update helm

helm/charts/01-secrets/values.yaml

@@ -42,4 +42,9 @@ secrets:
 #      tier: frontend
 #      keystorePassword: ServiceKeystorePassword
 #      keystoreFile: ServiceKeystoreFileBase64==
+#    - name: management-keystore
+#      app: management
+#      tier: frontend
+#      keystorePassword: ServiceKeystorePassword
+#      keystoreFile: ServiceKeystoreFileBase64==
 

helm/charts/02-dependency/Chart.yaml

@@ -24,3 +24,8 @@ dependencies:
   - name: redis
     version: 21.2.13
     repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/kafka
+  - name: kafka
+    version: 32.4.2
+    repository: "oci://registry-1.docker.io/bitnamicharts"

helm/charts/02-dependency/values.yaml

@@ -74,3 +74,12 @@ redis:
 #      type: LoadBalancer
 #      loadBalancerIP: 10.0.3.34
 
+kafka:
+#  clusterId: 00000000-0000-0000-0000-000000000000
+  sasl:
+    enabledMechanisms: PLAIN
+    client:
+#      users:
+#        - username
+#      passwords:
+#        - password

helm/charts/03-account-registry/templates/01-secret.yaml

@@ -9,3 +9,4 @@ metadata:
 type: Opaque
 data:
   SPRING_R2DBC_PASSWORD: {{ .Values.secrets.r2dbcPassword | b64enc | quote }}
+  SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: {{ .Values.secrets.kafkaPlainLoginModule | b64enc | quote }}

helm/charts/03-account-registry/templates/02-configmap.yaml

@@ -11,3 +11,6 @@ data:
   SPRING_R2DBC_URL: {{ .Values.config.r2dbcUrl | quote }}
   SPRING_R2DBC_USERNAME: {{ .Values.config.r2dbcUsername | quote }}
   JWT_PRIVATE_KEY: "cert/{{ .Values.jwtPrivetKey.filename }}"
+  SPRING_KAFKA_BOOTSTRAP_SERVERS: "dependency-kafka:9092"
+  SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: "SASL_PLAINTEXT"
+  SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: "PLAIN"

helm/charts/03-account-registry/values.yaml

@@ -8,6 +8,7 @@ docker:
 
 secrets:
   r2dbcPassword: "password"
+  kafkaPlainLoginModule: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"clientUsername\" password=\"clientPassword\";"
 
 config:
   profiles: testing

helm/charts/09-management/templates/01-secret.yaml

@@ -9,3 +9,4 @@ metadata:
 type: Opaque
 data:
   SPRING_DATA_REDIS_PASSWORD: {{ .Values.secrets.redisPassword | b64enc | quote }}
+  SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: {{ .Values.secrets.kafkaPlainLoginModule | b64enc | quote }}

helm/charts/09-management/templates/02-configmap.yaml

@@ -8,7 +8,37 @@ metadata:
     tier: frontend
 data:
   SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  {{- if and .Values.config.timeout (ne .Values.config.timeout "") }}
+  SPRING_SESSION_TIMEOUT: {{ .Values.config.timeout | quote }}
+  {{- end }}
+
+  {{- if and .Values.config.redis }}
+  {{- if and .Values.config.redis.database (ne .Values.config.redis.database "") }}
   SPRING_DATA_REDIS_DATABASE: {{ .Values.config.redis.database | quote }}
+  {{- end }}
+  {{- if and .Values.config.redis.host (ne .Values.config.redis.host "") }}
   SPRING_DATA_REDIS_HOST: {{ .Values.config.redis.host | quote }}
-  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl | quote }}
+  {{- end }}
-  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}
+  {{- end }}
+
+  {{- if and .Values.config.error }}
+  {{- if and .Values.config.error.exception (ne .Values.config.error.exception "") }}
+  SERVER_ERROR_INCLUDE_EXCEPTION: {{ .Values.config.error.exception | quote }}
+  {{- end }}
+  {{- if and .Values.config.error.message (ne .Values.config.error.message "") }}
+  SERVER_ERROR_INCLUDE_MESSAGE: {{ .Values.config.error.message | quote }}
+  {{- end }}
+  {{- if and .Values.config.error.stacktrace (ne .Values.config.error.stacktrace "") }}
+  SERVER_ERROR_INCLUDE_STACKTRACE: {{ .Values.config.error.stacktrace | quote }}
+  {{- end }}
+  {{- end }}
+
+  {{- if and .Values.config.accountRegistryUrl (ne .Values.config.accountRegistryUrl "") }}
+  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl }}
+  {{- end }}
+  {{- if and .Values.config.deviceRegistryUrl (ne .Values.config.deviceRegistryUrl "") }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl }}
+  {{- end }}
+  SPRING_KAFKA_BOOTSTRAP_SERVERS: "dependency-kafka:9092"
+  SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: "SASL_PLAINTEXT"
+  SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: "PLAIN"

helm/charts/09-management/templates/03-deployment.yaml

@@ -27,17 +27,33 @@ spec:
                 name: management-environment
             - secretRef:
                 name: management-environment
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.keystoreRef }}
+                  key: keystore-password
           ports:
             - containerPort: 8080
           volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
             - name: jwt-volume
-              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
+              mountPath: /app/resources/cert/public_key.pem
-              subPath: {{ .Values.jwtPublicKey.filename }}
+              subPath: public_key.pem
               readOnly: true
       volumes:
+        - name: keystore-volume
+          secret:
+            secretName: {{ .Values.keystoreRef }}
+            items:
+              - key: keystore.p12
+                path: keystore.p12
         - name: jwt-volume
           secret:
             secretName: {{ .Values.jwtPublicKey.name }}
             items:
-              - key: {{ .Values.jwtPublicKey.filename }}
+              - key: {{ .Values.jwtPublicKey.key }}
-                path: {{ .Values.jwtPublicKey.filename }}
+                path: public_key.pem

helm/charts/09-management/templates/03-service.yaml

@@ -15,5 +15,5 @@ spec:
     app: management
   ports:
     - protocol: TCP
-      port: 80
+      port: 443
-      targetPort: 8080
+      targetPort: 8443

helm/charts/09-management/values.yaml

@@ -8,15 +8,24 @@ docker:
 
 secrets:
   redisPassword: redisPassword
+  kafkaPlainLoginModule: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"clientUsername\" password=\"clientPassword\";"
 
 config:
-  profiles: testing
+  profiles: kubernetes
-  redis:
+#  error:
-    database: 2
+#    exception: true
-    host: dependency-redis-master
+#    message: always
-  accountRegistryUrl: http://account-register
+#    stacktrace: always
-  deviceRegistryUrl: http://device-register
+#  timeout: 60m
+#  redis:
+#    database:
+#    port: 6379
+#    host: dependency-redis-master
+#  accountRegistryUrl: http://account-register
+#  deviceRegistryUrl: http://device-register
 
 jwtPublicKey:
   name: account-jwt-public-key
-  filename: public_key.pem
+  key: public_key.pem
+
+keystoreRef: management-keystore