From 4f9400c2f9906cd84f73bd041468fda36d09e58a Mon Sep 17 00:00:00 2001
From: Swordsteel <swordsteel@gmail.com>
Date: Wed, 20 Aug 2025 22:59:28 +0200
Subject: [PATCH] update helm

---
 helm/charts/01-secrets/values.yaml            |  5 +++
 helm/charts/02-dependency/Chart.yaml          |  5 +++
 helm/charts/02-dependency/values.yaml         |  9 +++++
 .../templates/01-secret.yaml                  |  1 +
 .../templates/02-configmap.yaml               |  3 ++
 helm/charts/03-account-registry/values.yaml   |  1 +
 .../09-management/templates/01-secret.yaml    |  1 +
 .../09-management/templates/02-configmap.yaml | 34 +++++++++++++++++--
 .../templates/03-deployment.yaml              | 24 ++++++++++---
 .../09-management/templates/03-service.yaml   |  4 +--
 helm/charts/09-management/values.yaml         | 23 +++++++++----
 11 files changed, 95 insertions(+), 15 deletions(-)

diff --git a/helm/charts/01-secrets/values.yaml b/helm/charts/01-secrets/values.yaml
index 7ebdf17..bf564c5 100644
--- a/helm/charts/01-secrets/values.yaml
+++ b/helm/charts/01-secrets/values.yaml
@@ -42,4 +42,9 @@ secrets:
 #      tier: frontend
 #      keystorePassword: ServiceKeystorePassword
 #      keystoreFile: ServiceKeystoreFileBase64==
+#    - name: management-keystore
+#      app: management
+#      tier: frontend
+#      keystorePassword: ServiceKeystorePassword
+#      keystoreFile: ServiceKeystoreFileBase64==
 
diff --git a/helm/charts/02-dependency/Chart.yaml b/helm/charts/02-dependency/Chart.yaml
index 457a913..2042b3c 100644
--- a/helm/charts/02-dependency/Chart.yaml
+++ b/helm/charts/02-dependency/Chart.yaml
@@ -24,3 +24,8 @@ dependencies:
   - name: redis
     version: 21.2.13
     repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/kafka
+  - name: kafka
+    version: 32.4.2
+    repository: "oci://registry-1.docker.io/bitnamicharts"
diff --git a/helm/charts/02-dependency/values.yaml b/helm/charts/02-dependency/values.yaml
index b1354b6..c18d41f 100644
--- a/helm/charts/02-dependency/values.yaml
+++ b/helm/charts/02-dependency/values.yaml
@@ -74,3 +74,12 @@ redis:
 #      type: LoadBalancer
 #      loadBalancerIP: 10.0.3.34
 
+kafka:
+#  clusterId: 00000000-0000-0000-0000-000000000000
+  sasl:
+    enabledMechanisms: PLAIN
+    client:
+#      users:
+#        - username
+#      passwords:
+#        - password
diff --git a/helm/charts/03-account-registry/templates/01-secret.yaml b/helm/charts/03-account-registry/templates/01-secret.yaml
index 3007477..657bb6e 100644
--- a/helm/charts/03-account-registry/templates/01-secret.yaml
+++ b/helm/charts/03-account-registry/templates/01-secret.yaml
@@ -9,3 +9,4 @@ metadata:
 type: Opaque
 data:
   SPRING_R2DBC_PASSWORD: {{ .Values.secrets.r2dbcPassword | b64enc | quote }}
+  SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: {{ .Values.secrets.kafkaPlainLoginModule | b64enc | quote }}
diff --git a/helm/charts/03-account-registry/templates/02-configmap.yaml b/helm/charts/03-account-registry/templates/02-configmap.yaml
index abe8062..46f6caf 100644
--- a/helm/charts/03-account-registry/templates/02-configmap.yaml
+++ b/helm/charts/03-account-registry/templates/02-configmap.yaml
@@ -11,3 +11,6 @@ data:
   SPRING_R2DBC_URL: {{ .Values.config.r2dbcUrl | quote }}
   SPRING_R2DBC_USERNAME: {{ .Values.config.r2dbcUsername | quote }}
   JWT_PRIVATE_KEY: "cert/{{ .Values.jwtPrivetKey.filename }}"
+  SPRING_KAFKA_BOOTSTRAP_SERVERS: "dependency-kafka:9092"
+  SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: "SASL_PLAINTEXT"
+  SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: "PLAIN"
diff --git a/helm/charts/03-account-registry/values.yaml b/helm/charts/03-account-registry/values.yaml
index 247c988..88124b2 100644
--- a/helm/charts/03-account-registry/values.yaml
+++ b/helm/charts/03-account-registry/values.yaml
@@ -8,6 +8,7 @@ docker:
 
 secrets:
   r2dbcPassword: "password"
+  kafkaPlainLoginModule: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"clientUsername\" password=\"clientPassword\";"
 
