Infrastructure Overview
NMT runs on Digital Ocean with Kubernetes orchestration for the backend and a separate deployment for the frontend. This section covers how the platform is built, deployed, and operated.
Infrastructure at a Glance
GitHub (Source Code)
|
| GitHub Actions (CI/CD)
|
v
+-------------------+ +-------------------+
| Container Build | | Frontend Deploy |
| (Buildah) | | (separate infra) |
+-------------------+ +-------------------+
|
| Push to GHCR
v
+-------------------+
| GitHub Container |
| Registry (ghcr.io)|
+-------------------+
|
| Helm deploy
v
+-------------------------------------------+
| Digital Ocean K8s Cluster |
| |
| +----------------+ +-----------------+ |
| | NMT Backend | | PostgreSQL 16 | |
| | (1 replica) | | (in-cluster) | |
| +----------------+ +-----------------+ |
| |
| +----------------+ +-----------------+ |
| | NGINX Ingress | | cert-manager | |
| | Controller | | (Let's Encrypt) | |
| +----------------+ +-----------------+ |
+-------------------------------------------+
Key Components
| Component | Technology | Purpose |
|---|---|---|
| Orchestrator | Digital Ocean Kubernetes (DOKS) | Managed Kubernetes |
| Package Manager | Helm 3 | Templated K8s deployments |
| Container Builder | Buildah | Multi-stage Docker builds |
| Container Registry | GitHub (ghcr.io) | Image storage |
| Ingress | NGINX | HTTP routing and load balancing |
| TLS | cert-manager + Let's Encrypt | Automatic HTTPS certificates |
| CI/CD | GitHub Actions | Automated build, test, deploy |
| Security Scanning | Trivy | Container vulnerability detection |
Environments
| Environment | Domain | Purpose |
|---|---|---|
| Stage | backend.stage.newmarkettrading.com |
Testing and staging |
| Production | backend.newmarkettrading.com |
Live user-facing |
Resource Allocation
| Resource | Request | Limit |
|---|---|---|
| CPU | 1 core | 2 cores |
| Memory | 2 Gi | 4 Gi |
| Chrome data (RAM disk) | — | 2 Gi |
| Temp storage (RAM disk) | — | 1 Gi |
The Chrome data volume is needed because the backend uses headless Chrome for Morpho data scraping.
Frontend Hosting
The frontend is deployed on Digital Ocean App Platform — a managed PaaS that handles builds, TLS, and scaling automatically. It is not containerized or deployed via Helm.
| Property | Value |
|---|---|
| Platform | Digital Ocean App Platform |
| Build | Automatic on push (managed by DO) |
| Runtime | Node.js |
| Framework | Next.js |
The frontend deployment pipeline is entirely separate from the backend's Kubernetes infrastructure. There is no Dockerfile or Helm chart for the frontend in the repository.
Known Infrastructure Limitations
Single Backend Replica
The backend currently runs as 1 replica in Kubernetes. There is no horizontal scaling or failover configured. During deployments, the pod is replaced (rolling update), which may cause brief interruptions to background worker processing.
Impact: If the backend pod crashes, indexing and valuation workers stop until Kubernetes restarts it. User-facing features (frontend + blockchain) remain unaffected since funds are on-chain and the frontend reads from the database directly.
Trivy Scan Non-Blocking
The CI/CD pipeline runs Trivy container vulnerability scans but they are configured with exit-code: 0 — vulnerabilities are reported but do not block deployment. This is a known TODO that should be addressed by switching to exit-code: 1 for CRITICAL vulnerabilities.