update helm

2025-08-20 22:59:28 +02:00
parent 18d0ddd159
commit 4f9400c2f9
11 changed files with 95 additions and 15 deletions
--- a/helm/charts/01-secrets/values.yaml
+++ b/helm/charts/01-secrets/values.yaml
@@ -42,4 +42,9 @@ secrets:
 #      tier: frontend
 #      keystorePassword: ServiceKeystorePassword
 #      keystoreFile: ServiceKeystoreFileBase64==
+#    - name: management-keystore
+#      app: management
+#      tier: frontend
+#      keystorePassword: ServiceKeystorePassword
+#      keystoreFile: ServiceKeystoreFileBase64==

--- a/helm/charts/02-dependency/Chart.yaml
+++ b/helm/charts/02-dependency/Chart.yaml
@@ -24,3 +24,8 @@ dependencies:
  - name: redis
    version: 21.2.13
    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/kafka
+  - name: kafka
+    version: 32.4.2
+    repository: "oci://registry-1.docker.io/bitnamicharts"
--- a/helm/charts/02-dependency/values.yaml
+++ b/helm/charts/02-dependency/values.yaml
@@ -74,3 +74,12 @@ redis:
 #      type: LoadBalancer
 #      loadBalancerIP: 10.0.3.34

+kafka:
+#  clusterId: 00000000-0000-0000-0000-000000000000
+  sasl:
+    enabledMechanisms: PLAIN
+    client:
+#      users:
+#        - username
+#      passwords:
+#        - password
--- a/helm/charts/03-account-registry/templates/01-secret.yaml
+++ b/helm/charts/03-account-registry/templates/01-secret.yaml
@@ -9,3 +9,4 @@ metadata:
 type: Opaque
 data:
  SPRING_R2DBC_PASSWORD: {{ .Values.secrets.r2dbcPassword | b64enc | quote }}
+  SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: {{ .Values.secrets.kafkaPlainLoginModule | b64enc | quote }}
--- a/helm/charts/03-account-registry/templates/02-configmap.yaml
+++ b/helm/charts/03-account-registry/templates/02-configmap.yaml
@@ -11,3 +11,6 @@ data:
  SPRING_R2DBC_URL: {{ .Values.config.r2dbcUrl | quote }}
  SPRING_R2DBC_USERNAME: {{ .Values.config.r2dbcUsername | quote }}
  JWT_PRIVATE_KEY: "cert/{{ .Values.jwtPrivetKey.filename }}"
+  SPRING_KAFKA_BOOTSTRAP_SERVERS: "dependency-kafka:9092"
+  SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: "SASL_PLAINTEXT"
+  SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: "PLAIN"
--- a/helm/charts/03-account-registry/values.yaml
+++ b/helm/charts/03-account-registry/values.yaml
@@ -8,6 +8,7 @@ docker:

 secrets:
  r2dbcPassword: "password"
+  kafkaPlainLoginModule: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"clientUsername\" password=\"clientPassword\";"

