demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a2eef9efdec24b219728cf328f19f66d7e661cb8
api7-demo/web/docs/kubernetes-resources.md
d.viti a2eef9efde
Some checks failed
Build and Push Docker Images / build-web (push) Failing after 1m3s
Details
Build and Push Docker Images / build-api (push) Failing after 1m1s
Details
first commit
2025-10-03 01:20:15 +02:00

7.6 KiB
Raw Blame History

Kubernetes Resources

Complete reference of all Kubernetes resources for the API Gateway deployment.

Namespace Overview

Namespace: Dedicated namespace for gateway components Environment Separation: Development, Staging, Production Resource Organization: Logical grouping by function

Helm Releases

Control Plane Release

Release Components:

  • Chart: Control plane helm chart
  • Status: Deployed
  • Management: Dashboard, Portal, Data Plane Manager

Key Configuration:

dashboard_configuration:
  database:
    dsn: postgres://username:***@postgresql-service:5432/dbname

postgresql:
  auth:
    password: ***
  primary:
    persistence:
      size: 10Gi
  readReplicas:
    persistence:
      size: 10Gi

Data Plane Release

Release Components:

  • Chart: Gateway data plane helm chart
  • Status: Deployed
  • Function: Request processing and routing

Key Configuration:

gateway:
  extraEnvVars:
  - name: GATEWAY_GROUP_ID
    value: default
  replicaCount: 3

configuration:
  auth:
    tls:
      enabled: true
      existingSecret: gateway-tls-secret
      verify: true
  endpoint:
  - https://control-plane-endpoint:port

service:
  type: ClusterIP
  tls:
    existingCASecret: gateway-tls-secret

Deployments

Dashboard

Specification:

Replicas: 1 (configurable)
Selector: app=dashboard
Ports: Management ports (HTTP/HTTPS)

Developer Portal

Specification:

Replicas: 1 (configurable)
Selector: app=developer-portal
Ports: Web service port

Data Plane Manager

Specification:

Replicas: 1 (configurable)
Selector: app=dp-manager
Ports: Management and proxy ports

Gateway Data Plane

Specification:

Replicas: 3+ (highly available)
Strategy: RollingUpdate (25% max unavailable)
Selector: app.kubernetes.io/name=gateway
Ports: 9080 (HTTP), 9443 (HTTPS)

Volumes:
- gateway-config (ConfigMap)
- tls-certificates (Secret)
- client-certificates (Secret)

Environment:
- GATEWAY_GROUP_ID: default

Readiness Probe:
  tcp-socket: 9080
  initialDelay: 10s
  period: 10s

Monitoring Server

Specification:

Replicas: 1
Image: prometheus:latest
Ports: 9090
Volume: Persistent storage for metrics

Backend Applications

Generic Application Template:

Replicas: Based on load requirements
Ports: Application-specific
Service: ClusterIP for internal access

StatefulSets

PostgreSQL Database

Specification:

Replicas: 1 (can be scaled for HA)
Image: postgres:latest
Ports: 5432
Storage: Configurable persistent volume

Environment:
- POSTGRES_USER: gateway_user
- POSTGRES_PASSWORD: *** (from secret)
- POSTGRES_DB: gateway_db

Persistent Storage: Data persistence across pod restarts

Services

Control Plane Services

Dashboard Service

Type: ClusterIP
Ports:
- HTTP Management Port
- HTTPS Management Port
Selector: app=dashboard

Developer Portal Service

Type: ClusterIP
Ports:
- Web Service Port
Selector: app=developer-portal

Data Plane Manager Service

Type: ClusterIP
Ports:
- Management API Port
- Configuration Proxy Port
Selector: app=dp-manager

PostgreSQL Service

Type: ClusterIP
Ports:
- 5432/TCP
Selector: app=postgresql

PostgreSQL Headless Service

Type: ClusterIP (None)
Ports:
- 5432/TCP
Purpose: StatefulSet DNS resolution

Monitoring Service

Type: ClusterIP
Ports:
- 9090/TCP
Selector: app=prometheus

Gateway Service

Type: ClusterIP
Ports:
- name: http-gateway
  port: 80
  targetPort: 9080
- name: https-gateway
  port: 443
  targetPort: 9443
Selector:
  app.kubernetes.io/name: gateway

