Hlæja concept v0.8.0

update README.md
add helmfile.yaml to .gitignore
rename helmfile.yaml to helmfile.yaml-dev

.gitignore

@@ -1,2 +1,6 @@
 .idea/
-cert/
+compose/cert/
+http/*/http-client.env.json
+helm/values/*/
+helm/charts/02-dependency/Chart.lock
+helm/helmfile.yaml

README.md

@@ -36,10 +36,14 @@ Plugin containing gradle task and setting used by common, library, and service r
 
 Library containing all internal messages for services. GitHub [Hlæja Common Messages](https://github.com/swordsteel/hlaeja-common-messages)
 
-#### Common JWT
+#### JWT
 
 Library containing JWT for services. GitHub [Hlæja JWT](https://github.com/swordsteel/hlaeja-jwt)
 
+#### Test
+
+Library containing test assertion extension and test container annotation. GitHub [Hlæja Test](https://github.com/swordsteel/hlaeja-test)
+
 ### Services
 
 #### Device Data
@@ -65,3 +69,7 @@ API for register devices when flashed. GitHub [Hlæja Registry API](https://gith
 #### Account Registry
 
 Store Information of accounts. GitHub [Hlæja Account Registry](https://github.com/swordsteel/hlaeja-account-registry)
+
+#### Management
+
+Management ui. GitHub [Hlæja Account Registry](https://github.com/swordsteel/hlaeja-management)

compose/development-compose.yml

@@ -0,0 +1,144 @@
+name: development
+
+networks:
+  develop:
+    name: develop
+    external: true
+
+volumes:
+  cassandra:
+  influx-config:
+  influx-data:
+  postgres:
+  redis:
+  kafka:
+
+services:
+
+  influxdb:
+    image: influxdb:2.7.12-alpine
+    container_name: InfluxDB
+    restart: unless-stopped
+    environment:
+      DOCKER_INFLUXDB_INIT_MODE: setup
+      DOCKER_INFLUXDB_INIT_USERNAME: influx
+      DOCKER_INFLUXDB_INIT_PASSWORD: password
+      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: influxdbToken==
+      DOCKER_INFLUXDB_INIT_ORG: hlaeja_ltd
+      DOCKER_INFLUXDB_INIT_BUCKET: device-data
+    networks:
+      - develop
+    ports:
+      - 8086:8086
+    volumes:
+      - influx-data:/var/lib/influxdb2
+      - influx-config:/etc/influxdb2
+
+  postgres:
+    image: postgres:17.5-alpine
+    container_name: PostgreSQL
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD : password
+    ports:
+      - 5432:5432
+    networks:
+      - develop
+    volumes:
+      - postgres:/var/lib/postgresql/data
+
+  cassandra:
+    image: cassandra:5.0.4
+    container_name: Cassandra
+    restart: unless-stopped
+    environment:
+      CASSANDRA_USER: cassandra
+      CASSANDRA_PASSWORD: password
+    networks:
+      - develop
+    ports:
+      - 9042:9042
+    volumes:
+      - cassandra:/var/lib/cassandra
+
+  redis:
+    image: redis:8.0.3-alpine
+    container_name: Redis
+    restart: unless-stopped
+    environment:
+      REDIS_PASSWORD: password
+    networks:
+      - develop
+    ports:
+      - 6379:6379
+    volumes:
+      - redis:/data
+
+  kafka:
+    image: bitnami/kafka:latest
+    container_name: Kafka
+    restart: unless-stopped
+    ports:
+      - 9091:9091
+    environment:
+      # ---- KRaft single-node (broker + controller) ----
+      - KAFKA_ENABLE_KRAFT=yes
+      - KAFKA_CFG_PROCESS_ROLES=broker,controller
+      - KAFKA_CFG_NODE_ID=1
+      - KAFKA_KRAFT_CLUSTER_ID=Q1BGMDAwMDAwMDAwMDAwMA
+      - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER
+      - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=1@kafka:9093
+
+      # ---- Listeners ----
+      # Bind all, three names: INTERNAL (cluster+in-docker clients), EXTERNAL (host clients), CONTROLLER (KRaft)
+      - KAFKA_CFG_LISTENERS=INTERNAL://:9092,EXTERNAL://:9091,CONTROLLER://:9093
+      # How clients discover us:
+      - KAFKA_CFG_ADVERTISED_LISTENERS=INTERNAL://kafka:9092,EXTERNAL://localhost:9091
+      - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,INTERNAL:SASL_PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
+      - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=INTERNAL
+
+      # ---- SASL/PLAIN (no TLS) ----
+      # Enable PLAIN globally and for both listeners
+      - KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN
+      - KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL=PLAIN
+      - KAFKA_CFG_LISTENER_NAME_INTERNAL_SASL_ENABLED_MECHANISMS=PLAIN
+      - KAFKA_CFG_LISTENER_NAME_EXTERNAL_SASL_ENABLED_MECHANISMS=PLAIN
+
+      # Users (Bitnami helper vars wire JAAS for you)
+      - KAFKA_CLIENT_USERS=kafka
+      - KAFKA_CLIENT_PASSWORDS=password
+      - KAFKA_INTER_BROKER_USER=broker
+      - KAFKA_INTER_BROKER_PASSWORD=password
+
+      # Dev-friendly defaults
+      - KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true
+      - KAFKA_CFG_OFFSETS_TOPIC_REPLICATION_FACTOR=1
+      - KAFKA_CFG_TRANSACTION_STATE_LOG_REPLICATION_FACTOR=1
+      - KAFKA_CFG_TRANSACTION_STATE_LOG_MIN_ISR=1
+      - KAFKA_HEAP_OPTS=-Xms512m -Xmx512m
+    volumes:
+      - kafka:/bitnami/kafka
+    networks:
+      - develop
+
+  kafka-ui:
+    image: provectuslabs/kafka-ui:latest
+    container_name: KafkaUi
+    restart: unless-stopped
+    depends_on:
+      - kafka
+    ports:
+      - "9090:8080"
+    environment:
+      # Optional: allow adding clusters dynamically in UI
+      - DYNAMIC_CONFIG_ENABLED=true
+
+      # First cluster: local Docker Kafka
+      - KAFKA_CLUSTERS_0_NAME=local
+      - KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=kafka:9092
+      - KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL=SASL_PLAINTEXT
+      - KAFKA_CLUSTERS_0_PROPERTIES_SASL_MECHANISM=PLAIN
+      - KAFKA_CLUSTERS_0_PROPERTIES_SASL_JAAS_CONFIG=org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="password";
+    networks:
+      - develop

compose/hlaeja-compose.yml

@@ -8,7 +8,7 @@ networks:
 services:
 
   device-registry:
-    image: hlaeja-device-registry:0.4.0
+    image: ghcr.io/swordsteel/hlaeja-device-registry:0.7.0
     container_name: DeviceRegistry
     restart: unless-stopped
     environment:
@@ -22,7 +22,7 @@ services:
       - ./cert/device_private_key.pem:/app/resources/cert/private_key.pem
 
   device-data:
-    image: hlaeja-device-data:0.1.1
+    image: ghcr.io/swordsteel/hlaeja-device-data:0.2.0
     container_name: DeviceData
     restart: unless-stopped
     environment:
@@ -34,7 +34,7 @@ services:
       - 9020:8080
 
   device-configuration:
-    image: hlaeja-device-configuration:0.1.0
+    image: ghcr.io/swordsteel/hlaeja-device-configuration:0.2.0
     container_name: DeviceConfiguration
     restart: unless-stopped
     environment:
@@ -45,7 +45,7 @@ services:
       - 9030:8080
 
   device-api:
-    image: hlaeja-device-api:0.4.0
+    image: ghcr.io/swordsteel/hlaeja-device-api:0.5.0
     container_name: DeviceApi
     restart: unless-stopped
     environment:
@@ -61,7 +61,7 @@ services:
       - ./cert/device_api_keystore.p12:/app/resources/cert/keystore.p12
 
