Deployment

Target Architecture — Final-State Design

This page describes the final-state deployment model of the Observability & Feedback Platform. Infrastructure is provisioned with Pulumi; delivery follows the factory's GitOps pipeline on Azure DevOps.

The platform deploys as a set of independently scalable .NET 10 services and workers. Transactional services run on AKS / Azure Container Apps; high-volume ingestion workers run on Azure Functions (consumption/elastic premium) so they scale to telemetry volume and to zero when idle. The telemetry backplane (Application Insights, Log Analytics) and stores (Azure SQL / PostgreSQL, Azure Blob) are managed Azure services.

Runtime Model

Component	Host	Why
TraceService, LogQueryService, MetricAggregationService (API)	AKS / Container Apps	Always-on query APIs; HPA on request load.
DashboardService, AlertRuleService, IncidentService, FeedbackService, QualityScoreService, CostTelemetryService	AKS / Container Apps	Transactional APIs; modest, steady scale.
SloService, TelemetryCorrelationService	AKS / Container Apps	Internal event-driven services.
TraceIngestionWorker, MetricAggregationWorker	Azure Functions (Elastic Premium)	Bursty, high-volume; scale on queue depth / schedule.
AlertEvaluationWorker, IncidentAnalysisWorker, FeedbackCreationWorker, QualityScoreWorker, CostAnomalyWorker, TelemetryCorrelationWorker	AKS / Container Apps (hosted services) or Functions	Event-/schedule-driven; scale on subscription backlog.
Application Insights, Log Analytics	Managed Azure	Telemetry backplane.
Azure SQL / PostgreSQL, Azure Blob, Service Bus, Key Vault	Managed Azure	Stores, messaging, secrets.

Deployment Topology Diagram

flowchart TB
    subgraph Ingress["Ingress"]
        GW["API Gateway"]
        Studio["Factory Studio (Blazor)"]
    end

    subgraph AKS["AKS / Container Apps"]
        APIs["Query &amp; Transactional Services<br/>Trace, LogQuery, Metric, Dashboard,<br/>Alert, Incident, Feedback, Quality, Cost"]
        Internal["SloService, TelemetryCorrelationService"]
        Reactors["Reaction workers<br/>Alert, Incident, Feedback, Quality, Cost, Correlation"]
    end

    subgraph Functions["Azure Functions"]
        Ingest["TraceIngestionWorker<br/>MetricAggregationWorker"]
    end

    subgraph Managed["Managed Azure services"]
        AI[("Application Insights")]
        LA[("Log Analytics")]
        SQL[("Azure SQL / PostgreSQL")]
        Blob[("Azure Blob")]
        SB["Azure Service Bus"]
        KV["Azure Key Vault"]
    end

    Studio --> GW
    GW --> APIs
    Runtime["Runtime &amp; Agents"] -->|OTLP| Ingest
    Ingest --> AI
    Ingest --> LA
    APIs --> AI
    APIs --> LA
    APIs --> SQL
    APIs --> Blob
    APIs --> SB
    Internal --> SB
    Reactors --> SB
    Reactors --> SQL
    APIs --> KV
    Ingest --> KV

Hold "Alt" / "Option" to enable pan & zoom

Scaling

• Ingestion — TraceIngestionWorker and MetricAggregationWorker scale on Service Bus queue depth and schedule concurrency; Elastic Premium plans keep warm instances for low-latency ingest while scaling out under burst.
• Query APIs — TraceService, LogQueryService, MetricAggregationService scale horizontally via Kubernetes HPA on CPU and request concurrency.
• Reaction workers — scale on subscription backlog; idempotency makes scale-out safe (no duplicate incidents/feedback).
• Stores — Azure SQL/PostgreSQL scale via tier/replica; Log Analytics and App Insights scale as managed services with per-tenant ingestion quotas to prevent noisy-neighbour effects.

Configuration

• Per-environment. development, staging, production are distinct deployments with distinct telemetry workspaces and ingestion keys; environment is a required dimension on all telemetry.
• Options pattern. Services follow the ConnectSoft Options layering; configuration is injected via environment/app config, never hard-coded.
• Tenant config. Retention windows, ingestion quotas, escalation routing, and cost thresholds are tenant-scoped configuration.

Secrets

• All secrets (DB connection strings, ingestion keys, signing material) are in Azure Key Vault, accessed via workload managed identity — no secrets in images or config files. See Security.

Health

• Liveness/readiness probes on every service (AKS/Container Apps) gate traffic and rollout.
• Function health monitored via App Insights availability and queue-lag metrics.
• Self-monitoring. Deployment health is itself observed by the platform's own dashboards and alerts (see Observability) — including loop latency from TraceRecorded to FeedbackItemCreated.
• Migrations. Relational schema changes ship via DatabaseModel.Migrations as part of the GitOps pipeline, gated by health checks before traffic shift.

Infrastructure as Code

• Infrastructure (AKS, Container Apps, Functions, App Insights, Log Analytics, Azure SQL/PostgreSQL, Blob, Service Bus, Key Vault) is provisioned with Pulumi, versioned in Azure DevOps Git, and applied through the factory's GitOps delivery pipeline. Environments are reproducible and drift-detected.

Related Pages

• Microservices
• Workers
• Storage
• Observability
• Security
• Runtime & Cloud Overview