7. Deployment View

Nhan Nguyen5/31/25About 3 minArchitecture Documentationarc42

7. Deployment View

7.1 Infrastructure Overview

BookWorm is designed for cloud-native deployment on Azure Container Apps (ACA), providing managed container hosting with automatic scaling, load balancing, and integrated monitoring.

High-Level Deployment Architecture

7.2 Infrastructure as Code with Bicep

Service Scaling Configuration

Service	Min Replicas	Max Replicas	Scaling Rules
Catalog API	2	10	CPU > 70%, Memory > 80%, HTTP requests > 100/min
Ordering API	2	5	CPU > 80%, HTTP requests > 50/min
Basket API	1	3	CPU > 70%, HTTP requests > 200/min
Rating API	1	3	HTTP requests > 30/min
Chat API	1	5	WebSocket connections > 100, CPU > 70%
API Gateway	2	5	CPU > 60%, HTTP requests > 500/min

7.4 Data Layer Deployment

Database Configuration

PostgreSQL (Primary Database)

resource postgres 'Microsoft.DBforPostgreSQL/flexibleServers@2024-08-01' = {
  name: take('postgres-${uniqueString(resourceGroup().id)}', 63)
  location: location
  properties: {
    administratorLogin: administratorLogin
    administratorLoginPassword: administratorLoginPassword
    authConfig: {
      activeDirectoryAuth: 'Disabled'
      passwordAuth: 'Enabled'
    }
    availabilityZone: '1'
    backup: {
      backupRetentionDays: 7
      geoRedundantBackup: 'Disabled'
    }
    highAvailability: {
      mode: 'Disabled'
    }
    storage: {
      storageSizeGB: 32
    }
    version: '16'
  }
  sku: {
    tier: 'GeneralPurpose'
  }
  tags: {
    'aspire-resource-name': 'postgres'
    Environment: 'Production'
    Projects: 'BookWorm'
  }
}

Redis Cache

resource redis 'Microsoft.Cache/redis@2024-03-01' = {
  name: take('redis-${uniqueString(resourceGroup().id)}', 63)
  location: location
  properties: {
    sku: {
      name: 'Basic'
      family: 'C'
      capacity: 1
    }
    enableNonSslPort: false
    minimumTlsVersion: '1.2'
  }
  tags: {
    'aspire-resource-name': 'redis'
    Environment: 'Production'
    Projects: 'BookWorm'
  }
}

7.5 Network and Security Configuration

Network Security

Security Configuration

Component	Security Measure	Implementation
API Gateway	TLS termination, Rate limiting	Azure Container Apps ingress
Services	mTLS, JWT validation	.NET Aspire security middleware
Databases	Private endpoints, SSL only	Azure private link
Secrets	Key Vault integration	Managed identity authentication
Network	NSG rules, Private DNS	Azure VNET configuration

7.6 CI/CD Pipeline

Deployment Pipeline

7.8 Disaster Recovery

Backup Strategy

Component	Backup Method	Retention	Recovery Time
PostgreSQL	Automated daily backups	30 days	< 1 hour
Redis	Data persistence enabled	Real-time	< 5 minutes
Azure Table Storage	Automatic backups	30 days	< 30 minutes
Application Code	Container registry	Version-based	< 10 minutes
Configuration	Key Vault backup	90 days	< 5 minutes

Recovery Procedures

Database Recovery: Point-in-time restore from automated backups
Application Recovery: Container redeployment from registry
Configuration Recovery: Key Vault restore and service restart
Network Recovery: Infrastructure as Code redeployment