k8s hlaeja registry api

doc/k8s-testing.md

@@ -52,6 +52,10 @@
       * [Config Map](#config-map-6)
       * [Deployment](#deployment-4)
       * [Service](#service-8)
+    * [Registry API](#registry-api)
+      * [Config Map](#config-map-7)
+      * [Deployment](#deployment-5)
+      * [Service](#service-9)
 <!-- TOC -->
 
 ----
@@ -168,6 +172,11 @@ Device API Keystore
 kubectl apply -f .\kube\01-initialize\07-device-api-keystore.yaml
 ```
 
+Registry API Keystore
+```bash
+kubectl apply -f .\kube\01-initialize\08-register-api-keystore.yaml
+```
+
 ---
 
 ## Databases
@@ -546,3 +555,65 @@ this service should not be accessible from world only open in testing
 ```bash
 kubectl apply -f .\kube\03-hlaeja\05-device-api\03-service.yaml
 ```
+
+---
+
+### Registry API
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- device register url
+- registry register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\03-service.yaml
+```
+
+---
+
+# Management
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- spring data redis database
+- spring data redis host
+- device register url
+- registry register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\03-service.yaml
+```

kube/01-initialize/08-register-api-keystore.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry-api-keystore
+  namespace: hlaeja
+  labels:
+    environment: testing
+type: Opaque
+data:
+  # Look at /doc/keystore.md, for how to make real values
+  keystore.p12: RegistryApiKeystoreFileBase64==
+  keystore-password: RegistryApiKeystorePasswordBase64==

kube/03-hlaeja/06-registry-api/01-configmap.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: registry-api
+  namespace: hlaeja
+  labels:
+    app: registry-api
+    environment: testing
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: "testing"
+
+  ACCOUNT_REGISTRY_URL: "http://account-register"
+  DEVICE_REGISTRY_URL: "http://device-register"
+
+  # all of this should be preset in application.yaml
+  SERVER_PORT: "8443"
+  SERVER_SSL_ENABLED: "true"
+  SERVER_SSL_KEY_STORE: "/app/resources/cert/keystore.p12"
+  SERVER_SSL_KEY_STORE_TYPE: "PKCS12"
+
+  # This was experimental and should be removed in later versions
+  MANAGEMENT_METRICS_TAGS_APPLICATION: "register-api"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_ENABLED: "false"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_URL: "http://influxdb"
+  # adding this here as it's going to be deleted and is not sued internally
+  MANAGEMENT_INFLUX_METRICS_EXPORT_TOKEN: "invalidInfluxDbToken=="
+
+

kube/03-hlaeja/06-registry-api/02-deployment.yaml

@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: registry-api
+  namespace: hlaeja
+  labels:
+    app: registry-api
+    environment: testing
+    tier: frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: registry-api
+  template:
+    metadata:
+      labels:
+        app: registry-api
+    spec:
+      imagePullSecrets:
+        - name: github
+      containers:
+        - name: registry-api-app
+          image: ghcr.io/swordsteel/hlaeja-registry-api:0.2.0
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8443
+          envFrom:
+            - configMapRef:
+                name: registry-api
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: registry-api-keystore
+                  key: keystore-password
+          volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
+            - name: jwt-volume
+              mountPath: /app/resources/cert/public_key.pem
+              subPath: public_key.pem
+              readOnly: true
+      volumes:
+        - name: keystore-volume
+          secret:
+            secretName: registry-api-keystore
+            items:
+              - key: keystore.p12
+                path: keystore.p12
+        - name: jwt-volume
+          secret:
+            secretName: account-jwt-public-key
+            items:
+              - key: public_key.pem
+                path: public_key.pem

kube/03-hlaeja/06-registry-api/03-service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry-api
+  namespace: hlaeja
+  annotations:
+    metallb.universe.tf/address-pool: default
+  labels:
+    app: registry-api
+    environment: testing
+    tier: frontend
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.0.3.103
+  selector:
+    app: registry-api
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 8443

kube/03-hlaeja/07-management/01-configmap.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: management
+  namespace: hlaeja
+  labels:
+    app: management
+    environment: testing
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: "testing"
+  SPRING_DATA_REDIS_DATABASE: "2"
+  SPRING_DATA_REDIS_HOST: "redis"
+  ACCOUNT_REGISTRY_URL: "http://account-register"
+  DEVICE_REGISTRY_URL: "http://device-register"

kube/03-hlaeja/07-management/02-deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: management
+  namespace: hlaeja
+  labels:
+    app: management
+    environment: testing
+    tier: frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: management
+  template:
+    metadata:
+      labels:
+        app: management
+    spec:
+      imagePullSecrets:
+        - name: github
+      containers:
+        - name: management-app
+          image: ghcr.io/swordsteel/hlaeja-management:0.2.0
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+          envFrom:
+            - configMapRef:
+                name: management
+          volumeMounts:
+            - name: jwt-volume
+              mountPath: /app/resources/cert/public_key.pem
+              subPath: public_key.pem
+              readOnly: true
+      volumes:
+        - name: jwt-volume
+          secret:
+            secretName: account-jwt-public-key
+            items:
+              - key: public_key.pem
+                path: public_key.pem

kube/03-hlaeja/07-management/03-service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: management
+  namespace: hlaeja
+  annotations:
+    metallb.universe.tf/address-pool: default
+  labels:
+    app: management
+    environment: testing
+    tier: frontend
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.0.3.101
+  selector:
+    app: management
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080