Hlæja concept v0.7.0

update README.md
add helmfile.yaml to .gitignore
rename helmfile.yaml to helmfile.yaml-dev

.gitignore

@@ -1,2 +1,6 @@
 .idea/
-keys/
+cert/
+http/*/http-client.env.json
+helm/values/*/
+helm/charts/02-dependency/Chart.lock
+helm/helmfile.yaml

CERTIFICATE.md

@@ -1,11 +0,0 @@
-# Generate Keystore
-
-### Generate Keystores
-```shell
-keytool -genkeypair -alias <service> -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=<domain>" -keypass <password> -keystore ./keys/<keystore>.p12 -storetype PKCS12 -storepass <password>
-```
-
-### Export the public certificate
-```shell
-keytool -export -alias <service> -keystore ./keys/<keystore>.p12 -storepass <password> -file ./keys/<domain>.cer -rfc
-```

README.md

@@ -2,127 +2,74 @@
 
 Services and networks, to shape and to steer, Containers in harmony, their roles made clear. Each config declared, each volume in place, Through Compose they unite, to streamline the space. Compose pathways, structured and strong, Linking apps to environments, where they belong. Bound by one purpose, to simplify all, Empowering development, answering the call.
 
-## Version Catalog
+## Setup 
+
+### Databases
+
+Hlæja using different databases read [Database setup](./doc/docker_database.md)
+
+### Hlæja Services
+
+Hlæja consists of services read [service setup](./doc/docker_hlaeja.md)
+
+## Repositories
+
+Hlæja is a system build from Gradle plugins, libraries, and services, look at [dependencies](./doc/dependency.md) visualisation
+
+### Version Catalog
 
 Control all dependencies from a central location. GitHub [Hlæja Version Catalog](https://github.com/swordsteel/hlaeja-version-catalog)
 
-## Gradle Plugin
+### Gradle Plugin
 
-### Core Plugin
+#### Core Plugin
 
 Plugin containing basic function ust in all repositories. GitHub [Hlæja Core Plugin](https://github.com/swordsteel/hlaeja-core-plugin)
 
-### Common Plugin
+#### Common Plugin
 
 Plugin containing gradle task and setting used by common, library, and service repositories. GitHub [Hlæja Common Plugin](https://github.com/swordsteel/hlaeja-common-plugin)
 
-## Library
+### Library
 
-### Common Messages
+#### Common Messages
 
 Library containing all internal messages for services. GitHub [Hlæja Common Messages](https://github.com/swordsteel/hlaeja-common-messages)
 
-## Services
+#### JWT
 
-### Device Data
+Library containing JWT for services. GitHub [Hlæja JWT](https://github.com/swordsteel/hlaeja-jwt)
+
+#### Test
+
+Library containing test assertion extension and test container annotation. GitHub [Hlæja Test](https://github.com/swordsteel/hlaeja-test)
+
+### Services
+
+#### Device Data
 
 Store measurement from electronic devices. GitHub [Hlæja Device Data](https://github.com/swordsteel/hlaeja-device-data)
 
-#### Environment
-
-```text
-SPRING_PROFILES_ACTIVE: docker
-INFLUXDB_TOKEN: influxdbToken==
-```
-
-### Device Registry
+#### Device Registry
 
 Store device information. GitHub [Hlæja Device Data](https://github.com/swordsteel/hlaeja-device-registry)
 
-#### Environment
-
-```text
-SPRING_R2DBC_URL: r2dbc:postgresql://localhost:5432/device_registry
-SPRING_R2DBC_USERBAME: services
-SPRING_R2DBC_PASSWORD: password
-JWT_PRIVATE_KEY: keys/private_key.pem
-```
-
-#### Volume
-
-This will allow you to mount a local private key `identity_private_key.pem` into the container. Read `IDENTITY.md` for how to generate.
-
-```text
-volumes:
-  - ./keys/identity_private_key.pem:/app/resources/keys/private_key.pem
-```
-
-### Device API
+#### Device API
 
 Api for electronic devices. GitHub [Hlæja Device Data](https://github.com/swordsteel/hlaeja-device-api)
 
-#### Environment
-
-```text
-SPRING_PROFILES_ACTIVE: docker
-```
-
-#### Volume
-
-This will allow you to mount a local keystore `device_api_keystore.p12`, and local public key `identity_public_key.pem` into the container. Read `CERTIFICATE.md`, and `IDENTITY.md` for how to generate.
-
-```text
-volumes:
-  - ./keys/identity_public_key.pem:/app/resources/cert/public_key.pem
-  - ./keys/device_api_keystore.p12:/app/resources/cert/keystore.p12
-```
-
-### Device Configuration
+#### Device Configuration
 
 Store configurations for electronic devices. GitHub [Hlæja Device Configuration](https://github.com/swordsteel/hlaeja-device-configuration)
 
-#### Environment
+#### Registry API
 
-```text
-SPRING_PROFILES_ACTIVE: docker
-```
+API for register devices when flashed. GitHub [Hlæja Registry API](https://github.com/swordsteel/hlaeja-registry-api)
 
+#### Account Registry
 
-## Databases
+Store Information of accounts. GitHub [Hlæja Account Registry](https://github.com/swordsteel/hlaeja-account-registry)
 
-### InfluxDB
+#### Management
 
-InfluxDB is a high-performance time series database designed to handle large volumes of time-stamped data. It is commonly used for monitoring, analytics, and IoT applications, where data points are associated with timestamps (e.g., sensor readings, system metrics).
-
-#### Environment
-
-```text
-DOCKER_INFLUXDB_INIT_MODE: setup
-DOCKER_INFLUXDB_INIT_USERNAME: influx
-DOCKER_INFLUXDB_INIT_PASSWORD: password
-DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: influxdbToken==
-DOCKER_INFLUXDB_INIT_ORG: hlaeja_ltd
-DOCKER_INFLUXDB_INIT_BUCKET: device-data
-```
-
-### PostgreSQL
-
-PostgreSQL is a powerful, open-source relational database management system (RDBMS). Known for its reliability and advanced features, it supports SQL for querying and managing data, along with extensive functionality for scalability and extensibility.
-
-#### Environment
-
-```text
-POSTGRES_USER: postgres
-POSTGRES_PASSWORD : password
-```
-
-### PostgreSQL
-
-Apache Cassandra is a distributed NoSQL database designed for handling large amounts of data across many commodity servers with no single point of failure. It is optimized for high availability, scalability, and fault tolerance.
-
-#### Environment
-
-```text
-CASSANDRA_USER: cassandra
-CASSANDRA_PASSWORD: password
-```
+Management ui. GitHub [Hlæja Account Registry](https://github.com/swordsteel/hlaeja-management)

compose.yml

@@ -1,112 +0,0 @@
-name: hlaeja-development
-
-networks:
-  develop:
-    name: develop
-
-volumes:
-  cassandra:
-  influx-config:
-  influx-data:
-  postgres:
-
-services:
-
-  device-data:
-    image: hlaeja-device-data:0.1.0
-    container_name: DeviceData
-    restart: unless-stopped
-    environment:
-      SPRING_PROFILES_ACTIVE: docker
-      INFLUXDB_TOKEN: influxdbToken==
-    networks:
-      - develop
-    ports:
-      - "9020:8080"
-
-  device-registry:
-    image: hlaeja-device-registry:0.1.0
-    container_name: DeviceRegistry
-    restart: unless-stopped
-    environment:
-      SPRING_PROFILES_ACTIVE: docker
-    networks:
-      - develop
-    ports:
-      - "9010:8080"
-#    # mount a local `identity_private_key.pem` into the container.
-#    volumes:
-#      - ./keys/identity_private_key.pem:/app/resources/keys/private_key.pem
-
-  device-api:
-    image: hlaeja-device-api:0.1.0
-    container_name: DeviceApi
-    restart: unless-stopped
-    environment:
-      SPRING_PROFILES_ACTIVE: docker
-    networks:
-      - develop
-    ports:
-      - "9000:8443"
-#    # mount a local `identity_public_key.pem` into the container.
-#    volumes:
-#      - ./keys/identity_public_key.pem:/app/resources/cert/public_key.pem
-#      - ./keys/device_api_keystore.p12:/app/resources/cert/keystore.p12
-
-  device-configuration:
-    image: hlaeja-device-configuration:0.1.0
-    container_name: DeviceConfiguration
-    restart: unless-stopped
-    environment:
-      SPRING_PROFILES_ACTIVE: docker
-    networks:
-      - develop
-    ports:
-      - "9030:8080"
-
-  influxdb:
-    image: influxdb:2.7.10-alpine
-    container_name: InfluxDB
-    restart: unless-stopped
-    environment:
-      DOCKER_INFLUXDB_INIT_MODE: setup
-      DOCKER_INFLUXDB_INIT_USERNAME: influx
-      DOCKER_INFLUXDB_INIT_PASSWORD: password
-      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: influxdbToken==
-      DOCKER_INFLUXDB_INIT_ORG: hlaeja_ltd
-      DOCKER_INFLUXDB_INIT_BUCKET: device-data
-    networks:
-      - develop
-    ports:
-      - "8086:8086"
-    volumes:
-      - influx-data:/var/lib/influxdb2
-      - influx-config:/etc/influxdb2
-
-  postgres:
-    image: postgres:17.1-alpine
-    container_name: PostgreSQL
-    restart: unless-stopped
-    environment:
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD : password
-    ports:
-      - "5432:5432"
-    networks:
-      - develop
-    volumes:
-      - postgres:/var/lib/postgresql/data
-
-  cassandra:
-    image: cassandra:5.0.2
-    container_name: Cassandra
-    restart: unless-stopped
-    environment:
-      CASSANDRA_USER: cassandra
-      CASSANDRA_PASSWORD: password
-    networks:
-      - develop
-    ports:
-      - "9042:9042"
-    volumes:
-      - cassandra:/var/lib/cassandra

