Skip to content

Orofi Infrastructure Docs

Service Catalog

oro-codebase/infra

Service Catalog¶

API Gateway Services¶

These services are the entry points for all external traffic. Each gateway is configured for a specific client type and holds its own API key for authenticating with downstream services.

api-gateway-public¶

Property	Value
Purpose	Entry point for public-facing end users
Namespace	`api-gateway-public`
Repository	`git@bitbucket.org:oro-codebase/api-gateway-public.git`
Language / Framework	[NEEDS TEAM INPUT]
Service port	80 (HTTP, Istio terminates TLS externally)
GCP Service Account	`api-gateway-public-sa@orofi-{env}-cloud.iam.gserviceaccount.com`
Secrets	`{env}-api-gateway-public-secret`, `{env}-shared-microservice-secrets`, `{env}-redis-auth-password`
API Key	`{env}-public-gateway-apikey` (used to authenticate with downstream services)
Upstream Services	microservice-identity, microservice-monolith
DNS	`api.{env}.orofi.xyz` (or per [NEEDS TEAM INPUT: actual hostname])
Owner	[NEEDS TEAM INPUT]

api-gateway-account¶

Property	Value
Purpose	Entry point for authenticated account users
Namespace	`api-gateway-account`
Repository	`git@bitbucket.org:oro-codebase/api-gateway-account.git`
Language / Framework	[NEEDS TEAM INPUT]
GCP Service Account	`api-gateway-account-sa@orofi-{env}-cloud.iam.gserviceaccount.com`
Secrets	`{env}-api-gateway-account-secret`, `{env}-shared-microservice-secrets`, `{env}-redis-auth-password`
API Key	`{env}-account-gateway-apikey`
Upstream Services	microservice-identity, microservice-monolith, microservice-communication
Owner	[NEEDS TEAM INPUT]

api-gateway-oro¶

Property	Value
Purpose	Entry point for internal Oro operations
Namespace	`api-gateway-oro`
Repository	`git@bitbucket.org:oro-codebase/api-gateway-oro.git`
Language / Framework	[NEEDS TEAM INPUT]
GCP Service Account	`api-gateway-oro-sa@orofi-{env}-cloud.iam.gserviceaccount.com`
Secrets	`{env}-api-gateway-oro-secret`, `{env}-shared-microservice-secrets`, `{env}-redis-auth-password`
API Key	`{env}-oro-gateway-apikey`
Upstream Services	microservice-monolith, microservice-analytics
Owner	[NEEDS TEAM INPUT]

api-gateway-admin-dashboard¶

Property	Value
Purpose	Entry point for admin dashboard users
Namespace	`api-gateway-admin-dashboard`
Repository	`git@bitbucket.org:oro-codebase/api-gateway-admin-dashboard.git`
Language / Framework	[NEEDS TEAM INPUT]
GCP Service Account	`api-gateway-admin-dashboard-sa@orofi-{env}-cloud.iam.gserviceaccount.com`
Secrets	`{env}-api-gateway-admin-dashboard-secret`, `{env}-shared-microservice-secrets`, `{env}-redis-auth-password`
API Key	`{env}-admin-dashboard-gateway-apikey`
Upstream Services	microservice-analytics, microservice-identity
Owner	[NEEDS TEAM INPUT]

Core Microservices¶

microservice-communication¶

Property	Value
Purpose	Messaging, notifications, email/SMS delivery
Namespace	`microservice-communication`
Repository	`git@bitbucket.org:oro-codebase/microservice-communication.git`
Language / Framework	[NEEDS TEAM INPUT]
Service port	80
GCP Service Account	`microservice-communication-sa@orofi-{env}-cloud.iam.gserviceaccount.com`
GCP IAM Extra Roles	`roles/storage.admin` (GCS access for attachments/exports)
Database	`db_microservice_communication` on Cloud SQL
DB Secret	`{env}-microservice-communication-db-connection`
App Secret	`{env}-microservice-communication-secret`
Firebase	Yes — uses `{env}-firebase-secret`
Kafka	Producer and consumer
Redis	Yes — session/cache
Owner	[NEEDS TEAM INPUT]

microservice-identity¶

Property	Value
Purpose	Authentication, JWT issuance, API key management, user identity, data encryption
Namespace	`microservice-identity`
Repository	`git@bitbucket.org:oro-codebase/microservice-identity.git`
Language / Framework	[NEEDS TEAM INPUT]
Service port	80
GCP Service Account	`microservice-identity-sa@orofi-{env}-cloud.iam.gserviceaccount.com`
GCP IAM Extra Roles	`roles/storage.admin`, `roles/cloudkms.cryptoKeyEncrypterDecrypter`
Database	`db_microservice_identity` on Cloud SQL
DB Secret	`{env}-microservice-identity-db-connection`
App Secret	`{env}-microservice-identity-secret`
KMS Key Ring	`identity-microservice-{env}` (keys: `data-hmac-search-key-v2`, `data-encryption-key-v2`)
JWT Key	`microservice-identity-jwt-private-key-secret`
API Key Secret	`microservice-identity-apikey-private-key-secret`
Search HMAC	`microservice-identity-encryption-search-hash-pepper-key-secret`
Firebase	Yes — uses `{env}-firebase-secret`
Kafka	Producer and consumer
Redis	Yes — token cache
MongoDB	Yes — document storage
Owner	[NEEDS TEAM INPUT]

