Technology Stack¶
Summary Table¶
| Category | Technology | Version | Key File(s) |
|---|---|---|---|
| Cloud provider | GCP (Google Cloud Platform) | N/A | infrastructure-management/projects/ |
| Container orchestration | GKE (Google Kubernetes Engine) | [NEEDS TEAM INPUT] | infrastructure-management/modules/k8s/ |
| Service mesh | Istio | 1.24.2 | infrastructure-management/modules/helm/ |
| GitOps | ArgoCD | [NEEDS TEAM INPUT] | infrastructure-configuration/projects/orofi/cluster-addons/argocd/ |
| Infrastructure as Code | Terraform + Terragrunt | [NEEDS TEAM INPUT] | infrastructure-management/ |
| Container registry | GCP Artifact Registry | N/A | infrastructure-management/modules/artifacts/ |
| CI/CD | Bitbucket Pipelines | N/A | */bitbucket-pipelines.yml |
| Relational database | Cloud SQL MySQL | 8.0 | infrastructure-management/modules/datastore/ |
| Document database | MongoDB (Percona PSMDB Operator) | [NEEDS TEAM INPUT] | infrastructure-configuration/projects/orofi/tools/mongodb-operator/ |
| Cache | Cloud Memorystore Redis | [NEEDS TEAM INPUT] | infrastructure-management/modules/redis/ |
| Event streaming | Apache Kafka (KRaft mode, Bitnami) | 4.0.0 | infrastructure-configuration/projects/orofi/tools/kafka-new/ |
| TLS automation | cert-manager + Let's Encrypt | [NEEDS TEAM INPUT] | infrastructure-management/modules/helm/ |
| Secrets management | GCP Secret Manager + External Secrets Operator | [NEEDS TEAM INPUT] | infrastructure-management/modules/secretmanager/ |
| Key management | GCP Cloud KMS | N/A | infrastructure-management/modules/kms/ |
| Metrics | Prometheus | 2.54.1 | infrastructure-configuration/projects/orofi/cluster-addons/prometheus/ |
| Dashboards | Grafana | [NEEDS TEAM INPUT] | infrastructure-configuration/projects/orofi/cluster-addons/grafana/ |
| Log aggregation | Loki | [NEEDS TEAM INPUT] | infrastructure-configuration/projects/orofi/cluster-addons/loki/ |
| Pod autoscaling | KEDA (event-driven) | [NEEDS TEAM INPUT] | Helm chart in cluster-addons |
| Progressive delivery | ArgoCD Rollouts | [NEEDS TEAM INPUT] | Microservice Helm chart template |
| Load testing | K6 + K6 Operator | [NEEDS TEAM INPUT] | load-testing/ + infrastructure-configuration/projects/orofi/tools/k6-operator/ |
| Cost monitoring | KubeCost | [NEEDS TEAM INPUT] | infrastructure-configuration/projects/orofi/cluster-addons/kubecost/ |
| Object storage | GCS (Cloud Storage) | N/A | infrastructure-management/modules/buckets/ |
| Firebase | Firebase Admin SDK | [NEEDS TEAM INPUT] | Used by communication + identity services |
| OAuth2 (internal tools) | OAuth2 Proxy (Google) | v7.6.0 | infrastructure-configuration/projects/orofi/tools/mongo-express/ |
Technology Rationale¶
GKE over Self-Managed Kubernetes¶
GKE provides managed control plane, built-in node auto-repair, automatic upgrades, and tight integration with GCP IAM via Workload Identity. This reduces operational overhead compared to self-managed clusters.
Istio over Alternatives (Linkerd, Cilium)¶
Istio provides the most complete service mesh feature set: mTLS, traffic management (VirtualServices, DestinationRules), canary deployments via weight-based routing, Prometheus telemetry, and distributed tracing — all without application code changes.
ArgoCD for GitOps¶
ArgoCD watches Git repositories and reconciles cluster state continuously. This gives a single source of truth (Git) for all Kubernetes configuration, automatic drift detection, and a clear audit trail of every deployment.
Terraform + Terragrunt¶
Terraform handles GCP resource provisioning. Terragrunt adds DRY composition — the modules/ directory contains reusable building blocks, and each projects/ directory assembles them with environment-specific values without duplicating module code.
External Secrets Operator¶
ESO decouples secret lifecycle from deployment lifecycle. Secrets live in GCP Secret Manager (access-controlled, audited, versioned). ESO syncs them to Kubernetes Secrets at runtime. This means secrets are never in Git and can be rotated independently of deployments.
KEDA over HPA Alone¶
Kubernetes HPA scales on CPU/memory. KEDA extends this to custom metrics: Kafka consumer lag, MongoDB connection count, and custom Prometheus queries. This gives much more precise scaling behavior for event-driven workloads.
Bitnami Kafka in KRaft Mode¶
KRaft (Kafka without ZooKeeper) reduces operational complexity by eliminating the ZooKeeper dependency. The Bitnami chart provides production-ready defaults with controller+broker separation.
Percona PSMDB Operator for MongoDB¶
The PSMDB operator manages MongoDB replica set lifecycle (provisioning, scaling, backup, failover) as a Kubernetes custom resource. This avoids manual replica set management.