graph TB
%% 운영환경 네트워크 다이어그램
%% KT AI 기반 소상공인 이벤트 자동 생성 서비스 - 운영환경
%% 외부 영역
subgraph Internet["🌐 인터넷"]
Users["👥 소상공인 사용자
(1만~10만 명)"]
CDN["🌍 Azure Front Door
+ CDN Premium"]
end
%% Azure 클라우드 영역
subgraph AzureCloud["☁️ Azure Cloud (운영환경)"]
%% Virtual Network
subgraph VNet["🏢 Virtual Network (VNet)
주소 공간: 10.0.0.0/16"]
%% Gateway Subnet
subgraph GatewaySubnet["🚪 Gateway Subnet
10.0.4.0/24"]
subgraph AppGateway["🛡️ Application Gateway v2 + WAF"]
PublicIP["📍 Public IP
(고정, Zone-redundant)"]
PrivateIP["📍 Private IP
(10.0.4.10)"]
WAF["🛡️ WAF
(OWASP CRS 3.2)"]
RateLimiter["⏱️ Rate Limiting
(200 req/min/IP)"]
SSLTermination["🔒 SSL/TLS Termination
(TLS 1.3)"]
end
end
%% Application Subnet
subgraph AppSubnet["🎯 Application Subnet
10.0.1.0/24"]
%% AKS 클러스터
subgraph AKSCluster["⚙️ AKS Premium Cluster
(Multi-Zone, Auto-scaling)"]
%% System Node Pool
subgraph SystemNodes["🔧 System Node Pool
(Standard_D4s_v3)"]
SystemNode1["📦 System Node 1
(Zone 1, AZ1)"]
SystemNode2["📦 System Node 2
(Zone 2, AZ2)"]
SystemNode3["📦 System Node 3
(Zone 3, AZ3)"]
end
%% Application Node Pool
subgraph AppNodes["🚀 Application Node Pool
(Standard_D8s_v3)"]
AppNode1["📦 App Node 1
(Zone 1, AZ1)"]
AppNode2["📦 App Node 2
(Zone 2, AZ2)"]
AppNode3["📦 App Node 3
(Zone 3, AZ3)"]
AppNode4["📦 App Node 4
(Zone 1, AZ1)"]
AppNode5["📦 App Node 5
(Zone 2, AZ2)"]
end
%% Application Services (High Availability)
subgraph AppServices["🚀 Application Services"]
UserServiceHA["👤 User Service
(3 replicas, HPA 2-5)"]
EventServiceHA["🎪 Event Service
(3 replicas, HPA 2-6)"]
AIServiceHA["🤖 AI Service
(2 replicas, HPA 2-4)"]
ContentServiceHA["📝 Content Service
(2 replicas, HPA 2-4)"]
DistributionServiceHA["📤 Distribution Service
(2 replicas, HPA 2-4)"]
ParticipationServiceHA["🎯 Participation Service
(3 replicas, HPA 2-5)"]
AnalyticsServiceHA["📊 Analytics Service
(2 replicas, HPA 2-4)"]
end
%% Internal Load Balancer
subgraph InternalLB["⚖️ Internal Services
(ClusterIP)"]
UserServiceLB["user-service:8080"]
EventServiceLB["event-service:8080"]
AIServiceLB["ai-service:8080"]
ContentServiceLB["content-service:8080"]
DistributionServiceLB["distribution-service:8080"]
ParticipationServiceLB["participation-service:8080"]
AnalyticsServiceLB["analytics-service:8080"]
end
end
end
%% Database Subnet
subgraph DBSubnet["🗄️ Database Subnet
10.0.2.0/24
(Private, NSG Protected)"]
subgraph UserDB["🐘 User PostgreSQL
(Flexible Server)"]
UserDBPrimary["📊 Primary
(Zone 1)"]
UserDBReplica["📊 Read Replica
(Zone 2)"]
end
subgraph EventDB["🐘 Event PostgreSQL
(Flexible Server)"]
EventDBPrimary["📊 Primary
(Zone 1)"]
EventDBReplica["📊 Read Replica
(Zone 2)"]
end
subgraph AIDB["🐘 AI PostgreSQL
(Flexible Server)"]
AIDBPrimary["📊 Primary
(Zone 1)"]
AIDBReplica["📊 Read Replica
(Zone 2)"]
end
subgraph ContentDB["🐘 Content PostgreSQL
(Flexible Server)"]
ContentDBPrimary["📊 Primary
