Cymbal Bank application architecture

Last reviewed 2023-12-20 UTC

The blueprint includes a sample application that is named Cymbal Bank. Cymbal Bank demonstrates the best practices that are recommended for containerized applications. The Cymbal Bank application lets users create login accounts, sign in to their account, see their transaction history, make deposits, and transfer money to other users' accounts. Cymbal Bank services run as containers that connect to each other over REST APIs and gRPC APIs.

The following diagram shows the Cymbal Bank application that is deployed on the blueprint developer platform.

Cymbal Bank architecture.

Each application is also a network service. Only the frontend application is exposed externally to the cluster through the GKE Gateway controller. All applications run as distributed services through the use of Anthos Service Mesh.

For more information about the services that are included in the Cymbal Bank application, see the Cymbal Bank repository on GitHub.

Cymbal Bank tenants

To provide separation between tenants, each tenant in the developer platform has one team scope and at least one fleet namespace. Tenants never share a namespace. To deploy Cymbal Bank, each tenant only needs one namespace. In more complex scenarios, a tenant can have several namespaces.

To illustrate how Cymbal Bank is deployed on the developer platform, this example assumes that there were three separate application development teams with different focus areas. The Terraform creates the following developer platform tenant for each of those teams:

  • frontend tenant: A development team that focuses on the website and mobile application backends.
  • accounts tenant: A development team that focuses on customer data.
  • transactions tenant: A team that manages the transaction services.

Cymbal Bank apps

The Cymbal Bank application consists of six microservices: frontend, ledgerwriter, balancereader, transactionhistory, userservice, and contacts. Each microservice is mapped to an application within the tenant that owns it.

The following table describes the mapping of the teams, team scope, fleet namespace, and microservices for Cymbal Bank. For the purpose of this mapping, this example assumes that Cymbal Bank is developed by three separate application operator teams. Teams manage a varying number of services. Each team is assigned a team scope.

Team Team scope Fleet namespace Application - Microservice Kubernetes service account

Frontend team





Transactions team









Accounts team







Cymbal Bank database structure

Cymbal Bank databases are deployed using AlloyDB for PostgreSQL. The databases are configured with a highly available primary instance in one region with redundant nodes in different zones, and cross-region replicas are used for disaster recovery. Cymbal Bank uses IAM database authentication to allow services access to the databases. The databases are encrypted using CMEK. Two PostgreSQL databases are used: ledger-db for transactions and accounts-db for user accounts.

What's next