compose/development-compose.yml

@@ -0,0 +1,75 @@
+name: development
+
+networks:
+  develop:
+    name: develop
+    external: true
+
+volumes:
+  cassandra:
+  influx-config:
+  influx-data:
+  postgres:
+  redis:
+
+services:
+
+  influxdb:
+    image: influxdb:2.7.12-alpine
+    container_name: InfluxDB
+    restart: unless-stopped
+    environment:
+      DOCKER_INFLUXDB_INIT_MODE: setup
+      DOCKER_INFLUXDB_INIT_USERNAME: influx
+      DOCKER_INFLUXDB_INIT_PASSWORD: password
+      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: influxdbToken==
+      DOCKER_INFLUXDB_INIT_ORG: hlaeja_ltd
+      DOCKER_INFLUXDB_INIT_BUCKET: device-data
+    networks:
+      - develop
+    ports:
+      - 8086:8086
+    volumes:
+      - influx-data:/var/lib/influxdb2
+      - influx-config:/etc/influxdb2
+
+  postgres:
+    image: postgres:17.5-alpine
+    container_name: PostgreSQL
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD : password
+    ports:
+      - 5432:5432
+    networks:
+      - develop
+    volumes:
+      - postgres:/var/lib/postgresql/data
+
+  cassandra:
+    image: cassandra:5.0.4
+    container_name: Cassandra
+    restart: unless-stopped
+    environment:
+      CASSANDRA_USER: cassandra
+      CASSANDRA_PASSWORD: password
+    networks:
+      - develop
+    ports:
+      - 9042:9042
+    volumes:
+      - cassandra:/var/lib/cassandra
+
+  redis:
+    image: redis:8.0.3-alpine
+    container_name: Redis
+    restart: unless-stopped
+    environment:
+      REDIS_PASSWORD: password
+    networks:
+      - develop
+    ports:
+      - 6379:6379
+    volumes:
+      - redis:/data

compose/hlaeja-compose.yml

@@ -0,0 +1,105 @@
+name: hlaeja-development
+
+networks:
+  develop:
+    name: develop
+    external: true
+
+services:
+
+  device-registry:
+    image: ghcr.io/swordsteel/hlaeja-device-registry:0.6.0
+    container_name: DeviceRegistry
+    restart: unless-stopped
+    environment:
+      SPRING_PROFILES_ACTIVE: docker
+    networks:
+      - develop
+    ports:
+      - 9010:8080
+    # mount a local `device_private_key.pem` into the container.
+    volumes:
+      - ./cert/device_private_key.pem:/app/resources/cert/private_key.pem
+
+  device-data:
+    image: ghcr.io/swordsteel/hlaeja-device-data:0.2.0
+    container_name: DeviceData
+    restart: unless-stopped
+    environment:
+      SPRING_PROFILES_ACTIVE: docker
+      INFLUXDB_TOKEN: influxdbToken==
+    networks:
+      - develop
+    ports:
+      - 9020:8080
+
+  device-configuration:
+    image: ghcr.io/swordsteel/hlaeja-device-configuration:0.2.0
+    container_name: DeviceConfiguration
+    restart: unless-stopped
+    environment:
+      SPRING_PROFILES_ACTIVE: docker
+    networks:
+      - develop
+    ports:
+      - 9030:8080
+
+  device-api:
+    image: ghcr.io/swordsteel/hlaeja-device-api:0.5.0
+    container_name: DeviceApi
+    restart: unless-stopped
+    environment:
+      SPRING_PROFILES_ACTIVE: docker
+      MANAGEMENT_INFLUX_METRICS_EXPORT_TOKEN: influxdbToken==
+    networks:
+      - develop
+    ports:
+      - 9000:8443
+    # mount a local `device_public_key.pem` and `device_api_keystore.p12` into the container.
+    volumes:
+      - ./cert/device_public_key.pem:/app/resources/cert/public_key.pem
+      - ./cert/device_api_keystore.p12:/app/resources/cert/keystore.p12
+
+  registry-api:
+    image: ghcr.io/swordsteel/hlaeja-registry-api:0.3.0
+    container_name: RegistryApi
+    restart: unless-stopped
+    environment:
+      SPRING_PROFILES_ACTIVE: docker
+      MANAGEMENT_INFLUX_METRICS_EXPORT_TOKEN: influxdbToken==
+    networks:
+      - develop
+    ports:
+      - 9040:8443
+    # mount a local `account_public_key.pem` and `registry_api_keystore.p12` into the container.
+    volumes:
+      - ./cert/registry_api_keystore.p12:/app/resources/cert/keystore.p12
+      - ./cert/account_public_key.pem:/app/resources/cert/public_key.pem
+
+  account-registry:
+    image: ghcr.io/swordsteel/hlaeja-account-registry:0.3.0
+    container_name: AccountRegistry
+    restart: unless-stopped
+    environment:
+      SPRING_PROFILES_ACTIVE: docker
+    networks:
+      - develop
+    ports:
+      - 9050:8080
+    # mount a local `account_private_key.pem` into the container.
+    volumes:
+      - ./cert/account_private_key.pem:/app/resources/cert/private_key.pem
+
+  management:
+    image: ghcr.io/swordsteel/hlaeja-management:0.3.0
+    container_name: Management
+    restart: unless-stopped
+    environment:
+      SPRING_PROFILES_ACTIVE: docker
+    networks:
+      - develop
+    ports:
+      - 9060:8080
+    # mount a local `account_public_key.pem` into the container.
+    volumes:
+      - ./cert/account_public_key.pem:/app/resources/cert/public_key.pem

doc/dependency.md

@@ -0,0 +1,160 @@
+# Hlæja dependency
+
+## Build Release Order
+
+*need to make pipeline for this.*
+
+Level 1
+
+- hlaeja-version-catalog
+
+Level 2
+
+- hlaeja-core-plugin
+
+Level 3
+
+- hlaeja-common-plugin
+
+Level 4
+
+- hlaeja-common-messages
+- hlaeja-jwt
+- test-library
+
+Level 5
+
+- hlaeja-account-registry
+- hlaeja-device-registry
+- hlaeja-device-configuration
+- hlaeja-device-data
+- hlaeja-device-api
+- hlaeja-registry-api
+- hlaeja-management
+
+## Service dependency
+
+```mermaid
+graph TD
+;
+
+  subgraph BE[Backend Services]
+    subgraph HDR[Hlæja Device Registry]
+      HDRS[Service] --> HDRD[(Postgres)]
+    end
+    subgraph HDD[Hlæja Device Data]
+      HDDS[Service] --> HDDD[(InfluxDB)]
+    end
+    subgraph HDC[Hlæja Device Configuration]
+      HDCS[Service] --> HDCD[(Cassandra)]
+    end
+    subgraph HAR[Hlæja Account Registry]
+      HARS[Service] --> HARD[(Postgres)]
+    end
+  end
+  subgraph HDA[Hlæja Device API]
+    HDAS[Service] --> HDAR[(Redis)]
+  end
+  subgraph HRA[Hlæja Registry API]
+    HRAS[Service]
+  end
+  subgraph HM[Hlæja Management]
+    HMS[Service] -.-> HMR[(Redis)]
+  end
+
+
+  HM --> HAR
+  HM --> HDR
+  HM -.-> HDC
+
+  HRA --> HAR
+  HRA --> HDR
+
+  HDA --> HDR
+  HDA --> HDC
+  HDA --> HDD
+```
+
+## Library and Gradle plugin dependency
+
+```mermaid
+graph RL
+;
+
+  CP[Core Plugin]
+  subgraph SCP [Common Plugin]
+    PL[Plugin Library]
+    PLM[Plugin Library Manifest]
+    PLP[Plugin Library Publish]
+    PCo[Plugin Common]
+    PCoD[Plugin Common Detekt]
+    PCoK[Plugin Common Ktlint]
+    PCe[Plugin Certificate]
+    PS[Plugin Service]
+    PSC[Plugin Service Container]
+    PSIT[Plugin Service Integration Test]
+    PSPR[Plugin Service Process Resource]
+  end
+  
+  PLM --> PL
+  PLP --> PL
+  PCo ---> PL
+  PCoD --> PCo
+  CP ---> PCo
+  PCoK --> PCo
+  PCo ---> PS
+  PSC --> PS
+  PSIT --> PS
+  PSPR --> PS
+
+  CML[Common Messages Library]
+  PL --> CML
+
+  JL[JWT Library]
+  PL --> JL
+
+  TL[Test Library]
+  PL --> TL
+
+  DRS[Device Registry Service]
+  PS --> DRS
+  PCe --> DRS
+  TL -.-> DRS
+  CML --> DRS
+  JL --> DRS
+
+  DDS[Device Data Service]
+  PS --> DDS
+  TL -.-> DDS
+  CML --> DDS
+
+  DCS[Device Configuration Service]
+  TL -.-> DCS
+  PS --> DCS
+  CML --> DCS
+
+  AS[Account Service]
+  TL --> AS
+  CML --> AS
+  PS --> AS
+  PCe --> AS
+  JL --> AS
+
+  DAS[Device API Service]
+  PS --> DAS
+  CML --> DAS
+  JL --> DAS
+  PCe --> DAS
+
+  RAS[Registry API Service]
+  CML --> RAS
+  JL --> RAS
+  PS --> RAS
+  PCe --> RAS
+
+  MUS[Management UI Service]
+  CML --> MUS
+  JL --> MUS
+  PS --> MUS
+  PCe -.-> MUS
+```

