demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a2eef9efdec24b219728cf328f19f66d7e661cb8
api7-demo/web/docs/kubernetes-resources.md
d.viti a2eef9efde
Some checks failed
Build and Push Docker Images / build-web (push) Failing after 1m3s
Details
Build and Push Docker Images / build-api (push) Failing after 1m1s
Details
first commit
2025-10-03 01:20:15 +02:00

447 lines
7.6 KiB
Markdown
Raw Blame History

# Kubernetes Resources
Complete reference of all Kubernetes resources for the API Gateway deployment.
## Namespace Overview
**Namespace**: Dedicated namespace for gateway components
**Environment Separation**: Development, Staging, Production
**Resource Organization**: Logical grouping by function
## Helm Releases
### Control Plane Release
**Release Components**:
- **Chart**: Control plane helm chart
- **Status**: Deployed
- **Management**: Dashboard, Portal, Data Plane Manager
**Key Configuration**:
```yaml
dashboard_configuration:
database:
dsn: postgres://username:***@postgresql-service:5432/dbname
postgresql:
auth:
password: ***
primary:
persistence:
size: 10Gi
readReplicas:
persistence:
size: 10Gi
```
### Data Plane Release
**Release Components**:
- **Chart**: Gateway data plane helm chart
- **Status**: Deployed
- **Function**: Request processing and routing
**Key Configuration**:
```yaml
gateway:
extraEnvVars:
- name: GATEWAY_GROUP_ID
value: default
replicaCount: 3
configuration:
auth:
tls:
enabled: true
existingSecret: gateway-tls-secret
verify: true
endpoint:
- https://control-plane-endpoint:port
service:
type: ClusterIP
tls:
existingCASecret: gateway-tls-secret
```
## Deployments
### Dashboard
**Specification**:
```yaml
Replicas: 1 (configurable)
Selector: app=dashboard
Ports: Management ports (HTTP/HTTPS)
```
### Developer Portal
**Specification**:
```yaml
Replicas: 1 (configurable)
Selector: app=developer-portal
Ports: Web service port
```
### Data Plane Manager
**Specification**:
```yaml
Replicas: 1 (configurable)
Selector: app=dp-manager
Ports: Management and proxy ports
```
### Gateway Data Plane
**Specification**:
```yaml
Replicas: 3+ (highly available)
Strategy: RollingUpdate (25% max unavailable)
Selector: app.kubernetes.io/name=gateway
Ports: 9080 (HTTP), 9443 (HTTPS)
Volumes:
- gateway-config (ConfigMap)
- tls-certificates (Secret)
- client-certificates (Secret)
Environment:
- GATEWAY_GROUP_ID: default
Readiness Probe:
tcp-socket: 9080
initialDelay: 10s
period: 10s
```
### Monitoring Server
**Specification**:
```yaml
Replicas: 1
Image: prometheus:latest
Ports: 9090
Volume: Persistent storage for metrics
```
### Backend Applications
**Generic Application Template**:
```yaml
Replicas: Based on load requirements
Ports: Application-specific
Service: ClusterIP for internal access
```
## StatefulSets
### PostgreSQL Database
**Specification**:
```yaml
Replicas: 1 (can be scaled for HA)
Image: postgres:latest
Ports: 5432
Storage: Configurable persistent volume
Environment:
- POSTGRES_USER: gateway_user
- POSTGRES_PASSWORD: *** (from secret)
- POSTGRES_DB: gateway_db
```
**Persistent Storage**: Data persistence across pod restarts
## Services
### Control Plane Services
#### Dashboard Service
```yaml
Type: ClusterIP
Ports:
- HTTP Management Port
- HTTPS Management Port
Selector: app=dashboard
```
#### Developer Portal Service
```yaml
Type: ClusterIP
Ports:
- Web Service Port
Selector: app=developer-portal
```
#### Data Plane Manager Service
```yaml
Type: ClusterIP
Ports:
- Management API Port
- Configuration Proxy Port
Selector: app=dp-manager
```
#### PostgreSQL Service
```yaml
Type: ClusterIP
Ports:
- 5432/TCP
Selector: app=postgresql
```
#### PostgreSQL Headless Service
```yaml
Type: ClusterIP (None)
Ports:
- 5432/TCP
Purpose: StatefulSet DNS resolution
```
#### Monitoring Service
```yaml
Type: ClusterIP
Ports:
- 9090/TCP
Selector: app=prometheus
```
### Gateway Service
```yaml
Type: ClusterIP
Ports:
- name: http-gateway
port: 80
targetPort: 9080
- name: https-gateway
port: 443
targetPort: 9443