   registry-api:
-    image: hlaeja-registry-api:0.2.0
+    image: ghcr.io/swordsteel/hlaeja-registry-api:0.4.0
     container_name: RegistryApi
     restart: unless-stopped
     environment:
@@ -77,11 +77,14 @@ services:
       - ./cert/account_public_key.pem:/app/resources/cert/public_key.pem
 
   account-registry:
-    image: hlaeja-account-registry:0.1.0
+    image: ghcr.io/swordsteel/hlaeja-account-registry:0.4.0
     container_name: AccountRegistry
     restart: unless-stopped
     environment:
       SPRING_PROFILES_ACTIVE: docker
+      SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: SASL_PLAINTEXT
+      SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: PLAIN
+      SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="password";
     networks:
       - develop
     ports:
@@ -89,3 +92,21 @@ services:
     # mount a local `account_private_key.pem` into the container.
     volumes:
       - ./cert/account_private_key.pem:/app/resources/cert/private_key.pem
+
+  management:
+    image: ghcr.io/swordsteel/hlaeja-management:0.4.0
+    container_name: Management
+    restart: unless-stopped
+    environment:
+      SPRING_PROFILES_ACTIVE: docker
+      SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: SASL_PLAINTEXT
+      SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: PLAIN
+      SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="password";
+    networks:
+      - develop
+    ports:
+      - 9060:8443
+    # mount a local `account_public_key.pem` into the container.
+    volumes:
+      - ./cert/account_public_key.pem:/app/resources/cert/public_key.pem
+      - ./cert/management_keystore.p12:/app/resources/cert/keystore.p12

development-compose.yml

@@ -1,75 +0,0 @@
-name: development
-
-networks:
-  develop:
-    name: develop
-    external: true
-
-volumes:
-  cassandra:
-  influx-config:
-  influx-data:
-  postgres:
-  redis:
-
-services:
-
-  influxdb:
-    image: influxdb:2.7.10-alpine
-    container_name: InfluxDB
-    restart: unless-stopped
-    environment:
-      DOCKER_INFLUXDB_INIT_MODE: setup
-      DOCKER_INFLUXDB_INIT_USERNAME: influx
-      DOCKER_INFLUXDB_INIT_PASSWORD: password
-      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: influxdbToken==
-      DOCKER_INFLUXDB_INIT_ORG: hlaeja_ltd
-      DOCKER_INFLUXDB_INIT_BUCKET: device-data
-    networks:
-      - develop
-    ports:
-      - 8086:8086
-    volumes:
-      - influx-data:/var/lib/influxdb2
-      - influx-config:/etc/influxdb2
-
-  postgres:
-    image: postgres:17.1-alpine
-    container_name: PostgreSQL
-    restart: unless-stopped
-    environment:
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD : password
-    ports:
-      - 5432:5432
-    networks:
-      - develop
-    volumes:
-      - postgres:/var/lib/postgresql/data
-
-  cassandra:
-    image: cassandra:5.0.2
-    container_name: Cassandra
-    restart: unless-stopped
-    environment:
-      CASSANDRA_USER: cassandra
-      CASSANDRA_PASSWORD: password
-    networks:
-      - develop
-    ports:
-      - 9042:9042
-    volumes:
-      - cassandra:/var/lib/cassandra
-
-  redis:
-    image: redis:7.4.1-alpine
-    container_name: Redis
-    restart: unless-stopped
-    environment:
-      REDIS_PASSWORD: password
-    networks:
-      - develop
-    ports:
-      - 6379:6379
-    volumes:
-      - redis:/data

doc/dependency.md

@@ -1,10 +1,43 @@
 # Hlæja dependency
 
+## Build Release Order
+
+*need to make pipeline for this.*
+
+Level 1
+
+- hlaeja-version-catalog
+
+Level 2
+
+- hlaeja-core-plugin
+
+Level 3
+
+- hlaeja-common-plugin
+
+Level 4
+
+- hlaeja-common-messages
+- hlaeja-jwt
+- test-library
+
+Level 5
+
+- hlaeja-account-registry
+- hlaeja-device-registry
+- hlaeja-device-configuration
+- hlaeja-device-data
+- hlaeja-device-api
+- hlaeja-registry-api
+- hlaeja-management
+
 ## Service dependency
 
 ```mermaid
 graph TD
 ;
+
   subgraph BE[Backend Services]
     subgraph HDR[Hlæja Device Registry]
       HDRS[Service] --> HDRD[(Postgres)]
@@ -16,34 +49,41 @@ graph TD
       HDCS[Service] --> HDCD[(Cassandra)]
     end
     subgraph HAR[Hlæja Account Registry]
+      direction LR
       HARS[Service] --> HARD[(Postgres)]
+      HARS[Service] --> HDRK[/KAFKA\]
     end
   end
   subgraph HDA[Hlæja Device API]
-    HDAS[Service] --> HDAD[(Redis)]
+    HDAS[Service] --> HDAR[(Redis)]
   end
   subgraph HRA[Hlæja Registry API]
     HRAS[Service]
   end
   subgraph HM[Hlæja Management]
-    HMS[Service]
+    direction LR
+    HMS[Service] --> HMR[(Redis)]
+    HMK[/KAFKA\] --> HMS[Service]
   end
 
+  HM --> HAR
+  HM --> HDR
+  HM -.-> HDC
+
+  HRA --> HAR
+  HRA --> HDR
+
   HDA --> HDR
   HDA --> HDC
   HDA --> HDD
-  HRA --> HDR
-  HRA --> HAR
-  HM -.-> HDC
-  HM -.-> HDR
-  HM -.-> HAR
 ```
 
-## Library and Gradle plugin dependency
+## Gradle Plugin Dependency
 
 ```mermaid
 graph RL
 ;
+
   CP[Core Plugin]
   subgraph SCP [Common Plugin]
     PL[Plugin Library]
@@ -57,7 +97,10 @@ graph RL
     PSC[Plugin Service Container]
     PSIT[Plugin Service Integration Test]
     PSPR[Plugin Service Process Resource]
+    PUS[Plugin UI Service]
+    PUSTM[Plugin UI Service Thymeleaf Minify]
   end
+
   PLM --> PL
   PLP --> PL
   PCo ---> PL
@@ -69,48 +112,72 @@ graph RL
   PSIT --> PS
   PSPR --> PS
 
-  CML[Common Messages Library]
+  PUSTM --> PUS
-  PL --> CML
+  PS --> PUS
 
-  JWT[JWT Library]
+  CL[Common Library]
-  PL --> JWT
+  PL ---> CL
+
+  CS[Common Service]
+  PCe -.-> CS
+  PS --> CS
+
+  CUS[Common UI Service]
+  PUS --> CUS
+  PCe -.-> CUS
+```
+
+## Library And Gradle Plugin Dependency
+
+```mermaid
+graph RL
+;
+  
+  HGP[Hlaeja Gradle Plugin]
+
+  CML[Common Messages Library]
+  HGP --> CML
+  
+  JL[JWT Library]
+  HGP --> JL
+  
+  TL[Test Library]
+  HGP --> TL
 
   DRS[Device Registry Service]
-  PS --> DRS
+  HGP --> DRS
-  PCe --> DRS
+  TL --> DRS
   CML --> DRS
-  JWT --> DRS
+  JL --> DRS
     
   DDS[Device Data Service]
-  PS --> DDS
+  HGP --> DDS
+  TL -.-> DDS
   CML --> DDS
   
   DCS[Device Configuration Service]
-  PS --> DCS
+  TL -.-> DCS
+  HGP --> DCS
   CML --> DCS
   
+  AS[Account Registry Service]
+  TL --> AS
+  HGP --> AS
+  CML --> AS
+  JL --> AS
+  
   DAS[Device API Service]
   CML --> DAS
-  JWT --> DAS
+  JL --> DAS
-  PS --> DAS
+  HGP --> DAS
-  PCe --> DAS
   
   RAS[Registry API Service]
   CML --> RAS
-  JWT --> RAS
+  JL --> RAS
-  PS --> RAS
+  HGP --> RAS
-  PCe --> RAS
-
-  AS[Account Service]
-  CML --> AS
-  JWT --> AS
-  PS --> AS
-  PCe --> AS
   
   MUS[Management UI Service]
-  CML -.-> MUS
+  CML --> MUS
-  JWT -.-> MUS
+  JL --> MUS
-  PS -.-> MUS
+  HGP --> MUS
-  PCe -.-> MUS
-  
 ```

