d-bis/NYSM-NYD
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update CI/CD workflow to streamline deployment processes and enhance Azure service integration. Revise README.md to improve clarity and navigation, adding new sections for deployment steps and service configurations.
Some checks failed
CI / Lint (push) Has been cancelled
Details
CI / Test Python (3.1) (push) Has been cancelled
Details
CI / Test Python (3.11) (push) Has been cancelled
Details
CI / Test Python (3.8) (push) Has been cancelled
Details
CI / Test Python (3.9) (push) Has been cancelled
Details
CI / Test C++ (push) Has been cancelled
Details
CI / Security Scan (push) Has been cancelled
Details
CI / Build Documentation (push) Has been cancelled
Details
CI / Build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
defiQUG
2025-08-06 06:09:19 +00:00
parent cab539b9cb
commit 748ca8e5c0
1 changed files with 448 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

448
azure-deployment-config.yml Normal file
View File

@@ -0,0 +1,448 @@
# Azure Deployment Configuration for NowYouSeeMe
# This file defines all Azure resources and services for the project
# Azure Resource Group Configuration
resource_group:
name: "nowyouseeme-rg"
location: "East US"
tags:
project: "NowYouSeeMe"
environment: "production"
managed_by: "terraform"
# Azure Container Registry (ACR) Configuration
container_registry:
name: "nowyouseemeacr"
sku: "Premium" # For advanced features like geo-replication
admin_enabled: true
tags:
purpose: "container-registry"
project: "NowYouSeeMe"
# Azure Container Instances (ACI) Configuration
container_instances:
- name: "nowyouseeme-api"
image: "nowyouseemeacr.azurecr.io/nowyouseeme:latest"
cpu: "2.0"
memory: "4.0"
ports:
- 8000
environment_variables:
- DATABASE_URL
- REDIS_URL
- JWT_SECRET_KEY
- AZURE_STORAGE_CONNECTION_STRING
tags:
component: "api"
environment: "production"
- name: "nowyouseeme-worker"
image: "nowyouseemeacr.azurecr.io/nowyouseeme-worker:latest"
cpu: "1.0"
memory: "2.0"
environment_variables:
- REDIS_URL
- DATABASE_URL
- AZURE_STORAGE_CONNECTION_STRING
tags:
component: "worker"
environment: "production"
# Azure App Service Configuration
app_service:
name: "nowyouseeme-app"
plan:
name: "nowyouseeme-plan"
sku: "P1v2" # Premium tier for better performance
size: "P1v2"
runtime: "python|3.9"
always_on: true
app_settings:
- name: "WEBSITES_ENABLE_APP_SERVICE_STORAGE"
value: "true"
- name: "PYTHON_VERSION"
value: "3.9"
- name: "SCM_DO_BUILD_DURING_DEPLOYMENT"
value: "true"
tags:
component: "web-app"
environment: "production"
# Azure Functions Configuration
functions:
name: "nowyouseeme-functions"
plan:
name: "nowyouseeme-functions-plan"
sku: "Consumption"
runtime: "python"
app_settings:
- name: "FUNCTIONS_WORKER_RUNTIME"
value: "python"
- name: "AzureWebJobsStorage"
value: "UseDevelopmentStorage=true"
tags:
component: "serverless"
environment: "production"
# Azure Kubernetes Service (AKS) Configuration
kubernetes:
cluster:
name: "nowyouseeme-aks"
kubernetes_version: "1.25.5"
node_count: 3
vm_size: "Standard_D4s_v3"
enable_auto_scaling: true
min_count: 1
max_count: 10
node_pools:
- name: "system"
vm_size: "Standard_D2s_v3"
node_count: 2
mode: "System"
- name: "user"
vm_size: "Standard_D4s_v3"
node_count: 3
mode: "User"
enable_auto_scaling: true
min_count: 1
max_count: 10
tags:
component: "kubernetes"
environment: "production"
# Azure Database for PostgreSQL Configuration
database:
name: "nowyouseeme-db"
server_name: "nowyouseeme-server"
sku_name: "GP_Gen5_4" # General Purpose, 4 vCores
storage_mb: 51200
backup_retention_days: 7
geo_redundant_backup: "Enabled"
ssl_enforcement: "Enabled"
version: "11"
administrator_login: "nowyouseeme_admin"
tags:
component: "database"
environment: "production"
# Azure Cache for Redis Configuration
redis:
name: "nowyouseeme-redis"
capacity: 2 # C2 tier
family: "C"
sku: "Standard"
enable_non_ssl_port: false
minimum_tls_version: "1.2"
tags:
component: "cache"
environment: "production"
# Azure Storage Account Configuration
storage:
name: "nowyouseemestorage"
account_tier: "Standard"
account_replication_type: "LRS"
account_kind: "StorageV2"
