diff --git a/doc/k8s-testing.md b/doc/k8s-testing.md index 4b462ec..59c426a 100644 --- a/doc/k8s-testing.md +++ b/doc/k8s-testing.md @@ -48,6 +48,10 @@ * [Config Map](#config-map-5) * [Deployment](#deployment-3) * [Service](#service-7) + * [Device API](#device-api) + * [Config Map](#config-map-6) + * [Deployment](#deployment-4) + * [Service](#service-8) ---- @@ -140,6 +144,32 @@ kubectl apply -f .\kube\01-initialize\06-device-jwt-public-key-secret.yaml --- +### Keystore + +Keystore with password read more about [Keystore.p12](./keystore.md). + +check cert: + +``` +keytool -list -v -storetype PKCS12 -keystore keystore.p12 -storepass +``` + +option: + +``` +kubectl create secret generic \ + --from-file=keystore.p12= \ + --from-literal=keystore-password= \ + -n +``` + +Device API Keystore +```bash +kubectl apply -f .\kube\01-initialize\07-device-api-keystore.yaml +``` + +--- + ## Databases ### Postgres @@ -483,3 +513,36 @@ this service should not be accessible from world only open in testing ```bash kubectl apply -f .\kube\03-hlaeja\04-device-data\04-service.yaml ``` + +--- + +### Device API + +#### Config Map + +```bash +kubectl apply -f .\kube\03-hlaeja\05-device-api\01-configmap.yaml +``` + +Set values: + +- spring profile +- spring data redis database +- spring data redis host +- device configuration url +- device data url +- device register url + +#### Deployment + +```bash +kubectl apply -f .\kube\03-hlaeja\05-device-api\02-deployment.yaml +``` + +#### Service + +this service should not be accessible from world only open in testing + +```bash +kubectl apply -f .\kube\03-hlaeja\05-device-api\03-service.yaml +``` diff --git a/kube/01-initialize/07-device-api-keystore.yaml b/kube/01-initialize/07-device-api-keystore.yaml new file mode 100644 index 0000000..1987e83 --- /dev/null +++ b/kube/01-initialize/07-device-api-keystore.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: device-api-keystore + namespace: hlaeja + labels: + environment: testing +type: Opaque +data: + # Look at /doc/keystore.md, for how to make real values + keystore.p12: DeviceApiKeystoreFileBase64== + keystore-password: DeviceApiKeystorePasswordBase64== diff --git a/kube/03-hlaeja/05-device-api/01-configmap.yaml b/kube/03-hlaeja/05-device-api/01-configmap.yaml new file mode 100644 index 0000000..89a500c --- /dev/null +++ b/kube/03-hlaeja/05-device-api/01-configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: device-api + namespace: hlaeja + labels: + app: device-api + environment: testing + tier: frontend +data: + SPRING_PROFILES_ACTIVE: "testing" + SPRING_DATA_REDIS_DATABASE: "1" + SPRING_DATA_REDIS_HOST: "redis" + + DEVICE_CONFIGURATION_URL: "http://device-configuration" + DEVICE_DATA_URL: "http://device-data" + DEVICE_REGISTRY_URL: "http://device-register" + + # all of this should be preset in application.yaml + SERVER_PORT: "8443" + SERVER_SSL_ENABLED: "true" + SERVER_SSL_KEY_STORE: "/app/resources/cert/keystore.p12" + SERVER_SSL_KEY_STORE_TYPE: "PKCS12" + + # This was experimental and should be removed in later versions + MANAGEMENT_METRICS_TAGS_APPLICATION: "device-api" + MANAGEMENT_INFLUX_METRICS_EXPORT_ENABLED: "false" + MANAGEMENT_INFLUX_METRICS_EXPORT_URL: "http://influxdb" + # adding this here as it's going to be deleted and is not sued internally + MANAGEMENT_INFLUX_METRICS_EXPORT_TOKEN: "invalidInfluxDbToken==" + + diff --git a/kube/03-hlaeja/05-device-api/02-deployment.yaml b/kube/03-hlaeja/05-device-api/02-deployment.yaml new file mode 100644 index 0000000..09b23ec --- /dev/null +++ b/kube/03-hlaeja/05-device-api/02-deployment.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: device-api + namespace: hlaeja + labels: + app: device-api + environment: testing + tier: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: device-api + template: + metadata: + labels: + app: device-api + spec: + imagePullSecrets: + - name: github + containers: + - name: device-api-app + image: ghcr.io/swordsteel/hlaeja-device-api:0.4.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8443 + envFrom: + - configMapRef: + name: device-api + env: + - name: SERVER_SSL_KEY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: device-api-keystore + key: keystore-password + volumeMounts: + - name: keystore-volume + mountPath: /app/resources/cert/keystore.p12 + subPath: keystore.p12 + readOnly: true + - name: jwt-volume + mountPath: /app/resources/cert/public_key.pem + subPath: public_key.pem + readOnly: true + volumes: + - name: keystore-volume + secret: + secretName: device-api-keystore + items: + - key: keystore.p12 + path: keystore.p12 + - name: jwt-volume + secret: + secretName: device-jwt-public-key + items: + - key: public_key.pem + path: public_key.pem diff --git a/kube/03-hlaeja/05-device-api/03-service.yaml b/kube/03-hlaeja/05-device-api/03-service.yaml new file mode 100644 index 0000000..1183eba --- /dev/null +++ b/kube/03-hlaeja/05-device-api/03-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: device-api + namespace: hlaeja + annotations: + metallb.universe.tf/address-pool: default + labels: + app: device-api + environment: testing + tier: frontend +spec: + type: LoadBalancer + loadBalancerIP: 10.0.3.102 + selector: + app: device-api + ports: + - protocol: TCP + port: 443 + targetPort: 8443