doc/docker_hlaeja.md

@@ -77,7 +77,6 @@ volumes:
   - ./cert/registry_api_keystore.p12:/app/resources/cert/keystore.p12
 ```
 
-
 ## Account Registry
 
 ### Environment
@@ -98,3 +97,20 @@ Mount a local private key into the container. Read [`rsa_key.md`](./rsa_key.md)
 volumes:
   - ./cert/account_private_key.pem:/app/resources/cert/private_key.pem
 ```
+
+## Management
+
+### Environment
+
+```text
+SPRING_PROFILES_ACTIVE: docker
+```
+
+### Volume
+
+Mount a local public key into the container. Read [rsa_key.md](./rsa_key.md) for how to generate.
+
+```text
+volumes:
+  - ./cert/account_public_key.pem:/app/resources/cert/public_key.pem
+```

doc/k8s-docker-registry.md

@@ -0,0 +1,37 @@
+# K8s Docker Registry Configuration
+
+**How to make JSON Configuration**
+
+```json=
+{
+  "auths": {
+    "<your-registry>": {
+      "username": "<your-username>",
+      "password": "<your-password>",
+      "email": "<your-email@example.com>",
+      "auth": "<base64-of-your-username:your-password>"
+    }
+  }
+}
+```
+
+**Replace Values**
+
+- **Replace** <your-registry>: Use the hostname of your Gitea instance (e.g., registry.example.com).
+- **Replace** <your-username>: Use your Gitea username (e.g., user1).
+- **Replace** <your-password>: Use your Gitea personal access token generated with read:package scope (e.g., abc123).
+- **Replace** <your-email>: Use your email address (e.g., user1@example.com).
+
+**Linux Command**
+
+```bash
+echo -n 'your-username:your-password' | base64 -w 0
+```
+
+witch gives `eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk` then we use it in the `auth`
+
+```bash
+echo -n '{"auths":{"<your-registry>":{"username":"your-username","password":"your-password","email":"your-email","auth":"eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk"}}}' | base64 -w 0
+```
+
+witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=`

doc/k8s-testing.md

@@ -0,0 +1,583 @@
+# Hlæja K8s
+
+## Table of Contents
+
+<!-- TOC -->
+* [Hlæja K8s](#hlæja-k8s)
+  * [Table of Contents](#table-of-contents)
+  * [Initialize](#initialize)
+    * [Namespace](#namespace)
+    * [Registry Secret](#registry-secret)
+    * [JSON Web Token (JWT)](#json-web-token-jwt)
+    * [Keystore](#keystore)
+  * [Databases](#databases)
+    * [Postgres](#postgres)
+      * [Secret](#secret)
+      * [Config Map](#config-map)
+      * [Stateful Set](#stateful-set)
+      * [Service](#service)
+    * [Cassandra](#cassandra)
+      * [Stateful Set](#stateful-set-1)
+      * [Service](#service-1)
+    * [InfluxDb](#influxdb)
+      * [Secret](#secret-1)
+      * [Config Map](#config-map-1)
+      * [Stateful Set](#stateful-set-2)
+      * [Service](#service-2)
+    * [Redis](#redis)
+      * [Stateful Set](#stateful-set-3)
+      * [Service](#service-3)
+  * [Hlæja](#hlæja)
+    * [Account Register](#account-register)
+      * [Secret](#secret-2)
+      * [Config Map](#config-map-2)
+      * [Deployment](#deployment)
+      * [Service](#service-4)
+    * [Device Register](#device-register)
+      * [Secret](#secret-3)
+      * [Config Map](#config-map-3)
+      * [Deployment](#deployment-1)
+      * [Service](#service-5)
+    * [Device Configuration](#device-configuration)
+      * [Secret](#secret-4)
+      * [Config Map](#config-map-4)
+      * [Deployment](#deployment-2)
+      * [Service](#service-6)
+    * [Device Data](#device-data)
+      * [Secret](#secret-5)
+      * [Config Map](#config-map-5)
+      * [Deployment](#deployment-3)
+      * [Service](#service-7)
+    * [Device API](#device-api)
+      * [Config Map](#config-map-6)
+      * [Deployment](#deployment-4)
+      * [Service](#service-8)
+    * [Registry API](#registry-api)
+      * [Config Map](#config-map-7)
+      * [Deployment](#deployment-5)
+      * [Service](#service-9)
+<!-- TOC -->
+
+----
+
+## Initialize
+
+### Namespace
+
+Create the Namespace for the environment.
+
+```bash
+kubectl apply -f .\kube\01-initialize\01-namespace.yaml
+```
+
+---
+
+### Registry Secret
+
+Create [Docker Registry Configuration](./k8s-docker-registry.md) secret.
+
+```bash
+kubectl apply -f .\kube\01-initialize\02-registry-secret.yaml
+```
+
+---
+
+### JSON Web Token (JWT)
+
+For JWT we are using public and private keys, read more about [RSA keys](./rsa_key.md).
+
+Account private key for account service to make access token.
+
+```bash
+kubectl apply -f .\kube\01-initialize\03-account-jwt-private-key-secret.yaml
+```
+
+Account public key for all services identifying users
+
+```bash
+kubectl apply -f .\kube\01-initialize\04-account-jwt-public-key-secret.yaml
+```
+
+Device private key for device service to make device token.
+
+```bash
+kubectl apply -f .\kube\01-initialize\05-device-jwt-private-key-secret.yaml
+```
+
+Device public key for all services identifying devices
+
+```bash
+kubectl apply -f .\kube\01-initialize\06-device-jwt-public-key-secret.yaml
+```
+
+---
+
+### Keystore
+
+Keystore with password read more about [Keystore.p12](./keystore.md).
+
+check cert:
+
+```
+keytool -list -v -storetype PKCS12 -keystore keystore.p12 -storepass <password>
+```
+
+option:
+
+```
+kubectl create secret generic <name> \
+  --from-file=keystore.p12=<keystore.p12> \
+  --from-literal=keystore-password=<your-keystore-password> \
+  -n <namespace>
+```
+
+Device API Keystore
+```bash
+kubectl apply -f .\kube\01-initialize\07-device-api-keystore.yaml
+```
+
+Registry API Keystore
+```bash
+kubectl apply -f .\kube\01-initialize\08-register-api-keystore.yaml
+```
+
+---
+
+## Databases
+
+### Postgres
+
+Remember that you don't run replicas but many instances with its own storage and service.
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\01-secret.yaml
+```
+
+Set values:
+
+- postgres root password
+
+using something a bit more secure `SCRAM-SHA-256$4096:f/IWlCTGdMT9qOjQlPbWtA==$qePy5ArW+7ykg3yHqW7qYH0j2384OIoV2IcBcz0mIRM=:KuU1xgnAVtOVpCZhdUJlI8F7Viz0ApmYxYEo5yXNCW0=` in this case we use `password`, to make this... use postgres to make a user and password, copy this value and now will use as admin password.
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\02-configmap.yaml
+```
+
+Set values:
+
+- postgres root user
+
+#### Stateful Set
+
+This is the specifications for postgres.
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\03-statefulset.yaml
+```
+
+Set storage size for permanent storage
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\04-service.yaml
+```
+
+---
+
+### Cassandra
+
+For now... run basic cassandra, we need to add authentication later.
+
+to get a clean cassandra configuration:
+
+```bash
+docker run --rm cassandra:5.0 cat /etc/cassandra/cassandra.yaml > cassandra-default.yaml
+```
+
+modify `authenticator` and `authorizer` and som how get that change inside... local file get to big 262144 bytes limitation.
+
+some help things for later
+
+```bashe
+kubectl exec -it -n hlaeja cassandra-0 -- bash
+```
+
+run one of this
+
+```bash
+nodetool status
+```
+
+or
+
+```bash
+cqlsh
+SELECT data_center FROM system.local;
+```
+
+#### Stateful Set
+
+This is the specifications for cassandra.
+
+```bash
+kubectl apply -f .\kube\02-databases\02-cassandra\01-statefulset.yaml
+```
+
+Set storage size for permanent storage
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\02-cassandra\02-service.yaml
+```
+
+---
+
+### InfluxDb
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\02-databases\03-influxdb\01-secret.yaml
+```
+
+Set values:
+
+- influx root password
+- influx token
+
+using something a bit more secure `SCRAM-SHA-256$4096:f/IWlCTGdMT9qOjQlPbWtA==$qePy5ArW+7ykg3yHqW7qYH0j2384OIoV2IcBcz0mIRM=:KuU1xgnAVtOVpCZhdUJlI8F7Viz0ApmYxYEo5yXNCW0=` in this case we use `password`, to make this... use postgres to make a user and password, copy this value and now will use as admin password.
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\02-databases\03-influxdb\02-configmap.yaml
+```
+
+Set values:
+
+- influx root username
+- influx mode
+- influx organisation
+- influx bucket
+
+#### Stateful Set
+
+This is the specifications for influxdb.
+
+```bash
+kubectl apply -f .\kube\02-databases\03-infulxdb\03-statefulset.yaml
+```
+
+Set storage size for permanent storage
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\03-infulxdb\04-service.yaml
+```
+
+---
+
+### Redis
+
+For now... run basic redis, we need to add authentication, replication later? need to think mor about this later.
+
+#### Stateful Set
+
+This is the specifications for redis.
+
+```bash
+kubectl apply -f  .\kube\02-databases\04-redis\01-statefulset.yaml
+```
+
+Set storage size for permanent storage.
+
+did add storage for restarts and some limits.
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\04-redis\02-service.yaml
+```
+
+---
+
+## Hlæja
+
+To access service use `kubectl exec -it <pod-name> -n hlaeja -- /bin/sh`
+
+To tail a service log use `kubectl logs -f <pod-name> -n hlaeja`
+
+### Account Register
+
+This is only a ***concept*** and exist for testing rest of system. this need to be ***rewritten***.
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\01-secret.yaml
+```
+
+Set values:
+
+- postgres password
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- postgres username
+- postgres url
+- account private jwt file location
+
+#### Deployment
+
+Account Registry Service, using `account-jwt-private-key`
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\04-service.yaml
+```
+
+---
+
+### Device Register
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\01-secret.yaml
+```
+
+Set values:
+
+- postgres password
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- postgres username
+- postgres url
+- device private jwt file location
+
+#### Deployment
+
+Account Registry Service, using `account-jwt-private-key`
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\04-service.yaml
+```
+
+---
+
+### Device Configuration
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\01-secret.yaml
+```
+
+Set values:
+
+- cassandra password (db have not turned this on yet)
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- cassandra username (db have not turned this on yet)
+- cassandra contact points
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\04-service.yaml
+```
+
+---
+
+### Device Data
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\01-secret.yaml
+```
+
+Set values:
+
+- influxdb token
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- influxdb url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\04-service.yaml
+```
+
+---
+
+### Device API
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- spring data redis database
+- spring data redis host
+- device configuration url
+- device data url
+- device register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\03-service.yaml
+```
+
+---
+
+### Registry API
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- device register url
+- registry register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\03-service.yaml
+```
+
+---
+
+# Management
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- spring data redis database
+- spring data redis host
+- device register url
+- registry register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\03-service.yaml
+```

