The blueprint includes a sample application that is named Cymbal Bank. Cymbal Bank demonstrates the best practices that are recommended for containerized applications. The Cymbal Bank application lets users create login accounts, sign in to their account, see their transaction history, make deposits, and transfer money to other users' accounts. Cymbal Bank services run as containers that connect to each other over REST APIs and gRPC APIs.
The following diagram shows the Cymbal Bank application that is deployed on the blueprint developer platform.
Each application is also a network service. Only the frontend application is exposed externally to the cluster through the GKE Gateway controller. All applications run as distributed services through the use of Cloud Service Mesh.
For more information about the services that are included in the Cymbal Bank application, see the Cymbal Bank repository on GitHub.
Cymbal Bank tenants
To provide separation between tenants, each tenant in the developer platform has one team scope and at least one fleet namespace. Tenants never share a namespace. To deploy Cymbal Bank, each tenant only needs one namespace. In more complex scenarios, a tenant can have several namespaces.
To illustrate how Cymbal Bank is deployed on the developer platform, this example assumes that there were three separate application development teams with different focus areas. The Terraform creates the following developer platform tenant for each of those teams:
frontend
tenant: A development team that focuses on the website and mobile application backends.accounts
tenant: A development team that focuses on customer data.ledger
tenant: A team that manages the ledger services.
Cymbal Bank apps
The Cymbal Bank application consists of six microservices: frontend,
ledgerwriter, balancereader, transactionhistory, userservice
, and contacts
.
Each microservice is mapped to an application within the tenant that owns it.
The following table describes the mapping of the teams, team scope, fleet namespace, and microservices for Cymbal Bank. For the purpose of this mapping, this example assumes that Cymbal Bank is developed by three separate application operator teams. Teams manage a varying number of services. Each team is assigned a team scope.
Team | Team scope | Fleet namespace | Application - Microservice | Kubernetes service account |
---|---|---|---|---|
Frontend team |
|
|
|
|
Ledger team |
|
|
|
|
|
||||
|
||||
Accounts team |
|
|
|
|
|
Cymbal Bank database structure
Cymbal Bank databases are deployed using
AlloyDB for PostgreSQL. The
databases are configured with a highly available primary instance in one region with
redundant nodes in different zones, and cross-region replicas
are used for disaster recovery. Cymbal Bank uses IAM database authentication
to allow services access to the databases. The databases are encrypted using
CMEK. Two
PostgreSQL databases are used: ledger-db
for the ledger, and accounts-db
for user accounts.
What's next
- Read about mapping BeyondProd security principles to the blueprint (next document in this series).