doc/docker_database.md

@@ -0,0 +1,48 @@
+# Hlæja databases
+
+## InfluxDB
+
+InfluxDB is a high-performance time series database designed to handle large volumes of time-stamped data. It is commonly used for monitoring, analytics, and IoT applications, where data points are associated with timestamps (e.g., sensor readings, system metrics).
+
+### Environment
+
+```text
+DOCKER_INFLUXDB_INIT_MODE: setup
+DOCKER_INFLUXDB_INIT_USERNAME: influx
+DOCKER_INFLUXDB_INIT_PASSWORD: password
+DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: influxdbToken==
+DOCKER_INFLUXDB_INIT_ORG: hlaeja_ltd
+DOCKER_INFLUXDB_INIT_BUCKET: device-data
+```
+
+## PostgreSQL
+
+PostgreSQL is a powerful, open-source relational database management system (RDBMS). Known for its reliability and advanced features, it supports SQL for querying and managing data, along with extensive functionality for scalability and extensibility.
+
+### Environment
+
+```text
+POSTGRES_USER: postgres
+POSTGRES_PASSWORD: password
+```
+
+## Apache Cassandra
+
+Apache Cassandra is a distributed NoSQL database designed for handling large amounts of data across many commodity servers with no single point of failure. It is optimized for high availability, scalability, and fault tolerance.
+
+### Environment
+
+```text
+CASSANDRA_USER: cassandra
+CASSANDRA_PASSWORD: password
+```
+
+## Redis
+
+Redis is an in-memory data store that can be used as a database, message broker, or cache layer. It is designed for high performance and low latency, making it suitable for real-time web applications.
+
+### Environment
+
+```text
+REDIS_PASSWORD: password
+```

doc/docker_hlaeja.md

@@ -0,0 +1,116 @@
+# Hlæja Services
+
+## Device Data
+
+### Environment
+
+```text
+SPRING_PROFILES_ACTIVE: docker
+INFLUXDB_TOKEN: influxdbToken==
+```
+
+## Device Registry
+
+### Environment
+
+```text
+SPRING_R2DBC_URL: r2dbc:postgresql://localhost:5432/device_registry
+SPRING_R2DBC_USERBAME: services
+SPRING_R2DBC_PASSWORD: password
+JWT_PRIVATE_KEY: cert/private_key.pem
+```
+
+### Volume
+
+Mount a local private key into the container. Read [`rsa_key.md`](./rsa_key.md) for how to generate.
+
+```text
+volumes:
+  - ./cert/device_private_key.pem:/app/resources/cert/private_key.pem
+```
+
+## Device API
+
+### Environment
+
+```text
+SPRING_PROFILES_ACTIVE: docker
+```
+
+### Volume
+
+Mount a local public key into the container. Read [rsa_key.md](./rsa_key.md) for how to generate.
+
+Mount a local keystore into the container. Read [keystore.md](./keystore.md) for how to generate.
+
+```text
+volumes:
+  - ./cert/device_public_key.pem:/app/resources/cert/public_key.pem
+  - ./cert/device_api_keystore.p12:/app/resources/cert/keystore.p12
+```
+
+## Device Configuration
+
+### Environment
+
+```text
+SPRING_PROFILES_ACTIVE: docker
+```
+
+## Registry API
+
+### Environment
+
+```text
+SPRING_PROFILES_ACTIVE: docker
+```
+
+### Volume
+
+Mount a local public key into the container. Read [rsa_key.md](./rsa_key.md) for how to generate.
+
+Mount a local keystore into the container. Read [keystore.md](./keystore.md) for how to generate.
+
+```text
+volumes:
+  - ./cert/account_public_key.pem:/app/resources/cert/public_key.pem
+  - ./cert/registry_api_keystore.p12:/app/resources/cert/keystore.p12
+```
+
+## Account Registry
+
+### Environment
+
+
+```text
+SPRING_R2DBC_URL: r2dbc:postgresql://localhost:5432/account_registry
+SPRING_R2DBC_USERBAME: services
+SPRING_R2DBC_PASSWORD: password
+JWT_PRIVATE_KEY: cert/private_key.pem
+```
+
+### Volume
+
+Mount a local private key into the container. Read [`rsa_key.md`](./rsa_key.md) for how to generate.
+
+```text
+volumes:
+  - ./cert/account_private_key.pem:/app/resources/cert/private_key.pem
+```
+
+## Management
+
+### Environment
+
+```text
+SPRING_PROFILES_ACTIVE: docker
+```
+
+### Volume
+
+Mount a local public key into the container. Read [rsa_key.md](./rsa_key.md) for how to generate.
+
+```text
+volumes:
+  - ./cert/account_public_key.pem:/app/resources/cert/public_key.pem
+```

doc/global_settings.md

@@ -0,0 +1,26 @@
+# Global settings
+
+Hlaeja services utilize Gradle options or environment variables to configure development settings, ensuring our configurations remain organized and secure.
+
+## Overview
+
+By using these methods, we can easily manage access to restricted resources and maintain a consistent configuration across our services. This approach enables us to keep sensitive information separate from our codebase.
+
+## Gradle properties
+
+To access repositories that require authentication, we set `repository.user` and `repository.token` properties in the `gradle.properties` file. To do this:
+
+1. Open or create the `gradle.properties` file in your Gradle user home directory:
+
+   - On Unix-like systems (Linux, macOS), this is typically located at `~/.gradle/`.
+   - On Windows, this is typically located at `C:\Users\<YourUsername>\.gradle\`.
+
+2. Add the following settings to the `gradle.properties` file:
+    ```properties
+    repository.user=your_user
+    repository.token=your_token_value
+    ```
+
+## Environment variables 
+
+Alternatively, you can use `REPOSITORY_USER` and `REPOSITORY_TOKEN` environment variables to pass credentials to the application. These variables can be set in your system environment or through your IDE.

