diff --git a/doc/k8s-testing.md b/doc/k8s-testing.md index 33b2a99..d3f6a3c 100644 --- a/doc/k8s-testing.md +++ b/doc/k8s-testing.md @@ -9,6 +9,7 @@ * [Namespace](#namespace) * [Registry Secret](#registry-secret) * [JSON Web Token (JWT)](#json-web-token-jwt) + * [Keystore](#keystore) * [Databases](#databases) * [Postgres](#postgres) * [Secret](#secret) @@ -21,6 +22,11 @@ * [Config Map](#config-map-1) * [Deployment](#deployment) * [Service](#service-1) + * [Device Register](#device-register) + * [Secret](#secret-2) + * [Config Map](#config-map-2) + * [Deployment](#deployment-1) + * [Service](#service-2) ---- @@ -99,6 +105,18 @@ Account public key for all services identifying users kubectl apply -f .\kube\01-initialize\04-account-jwt-public-key-secret.yaml ``` +Device private key for device service to make device token. + +```bash +kubectl apply -f .\kube\01-initialize\05-device-jwt-private-key-secret.yaml +``` + +Device public key for all services identifying devices + +```bash +kubectl apply -f .\kube\01-initialize\06-device-jwt-public-key-secret.yaml +``` + --- ## Databases @@ -193,4 +211,46 @@ this service should not be accessible from world only open in testing ```bash kubectl apply -f .\kube\03-hlaeja\01-account-registry\04-service.yaml ``` - + +--- + +### Device Register + +#### Secret + +```bash +kubectl apply -f .\kube\03-hlaeja\02-device-registry\01-secret.yaml +``` + +Set values: + +- postgres password + +#### Config Map + +```bash +kubectl apply -f .\kube\03-hlaeja\02-device-registry\02-configmap.yaml +``` + +Set values: + +- spring profile +- postgres username +- postgres url +- device private jwt file location + +#### Deployment + +Account Registry Service, using `account-jwt-private-key` + +```bash +kubectl apply -f .\kube\03-hlaeja\02-device-registry\03-deployment.yaml +``` + +#### Service + +this service should not be accessible from world only open in testing + +```bash +kubectl apply -f .\kube\03-hlaeja\02-device-registry\04-service.yaml +``` diff --git a/kube/01-initialize/05-device-jwt-private-key-secret.yaml b/kube/01-initialize/05-device-jwt-private-key-secret.yaml new file mode 100644 index 0000000..1b3b2f4 --- /dev/null +++ b/kube/01-initialize/05-device-jwt-private-key-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: device-jwt-private-key + namespace: hlaeja + labels: + app: device-register + environment: testing + tier: backend +type: Opaque +data: + # Look at /doc/rsa_key.md, for how to make real values + private_key.pem: DeviceJwtPrivateKeyFileBase64== diff --git a/kube/01-initialize/06-device-jwt-public-key-secret.yaml b/kube/01-initialize/06-device-jwt-public-key-secret.yaml new file mode 100644 index 0000000..374d1a4 --- /dev/null +++ b/kube/01-initialize/06-device-jwt-public-key-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: device-jwt-public-key + namespace: hlaeja + labels: + app: device-register + environment: testing + tier: frontend +type: Opaque +data: + # Look at /doc/rsa_key.md, for how to make real values + public_key.pem: DeviceJwtPublicKeyFileBase64== diff --git a/kube/03-hlaeja/02-device-registry/01-secret.yaml b/kube/03-hlaeja/02-device-registry/01-secret.yaml new file mode 100644 index 0000000..ecf8052 --- /dev/null +++ b/kube/03-hlaeja/02-device-registry/01-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: device-register + namespace: hlaeja + labels: + app: device-register + environment: testing + tier: backend +type: Opaque +stringData: + SPRING_R2DBC_PASSWORD: "password" diff --git a/kube/03-hlaeja/02-device-registry/02-configmap.yaml b/kube/03-hlaeja/02-device-registry/02-configmap.yaml new file mode 100644 index 0000000..ba6eb81 --- /dev/null +++ b/kube/03-hlaeja/02-device-registry/02-configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: device-register + namespace: hlaeja + labels: + app: device-register + environment: testing + tier: backend +data: + SPRING_PROFILES_ACTIVE: "testing" + SPRING_R2DBC_URL: "r2dbc:postgresql://postgres:5432/device_registry" + SPRING_R2DBC_USERNAME: "services" + JWT_PRIVATE_KEY: "cert/private_key.pem" diff --git a/kube/03-hlaeja/02-device-registry/03-deployment.yaml b/kube/03-hlaeja/02-device-registry/03-deployment.yaml new file mode 100644 index 0000000..d36c4c4 --- /dev/null +++ b/kube/03-hlaeja/02-device-registry/03-deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: device-register + namespace: hlaeja + labels: + app: device-register + environment: testing + tier: backend +spec: + replicas: 1 + selector: + matchLabels: + app: device-register + template: + metadata: + labels: + app: device-register + spec: + imagePullSecrets: + - name: github + containers: + - name: device-register-app + image: ghcr.io/swordsteel/hlaeja-device-registry:0.5.0 + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: device-register + - secretRef: + name: device-register + volumeMounts: + - name: jwt-key-volume + mountPath: /app/resources/cert + readOnly: true + ports: + - containerPort: 8080 + volumes: + - name: jwt-key-volume + secret: + secretName: device-jwt-private-key + items: + - key: private_key.pem + path: private_key.pem diff --git a/kube/03-hlaeja/02-device-registry/04-service.yaml b/kube/03-hlaeja/02-device-registry/04-service.yaml new file mode 100644 index 0000000..b870f22 --- /dev/null +++ b/kube/03-hlaeja/02-device-registry/04-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: device-register + namespace: hlaeja + annotations: + metallb.universe.tf/address-pool: default + labels: + app: device-register + environment: testing + tier: backend +spec: + type: LoadBalancer + loadBalancerIP: 10.0.3.112 + selector: + app: device-register + ports: + - protocol: TCP + port: 80 + targetPort: 8080