doc/kafka.md

@@ -0,0 +1,49 @@
+# Kafka
+
+## Creat topic 
+
+### Create Client Properties
+
+Run this inside the container.
+
+```shell
+cat <<EOF > /tmp/client.properties
+security.protocol=SASL_PLAINTEXT
+sasl.mechanism=PLAIN
+sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
+username="<CLIENT_USERNAME>" \
+password="<CLIENT_PASSWORD>";
+EOF
+```
+
+### Create Topic
+
+Create custom topic, set `topic` name to be used and `retention.ms` time to live in millisecond
+
+```shell
+kafka-topics.sh \
+--create \
+--bootstrap-server localhost:9092 \
+--topic <TOPIC> \
+--partitions 1 \
+--replication-factor 1 \
+--config retention.ms=<TTL MS> \
+--command-config /tmp/client.properties
+```
+
+### List Topic
+
+Get a list of all topics
+
+```shell
+kafka-topics.sh \
+--bootstrap-server localhost:9092 \
+--command-config /tmp/client.properties \
+--list
+```
+
+### Access Kafka in K8s
+
+```shell
+kubectl -n hlaeja-testing exec -it dependency-kafka-controller-0 -- /bin/bash
+```

helm/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/README.md

@@ -0,0 +1,49 @@
+# Hlæja Helm
+
+Copy `helmfile.yaml-dev` to `helmfile.yaml` and start to add your environment.
+
+## Set up helm environment
+
+how to set up [Enviorment](./values/README.md)
+
+## Command using kubectl and helmfile
+
+> ⚠️**Warning:** always use `--selector namespace=<releasesEnviorment>` when running `helmfile` or **risk** lose it all!!! ⚠️
+
+> **Info:** limit even more by using `--selector namespace=<releasesEnviorment>,name=<releasesName>`
+
+**Info:** Create everything for a name space
+
+```shell
+helmfile --selector namespace=testing apply
+```
+
+⚠️**Warning:** Destroy everything for a name space
+
+```shell
+helmfile --selector namespace=testing destroy
+```
+
+**Info:** Create initialize for a name space
+
+```shell
+helmfile --selector namespace=testing,name=initialize apply
+```
+
+⚠️**Warning:** Destroy initialize for a name space
+
+```shell
+helmfile --selector namespace=testing,name=initialize destroy
+```
+
+**Info:** Get status
+
+```shell
+kubectl get secret,cm,pvc,pod,svc -n testing
+```
+
+⚠️**Warning:** Delete everything!
+
+```shell
+kubectl delete ns testing
+```

helm/charts/01-secrets/Chart.yaml

@@ -0,0 +1,5 @@
+# Chart.yaml
+apiVersion: v2
+name: hlaeja-secret
+description: A Helm chart for the hlaeja docker register, jwt, and keystore
+version: 0.1.0

helm/charts/01-secrets/templates/01-docker-registry.yaml

@@ -0,0 +1,13 @@
+{{- range .Values.secrets.dockerRegistry }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    environment: {{ $.Values.environment }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ .dockerRegistryConfigJson | quote }}
+---
+{{- end }}

helm/charts/01-secrets/templates/02-json-web-token.yaml

@@ -0,0 +1,15 @@
+{{- range .Values.secrets.jwt }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: {{ .app }}
+    environment: {{ $.Values.environment }}
+    tier: {{ .tier }}
+type: Opaque
+data:
+  {{ .jwtFilename }}: {{ .jwtFile | quote }}
+---
+{{- end }}

helm/charts/01-secrets/templates/03-keystore.yaml

@@ -0,0 +1,16 @@
+{{- range .Values.secrets.keystore }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: {{ .app }}
+    environment: {{ $.Values.environment }}
+    tier: {{ .tier }}
+type: Opaque
+data:
+  keystore.p12: {{ .keystoreFile | quote }}
+  keystore-password: {{ .keystorePassword | b64enc | quote }}
+---
+{{- end }}