(Zone 1)"]
ContentDBReplica["📊 Read Replica
(Zone 2)"]
end
subgraph DistributionDB["🐘 Distribution PostgreSQL
(Flexible Server)"]
DistributionDBPrimary["📊 Primary
(Zone 1)"]
DistributionDBReplica["📊 Read Replica
(Zone 2)"]
end
subgraph ParticipationDB["🐘 Participation PostgreSQL
(Flexible Server)"]
ParticipationDBPrimary["📊 Primary
(Zone 1)"]
ParticipationDBReplica["📊 Read Replica
(Zone 2)"]
end
subgraph AnalyticsDB["🐘 Analytics PostgreSQL
(Flexible Server)"]
AnalyticsDBPrimary["📊 Primary
(Zone 1)"]
AnalyticsDBReplica["📊 Read Replica
(Zone 2)"]
end
DBBackup["💾 Automated Backup
(Geo-redundant, 35 days)"]
end
%% Cache Subnet
subgraph CacheSubnet["⚡ Cache Subnet
10.0.3.0/24
(Private, NSG Protected)"]
subgraph AzureRedis["🔴 Azure Cache for Redis Premium
(Clustered, 6GB)"]
RedisPrimary["⚡ Primary Node
(Zone 1)"]
RedisReplica1["⚡ Replica Node 1
(Zone 2)"]
RedisReplica2["⚡ Replica Node 2
(Zone 3)"]
RedisCluster["🔗 Redis Cluster
(3 shards, HA enabled)"]
end
end
%% Service Subnet
subgraph ServiceSubnet["📨 Service Subnet
10.0.5.0/24
(Private, NSG Protected)"]
subgraph ServiceBus["📨 Azure Service Bus Premium
(Zone-redundant)"]
ServiceBusNamespace["📮 Namespace
(sb-kt-event-prod)"]
subgraph QueuesHA["📬 Premium Message Queues"]
AIQueueHA["🤖 ai-event-generation
(Partitioned, 32GB)"]
ContentQueueHA["📝 content-generation
(Partitioned, 32GB)"]
DistributionQueueHA["📤 distribution
(Partitioned, 32GB)"]
NotificationQueueHA["🔔 notification
(Partitioned, 16GB)"]
AnalyticsQueueHA["📊 analytics
(Partitioned, 16GB)"]
end
end
end
%% Management Subnet
subgraph MgmtSubnet["🔧 Management Subnet
10.0.6.0/24
(Private)"]
subgraph Monitoring["📊 Monitoring & Logging"]
LogAnalytics["📋 Log Analytics
Workspace"]
AppInsights["📈 Application Insights
(7 instances)"]
Prometheus["🔍 Prometheus
(Managed)"]
Grafana["📊 Grafana
(Managed)"]
end
subgraph Security["🔐 Security Services"]
KeyVault["🔑 Azure Key Vault
(Premium)"]
Defender["🛡️ Azure Defender
for Cloud"]
end
end
end
%% Private Endpoints
subgraph PrivateEndpoints["🔒 Private Endpoints
(VNet Integration)"]
DBPrivateEndpoint["🔐 PostgreSQL
Private Endpoints (7)"]
RedisPrivateEndpoint["🔐 Redis
Private Endpoint"]
ServiceBusPrivateEndpoint["🔐 Service Bus
Private Endpoint"]
KeyVaultPrivateEndpoint["🔐 Key Vault
Private Endpoint"]
end
%% Private DNS Zones
subgraph PrivateDNS["🌐 Private DNS Zones"]
PostgreSQLDNS["privatelink.postgres.database.azure.com"]
RedisDNS["privatelink.redis.cache.windows.net"]
ServiceBusDNS["privatelink.servicebus.windows.net"]
KeyVaultDNS["privatelink.vaultcore.azure.net"]
end
end
%% 네트워크 연결 관계
%% 외부에서 Azure로의 접근
Users -->|"HTTPS 요청
(TLS 1.3)"| CDN
CDN -->|"글로벌 가속
(Anycast)"| PublicIP
%% Application Gateway 내부 흐름
PublicIP --> SSLTermination
SSLTermination --> WAF
WAF --> RateLimiter
RateLimiter --> PrivateIP
%% Application Gateway에서 AKS로 (Path-based Routing)
