Platform Deployment

VENI-AI is a Cloud-Native platform. Every component is containerized and orchestrated using Kubernetes (K8s), following the principles of independent deployment for each Self-Contained System (SCS).

☸️ Kubernetes Architecture

The platform is deployed as a federation of services. The Shell acts as the orchestrator, while Satellites run as independent vertical slices.

🏗️ 1. Containerization Strategy

Every application (API and UI) is packaged as a Docker image.

Multi-Stage Builds: We use oven/bun:1-alpine for the final runtime to minimize image size and security surface area.
Runtime Environment: We use the env-config.js pattern for UIs. Variables like VITE_API_URL are not baked into the build; they are injected via a docker-entrypoint.sh script at container startup based on K8s environment variables.

🧩 2. Kustomize Management

We use Kustomize to manage environment-specific configurations (Dev, UAT, Prod) without duplicating manifests.

Directory	Purpose
`base/`	Standard deployments, services, and service accounts.
`overlays/dev/`	Low-resource limits, local Registry, `LoadBalancer` for easier access.
`overlays/prod/`	High availability (replicas > 2), horizontal pod autoscaling, and TLS certificates.

🚀 3. CI/CD Lifecycle

Our deployment pipeline is fully automated via GitHub Actions.

Continuous Integration: On every PR, we run linting, unit tests, and build checks.
Image Promotion:
- Pushes to develop trigger a build and push to the Dev Registry with the :dev-latest tag.
- Git tags (e.g., v1.2.0) trigger a build and push to the Production Registry.
GitOps Deployment: The pipeline updates the image tag in the corresponding Kustomize overlay and runs kubectl apply -k.

🔄 4. Database Lifecycle in K8s

To maintain SCS autonomy, schema migrations must run alongside code updates.

The InitContainer Pattern

Every API deployment includes an initContainer that runs the Drizzle migration script. The main application container will only start if the migration succeeds.

yaml

# Simplified Deployment Spec
spec:
  initContainers:
    - name: db-migrate
      image: veni-api-image:v1.2.0
      command: ["bun", "run", "dist/scripts/migrate.js"]
      envFrom:
        - secretRef: { name: db-credentials }

📡 5. Ingress & Global Routing

The Nginx Ingress Controller is the entry point. It handles:

SSL/TLS Termination: Using Cert-Manager for Let's Encrypt certificates.
Path/Host Routing: Routing api.veni.ai/auth/* to the Shell and api.veni.ai/hrm/* to the HRM Satellite.
CORS Policies: Enabling cross-origin requests required for Module Federation.

Monitoring

All K8s deployments are monitored via Prometheus and Loki. Refer to the Core Services page for more details.

Platform Deployment ​

☸️ Kubernetes Architecture ​

🏗️ 1. Containerization Strategy ​

🧩 2. Kustomize Management ​

🚀 3. CI/CD Lifecycle ​

🔄 4. Database Lifecycle in K8s ​

The InitContainer Pattern ​

📡 5. Ingress & Global Routing ​