Platform Overview
Vecton is a multi-tenant SaaS platform that connects webshops, physical stores, and warehouses in real time from a single data source. The platform follows a microservices architecture where each tenant gets isolated service instances with their own databases, message queues, and storage.
Architecture
┌─────────────────────────────────────┐
│ Cloudflare DNS │
│ *.vecton.hu → Cluster Ingress │
└──────────────┬──────────────────────┘
│
┌──────────────▼──────────────────────┐
│ Traefik Ingress Controller │
│ TLS termination (Let's Encrypt) │
└──────────────┬──────────────────────┘
│
┌────────────────────────┼────────────────────────┐
│ │ │
┌─────────▼─────────┐ ┌──────────▼──────────┐ ┌─────────▼─────────┐
│ Identity Layer │ │ Admin Layer │ │ Tenant Layer │
│ identity.vecton │ │ admin.vecton │ │ {tenant}.vecton │
│ │ │ │ │ │
│ ┌───────────────┐ │ │ ┌──────────────────┐ │ │ ┌───────────────┐ │
│ │ Frontend │ │ │ │ Frontend │ │ │ │ Frontend │ │
│ │ (Vue 3) │ │ │ │ (Vue 3) │ │ │ │ (Vue 3) │ │
│ └───────┬───────┘ │ │ └────────┬─────────┘ │ │ └───────┬───────┘ │
│ ┌───────▼───────┐ │ │ ┌────────▼─────────┐ │ │ ┌───────▼───────┐ │
│ │ Backend │ │ │ │ Backend │ │ │ │ Microservices│ │
│ │ (Laravel 12) │ │ │ │ (Laravel 12) │ │ │ │ (7 services)│ │
│ └───────────────┘ │ │ └──────────────────┘ │ │ └───────────────┘ │
└───────────────────┘ └──────────────────────┘ └───────────────────┘
│ │ │
┌─────────▼────────────────────────▼────────────────────────▼─────────┐
│ Shared Infrastructure │
│ ┌────────────┐ ┌──────────┐ ┌──────────┐ ┌───────────────────┐ │
│ │ PostgreSQL │ │ RabbitMQ │ │ Redis │ │ Rook-Ceph S3 │ │
│ │ (CNPG HA) │ │ (3-node) │ │ (per-ns) │ │ (Object Store) │ │
│ └────────────┘ └──────────┘ └──────────┘ └───────────────────┘ │
└────────────────────────────────────────────────────────────────────┘
Main Services
Core platform services that manage the system:
| Service | Description | Tech Stack |
|---|---|---|
| Identity Service | Centralized authentication, 2FA, device management, OAuth2 | Laravel 12, Sanctum, Vue 3 |
| Admin | Tenant lifecycle management, platform administration | Laravel 12, FrankenPHP, Vue 3 |
Tenant Services
Each tenant gets isolated instances of these microservices:
| Service | Description | Port (dev) |
|---|---|---|
| Webshop | Product catalog, orders, payments, inventory | 8010 |
| Warehouse | Stock management, transfers, receiving | 8011 |
| CRM | Customer management, email campaigns | 8012 |
| Webhook | External integrations, event delivery | 8013 |
| Analytics | Business intelligence, reports, dashboards | 8014 |
| WebSocket Proxy | Real-time updates, live notifications | 8015 |
| Tenant Frontend | Unified Vue 3 SPA for all tenant services | 5175 |
Infrastructure
The platform runs on a bare-metal Kubernetes cluster:
| Component | Technology | Configuration |
|---|---|---|
| Kubernetes | kubeadm | 4 nodes (1 master + 3 workers) |
| Database | CloudNativePG (PostgreSQL 16) | 3-node HA cluster |
| Message Queue | RabbitMQ | 3-node cluster with operator |
| Object Storage | Rook-Ceph | S3-compatible, per-tenant buckets |
| Cache | Redis 7 | Per-namespace instance |
| Ingress | Traefik | With Let's Encrypt (Cloudflare DNS-01) |
| Load Balancer | MetalLB | L2 mode for bare-metal |
| Autoscaling | KEDA | Scale-to-zero for idle tenants |
| Container Registry | Harbor | Self-hosted at harbor.mng.vecton.hu |
| GitOps | ArgoCD | App-of-Apps pattern with sync waves |
| Secrets | SOPS + age | Encrypted secrets in git |
| TLS Certificates | cert-manager | Automatic via Cloudflare DNS-01 |
Deployment Model
All deployments follow a GitOps workflow:
- Developer pushes code to GitHub
- GitHub Actions builds Docker image and pushes to Harbor
- CI/CD calls DevOps API to create a GitOps pull request
- PR auto-merges, updating image tags in the
devopsrepo - ArgoCD detects the change and syncs the cluster
Each tenant namespace is fully isolated with its own:
- PostgreSQL database and user
- RabbitMQ vhost and user
- Redis instance with authentication
- S3 buckets (private + public)
- Kubernetes secrets (auto-generated by credential-generator)
Tenant Lifecycle
Tenants are managed through the Admin service:
- Creation — Admin creates tenant via UI/API
- Provisioning — DevOps API generates Kubernetes manifests from template
- Deployment — ArgoCD syncs the new namespace with all services
- Scaling — KEDA scales idle services to zero, scales up on traffic
- Deletion — Admin marks tenant for deletion, resources are cleaned up