PrivateIP -->|"/api/users/**
NodePort 30080"| UserServiceLB
PrivateIP -->|"/api/events/**
NodePort 30081"| EventServiceLB
PrivateIP -->|"/api/ai/**
NodePort 30082"| AIServiceLB
PrivateIP -->|"/api/contents/**
NodePort 30083"| ContentServiceLB
PrivateIP -->|"/api/distribution/**
NodePort 30084"| DistributionServiceLB
PrivateIP -->|"/api/participation/**
NodePort 30085"| ParticipationServiceLB
PrivateIP -->|"/api/analytics/**
NodePort 30086"| AnalyticsServiceLB
%% Load Balancer에서 실제 서비스로
UserServiceLB -->|"고가용성 라우팅"| UserServiceHA
EventServiceLB -->|"고가용성 라우팅"| EventServiceHA
AIServiceLB -->|"고가용성 라우팅"| AIServiceHA
ContentServiceLB -->|"고가용성 라우팅"| ContentServiceHA
DistributionServiceLB -->|"고가용성 라우팅"| DistributionServiceHA
ParticipationServiceLB -->|"고가용성 라우팅"| ParticipationServiceHA
AnalyticsServiceLB -->|"고가용성 라우팅"| AnalyticsServiceHA
%% 서비스 배치 (Multi-Zone Distribution)
UserServiceHA -.->|"Pod 배치"| AppNode1
UserServiceHA -.->|"Pod 배치"| AppNode2
UserServiceHA -.->|"Pod 배치"| AppNode3
EventServiceHA -.->|"Pod 배치"| AppNode2
EventServiceHA -.->|"Pod 배치"| AppNode3
EventServiceHA -.->|"Pod 배치"| AppNode4
AIServiceHA -.->|"Pod 배치"| AppNode3
AIServiceHA -.->|"Pod 배치"| AppNode4
%% Application Services에서 Database로 (Private Link)
UserServiceHA -->|"Private Link
TCP:5432"| DBPrivateEndpoint
EventServiceHA -->|"Private Link
TCP:5432"| DBPrivateEndpoint
AIServiceHA -->|"Private Link
TCP:5432"| DBPrivateEndpoint
ContentServiceHA -->|"Private Link
TCP:5432"| DBPrivateEndpoint
DistributionServiceHA -->|"Private Link
TCP:5432"| DBPrivateEndpoint
ParticipationServiceHA -->|"Private Link
TCP:5432"| DBPrivateEndpoint
AnalyticsServiceHA -->|"Private Link
TCP:5432"| DBPrivateEndpoint
%% Private Endpoint에서 실제 DB로 (서비스별 전용 DB)
DBPrivateEndpoint --> UserDBPrimary
DBPrivateEndpoint --> UserDBReplica
DBPrivateEndpoint --> EventDBPrimary
DBPrivateEndpoint --> EventDBReplica
DBPrivateEndpoint --> AIDBPrimary
DBPrivateEndpoint --> AIDBReplica
DBPrivateEndpoint --> ContentDBPrimary
DBPrivateEndpoint --> ContentDBReplica
DBPrivateEndpoint --> DistributionDBPrimary
DBPrivateEndpoint --> DistributionDBReplica
DBPrivateEndpoint --> ParticipationDBPrimary
DBPrivateEndpoint --> ParticipationDBReplica
DBPrivateEndpoint --> AnalyticsDBPrimary
DBPrivateEndpoint --> AnalyticsDBReplica
%% Application Services에서 Cache로 (Private Link)
UserServiceHA -->|"Private Link
TCP:6379"| RedisPrivateEndpoint
EventServiceHA -->|"Private Link
TCP:6379"| RedisPrivateEndpoint
AIServiceHA -->|"Private Link
TCP:6379"| RedisPrivateEndpoint
ContentServiceHA -->|"Private Link
TCP:6379"| RedisPrivateEndpoint
DistributionServiceHA -->|"Private Link
TCP:6379"| RedisPrivateEndpoint
ParticipationServiceHA -->|"Private Link
TCP:6379"| RedisPrivateEndpoint
AnalyticsServiceHA -->|"Private Link
TCP:6379"| RedisPrivateEndpoint