doc/k8s-docker-registry.md

@@ -0,0 +1,37 @@
+# K8s Docker Registry Configuration
+
+**How to make JSON Configuration**
+
+```json=
+{
+  "auths": {
+    "<your-registry>": {
+      "username": "<your-username>",
+      "password": "<your-password>",
+      "email": "<your-email@example.com>",
+      "auth": "<base64-of-your-username:your-password>"
+    }
+  }
+}
+```
+
+**Replace Values**
+
+- **Replace** <your-registry>: Use the hostname of your Gitea instance (e.g., registry.example.com).
+- **Replace** <your-username>: Use your Gitea username (e.g., user1).
+- **Replace** <your-password>: Use your Gitea personal access token generated with read:package scope (e.g., abc123).
+- **Replace** <your-email>: Use your email address (e.g., user1@example.com).
+
+**Linux Command**
+
+```bash
+echo -n 'your-username:your-password' | base64 -w 0
+```
+
+witch gives `eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk` then we use it in the `auth`
+
+```bash
+echo -n '{"auths":{"<your-registry>":{"username":"your-username","password":"your-password","email":"your-email","auth":"eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk"}}}' | base64 -w 0
+```
+
+witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=`

doc/k8s-testing.md

@@ -0,0 +1,583 @@
+# Hlæja K8s
+
+## Table of Contents
+
+<!-- TOC -->
+* [Hlæja K8s](#hlæja-k8s)
+  * [Table of Contents](#table-of-contents)
+  * [Initialize](#initialize)
+    * [Namespace](#namespace)
+    * [Registry Secret](#registry-secret)
+    * [JSON Web Token (JWT)](#json-web-token-jwt)
+    * [Keystore](#keystore)
+  * [Databases](#databases)
+    * [Postgres](#postgres)
+      * [Secret](#secret)
+      * [Config Map](#config-map)
+      * [Stateful Set](#stateful-set)
+      * [Service](#service)
+    * [Cassandra](#cassandra)
+      * [Stateful Set](#stateful-set-1)
+      * [Service](#service-1)
+    * [InfluxDb](#influxdb)
+      * [Secret](#secret-1)
+      * [Config Map](#config-map-1)
+      * [Stateful Set](#stateful-set-2)
+      * [Service](#service-2)
+    * [Redis](#redis)
+      * [Stateful Set](#stateful-set-3)
+      * [Service](#service-3)
+  * [Hlæja](#hlæja)
+    * [Account Register](#account-register)
+      * [Secret](#secret-2)
+      * [Config Map](#config-map-2)
+      * [Deployment](#deployment)
+      * [Service](#service-4)
+    * [Device Register](#device-register)
+      * [Secret](#secret-3)
+      * [Config Map](#config-map-3)
+      * [Deployment](#deployment-1)
+      * [Service](#service-5)
+    * [Device Configuration](#device-configuration)
+      * [Secret](#secret-4)
+      * [Config Map](#config-map-4)
+      * [Deployment](#deployment-2)
+      * [Service](#service-6)
+    * [Device Data](#device-data)
+      * [Secret](#secret-5)
+      * [Config Map](#config-map-5)
+      * [Deployment](#deployment-3)
+      * [Service](#service-7)
+    * [Device API](#device-api)
+      * [Config Map](#config-map-6)
+      * [Deployment](#deployment-4)
+      * [Service](#service-8)
+    * [Registry API](#registry-api)
+      * [Config Map](#config-map-7)
+      * [Deployment](#deployment-5)
+      * [Service](#service-9)
+<!-- TOC -->
+
+----
+
+## Initialize
+
+### Namespace
+
+Create the Namespace for the environment.
+
+```bash
+kubectl apply -f .\kube\01-initialize\01-namespace.yaml
+```
+
+---
+
+### Registry Secret
+
+Create [Docker Registry Configuration](./k8s-docker-registry.md) secret.
+
+```bash
+kubectl apply -f .\kube\01-initialize\02-registry-secret.yaml
+```
+
+---
+
+### JSON Web Token (JWT)
+
+For JWT we are using public and private keys, read more about [RSA keys](./rsa_key.md).
+
+Account private key for account service to make access token.
+
+```bash
+kubectl apply -f .\kube\01-initialize\03-account-jwt-private-key-secret.yaml
+```
+
+Account public key for all services identifying users
+
+```bash
+kubectl apply -f .\kube\01-initialize\04-account-jwt-public-key-secret.yaml
+```
+
+Device private key for device service to make device token.
+
+```bash
+kubectl apply -f .\kube\01-initialize\05-device-jwt-private-key-secret.yaml
+```
+
+Device public key for all services identifying devices
+
+```bash
+kubectl apply -f .\kube\01-initialize\06-device-jwt-public-key-secret.yaml
+```
+
+---
+
+### Keystore
+
+Keystore with password read more about [Keystore.p12](./keystore.md).
+
+check cert:
+
+```
+keytool -list -v -storetype PKCS12 -keystore keystore.p12 -storepass <password>
+```
+
+option:
+
+```
+kubectl create secret generic <name> \
+  --from-file=keystore.p12=<keystore.p12> \
+  --from-literal=keystore-password=<your-keystore-password> \
+  -n <namespace>
+```
+
+Device API Keystore
+```bash
+kubectl apply -f .\kube\01-initialize\07-device-api-keystore.yaml
+```
+
+Registry API Keystore
+```bash
+kubectl apply -f .\kube\01-initialize\08-register-api-keystore.yaml
+```
+
+---
+
+## Databases
+
+### Postgres
+
+Remember that you don't run replicas but many instances with its own storage and service.
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\01-secret.yaml
+```
+
+Set values:
+
+- postgres root password
+
+using something a bit more secure `SCRAM-SHA-256$4096:f/IWlCTGdMT9qOjQlPbWtA==$qePy5ArW+7ykg3yHqW7qYH0j2384OIoV2IcBcz0mIRM=:KuU1xgnAVtOVpCZhdUJlI8F7Viz0ApmYxYEo5yXNCW0=` in this case we use `password`, to make this... use postgres to make a user and password, copy this value and now will use as admin password.
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\02-configmap.yaml
+```
+
+Set values:
+
+- postgres root user
+
+#### Stateful Set
+
+This is the specifications for postgres.
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\03-statefulset.yaml
+```
+
+Set storage size for permanent storage
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\04-service.yaml
+```
+
+---
+
+### Cassandra
+
+For now... run basic cassandra, we need to add authentication later.
+
+to get a clean cassandra configuration:
+
+```bash
+docker run --rm cassandra:5.0 cat /etc/cassandra/cassandra.yaml > cassandra-default.yaml
+```
+
+modify `authenticator` and `authorizer` and som how get that change inside... local file get to big 262144 bytes limitation.
+
+some help things for later
+
+```bashe
+kubectl exec -it -n hlaeja cassandra-0 -- bash
+```
+
+run one of this
+
+```bash
+nodetool status
+```
+
+or
+
+```bash
+cqlsh
+SELECT data_center FROM system.local;
+```
+
+#### Stateful Set
+
+This is the specifications for cassandra.
+
+```bash
+kubectl apply -f .\kube\02-databases\02-cassandra\01-statefulset.yaml
+```
+
+Set storage size for permanent storage
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\02-cassandra\02-service.yaml
+```
+
+---
+
+### InfluxDb
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\02-databases\03-influxdb\01-secret.yaml
+```
+
+Set values:
+
+- influx root password
+- influx token
+
+using something a bit more secure `SCRAM-SHA-256$4096:f/IWlCTGdMT9qOjQlPbWtA==$qePy5ArW+7ykg3yHqW7qYH0j2384OIoV2IcBcz0mIRM=:KuU1xgnAVtOVpCZhdUJlI8F7Viz0ApmYxYEo5yXNCW0=` in this case we use `password`, to make this... use postgres to make a user and password, copy this value and now will use as admin password.
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\02-databases\03-influxdb\02-configmap.yaml
+```
+
+Set values:
+
+- influx root username
+- influx mode
+- influx organisation
+- influx bucket
+
+#### Stateful Set
+
+This is the specifications for influxdb.
+
+```bash
+kubectl apply -f .\kube\02-databases\03-infulxdb\03-statefulset.yaml
+```
+
+Set storage size for permanent storage
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\03-infulxdb\04-service.yaml
+```
+
+---
+
+### Redis
+
+For now... run basic redis, we need to add authentication, replication later? need to think mor about this later.
+
+#### Stateful Set
+
+This is the specifications for redis.
+
+```bash
+kubectl apply -f  .\kube\02-databases\04-redis\01-statefulset.yaml
+```
+
+Set storage size for permanent storage.
+
+did add storage for restarts and some limits.
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\04-redis\02-service.yaml
+```
+
+---
+
+## Hlæja
+
+To access service use `kubectl exec -it <pod-name> -n hlaeja -- /bin/sh`
+
+To tail a service log use `kubectl logs -f <pod-name> -n hlaeja`
+
+### Account Register
+
+This is only a ***concept*** and exist for testing rest of system. this need to be ***rewritten***.
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\01-secret.yaml
+```
+
+Set values:
+
+- postgres password
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- postgres username
+- postgres url
+- account private jwt file location
+
+#### Deployment
+
+Account Registry Service, using `account-jwt-private-key`
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\04-service.yaml
+```
+
+---
+
+### Device Register
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\01-secret.yaml
+```
+
+Set values:
+
+- postgres password
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- postgres username
+- postgres url
+- device private jwt file location
+
+#### Deployment
+
+Account Registry Service, using `account-jwt-private-key`
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\04-service.yaml
+```
+
+---
+
+### Device Configuration
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\01-secret.yaml
+```
+
+Set values:
+
+- cassandra password (db have not turned this on yet)
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- cassandra username (db have not turned this on yet)
+- cassandra contact points
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\04-service.yaml
+```
+
+---
+
+### Device Data
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\01-secret.yaml
+```
+
+Set values:
+
+- influxdb token
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- influxdb url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\04-service.yaml
+```
+
+---
+
+### Device API
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- spring data redis database
+- spring data redis host
+- device configuration url
+- device data url
+- device register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\03-service.yaml
+```
+
+---
+
+### Registry API
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- device register url
+- registry register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\03-service.yaml
+```
+
+---
+
+# Management
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- spring data redis database
+- spring data redis host
+- device register url
+- registry register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\03-service.yaml
+```