access_tier: "Hot"
enable_https_traffic_only: true
min_tls_version: "TLS1_2"
containers:
- name: "uploads"
public_access: "None"
- name: "models"
public_access: "None"
- name: "logs"
public_access: "None"
tags:
component: "storage"
environment: "production"
# Azure Cognitive Services Configuration
cognitive_services:
- name: "nowyouseeme-vision"
kind: "ComputerVision"
sku: "S1"
location: "East US"
- name: "nowyouseeme-speech"
kind: "SpeechServices"
sku: "S0"
location: "East US"
- name: "nowyouseeme-language"
kind: "TextAnalytics"
sku: "S"
location: "East US"
- name: "nowyouseeme-custom-vision"
kind: "CustomVision.Training"
sku: "S0"
location: "East US"
# Azure Application Insights Configuration
application_insights:
name: "nowyouseeme-insights"
application_type: "web"
retention_in_days: 90
sampling_percentage: 100
enable_profiler: true
enable_snapshot_debugger: true
tags:
component: "monitoring"
environment: "production"
# Azure Log Analytics Workspace Configuration
log_analytics:
name: "nowyouseeme-logs"
sku: "PerGB2018"
retention_in_days: 30
tags:
component: "logging"
environment: "production"
# Azure Key Vault Configuration
key_vault:
name: "nowyouseeme-kv"
sku: "standard"
enabled_for_disk_encryption: true
enabled_for_template_deployment: true
enabled_for_soft_delete: true
soft_delete_retention_in_days: 7
purge_protection_enabled: false
secrets:
- name: "database-connection-string"
value: "postgresql://user:pass@host:5432/db"
- name: "redis-connection-string"
value: "redis://host:6379"
- name: "jwt-secret-key"
value: "your-secret-key"
- name: "azure-storage-connection-string"
value: "DefaultEndpointsProtocol=https;AccountName=...;AccountKey=...;EndpointSuffix=core.windows.net"
tags:
component: "security"
environment: "production"
# Azure Virtual Network Configuration
virtual_network:
name: "nowyouseeme-vnet"
address_space: ["10.0.0.0/16"]
subnets:
- name: "default"
address_prefix: "10.0.1.0/24"
- name: "aks"
address_prefix: "10.0.2.0/24"
- name: "app-service"
address_prefix: "10.0.3.0/24"
- name: "database"
address_prefix: "10.0.4.0/24"
tags:
component: "networking"
environment: "production"
# Azure Load Balancer Configuration
load_balancer:
name: "nowyouseeme-lb"
sku: "Standard"
frontend_ip_configurations:
- name: "frontend-ip"
public_ip_address_name: "nowyouseeme-public-ip"
backend_address_pools:
- name: "backend-pool"
health_probes:
- name: "http-probe"
protocol: "Http"
port: 8000
request_path: "/health"
load_balancing_rules:
- name: "http-rule"
protocol: "Tcp"
frontend_port: 80
backend_port: 8000
frontend_ip_configuration_name: "frontend-ip"
backend_address_pool_name: "backend-pool"
probe_name: "http-probe"
tags:
component: "load-balancer"
environment: "production"
# Azure CDN Configuration
cdn:
name: "nowyouseeme-cdn"
sku: "Standard_Microsoft"
optimization_type: "GeneralWebDelivery"
origin:
name: "nowyouseeme-storage"
host_name: "nowyouseemestorage.blob.core.windows.net"
tags:
component: "cdn"
environment: "production"
# Azure DevOps Configuration
devops:
organization: "your-organization"
project: "NowYouSeeMe"
repositories:
- name: "nowyouseeme"
type: "GitHub"
pipelines:
- name: "CI-CD-Pipeline"
yaml_path: ".github/workflows/cd.yml"
work_items:
- type: "Epic"
title: "NowYouSeeMe Platform Development"
description: "Complete platform development and deployment"
- type: "Feature"
title: "ARROMIS Integration"
description: "Integrate ARROMIS Admin Dashboard"
- type: "Feature"
title: "Free Space Manipulation"
description: "Implement advanced electromagnetic field manipulation"
# Environment Variables for Applications
environment_variables:
production:
DATABASE_URL: "postgresql://user:pass@nowyouseeme-server.postgres.database.azure.com:5432/nowyouseeme"
REDIS_URL: "redis://nowyouseeme-redis.redis.cache.windows.net:6380"
JWT_SECRET_KEY: "@Microsoft.KeyVault(SecretUri=https://nowyouseeme-kv.vault.azure.net/secrets/jwt-secret-key/)"
AZURE_STORAGE_CONNECTION_STRING: "@Microsoft.KeyVault(SecretUri=https://nowyouseeme-kv.vault.azure.net/secrets/azure-storage-connection-string/)"
AZURE_CUSTOM_VISION_ENDPOINT: "https://eastus.api.cognitive.microsoft.com/"