Critical Service

microservice-identity is the authentication authority for the entire platform. All other services validate JWTs issued by this service. An outage here affects all authenticated functionality.

microservice-monolith¶

Property	Value
Purpose	Core business logic
Namespace	`microservice-monolith`
Repository	`git@bitbucket.org:oro-codebase/microservice-monolith.git`
Language / Framework	[NEEDS TEAM INPUT]
Service port	80
GCP Service Account	`microservice-monolith-sa@orofi-{env}-cloud.iam.gserviceaccount.com`
GCP IAM Extra Roles	`roles/storage.admin`
Database	`db_microservice_monolith` on Cloud SQL
DB Secret	`{env}-microservice-monolith-db-connection`
App Secret	`{env}-microservice-monolith-secret`
Kafka	Producer and consumer
Redis	Yes — session/cache
MongoDB	Yes — document storage
Owner	[NEEDS TEAM INPUT]

microservice-analytics¶

Property	Value
Purpose	Analytics, reporting, event processing
Namespace	`microservice-analytics`
Repository	`git@bitbucket.org:oro-codebase/microservice-analytics.git`
Language / Framework	[NEEDS TEAM INPUT]
Service port	80
GCP Service Account	`microservice-analytics-sa@orofi-{env}-cloud.iam.gserviceaccount.com`
GCP IAM Extra Roles	`roles/storage.admin`
Database	`db_microservice_analytics` on Cloud SQL
DB Secret	`{env}-microservice-analytics-db-connection`
App Secret	`{env}-microservice-analytics-secret`
Kafka	Consumer (processes all service-log-topic, account-event-log-topic events)
Redis	Yes
Owner	[NEEDS TEAM INPUT]

Service Dependency Map¶

graph TD
    subgraph External
        PubUsers["Public Users"]
        AccUsers["Account Users"]
        OroOps["Oro Operations"]
        Admin["Admin Users"]
    end

    subgraph Gateways
        GWPub["api-gateway-public"]
        GWAcc["api-gateway-account"]
        GWOro["api-gateway-oro"]
        GWAdmin["api-gateway-admin-dashboard"]
    end

    subgraph Services
        MSIdent["microservice-identity\n(auth, JWT, encryption)"]
        MSMono["microservice-monolith\n(core logic)"]
        MSComm["microservice-communication\n(notifications)"]
        MSAnal["microservice-analytics\n(reporting)"]
    end

    subgraph Data
        MySQL["Cloud SQL MySQL"]
        Mongo["MongoDB"]
        Redis["Redis"]
        Kafka["Kafka"]
    end

    PubUsers --> GWPub
    AccUsers --> GWAcc
    OroOps --> GWOro
    Admin --> GWAdmin

    GWPub --> MSIdent
    GWPub --> MSMono
    GWAcc --> MSIdent
    GWAcc --> MSMono
    GWAcc --> MSComm
    GWOro --> MSMono
    GWOro --> MSAnal
    GWAdmin --> MSAnal
    GWAdmin --> MSIdent

    MSIdent --> MySQL
    MSIdent --> Mongo
    MSIdent --> Redis
    MSIdent --> Kafka

    MSMono --> MySQL
    MSMono --> Mongo
    MSMono --> Redis
    MSMono --> Kafka

    MSComm --> MySQL
    MSComm --> Redis
    MSComm --> Kafka

    MSAnal --> MySQL
    MSAnal --> Redis
    MSAnal --> Kafka

Platform Components¶

Component	Namespace	Purpose	Owner
ArgoCD	`argocd`	GitOps controller	Platform Team
External Secrets Operator	`external-secrets`	Sync GCP secrets to K8s	Platform Team
Istio	`istio-system`	Service mesh	Platform Team
cert-manager	`cert-manager`	TLS lifecycle	Platform Team
Prometheus	`prometheus`	Metrics	Platform Team
Grafana	`grafana`	Dashboards	Platform Team
Loki	`loki`	Log aggregation	Platform Team
KEDA	`keda`	Event-driven autoscaling	Platform Team
MongoDB Operator	`mongo-db`	MongoDB lifecycle	Platform Team
Kafka	`kafka`	Event streaming	Platform Team
K6 Operator	`k6-operator`	Load testing	Platform Team
KubeCost	`kubecost`	Cost monitoring	Platform Team

See Also¶