Deployment Architecture
Overview
MyTradeX utilizes a hybrid cloud deployment strategy with containerization and microservices architecture for optimal scalability, reliability, and maintainability across multiple environments.
Container Architecture
Docker Configuration
Backend Services
# Multi-stage build for Spring Boot services
FROM maven:3.8.6-openjdk-17 AS builder
WORKDIR /app
COPY pom.xml .
COPY ${SERVICE}/pom.xml ./${SERVICE}/
RUN mvn dependency:go-offline -B
COPY ${SERVICE}/src ./${SERVICE}/src
RUN mvn clean package -DskipTests
FROM openjdk:17-jre-slim
COPY --from=builder /app/${SERVICE}/target/*.jar app.jar
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "/app.jar"]
Frontend Applications
# Next.js applications
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build
FROM nginx:alpine
COPY --from=builder /app/.next /usr/share/nginx/html
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 80
Docker Compose Services
Core Services
version: '3.8'
services:
# Database Services
postgres-primary:
image: postgres:15-alpine
environment:
POSTGRES_DB: mytradex
POSTGRES_USER: ${DB_USER}
POSTGRES_PASSWORD: ${DB_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
ports:
- "5432:5432"
redis-cache:
image: redis:7-alpine
ports:
- "6379:6379"
command: redis-server --appendonly yes
# Backend Services
security-service:
build: ./mytradex-backend/security
ports:
- "8081:8080"
environment:
- SPRING_PROFILES_ACTIVE=docker
depends_on:
- postgres-primary
- redis-cache
order-service:
build: ./mytradex-backend/service
ports:
- "8082:8080"
environment:
- SPRING_PROFILES_ACTIVE=docker
depends_on:
- postgres-primary
- redis-cache
market-data-service:
build: ./mytradex-backend/service
ports:
- "8083:8080"
environment:
- SPRING_PROFILES_ACTIVE=docker
depends_on:
- postgres-primary
- redis-cache
# Frontend Services
customer-web:
build: ./mytradex-monorepo/apps/customer-web
ports:
- "3000:80"
environment:
- NODE_ENV=production
admin-portal:
build: ./mytradex-monorepo/apps/admin-portal
ports:
- "3001:80"
environment:
- NODE_ENV=production
# Infrastructure
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/ssl:/etc/nginx/ssl
depends_on:
- customer-web
- admin-portal
volumes:
postgres_data:
Kubernetes Deployment
Service Configuration
Backend Microservices
apiVersion: apps/v1
kind: Deployment
metadata:
name: security-service
spec:
replicas: 3
selector:
matchLabels:
app: security-service
template:
metadata:
labels:
app: security-service
spec:
containers:
- name: security-service
image: mytradex/security-service:latest
ports:
- containerPort: 8080
env:
- name: SPRING_PROFILES_ACTIVE
value: "kubernetes"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials
key: url
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
Frontend Applications
apiVersion: apps/v1
kind: Deployment
metadata:
name: customer-web
spec:
replicas: 2
selector:
matchLabels:
app: customer-web
template:
metadata:
labels:
app: customer-web
spec:
containers:
- name: customer-web
image: mytradex/customer-web:latest
ports:
- containerPort: 80
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
Service Discovery
apiVersion: v1
kind: Service
metadata:
name: security-service
spec:
selector:
app: security-service
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
Ingress Configuration
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mytradex-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
spec:
tls:
- hosts:
- app.mytradex.com
- admin.mytradex.com
secretName: mytradex-tls
rules:
- host: app.mytradex.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: security-service
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: customer-web
port:
number: 80
- host: admin.mytradex.com
http:
paths:
- path: /api/admin
pathType: Prefix
backend:
service:
name: admin-service
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: admin-portal
port:
number: 80
Environment-Specific Configurations
Development Environment
# docker-compose.dev.yml
version: '3.8'
services:
postgres-dev:
image: postgres:15-alpine
environment:
POSTGRES_DB: mytradex_dev
volumes:
- postgres_dev_data:/var/lib/postgresql/data
redis-dev:
image: redis:7-alpine
backend-dev:
build:
context: ./mytradex-backend
dockerfile: Dockerfile.dev
volumes:
- ./mytradex-backend:/app/src
environment:
- SPRING_PROFILES_ACTIVE=dev
frontend-dev:
build:
context: ./mytradex-monorepo
dockerfile: Dockerfile.dev
ports:
- "3000:3000"
volumes:
- ./mytradex-monorepo:/app
- /app/node_modules
Production Environment
# k8s-production.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: production-deployment
spec:
replicas: 5
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
spec:
containers:
- name: app
image: mytradex/app:latest
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: production-secrets
key: database-url
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "1000m"
env:
- name: NODE_ENV
value: "production"
Infrastructure as Code
Terraform Configuration
# EKS cluster setup
resource "aws_eks_cluster" "mytradex" {
name = "mytradex-cluster"
role_arn = aws_iam_role.eks_cluster.arn
version = "1.27"
vpc_config {
subnet_ids = aws_subnet.private[*].id
endpoint_private_access = true
endpoint_public_access = true
public_access_cidrs = ["0.0.0.0/0"]
}
}
# RDS PostgreSQL
resource "aws_rds_cluster" "mytradex_db" {
cluster_identifier = "mytradex-cluster"
engine = "aurora-postgresql"
engine_version = "13.7"
database_name = "mytradex"
master_username = "admin"
