project-cloud-ide-docs-infrastructure-map
title: Infrastructure Map - Coditect V5 type: reference component_type: reference version: 1.0.0 created: '2025-12-27' updated: '2025-12-27' status: archived tags:
- ai-ml
- authentication
- deployment
- security
- testing
- api
- architecture
- automation summary: 'Infrastructure Map - Coditect V5 Date: 2025-10-07 Project: serene-voltage-464305-n2 Cluster: codi-poc-e2-cluster Region: us-central1-a IP Address Purpose ---------------- Public API endpoint Domain 443 SSH + HTTP access to workspace FoundationDB...' moe_confidence: 0.950 moe_classified: 2025-12-31
Infrastructure Map - Coditect V5
Date: 2025-10-07 Project: serene-voltage-464305-n2 Cluster: codi-poc-e2-cluster Region: us-central1-a
π Quick Referenceβ
| Resource | IP Address | Port | Purpose |
|---|---|---|---|
| API v5 (External) | 34.46.212.40 | 80 | Public API endpoint |
| Domain | coditect.ai β 34.8.51.57 | 443 | HTTPS with Google-managed cert |
| workspace IDE (External) | 35.194.14.169 | 22, 80 | SSH + HTTP access to workspace |
| FoundationDB Proxy | 10.128.0.10 | 4500 | FDB client access |
π API Base URL: http://34.46.212.40/api/v5
π HTTPS URL: https://coditect.ai/api/v5 (production)
πΊοΈ Network Topologyβ
VPC Network: defaultβ
π’ IP Address Inventoryβ
External IP Addresses (Public)β
| Resource | IP Address | Type | Status | Purpose |
|---|---|---|---|---|
| API LoadBalancer | 34.46.212.40 | Ephemeral | Active | API v5 public endpoint |
| workspace LoadBalancer | 35.194.14.169 | Ephemeral | Active | IDE workspace access |
| Domain (coditect.ai) | 34.8.51.57 | Static Reserved | Active | Production domain |
| Node 1 (2c5z) | 136.112.115.233 | Ephemeral | Active | GKE node external IP |
| Node 2 (6n7t) | 34.45.20.33 | Ephemeral | Active | GKE node external IP |
| Node 3 (84l6) | 34.59.50.66 | Ephemeral | Active | GKE node external IP |
β οΈ Note: Ephemeral IPs change if resources are recreated. Reserve static IPs for production.
Service Cluster IPs (Internal)β
| Service | Namespace | Cluster IP | Type | Selector |
|---|---|---|---|---|
| api-loadbalancer | coditect-app | 34.118.233.84 | LoadBalancer | app=coditect-api-v5 |
| coditect-api-v5-service | coditect-app | 34.118.239.171 | ClusterIP | app=coditect-api-v5 |
| coditect-api-v2 | coditect-app | 34.118.232.122 | ClusterIP | app=coditect-api-v2 |
| fdb-cluster | coditect-app | None (Headless) | ClusterIP | app=foundationdb |
| fdb-proxy-service | coditect-app | 34.118.234.162 | LoadBalancer | app=fdb-proxy |
| coditect-frontend | coditect-app | 34.118.235.177 | ClusterIP | app=coditect-frontend |
| codi-workspace-lb | codi-workspaces | 34.118.237.1 | LoadBalancer | app=codi-workspace |
| codi-workspace-svc | codi-workspaces | None (Headless) | ClusterIP | app=codi-workspace |
| kubernetes | default | 34.118.224.1 | ClusterIP | N/A |
| kube-dns | kube-system | 34.118.224.10 | ClusterIP | k8s-app=kube-dns |
Pod IPs (Internal - Dynamic)β
API v5 Podsβ
| Pod | IP | Node | Status |
|---|---|---|---|
coditect-api-v5-f94cbdf9f-cxb2s | 10.56.0.32 | gke-...-2c5z | Running |
FoundationDB Podsβ
| Pod | IP | Node | Status |
|---|---|---|---|
foundationdb-0 | 10.56.3.57 | gke-...-84l6 | Running |
foundationdb-1 | 10.56.2.63 | gke-...-6n7t | Running |
foundationdb-2 | 10.56.0.7 | gke-...-2c5z | Running |
FDB Proxy Podsβ
| Pod | IP | Node | Status |
|---|---|---|---|
fdb-proxy-7bd8874999-8vr27 | 10.56.2.60 | gke-...-6n7t | Running |
fdb-proxy-7bd8874999-g8p2b | 10.56.0.2 | gke-...-2c5z | Running |
