspnet:10.0
WORKDIR /app
COPY --from=build /app .
EXPOSE 8080
ENTRYPOINT ["dotnet", "Vulcan.Api.dll"]Kubernetes Structure
yaml
# Namespace structure
namespaces:
- vulcan-staging # Staging environment
- vulcan-prod # Production environment
# Per namespace deployments
deployments:
- vulcan-web
- vulcan-be-coresetup
- vulcan-be-leads
- vulcan-be-quotation
- vulcan-be-contracts
- vulcan-be-projects
- vulcan-be-invoicing
- vulcan-be-documents
- vulcan-be-ai
- vulcan-be-planning
services:
- ClusterIP for internal communication
- LoadBalancer for public endpoints
ingress:
- Nginx Ingress Controller
- TLS termination
- Path-based routingInfrastructure Repository
vulcan-infrastructure/
├── terraform/
│ ├── modules/
│ │ ├── aks/
│ │ ├── postgresql/
│ │ ├── redis/
│ │ ├── keyvault/
│ │ └── openai/
│ ├── environments/
│ │ ├── staging/
│ │ └── production/
│ └── main.tf
├── kubernetes/
│ ├── base/
│ │ ├── deployments/
│ │ ├── services/
│ │ └── ingress/
│ └── overlays/
│ ├── staging/
│ └── production/
└── scripts/
├── deploy.sh
└── rollback.shSecurity
Network
- AKS with Cilium CNI
- Network policies
- Private endpoints for PaaS
Identity
- Azure AD integration
- Managed Identity for services
- RBAC for resources
Secrets
- Key Vault for all secrets
- No secrets in code or config
- Automatic rotation where supported
Disaster Recovery
| Component | RPO | RTO | Strategy |
|---|---|---|---|
| Database | 5 min | 1 hour | Point-in-time restore |
| Storage | 0 | 0 | GRS replication |
| AKS | N/A | 30 min | Multi-replica deployments |