Deployment Topology

:::info Source Sourced from services/content-service/DEPLOYMENT_TOPOLOGY.md in the documentation repo. :::

1. Containers

Container	Purpose
`content-api`	REST API for packages, bundles, exports
`content-builder`	PlayPackage build worker (long-running)
`content-bundler`	Per-device bundle encryption + signing worker
`content-scorm-importer`	SCORM zip import worker (sandboxed)
`content-exporter`	SCORM/HTML/xAPI export worker
`content-outbox-relay`	NATS outbox publisher

2. Scaling

Container	Min	Max	HPA
`content-api`	3	20	CPU > 60%
`content-builder`	2	30	queue depth > 50
`content-bundler`	3	50	queue depth > 200 (bursty on enrollment spikes)
`content-scorm-importer`	1	10	queue depth > 5
`content-exporter`	1	10	queue depth > 20
`content-outbox-relay`	2	5	outbox backlog > 5000

3. Resources

Container	CPU req/limit	Mem req/limit
`content-api`	500m / 2000m	512Mi / 1.5Gi
`content-builder`	1000m / 4000m	2Gi / 8Gi (asset processing)
`content-bundler`	500m / 2000m	1Gi / 2Gi (encryption-heavy)
`content-scorm-importer`	1000m / 4000m	2Gi / 4Gi (sandboxed)
`content-exporter`	500m / 2000m	1Gi / 4Gi

SCORM importer runs in gVisor / Kata sandbox for defense-in-depth.

4. Storage

Tier	Purpose	Retention
S3 hot	Active bundles + packages (recent 90 days)	Standard class
S3 cold	Archived packages (legal hold, audit)	Glacier
Postgres	Metadata only (no blobs)	—
Local ephemeral	Build workspace	Per-job

5. CDN Usage

Bundle downloads served via signed CDN URLs.
HTML exports served via CDN (with CSP per tenant).
PlayPackage manifests cached 60s with revocation-aware invalidation.

6. KMS

Per-tenant signing key (HSM-backed).
Per-region replication for DR.
kid rotation annual; emergency rotation tested quarterly.

7. Regional Deployment

Deployed per region (us, eu, me, ap).
Bundles for a tenant served from tenant's homeRegion.
Tamper / revocation events replicated globally via NATS cross-region.

8. Service Mesh

mTLS.
Egress to media-service, catalog-service, authoring-service, sync-service, ai-gateway (for AI assistant config generation).
Egress to S3/R2 via VPC endpoint.

9. Release Strategy

Canary: 10% → 50% → 100%.
Builders + importers: rolling; jobs idempotent.
CDN invalidation on manifest shape change.

10. Diagram

 authoring-service ─ authoring.course_draft.published.v1 ─▶ NATS
                                                              │
  content-outbox-relay ◀─── content-api ◀─── HTTPS            │
                                ▲                             ▼
                                │        content-builder ◀────┤
                                │             │               │
                                ▼             ▼               │
                            Postgres        S3 (pkgs)         │
                                                              │
  enrollment.created.v1 ──────────────────────────────────────┤
                                                              ▼
                                                   content-bundler
                                                        │
                                                        ▼
                                               S3 (bundles) + KMS
                                                        │
                                          content.play_package.bundle.published.v1
                                                        │
                                                        ▼
                                                      sync-service

11. DR

RPO 15 min (event log + S3 versioning).
RTO 90 min for full rebuild from event log.
Packages + bundles can be rebuilt from source drafts + event log; KMS keys are authoritative.

1. Containers​

2. Scaling​

3. Resources​

4. Storage​

5. CDN Usage​

6. KMS​

7. Regional Deployment​

8. Service Mesh​

9. Release Strategy​

10. Diagram​

11. DR​

1. Containers

2. Scaling

3. Resources

4. Storage

5. CDN Usage

6. KMS

7. Regional Deployment

8. Service Mesh

9. Release Strategy

10. Diagram

11. DR