k8s hlaeja device registry

2025-07-22 18:18:52 +02:00
parent 203acf6a76
commit 03e9d0a703
7 changed files with 176 additions and 1 deletions
--- a/doc/k8s-testing.md
+++ b/doc/k8s-testing.md
@@ -9,6 +9,7 @@
    * [Namespace](#namespace)
    * [Registry Secret](#registry-secret)
    * [JSON Web Token (JWT)](#json-web-token-jwt)
+    * [Keystore](#keystore)
  * [Databases](#databases)
    * [Postgres](#postgres)
      * [Secret](#secret)
@@ -21,6 +22,11 @@
      * [Config Map](#config-map-1)
      * [Deployment](#deployment)
      * [Service](#service-1)
+    * [Device Register](#device-register)
+      * [Secret](#secret-2)
+      * [Config Map](#config-map-2)
+      * [Deployment](#deployment-1)
+      * [Service](#service-2)
 <!-- TOC -->

 ----
@@ -99,6 +105,18 @@ Account public key for all services identifying users
 kubectl apply -f .\kube\01-initialize\04-account-jwt-public-key-secret.yaml
 ```

+Device private key for device service to make device token.
+
+```bash
+kubectl apply -f .\kube\01-initialize\05-device-jwt-private-key-secret.yaml
+```
+
+Device public key for all services identifying devices
+
+```bash
+kubectl apply -f .\kube\01-initialize\06-device-jwt-public-key-secret.yaml
+```
+
 ---

 ## Databases
@@ -194,3 +212,45 @@ this service should not be accessible from world only open in testing
 kubectl apply -f .\kube\03-hlaeja\01-account-registry\04-service.yaml
 ```

+---
+
+### Device Register
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\01-secret.yaml
+```
+
+Set values:
+
+- postgres password
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- postgres username
+- postgres url
+- device private jwt file location
+
+#### Deployment
+
+Account Registry Service, using `account-jwt-private-key`
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\04-service.yaml
+```
--- a/kube/01-initialize/05-device-jwt-private-key-secret.yaml
+++ b/kube/01-initialize/05-device-jwt-private-key-secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-jwt-private-key
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: backend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  private_key.pem: DeviceJwtPrivateKeyFileBase64==
--- a/kube/01-initialize/06-device-jwt-public-key-secret.yaml
+++ b/kube/01-initialize/06-device-jwt-public-key-secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-jwt-public-key
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: frontend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  public_key.pem: DeviceJwtPublicKeyFileBase64==
--- a/kube/03-hlaeja/02-device-registry/01-secret.yaml
+++ b/kube/03-hlaeja/02-device-registry/01-secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-register
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: backend
+type: Opaque
+stringData:
+  SPRING_R2DBC_PASSWORD: "password"
--- a/kube/03-hlaeja/02-device-registry/02-configmap.yaml
+++ b/kube/03-hlaeja/02-device-registry/02-configmap.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-register
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: "testing"
+  SPRING_R2DBC_URL: "r2dbc:postgresql://postgres:5432/device_registry"
+  SPRING_R2DBC_USERNAME: "services"
+  JWT_PRIVATE_KEY: "cert/private_key.pem"
--- a/kube/03-hlaeja/02-device-registry/03-deployment.yaml
+++ b/kube/03-hlaeja/02-device-registry/03-deployment.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-register
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: device-register
+  template:
+    metadata:
+      labels:
+        app: device-register
+    spec:
+      imagePullSecrets:
+        - name: github
+      containers:
+        - name: device-register-app
+          image: ghcr.io/swordsteel/hlaeja-device-registry:0.5.0
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-register
+            - secretRef:
+                name: device-register
+          volumeMounts:
+            - name: jwt-key-volume
+              mountPath: /app/resources/cert
+              readOnly: true
+          ports:
+            - containerPort: 8080
+      volumes:
+        - name: jwt-key-volume
+          secret:
+            secretName: device-jwt-private-key
+            items:
+              - key: private_key.pem
+                path: private_key.pem
--- a/kube/03-hlaeja/02-device-registry/04-service.yaml
+++ b/kube/03-hlaeja/02-device-registry/04-service.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-register
+  namespace: hlaeja
+  annotations:
+    metallb.universe.tf/address-pool: default
+  labels:
+    app: device-register
+    environment: testing
+    tier: backend
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.0.3.112
+  selector:
+    app: device-register
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080