Clients & Access
Application Plane (namespace: minishop)
Data & Messaging Plane (namespace: minishop-infra)
Observability Plane (namespace: minishop-observability)
Policy & Secrets
CI/CD & Release
Testing & Quality Gates
End User
- Browser / Mobile
- Accesses
web-uiandapi-gateway
Admin / Operator
- Uses admin endpoints
- Manages catalog and order ops
web-ui
- Vue3 + Vite + Element Plus
- Calls
/api/*viaapi-gateway
api-gateway (HTTP :8080)
- Gin routes
- Auth middleware
- OPA hook
- User-facing API aggregation
admin-api (HTTP :8081)
- Admin operations
- Auth + OPA
- Product and order management
user-rpc
- Register / Login
- JWT verify
- User profile
product-rpc
- Product CRUD
- Inventory / stock
- Vector search hooks
- Low-stock query
order-rpc
- Create / list / pay order
- Idempotency
- Outbox events
- Stock deduction call
notify-rpc
- Consumes order events
- Notification workflows
- Calls
user-rpc
review-rpc
- Create / list review
- Product rating aggregation
- Calls
user-rpcfor username
cart-rpc
- Cart add/update/remove
- Uses Redis storage
- Calls
product-rpc
coupon-rpc
- Coupon lifecycle
- Claim / validate / use
- Uses Postgres + Redis
Outbox Pattern
outbox_eventstable- Reliable publish + retry
Shared Runtime (pkg/service, pkg/grpcx)
service.Run(...)lifecycle + graceful shutdown- Optional metrics / pprof tasks
- gRPC discovery:
{service}-svc:8080 - Env override:
MINISHOP_GRPC_TARGET_*
Namespace split
minishop: app services + gateways + web-uiminishop-infra: postgres/redis/rabbitmqminishop-observability: jaeger/prometheus/grafana/loki/alertmanager
Optional Search Overlay
- OpenSearch enabled by overlay
- Product/API search integration
PostgreSQL + pgvector
- Core transactional DB
- Product vectors
- Orders / users / reviews / coupons
Redis
- Cart state
- Order idempotency lock/cache
- Coupon support
RabbitMQ
- Exchange:
order.events order.created/order.paid- notify consumer
OpenSearch (optional)
- Keyword search overlay
- Product/API search path
OpenTelemetry
- Tracing in all services
- OTLP exporter config
Jaeger
- Distributed trace backend
- End-to-end request visibility
Prometheus
- Scrape service metrics
- Rollout SLO analysis queries
Alertmanager
- Alert routing
- Incident notification
Loki
- Log storage
- Query with labels
Promtail
- Collect pod logs
- Ship to Loki
Grafana
- Metrics dashboards
- Trace / log correlation
OPA
- Authorization policy engine
- Gateway/admin policy decision
External Secrets
- Sync K8s secrets from Vault
- Default in staging/prod
Vault
- Secret source of truth
- App and infra secret paths
K8s Secret: minishop-secret
- jwt_secret
- postgres_password
- rabbitmq_password
K8s Secret: minishop-infra-secret
- postgres_password
- rabbitmq_password
Secret strategy
- Base: no plaintext secret manifests
- Dev: dev-only secret examples
- Staging/Prod: ExternalSecret + Vault by default
Developer
- Works on feature branch
- Pushes code to GitHub
GitHub Actions CI
- service catalog check
- lint
- go test
- integration tests
- web Playwright E2E
GHCR Images
- Build and push per service
- Immutable tags (sha/tag)
Deploy Workflow
- Input: env + image_tag
- Default image_tag = commit SHA
Kustomize Overlays
devstaging(canary + ext secret)prod(blue/green + ext secret)
Argo Rollouts + Istio
- Traffic shift control
- Automated analysis gates
- SLO: error rate + p95 latency
Kubernetes Cluster
- Applies rendered manifests
- Hosts app/infra/observability
Unit + Contract Tests
- cart-rpc / review-rpc / coupon-rpc
- gRPC behavior and error mapping
Integration Tests
- Core flow: order / stock / outbox / coupon / review
- testcontainers coverage
Web E2E (Playwright)
- login -> add cart -> submit order
- pay -> review business flow
Quality Gate
- CI must pass before release
- Rollout analysis checks runtime SLO
- Supports auditable and rollback-safe delivery