workspace Podsβ
| Pod | IP | Node | Status |
|---|---|---|---|
codi-workspace-0 | 10.56.2.65 | gke-...-6n7t | Running |
codi-workspace-1 | 10.56.3.59 | gke-...-84l6 | Running |
codi-workspace-2 | 10.56.0.10 | gke-...-2c5z | Running |
API v2 Pods (Legacy)β
| Pod | IP | Node | Status |
|---|---|---|---|
coditect-api-v2-7d66c9fc64-5q24v | 10.56.2.64 | gke-...-6n7t | Running |
coditect-api-v2-7d66c9fc64-6bln9 | 10.56.0.8 | gke-...-2c5z | Running |
coditect-api-v2-7d66c9fc64-kq9pf | 10.56.3.58 | gke-...-84l6 | Running |
Frontend Podsβ
| Pod | IP | Node | Status |
|---|---|---|---|
coditect-frontend-75bc875f8-8c42d | 10.56.3.46 | gke-...-84l6 | Running |
coditect-frontend-75bc875f8-p2927 | 10.56.2.55 | gke-...-6n7t | Running |
Node IPsβ
| Node | Internal IP | External IP | Zone | Status |
|---|---|---|---|---|
gke-codi-poc-e2-cluster-default-pool-237638b1-2c5z | 10.128.0.9 | 136.112.115.233 | us-central1-a | Ready |
gke-codi-poc-e2-cluster-default-pool-237638b1-6n7t | 10.128.0.5 | 34.45.20.33 | us-central1-a | Ready |
gke-codi-poc-e2-cluster-default-pool-237638b1-84l6 | 10.128.0.6 | 34.59.50.66 | us-central1-a | Ready |
π Network CIDR Rangesβ
VPC Network: defaultβ
| Subnet | CIDR Range | Region | Purpose |
|---|---|---|---|
| default | 10.128.0.0/20 | us-central1 | Active GKE cluster |
| fdb-subnet | 10.0.1.0/24 | us-central1 | Reserved for FDB (future) |
| multi-agent-subnet | 10.10.0.0/20 | us-central1 | Reserved for agents (future) |
Additional Regional Subnets (default VPC auto-mode):
- 30+ regional subnets with
10.X.0.0/20ranges - See full list:
gcloud compute networks subnets list --network=default
GKE Cluster IP Rangesβ
| Range Type | CIDR | Purpose | Allocation |
|---|---|---|---|
| Node Subnet | 10.128.0.0/20 | Node internal IPs | 4,096 IPs (3 used) |
| Pod CIDR | 10.56.0.0/14 | Pod IPs | 262,144 IPs |
| Service CIDR | 34.118.224.0/20 | Service cluster IPs | 4,096 IPs |
IP Allocation Breakdown:
- Nodes: 3 nodes (out of 4,096 available in
10.128.0.0/20) - Pods: ~60 pods running (out of 262,144 available in
10.56.0.0/14) - Services: ~20 services (out of 4,096 available in
34.118.224.0/20)
π Service Endpointsβ
API v5 Endpointsβ
Base URL: http://34.46.212.40/api/v5
| Endpoint | Method | Auth | Purpose |
|---|---|---|---|
/health | GET | β No | Health check for load balancer |
/ready | GET | β No | Readiness probe |
/auth/register | POST | β No | User registration |
/auth/login | POST | β No | User authentication |
/auth/logout | POST | β Yes | Invalidate token |
/sessions | POST | β Yes | Create session |
/sessions/{id} | GET | β Yes | Get session by ID |
/sessions | GET | β Yes | List user sessions |
/sessions/{id} | DELETE | β Yes | Delete session |
Testing Script: /workspace/PROJECTS/t2/backend/test-api.sh
FoundationDB Endpointsβ
Internal Access (from pods):
- Headless Service:
fdb-cluster.coditect-app.svc.cluster.local:4500 - Individual Pods:
foundationdb-0.fdb-cluster.coditect-app.svc.cluster.local:4500foundationdb-1.fdb-cluster.coditect-app.svc.cluster.local:4500foundationdb-2.fdb-cluster.coditect-app.svc.cluster.local:4500
Proxy Access (LoadBalancer):
- External:
10.128.0.10:4500 - Cluster IP:
34.118.234.162:4500
Cluster File Location: /var/fdb/fdb.cluster (inside FDB pods)
workspace IDE Endpointsβ
SSH Access:
ssh -p 22 user@35.194.14.169
HTTP Access:
http://35.194.14.169
Internal Service:
- Headless:
codi-workspace-svc.codi-workspaces.svc.cluster.local - Ports: 22 (SSH), 8080 (HTTP)
π Credentials & Secretsβ