%% Private Endpoint에서 Redis로
RedisPrivateEndpoint --> RedisPrimary
RedisPrivateEndpoint --> RedisReplica1
RedisPrivateEndpoint --> RedisReplica2
%% Redis High Availability
RedisPrimary -.->|"HA 동기화"| RedisReplica1
RedisPrimary -.->|"HA 동기화"| RedisReplica2
RedisPrimary -.->|"Cluster 구성"| RedisCluster
RedisReplica1 -.->|"Cluster 구성"| RedisCluster
RedisReplica2 -.->|"Cluster 구성"| RedisCluster
%% Database High Availability
UserDBPrimary -.->|"복제"| UserDBReplica
EventDBPrimary -.->|"복제"| EventDBReplica
AIDBPrimary -.->|"복제"| AIDBReplica
ContentDBPrimary -.->|"복제"| ContentDBReplica
DistributionDBPrimary -.->|"복제"| DistributionDBReplica
ParticipationDBPrimary -.->|"복제"| ParticipationDBReplica
AnalyticsDBPrimary -.->|"복제"| AnalyticsDBReplica
UserDBPrimary -.->|"자동 백업"| DBBackup
EventDBPrimary -.->|"자동 백업"| DBBackup
AIDBPrimary -.->|"자동 백업"| DBBackup
ContentDBPrimary -.->|"자동 백업"| DBBackup
DistributionDBPrimary -.->|"자동 백업"| DBBackup
ParticipationDBPrimary -.->|"자동 백업"| DBBackup
AnalyticsDBPrimary -.->|"자동 백업"| DBBackup
%% Service Bus 연결 (Private Link)
AIServiceHA -->|"Private Link
AMQP"| ServiceBusPrivateEndpoint
ContentServiceHA -->|"Private Link
AMQP"| ServiceBusPrivateEndpoint
DistributionServiceHA -->|"Private Link
AMQP"| ServiceBusPrivateEndpoint
ParticipationServiceHA -->|"Private Link
AMQP"| ServiceBusPrivateEndpoint
AnalyticsServiceHA -->|"Private Link
AMQP"| ServiceBusPrivateEndpoint
ServiceBusPrivateEndpoint --> ServiceBusNamespace
ServiceBusNamespace --> AIQueueHA
ServiceBusNamespace --> ContentQueueHA
ServiceBusNamespace --> DistributionQueueHA
ServiceBusNamespace --> NotificationQueueHA
ServiceBusNamespace --> AnalyticsQueueHA
%% Service Bus Queue 간 연계
AIQueueHA -.->|"메시지 전달"| ContentQueueHA
ContentQueueHA -.->|"메시지 전달"| DistributionQueueHA
DistributionQueueHA -.->|"메시지 전달"| NotificationQueueHA
ParticipationServiceHA -.->|"통계 수집"| AnalyticsQueueHA
%% Monitoring 연결
UserServiceHA -.->|"메트릭/로그"| AppInsights
EventServiceHA -.->|"메트릭/로그"| AppInsights
AIServiceHA -.->|"메트릭/로그"| AppInsights
ContentServiceHA -.->|"메트릭/로그"| AppInsights
DistributionServiceHA -.->|"메트릭/로그"| AppInsights
ParticipationServiceHA -.->|"메트릭/로그"| AppInsights
AnalyticsServiceHA -.->|"메트릭/로그"| AppInsights
AppInsights -.->|"집계"| LogAnalytics
Prometheus -.->|"시각화"| Grafana
AKSCluster -.->|"메트릭"| Prometheus
%% Security 연결
UserServiceHA -->|"Private Link
HTTPS"| KeyVaultPrivateEndpoint
EventServiceHA -->|"Private Link
HTTPS"| KeyVaultPrivateEndpoint
AIServiceHA -->|"Private Link
HTTPS"| KeyVaultPrivateEndpoint
ContentServiceHA -->|"Private Link
HTTPS"| KeyVaultPrivateEndpoint
DistributionServiceHA -->|"Private Link
HTTPS"| KeyVaultPrivateEndpoint
ParticipationServiceHA -->|"Private Link
HTTPS"| KeyVaultPrivateEndpoint
AnalyticsServiceHA -->|"Private Link
HTTPS"| KeyVaultPrivateEndpoint