doc/keystore.md

@@ -0,0 +1,46 @@
+# Generate Keystore
+
+### Generate Keystores
+
+To generate a keystore for our API's and web manager, which is used to enable HTTPS, you can use the following command:
+
+```shell
+keytool -genkeypair -alias <service> -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=<domain>" -keypass <password> -keystore ./cert/<keystore>.p12 -storetype PKCS12 -storepass <password>
+```
+
+This command generates a keystore with the following properties:
+
+* \<service>: The alias for the service (e.g. device-api)
+* \<domain>: The domain name for the service (e.g. deviceapi)
+* \<password>: The password for the keystore and private key
+* ./cert/\<keystore>.p12: The file path and name for the generated keystore
+
+### Export the public certificate
+
+Once you have generated a keystore, you can export the public certificate using the following command:
+
+```shell
+keytool -export -alias <service> -keystore ./cert/<keystore>.p12 -storepass <password> -file ./cert/<domain>.cer -rfc
+```
+
+This command exports the public certificate with the following properties:
+
+* \<service>: The alias for the service (e.g. device-api)
+* \<keystore>: The keystore file containing the private key and certificate (e.g. ./cert/deviceapi.p12)
+* \<password>: The password for the keystore
+* \<domain>: The domain name for the exported certificate file (e.g. deviceapi.cer)
+* ./cert/\<domain>.cer: The file path and name for the exported public certificate
+
+The exported public certificate is then used on devices to establish a secure connection to our API. Specifically, the certificate is installed on devices to enable them to trust our API's SSL/TLS connection, allowing for encrypted communication between the device and our API.
+
+Note: Make sure to update your hosts file with an entry for the domain name (e.g. 127.0.0.1 deviceapi) to enable local development.
+
+1. Open `hosts` file:
+
+   * On Unix-like systems (Linux, macOS), this directory is typically `/etc/hosts`.
+   * On Windows, this directory is typically `%SystemRoot%\System32\drivers\etc\hosts`.
+
+2. Add the following lines to the `hosts` file:
+    ```text
+    127.0.0.1	deviceapi		# Hlæja Device API
+    ```

doc/rsa_key.md

@@ -3,13 +3,13 @@
 OpenSSL Project is dedicated to providing a simple installation of OpenSSL for Microsoft Windows.
 [Download](https://slproweb.com/products/Win32OpenSSL.html)
 
-Generate an RSA private key, of size 2048, and output it to a file named `identity_private_key.pem` in to `./keys`
+Generate an RSA private key, of size 2048, and output it to a file named `identity_private_key.pem` in to `./cert`
 
 ```shell
 openssl genrsa -out identity_private_key.pem 2048
 ```
 
