Azure Infrastructure
CORTEX is designed to run on Microsoft Azure with managed services for reliability and scalability.
Infrastructure Overview
┌─────────────────────────────────────────────────────────────┐
│ Azure Subscription │
│ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ Resource Group: cortex-prod │ │
│ │ │ │
│ │ ┌─────────────────┐ ┌─────────────────┐ │ │
│ │ │ Container App │ │ Container App │ │ │
│ │ │ (cortex-core) │ │ (cortex-web) │ │ │
│ │ └────────┬────────┘ └────────┬────────┘ │ │
│ │ │ │ │ │
│ │ └──────────┬───────────┘ │ │
│ │ │ │ │
│ │ ┌──────────▼───────────┐ │ │
│ │ │ Azure Load │ │ │
│ │ │ Balancer │ │ │
│ │ └──────────────────────┘ │ │
│ │ │ │
│ │ ┌─────────────────┐ ┌─────────────────┐ │ │
│ │ │ PostgreSQL │ │ Redis Cache │ │ │
│ │ │ Flexible │ │ │ │ │
│ │ │ Server │ │ │ │ │
│ │ └─────────────────┘ └─────────────────┘ │ │
│ │ │ │
│ │ ┌─────────────────┐ ┌─────────────────┐ │ │
│ │ │ Key Vault │ │ Storage │ │ │
│ │ │ │ │ Account │ │ │
│ │ └─────────────────┘ └─────────────────┘ │ │
│ └──────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────┘
Azure Services Used
| Service | SKU | Purpose |
|---|---|---|
| Container Apps | Consumption | Application hosting |
| PostgreSQL Flexible | Burstable B1ms | Primary database |
| Cache for Redis | Basic C0 | Caching, sessions |
| Key Vault | Standard | Secrets management |
| Storage Account | Standard LRS | Static assets, backups |
| Application Insights | - | Monitoring, tracing |
| Log Analytics | - | Centralized logging |
Terraform Structure
infra/terraform/
├── modules/
│ ├── networking/ # VNet, subnets, NSGs
│ ├── database/ # PostgreSQL setup
│ ├── redis/ # Redis cache
│ ├── container-apps/ # Container App environment
│ └── monitoring/ # App Insights, Log Analytics
├── environments/
│ ├── dev/
│ │ ├── main.tf
│ │ └── terraform.tfvars
│ ├── staging/
│ └── prod/
└── shared/
└── backend.tf # State storage config
Resource Naming Convention
{app}-{env}-{resource}-{region}
Examples:
cortex-prod-db-eastus
cortex-staging-redis-eastus
cortex-dev-kv-eastus
Network Architecture
Virtual Network: cortex-vnet (10.0.0.0/16)
├── Subnet: container-apps (10.0.1.0/24)
│ └── Container Apps Environment
├── Subnet: database (10.0.2.0/24)
│ └── PostgreSQL (private endpoint)
├── Subnet: redis (10.0.3.0/24)
│ └── Redis Cache (private endpoint)
└── Subnet: management (10.0.4.0/24)
└── Bastion, jump boxes
Security Configuration
Network Security
- Private endpoints for database and cache
- VNet integration for Container Apps
- NSG rules restricting traffic
Identity & Access
- Managed Identity for Container Apps
- RBAC for Azure resources
- Key Vault for secrets
Environment Variables
Set via Container Apps configuration:
# Database
DATABASE_URL=postgresql://user:pass@host:5432/cortex
# Redis
REDIS_URL=redis://host:6380
# JWT (from Key Vault)
JWT_SECRET=@Microsoft.KeyVault(...)
JWT_REFRESH_SECRET=@Microsoft.KeyVault(...)
Scaling Configuration
Container Apps
# Horizontal scaling
minReplicas: 1
maxReplicas: 10
rules:
- name: http-scaling
http:
metadata:
concurrentRequests: "100"
Database
SKU: Burstable B1ms (dev) → General Purpose (prod)
Storage: 32GB → Auto-grow enabled
Backups: 7 days retention
Deployment Commands
# Initialize Terraform
cd infra/terraform/environments/prod
terraform init
# Plan changes
terraform plan -out=tfplan
# Apply changes
terraform apply tfplan
# Destroy (caution!)
terraform destroy