Control Plane Charts Overview
The control plane consists of 10 Java Spring Boot services deployed via the matih-control-plane umbrella chart. Each service handles a specific platform management concern and follows the standard chart pattern with deployment, service, ingress, HPA, PDB, and ServiceMonitor templates.
Service Summary
| Service | Port | Min Replicas | HPA Max | Key Feature |
|---|---|---|---|---|
| iam-service | 8080 | 2 | 10 | JWT auth, RBAC, user management |
| tenant-service | 8080 | 2 | 8 | Tenant lifecycle, provisioning |
| config-service | 8080 | 2 | 5 | Feature flags, hot reload |
| audit-service | 8080 | 3 | 15 | Audit trail, SIEM forwarding |
| notification-service | 8080 | 2 | 8 | Multi-channel notifications |
| billing-service | 8080 | 2 | 6 | Usage tracking, cost allocation |
| api-gateway | 8080 | 2 | 10 | API routing, rate limiting |
| observability-api | 8080 | 2 | 5 | Metrics aggregation |
| platform-registry | 8080 | 2 | 4 | Service registry |
| infrastructure-service | 8080 | 2 | 4 | Cloud infrastructure provisioning |
Shared Configuration
All control plane services share:
- PostgreSQL: Bitnami subchart with primary + 2 read replicas
- Redis: Bitnami subchart with Sentinel HA
- Kafka: Strimzi cluster in data plane (via FQDN)
- Ingress: Kong API gateway with path-based routing
Ingress Routing
Control plane services are exposed through Kong ingress:
ingress:
className: kong
annotations:
konghq.com/strip-path: "false"
konghq.com/protocols: "https"
hosts:
- host: api.matih.ai
paths:
- path: /api/v1/auth # -> iam-service
- path: /api/v1/tenants # -> tenant-service
- path: /api/v1/config # -> config-service
- path: /api/v1/audit # -> audit-serviceSection Contents
Each page below details the Helm chart configuration for the respective service, including values snippets, deployment specs, and operational notes.