Kubernetes Infrastructure
Cluster Architecture
Environment Setup
Production Cluster
apiVersion: v1
kind: Namespace
metadata:
name: oan-production
labels:
environment: production
app: oan-finance
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: oan-production-quota
namespace: oan-production
spec:
hard:
requests.cpu: "16"
requests.memory: 32Gi
limits.cpu: "32"
limits.memory: 64Gi
Application Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: oan-api
namespace: oan-production
spec:
replicas: 3
selector:
matchLabels:
app: oan-api
template:
metadata:
labels:
app: oan-api
spec:
containers:
- name: api
image: oan-api:latest
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 3000
readinessProbe:
httpGet:
path: /ready
port: 3000
Network Architecture
Security Configuration
Network Policies
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: api-network-policy
namespace: oan-production
spec:
podSelector:
matchLabels:
app: oan-api
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: oan-production
ports:
- protocol: TCP
port: 3000
egress:
- to:
- namespaceSelector:
matchLabels:
name: oan-production
ports:
- protocol: TCP
port: 5432 # Database
- protocol: TCP
port: 6379 # Redis
Storage Configuration
Storage Classes
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: oci-block-storage
provisioner: oracle.com/oci-volume-provisioner
parameters:
vpusPerGB: "20"
reclaimPolicy: Retain
allowVolumeExpansion: true
Monitoring Setup
Prometheus Configuration
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
name: oan-prometheus
namespace: monitoring
spec:
replicas: 2
serviceAccountName: prometheus
serviceMonitorSelector:
matchLabels:
team: oan-finance
resources:
requests:
memory: 400Mi
cpu: 500m
limits:
memory: 800Mi
cpu: 1000m
Scaling Configuration
Horizontal Pod Autoscaling
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: oan-api-hpa
namespace: oan-production
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: oan-api
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
Backup Configuration
Backup Schedule
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: daily-backup
namespace: velero
spec:
schedule: "0 1 * * *"
template:
includedNamespaces:
- oan-production
includedResources:
- deployments
- services
- configmaps
- secrets
labelSelector:
matchLabels:
app: oan-finance
Disaster Recovery
Recovery Process
Best Practices
Resource Management
- Set resource requests and limits
- Implement horizontal pod autoscaling
- Use node affinity rules
- Configure pod disruption budgets
Security
- Enable RBAC
- Implement network policies
- Use pod security policies
- Regular security audits
Monitoring
- Implement comprehensive metrics
- Set up alerting
- Configure log aggregation
- Regular performance analysis
Maintenance
- Regular updates and patches
- Backup verification
- Disaster recovery testing
- Configuration management