Documentation Index
Fetch the complete documentation index at: https://docs.gp.scale.com/llms.txt
Use this file to discover all available pages before exploring further.
Architecture Diagram
Resources by Type
Compute Resources
| Resource | Count | Purpose |
|---|
| AKS Cluster | 1 | Kubernetes orchestration |
| System Node Pool | 1 | System pods (fixed 3 nodes) |
| User Node Pool | 1 | Application workloads |
| GPU Node Pool | 0-1 | AI/ML workloads (optional) |
| Cassandra Pool | 0-1 | Temporal database (optional) |
Network Resources
| Resource | Count | Purpose |
|---|
| Virtual Network | 1 | Network boundary |
| Subnets | 4-5 | Network segmentation |
| NSGs | 4-5 | Traffic control |
| Route Tables | 3-4 | Traffic routing |
| Private DNS Zones | 7 | Internal name resolution |
| Private Endpoints | 7 | Secure PaaS access |
| Bastion Host | 0-1 | Secure VM access |
| Public IPs | 0-1 | Bastion endpoint |
Data & Storage Resources
| Resource | Count | Purpose |
|---|
| PostgreSQL Server | 1 | Relational database |
| Redis Cache | 1 | Distributed cache |
| Storage Account | 1 | Blob/File storage |
| AI Search Service | 0–1 | Full-text search (optional) |
| OpenAI Service | 0–1 | LLM models (optional) |
Security Resources
| Resource | Count | Purpose |
|---|
| Key Vault | 1 | Secrets management |
| Managed Identity | 1-2 | Service authentication |
| RBAC Role Assignments | 10+ | Access control |
Monitoring Resources
| Resource | Count | Purpose |
|---|
| Log Analytics Workspace | 1 | Centralized logging |
| Data Collection Rule | 1 | AKS metrics |
| Diagnostic Settings | 7+ | Resource logging |
| Datadog Connection | 0-1 | External monitoring |
Network Architecture
Address Space Planning
VNet: 10.0.0.0/16 (65,536 IPs)
├── AKS Subnet: 10.0.1.0/24 (256 IPs)
├── Bastion Subnet: 10.0.2.0/26 (64 IPs)
├── Database Subnet: 10.0.3.0/24 (256 IPs)
└── Private Endpoints: 10.0.4.0/25 (128 IPs)
Pod CIDR: 10.244.0.0/16 (65,536 IPs)
Service CIDR: 10.243.0.0/16 (65,536 IPs)
Traffic Flow
Egress (Internet):
Pods/VMs → NAT Gateway → Public IP → Internet
(Stateful, return traffic allowed)
Service IP → Load Balancer → Pod IP (via CNI)
AKS Pods → Private Endpoint → Private Link → PostgreSQL
(DNS: server.postgres.database.azure.com)
AKS Pods → API Gateway / Load Balancer → OpenAI / AI Search
(Via Private Endpoints)
AKS Configuration Deep Dive
API Server Access
Type: Private cluster (recommended)
Endpoint: Internal only
Access Method: Bastion host or VPN
DNS: k8s..azmk8s.io (private)
Network Policies
Engine: Azure Network Policy
Scope: Pod-to-pod communication
Default: Allow all (unrestricted)
Configuration: Define in Kubernetes manifests
Container Registry
Integration: Azure Container Registry (optional)
Authentication: Managed identity or pull secrets
Pulling: Private endpoint (optional)
Monitoring & Observability
Azure Monitor Agent: Deployed in kube-system
Metrics: CPU, Memory, Disk, Network
Logs: Container stdout/stderr, Kubernetes events
Dashboards: Pre-built in Log Analytics