Selector:
app.kubernetes.io/name: gateway
```
### Backend Application Services
```yaml
Type: ClusterIP
Ports: Application-specific
Selector: app=<application-name>
```
## Ingress Resources
### Dashboard Ingress
```yaml
Class: nginx
Hosts:
- dashboard.domain.com
TLS:
- hosts: [dashboard.domain.com]
secretName: dashboard-tls-secret
Backend:
Service: dashboard-service
Port: Management Port
Annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/proxy-body-size: 10m
```
### Developer Portal Ingress
```yaml
Class: nginx
Hosts:
- portal.domain.com
TLS:
- hosts: [portal.domain.com]
secretName: portal-tls-secret
Backend:
Service: developer-portal-service
Port: Web Port
```
### Data Plane Manager Ingress
```yaml
Class: nginx
Hosts:
- dp-manager.domain.com
TLS:
- hosts: [dp-manager.domain.com]
secretName: dp-manager-tls-secret
Backend:
Service: dp-manager-service
Port: Management Port
```
### Gateway Ingress
```yaml
Class: nginx
Hosts:
- *.domain.com
- domain.com
TLS:
- hosts: [*.domain.com, domain.com]
secretName: wildcard-tls-secret
Rules:
- host: "*.domain.com"
backend:
service: gateway-service
port: 80
- host: domain.com
backend:
service: gateway-service
port: 80
```
## ConfigMaps
### Monitoring Configuration
- Prometheus server configuration
- Alert rules and thresholds
### Dashboard Configuration
- Dashboard application settings
- UI customization
### Developer Portal Configuration
- Portal settings
- API documentation configuration
### Data Plane Manager Configuration
- Manager settings
- Gateway group configurations
### Gateway Configuration
- Gateway runtime settings
- Backend connection configuration
### Certificate Authority
- Kubernetes root CA certificate
- Trust chain configuration
## Secrets
### TLS Certificates
**Control Plane Certificates**:
- Dashboard TLS certificates
- Developer Portal TLS certificates
- Data Plane Manager TLS certificates
**Gateway Certificates**:
- Gateway mutual TLS certificates
- Internal communication certificates
- Public-facing TLS certificates
**Application Certificates**:
- Backend service certificates
- Wildcard domain certificates
### Database Credentials
```yaml
Type: Opaque
Data:
- database-password: ***
- user-password: ***
```
### Helm Release Secrets
- Helm release versioning secrets
- Configuration state storage
## Persistent Volume Claims
### Database Storage
```yaml
Size: 10Gi+ (configurable)
Storage Class: Distributed storage
Access Mode: RWO
Purpose: Database persistence
```
### Monitoring Storage
```yaml
Size: 100Gi+ (based on retention)
Storage Class: Local or network storage
Access Mode: RWO
Purpose: Metrics retention
```
### Configuration Storage
```yaml
Size: Based on requirements
Storage Class: High-performance storage
Access Mode: RWO/RWX as needed
Purpose: Configuration persistence
```
## Resource Management
### Useful Commands
**List all resources**:
```bash
kubectl get all -n <namespace>
```
**Get specific resource details**:
```bash
kubectl describe deployment <deployment-name> -n <namespace>
kubectl get svc <service-name> -n <namespace> -o yaml
```
**Check pod logs**:
```bash
kubectl logs -n <namespace> <pod-name>
kubectl logs -n <namespace> <pod-name> -f # Follow logs
```
**Access services locally**:
```bash
# Forward dashboard to local port
kubectl port-forward -n <namespace> svc/dashboard-service 7080:7080
# Forward gateway to local port
kubectl port-forward -n <namespace> svc/gateway-service 8080:80
```
**Scale deployments**:
```bash
kubectl scale deployment <deployment-name> -n <namespace> --replicas=<count>
```
**Check Helm releases**:
```bash
helm list -n <namespace>
helm get values <release-name> -n <namespace>
helm status <release-name> -n <namespace>
```
**Troubleshooting**:
```bash
kubectl get events -n <namespace>
kubectl top pods -n <namespace>
kubectl describe pod <pod-name> -n <namespace>
```
---
*Complete Kubernetes resource reference for API Gateway infrastructure deployment.*
Reference in New Issue View Git Blame Copy Permalink