3. System Architecture
3. System Architecture
← 2. Requirements | Index | Next: 4. Components →
3.1 System Overview
The containerized stack standardizes on PostgreSQL 18 while preserving a dual-pooler architecture and CDC integrations. Application services connect through PgBouncer for query and management workloads. Debezium consumes logical decoding streams from the tenant database, and migration tooling uses session pooling to maintain transactional semantics. The upgrade changes the database baseline while keeping service boundaries and trust domains stable.
3.2 Authority Domains
| Domain | Authority | Scope |
|---|---|---|
| Data Authority | PostgreSQL databases | System of record for all persisted data |
| Connection Authority | PgBouncer | Mediates client connections and enforces pool-mode semantics |
| CDC Authority | Debezium | Interprets logical decoding streams and publishes events |
| Configuration Authority | Repository-managed container builds and configuration files | Defines runtime parameters |
3.3 Trust Boundaries
| Boundary | Description |
|---|---|
| Application → PgBouncer | Application services are untrusted clients; pooler authentication and pooling rules MUST continue to enforce access boundaries |
| Debezium → Tenant DB | Debezium is an external CDC consumer and MUST be limited to required replication privileges |
| Container host → Persistent volumes | Data at rest trust boundary; the upgrade MUST preserve encryption and access controls already in place |
3.4 Stable Interfaces
| Interface | Description |
|---|---|
| SQL protocol over PgBouncer | Primary interface for application traffic |
| Logical decoding slots | CDC interface for Debezium via replication slots and publications |
| Session pooler connections | Schema migration tooling continues to use session pooler for session-state operations |
Document Navigation
| Previous | Index | Next |
|---|---|---|
| ← 2. Requirements | Table of Contents | 4. Components → |
End of Section 3