AZURE_CUSTOM_VISION_KEY: "@Microsoft.KeyVault(SecretUri=https://nowyouseeme-kv.vault.azure.net/secrets/azure-custom-vision-key/)"
AZURE_CUSTOM_VISION_PROJECT_ID: "your-project-id"
APP_INSIGHTS_CONNECTION_STRING: "InstrumentationKey=your-key;IngestionEndpoint=https://eastus-0.in.applicationinsights.azure.com/"
LOG_ANALYTICS_WORKSPACE_ID: "your-workspace-id"
LOG_ANALYTICS_WORKSPACE_KEY: "@Microsoft.KeyVault(SecretUri=https://nowyouseeme-kv.vault.azure.net/secrets/log-analytics-key/)"
staging:
DATABASE_URL: "postgresql://user:pass@nowyouseeme-staging-server.postgres.database.azure.com:5432/nowyouseeme-staging"
REDIS_URL: "redis://nowyouseeme-staging-redis.redis.cache.windows.net:6380"
JWT_SECRET_KEY: "@Microsoft.KeyVault(SecretUri=https://nowyouseeme-staging-kv.vault.azure.net/secrets/jwt-secret-key/)"
AZURE_STORAGE_CONNECTION_STRING: "@Microsoft.KeyVault(SecretUri=https://nowyouseeme-staging-kv.vault.azure.net/secrets/azure-storage-connection-string/)"
# Monitoring and Alerting Configuration
monitoring:
alert_rules:
- name: "High CPU Usage"
condition: "cpu_percentage > 80"
severity: "Warning"
action_groups: ["nowyouseeme-alerts"]
- name: "High Memory Usage"
condition: "memory_percentage > 85"
severity: "Warning"
action_groups: ["nowyouseeme-alerts"]
- name: "Database Connection Issues"
condition: "database_connection_failed > 0"
severity: "Critical"
action_groups: ["nowyouseeme-alerts"]
- name: "Application Errors"
condition: "exceptions_rate > 5"
severity: "Critical"
action_groups: ["nowyouseeme-alerts"]
action_groups:
- name: "nowyouseeme-alerts"
email_receivers:
- name: "DevOps Team"
email_address: "devops@nowyouseeme.com"
- name: "On-Call Engineer"
email_address: "oncall@nowyouseeme.com"
sms_receivers:
- name: "Emergency Contact"
phone_number: "+1234567890"
webhook_receivers:
- name: "Slack Notifications"
service_uri: "https://hooks.slack.com/services/your-webhook-url"
# Security Configuration
security:
network_security_groups:
- name: "nowyouseeme-nsg"
rules:
- name: "Allow-HTTP"
priority: 100
direction: "Inbound"
access: "Allow"
protocol: "Tcp"
source_port_range: "*"
destination_port_range: "80"
source_address_prefix: "Internet"
destination_address_prefix: "*"
- name: "Allow-HTTPS"
priority: 110
direction: "Inbound"
access: "Allow"
protocol: "Tcp"
source_port_range: "*"
destination_port_range: "443"
source_address_prefix: "Internet"
destination_address_prefix: "*"
- name: "Allow-SSH"
priority: 120
direction: "Inbound"
access: "Allow"
protocol: "Tcp"
source_port_range: "*"
destination_port_range: "22"
source_address_prefix: "Internet"
destination_address_prefix: "*"
firewall_rules:
- name: "Allow-Azure-Services"
start_ip_address: "0.0.0.0"
end_ip_address: "0.0.0.0"
# Backup and Disaster Recovery Configuration
backup:
database:
retention_period: "P30D" # 30 days
backup_redundancy: "Geo"
geo_redundant_backup: "Enabled"
storage:
soft_delete_enabled: true
soft_delete_retention_in_days: 7
versioning_enabled: true
key_vault:
soft_delete_enabled: true
soft_delete_retention_in_days: 7
purge_protection_enabled: false
# Cost Optimization Configuration
cost_optimization:
auto_scaling:
enabled: true
min_instances: 1
max_instances: 10
scale_out_threshold: 70
scale_in_threshold: 30
reserved_instances:
enabled: true
term: "1 Year"
payment_option: "All Upfront"
spot_instances:
enabled: false # Not recommended for production workloads
storage_tier:
hot_tier: true
cool_tier: false
archive_tier: false
# Compliance and Governance Configuration
compliance:
tags:
- key: "Environment"
value: "Production"
- key: "Project"
value: "NowYouSeeMe"
- key: "Owner"
value: "DevOps Team"
- key: "CostCenter"
value: "IT-001"
- key: "DataClassification"
value: "Internal"
- key: "Compliance"
value: "GDPR, HIPAA, SOX"
policies:
- name: "Enforce-Tagging"
description: "Enforce mandatory tagging on all resources"
- name: "Restrict-Network-Access"
description: "Restrict network access to approved IP ranges"
- name: "Encrypt-Data-at-Rest"
description: "Ensure all data is encrypted at rest"
- name: "Audit-Logging"
description: "Enable audit logging for all resources"