 config:
  profiles: testing
--- a/helm/charts/09-management/templates/01-secret.yaml
+++ b/helm/charts/09-management/templates/01-secret.yaml
@@ -9,3 +9,4 @@ metadata:
 type: Opaque
 data:
  SPRING_DATA_REDIS_PASSWORD: {{ .Values.secrets.redisPassword | b64enc | quote }}
+  SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: {{ .Values.secrets.kafkaPlainLoginModule | b64enc | quote }}
--- a/helm/charts/09-management/templates/02-configmap.yaml
+++ b/helm/charts/09-management/templates/02-configmap.yaml
@@ -8,7 +8,37 @@ metadata:
    tier: frontend
 data:
  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  {{- if and .Values.config.timeout (ne .Values.config.timeout "") }}
+  SPRING_SESSION_TIMEOUT: {{ .Values.config.timeout | quote }}
+  {{- end }}
+
+  {{- if and .Values.config.redis }}
+  {{- if and .Values.config.redis.database (ne .Values.config.redis.database "") }}
  SPRING_DATA_REDIS_DATABASE: {{ .Values.config.redis.database | quote }}
+  {{- end }}
+  {{- if and .Values.config.redis.host (ne .Values.config.redis.host "") }}
  SPRING_DATA_REDIS_HOST: {{ .Values.config.redis.host | quote }}
-  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl | quote }}
-  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}
+  {{- end }}
+  {{- end }}
+
+  {{- if and .Values.config.error }}
+  {{- if and .Values.config.error.exception (ne .Values.config.error.exception "") }}
+  SERVER_ERROR_INCLUDE_EXCEPTION: {{ .Values.config.error.exception | quote }}
+  {{- end }}
+  {{- if and .Values.config.error.message (ne .Values.config.error.message "") }}
+  SERVER_ERROR_INCLUDE_MESSAGE: {{ .Values.config.error.message | quote }}
+  {{- end }}
+  {{- if and .Values.config.error.stacktrace (ne .Values.config.error.stacktrace "") }}
+  SERVER_ERROR_INCLUDE_STACKTRACE: {{ .Values.config.error.stacktrace | quote }}
+  {{- end }}
+  {{- end }}
+
+  {{- if and .Values.config.accountRegistryUrl (ne .Values.config.accountRegistryUrl "") }}
+  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl }}
+  {{- end }}
+  {{- if and .Values.config.deviceRegistryUrl (ne .Values.config.deviceRegistryUrl "") }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl }}
+  {{- end }}
+  SPRING_KAFKA_BOOTSTRAP_SERVERS: "dependency-kafka:9092"
+  SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: "SASL_PLAINTEXT"
+  SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: "PLAIN"
--- a/helm/charts/09-management/templates/03-deployment.yaml
+++ b/helm/charts/09-management/templates/03-deployment.yaml
@@ -27,17 +27,33 @@ spec:
                name: management-environment
            - secretRef:
                name: management-environment
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.keystoreRef }}
+                  key: keystore-password
          ports:
            - containerPort: 8080
          volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
            - name: jwt-volume
-              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
-              subPath: {{ .Values.jwtPublicKey.filename }}
+              mountPath: /app/resources/cert/public_key.pem
+              subPath: public_key.pem
              readOnly: true
      volumes:
+        - name: keystore-volume
+          secret:
+            secretName: {{ .Values.keystoreRef }}
+            items:
+              - key: keystore.p12
+                path: keystore.p12
        - name: jwt-volume
          secret:
            secretName: {{ .Values.jwtPublicKey.name }}
            items:
-              - key: {{ .Values.jwtPublicKey.filename }}
-                path: {{ .Values.jwtPublicKey.filename }}
+              - key: {{ .Values.jwtPublicKey.key }}
+                path: public_key.pem
--- a/helm/charts/09-management/templates/03-service.yaml
+++ b/helm/charts/09-management/templates/03-service.yaml
@@ -15,5 +15,5 @@ spec:
    app: management
  ports:
    - protocol: TCP
-      port: 80
-      targetPort: 8080
+      port: 443
+      targetPort: 8443
--- a/helm/charts/09-management/values.yaml
+++ b/helm/charts/09-management/values.yaml
@@ -8,15 +8,24 @@ docker:

 secrets:
  redisPassword: redisPassword
+  kafkaPlainLoginModule: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"clientUsername\" password=\"clientPassword\";"

 config:
-  profiles: testing
-  redis:
-    database: 2
-    host: dependency-redis-master
-  accountRegistryUrl: http://account-register
-  deviceRegistryUrl: http://device-register
+  profiles: kubernetes
+#  error:
+#    exception: true
+#    message: always
+#    stacktrace: always
+#  timeout: 60m
+#  redis:
+#    database:
+#    port: 6379
+#    host: dependency-redis-master
+#  accountRegistryUrl: http://account-register
+#  deviceRegistryUrl: http://device-register

 jwtPublicKey:
  name: account-jwt-public-key
-  filename: public_key.pem
+  key: public_key.pem
+
+keystoreRef: management-keystore