Kubernetes Secretsβ
| Secret | Namespace | Purpose | Keys |
|---|---|---|---|
jwt-secret-k8s | coditect-app | JWT authentication | secret |
Access Example:
# View secret metadata
kubectl get secret jwt-secret-k8s -n coditect-app
# Decode secret value (base64)
kubectl get secret jwt-secret-k8s -n coditect-app -o jsonpath='{.data.secret}' | base64 -d
β οΈ Security:
- Never log or expose JWT secret
- Rotate secrets regularly
- Use Google Secret Manager in production
Service Accountsβ
GKE Cluster Service Account:
- Format:
<cluster-name>@<project>.iam.gserviceaccount.com - Purpose: GKE cluster operations
- Permissions: Managed by GKE
Workload Identity (if enabled):
- Kubernetes ServiceAccounts map to Google Service Accounts
- No key files needed
- Best practice for pod authentication
ποΈ Persistent Storageβ
FoundationDB Volumesβ
| PVC | Size | StorageClass | Mount Path | Pod |
|---|---|---|---|---|
fdb-storage-foundationdb-0 | 50Gi | standard | /var/fdb/data | foundationdb-0 |
fdb-storage-foundationdb-1 | 50Gi | standard | /var/fdb/data | foundationdb-1 |
fdb-storage-foundationdb-2 | 50Gi | standard | /var/fdb/data | foundationdb-2 |
Total FDB Storage: 150Gi (3 Γ 50Gi)
workspace Volumesβ
| PVC | Size | StorageClass | Mount Path | Pod |
|---|---|---|---|---|
workspace-storage-codi-workspace-0 | 20Gi | standard | /workspace | codi-workspace-0 |
workspace-storage-codi-workspace-1 | 20Gi | standard | /workspace | codi-workspace-1 |
workspace-storage-codi-workspace-2 | 20Gi | standard | /workspace | codi-workspace-2 |
Total workspace Storage: 60Gi (3 Γ 20Gi)
Check Volumes:
kubectl get pvc -n coditect-app
kubectl get pvc -n codi-workspaces
π‘ Load Balancer Configurationβ
API LoadBalancer (api-loadbalancer)β
External IP: 34.46.212.40
Type: LoadBalancer (Google Cloud L4)
Namespace: coditect-app
Port Mapping: 80:80
Selector: app=coditect-api-v5 β
(Updated 2025-10-07)
Health Check:
- Path:
/api/v5/health - Port: 8080
- Protocol: HTTP
Recent Changes:
- 2025-10-07: Updated selector from
coditect-api-v2tocoditect-api-v5 - Ensures traffic routes to v5 pods instead of v2
Verify Routing:
kubectl get svc api-loadbalancer -n coditect-app -o yaml | grep -A 5 "selector:"
# Should show: app: coditect-api-v5
workspace LoadBalancer (codi-workspace-lb)β
External IP: 35.194.14.169
Type: LoadBalancer (Google Cloud L4)
Namespace: codi-workspaces
Port Mapping:
22:30102(SSH)80:30694(HTTP)
Selector: app=codi-workspace
Domain LoadBalancer (coditect.ai)β
Static IP: 34.8.51.57 (reserved as coditect-ai-ip)
Type: Google-managed certificate
Status: Active, SSL provisioned
Backend: To be configured β API v5 LoadBalancer
DNS Configuration:
A Record: coditect.ai β 34.8.51.57
Future Integration:
- Configure backend to point to
34.46.212.40(API LoadBalancer) - Enable HTTPS with Google-managed cert
- Redirect HTTP β HTTPS
π οΈ Management Informationβ
Accessing the Clusterβ
Get Cluster Credentials:
gcloud container clusters get-credentials codi-poc-e2-cluster \
--zone=us-central1-a \
--project=serene-voltage-464305-n2
Verify Access:
kubectl cluster-info
kubectl get nodes
kubectl get pods --all-namespaces
kubectl Contextβ
Current Context:
kubectl config current-context
# Output: gke_serene-voltage-464305-n2_us-central1-a_codi-poc-e2-cluster
Switch Namespaces:
kubectl config set-context --current --namespace=coditect-app
Terraform Stateβ
β οΈ NOT MANAGED BY TERRAFORM (manual deployment)
If migrating to Terraform:
- Import existing resources:
