k8s hlaeja account registry

2025-07-22 16:03:32 +02:00
parent 91eef1911f
commit 203acf6a76
7 changed files with 190 additions and 0 deletions
--- a/doc/k8s-testing.md
+++ b/doc/k8s-testing.md
@@ -8,12 +8,19 @@
  * [Initialize](#initialize)
    * [Namespace](#namespace)
    * [Registry Secret](#registry-secret)
+    * [JSON Web Token (JWT)](#json-web-token-jwt)
  * [Databases](#databases)
    * [Postgres](#postgres)
      * [Secret](#secret)
      * [Config Map](#config-map)
      * [Stateful Set](#stateful-set)
      * [Service](#service)
+  * [Hlæja](#hlæja)
+    * [Account Register](#account-register)
+      * [Secret](#secret-1)
+      * [Config Map](#config-map-1)
+      * [Deployment](#deployment)
+      * [Service](#service-1)
 <!-- TOC -->

 ----
@@ -76,6 +83,24 @@ witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJu

 ---

+### JSON Web Token (JWT)
+
+For JWT we are using public and private keys, read more about [RSA keys](./rsa_key.md).
+
+Account private key for account service to make access token.
+
+```bash
+kubectl apply -f .\kube\01-initialize\03-account-jwt-private-key-secret.yaml
+```
+
+Account public key for all services identifying users
+
+```bash
+kubectl apply -f .\kube\01-initialize\04-account-jwt-public-key-secret.yaml
+```
+
+---
+
 ## Databases

 ### Postgres
@@ -121,3 +146,51 @@ this exposes port and ip.
 ```bash
 kubectl apply -f .\kube\02-databases\01-postgres\04-service.yaml
 ```
+
+---
+
+## Hlæja
+
+### Account Register
+
+This is only a ***concept*** and exist for testing rest of system. this need to be ***rewritten***.
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\01-secret.yaml
+```
+
+Set values:
+
+- postgres password
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- postgres username
+- postgres url
+- account private jwt file location
+
+#### Deployment
+
+Account Registry Service, using `account-jwt-private-key`
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\04-service.yaml
+```
+ 
--- a/kube/01-initialize/03-account-jwt-private-key-secret.yaml
+++ b/kube/01-initialize/03-account-jwt-private-key-secret.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-jwt-private-key
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  private_key.pem: AccountJwtPrivateKeyFileBase64==
+
+
--- a/kube/01-initialize/04-account-jwt-public-key-secret.yaml
+++ b/kube/01-initialize/04-account-jwt-public-key-secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-jwt-public-key
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: frontend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  public_key.pem: AccountJwtPublicKeyFileBase64==
--- a/kube/03-hlaeja/01-account-registry/01-secret.yaml
+++ b/kube/03-hlaeja/01-account-registry/01-secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-register
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+type: Opaque
+stringData:
+  SPRING_R2DBC_PASSWORD: "password"
--- a/kube/03-hlaeja/01-account-registry/02-configmap.yaml
+++ b/kube/03-hlaeja/01-account-registry/02-configmap.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: account-register
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: "testing"
+  SPRING_R2DBC_URL: "r2dbc:postgresql://postgres:5432/account_registry"
+  SPRING_R2DBC_USERNAME: "services"
+  JWT_PRIVATE_KEY: "cert/private_key.pem"
--- a/kube/03-hlaeja/01-account-registry/03-deployment.yaml
+++ b/kube/03-hlaeja/01-account-registry/03-deployment.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: account-register
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: account-register
+  template:
+    metadata:
+      labels:
+        app: account-register
+    spec:
+      imagePullSecrets:
+        - name: github
+      containers:
+        - name: account-register-app
+          image: ghcr.io/swordsteel/hlaeja-account-registry:0.2.0
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: account-register
+            - secretRef:
+                name: account-register
+          volumeMounts:
+            - name: jwt-key-volume
+              mountPath: /app/resources/cert
+              readOnly: true
+          ports:
+            - containerPort: 8080
+      volumes:
+        - name: jwt-key-volume
+          secret:
+            secretName: account-jwt-private-key
+            items:
+              - key: private_key.pem
+                path: private_key.pem
--- a/kube/03-hlaeja/01-account-registry/04-service.yaml
+++ b/kube/03-hlaeja/01-account-registry/04-service.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: account-register
+  namespace: hlaeja
+  annotations:
+    metallb.universe.tf/address-pool: default
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.0.3.111
+  selector:
+    app: account-register
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080