From 203acf6a763850170973080eccfed625b2f44bba Mon Sep 17 00:00:00 2001
From: Swordsteel <swordsteel@gmail.com>
Date: Tue, 22 Jul 2025 16:03:32 +0200
Subject: [PATCH] k8s hlaeja account registry

---
 doc/k8s-testing.md                            | 73 +++++++++++++++++++
 .../03-account-jwt-private-key-secret.yaml    | 15 ++++
 .../04-account-jwt-public-key-secret.yaml     | 13 ++++
 .../01-account-registry/01-secret.yaml        | 12 +++
 .../01-account-registry/02-configmap.yaml     | 14 ++++
 .../01-account-registry/03-deployment.yaml    | 43 +++++++++++
 .../01-account-registry/04-service.yaml       | 20 +++++
 7 files changed, 190 insertions(+)
 create mode 100644 kube/01-initialize/03-account-jwt-private-key-secret.yaml
 create mode 100644 kube/01-initialize/04-account-jwt-public-key-secret.yaml
 create mode 100644 kube/03-hlaeja/01-account-registry/01-secret.yaml
 create mode 100644 kube/03-hlaeja/01-account-registry/02-configmap.yaml
 create mode 100644 kube/03-hlaeja/01-account-registry/03-deployment.yaml
 create mode 100644 kube/03-hlaeja/01-account-registry/04-service.yaml

diff --git a/doc/k8s-testing.md b/doc/k8s-testing.md
index 6294e41..33b2a99 100644
--- a/doc/k8s-testing.md
+++ b/doc/k8s-testing.md
@@ -8,12 +8,19 @@
   * [Initialize](#initialize)
     * [Namespace](#namespace)
     * [Registry Secret](#registry-secret)
+    * [JSON Web Token (JWT)](#json-web-token-jwt)
   * [Databases](#databases)
     * [Postgres](#postgres)
       * [Secret](#secret)
       * [Config Map](#config-map)
       * [Stateful Set](#stateful-set)
       * [Service](#service)
+  * [Hlæja](#hlæja)
+    * [Account Register](#account-register)
+      * [Secret](#secret-1)
+      * [Config Map](#config-map-1)
+      * [Deployment](#deployment)
+      * [Service](#service-1)
 <!-- TOC -->
 
 ----
@@ -76,6 +83,24 @@ witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJu
 
 ---
 
+### JSON Web Token (JWT)
+
+For JWT we are using public and private keys, read more about [RSA keys](./rsa_key.md).
+
+Account private key for account service to make access token.
+
+```bash
+kubectl apply -f .\kube\01-initialize\03-account-jwt-private-key-secret.yaml
+```
+
+Account public key for all services identifying users
+
+```bash
+kubectl apply -f .\kube\01-initialize\04-account-jwt-public-key-secret.yaml
+```
+
+---
+
 ## Databases
 
 ### Postgres
@@ -121,3 +146,51 @@ this exposes port and ip.
 ```bash
 kubectl apply -f .\kube\02-databases\01-postgres\04-service.yaml
 ```
+
+---
+
+## Hlæja
+
+### Account Register
+
+This is only a ***concept*** and exist for testing rest of system. this need to be ***rewritten***.
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\01-secret.yaml
+```
+
+Set values:
+
+- postgres password
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- postgres username
+- postgres url
+- account private jwt file location
+
+#### Deployment
+
+Account Registry Service, using `account-jwt-private-key`
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\04-service.yaml
+```
+ 
diff --git a/kube/01-initialize/03-account-jwt-private-key-secret.yaml b/kube/01-initialize/03-account-jwt-private-key-secret.yaml
new file mode 100644
index 0000000..c567d7a
--- /dev/null
+++ b/kube/01-initialize/03-account-jwt-private-key-secret.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-jwt-private-key
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  private_key.pem: AccountJwtPrivateKeyFileBase64==
+
+
diff --git a/kube/01-initialize/04-account-jwt-public-key-secret.yaml b/kube/01-initialize/04-account-jwt-public-key-secret.yaml
new file mode 100644
index 0000000..e01dddf
--- /dev/null
+++ b/kube/01-initialize/04-account-jwt-public-key-secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-jwt-public-key
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: frontend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  public_key.pem: AccountJwtPublicKeyFileBase64==
diff --git a/kube/03-hlaeja/01-account-registry/01-secret.yaml b/kube/03-hlaeja/01-account-registry/01-secret.yaml
new file mode 100644
index 0000000..f86758d
--- /dev/null
+++ b/kube/03-hlaeja/01-account-registry/01-secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-register
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+type: Opaque
+stringData:
+  SPRING_R2DBC_PASSWORD: "password"
diff --git a/kube/03-hlaeja/01-account-registry/02-configmap.yaml b/kube/03-hlaeja/01-account-registry/02-configmap.yaml
new file mode 100644
index 0000000..82d0b0d
--- /dev/null
+++ b/kube/03-hlaeja/01-account-registry/02-configmap.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: account-register
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: "testing"
+  SPRING_R2DBC_URL: "r2dbc:postgresql://postgres:5432/account_registry"
+  SPRING_R2DBC_USERNAME: "services"
+  JWT_PRIVATE_KEY: "cert/private_key.pem"
diff --git a/kube/03-hlaeja/01-account-registry/03-deployment.yaml b/kube/03-hlaeja/01-account-registry/03-deployment.yaml
new file mode 100644
index 0000000..3e82461
--- /dev/null
+++ b/kube/03-hlaeja/01-account-registry/03-deployment.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: account-register
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: account-register
+  template:
+    metadata:
+      labels:
+        app: account-register
+    spec:
+      imagePullSecrets:
+        - name: github
+      containers:
+        - name: account-register-app
+          image: ghcr.io/swordsteel/hlaeja-account-registry:0.2.0
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: account-register
+            - secretRef:
+                name: account-register
+          volumeMounts:
+            - name: jwt-key-volume
+              mountPath: /app/resources/cert
+              readOnly: true
+          ports:
+            - containerPort: 8080
+      volumes:
+        - name: jwt-key-volume
+          secret:
+            secretName: account-jwt-private-key
+            items:
+              - key: private_key.pem
+                path: private_key.pem
diff --git a/kube/03-hlaeja/01-account-registry/04-service.yaml b/kube/03-hlaeja/01-account-registry/04-service.yaml
new file mode 100644
index 0000000..ae4ae51
--- /dev/null
+++ b/kube/03-hlaeja/01-account-registry/04-service.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: account-register
+  namespace: hlaeja
+  annotations:
+    metallb.universe.tf/address-pool: default
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.0.3.111
+  selector:
+    app: account-register
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080