academia/docs/architecture/diagrams/07-deployment.puml

@startuml deployment
!theme plain
skinparam nodeBackgroundColor #F8F9FA
skinparam nodeBorderColor #495057
skinparam componentBackgroundColor #E9ECEF

title Sistema de Registro de Estudiantes - Diagrama de Despliegue

node "Cliente" as client {
    component "Navegador Web" as browser {
        [Angular SPA]
    }
}

node "K3s Cluster (Namespace: academia)" as k3s {

    node "frontend-deployment" as frontendPod <<Pod>> {
        component "Nginx" as nginx {
            [Static Files]
            [Reverse Proxy]
        }
    }

    node "api-deployment" as apiPod <<Pod>> {
        component "ASP.NET Core" as aspnet {
            [Kestrel Server]
            [GraphQL Endpoint]
            [JWT Auth]
            [Health Check]
        }
    }

    node "sqlserver-statefulset" as dbPod <<StatefulSet>> {
        database "SQL Server 2022" as sqlserver {
            [StudentEnrollment DB]
        }
    }

    node "Traefik Ingress" as ingress <<Ingress>> {
        [TLS Termination]
        [Routing Rules]
    }

    component "NetworkPolicy" as netpol <<Security>> {
        [default-deny-ingress]
        [allow-frontend-ingress]
        [allow-api-ingress]
        [allow-sqlserver-from-api]
    }
}

cloud "Internet" as internet

' Conexiones
browser --> internet : HTTPS
internet --> ingress : HTTPS :443
ingress --> nginx : HTTP :80
nginx --> aspnet : HTTP :5000\n/graphql
aspnet --> sqlserver : TCP :1433

note right of ingress
  <b>Dominio:</b>
  academia.ingeniumcodex.com
  <b>TLS:</b> Let's Encrypt
end note

note right of nginx
  <b>Nginx Config:</b>
  - Gzip/Brotli compression
  - Static file caching
  - GraphQL proxy
  - Security headers
end note

note right of aspnet
  <b>Optimizaciones:</b>
  - Server GC
  - ReadyToRun
  - Connection pooling
  - Rate limiting
  - JWT validation
end note

note right of sqlserver
  <b>Recursos:</b>
  - 2 CPU cores
  - 2.5 GB RAM
  - Persistent volume
end note

note bottom of k3s
  <b>CI/CD:</b> Gitea Actions
  <b>Namespace:</b> academia
  <b>Seguridad:</b> NetworkPolicy
end note

note right of netpol
  <b>Flujo permitido:</b>
  Ingress → Frontend → API → SQL
  (Todo otro tráfico bloqueado)
end note

@enduml