helm/charts/01-secrets/values.yaml

@@ -0,0 +1,50 @@
+environment: testing
+
+secrets:
+
+  # Look at /doc/k8s-docker-registry.md to make these values
+  dockerRegistry:
+#    - name: dockerRegistry
+#      dockerRegistryConfigJson: DockerRegistryBase64==
+
+  # Look at /doc/rsa_key.md to make these values (we use rsa so and need a public and privet key)
+  jwt:
+#    - name: account-jwt-private-key
+#      app: account-register
+#      tier: backend
+#      jwtFilename: private_key.pem
+#      jwtFile: AccountJwtPrivateKeyFileBase64==
+#    - name: account-jwt-public-key
+#      app: account-register
+#      tier: frontend
+#      jwtFilename: private_key.pem
+#      jwtFile: AccountJwtPublicKeyFileBase64==
+#    - name: device-jwt-private-key
+#      app: device-register
+#      tier: backend
+#      jwtFilename: private_key.pem
+#      jwtFile: DeviceJwtPrivateKeyFileBase64==
+#    - name: device-jwt-public-key
+#      app: device-register
+#      tier: frontend
+#      jwtFilename: private_key.pem
+#      jwtFile: DeviceJwtPublicKeyFileBase64==
+
+  # Look at /doc/keystore.md to make these values
+  keystore:
+#    - name: device-api-keystore
+#      app: device-api
+#      tier: frontend
+#      keystorePassword: ServiceKeystorePassword
+#      keystoreFile: ServiceKeystoreFileBase64==
+#    - name: registry-api-keystore
+#      app: registry-api
+#      tier: frontend
+#      keystorePassword: ServiceKeystorePassword
+#      keystoreFile: ServiceKeystoreFileBase64==
+#    - name: management-keystore
+#      app: management
+#      tier: frontend
+#      keystorePassword: ServiceKeystorePassword
+#      keystoreFile: ServiceKeystoreFileBase64==
+

helm/charts/02-dependency/Chart.yaml

@@ -0,0 +1,31 @@
+apiVersion: v2
+name: hlaeja-dependency
+description: A Helm chart for the hlaeja dependency chart wrapper
+version: 0.1.0
+
+dependencies:
+
+  # https://artifacthub.io/packages/helm/bitnami/postgresql
+  - name: postgresql
+    version: 16.7.21
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/cassandra
+  - name: cassandra
+    version: 12.3.9
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/influxdb
+  - name: influxdb
+    version: 6.6.16
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/redis
+  - name: redis
+    version: 21.2.13
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/kafka
+  - name: kafka
+    version: 32.4.2
+    repository: "oci://registry-1.docker.io/bitnamicharts"

helm/charts/02-dependency/values.yaml

@@ -0,0 +1,85 @@
+postgresql:
+  auth:
+    postgresPassword: mySecretPassword
+  primary:
+    persistence:
+      size: 10Gi
+    resources:
+      requests:
+        memory: 512Mi
+        cpu: 250m
+#    service:
+#      type: LoadBalancer
+#      loadBalancerIP: 10.0.3.31
+
+cassandra:
+  cluster:
+    name: hlaeja-cassandra
+  dbUser:
+    password: mySecretPassword
+  persistence:
+    enabled: true
+    size: 10Gi
+  resources:
+    requests:
+      cpu: 250m
+      memory: 512Mi
+#  service:
+#    type: LoadBalancer
+#    loadBalancerIP: 10.0.3.32
+
+influxdb:
+  auth:
+    admin:
+      username: influxdb
+      password: mySecretPassword
+      token: influxdbAdminToken==
+    user:
+      username: service
+      password: mySecretPassword
+      token: influxdbServiceToken==
+      org: hlaeja
+      bucket: device-data
+  persistence:
+    enabled: true
+    size: 10Gi
+  resources:
+    requests:
+      memory: 512Mi
+      cpu: 250m
+  influxdb:
+    service:
+      extraPorts:
+        - name: http-alt
+          port: 80
+          targetPort: 8086
+          protocol: TCP
+#      type: LoadBalancer
+#      loadBalancerIP: 10.0.3.33
+
+redis:
+  architecture: standalone
+  auth:
+    enabled: true
+    password: mySecretPassword
+  resources:
+    requests:
+      cpu: 250m
+      memory: 256Mi
+  master:
+    persistence:
+      enabled: true
+      size: 1Gi
+#    service:
+#      type: LoadBalancer
+#      loadBalancerIP: 10.0.3.34
+
+kafka:
+#  clusterId: 00000000-0000-0000-0000-000000000000
+  sasl:
+    enabledMechanisms: PLAIN
+    client:
+#      users:
+#        - username
+#      passwords:
+#        - password

helm/charts/03-account-registry/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-account-registry
+description: A Helm chart for the hlaeja account registry
+version: 0.1.0

helm/charts/03-account-registry/templates/01-secret.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-register-environment
+  labels:
+    app: account-register
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  SPRING_R2DBC_PASSWORD: {{ .Values.secrets.r2dbcPassword | b64enc | quote }}
+  SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: {{ .Values.secrets.kafkaPlainLoginModule | b64enc | quote }}

helm/charts/03-account-registry/templates/02-configmap.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: account-register-environment
+  labels:
+    app: account-register
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_R2DBC_URL: {{ .Values.config.r2dbcUrl | quote }}
+  SPRING_R2DBC_USERNAME: {{ .Values.config.r2dbcUsername | quote }}
+  JWT_PRIVATE_KEY: "cert/{{ .Values.jwtPrivetKey.filename }}"
+  SPRING_KAFKA_BOOTSTRAP_SERVERS: "dependency-kafka:9092"
+  SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: "SASL_PLAINTEXT"
+  SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: "PLAIN"

helm/charts/03-account-registry/templates/03-deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: account-register
+  labels:
+    app: account-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: account-register
+  template:
+    metadata:
+      labels:
+        app: account-register
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: account-register-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: account-register-environment
+            - secretRef:
+                name: account-register-environment
+          volumeMounts:
+            - name: jwt-key-volume
+              mountPath: /app/resources/cert
+              readOnly: true
+          ports:
+            - containerPort: 8080
+      volumes:
+        - name: jwt-key-volume
+          secret:
+            secretName: {{ .Values.jwtPrivetKey.name }}
+            items:
+              - key: {{ .Values.jwtPrivetKey.filename }}
+                path: {{ .Values.jwtPrivetKey.filename }}

helm/charts/03-account-registry/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: account-register
+  labels:
+    app: account-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: account-register
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/03-account-registry/values.yaml

@@ -0,0 +1,20 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.21
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-account-registry:0.1.0
+
+secrets:
+  r2dbcPassword: "password"
+  kafkaPlainLoginModule: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"clientUsername\" password=\"clientPassword\";"
+
+config:
+  profiles: testing
+  r2dbcUrl: r2dbc:postgresql://dependency-postgresql:5432/account_registry
+  r2dbcUsername: services
+
+jwtPrivetKey:
+  name: account-jwt-private-key
+  filename: private_key.pem

helm/charts/04-device-registry/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-register
+description: A Helm chart for the hlaeja device registry
+version: 0.1.0

helm/charts/04-device-registry/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-register-environment
+  labels:
+    app: device-register
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  SPRING_R2DBC_PASSWORD: {{ .Values.secrets.r2dbcPassword | b64enc | quote }}

helm/charts/04-device-registry/templates/02-configmap.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-register-environment
+  labels:
+    app: device-register
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_R2DBC_URL: {{ .Values.config.r2dbcUrl | quote }}
+  SPRING_R2DBC_USERNAME: {{ .Values.config.r2dbcUsername | quote }}
+  JWT_PRIVATE_KEY: "cert/{{ .Values.jwtPrivetKey.filename }}"

helm/charts/04-device-registry/templates/03-deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-register
+  labels:
+    app: device-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-register
+  template:
+    metadata:
+      labels:
+        app: device-register
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-register-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-register-environment
+            - secretRef:
+                name: device-register-environment
+          volumeMounts:
+            - name: jwt-key-volume
+              mountPath: /app/resources/cert
+              readOnly: true
+          ports:
+            - containerPort: 8080
+      volumes:
+        - name: jwt-key-volume
+          secret:
+            secretName: {{ .Values.jwtPrivetKey.name }}
+            items:
+              - key: {{ .Values.jwtPrivetKey.filename }}
+                path: {{ .Values.jwtPrivetKey.filename }}

helm/charts/04-device-registry/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-register
+  labels:
+    app: device-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-register
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/04-device-registry/values.yaml