Backend Application Services

Type: ClusterIP
Ports: Application-specific
Selector: app=<application-name>

Ingress Resources

Dashboard Ingress

Class: nginx
Hosts:
- dashboard.domain.com

TLS:
- hosts: [dashboard.domain.com]
  secretName: dashboard-tls-secret

Backend:
  Service: dashboard-service
  Port: Management Port

Annotations:
  nginx.ingress.kubernetes.io/backend-protocol: HTTPS
  nginx.ingress.kubernetes.io/proxy-body-size: 10m

Developer Portal Ingress

Class: nginx
Hosts:
- portal.domain.com

TLS:
- hosts: [portal.domain.com]
  secretName: portal-tls-secret

Backend:
  Service: developer-portal-service
  Port: Web Port

Data Plane Manager Ingress

Class: nginx
Hosts:
- dp-manager.domain.com

TLS:
- hosts: [dp-manager.domain.com]
  secretName: dp-manager-tls-secret

Backend:
  Service: dp-manager-service
  Port: Management Port

Gateway Ingress

Class: nginx

Hosts:
- *.domain.com
- domain.com

TLS:
- hosts: [*.domain.com, domain.com]
  secretName: wildcard-tls-secret

Rules:
- host: "*.domain.com"
  backend:
    service: gateway-service
    port: 80
- host: domain.com
  backend:
    service: gateway-service
    port: 80

ConfigMaps

Monitoring Configuration

  • Prometheus server configuration
  • Alert rules and thresholds

Dashboard Configuration

  • Dashboard application settings
  • UI customization

Developer Portal Configuration

  • Portal settings
  • API documentation configuration

Data Plane Manager Configuration

  • Manager settings
  • Gateway group configurations

Gateway Configuration

  • Gateway runtime settings
  • Backend connection configuration

Certificate Authority

  • Kubernetes root CA certificate
  • Trust chain configuration

Secrets

TLS Certificates

Control Plane Certificates:

  • Dashboard TLS certificates
  • Developer Portal TLS certificates
  • Data Plane Manager TLS certificates

Gateway Certificates:

  • Gateway mutual TLS certificates
  • Internal communication certificates
  • Public-facing TLS certificates

Application Certificates:

  • Backend service certificates
  • Wildcard domain certificates

Database Credentials

Type: Opaque
Data:
- database-password: ***
- user-password: ***

Helm Release Secrets

  • Helm release versioning secrets
  • Configuration state storage

Persistent Volume Claims

Database Storage

Size: 10Gi+ (configurable)
Storage Class: Distributed storage
Access Mode: RWO
Purpose: Database persistence

Monitoring Storage

Size: 100Gi+ (based on retention)
Storage Class: Local or network storage
Access Mode: RWO
Purpose: Metrics retention

Configuration Storage

Size: Based on requirements
Storage Class: High-performance storage
Access Mode: RWO/RWX as needed
Purpose: Configuration persistence

Resource Management

Useful Commands

List all resources:

kubectl get all -n <namespace>

Get specific resource details:

kubectl describe deployment <deployment-name> -n <namespace>
kubectl get svc <service-name> -n <namespace> -o yaml

Check pod logs:

kubectl logs -n <namespace> <pod-name>
kubectl logs -n <namespace> <pod-name> -f  # Follow logs

Access services locally:

# Forward dashboard to local port
kubectl port-forward -n <namespace> svc/dashboard-service 7080:7080

# Forward gateway to local port
kubectl port-forward -n <namespace> svc/gateway-service 8080:80

Scale deployments:

kubectl scale deployment <deployment-name> -n <namespace> --replicas=<count>

Check Helm releases:

helm list -n <namespace>
helm get values <release-name> -n <namespace>
helm status <release-name> -n <namespace>

Troubleshooting:

kubectl get events -n <namespace>
kubectl top pods -n <namespace>
kubectl describe pod <pod-name> -n <namespace>

Complete Kubernetes resource reference for API Gateway infrastructure deployment.