diff --git a/doc/k8s-testing.md b/doc/k8s-testing.md index 59c426a..478396f 100644 --- a/doc/k8s-testing.md +++ b/doc/k8s-testing.md @@ -52,6 +52,10 @@ * [Config Map](#config-map-6) * [Deployment](#deployment-4) * [Service](#service-8) + * [Registry API](#registry-api) + * [Config Map](#config-map-7) + * [Deployment](#deployment-5) + * [Service](#service-9) ---- @@ -168,6 +172,11 @@ Device API Keystore kubectl apply -f .\kube\01-initialize\07-device-api-keystore.yaml ``` +Registry API Keystore +```bash +kubectl apply -f .\kube\01-initialize\08-register-api-keystore.yaml +``` + --- ## Databases @@ -546,3 +555,65 @@ this service should not be accessible from world only open in testing ```bash kubectl apply -f .\kube\03-hlaeja\05-device-api\03-service.yaml ``` + +--- + +### Registry API + +#### Config Map + +```bash +kubectl apply -f .\kube\03-hlaeja\06-registry-api\01-configmap.yaml +``` + +Set values: + +- spring profile +- device register url +- registry register url + +#### Deployment + +```bash +kubectl apply -f .\kube\03-hlaeja\06-registry-api\02-deployment.yaml +``` + +#### Service + +this service should not be accessible from world only open in testing + +```bash +kubectl apply -f .\kube\03-hlaeja\06-registry-api\03-service.yaml +``` + +--- + +# Management + +#### Config Map + +```bash +kubectl apply -f .\kube\03-hlaeja\07-management\01-configmap.yaml +``` + +Set values: + +- spring profile +- spring data redis database +- spring data redis host +- device register url +- registry register url + +#### Deployment + +```bash +kubectl apply -f .\kube\03-hlaeja\07-management\02-deployment.yaml +``` + +#### Service + +this service should not be accessible from world only open in testing + +```bash +kubectl apply -f .\kube\03-hlaeja\07-management\03-service.yaml +``` diff --git a/kube/01-initialize/08-register-api-keystore.yaml b/kube/01-initialize/08-register-api-keystore.yaml new file mode 100644 index 0000000..22ed810 --- /dev/null +++ b/kube/01-initialize/08-register-api-keystore.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: registry-api-keystore + namespace: hlaeja + labels: + environment: testing +type: Opaque +data: + # Look at /doc/keystore.md, for how to make real values + keystore.p12: RegistryApiKeystoreFileBase64== + keystore-password: RegistryApiKeystorePasswordBase64== diff --git a/kube/03-hlaeja/06-registry-api/01-configmap.yaml b/kube/03-hlaeja/06-registry-api/01-configmap.yaml new file mode 100644 index 0000000..4f3335e --- /dev/null +++ b/kube/03-hlaeja/06-registry-api/01-configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: registry-api + namespace: hlaeja + labels: + app: registry-api + environment: testing + tier: frontend +data: + SPRING_PROFILES_ACTIVE: "testing" + + ACCOUNT_REGISTRY_URL: "http://account-register" + DEVICE_REGISTRY_URL: "http://device-register" + + # all of this should be preset in application.yaml + SERVER_PORT: "8443" + SERVER_SSL_ENABLED: "true" + SERVER_SSL_KEY_STORE: "/app/resources/cert/keystore.p12" + SERVER_SSL_KEY_STORE_TYPE: "PKCS12" + + # This was experimental and should be removed in later versions + MANAGEMENT_METRICS_TAGS_APPLICATION: "register-api" + MANAGEMENT_INFLUX_METRICS_EXPORT_ENABLED: "false" + MANAGEMENT_INFLUX_METRICS_EXPORT_URL: "http://influxdb" + # adding this here as it's going to be deleted and is not sued internally + MANAGEMENT_INFLUX_METRICS_EXPORT_TOKEN: "invalidInfluxDbToken==" + + diff --git a/kube/03-hlaeja/06-registry-api/02-deployment.yaml b/kube/03-hlaeja/06-registry-api/02-deployment.yaml new file mode 100644 index 0000000..a24c848 --- /dev/null +++ b/kube/03-hlaeja/06-registry-api/02-deployment.