 config:
   profiles: testing
diff --git a/helm/charts/09-management/templates/01-secret.yaml b/helm/charts/09-management/templates/01-secret.yaml
index ce34d57..1af1643 100644
--- a/helm/charts/09-management/templates/01-secret.yaml
+++ b/helm/charts/09-management/templates/01-secret.yaml
@@ -9,3 +9,4 @@ metadata:
 type: Opaque
 data:
   SPRING_DATA_REDIS_PASSWORD: {{ .Values.secrets.redisPassword | b64enc | quote }}
+  SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: {{ .Values.secrets.kafkaPlainLoginModule | b64enc | quote }}
diff --git a/helm/charts/09-management/templates/02-configmap.yaml b/helm/charts/09-management/templates/02-configmap.yaml
index 9da194e..459ad12 100644
--- a/helm/charts/09-management/templates/02-configmap.yaml
+++ b/helm/charts/09-management/templates/02-configmap.yaml
@@ -8,7 +8,37 @@ metadata:
     tier: frontend
 data:
   SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  {{- if and .Values.config.timeout (ne .Values.config.timeout "") }}
+  SPRING_SESSION_TIMEOUT: {{ .Values.config.timeout | quote }}
+  {{- end }}
+
+  {{- if and .Values.config.redis }}
+  {{- if and .Values.config.redis.database (ne .Values.config.redis.database "") }}
   SPRING_DATA_REDIS_DATABASE: {{ .Values.config.redis.database | quote }}
+  {{- end }}
+  {{- if and .Values.config.redis.host (ne .Values.config.redis.host "") }}
   SPRING_DATA_REDIS_HOST: {{ .Values.config.redis.host | quote }}
-  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl | quote }}
-  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}
+  {{- end }}
+  {{- end }}
+
+  {{- if and .Values.config.error }}
+  {{- if and .Values.config.error.exception (ne .Values.config.error.exception "") }}
+  SERVER_ERROR_INCLUDE_EXCEPTION: {{ .Values.config.error.exception | quote }}
+  {{- end }}
+  {{- if and .Values.config.error.message (ne .Values.config.error.message "") }}
+  SERVER_ERROR_INCLUDE_MESSAGE: {{ .Values.config.error.message | quote }}
+  {{- end }}
+  {{- if and .Values.config.error.stacktrace (ne .Values.config.error.stacktrace "") }}
+  SERVER_ERROR_INCLUDE_STACKTRACE: {{ .Values.config.error.stacktrace | quote }}
+  {{- end }}
+  {{- end }}
+
+  {{- if and .Values.config.accountRegistryUrl (ne .Values.config.accountRegistryUrl "") }}
+  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl }}
+  {{- end }}
+  {{- if and .Values.config.deviceRegistryUrl (ne .Values.config.deviceRegistryUrl "") }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl }}
+  {{- end }}
+  SPRING_KAFKA_BOOTSTRAP_SERVERS: "dependency-kafka:9092"
+  SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: "SASL_PLAINTEXT"
+  SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: "PLAIN"
diff --git a/helm/charts/09-management/templates/03-deployment.yaml b/helm/charts/09-management/templates/03-deployment.yaml
index cf3563a..a3ba2c3 100644
--- a/helm/charts/09-management/templates/03-deployment.yaml
+++ b/helm/charts/09-management/templates/03-deployment.yaml
@@ -27,17 +27,33 @@ spec:
                 name: management-environment
             - secretRef:
                 name: management-environment
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.keystoreRef }}
+                  key: keystore-password
           ports:
             - containerPort: 8080
           volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
             - name: jwt-volume
-              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
-              subPath: {{ .Values.jwtPublicKey.filename }}
+              mountPath: /app/resources/cert/public_key.pem
+              subPath: public_key.pem
               readOnly: true
       volumes:
+        - name: keystore-volume
+          secret:
+            secretName: {{ .Values.keystoreRef }}
+            items:
+              - key: keystore.p12
+                path: keystore.p12
         - name: jwt-volume
           secret:
             secretName: {{ .Values.jwtPublicKey.name }}
             items:
-              - key: {{ .Values.jwtPublicKey.filename }}
-                path: {{ .Values.jwtPublicKey.filename }}
+              - key: {{ .Values.jwtPublicKey.key }}
+                path: public_key.pem
diff --git a/helm/charts/09-management/templates/03-service.yaml b/helm/charts/09-management/templates/03-service.yaml
index bf89fcc..d803f51 100644
--- a/helm/charts/09-management/templates/03-service.yaml
+++ b/helm/charts/09-management/templates/03-service.yaml
@@ -15,5 +15,5 @@ spec:
     app: management
   ports:
     - protocol: TCP
-      port: 80
-      targetPort: 8080
+      port: 443
+      targetPort: 8443
diff --git a/helm/charts/09-management/values.yaml b/helm/charts/09-management/values.yaml
index 95d599a..9d74c4d 100644
--- a/helm/charts/09-management/values.yaml
+++ b/helm/charts/09-management/values.yaml
@@ -8,15 +8,24 @@ docker:
 
 secrets:
   redisPassword: redisPassword
+  kafkaPlainLoginModule: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"clientUsername\" password=\"clientPassword\";"
 
 config:
-  profiles: testing
-  redis:
-    database: 2
-    host: dependency-redis-master
-  accountRegistryUrl: http://account-register
-  deviceRegistryUrl: http://device-register
+  profiles: kubernetes
+#  error:
+#    exception: true
+#    message: always
+#    stacktrace: always
+#  timeout: 60m
+#  redis:
+#    database:
+#    port: 6379
+#    host: dependency-redis-master
+#  accountRegistryUrl: http://account-register
+#  deviceRegistryUrl: http://device-register
 
 jwtPublicKey:
   name: account-jwt-public-key
-  filename: public_key.pem
+  key: public_key.pem
+
+keystoreRef: management-keystore