terraform import - Write Terraform modules matching current state
- Run
terraform planto verify no changes - Transition to IaC workflow
Terraform Examples:
- See:
/workspace/PROJECTS/t2/infrastructure/terraform/ - Modules: networking, gke-cluster, foundationdb, api-deployment
Monitoring & Loggingβ
Cloud Logging:
# View API logs
gcloud logging read "resource.type=k8s_container AND resource.labels.namespace_name=coditect-app" --limit 50
# View FDB logs
gcloud logging read "resource.type=k8s_container AND resource.labels.namespace_name=foundationdb" --limit 50
Cloud Monitoring:
# List dashboards
gcloud monitoring dashboards list
# Access console
open https://console.cloud.google.com/monitoring?project=serene-voltage-464305-n2
kubectl Logs:
# API v5 logs
kubectl logs -n coditect-app -l app=coditect-api-v5 --tail=100 -f
# FoundationDB logs
kubectl logs -n coditect-app foundationdb-0 --tail=100 -f
# All pods in namespace
kubectl logs -n coditect-app --all-containers=true --tail=50
FoundationDB Managementβ
Check FDB Cluster Status:
kubectl exec -n coditect-app foundationdb-0 -- fdbcli --exec "status"
Expected Output:
Using cluster file `/var/fdb/fdb.cluster'.
Configuration:
Redundancy mode - single
Storage engine - ssd-2
Coordinators - 3
Usable Regions - 1
Cluster:
FoundationDB processes - 3
Zones - 3
Machines - 3
Memory availability - 4.1 GB per process on machine with least available
Fault Tolerance - 0 machines
Server time - 10/07/25 16:23:45
Data:
Replication health - Healthy
Moving data - 0.000 GB
Sum of key-value sizes - 0 MB
Disk space used - 105 MB
View Cluster File:
kubectl exec -n coditect-app foundationdb-0 -- cat /var/fdb/fdb.cluster
π Deployment Historyβ
API Versionsβ
| Version | Status | Replicas | Image | Deployment Date |
|---|---|---|---|---|
| v5 | β Active | 1 | gcr.io/serene-voltage-464305-n2/coditect-v5-api:latest | 2025-10-07 |
| v2 | β οΈ Legacy | 3 | gcr.io/serene-voltage-464305-n2/coditect-api:latest | 2024-10-01 |
Migration Notes:
- 2025-10-07: LoadBalancer routing switched from v2 β v5
- 2025-10-07: Fixed v5 liveness probe path (
/api/v5/health) - v2 still running but not receiving traffic
- Plan to scale down v2 after v5 stability confirmed
Recent Infrastructure Changesβ
2025-10-07:
-
Fixed API v5 liveness probe path
- Changed:
/healthβ/api/v5/health - Result: Pod now
1/1 Running(wasCrashLoopBackOff)
- Changed:
-
Updated LoadBalancer routing
- Changed selector:
app=coditect-api-v2βapp=coditect-api-v5 - Result: Traffic now routes to v5 pods
- Changed selector:
-
Created comprehensive test suite
- Script:
backend/test-api.sh - Coverage: All 9 endpoints, 16 automated tests
- Script:
2025-10-06:
- Created complete IaC implementation (Terraform modules)
- Documented in
docs/iac-implementation-summary.md
2025-09-29:
- Deployed API v2 (3 replicas)
- Created FoundationDB cluster (3 nodes)
π¨ Known Issues & Gotchasβ
Issue 1: Ephemeral External IPsβ
Problem: LoadBalancer IPs (34.46.212.40, 35.194.14.169) are ephemeral and change if service is deleted/recreated.
Solution: Reserve static IPs for production:
gcloud compute addresses create api-static-ip --region=us-central1
gcloud compute addresses describe api-static-ip --region=us-central1 --format="get(address)"
# Update LoadBalancer to use static IP
kubectl patch svc api-loadbalancer -n coditect-app -p '{"spec":{"loadBalancerIP":"<STATIC_IP>"}}'
Issue 2: Probe Path Misconfigurationβ
Problem: API v5 initially had liveness probe at /health instead of /api/v5/health, causing CrashLoopBackOff.
