SAD¶
Table of Content:
Overview¶
Submarine is an API application interface within the database
SAD - System architechture design¶
Logical View¶
The application has declare the module to interactive with internal database of basement dataset
flowchart LR
%% Component
user[User]
api[API application]
database[Database target]
streaming[Streaming Pipelines]
%% Flow
user -- has authorized, perform action --> api -- interactive --> database --> streamingPhysical View¶
Here is the physical resource/service related to the project
flowchart LR
%% Service in Cloud Platform
subgraph Google Cloud Platform
sql[Cloud SQL]
run[Cloud Run]
cbuild[Cloud Build]
lb[Load Balancing]
iap[Cloud IAP]
secret[Cloud Secret Manager]
log[Cloud Logging]
iam[Cloud IAM]
notification_service[Notification Center]
end
%% Service for Code Storage
gh[GitHub]
%% Flow
secret -- control secret --> cbuild
iam --> cbuild
gh -- trigger --> cbuild -- deploy --> run -- execute --> sql
lb -- navigate --> iap -- handle authentication --> run
run -- procedure --> log
run -- notification --> notification_serviceThe table component
| Resource | Identifer | Description |
|---|---|---|
| GitHub | Repository inno-submarine | Contain source-code of project |
| GitHub | Repository inno-infra | Grant permission for service account |
| CloudBuild | Global - using private pool | Build in asia-southeast1 |
| Cloud SQL | Database | Build in asia-southeast1 |
| Cloud Run | Serverless Deployment | Contain the application and served for user |
Deployment: Total of 3 environments:
-
For developer: using
dockerwithdocker-compose -
For Staging
-
For Production
Permission¶
For GitHub
| Runner | Permission | Description |
|---|---|---|
| innodatarunner@innotech.vn | Repository Admin | Admin of repository of repo inno-submarine |
(Shortcut deer-runner) |
For Google Cloud Platform
| Service Account | Permission | Description |
|---|---|---|
sa-slark |
The service account handle by terraform
Update Later
For the IAP, comfig:
-
Authentication with Datateam member
-
Authentication with service account in basement
Techstack¶
The below component is the techstack that we used to build our component
-
API Framework:
FastAPIwith dependencies: -
Log:
structlog -
Database ORM:
sqlalchemy -
Migration:
alembic -
Internal:
inno-finance-corefor business logic control -
Code Quality:
pre-commit -
Developer:
ruff -
Test:
pytest -
Serverless Deployment:
Cloud Run -
CICD:
CloudBuild,Cloud -
Load Balancer:
Load Balacing -
Authentication:
Cloud IAP,IAM -
Database:
Cloud SQL -
Secret:
Cloud Secret Manager -
Log:
Cloud Logging
Standard to follow:
- Standard API: rfc2616, rfc9110, ...
CICD Automation:
-
[1] Deployment on service
-
[2] Schema Validate
-
[3] Test application
Appendix¶
Appendix A: Record of Changes¶
Table: Record of changes
| Version | Date | Author | Description of Change |
|---|---|---|---|
| 0.1.0 | 06/04/2024 | Bao Truong | Initation documentation |