MATIH Platform is in active MVP development. Documentation reflects current implementation status.
20. Appendices & Reference
Port Assignments

Port Assignments

This section documents every port assignment in the MATIH Enterprise Platform. The canonical source of truth for port assignments is scripts/config/components.yaml in the platform repository. If any discrepancy exists between this documentation and that file, the YAML file takes precedence.

To validate that deployed services match the defined port assignments, run:

./scripts/tools/validate-ports.sh

To programmatically access a service port in shell scripts, source the port library:

source scripts/lib/core/ports.sh
PORT=$(port_get_service_port "ai-service")

Port Allocation Strategy

Ports are allocated by category to prevent conflicts and make the system predictable:

RangeCategoryDescription
3000-3099Frontend WorkbenchesReact/Next.js frontend applications
5000-5099Proxies and GatewaysAuthentication proxies, internal gateways
8000-8009Python FastAPI ServicesAI, ML, Data Quality, and other Python services
8080-8099Java Spring Boot ServicesControl Plane and Data Plane Java services
8100-8199Specialized ServicesOntology and other specialized Python services
8888Config ServiceSpring Cloud Config Server (conventional port)
8098Render ServiceNode.js server-side rendering

Control Plane Services

All Control Plane services are Java Spring Boot 3.2 applications deployed in the matih-control-plane Kubernetes namespace.

ServicePortTypeDatabaseHealth EndpointDependencies
api-gateway8080Java Spring BootNone/actuator/healthiam-service, config-service
iam-service8081Java Spring Bootiam/api/v1/actuator/healthPostgreSQL, Redis
tenant-service8082Java Spring Boottenant/api/v1/actuator/healthPostgreSQL, Redis, Kafka, iam-service
platform-registry8084Java Spring Bootregistry/api/v1/actuator/healthPostgreSQL
notification-service8085Java Spring Bootnotification/api/v1/actuator/healthPostgreSQL, Redis, Kafka
audit-service8086Java Spring Bootaudit/api/v1/actuator/healthPostgreSQL, Elasticsearch, Kafka
billing-service8087Java Spring Bootbilling/api/v1/actuator/healthPostgreSQL, Redis, Kafka
observability-api8088Java Spring BootNone/api/v1/actuator/healthPrometheus, Elasticsearch
infrastructure-service8089Java Spring Bootinfrastructure/api/v1/actuator/healthPostgreSQL, Redis
config-service8888Java Spring Bootconfig/api/v1/actuator/healthPostgreSQL, Redis

Resource Allocations (Control Plane)

All Control Plane services share the same base resource profile:

ResourceRequestLimit
CPU100m500m
Memory256Mi512Mi

Replica Counts (Control Plane)

ServiceDevStagingProduction
api-gateway123
iam-service123
tenant-service123
platform-registry122
notification-service123
audit-service123
billing-service123
observability-api122
infrastructure-service122
config-service123

Data Plane Services

Data Plane services use a mix of Java Spring Boot, Python FastAPI, and Node.js. They are deployed in the matih-data-plane Kubernetes namespace.

ServicePortTypeDatabaseHealth EndpointDependencies
query-engine8080Java Spring Bootquery/api/v1/actuator/healthTrino, PostgreSQL
catalog-service8086Java Spring Bootcatalog/api/v1/actuator/healthPostgreSQL, OpenMetadata
semantic-layer8086Java Spring Bootsemantic/api/v1/actuator/healthPostgreSQL, Redis, Trino
bi-service8084Java Spring Bootbi/api/v1/actuator/healthPostgreSQL, Redis, semantic-layer
pipeline-service8092Java Spring Bootpipeline/api/v1/actuator/healthPostgreSQL, Kafka, Temporal
data-plane-agent8085Java Spring BootNone/api/v1/actuator/healthRedis, Kafka
ai-service8000Python FastAPIai/healthPostgreSQL, Redis, vLLM
ml-service8000Python FastAPIml/healthPostgreSQL, Redis, Ray, MLflow
data-quality-service8000Python FastAPIquality/healthPostgreSQL, Trino
governance-service8080Python FastAPIgovernance/healthPostgreSQL, OpenMetadata, Polaris
ops-agent-service8080Python FastAPIops_agent/healthPostgreSQL, Redis, Kafka, AI Service, ChromaDB
ontology-service8101Python FastAPIontology/healthPostgreSQL, Elasticsearch
render-service8098Node.jsNone/healthRedis

Resource Allocations (Data Plane)