@@ -0,0 +1,19 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.22
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-registry:0.1.0
+
+secrets:
+  r2dbcPassword: "password"
+
+config:
+  profiles: testing
+  r2dbcUrl: r2dbc:postgresql://dependency-postgresql:5432/device_registry
+  r2dbcUsername: services
+
+jwtPrivetKey:
+  name: device-jwt-private-key
+  filename: private_key.pem

helm/charts/05-device-configuration/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-configuration
+description: A Helm chart for the hlaeja device configuration
+version: 0.1.0

helm/charts/05-device-configuration/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-configuration-environment
+  labels:
+    app: device-configuration
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  SPRING_CASSANDRA_PASSWORD: {{ .Values.secrets.cassandraPassword | b64enc | quote }}

helm/charts/05-device-configuration/templates/02-configmap.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-configuration-environment
+  labels:
+    app: device-configuration
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_CASSANDRA_CONTACT_POINTS: {{ .Values.config.cassandraContactPoints | quote }}
+  SPRING_CASSANDRA_USERNAME: {{ .Values.config.cassandraUsername | quote }}

helm/charts/05-device-configuration/templates/03-deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-configuration
+  labels:
+    app: device-configuration
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-configuration
+  template:
+    metadata:
+      labels:
+        app: device-configuration
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-configuration-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-configuration-environment
+            - secretRef:
+                name: device-configuration-environment
+          ports:
+            - containerPort: 8080

helm/charts/05-device-configuration/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-configuration
+  labels:
+    app: device-configuration
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-configuration
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/05-device-configuration/values.yaml

@@ -0,0 +1,15 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.23
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-configuration:0.1.0
+
+secrets:
+  cassandraPassword: "password"
+
+config:
+  profiles: testing
+  cassandraContactPoints: dependency-cassandra
+  cassandraUsername: service

helm/charts/06-device-data/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-data
+description: A Helm chart for the hlaeja device data
+version: 0.1.0

helm/charts/06-device-data/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-data-environment
+  labels:
+    app: device-data
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  INFLUXDB_TOKEN: {{ .Values.secrets.influxdbToken | b64enc | quote }}

helm/charts/06-device-data/templates/02-configmap.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-data-environment
+  labels:
+    app: device-data
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  INFLUXDB_URL: {{ .Values.config.influxdbUrl | quote }}
+  {{- if and .Values.config.influxdbBucket (ne .Values.config.influxdbBucket "") }}
+  INFLUXDB_BUCKET: {{ .Values.config.influxdbBucket | quote }}
+  {{- end }}
+  {{- if and .Values.config.influxdbOrg (ne .Values.config.influxdbOrg "") }}
+  INFLUXDB_ORG: {{ .Values.config.influxdbOrg | quote }}
+  {{- end }}

helm/charts/06-device-data/templates/03-deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-data
+  labels:
+    app: device-data
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-data
+  template:
+    metadata:
+      labels:
+        app: device-data
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-data-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-data-environment
+            - secretRef:
+                name: device-data-environment
+          ports:
+            - containerPort: 8080

helm/charts/06-device-data/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-data
+  labels:
+    app: device-data
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-data
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/06-device-data/values.yaml

@@ -0,0 +1,16 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.24
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-data:0.1.0
+
+secrets:
+  influxdbToken: influxdbToken==
+
+config:
+  profiles: testing
+  influxdbUrl: http://dependency-influxdb
+#  influxdbOrg: hlaeja
+#  influxdbBucket: hlaeja_ltd

helm/charts/07-device-api/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-api
+description: A Helm chart for the hlaeja device api
+version: 0.1.0

helm/charts/07-device-api/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-api-environment
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+type: Opaque
+data:
+  SPRING_DATA_REDIS_PASSWORD: {{ .Values.secrets.redisPassword | b64enc | quote }}

helm/charts/07-device-api/templates/02-configmap.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-api-environment
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_DATA_REDIS_DATABASE: {{ .Values.config.redis.database | quote }}
+  SPRING_DATA_REDIS_HOST: {{ .Values.config.redis.host | quote }}
+  DEVICE_CONFIGURATION_URL: {{ .Values.config.deviceConfigurationUrl | quote }}
+  DEVICE_DATA_URL: {{ .Values.config.deviceDataUrl | quote }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}
+
+  # all of this should be preset in application.yaml
+  SERVER_PORT: "8443"
+  SERVER_SSL_ENABLED: "true"
+  SERVER_SSL_KEY_STORE: "/app/resources/cert/keystore.p12"
+  SERVER_SSL_KEY_STORE_TYPE: "PKCS12"

helm/charts/07-device-api/templates/03-deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-api
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-api
+  template:
+    metadata:
+      labels:
+        app: device-api
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-api-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-api-environment
+            - secretRef:
+                name: device-api-environment
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.keystoreRef }}
+                  key: keystore-password
+          ports:
+            - containerPort: 8443
+          volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
+            - name: jwt-volume
+              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
+              subPath: {{ .Values.jwtPublicKey.filename }}
+              readOnly: true
+      volumes:
+        - name: keystore-volume
+          secret:
+            secretName: {{ .Values.keystoreRef }}
+            items:
+              - key: keystore.p12
+                path: keystore.p12
+        - name: jwt-volume
+          secret:
+            secretName: {{ .Values.jwtPublicKey.name }}
+            items:
+              - key: {{ .Values.jwtPublicKey.filename }}
+                path: {{ .Values.jwtPublicKey.filename }}

helm/charts/07-device-api/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-api
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-api
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 8443

helm/charts/07-device-api/values.yaml

@@ -0,0 +1,26 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.12
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-api:0.1.0
+
+secrets:
+  redisPassword: redisPassword
+
+config:
+  profiles: testing
+  redis:
+    database: 1
+    host: dependency-redis-master
+  deviceConfigurationUrl: http://device-configuration
+  deviceDataUrl: http://device-data
+  deviceRegistryUrl: http://device-register
+
+jwtPublicKey:
+  name: device-jwt-public-key
+  filename: public_key.pem
+
+
+keystoreRef: device-api-keystore

helm/charts/08-registry-api/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-registry-api
+description: A Helm chart for the hlaeja registry api
+version: 0.1.0

helm/charts/08-registry-api/templates/01-configmap.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: registry-api-environment
+  labels:
+    app: registry-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl | quote }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}
+
+  # all of this should be preset in application.yaml
+  SERVER_PORT: "8443"
+  SERVER_SSL_ENABLED: "true"
+  SERVER_SSL_KEY_STORE: "/app/resources/cert/keystore.p12"
+  SERVER_SSL_KEY_STORE_TYPE: "PKCS12"

helm/charts/08-registry-api/templates/02-deployment.yaml

@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: registry-api
+  labels:
+    app: registry-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: registry-api
+  template:
+    metadata:
+      labels:
+        app: registry-api
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: registry-api-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: registry-api-environment
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.keystoreRef }}
+                  key: keystore-password
+          ports:
+            - containerPort: 8443
+          volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
+            - name: jwt-volume
+              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
+              subPath: {{ .Values.jwtPublicKey.filename }}
+              readOnly: true
+      volumes:
+        - name: keystore-volume
+          secret:
+            secretName: {{ .Values.keystoreRef }}
+            items:
+              - key: keystore.p12
+                path: keystore.p12
+        - name: jwt-volume
+          secret:
+            secretName: {{ .Values.jwtPublicKey.name }}
+            items:
+              - key: {{ .Values.jwtPublicKey.filename }}
+                path: {{ .Values.jwtPublicKey.filename }}

helm/charts/08-registry-api/templates/03-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry-api
+  labels:
+    app: registry-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: registry-api
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 8443

