Microtec DevOps

Appearance

Environments Overview

Microtec ERP operates across five isolated Azure environments. Each environment has its own VNet, Azure Container Apps environment, Key Vault, ACR, and domain. There is no VNet peering between environments — full isolation is enforced at the network layer.

Environment Comparison Table

EnvironmentVNet CIDRKey VaultDomainAuto-deployPurpose
dev10.0.0.0/16mic-erp-be-dev-skvmicrotec-test.comYesDevelopment and feature testing
stage10.1.0.0/16mic-erp-stg-kvmicrotecstage.comYesIntegration and QA
preprod10.6.0.0/16mic-erp-be-preprod-skv(preprod domain)YesPre-production validation
uat10.5.0.0/16mic-erp-uat-kvmicrotec-uat.comYesUser acceptance testing
production10.2.0.0/16(production KV)onlinemicrotec.com.saApproval requiredLive customer environment

Critical: The preprod VNet is 10.6.0.0/16, not 10.3.0.0/16. Some older documents incorrectly show 10.3 — always use 10.6 for preprod. See preprod.md for details.

Deployment Flow 

Developer pushes code


┌──────────────┐
│   dev env    │  ← Auto-deploy on merge to main/master
│ microtec-test│
└──────┬───────┘


┌──────────────┐
│  stage env   │  ← Auto-deploy on merge to stage branch
│microtecstage │
└──────┬───────┘


┌──────────────┐
│ preprod env  │  ← Auto-deploy on merge to preprod branch
│ (validation) │
└──────┬───────┘


┌──────────────┐
│   uat env    │  ← Auto-deploy on merge to uat branch
│microtec-qual │
└──────┬───────┘
       │ Manual approval gate

┌──────────────┐
│ production   │  ← Approval required; deployment window enforced
│onlinemicrotec│
└──────────────┘

Branch → Environment Mapping

The pipeline uses a condition-based branch mapping defined in Devops/azure/templates/containerBackend/deploy/deploy-services.yml:

Branch PatternEnvironmentNotes
main, master, productionProductionRequires approval
stage, stagingStageAuto-deploy
PreProd, preprodPreProdAuto-deploy
uatUATAuto-deploy
All othersDevAuto-deploy

Resource Naming by Environment

All resources follow the naming convention from MEMORY.md:

Resource TypePatternDev ExampleProd Example
Resource Group (BE)mic-erp-be-{env}-{purpose}-rgmic-erp-be-dev-network-rgmic-erp-be-production-network-rg
Resource Group (FE)mic-erp-fr-{env}-{purpose}-rgmic-erp-fr-dev-app-rgmic-erp-fr-production-app-rg
ACRmicerpbe{env}acr (no dashes)micerpbedevacrmicerpbeproductionacr
Storage (FE)micerpfr{env}sa (no dashes)micerpfrdevsamicerpfrproductionsa
Key VaultInconsistent — use actual live namesmic-erp-be-dev-skvSee production.md

Warning: ACR and Storage Account names are alphanumeric only (Azure restriction). Use the formula replace('mic-erp-be-{env}-acr', '-', '').

Infrastructure per Environment

Each environment provisions:

ResourceCountNotes
Virtual Network1/16 CIDR, 4 subnets
Azure Container Apps Environment (Public)1Gateway + Keycloak
Azure Container Apps Environment (Private)1All other services, VNet-internal
Azure Container Registry1Per-environment, no cross-env access
Azure Key Vault1See table above for actual names
Azure Service Bus1Standard tier (dev/stage), Premium (prod)
Redis Cache1Standard (dev/stage), Premium (prod)
Application Insights1Log Analytics workspace
Private DNS Zones12See networking docs

Shared Resources (Cross-Environment)

Some resources are shared across environments and must not be modified per-environment:

ResourceRGNotes
SQL Server VMmic-backend-shared-sql-rgHosts all tenant databases; do NOT rename this RG
Build Agentsmic-build-agents-rgeg-build-01, 02, 05 — see MEMORY.md

Key Vault Name Inconsistency

Note: Key Vault names in this platform are inconsistent across environments (they were not always renamed when the naming convention changed). Always use the actual live names, not a formula:

EnvironmentKey Vault Name
devmic-erp-be-dev-skv
stagemic-erp-stg-kv
preprodmic-erp-be-preprod-skv
uatmic-erp-uat-kv
productionSee production.md

Internal Documentation — Microtec Platform Team