ServiceCPU RequestCPU LimitMemory RequestMemory Limit
query-engine200m1000m512Mi1Gi
catalog-service100m500m256Mi512Mi
semantic-layer200m1000m512Mi1Gi
bi-service100m500m256Mi512Mi
pipeline-service100m500m256Mi512Mi
data-plane-agent100m500m256Mi512Mi
ai-service500m2000m1Gi4Gi
ml-service200m1000m512Mi2Gi
data-quality-service100m500m256Mi512Mi
governance-service100m500m256Mi512Mi
ops-agent-service500m2000m1Gi4Gi
ontology-service100m500m256Mi512Mi
render-service100m500m256Mi512Mi

Replica Counts (Data Plane)

ServiceDevStagingProduction
query-engine123
catalog-service123
semantic-layer123
bi-service123
pipeline-service123
data-plane-agent123
ai-service123
ml-service123
data-quality-service122
governance-service122
ops-agent-service122
ontology-service122
render-service123

Frontend Workbenches

All frontend workbenches are React/Next.js applications deployed in the matih-system Kubernetes namespace. In development, they serve on their assigned ports via Next.js dev server. In production, they run behind NGINX with the API Gateway handling API proxying.

ApplicationPortTypeHealth EndpointDependencies
bi-workbench3000React/Next.js/api/healthapi-gateway
ml-workbench3001React/Next.js/api/healthapi-gateway
data-workbench3002React/Next.js/api/healthapi-gateway
agentic-workbench3003React/Next.js/api/healthapi-gateway
control-plane-ui3004React/Next.js/api/healthapi-gateway
data-plane-ui3005React/Next.js/api/healthapi-gateway
ops-workbench3006React/Next.js/api/healthapi-gateway
onboarding-ui3007React/Next.js/api/healthapi-gateway

Resource Allocations (Frontend)

All frontend workbenches share the same resource profile:

ResourceRequestLimit
CPU100m500m
Memory128Mi512Mi

Internal Service Ports

These ports are used by supporting infrastructure and proxy services.

ServicePortTypeNamespaceDescription
auth-proxy5000Proxymatih-systemAuthentication proxy for services that do not natively support JWT

Platform Infrastructure Ports

These ports are used by platform infrastructure components. They are not exposed externally and are only accessible within the Kubernetes cluster.

ComponentPort(s)NamespaceDescription
PostgreSQL5432matih-systemPrimary relational database
Redis6379matih-systemIn-memory cache and session store
Kafka (Strimzi)9092 (plain), 9093 (TLS)matih-systemEvent streaming broker
Elasticsearch9200 (HTTP), 9300 (transport)matih-systemFull-text search and log storage
ChromaDB8000matih-systemVector database for RAG
Qdrant6333 (HTTP), 6334 (gRPC)matih-data-planeVector store for schema embeddings
Trino8080 (coordinator)matih-data-planeFederated SQL query engine
ClickHouse8123 (HTTP), 9000 (native)matih-data-planeOLAP analytics database
StarRocks FE8030 (HTTP), 9030 (MySQL)matih-data-planeStarRocks frontend
StarRocks BE8040matih-data-planeStarRocks backend
Hive Metastore9083matih-data-planeMetadata service for Trino
OpenMetadata8585matih-data-planeData catalog and governance
Polaris8181matih-data-planeIceberg catalog service
Temporal7233 (frontend), 7234 (history), 7235 (matching)matih-data-planeWorkflow orchestration
Airflow8080 (webserver)matih-data-planeDAG-based workflow scheduler
Ray6379 (GCS), 8265 (dashboard), 10001 (client)matih-data-planeDistributed compute framework
MLflow5000matih-data-planeML experiment tracking
Feast6566matih-data-planeFeature store online serving
Spark Connect15002matih-data-planeSpark Connect server
vLLM8000matih-data-planeLLM inference server
Triton8000 (HTTP), 8001 (gRPC), 8002 (metrics)matih-data-planeModel inference server

Observability Stack Ports

ComponentPort(s)NamespaceDescription
Prometheus9090matih-monitoringMetrics collection and querying
Alertmanager9093matih-monitoringAlert routing and deduplication
Grafana3000matih-monitoringMetrics visualization and dashboards
Loki3100matih-monitoringLog aggregation
Tempo3200 (query), 4317 (OTLP gRPC), 4318 (OTLP HTTP)matih-monitoringDistributed tracing
OTel Collector4317 (gRPC), 4318 (HTTP), 8888 (metrics)matih-monitoringTelemetry collection and routing
Thanos10901 (gRPC), 10902 (HTTP)matih-monitoringLong-term metrics storage