-Extract the public key from `identity_private_key.pem` from `./keys`, and output it to a file named `identity_public_key.pem` in to `./keys`
+Extract the public key from `identity_private_key.pem` from `./cert`, and output it to a file named `identity_public_key.pem` in to `./cert`
 
 ```shell
 openssl rsa -in identity_private_key.pem -pubout -out identity_public_key.pem

helm/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/README.md

@@ -0,0 +1,49 @@
+# Hlæja Helm
+
+Copy `helmfile.yaml-dev` to `helmfile.yaml` and start to add your environment.
+
+## Set up helm environment
+
+how to set up [Enviorment](./values/README.md)
+
+## Command using kubectl and helmfile
+
+> ⚠️**Warning:** always use `--selector namespace=<releasesEnviorment>` when running `helmfile` or **risk** lose it all!!! ⚠️
+
+> **Info:** limit even more by using `--selector namespace=<releasesEnviorment>,name=<releasesName>`
+
+**Info:** Create everything for a name space
+
+```shell
+helmfile --selector namespace=testing apply
+```
+
+⚠️**Warning:** Destroy everything for a name space
+
+```shell
+helmfile --selector namespace=testing destroy
+```
+
+**Info:** Create initialize for a name space
+
+```shell
+helmfile --selector namespace=testing,name=initialize apply
+```
+
+⚠️**Warning:** Destroy initialize for a name space
+
+```shell
+helmfile --selector namespace=testing,name=initialize destroy
+```
+
+**Info:** Get status
+
+```shell
+kubectl get secret,cm,pvc,pod,svc -n testing
+```
+
+⚠️**Warning:** Delete everything!
+
+```shell
+kubectl delete ns testing
+```

helm/charts/01-secrets/Chart.yaml

@@ -0,0 +1,5 @@
+# Chart.yaml
+apiVersion: v2
+name: hlaeja-secret
+description: A Helm chart for the hlaeja docker register, jwt, and keystore
+version: 0.1.0

helm/charts/01-secrets/templates/01-docker-registry.yaml

@@ -0,0 +1,13 @@
+{{- range .Values.secrets.dockerRegistry }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    environment: {{ $.Values.environment }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ .dockerRegistryConfigJson | quote }}
+---
+{{- end }}

helm/charts/01-secrets/templates/02-json-web-token.yaml

@@ -0,0 +1,15 @@
+{{- range .Values.secrets.jwt }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: {{ .app }}
+    environment: {{ $.Values.environment }}
+    tier: {{ .tier }}
+type: Opaque
+data:
+  {{ .jwtFilename }}: {{ .jwtFile | quote }}
+---
+{{- end }}

helm/charts/01-secrets/templates/03-keystore.yaml

@@ -0,0 +1,16 @@
+{{- range .Values.secrets.keystore }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: {{ .app }}
+    environment: {{ $.Values.environment }}
+    tier: {{ .tier }}
+type: Opaque
+data:
+  keystore.p12: {{ .keystoreFile | quote }}
+  keystore-password: {{ .keystorePassword | b64enc | quote }}
+---
+{{- end }}

helm/charts/01-secrets/values.yaml

@@ -0,0 +1,46 @@
+namespace: hlaeja-testing
+environment: testing
+
+secrets:
+
+  # Look at /doc/k8s-docker-registry.md to make these values
+  dockerRegistry:
+#    - name: dockerRegistry
+#      dockerRegistryConfigJson: DockerRegistryBase64==
+
+  # Look at /doc/rsa_key.md to make these values (we use rsa so and need a public and privet key)
+  jwt:
+#    - name: account-jwt-private-key
+#      app: account-register
+#      tier: backend
+#      jwtFilename: private_key.pem
+#      jwtFile: AccountJwtPrivateKeyFileBase64==
+#    - name: account-jwt-public-key
+#      app: account-register
+#      tier: frontend
+#      jwtFilename: private_key.pem
+#      jwtFile: AccountJwtPublicKeyFileBase64==
+#    - name: device-jwt-private-key
+#      app: device-register
+#      tier: backend
+#      jwtFilename: private_key.pem
+#      jwtFile: DeviceJwtPrivateKeyFileBase64==
+#    - name: device-jwt-public-key
+#      app: device-register
+#      tier: frontend
+#      jwtFilename: private_key.pem
+#      jwtFile: DeviceJwtPublicKeyFileBase64==
+
+  # Look at /doc/keystore.md to make these values
+  keystore:
+#    - name: device-api-keystore
+#      app: device-api
+#      tier: frontend
+#      keystorePassword: ServiceKeystorePassword
+#      keystoreFile: ServiceKeystoreFileBase64==
+#    - name: registry-api-keystore
+#      app: registry-api
+#      tier: frontend
+#      keystorePassword: ServiceKeystorePassword
+#      keystoreFile: ServiceKeystoreFileBase64==
+

helm/charts/02-dependency/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+name: hlaeja-dependency
+description: A Helm chart for the hlaeja dependency chart wrapper
+version: 0.1.0
+
+dependencies:
+
+  # https://artifacthub.io/packages/helm/bitnami/postgresql
+  - name: postgresql
+    version: 16.7.21
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/cassandra
+  - name: cassandra
+    version: 12.3.9
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/influxdb
+  - name: influxdb
+    version: 6.6.16
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/redis
+  - name: redis
+    version: 21.2.13
+    repository: "oci://registry-1.docker.io/bitnamicharts"

helm/charts/02-dependency/values.yaml

@@ -0,0 +1,76 @@
+postgresql:
+  auth:
+    postgresPassword: mySecretPassword
+  primary:
+    persistence:
+      size: 10Gi
+    resources:
+      requests:
+        memory: 512Mi
+        cpu: 250m
+#    service:
+#      type: LoadBalancer
+#      loadBalancerIP: 10.0.3.31
+
+cassandra:
+  cluster:
+    name: hlaeja-cassandra
+  dbUser:
+    password: mySecretPassword
+  persistence:
+    enabled: true
+    size: 10Gi
+  resources:
+    requests:
+      cpu: 250m
+      memory: 512Mi
+#  service:
+#    type: LoadBalancer
+#    loadBalancerIP: 10.0.3.32
+
+influxdb:
+  auth:
+    admin:
+      username: influxdb
+      password: mySecretPassword
+      token: influxdbAdminToken==
+    user:
+      username: service
+      password: mySecretPassword
+      token: influxdbServiceToken==
+      org: hlaeja
+      bucket: device-data
+  persistence:
+    enabled: true
+    size: 10Gi
+  resources:
+    requests:
+      memory: 512Mi
+      cpu: 250m
+  influxdb:
+    service:
+      extraPorts:
+        - name: http-alt
+          port: 80
+          targetPort: 8086
+          protocol: TCP
+#      type: LoadBalancer
+#      loadBalancerIP: 10.0.3.33
+
+redis:
+  architecture: standalone
+  auth:
+    enabled: true
+    password: mySecretPassword
+  resources:
+    requests:
+      cpu: 250m
+      memory: 256Mi
+  master:
+    persistence:
+      enabled: true
+      size: 1Gi
+#    service:
+#      type: LoadBalancer
+#      loadBalancerIP: 10.0.3.34
+

helm/charts/03-account-registry/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-account-registry
+description: A Helm chart for the hlaeja account registry
+version: 0.1.0

helm/charts/03-account-registry/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-register-environment
+  labels:
+    app: account-register
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  SPRING_R2DBC_PASSWORD: {{ .Values.secrets.r2dbcPassword | b64enc | quote }}

helm/charts/03-account-registry/templates/02-configmap.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: account-register-environment
+  labels:
+    app: account-register
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_R2DBC_URL: {{ .Values.config.r2dbcUrl | quote }}
+  SPRING_R2DBC_USERNAME: {{ .Values.config.r2dbcUsername | quote }}
+  JWT_PRIVATE_KEY: "cert/{{ .Values.jwtPrivetKey.filename }}"

helm/charts/03-account-registry/templates/03-deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: account-register
+  labels:
+    app: account-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: account-register
+  template:
+    metadata:
+      labels:
+        app: account-register
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: account-register-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: account-register-environment
+            - secretRef:
+                name: account-register-environment
+          volumeMounts:
+            - name: jwt-key-volume
+              mountPath: /app/resources/cert
+              readOnly: true
+          ports:
+            - containerPort: 8080
+      volumes:
+        - name: jwt-key-volume
+          secret:
+            secretName: {{ .Values.jwtPrivetKey.name }}
+            items:
+              - key: {{ .Values.jwtPrivetKey.filename }}
+                path: {{ .Values.jwtPrivetKey.filename }}

helm/charts/03-account-registry/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: account-register
+  labels:
+    app: account-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: account-register
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/03-account-registry/values.yaml

@@ -0,0 +1,19 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.21
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-account-registry:0.1.0
+
+secrets:
+  r2dbcPassword: "password"
+
+config:
+  profiles: testing
+  r2dbcUrl: r2dbc:postgresql://dependency-postgresql:5432/account_registry
+  r2dbcUsername: services
+
+jwtPrivetKey:
+  name: account-jwt-private-key
+  filename: private_key.pem

helm/charts/04-device-registry/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-register
+description: A Helm chart for the hlaeja device registry
+version: 0.1.0

helm/charts/04-device-registry/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-register-environment
+  labels:
+    app: device-register
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  SPRING_R2DBC_PASSWORD: {{ .Values.secrets.r2dbcPassword | b64enc | quote }}

helm/charts/04-device-registry/templates/02-configmap.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-register-environment
+  labels:
+    app: device-register
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_R2DBC_URL: {{ .Values.config.r2dbcUrl | quote }}
+  SPRING_R2DBC_USERNAME: {{ .Values.config.r2dbcUsername | quote }}
+  JWT_PRIVATE_KEY: "cert/{{ .Values.jwtPrivetKey.filename }}"

helm/charts/04-device-registry/templates/03-deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-register
+  labels:
+    app: device-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-register
+  template:
+    metadata:
+      labels:
+        app: device-register
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-register-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-register-environment
+            - secretRef:
+                name: device-register-environment
+          volumeMounts:
+            - name: jwt-key-volume
+              mountPath: /app/resources/cert
+              readOnly: true
+          ports:
+            - containerPort: 8080
+      volumes:
+        - name: jwt-key-volume
+          secret:
+            secretName: {{ .Values.jwtPrivetKey.name }}
+            items:
+              - key: {{ .Values.jwtPrivetKey.filename }}
+                path: {{ .Values.jwtPrivetKey.filename }}

helm/charts/04-device-registry/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-register
+  labels:
+    app: device-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-register
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/04-device-registry/values.yaml

@@ -0,0 +1,19 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.22
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-registry:0.1.0
+
+secrets:
+  r2dbcPassword: "password"
+
+config:
+  profiles: testing
+  r2dbcUrl: r2dbc:postgresql://dependency-postgresql:5432/device_registry
+  r2dbcUsername: services
+
+jwtPrivetKey:
+  name: device-jwt-private-key
+  filename: private_key.pem

helm/charts/05-device-configuration/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-configuration
+description: A Helm chart for the hlaeja device configuration
+version: 0.1.0

helm/charts/05-device-configuration/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-configuration-environment
+  labels:
+    app: device-configuration
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  SPRING_CASSANDRA_PASSWORD: {{ .Values.secrets.cassandraPassword | b64enc | quote }}