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: registry-api + namespace: hlaeja + labels: + app: registry-api + environment: testing + tier: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: registry-api + template: + metadata: + labels: + app: registry-api + spec: + imagePullSecrets: + - name: github + containers: + - name: registry-api-app + image: ghcr.io/swordsteel/hlaeja-registry-api:0.2.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8443 + envFrom: + - configMapRef: + name: registry-api + env: + - name: SERVER_SSL_KEY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: registry-api-keystore + key: keystore-password + volumeMounts: + - name: keystore-volume + mountPath: /app/resources/cert/keystore.p12 + subPath: keystore.p12 + readOnly: true + - name: jwt-volume + mountPath: /app/resources/cert/public_key.pem + subPath: public_key.pem + readOnly: true + volumes: + - name: keystore-volume + secret: + secretName: registry-api-keystore + items: + - key: keystore.p12 + path: keystore.p12 + - name: jwt-volume + secret: + secretName: account-jwt-public-key + items: + - key: public_key.pem + path: public_key.pem diff --git a/kube/03-hlaeja/06-registry-api/03-service.yaml b/kube/03-hlaeja/06-registry-api/03-service.yaml new file mode 100644 index 0000000..8c1a045 --- /dev/null +++ b/kube/03-hlaeja/06-registry-api/03-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: registry-api + namespace: hlaeja + annotations: + metallb.universe.tf/address-pool: default + labels: + app: registry-api + environment: testing + tier: frontend +spec: + type: LoadBalancer + loadBalancerIP: 10.0.3.103 + selector: + app: registry-api + ports: + - protocol: TCP + port: 443 + targetPort: 8443 diff --git a/kube/03-hlaeja/07-management/01-configmap.yaml b/kube/03-hlaeja/07-management/01-configmap.yaml new file mode 100644 index 0000000..dbe1032 --- /dev/null +++ b/kube/03-hlaeja/07-management/01-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: management + namespace: hlaeja + labels: + app: management + environment: testing + tier: frontend +data: + SPRING_PROFILES_ACTIVE: "testing" + SPRING_DATA_REDIS_DATABASE: "2" + SPRING_DATA_REDIS_HOST: "redis" + ACCOUNT_REGISTRY_URL: "http://account-register" + DEVICE_REGISTRY_URL: "http://device-register" diff --git a/kube/03-hlaeja/07-management/02-deployment.yaml b/kube/03-hlaeja/07-management/02-deployment.yaml new file mode 100644 index 0000000..c29d8a6 --- /dev/null +++ b/kube/03-hlaeja/07-management/02-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: management + namespace: hlaeja + labels: + app: management + environment: testing + tier: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: management + template: + metadata: + labels: + app: management + spec: + imagePullSecrets: + - name: github + containers: + - name: management-app + image: ghcr.io/swordsteel/hlaeja-management:0.2.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + envFrom: + - configMapRef: + name: management + volumeMounts: + - name: jwt-volume + mountPath: /app/resources/cert/public_key.pem + subPath: public_key.pem + readOnly: true + volumes: + - name: jwt-volume + secret: + secretName: account-jwt-public-key + items: + - key: public_key.pem + path: public_key.pem diff --git a/kube/03-hlaeja/07-management/03-service.yaml b/kube/03-hlaeja/07-management/03-service.yaml new file mode 100644 index 0000000..71d9c4f --- /dev/null +++ b/kube/03-hlaeja/07-management/03-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: management + namespace: hlaeja + annotations: + metallb.universe.tf/address-pool: default + labels: + app: management + environment: testing + tier: frontend +spec: + type: LoadBalancer + loadBalancerIP: 10.0.3.101 + selector: + app: management + ports: + - protocol: TCP + port: 80 + targetPort: 8080