hlaeja-old/hlaeja-development
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

k8s hlaeja device registry

Browse Source
This commit is contained in:
Mr. Swordsteel
2025-07-22 18:18:52 +02:00
committed by swordsteel
parent 203acf6a76
commit 03e9d0a703
7 changed files with 176 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
doc/k8s-testing.md
View File

@@ -9,6 +9,7 @@
* [Namespace](#namespace) * [Namespace](#namespace)
* [Registry Secret](#registry-secret) * [Registry Secret](#registry-secret)
* [JSON Web Token (JWT)](#json-web-token-jwt) * [JSON Web Token (JWT)](#json-web-token-jwt)
* [Keystore](#keystore)
* [Databases](#databases) * [Databases](#databases)
* [Postgres](#postgres) * [Postgres](#postgres)
* [Secret](#secret) * [Secret](#secret)
@@ -21,6 +22,11 @@
* [Config Map](#config-map-1) * [Config Map](#config-map-1)
* [Deployment](#deployment) * [Deployment](#deployment)
* [Service](#service-1) * [Service](#service-1)
* [Device Register](#device-register)
* [Secret](#secret-2)
* [Config Map](#config-map-2)
* [Deployment](#deployment-1)
* [Service](#service-2)
<!-- TOC --> <!-- TOC -->
---- ----
@@ -99,6 +105,18 @@ Account public key for all services identifying users
kubectl apply -f .\kube\01-initialize\04-account-jwt-public-key-secret.yaml kubectl apply -f .\kube\01-initialize\04-account-jwt-public-key-secret.yaml
``` ```
Device private key for device service to make device token.
```bash
kubectl apply -f .\kube\01-initialize\05-device-jwt-private-key-secret.yaml
```
Device public key for all services identifying devices
```bash
kubectl apply -f .\kube\01-initialize\06-device-jwt-public-key-secret.yaml
```
--- ---
## Databases ## Databases
@@ -194,3 +212,45 @@ this service should not be accessible from world only open in testing
kubectl apply -f .\kube\03-hlaeja\01-account-registry\04-service.yaml kubectl apply -f .\kube\03-hlaeja\01-account-registry\04-service.yaml
``` ```
---
### Device Register
#### Secret
```bash
kubectl apply -f .\kube\03-hlaeja\02-device-registry\01-secret.yaml
```
Set values:
- postgres password
#### Config Map
```bash
kubectl apply -f .\kube\03-hlaeja\02-device-registry\02-configmap.yaml
```
Set values:
- spring profile
- postgres username
- postgres url
- device private jwt file location
#### Deployment
Account Registry Service, using `account-jwt-private-key`
```bash
kubectl apply -f .\kube\03-hlaeja\02-device-registry\03-deployment.yaml
```
#### Service
this service should not be accessible from world only open in testing
```bash
kubectl apply -f .\kube\03-hlaeja\02-device-registry\04-service.yaml
```

13
kube/01-initialize/05-device-jwt-private-key-secret.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: device-jwt-private-key
namespace: hlaeja
labels:
app: device-register
environment: testing
tier: backend
type: Opaque
data:
# Look at /doc/rsa_key.md, for how to make real values
private_key.pem: DeviceJwtPrivateKeyFileBase64==

13
kube/01-initialize/06-device-jwt-public-key-secret.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: device-jwt-public-key
namespace: hlaeja
labels:
app: device-register
environment: testing
tier: frontend
type: Opaque
data:
# Look at /doc/rsa_key.md, for how to make real values
public_key.pem: DeviceJwtPublicKeyFileBase64==

12
kube/03-hlaeja/02-device-registry/01-secret.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Secret
metadata:
name: device-register
namespace: hlaeja
labels:
app: device-register
environment: testing
tier: backend
type: Opaque
stringData:
SPRING_R2DBC_PASSWORD: "password"

14
kube/03-hlaeja/02-device-registry/02-configmap.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: device-register
namespace: hlaeja
labels:
app: device-register
environment: testing
tier: backend
data:
SPRING_PROFILES_ACTIVE: "testing"
SPRING_R2DBC_URL: "r2dbc:postgresql://postgres:5432/device_registry"
SPRING_R2DBC_USERNAME: "services"
JWT_PRIVATE_KEY: "cert/private_key.pem"

43
kube/03-hlaeja/02-device-registry/03-deployment.yaml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: device-register
namespace: hlaeja
labels:
app: device-register
environment: testing
tier: backend
spec:
replicas: 1
selector:
matchLabels:
app: device-register
template:
metadata:
labels:
app: device-register
spec:
imagePullSecrets:
- name: github
containers:
- name: device-register-app
image: ghcr.io/swordsteel/hlaeja-device-registry:0.5.0
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: device-register
- secretRef:
name: device-register
volumeMounts:
- name: jwt-key-volume
mountPath: /app/resources/cert
readOnly: true
ports:
- containerPort: 8080
volumes:
- name: jwt-key-volume
secret:
secretName: device-jwt-private-key
items:
- key: private_key.pem
path: private_key.pem

20
kube/03-hlaeja/02-device-registry/04-service.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: device-register
namespace: hlaeja
annotations:
metallb.universe.tf/address-pool: default
labels:
app: device-register
environment: testing
tier: backend
spec:
type: LoadBalancer
loadBalancerIP: 10.0.3.112
selector:
app: device-register
ports:
- protocol: TCP
port: 80
targetPort: 8080