Architecture Guide

This guide describes how gStack is layered and how a new software connects to the shared government building blocks.

The three layers

gStack is organised as three classic cloud service layers. The goal is to build new SaaS by reusing the existing PaaS and IaaS — not to re-build infrastructure or platforms for every new application.

        ┌───────────────────────────────────────────────────────────┐
        │  SaaS — Software as a Service        (what we build)        │
        │  Registrul Interdicțiilor · future registries & portals     │
        ├───────────────────────────────────────────────────────────┤
        │  PaaS — Platform as a Service        (what we reuse)        │
        │  GPass · GSign · GPay · GPower · GNotify · GConnect ·        │
        │  GLog · GDelivery · GDocs                                   │
        ├───────────────────────────────────────────────────────────┤
        │  IaaS — Infrastructure as a Service  (what we run on)       │
        │  compute · network · storage · Kubernetes · PostgreSQL ·    │
        │  Elasticsearch · object storage  (govcloud / on-prem)       │
        └───────────────────────────────────────────────────────────┘

Layer	Role	In gStack
SaaS	The applications delivered to end users — the thing we are building.	Registrul Interdicțiilor and future software.
PaaS	Reusable platform building blocks every software composes from.	GPass, GSign, GPay, GConnect, GLog, …
IaaS	The infrastructure the platforms and software run on.	Compute, network, storage, Kubernetes, PostgreSQL, Elasticsearch — on govcloud / on-prem.

A new software is therefore mostly: its own domain logic (SaaS) + configuration of existing platforms (PaaS) + deployment onto existing infrastructure (IaaS).

System context

A software (SaaS) sits among citizens, civil servants, and external systems (banks, ANAF, control bodies), and connects to the shared platforms (PaaS) for identity (GPass), signing (GSign), and interoperability (GConnect).

  Operator / Citizen / External system
                 │  HTTPS + JWT
                 ▼
        ┌───────────────────┐      identity  ┌──────────┐
        │  Software (SPA +   │◄──────────────►│  GPass   │
        │  REST API)         │      signing   ├──────────┤
        │                    │◄──────────────►│  GSign   │
        │                    │      interop   ├──────────┤
        └─────────┬──────────┘◄──────────────►│ GConnect │
                  │                            └──────────┘
        ┌─────────▼──────────┐
        │ PostgreSQL · Search│   (IaaS)
        └────────────────────┘

In this guide

• Component layering — the deployable monolith and its internal layers.

Reference stack

Concern	Technology
Backend	Spring Boot 3 (JHipster 8 monolith)
Frontend	Angular 19 (standalone components)
Database	PostgreSQL (prod) / H2 (dev)
Search	Elasticsearch
Auth	JWT → OIDC layer for GPass SSO (Keycloak)
Migrations	Liquibase (append-only)