helm/charts/08-registry-api/values.yaml

@@ -0,0 +1,18 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.13
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-registry-api:0.1.0
+
+config:
+  profiles: testing
+  accountRegistryUrl: http://account-register
+  deviceRegistryUrl: http://device-register
+
+jwtPublicKey:
+  name: account-jwt-public-key
+  filename: public_key.pem
+
+keystoreRef: registry-api-keystore

helm/charts/09-management/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-management
+description: A Helm chart for the hlaeja management
+version: 0.1.0

helm/charts/09-management/templates/01-secret.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: management-environment
+  labels:
+    app: management
+    environment:  {{ .Values.environment }}
+    tier: frontend
+type: Opaque
+data:
+  SPRING_DATA_REDIS_PASSWORD: {{ .Values.secrets.redisPassword | b64enc | quote }}
+  SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: {{ .Values.secrets.kafkaPlainLoginModule | b64enc | quote }}

helm/charts/09-management/templates/02-configmap.yaml

@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: management-environment
+  labels:
+    app: management
+    environment: {{ .Values.environment }}
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  {{- if and .Values.config.timeout (ne .Values.config.timeout "") }}
+  SPRING_SESSION_TIMEOUT: {{ .Values.config.timeout | quote }}
+  {{- end }}
+
+  {{- if and .Values.config.redis }}
+  {{- if and .Values.config.redis.database (ne .Values.config.redis.database "") }}
+  SPRING_DATA_REDIS_DATABASE: {{ .Values.config.redis.database | quote }}
+  {{- end }}
+  {{- if and .Values.config.redis.host (ne .Values.config.redis.host "") }}
+  SPRING_DATA_REDIS_HOST: {{ .Values.config.redis.host | quote }}
+  {{- end }}
+  {{- end }}
+
+  {{- if and .Values.config.error }}
+  {{- if and .Values.config.error.exception (ne .Values.config.error.exception "") }}
+  SERVER_ERROR_INCLUDE_EXCEPTION: {{ .Values.config.error.exception | quote }}
+  {{- end }}
+  {{- if and .Values.config.error.message (ne .Values.config.error.message "") }}
+  SERVER_ERROR_INCLUDE_MESSAGE: {{ .Values.config.error.message | quote }}
+  {{- end }}
+  {{- if and .Values.config.error.stacktrace (ne .Values.config.error.stacktrace "") }}
+  SERVER_ERROR_INCLUDE_STACKTRACE: {{ .Values.config.error.stacktrace | quote }}
+  {{- end }}
+  {{- end }}
+
+  {{- if and .Values.config.accountRegistryUrl (ne .Values.config.accountRegistryUrl "") }}
+  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl }}
+  {{- end }}
+  {{- if and .Values.config.deviceRegistryUrl (ne .Values.config.deviceRegistryUrl "") }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl }}
+  {{- end }}
+  SPRING_KAFKA_BOOTSTRAP_SERVERS: "dependency-kafka:9092"
+  SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: "SASL_PLAINTEXT"
+  SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: "PLAIN"

helm/charts/09-management/templates/03-deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: management
+  labels:
+    app: management
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: management
+  template:
+    metadata:
+      labels:
+        app: management
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: management-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: management-environment
+            - secretRef:
+                name: management-environment
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.keystoreRef }}
+                  key: keystore-password
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
+            - name: jwt-volume
+              mountPath: /app/resources/cert/public_key.pem
+              subPath: public_key.pem
+              readOnly: true
+      volumes:
+        - name: keystore-volume
+          secret:
+            secretName: {{ .Values.keystoreRef }}
+            items:
+              - key: keystore.p12
+                path: keystore.p12
+        - name: jwt-volume
+          secret:
+            secretName: {{ .Values.jwtPublicKey.name }}
+            items:
+              - key: {{ .Values.jwtPublicKey.key }}
+                path: public_key.pem

helm/charts/09-management/templates/03-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: management
+  labels:
+    app: management
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: management
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 8443

helm/charts/09-management/values.yaml

@@ -0,0 +1,31 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.11
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-management:0.1.0
+
+secrets:
+  redisPassword: redisPassword
+  kafkaPlainLoginModule: "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"clientUsername\" password=\"clientPassword\";"
+
+config:
+  profiles: kubernetes
+#  error:
+#    exception: true
+#    message: always
+#    stacktrace: always
+#  timeout: 60m
+#  redis:
+#    database:
+#    port: 6379
+#    host: dependency-redis-master
+#  accountRegistryUrl: http://account-register
+#  deviceRegistryUrl: http://device-register
+
+jwtPublicKey:
+  name: account-jwt-public-key
+  key: public_key.pem
+
+keystoreRef: management-keystore

helm/helmfile.yaml-dev

@@ -0,0 +1,54 @@
+releases:
+  - name: secrets
+    namespace: hlaeja-testing
+    chart: ./charts/01-secrets
+    values: []
+    historyMax: 3
+
+  - name: dependency
+    namespace: hlaeja-testing
+    chart: ./charts/02-dependency
+    values: []
+    historyMax: 3
+
+  - name: account-register
+    namespace: hlaeja-testing
+    chart: ./charts/03-account-registry
+    values: []
+    historyMax: 3
+
+  - name: device-registry
+    namespace: hlaeja-testing
+    chart: ./charts/04-device-registry
+    values: []
+    historyMax: 3
+
+  - name: device-configuration
+    namespace: hlaeja-testing
+    chart: ./charts/05-device-configuration
+    values: []
+    historyMax: 3
+
+  - name: device-data
+    namespace: hlaeja-testing
+    chart: ./charts/06-device-data
+    values: []
+    historyMax: 3
+
+  - name: device-api
+    namespace: hlaeja-testing
+    chart: ./charts/07-device-api
+    values: []
+    historyMax: 3
+
+  - name: registry-api
+    namespace: hlaeja-testing
+    chart: ./charts/08-registry-api
+    values: []
+    historyMax: 3
+
+  - name: management
+    namespace: hlaeja-testing
+    chart: ./charts/09-management
+    values: []
+    historyMax: 3

helm/values/README.md

@@ -0,0 +1,39 @@
+# Hlæja Helm Environment
+
+To make the environment copy `values.yaml` file from `charts/<name>` to `values/<releasesEnviorment>` then change the values you need. or make the file and add the value you like to overwrite.
+
+```
+helm/
+├── helmfile.yaml
+├── values/
+│   ├── <releasesEnviorment>/
+│   │   ├── <name>.yaml
+|   │   └── ...
+│   └── ...
+└── charts/
+    ├── <name>/
+    │   ├── Chart.yaml
+    │   ├── values.yaml
+    │   └── templates/
+    │       └── <template>.yaml
+    └── ...
+```
+
+Then we need to update `helmfile.yaml` one for each environment.
+
+```
+releases:
+  - name: <releasesName>
+    namespace: <releasesEnviorment>
+    chart: ./charts/<name>
+    values: []
+
+  - name: <releasesName>
+    namespace: <releasesEnviorment>
+    chart: ./charts/<name>
+    values: [./values/<environment>/<name>]
+
+  - ...
+```
+
+> **Info:** using default fake base64 values and not specify custom values can break execution.

http/account-registry/account.http

@@ -0,0 +1,41 @@
+### get user by id
+GET {{hostname}}/account-00000000-0000-7000-0000-000000000001
+
+### add user
+POST {{hostname}}/account
+Content-Type: application/json
+
+{
+    "username": "user01010101",
+    "password": "p4ssw0rd",
+    "enabled": true,
+    "roles": [
+        "ROLE_ADMIN",
+        "ROLE_TEST"
+    ]
+}
+
+### update user all information
+PUT {{hostname}}/account-00000000-0000-7000-0000-000000000002
+Content-Type: application/json
+
+{
+    "username": "user",
+    "password": "pass",
+    "enabled": true,
+    "roles": [
+        "ROLE_TEST"
+    ]
+}
+
+### update user information
+PUT {{hostname}}/account-00000000-0000-7000-0000-000000000002
+Content-Type: application/json
+
+{
+    "username": "user",
+    "enabled": true,
+    "roles": [
+        "ROLE_TEST"
+    ]
+}

http/account-registry/accounts.http

@@ -0,0 +1,8 @@
+### Get accounts
+GET {{hostname}}/accounts
+
+### Get accounts by page
+GET {{hostname}}/accounts/page-1
+
+### Get accounts by page and size
+GET {{hostname}}/accounts/page-1/show-1

http/account-registry/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/account-registry/authentication.http

