@startuml deployment !theme plain skinparam nodeBackgroundColor #F8F9FA skinparam nodeBorderColor #495057 skinparam componentBackgroundColor #E9ECEF title Sistema de Registro de Estudiantes - Diagrama de Despliegue node "Cliente" as client { component "Navegador Web" as browser { [Angular SPA] } } node "K3s Cluster (Namespace: academia)" as k3s { node "frontend-deployment" as frontendPod <> { component "Nginx" as nginx { [Static Files] [Reverse Proxy] } } node "api-deployment" as apiPod <> { component "ASP.NET Core" as aspnet { [Kestrel Server] [GraphQL Endpoint] [JWT Auth] [Health Check] } } node "sqlserver-statefulset" as dbPod <> { database "SQL Server 2022" as sqlserver { [StudentEnrollment DB] } } node "Traefik Ingress" as ingress <> { [TLS Termination] [Routing Rules] } component "NetworkPolicy" as netpol <> { [default-deny-ingress] [allow-frontend-ingress] [allow-api-ingress] [allow-sqlserver-from-api] } } cloud "Internet" as internet ' Conexiones browser --> internet : HTTPS internet --> ingress : HTTPS :443 ingress --> nginx : HTTP :80 nginx --> aspnet : HTTP :5000\n/graphql aspnet --> sqlserver : TCP :1433 note right of ingress Dominio: academia.ingeniumcodex.com TLS: Let's Encrypt end note note right of nginx Nginx Config: - Gzip/Brotli compression - Static file caching - GraphQL proxy - Security headers end note note right of aspnet Optimizaciones: - Server GC - ReadyToRun - Connection pooling - Rate limiting - JWT validation end note note right of sqlserver Recursos: - 2 CPU cores - 2.5 GB RAM - Persistent volume end note note bottom of k3s CI/CD: Gitea Actions Namespace: academia Seguridad: NetworkPolicy end note note right of netpol Flujo permitido: Ingress → Frontend → API → SQL (Todo otro tráfico bloqueado) end note @enduml