master_password = var.db_password
backup_retention_period = 7
preferred_backup_window = "07:00-09:00"
vpc_security_group_ids = [aws_security_group.rds.id]
db_subnet_group_name = aws_db_subnet_group.mytradex.name
storage_encrypted = true
kms_key_id = aws_kms_key.rds.key_id
}
# ElastiCache Redis
resource "aws_elasticache_subnet_group" "mytradex" {
name = "mytradex-cache-subnet"
subnet_ids = aws_subnet.private[*].id
}
resource "aws_elasticache_replication_group" "mytradex" {
replication_group_id = "mytradex-redis"
description = "Redis cluster for MyTradeX"
port = 6379
parameter_group_name = "default.redis7"
node_type = "cache.r6g.large"
num_cache_clusters = 3
subnet_group_name = aws_elasticache_subnet_group.mytradex.name
security_group_ids = [aws_security_group.redis.id]
at_rest_encryption_enabled = true
transit_encryption_enabled = true
auth_token = var.redis_auth_token
}
Monitoring and Observability
Prometheus Configuration
global:
scrape_interval: 15s
evaluation_interval: 15s
rule_files:
- "mytradex_rules.yml"
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- job_name: 'security-service'
static_configs:
- targets: ['security-service:8080']
metrics_path: '/actuator/prometheus'
- job_name: 'order-service'
static_configs:
- targets: ['order-service:8080']
metrics_path: '/actuator/prometheus'
Grafana Dashboard Configuration
{
"dashboard": {
"title": "MyTradeX System Overview",
"panels": [
{
"title": "API Response Time",
"type": "graph",
"targets": [
{
"expr": "histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))",
"legendFormat": "95th percentile"
}
]
},
{
"title": "Error Rate",
"type": "singlestat",
"targets": [
{
"expr": "rate(http_requests_total{status=~\"5..\"}[5m])",
"legendFormat": "5xx errors"
}
]
}
]
}
}
CI/CD Pipeline
GitHub Actions Workflow
name: Deploy to Production
on:
push:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run tests
run: |
cd mytradex-monorepo
npm ci
npm run test
npm run build
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run OWASP ZAP scan
uses: zaproxy/action-full-scan@v0.7.0
with:
target: 'https://staging.mytradex.com'
deploy:
needs: [test, security-scan]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build and push Docker images
run: |
# Build and push backend services
for service in security service protocol; do
docker build -t mytradex-$service:$GITHUB_SHA ./mytradex-backend/$service
docker push $ECR_REGISTRY/mytradex-$service:$GITHUB_SHA
done
# Build and push frontend apps
for app in customer-web admin-portal; do
docker build -t mytradex-$app:$GITHUB_SHA ./mytradex-monorepo/apps/$app
docker push $ECR_REGISTRY/mytradex-$app:$GITHUB_SHA
done
- name: Deploy to EKS
run: |
aws eks update-kubeconfig --region us-west-2 --name mytradex-cluster
kubectl set image deployment/security-service security-service=$ECR_REGISTRY/security-service:$GITHUB_SHA
kubectl set image deployment/order-service order-service=$ECR_REGISTRY/order-service:$GITHUB_SHA
kubectl rollout status deployment/security-service
kubectl rollout status deployment/order-service
Performance and Scalability
Auto-scaling Configuration
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: security-service-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: security-service
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
Resource Limits and Requests
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
CDN and Caching Strategy
# Nginx caching configuration
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires 1y;
add_header Cache-Control "public, immutable";
add_header Vary Accept-Encoding;
}
location /api/ {
proxy_cache mytradex_cache;
proxy_cache_valid 200 302 5m;
proxy_cache_valid 404 1m;
proxy_cache_bypass $http_pragma $http_authorization;
add_header X-Cache-Status $upstream_cache_status;
}
Security in Production
Network Policies
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: security-service-netpol
spec:
podSelector:
matchLabels:
app: security-service
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: nginx-ingress
ports:
- protocol: TCP
port: 8080
egress:
- to:
- podSelector:
matchLabels:
app: postgres
ports:
- protocol: TCP
port: 5432
Pod Security Standards
apiVersion: v1
kind: SecurityContext
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
seccompProfile:
type: RuntimeDefault
containers:
- name: app
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
Backup and Disaster Recovery
Database Backup Strategy
#!/bin/bash
# Automated backup script
# PostgreSQL backup
pg_dump -h $DB_HOST -U $DB_USER -d $DB_NAME \
--format=custom --compress=9 \
--file=backup_$(date +%Y%m%d_%H%M%S).dump
# Upload to S3 with encryption
aws s3 cp backup_*.dump s3://mytradex-backups/ \
--server-side-encryption AES256
# Retention policy
aws s3api put-object-lifecycle-configuration \
--bucket mytradex-backups \
--lifecycle-configuration file://backup-lifecycle.json
Recovery Procedures
# Database recovery configuration
apiVersion: batch/v1
kind: Job
metadata:
name: database-restore
spec:
template:
spec:
containers:
- name: restore
image: postgres:15-alpine
command:
- /bin/bash
- -c
- |
pg_restore -h $DB_HOST -U $DB_USER -d $DB_NAME \
--verbose --clean --if-exists \
/backup/latest.dump
restartPolicy: OnFailure
This deployment architecture provides a comprehensive, scalable, and secure foundation for the MyTradeX trading platform, ensuring high availability, performance, and maintainability across all environments.