signature
Overview
- Namespace:
signature - Purpose: Digital Signature Services - PRODUCTION
- Age: ~4 years 168 days / ~3 years 284 days (active service)
- Status: Partially Active - 1 active, 4 scaled to 0
- Workloads: 5 deployments (1 active, 4 scaled to 0)
- Environment: PRODUCTION - Digital signature management
Architecture
Digital signature platform with most services scaled down:
- Signing App: Active signature service (1 replica)
- API: Legacy API service (0 replicas)
- Consumer: Test result consumer (0 replicas)
- Flower: Celery monitoring (0 replicas)
- Worker: Background worker (0 replicas)
Auto-Scaling Configuration
Not Applicable:
- No HPA configured
- Active service at fixed 1 replica
- Inactive services at 0 replicas
Workload Categories
Active Service (1 deployment)
| Name | Replicas | Status | Purpose |
|---|---|---|---|
| signing-app | 1/1 | Running | Digital signature service |
Inactive Services (4 deployments - Scaled to 0)
| Name | Replicas | Status | Purpose |
|---|---|---|---|
| api | 0/0 | Inactive | Legacy API service |
| consumer-test-result | 0/0 | Inactive | Test result consumer |
| flower | 0/0 | Inactive | Celery monitoring |
| worker | 0/0 | Inactive | Background worker |
Services
| Name | Type | Cluster IP | Ports | Purpose |
|---|---|---|---|---|
| api | NodePort | 10.8.26.71 | 80:30411 | Legacy API (inactive) |
| flower | NodePort | 10.8.28.73 | 80:31133 | Celery monitoring (inactive) |
| signing-service | ClusterIP | 10.8.28.16 | 80 | Digital signature service (active) |
Access & Management
View all resources:
kubectl get all -n signature
Check active service:
# View signing-app pod
kubectl get pods -n signature | grep signing-app
# View logs
kubectl logs -f deployment/signing-app -n signature
# Check for errors
kubectl logs deployment/signing-app -n signature --tail=100 | grep -i "error"
Access signing service:
# Port forward
kubectl port-forward -n signature service/signing-service 8080:80
# Access: http://localhost:8080
Restart active service:
kubectl rollout restart deployment/signing-app -n signature
Scale inactive services (if needed):
# Scale API
kubectl scale deployment api --replicas=1 -n signature
# Scale worker
kubectl scale deployment worker --replicas=1 -n signature
# Scale consumer
kubectl scale deployment consumer-test-result --replicas=1 -n signature
Monitoring
Pod metrics:
kubectl top pods -n signature
# Check resource usage
kubectl describe pod -n signature | grep -A 5 "Requests\|Limits"
Events:
kubectl get events -n signature --sort-by='.lastTimestamp' | head -20
Data Flow (Active Service)
Internal Services
↓
signing-service (ClusterIP:80)
↓
signing-app pod
↓
Digital Signature Processing
↓
Document Signing
Signature Service Workflow
1. Active Service
- signing-app (1 replica)
- Digital signature generation
- Document signing API
- Internal access only (ClusterIP)
- 107 days old (stable)
2. Inactive Components
- api: Legacy NodePort API (scaled to 0)
- worker: Celery background worker (scaled to 0)
- consumer-test-result: Test result consumer (scaled to 0)
- flower: Celery monitoring (scaled to 0)
3. Architecture Evolution
- Older architecture had API + Worker + Consumer (4y168d)
- Current active service: signing-app (3y284d)
- Legacy components scaled down
- Simplified to single signing service
Production Considerations
High Availability
Active Service:
- signing-app: 1 replica (No HA)
- Single point of failure
- Pod restart = temporary unavailability
Inactive Services:
- 4 deployments scaled to 0
- Review if still needed
Recommendations
-
High Availability (Optional):
- Current: 1 replica (acceptable if not critical)
- Consider 2 replicas if document signing is business-critical
- Depends on signature service SLA requirements
-
Cleanup Inactive Services:
- 4 deployments scaled to 0 (80% of total)
- Review each deployment:
- If permanently unused → delete
- If legacy → document and remove
- Simplify namespace
-
Monitoring:
- Monitor signing-app pod health
- Alert on pod failures
- Track signature request success rates
- Monitor API response times
-
Backup Strategy:
- Back up signature keys (critical)
- Document signing workflows
- Test key recovery procedures
- Secure key storage
-
Security:
- Digital signatures are security-critical
- Audit access to signing service
- Rotate signing keys regularly
- Monitor for unauthorized access
- Review certificate management
Troubleshooting
Signing service not responding:
# Check pod status
kubectl get pods -n signature | grep signing-app
# Check logs
kubectl logs -f deployment/signing-app -n signature
# Check for errors
kubectl logs deployment/signing-app -n signature --tail=100 | grep -i "error\|fail"
# Test service
kubectl port-forward -n signature service/signing-service 8080:80
curl http://localhost:8080/health
# Restart pod
kubectl rollout restart deployment/signing-app -n signature
Check inactive services:
# List all deployments
kubectl get deployments -n signature
# Check scaled-to-0 deployments
kubectl get deployments -n signature | grep "0/0"
# Check deployment history
kubectl rollout history deployment/api -n signature
# Scale up if needed (testing)
kubectl scale deployment api --replicas=1 -n signature
Performance issues:
# Check resource usage
kubectl top pod -n signature
# Check pod events
kubectl describe pod -n signature
# Check resource limits
kubectl describe deployment signing-app -n signature | grep -A 10 "Limits\|Requests"
Performance Metrics
Current Scale
- Active: 1 deployment (signing-app: 1 replica)
- Inactive: 4 deployments (all scaled to 0)
- Age: 3y284d (signing-app), 4y168d (legacy services)
- Last Update: 107 days ago (signing-app)
Stability
- signing-app: 107 days old (stable)
- Restarts: Check with
kubectl get pods -n signature - Legacy Services: All inactive (4y+ old)
- Architecture: Simplified to single signing service
Architecture Notes
- Digital Signatures: Security-critical service
- Simplified: Single active service (signing-app)
- Legacy Components: 4 services scaled to 0 (cleanup candidate)
- Internal Access: ClusterIP service only
- No HA: Single replica
- Stable: 107 days without updates
- Cleanup Needed: 80% of deployments inactive