Port Conflict Notes

The following ports are shared across services that run in different namespaces and never conflict at the network level:

PortServices Using ItConflict Risk
8000ai-service, ml-service, data-quality-service, ChromaDB, vLLM, TritonNo conflict: separate pods/namespaces
8080api-gateway, query-engine, governance-service, ops-agent-service, Trino, AirflowNo conflict: separate pods/namespaces
8084platform-registry, bi-serviceNo conflict: different namespaces
8086audit-service, catalog-service, semantic-layerNo conflict: different namespaces
3000bi-workbench, GrafanaNo conflict: different namespaces (matih-system vs matih-monitoring)

When accessing services from within the cluster, always use the fully qualified domain name (FQDN) to avoid ambiguity:

http://{service-name}.{namespace}.svc.cluster.local:{port}

For example:

http://ai-service.matih-data-plane.svc.cluster.local:8000
http://iam-service.matih-control-plane.svc.cluster.local:8081
http://prometheus.matih-monitoring.svc.cluster.local:9090

Deployment Phase Order

Services are deployed in a strict dependency order across 14 phases. Each phase must complete before the next begins. This order is defined in scripts/config/components.yaml under deployment_phases.

PhaseNameNamespaceComponents
0Terraform InfrastructureN/ACloud resources (AKS/EKS/GKE, networking, DNS, Key Vault)
1Build SetupN/ARegistry authentication, build tooling
2Build ImagesN/ADocker image builds for all services
3Package ChartsN/AHelm chart packaging and dependency resolution
4Data Infrastructurematih-systemPostgreSQL, Redis, Kafka, Elasticsearch
5Observability Stackmatih-monitoringPrometheus, Grafana, Loki, Tempo, OTel Collector
6Compute Enginesmatih-data-planeSpark, Flink, Hive Metastore, Trino, ClickHouse
7Data Catalogsmatih-data-planePolaris, OpenMetadata
8Workflow Orchestrationmatih-data-planeTemporal, Airflow
9ML Infrastructurematih-data-planeRay, MLflow, Feast, JupyterHub
10AI Infrastructurematih-data-planevLLM, Triton, Copilot (requires GPU nodes)
11Control Planematih-control-planeAll 10 Control Plane services
12Data Planematih-data-planeAll 14 Data Plane services
13Frontendmatih-systemAll 8 frontend workbenches
14ValidationN/AHealth checks, smoke tests, connectivity validation

Namespace Summary

NamespacePurposeService Count
matih-systemShared infrastructure (PostgreSQL, Redis, Kafka, Elasticsearch, frontend workbenches)~12
matih-control-planeControl Plane microservices10
matih-data-planeData Plane microservices and compute engines~30
matih-monitoringObservability stack (Prometheus, Grafana, Loki, Tempo, OTel)6
matih-ingressShared NGINX Ingress Controller1
matih-buildBuild pipeline agents and image build jobsVariable
matih-tenant-{slug}Per-tenant dedicated workloads (enterprise tier)Variable per tenant

Port Validation

To detect port drift between this documentation, the components.yaml configuration file, and actual running services, use the validation script:

./scripts/tools/validate-ports.sh

This script performs the following checks:

CheckDescription
Configuration ConsistencyVerifies all ports in components.yaml match Helm chart values.yaml files
Service Port MatchConfirms Kubernetes Service port definitions match expected values
Health Endpoint VerificationValidates that each service's health endpoint responds on the documented port
Duplicate DetectionIdentifies any unintended port duplicates within the same namespace
Range ComplianceConfirms all ports fall within the documented allocation ranges

Programmatic Port Access

For shell scripts that need to reference service ports, use the port library:

source scripts/lib/core/ports.sh
 
# Get a service port by name
AI_PORT=$(port_get_service_port "ai-service")
echo "AI Service port: ${AI_PORT}"  # Output: 8000
 
# Get health endpoint for a service
HEALTH_PATH=$(port_get_health_path "ai-service")
echo "Health path: ${HEALTH_PATH}"  # Output: /health
 
# Construct full health URL
HEALTH_URL="http://ai-service.matih-data-plane.svc.cluster.local:${AI_PORT}${HEALTH_PATH}"

This approach ensures that port numbers are never hardcoded in scripts and always reference the single source of truth.

GlossaryEnvironment Variables