The above diagram, generated here, details our Kubernetes clusters. We maintain two, one for staging and one for production. Each cluster is deployed on GKE in the Las Vegas region in its own GCP project.
In the diagram above, we highlight the production GKE cluster and the processes deployed from packages built in this repo or vendor-managed software. Let's traverse this diagram starting from the Load Balancer, which is where users interface with Neon Law software.
The Load Balancer is managed by Google Cloud. By enforcing all ingress traffic to funnel through the Load Balancer we can leverage the benefits of this managed service including SSL encryption, WAF, and CDN support.
The Cluster itself is managed using GKE Autopilot. Since we only have stateless deployments, this lessens our DevOps burden.
Kubernetes Ingress within our cluster is managed by GKE and GCP. This way we can
leverage GCP SSL Certs and IAP for accessing internal company resources. We
have three defined ingress rules,
Confluent Command Center and
We use Google Cloud's managed PostgreSQL offering. We also use Neo4j, Elasticsearch, each can be completely regenerated with data stored in our PostgreSQL database.
We use Google Cloud's managed Pub/Sub offering. Our
web_hooks packages publish to pub sub, and many of our other services
subscribe to those messages.
We use Google Cloud Storage Buckets to store files. All access to this blob storage is stored in a separate GCP Audit account so we have a full accounting of who saw what file. This is important for conflicts.
We use Loglare to collect hooks from pods and post them to BigQuery in our separate Data GCP Project. We also use Logflare as a server for Webhooks for ingesting third-party data.
Some of our applications depend on authentication tokens which we use Auth0 for. After a user authenticates with Auth0, they have a limited-access token to access our service-based deployments.
Deployments without services listen to changes in one of our Databases, namely
Kafka and process data there. These include our