Microtec DevOps

Appearance

Backend Services

Microtec ERP backend is composed of 13 services deployed on Azure Container Apps (ACA). All services are built on .NET 8 following Clean Architecture with CQRS. One service (Keycloak) runs on Java.

Service Roster

#ServiceCAE PlacementCPU / RAMPurpose
1Gateway.APIPublic CAE0.25 CPU / 0.5 GiYARP reverse proxy — routes 10 downstream clusters, internet-facing entry point
2AppsPortal.ApisPrivate CAE0.5 CPU / 1 GiCore ERP module — accounting, sales, finance, purchase; CQRS-based business logic
3Inventory.ApisPrivate CAE0.5 CPU / 1 GiStock and warehouse management
4BusinessOwners.ApisPrivate CAE0.5 CPU / 1 GiMulti-tenant management — tenant provisioning, subscriptions, licensing
5BusinessOwners.AdminPortalPrivate CAE0.5 CPU / 1 GiBlazor admin portal — includes Hangfire scheduler and DB backup jobs
6Hr.Personnel.ApisPrivate CAE0.5 CPU / 1 GiHuman resources — external repo MicrotecHR / Microtec.Hr.Personnel.sln
7Integration.ApisPrivate CAE0.25 CPU / 0.5 GiZATCA Saudi e-invoicing compliance
8Attachment.ApisPrivate CAE0.25 CPU / 0.5 GiAzure Blob / File Storage management
9Notification.ApisPrivate CAE0.25 CPU / 0.5 GiEmail, SMS and push notifications
10Workflows.ApisPrivate CAE0.5 CPU / 1 GiBusiness workflow engine — external repo WorkflowDesigner
11KeycloakPublic CAE1 CPU / 2 GiSSO identity provider (Java, not .NET)
12Template.BlazorPrivate CAE0.25 CPU / 0.5 GiReporting templates — uses Microtec.Reporting NuGet
13Platforms.WorkerPrivate CAE0.25 CPU / 0.5 GiBackground jobs (Hangfire)

CAE Placement Summary

Public CAE services

These services are exposed to the internet via Azure Container App Environment ingress:

  • Gateway.API — the primary entry point for all ERP and BO tenant traffic.
  • Keycloak — SSO login pages and token endpoints must be reachable by browsers.

Private CAE services

All other services run inside the VNet and are reachable only from within the Container Apps environment via internal DNS (*.internal.<env>.azurecontainerapps.io). mTLS is enabled between services.

Source Code Locations

ServiceRepository / Path
Gateway.APIPlatforms/Src/Gateway/Gateway.Yarp/
AppsPortal.ApisPlatforms/Src/AppsPortal/Accounting/AppsPortal.Apis/
Inventory.ApisPlatforms/Src/AppsPortal/Inventory/Inventory.Apis/
BusinessOwners.ApisPlatforms/Src/BusinessOwners/BusinessOwners.Apis/
BusinessOwners.AdminPortalPlatforms/Src/BusinessOwners/BsuinessOwners.AdminPortal/
Hr.Personnel.ApisExternal repo: MicrotecHR/ — see HR Service
Integration.ApisPlatforms/Src/InfrastructureServices/Integration/Integration.Apis/
Attachment.ApisPlatforms/Src/InfrastructureServices/Attachment/Attachment.Apis/
Notification.ApisPlatforms/Src/InfrastructureServices/Notification/Notification.Apis/
Workflows.ApisExternal repo: WorkflowDesigner/
KeycloakExternal repo: KeycloakProviders/ (custom Java extensions)
Template.BlazorPlatforms/Src/InfrastructureServices/Reporting/
Platforms.WorkerPlatforms/Src/ (Hangfire host)

Shared NuGet Packages

All .NET services consume shared infrastructure from a private Azure DevOps NuGet feed:

PackagePurpose
Microtec.DomainCore interfaces, base classes, DTOs
Microtec.PersistenceEF Core, repositories, caching
Microtec.Web.CoreAuth, middleware, filters
Microtec.Web.HostingHosting extensions and startup helpers
Microtec.ContractsShared cross-service contracts
Microtec.MessagingAzure Service Bus messaging
Microtec.ReportingReport generation (used by Template.Blazor)
Microtec.Zatca.IntegrationSaudi e-invoicing (used by Integration.Apis)
Microtec.KeycloakKeycloak identity provider integration

NuGet Authentication

A PAT is required to restore packages. See Platforms/Solution Items/NUGET-SETUP.md for setup instructions. Dockerfiles use --mount=type=secret,id=nuget_pat; pipelines use $(System.AccessToken).

Internal Documentation — Microtec Platform Team