k8s hlaeja device api

2025-07-24 12:04:13 +02:00
parent ad0c180bd4
commit 5fa338e576
5 changed files with 185 additions and 0 deletions
--- a/doc/k8s-testing.md
+++ b/doc/k8s-testing.md
@@ -48,6 +48,10 @@
      * [Config Map](#config-map-5)
      * [Deployment](#deployment-3)
      * [Service](#service-7)
+    * [Device API](#device-api)
+      * [Config Map](#config-map-6)
+      * [Deployment](#deployment-4)
+      * [Service](#service-8)
 <!-- TOC -->

 ----
@@ -140,6 +144,32 @@ kubectl apply -f .\kube\01-initialize\06-device-jwt-public-key-secret.yaml

 ---

+### Keystore
+
+Keystore with password read more about [Keystore.p12](./keystore.md).
+
+check cert:
+
+```
+keytool -list -v -storetype PKCS12 -keystore keystore.p12 -storepass <password>
+```
+
+option:
+
+```
+kubectl create secret generic <name> \
+  --from-file=keystore.p12=<keystore.p12> \
+  --from-literal=keystore-password=<your-keystore-password> \
+  -n <namespace>
+```
+
+Device API Keystore
+```bash
+kubectl apply -f .\kube\01-initialize\07-device-api-keystore.yaml
+```
+
+---
+
 ## Databases

 ### Postgres
@@ -483,3 +513,36 @@ this service should not be accessible from world only open in testing
 ```bash
 kubectl apply -f .\kube\03-hlaeja\04-device-data\04-service.yaml
 ```
+
+---
+
+### Device API
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- spring data redis database
+- spring data redis host
+- device configuration url
+- device data url
+- device register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\03-service.yaml
+```
--- a/kube/01-initialize/07-device-api-keystore.yaml
+++ b/kube/01-initialize/07-device-api-keystore.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-api-keystore
+  namespace: hlaeja
+  labels:
+    environment: testing
+type: Opaque
+data:
+  # Look at /doc/keystore.md, for how to make real values
+  keystore.p12: DeviceApiKeystoreFileBase64==
+  keystore-password: DeviceApiKeystorePasswordBase64==
--- a/kube/03-hlaeja/05-device-api/01-configmap.yaml
+++ b/kube/03-hlaeja/05-device-api/01-configmap.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-api
+  namespace: hlaeja
+  labels:
+    app: device-api
+    environment: testing
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: "testing"
+  SPRING_DATA_REDIS_DATABASE: "1"
+  SPRING_DATA_REDIS_HOST: "redis"
+
+  DEVICE_CONFIGURATION_URL: "http://device-configuration"
+  DEVICE_DATA_URL: "http://device-data"
+  DEVICE_REGISTRY_URL: "http://device-register"
+
+  # all of this should be preset in application.yaml
+  SERVER_PORT: "8443"
+  SERVER_SSL_ENABLED: "true"
+  SERVER_SSL_KEY_STORE: "/app/resources/cert/keystore.p12"
+  SERVER_SSL_KEY_STORE_TYPE: "PKCS12"
+
+  # This was experimental and should be removed in later versions
+  MANAGEMENT_METRICS_TAGS_APPLICATION: "device-api"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_ENABLED: "false"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_URL: "http://influxdb"
+  # adding this here as it's going to be deleted and is not sued internally
+  MANAGEMENT_INFLUX_METRICS_EXPORT_TOKEN: "invalidInfluxDbToken=="
+
+
--- a/kube/03-hlaeja/05-device-api/02-deployment.yaml
+++ b/kube/03-hlaeja/05-device-api/02-deployment.yaml
@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-api
+  namespace: hlaeja
+  labels:
+    app: device-api
+    environment: testing
+    tier: frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: device-api
+  template:
+    metadata:
+      labels:
+        app: device-api
+    spec:
+      imagePullSecrets:
+        - name: github
+      containers:
+        - name: device-api-app
+          image: ghcr.io/swordsteel/hlaeja-device-api:0.4.0
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8443
+          envFrom:
+            - configMapRef:
+                name: device-api
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: device-api-keystore
+                  key: keystore-password
+          volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
+            - name: jwt-volume
+              mountPath: /app/resources/cert/public_key.pem
+              subPath: public_key.pem
+              readOnly: true
+      volumes:
+        - name: keystore-volume
+          secret:
+            secretName: device-api-keystore
+            items:
+              - key: keystore.p12
+                path: keystore.p12
+        - name: jwt-volume
+          secret:
+            secretName: device-jwt-public-key
+            items:
+              - key: public_key.pem
+                path: public_key.pem
--- a/kube/03-hlaeja/05-device-api/03-service.yaml
+++ b/kube/03-hlaeja/05-device-api/03-service.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-api
+  namespace: hlaeja
+  annotations:
+    metallb.universe.tf/address-pool: default
+  labels:
+    app: device-api
+    environment: testing
+    tier: frontend
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.0.3.102
+  selector:
+    app: device-api
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 8443