Production Deployment
Deploy Placino to production with high availability, security hardening, and monitoring in place.
Deployment Options
Docker Compose (Small)
Single-node deployment. Up to 100 concurrent users. Recommended for testing and small pilots.
Kubernetes (Large Scale)
Multi-node HA setup with auto-scaling. 1000+ concurrent users. Recommended for enterprise.
Kubernetes Deployment
Deploy to Kubernetes cluster (AWS EKS, Google GKE, Azure AKS, or self-managed):
1. Cluster Prerequisites
2. Create Namespace
3. Store Secrets
--from-literal=encryption_key=$ENCRYPTION_KEY \
--from-literal=db_password=your_postgres_password
4. Deploy Helm Chart
--namespace placino \
--values values-prod.yaml
Helm Chart Configuration
Key values in values-prod.yaml:
High Availability Setup
API Layer
Deploy 3+ replicas of core-api behind load balancer. Kubernetes automatically distributes requests. Health checks every 5 seconds.
Database Replication
PostgreSQL with 3-node synchronous replication. At least 2 replicas must acknowledge writes before commit. Automatic failover via Patroni.
Redis Cluster
6-node Redis cluster (3 primary, 3 replica). Automatic shard rebalancing. Cluster mode persistence enabled.
TLS/SSL
All services communicate over TLS. Certificates managed by cert-manager. Auto-renewal 30 days before expiry.
Security Hardening
Network Policies
Restrict pod-to-pod communication. Only API service exposed externally.
Resource Limits
Set CPU and memory requests/limits on all pods. Prevent resource contention and noisy neighbor issues.
RBAC
Implement least-privilege Kubernetes RBAC. Placino pods run with minimal permissions. Service accounts scoped per namespace.
Pod Security Policy
Enforce: no root containers, read-only root filesystem, no privileged mode, no host networking.
Encryption Key Management
Store encryption keys in AWS KMS, Google Cloud KMS, or Azure Key Vault. Never store in etcd or ConfigMaps. Rotate keys every 90 days.
Monitoring & Observability
Prometheus Metrics
All microservices expose Prometheus metrics on /metrics. Scrape interval: 30 seconds. Retention: 15 days.
Grafana Dashboards
Pre-built dashboards for: Query latency, Privacy budget consumption, Ingestion throughput, Database replication lag, Redis cluster health.
Alerting Rules
Critical alerts: API unavailable, DB replication lag >10s, encryption key rotation failed, quota exceeded. Sent to Slack/PagerDuty.
Logging
Structured JSON logs shipped to ELK/Datadog. Log levels: DEBUG, INFO (default), WARN, ERROR. Audit logs separate with immutable Merkle-chain.
Scaling Strategies
Horizontal Pod Autoscaling
--min=3 --max=10 \
--cpu-percent=70
Scale from 3 to 10 replicas based on CPU usage. Average target: 70%.
Database Scaling
PostgreSQL read replicas for query-heavy workloads. Separate schema node (smaller) from data nodes. Connection pooling via PgBouncer.
Cost Optimization
Use spot instances for stateless services (query processors). Reserved instances for databases. Enable cluster autoscaler on node pools.
Backup & Disaster Recovery
Database Backups
Automated daily backups of PostgreSQL via pg_dump. Stored in S3 with cross-region replication. Test restore monthly.
RTO & RPO
RTO (Recovery Time Objective): <1 hour via Kubernetes failover. RPO (Recovery Point Objective): <15 minutes via streaming replication.
Disaster Recovery Plan
Documented playbook for: Total cluster failure, Database corruption, Encryption key loss, Ransomware attack. Test quarterly.
Verification & Testing
Post-deployment validation: