# Kubernetes Resources

Complete reference of all Kubernetes resources for the API Gateway deployment.

## Namespace Overview

**Namespace**: Dedicated namespace for gateway components
**Environment Separation**: Development, Staging, Production
**Resource Organization**: Logical grouping by function

## Helm Releases

### Control Plane Release

**Release Components**:
- **Chart**: Control plane helm chart
- **Status**: Deployed
- **Management**: Dashboard, Portal, Data Plane Manager

**Key Configuration**:
```yaml
dashboard_configuration:
  database:
    dsn: postgres://username:***@postgresql-service:5432/dbname

postgresql:
  auth:
    password: ***
  primary:
    persistence:
      size: 10Gi
  readReplicas:
    persistence:
      size: 10Gi
```

### Data Plane Release

**Release Components**:
- **Chart**: Gateway data plane helm chart
- **Status**: Deployed
- **Function**: Request processing and routing

**Key Configuration**:
```yaml
gateway:
  extraEnvVars:
  - name: GATEWAY_GROUP_ID
    value: default
  replicaCount: 3

configuration:
  auth:
    tls:
      enabled: true
      existingSecret: gateway-tls-secret
      verify: true
  endpoint:
  - https://control-plane-endpoint:port

service:
  type: ClusterIP
  tls:
    existingCASecret: gateway-tls-secret
```

## Deployments

### Dashboard

**Specification**:
```yaml
Replicas: 1 (configurable)
Selector: app=dashboard
Ports: Management ports (HTTP/HTTPS)
```

### Developer Portal

**Specification**:
```yaml
Replicas: 1 (configurable)
Selector: app=developer-portal
Ports: Web service port
```

### Data Plane Manager

**Specification**:
```yaml
Replicas: 1 (configurable)
Selector: app=dp-manager
Ports: Management and proxy ports
```

### Gateway Data Plane

**Specification**:
```yaml
Replicas: 3+ (highly available)
Strategy: RollingUpdate (25% max unavailable)
Selector: app.kubernetes.io/name=gateway
Ports: 9080 (HTTP), 9443 (HTTPS)

Volumes:
- gateway-config (ConfigMap)
- tls-certificates (Secret)
- client-certificates (Secret)

Environment:
- GATEWAY_GROUP_ID: default

Readiness Probe:
  tcp-socket: 9080
  initialDelay: 10s
  period: 10s
```

### Monitoring Server

**Specification**:
```yaml
Replicas: 1
Image: prometheus:latest
Ports: 9090
Volume: Persistent storage for metrics
```

### Backend Applications

**Generic Application Template**:
```yaml
Replicas: Based on load requirements
Ports: Application-specific
Service: ClusterIP for internal access
```

## StatefulSets

### PostgreSQL Database

**Specification**:
```yaml
Replicas: 1 (can be scaled for HA)
Image: postgres:latest
Ports: 5432
Storage: Configurable persistent volume

Environment:
- POSTGRES_USER: gateway_user
- POSTGRES_PASSWORD: *** (from secret)
- POSTGRES_DB: gateway_db
```

**Persistent Storage**: Data persistence across pod restarts

## Services

### Control Plane Services

#### Dashboard Service
```yaml
Type: ClusterIP
Ports:
- HTTP Management Port
- HTTPS Management Port
Selector: app=dashboard
```

#### Developer Portal Service
```yaml
Type: ClusterIP
Ports:
- Web Service Port
Selector: app=developer-portal
```

#### Data Plane Manager Service
```yaml
Type: ClusterIP
Ports:
- Management API Port
- Configuration Proxy Port
Selector: app=dp-manager
```

#### PostgreSQL Service
```yaml
Type: ClusterIP
Ports:
- 5432/TCP
Selector: app=postgresql
```

#### PostgreSQL Headless Service
```yaml
Type: ClusterIP (None)
Ports:
- 5432/TCP
Purpose: StatefulSet DNS resolution
```

#### Monitoring Service
```yaml
Type: ClusterIP
Ports:
- 9090/TCP
Selector: app=prometheus
```

### Gateway Service

```yaml
Type: ClusterIP
Ports:
- name: http-gateway
  port: 80
  targetPort: 9080
- name: https-gateway
  port: 443
  targetPort: 9443
Selector:
  app.kubernetes.io/name: gateway
```

### Backend Application Services

```yaml
Type: ClusterIP
Ports: Application-specific
Selector: app=<application-name>
```

## Ingress Resources

### Dashboard Ingress
```yaml
Class: nginx
Hosts:
- dashboard.domain.com

TLS:
- hosts: [dashboard.domain.com]
  secretName: dashboard-tls-secret

Backend:
  Service: dashboard-service
  Port: Management Port

Annotations:
  nginx.ingress.kubernetes.io/backend-protocol: HTTPS
  nginx.ingress.kubernetes.io/proxy-body-size: 10m
```

### Developer Portal Ingress
```yaml
Class: nginx
Hosts:
- portal.domain.com

TLS:
- hosts: [portal.domain.com]
  secretName: portal-tls-secret

Backend:
  Service: developer-portal-service
  Port: Web Port
```

### Data Plane Manager Ingress
```yaml
Class: nginx
Hosts:
- dp-manager.domain.com

TLS:
- hosts: [dp-manager.domain.com]
  secretName: dp-manager-tls-secret

Backend:
  Service: dp-manager-service
  Port: Management Port
```

### Gateway Ingress
```yaml
Class: nginx

Hosts:
- *.domain.com
- domain.com

TLS:
- hosts: [*.domain.com, domain.com]
  secretName: wildcard-tls-secret

Rules:
- host: "*.domain.com"
  backend:
    service: gateway-service
    port: 80
- host: domain.com
  backend:
    service: gateway-service
    port: 80
```

## ConfigMaps

### Monitoring Configuration
- Prometheus server configuration
- Alert rules and thresholds

### Dashboard Configuration
- Dashboard application settings
- UI customization

### Developer Portal Configuration
- Portal settings
- API documentation configuration

### Data Plane Manager Configuration
- Manager settings
- Gateway group configurations

### Gateway Configuration
- Gateway runtime settings
- Backend connection configuration

### Certificate Authority
- Kubernetes root CA certificate
- Trust chain configuration

## Secrets

### TLS Certificates

**Control Plane Certificates**:
- Dashboard TLS certificates
- Developer Portal TLS certificates
- Data Plane Manager TLS certificates

**Gateway Certificates**:
- Gateway mutual TLS certificates
- Internal communication certificates
- Public-facing TLS certificates

**Application Certificates**:
- Backend service certificates
- Wildcard domain certificates

### Database Credentials

```yaml
Type: Opaque
Data:
- database-password: ***
- user-password: ***
```

### Helm Release Secrets

- Helm release versioning secrets
- Configuration state storage

## Persistent Volume Claims

### Database Storage

```yaml
Size: 10Gi+ (configurable)
Storage Class: Distributed storage
Access Mode: RWO
Purpose: Database persistence
```

### Monitoring Storage

```yaml
Size: 100Gi+ (based on retention)
Storage Class: Local or network storage
Access Mode: RWO
Purpose: Metrics retention
```

### Configuration Storage

```yaml
Size: Based on requirements
Storage Class: High-performance storage
Access Mode: RWO/RWX as needed
Purpose: Configuration persistence
```

## Resource Management

### Useful Commands

**List all resources**:
```bash
kubectl get all -n <namespace>
```

**Get specific resource details**:
```bash
kubectl describe deployment <deployment-name> -n <namespace>
kubectl get svc <service-name> -n <namespace> -o yaml
```

**Check pod logs**:
```bash
kubectl logs -n <namespace> <pod-name>
kubectl logs -n <namespace> <pod-name> -f  # Follow logs
```

**Access services locally**:
```bash
# Forward dashboard to local port
kubectl port-forward -n <namespace> svc/dashboard-service 7080:7080

# Forward gateway to local port
kubectl port-forward -n <namespace> svc/gateway-service 8080:80
```

**Scale deployments**:
```bash
kubectl scale deployment <deployment-name> -n <namespace> --replicas=<count>
```

**Check Helm releases**:
```bash
helm list -n <namespace>
helm get values <release-name> -n <namespace>
helm status <release-name> -n <namespace>
```

**Troubleshooting**:
```bash
kubectl get events -n <namespace>
kubectl top pods -n <namespace>
kubectl describe pod <pod-name> -n <namespace>
```

---

*Complete Kubernetes resource reference for API Gateway infrastructure deployment.*