🏛️ Infrastructure Architecture

This document provides a deep-dive into the "Engine Room" of the Adamondo ecosystem. It explains how our cloud-native infrastructure is provisioned, secured, and orchestrated.

🔄 Automated Lifecycle (CI/CD)

Our deployment pipeline is fully automated from the first git push to the final cluster rollout.

🛡️ Security & Secret Injection

We follow a "Zero-Secrets-in-Code" policy using Infisical.

🏗️ Request Lifecycle & Ingress

All external traffic passes through multiple layers of security before reaching our logic. We differentiate between Public Web Traffic (API/App) and Secure Internal Tools.

🌐 Public Web Application

The Adamondo webapp is a hybrid architecture:

Static Frontend: Hosted on Cloudflare Pages, providing globally distributed static content.
Backend API: Hosted on Kubernetes (K8s), protected by Cloudflare's proxy.

🔒 Secure Internal Tools

For internal tools (e.g., Grafana, Admin panels), we use a zero-trust model via Cloudflare Tunnels.

⛓️ Database Migrations (ArgoCD Hooks)

To prevent downtime and ensure schema compatibility, we use ArgoCD lifecycle hooks.

💾 Data & Storage Layer

Service	Provider	Context
Primary DB	MySQL	Managed as a replicated K8s service.
Caching	Redis	ioredis clustered setup for high-speed lookups.
Object Store	Cloudflare R2	S3-compatible storage for assets and OTA.
Secrets	Infisical	Centralized vault for all environments.

📊 Monitoring & Reliability

Prometheus/Grafana: Infrastructure health and error rates.
Sentry: Application-level tracing and crash reporting (Unified for Web/iOS/Android).
HPA: Automatic scaling from 1 to 100+ replicas based on real-time load.

🔄 Automated Lifecycle (CI/CD)​

🛡️ Security & Secret Injection​

🏗️ Request Lifecycle & Ingress​

🌐 Public Web Application​

🔒 Secure Internal Tools​

⛓️ Database Migrations (ArgoCD Hooks)​

💾 Data & Storage Layer​

📊 Monitoring & Reliability​