helm/charts/05-device-configuration/templates/02-configmap.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-configuration-environment
+  labels:
+    app: device-configuration
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_CASSANDRA_CONTACT_POINTS: {{ .Values.config.cassandraContactPoints | quote }}
+  SPRING_CASSANDRA_USERNAME: {{ .Values.config.cassandraUsername | quote }}

helm/charts/05-device-configuration/templates/03-deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-configuration
+  labels:
+    app: device-configuration
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-configuration
+  template:
+    metadata:
+      labels:
+        app: device-configuration
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-configuration-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-configuration-environment
+            - secretRef:
+                name: device-configuration-environment
+          ports:
+            - containerPort: 8080

helm/charts/05-device-configuration/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-configuration
+  labels:
+    app: device-configuration
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-configuration
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/05-device-configuration/values.yaml

@@ -0,0 +1,15 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.23
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-configuration:0.1.0
+
+secrets:
+  cassandraPassword: "password"
+
+config:
+  profiles: testing
+  cassandraContactPoints: dependency-cassandra
+  cassandraUsername: service

helm/charts/06-device-data/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-data
+description: A Helm chart for the hlaeja device data
+version: 0.1.0

helm/charts/06-device-data/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-data-environment
+  labels:
+    app: device-data
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  INFLUXDB_TOKEN: {{ .Values.secrets.influxdbToken | b64enc | quote }}

helm/charts/06-device-data/templates/02-configmap.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-data-environment
+  labels:
+    app: device-data
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  INFLUXDB_URL: {{ .Values.config.influxdbUrl | quote }}
+  {{- if and .Values.config.influxdbBucket (ne .Values.config.influxdbBucket "") }}
+  INFLUXDB_BUCKET: {{ .Values.config.influxdbBucket | quote }}
+  {{- end }}
+  {{- if and .Values.config.influxdbOrg (ne .Values.config.influxdbOrg "") }}
+  INFLUXDB_ORG: {{ .Values.config.influxdbOrg | quote }}
+  {{- end }}

helm/charts/06-device-data/templates/03-deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-data
+  labels:
+    app: device-data
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-data
+  template:
+    metadata:
+      labels:
+        app: device-data
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-data-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-data-environment
+            - secretRef:
+                name: device-data-environment
+          ports:
+            - containerPort: 8080

helm/charts/06-device-data/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-data
+  labels:
+    app: device-data
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-data
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/06-device-data/values.yaml

@@ -0,0 +1,16 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.24
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-data:0.1.0
+
+secrets:
+  influxdbToken: influxdbToken==
+
+config:
+  profiles: testing
+  influxdbUrl: http://dependency-influxdb
+#  influxdbOrg: hlaeja
+#  influxdbBucket: hlaeja_ltd

helm/charts/07-device-api/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-api
+description: A Helm chart for the hlaeja device api
+version: 0.1.0

helm/charts/07-device-api/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-api-environment
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+type: Opaque
+data:
+  SPRING_DATA_REDIS_PASSWORD: {{ .Values.secrets.redisPassword | b64enc | quote }}

helm/charts/07-device-api/templates/02-configmap.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-api-environment
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_DATA_REDIS_DATABASE: {{ .Values.config.redis.database | quote }}
+  SPRING_DATA_REDIS_HOST: {{ .Values.config.redis.host | quote }}
+  DEVICE_CONFIGURATION_URL: {{ .Values.config.deviceConfigurationUrl | quote }}
+  DEVICE_DATA_URL: {{ .Values.config.deviceDataUrl | quote }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}
+
+  # all of this should be preset in application.yaml
+  SERVER_PORT: "8443"
+  SERVER_SSL_ENABLED: "true"
+  SERVER_SSL_KEY_STORE: "/app/resources/cert/keystore.p12"
+  SERVER_SSL_KEY_STORE_TYPE: "PKCS12"
+
+  # This was experimental and should be removed in later versions
+  MANAGEMENT_METRICS_TAGS_APPLICATION: "device-api"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_ENABLED: "false"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_URL: "http://influxdb"
+  # adding this here as it's going to be deleted and is not sued internally
+  MANAGEMENT_INFLUX_METRICS_EXPORT_TOKEN: "invalidInfluxDbToken=="

helm/charts/07-device-api/templates/03-deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-api
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-api
+  template:
+    metadata:
+      labels:
+        app: device-api
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-api-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-api-environment
+            - secretRef:
+                name: device-api-environment
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.keystoreRef }}
+                  key: keystore-password
+          ports:
+            - containerPort: 8443
+          volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
+            - name: jwt-volume
+              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
+              subPath: {{ .Values.jwtPublicKey.filename }}
+              readOnly: true
+      volumes:
+        - name: keystore-volume
+          secret:
+            secretName: {{ .Values.keystoreRef }}
+            items:
+              - key: keystore.p12
+                path: keystore.p12
+        - name: jwt-volume
+          secret:
+            secretName: {{ .Values.jwtPublicKey.name }}
+            items:
+              - key: {{ .Values.jwtPublicKey.filename }}
+                path: {{ .Values.jwtPublicKey.filename }}

helm/charts/07-device-api/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-api
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-api
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 8443

helm/charts/07-device-api/values.yaml

@@ -0,0 +1,26 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.12
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-api:0.1.0
+
+secrets:
+  redisPassword: redisPassword
+
+config:
+  profiles: testing
+  redis:
+    database: 1
+    host: dependency-redis-master
+  deviceConfigurationUrl: http://device-configuration
+  deviceDataUrl: http://device-data
+  deviceRegistryUrl: http://device-register
+
+jwtPublicKey:
+  name: device-jwt-public-key
+  filename: public_key.pem
+
+
+keystoreRef: device-api-keystore

helm/charts/08-registry-api/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-registry-api
+description: A Helm chart for the hlaeja registry api
+version: 0.1.0

helm/charts/08-registry-api/templates/01-configmap.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: registry-api-environment
+  labels:
+    app: registry-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl | quote }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}
+
+  # all of this should be preset in application.yaml
+  SERVER_PORT: "8443"
+  SERVER_SSL_ENABLED: "true"
+  SERVER_SSL_KEY_STORE: "/app/resources/cert/keystore.p12"
+  SERVER_SSL_KEY_STORE_TYPE: "PKCS12"
+
+  # This was experimental and should be removed in later versions
+  MANAGEMENT_METRICS_TAGS_APPLICATION: "register-api"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_ENABLED: "false"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_URL: "http://influxdb"
+  # adding this here as it's going to be deleted and is not sued internally
+  MANAGEMENT_INFLUX_METRICS_EXPORT_TOKEN: "invalidInfluxDbToken=="

helm/charts/08-registry-api/templates/02-deployment.yaml

@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: registry-api
+  labels:
+    app: registry-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: registry-api
+  template:
+    metadata:
+      labels:
+        app: registry-api
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: registry-api-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: registry-api-environment
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.keystoreRef }}
+                  key: keystore-password
+          ports:
+            - containerPort: 8443
+          volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
+            - name: jwt-volume
+              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
+              subPath: {{ .Values.jwtPublicKey.filename }}
+              readOnly: true
+      volumes:
+        - name: keystore-volume
+          secret:
+            secretName: {{ .Values.keystoreRef }}
+            items:
+              - key: keystore.p12
+                path: keystore.p12
+        - name: jwt-volume
+          secret:
+            secretName: {{ .Values.jwtPublicKey.name }}
+            items:
+              - key: {{ .Values.jwtPublicKey.filename }}
+                path: {{ .Values.jwtPublicKey.filename }}

helm/charts/08-registry-api/templates/03-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry-api
+  labels:
+    app: registry-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: registry-api
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 8443

helm/charts/08-registry-api/values.yaml

@@ -0,0 +1,18 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.13
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-registry-api:0.1.0
+
+config:
+  profiles: testing
+  accountRegistryUrl: http://account-register
+  deviceRegistryUrl: http://device-register
+
+jwtPublicKey:
+  name: account-jwt-public-key
+  filename: public_key.pem
+
+keystoreRef: registry-api-keystore

helm/charts/09-management/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-management
+description: A Helm chart for the hlaeja management
+version: 0.1.0

helm/charts/09-management/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: management-environment
+  labels:
+    app: management
+    environment:  {{ .Values.environment }}
+    tier: frontend
+type: Opaque
+data:
+  SPRING_DATA_REDIS_PASSWORD: {{ .Values.secrets.redisPassword | b64enc | quote }}

helm/charts/09-management/templates/02-configmap.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: management-environment
+  labels:
+    app: management
+    environment: {{ .Values.environment }}
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_DATA_REDIS_DATABASE: {{ .Values.config.redis.database | quote }}
+  SPRING_DATA_REDIS_HOST: {{ .Values.config.redis.host | quote }}
+  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl | quote }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}

helm/charts/09-management/templates/03-deployment.yaml

@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: management
+  labels:
+    app: management
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: management
+  template:
+    metadata:
+      labels:
+        app: management
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: management-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: management-environment
+            - secretRef:
+                name: management-environment
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - name: jwt-volume
+              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
+              subPath: {{ .Values.jwtPublicKey.filename }}
+              readOnly: true
+      volumes:
+        - name: jwt-volume
+          secret:
+            secretName: {{ .Values.jwtPublicKey.name }}
+            items:
+              - key: {{ .Values.jwtPublicKey.filename }}
+                path: {{ .Values.jwtPublicKey.filename }}

helm/charts/09-management/templates/03-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: management
+  labels:
+    app: management
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: management
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/09-management/values.yaml

@@ -0,0 +1,22 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.11
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-management:0.1.0
+
+secrets:
+  redisPassword: redisPassword
+
+config:
+  profiles: testing
+  redis:
+    database: 2
+    host: dependency-redis-master
+  accountRegistryUrl: http://account-register
+  deviceRegistryUrl: http://device-register
+
+jwtPublicKey:
+  name: account-jwt-public-key
+  filename: public_key.pem

helm/helmfile.yaml-dev

@@ -0,0 +1,54 @@
+releases:
+  - name: secrets
+    namespace: hlaeja-testing
+    chart: ./charts/01-secrets
+    values: []
+    historyMax: 3
+
+  - name: dependency
+    namespace: hlaeja-testing
+    chart: ./charts/02-dependency
+    values: []
+    historyMax: 3
+
+  - name: account-register
+    namespace: hlaeja-testing
+    chart: ./charts/03-account-registry
+    values: []
+    historyMax: 3
+
+  - name: device-registry
+    namespace: hlaeja-testing
+    chart: ./charts/04-device-registry
+    values: []
+    historyMax: 3
+
+  - name: device-configuration
+    namespace: hlaeja-testing
+    chart: ./charts/05-device-configuration
+    values: []
+    historyMax: 3
+
+  - name: device-data
+    namespace: hlaeja-testing
+    chart: ./charts/06-device-data
+    values: []
+    historyMax: 3
+
+  - name: device-api
+    namespace: hlaeja-testing
+    chart: ./charts/07-device-api
+    values: []
+    historyMax: 3
+
+  - name: registry-api
+    namespace: hlaeja-testing
+    chart: ./charts/08-registry-api
+    values: []
+    historyMax: 3
+
+  - name: management
+    namespace: hlaeja-testing
+    chart: ./charts/09-management
+    values: []
+    historyMax: 3

helm/values/README.md

@@ -0,0 +1,39 @@
+# Hlæja Helm Environment
+
+To make the environment copy `values.yaml` file from `charts/<name>` to `values/<releasesEnviorment>` then change the values you need. or make the file and add the value you like to overwrite.
+
+```
+helm/
+├── helmfile.yaml
+├── values/
+│   ├── <releasesEnviorment>/
+│   │   ├── <name>.yaml
+|   │   └── ...
+│   └── ...
+└── charts/
+    ├── <name>/
+    │   ├── Chart.yaml
+    │   ├── values.yaml
+    │   └── templates/
+    │       └── <template>.yaml
+    └── ...
+```
+
+Then we need to update `helmfile.yaml` one for each environment.
+
+```
+releases:
+  - name: <releasesName>
+    namespace: <releasesEnviorment>
+    chart: ./charts/<name>
+    values: []
+
+  - name: <releasesName>
+    namespace: <releasesEnviorment>
+    chart: ./charts/<name>
+    values: [./values/<environment>/<name>]
+
+  - ...
+```
+
+> **Info:** using default fake base64 values and not specify custom values can break execution.

http/account-registry/account.http

@@ -0,0 +1,41 @@
+### get user by id
+GET {{hostname}}/account-00000000-0000-7000-0000-000000000001
+
+### add user
+POST {{hostname}}/account
+Content-Type: application/json
+
+{
+    "username": "user01010101",
+    "password": "p4ssw0rd",
+    "enabled": true,
+    "roles": [
+        "ROLE_ADMIN",
+        "ROLE_TEST"
+    ]
+}
+
+### update user all information
+PUT {{hostname}}/account-00000000-0000-7000-0000-000000000002
+Content-Type: application/json
+
+{
+    "username": "user",
+    "password": "pass",
+    "enabled": true,
+    "roles": [
+        "ROLE_TEST"
+    ]
+}
+
+### update user information
+PUT {{hostname}}/account-00000000-0000-7000-0000-000000000002
+Content-Type: application/json
+
+{
+    "username": "user",
+    "enabled": true,
+    "roles": [
+        "ROLE_TEST"
+    ]
+}

http/account-registry/accounts.http

@@ -0,0 +1,8 @@
+### Get accounts
+GET {{hostname}}/accounts
+
+### Get accounts by page
+GET {{hostname}}/accounts/page-1
+
+### Get accounts by page and size
+GET {{hostname}}/accounts/page-1/show-1

http/account-registry/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/account-registry/authentication.http

@@ -0,0 +1,44 @@
+### Get admin information
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "admin",
+    "password": "pass"
+}
+
+### Get user information
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "user",
+    "password": "pass"
+}
+
+### Get bad user
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "bad user",
+    "password": "pass"
+}
+
+### Get bad pass
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "user",
+    "password": "bad pass"
+}
+
+### Get disabled user
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "disabled",
+    "password": "pass"
+}

http/account-registry/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9050"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-api/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-api/configuration.http

@@ -0,0 +1,3 @@
+### get configuration
+GET {{hostname}}/configuration
+Identity: {{identity}}

http/device-api/http-client.env.json-dev

@@ -0,0 +1,14 @@
+{
+  "development": {
+    "hostname": "https://localhost:8443",
+    "identity": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "docker": {
+    "hostname": "https://localhost:9000",
+    "identity": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "testing": {
+    "hostname": "https://10.0.x.x",
+    "identity": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  }
+}

http/device-api/measurement.http

@@ -0,0 +1,23 @@
+### get measurement
+GET {{hostname}}/measurement
+Identity: {{identity}}
+
+### add measurement for all
+POST {{hostname}}/measurement
+Content-Type: application/json
+Identity: {{identity}}
+
+{
+  "button0": 0,
+  "button1": 1,
+  "button2": 0
+}
+
+### add measurement for one
+POST {{hostname}}/measurement
+Content-Type: application/json
+Identity: {{identity}}
+
+{
+  "button0": 1
+}

http/device-configuration/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-configuration/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9030"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-configuration/node.http

@@ -0,0 +1,11 @@
+###
+GET {{hostname}}/node-00000000-0000-7000-0000-000000000001
+
+
+### add measurement for one
+PUT {{hostname}}/node-01983d73-3a1e-792e-b910-5673f366fb3b
+Content-Type: application/json
+
+{
+  "configuration": "test"
+}

http/device-data/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-data/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9020"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-data/measurement.http

@@ -0,0 +1,34 @@
+
+
+### add measurement for all
+POST {{hostname}}/client-00000000-0000-7000-0001-000000000001
+Content-Type: application/json
+
+{
+  "tags": {
+    "device": "00000000-0000-7000-0002-000000000001",
+    "node": "00000000-0000-7000-0003-000000000001"
+  },
+  "fields": {
+    "button0": 1,
+    "button1": 0,
+    "button2": 1
+  }
+}
+
+### add measurement for one
+POST {{hostname}}/client-00000000-0000-7000-0001-000000000001
+Content-Type: application/json
+
+{
+  "tags": {
+    "device": "00000000-0000-7000-0002-000000000001",
+    "node": "00000000-0000-7000-0003-000000000001"
+  },
+  "fields": {
+    "button1": 0
+  }
+}
+
+### add measurement
+GET {{hostname}}/client-00000000-0000-7000-0001-000000000001/node-00000000-0000-7000-0003-000000000001

http/device-registry/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-registry/device.http

@@ -0,0 +1,10 @@
+### register device for a type
+POST {{hostname}}/device
+Content-Type: application/json
+
+{
+  "type": "00000000-0000-0000-0000-000000000000"
+}
+
+### register device for a type
+GET {{hostname}}/device-00000000-0000-0000-0000-000000000000

http/device-registry/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9050"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-registry/identity.http

@@ -0,0 +1,2 @@
+### get identity
+GET {{hostname}}/identity/device-00000000-0000-0000-0000-000000000001

http/device-registry/node.http

@@ -0,0 +1,9 @@
+### register node for a client and device with name
+POST {{hostname}}/node
+Content-Type: application/json
+
+{
+  "client": "00000000-0000-0000-0000-000000000000",
+  "device": "01983d72-476e-77ab-9b17-5ba7045b15fa",
+  "name": "my test device"
+}

http/device-registry/type.http

@@ -0,0 +1,20 @@
+### add type
+POST {{hostname}}/type
+Content-Type: application/json
+
+{
+  "name": "Test Device 001",
+  "description": "Description of test device."
+}
+
+### get type by id
+GET {{hostname}}/type-00000000-0000-0000-0000-000000000000
+
+### update type by id
+PUT {{hostname}}/type-00000000-0000-0000-0000-000000000000
+Content-Type: application/json
+
+{
+  "name": "Test Device 001",
+  "description": "Description of test device."
+}

http/device-registry/types.http

@@ -0,0 +1,17 @@
+### get all types
+GET {{hostname}}/types
+
+### get all types
+GET {{hostname}}/types/page-1
+
+### get all types
+GET {{hostname}}/types/page-1/show-2
+
+### get all types
+GET {{hostname}}/types/filter-{filter}
+
+### get all types
+GET {{hostname}}/types/filter-{filter}/page-1
+
+### get all types
+GET {{hostname}}/types/filter-{filter}/page-1/show-2

http/management/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/management/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9060"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/registry-api/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/registry-api/authentication.http

@@ -0,0 +1,8 @@
+### account login
+POST {{hostname}}/login
+Content-Type: application/json
+
+{
+    "username": "admin",
+    "password": "pass"
+}

http/registry-api/http-client.env.json-dev

@@ -0,0 +1,14 @@
+{
+  "development": {
+    "hostname": "https://localhost:8443",
+    "token": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "docker": {
+    "hostname": "https://localhost:9040",
+    "token": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "testing": {
+    "hostname": "https://10.0.x.x",
+    "token": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  }
+}

http/registry-api/registry.http

@@ -0,0 +1,8 @@
+### register device for a type
+POST {{hostname}}/register
+Authorization: Bearer {{token}}
+Content-Type: application/json
+
+{
+  "type": "00000000-0000-0000-0000-000000000000"
+}

kubectl/01-initialize/01-namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: hlaeja
+  labels:
+    environment: testing

kubectl/01-initialize/02-registry-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: github
+  namespace: hlaeja
+  labels:
+    environment: testing
+type: kubernetes.io/dockerconfigjson
+data:
+  # Look at /doc/k8s-docker-registry.md to this value
+  .dockerconfigjson: DockerRegistryBase64==

kubectl/01-initialize/03-account-jwt-private-key-secret.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-jwt-private-key
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  private_key.pem: AccountJwtPrivateKeyFileBase64==
+
+

kubectl/01-initialize/04-account-jwt-public-key-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-jwt-public-key
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: frontend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  public_key.pem: AccountJwtPublicKeyFileBase64==

kubectl/01-initialize/05-device-jwt-private-key-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-jwt-private-key
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: backend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  private_key.pem: DeviceJwtPrivateKeyFileBase64==

kubectl/01-initialize/06-device-jwt-public-key-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-jwt-public-key
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: frontend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  public_key.pem: DeviceJwtPublicKeyFileBase64==