Root Cause: Probe didn't include /api/v5 prefix required by Actix-web router.
Fix: Always use full path with API version prefix.
Reference: See docs/backend-deployment-resolution-report.md
Issue 3: LoadBalancer Selector Mismatchβ
Problem: api-loadbalancer was routing to v2 pods instead of v5 after v5 deployment.
Root Cause: Selector still pointed to app=coditect-api-v2.
Fix: Update selector to match v5 labels.
Prevention: Use Terraform to manage service configuration (ensures consistency).
Issue 4: FoundationDB Cluster Split-Brain Riskβ
Problem: With 3-node cluster and single redundancy mode, losing 2 nodes causes cluster unavailability.
Solution: Upgrade to double or triple redundancy mode for production:
kubectl exec -n coditect-app foundationdb-0 -- fdbcli --exec "configure double ssd"
Recommendation: Use 5+ nodes for true HA (tolerates 2 failures).
π― Recommended Actionsβ
Immediate (High Priority)β
-
Reserve Static IPs for Production
gcloud compute addresses create api-static-ip --region=us-central1
gcloud compute addresses create workspace-static-ip --region=us-central1 -
Run Full Test Suite
cd /workspace/PROJECTS/t2/backend
export API_BASE_URL="http://34.46.212.40/api/v5"
./test-api.sh -
Configure Domain SSL
- Point
coditect.aibackend to API LoadBalancer - Verify Google-managed cert provisions
- Test HTTPS endpoints
- Point
-
Scale Down v2 API (after v5 stability confirmed)
kubectl scale deployment coditect-api-v2 -n coditect-app --replicas=0
Short-Term (This Week)β
-
Migrate to Terraform
- Import existing infrastructure
- Use modules in
/workspace/PROJECTS/t2/infrastructure/terraform/ - Enable IaC workflow
-
Enable FoundationDB HA
kubectl exec -n coditect-app foundationdb-0 -- fdbcli --exec "configure double ssd" -
Set Up Monitoring Dashboards
- Configure alerts for pod failures
- Track API response times
- Monitor FDB cluster health
-
Document Runbook
- Create incident response procedures
- Document common operations
- Define escalation paths
Long-Term (Next Sprint)β
-
Implement Secret Manager
- Migrate JWT secret to Google Secret Manager
- Remove secrets from Kubernetes manifests
- Enable automatic rotation
-
Deploy Frontend
- Build React/Vite frontend
- Deploy to GKE
- Configure LoadBalancer
-
Enable GitOps (ArgoCD)
- Install ArgoCD on cluster
- Configure app manifests
- Automate deployment pipeline
-
Multi-Environment Setup
- Create dev/staging/prod clusters
- Separate GCP projects
- Implement promotion workflow
π Related Documentationβ
- Infrastructure Overview:
infrastructure/README.md - Terraform Modules:
infrastructure/terraform/CLAUDE.md - Quick Start Guide:
infrastructure/KUBERNETES-TERRAFORM-HELM-1-2-3-quickstart.md - Backend Deployment:
docs/backend-deployment-resolution-report.md - IaC Summary:
docs/iac-implementation-summary.md - API Testing:
docs/api-testing-summary.md
π Quick Health Checkβ
Run this to verify all systems are operational:
#!/bin/bash
echo "=== Cluster Health ==="
kubectl get nodes
echo -e "\n=== API v5 Status ==="
kubectl get pods -n coditect-app -l app=coditect-api-v5
kubectl get svc -n coditect-app api-loadbalancer
echo -e "\n=== FoundationDB Status ==="
kubectl get pods -n coditect-app -l app=foundationdb
kubectl exec -n coditect-app foundationdb-0 -- fdbcli --exec "status" | grep -E "(Replication health|Server time)"
echo -e "\n=== API Health Check ==="
API_IP=$(kubectl get svc -n coditect-app api-loadbalancer -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
curl -s http://$API_IP/api/v5/health | jq
echo -e "\n=== workspace Status ==="
kubectl get pods -n codi-workspaces -l app=codi-workspace
echo -e "\n=== External IPs ==="
echo "API LoadBalancer: $API_IP"
echo "workspace LoadBalancer: $(kubectl get svc -n codi-workspaces codi-workspace-lb -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"
echo "Domain (coditect.ai): 34.8.51.57"
Save as health-check.sh, make executable (chmod +x), and run.
Last Updated: 2025-10-07 Maintained By: Platform Team Next Review: 2025-10-14