KeyVaultPrivateEndpoint --> KeyVault
Defender -.->|"보안 모니터링"| AKSCluster
Defender -.->|"보안 모니터링"| DBSubnet
Defender -.->|"보안 모니터링"| CacheSubnet
%% Private DNS Resolution
DBPrivateEndpoint -.->|"DNS 해석"| PostgreSQLDNS
RedisPrivateEndpoint -.->|"DNS 해석"| RedisDNS
ServiceBusPrivateEndpoint -.->|"DNS 해석"| ServiceBusDNS
KeyVaultPrivateEndpoint -.->|"DNS 해석"| KeyVaultDNS
%% NSG Rules (방화벽 규칙)
GatewaySubnet -.->|"NSG: 443 허용"| AppSubnet
AppSubnet -.->|"NSG: 5432 허용"| DBSubnet
AppSubnet -.->|"NSG: 6379 허용"| CacheSubnet
AppSubnet -.->|"NSG: 5671-5672 허용"| ServiceSubnet
%% 스타일 정의
classDef azureStyle fill:#0078D4,stroke:#fff,stroke-width:2px,color:#fff
classDef k8sStyle fill:#326CE5,stroke:#fff,stroke-width:2px,color:#fff
classDef appStyle fill:#28A745,stroke:#fff,stroke-width:2px,color:#fff
classDef dbStyle fill:#DC3545,stroke:#fff,stroke-width:2px,color:#fff
classDef cacheStyle fill:#FF6B35,stroke:#fff,stroke-width:2px,color:#fff
classDef serviceStyle fill:#6610F2,stroke:#fff,stroke-width:2px,color:#fff
classDef queueStyle fill:#FD7E14,stroke:#fff,stroke-width:2px,color:#fff
classDef securityStyle fill:#E83E8C,stroke:#fff,stroke-width:2px,color:#fff
classDef haStyle fill:#20C997,stroke:#fff,stroke-width:2px,color:#fff
classDef monitoringStyle fill:#17A2B8,stroke:#fff,stroke-width:2px,color:#fff
classDef dnsStyle fill:#6C757D,stroke:#fff,stroke-width:2px,color:#fff
%% 스타일 적용
class AzureCloud,VNet azureStyle
class AKSCluster,AppSubnet,SystemNodes,AppNodes k8sStyle
class AppServices,UserServiceHA,EventServiceHA,AIServiceHA,ContentServiceHA,DistributionServiceHA,ParticipationServiceHA,AnalyticsServiceHA appStyle
class DBSubnet,UserDB,EventDB,AIDB,ContentDB,DistributionDB,ParticipationDB,AnalyticsDB,UserDBPrimary,EventDBPrimary,AIDBPrimary,ContentDBPrimary,DistributionDBPrimary,ParticipationDBPrimary,AnalyticsDBPrimary,UserDBReplica,EventDBReplica,AIDBReplica,ContentDBReplica,DistributionDBReplica,ParticipationDBReplica,AnalyticsDBReplica,DBBackup dbStyle
class CacheSubnet,AzureRedis,RedisPrimary,RedisReplica1,RedisReplica2,RedisCluster cacheStyle
class InternalLB,UserServiceLB,EventServiceLB,AIServiceLB,ContentServiceLB,DistributionServiceLB,ParticipationServiceLB,AnalyticsServiceLB serviceStyle
class ServiceSubnet,ServiceBus,ServiceBusNamespace,QueuesHA,AIQueueHA,ContentQueueHA,DistributionQueueHA,NotificationQueueHA,AnalyticsQueueHA queueStyle
class AppGateway,WAF,RateLimiter,SSLTermination,PrivateEndpoints,DBPrivateEndpoint,RedisPrivateEndpoint,ServiceBusPrivateEndpoint,KeyVaultPrivateEndpoint,Security,KeyVault,Defender securityStyle
class CDN,SystemNode1,SystemNode2,SystemNode3,AppNode1,AppNode2,AppNode3,AppNode4,AppNode5 haStyle
class MgmtSubnet,Monitoring,LogAnalytics,AppInsights,Prometheus,Grafana monitoringStyle
class PrivateDNS,PostgreSQLDNS,RedisDNS,ServiceBusDNS,KeyVaultDNS dnsStyle