@@ -0,0 +1,44 @@
+### Get admin information
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "admin",
+    "password": "pass"
+}
+
+### Get user information
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "user",
+    "password": "pass"
+}
+
+### Get bad user
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "bad user",
+    "password": "pass"
+}
+
+### Get bad pass
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "user",
+    "password": "bad pass"
+}
+
+### Get disabled user
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "disabled",
+    "password": "pass"
+}

http/account-registry/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9050"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-api/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-api/configuration.http

@@ -0,0 +1,3 @@
+### get configuration
+GET {{hostname}}/configuration
+Identity: {{identity}}

http/device-api/http-client.env.json-dev

@@ -0,0 +1,14 @@
+{
+  "development": {
+    "hostname": "https://localhost:8443",
+    "identity": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "docker": {
+    "hostname": "https://localhost:9000",
+    "identity": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "testing": {
+    "hostname": "https://10.0.x.x",
+    "identity": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  }
+}

http/device-api/measurement.http

@@ -0,0 +1,23 @@
+### get measurement
+GET {{hostname}}/measurement
+Identity: {{identity}}
+
+### add measurement for all
+POST {{hostname}}/measurement
+Content-Type: application/json
+Identity: {{identity}}
+
+{
+  "button0": 0,
+  "button1": 1,
+  "button2": 0
+}
+
+### add measurement for one
+POST {{hostname}}/measurement
+Content-Type: application/json
+Identity: {{identity}}
+
+{
+  "button0": 1
+}

http/device-configuration/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-configuration/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9030"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-configuration/node.http

@@ -0,0 +1,11 @@
+###
+GET {{hostname}}/node-00000000-0000-7000-0000-000000000001
+
+
+### add measurement for one
+PUT {{hostname}}/node-01983d73-3a1e-792e-b910-5673f366fb3b
+Content-Type: application/json
+
+{
+  "configuration": "test"
+}

http/device-data/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-data/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9020"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-data/measurement.http

@@ -0,0 +1,34 @@
+
+
+### add measurement for all
+POST {{hostname}}/client-00000000-0000-7000-0001-000000000001
+Content-Type: application/json
+
+{
+  "tags": {
+    "device": "00000000-0000-7000-0002-000000000001",
+    "node": "00000000-0000-7000-0003-000000000001"
+  },
+  "fields": {
+    "button0": 1,
+    "button1": 0,
+    "button2": 1
+  }
+}
+
+### add measurement for one
+POST {{hostname}}/client-00000000-0000-7000-0001-000000000001
+Content-Type: application/json
+
+{
+  "tags": {
+    "device": "00000000-0000-7000-0002-000000000001",
+    "node": "00000000-0000-7000-0003-000000000001"
+  },
+  "fields": {
+    "button1": 0
+  }
+}
+
+### add measurement
+GET {{hostname}}/client-00000000-0000-7000-0001-000000000001/node-00000000-0000-7000-0003-000000000001

http/device-registry/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-registry/device.http

@@ -0,0 +1,10 @@
+### register device for a type
+POST {{hostname}}/device
+Content-Type: application/json
+
+{
+  "type": "00000000-0000-0000-0000-000000000000"
+}
+
+### register device for a type
+GET {{hostname}}/device-00000000-0000-0000-0000-000000000000

http/device-registry/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9050"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-registry/identity.http

@@ -0,0 +1,2 @@
+### get identity
+GET {{hostname}}/identity/device-00000000-0000-0000-0000-000000000001

http/device-registry/node.http

@@ -0,0 +1,9 @@
+### register node for a client and device with name
+POST {{hostname}}/node
+Content-Type: application/json
+
+{
+  "client": "00000000-0000-0000-0000-000000000000",
+  "device": "01983d72-476e-77ab-9b17-5ba7045b15fa",
+  "name": "my test device"
+}

http/device-registry/type.http

@@ -0,0 +1,20 @@
+### add type
+POST {{hostname}}/type
+Content-Type: application/json
+
+{
+  "name": "Test Device 001",
+  "description": "Description of test device."
+}
+
+### get type by id
+GET {{hostname}}/type-00000000-0000-0000-0000-000000000000
+
+### update type by id
+PUT {{hostname}}/type-00000000-0000-0000-0000-000000000000
+Content-Type: application/json
+
+{
+  "name": "Test Device 001",
+  "description": "Description of test device."
+}

http/device-registry/types.http

@@ -0,0 +1,17 @@
+### get all types
+GET {{hostname}}/types
+
+### get all types
+GET {{hostname}}/types/page-1
+
+### get all types
+GET {{hostname}}/types/page-1/show-2
+
+### get all types
+GET {{hostname}}/types/filter-{filter}
+
+### get all types
+GET {{hostname}}/types/filter-{filter}/page-1
+
+### get all types
+GET {{hostname}}/types/filter-{filter}/page-1/show-2

http/management/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/management/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9060"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/registry-api/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/registry-api/authentication.http

@@ -0,0 +1,8 @@
+### account login
+POST {{hostname}}/login
+Content-Type: application/json
+
+{
+    "username": "admin",
+    "password": "pass"
+}

http/registry-api/http-client.env.json-dev

@@ -0,0 +1,14 @@
+{
+  "development": {
+    "hostname": "https://localhost:8443",
+    "token": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "docker": {
+    "hostname": "https://localhost:9040",
+    "token": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "testing": {
+    "hostname": "https://10.0.x.x",
+    "token": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  }
+}

http/registry-api/registry.http

@@ -0,0 +1,8 @@
+### register device for a type
+POST {{hostname}}/register
+Authorization: Bearer {{token}}
+Content-Type: application/json
+
+{
+  "type": "00000000-0000-0000-0000-000000000000"
+}

kubectl/01-initialize/01-namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: hlaeja
+  labels:
+    environment: testing

kubectl/01-initialize/02-registry-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: github
+  namespace: hlaeja
+  labels:
+    environment: testing
+type: kubernetes.io/dockerconfigjson
+data:
+  # Look at /doc/k8s-docker-registry.md to this value
+  .dockerconfigjson: DockerRegistryBase64==

kubectl/01-initialize/03-account-jwt-private-key-secret.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-jwt-private-key
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  private_key.pem: AccountJwtPrivateKeyFileBase64==
+
+

kubectl/01-initialize/04-account-jwt-public-key-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-jwt-public-key
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: frontend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  public_key.pem: AccountJwtPublicKeyFileBase64==

kubectl/01-initialize/05-device-jwt-private-key-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-jwt-private-key
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: backend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  private_key.pem: DeviceJwtPrivateKeyFileBase64==

kubectl/01-initialize/06-device-jwt-public-key-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-jwt-public-key
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: frontend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  public_key.pem: DeviceJwtPublicKeyFileBase64==

kubectl/01-initialize/07-device-api-keystore.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-api-keystore
+  namespace: hlaeja
+  labels:
+    environment: testing
+type: Opaque
+data:
+  # Look at /doc/keystore.md, for how to make real values
+  keystore.p12: DeviceApiKeystoreFileBase64==
+  keystore-password: DeviceApiKeystorePasswordBase64==

kubectl/01-initialize/08-register-api-keystore.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry-api-keystore
+  namespace: hlaeja
+  labels:
+    environment: testing
+type: Opaque
+data:
+  # Look at /doc/keystore.md, for how to make real values
+  keystore.p12: RegistryApiKeystoreFileBase64==
+  keystore-password: RegistryApiKeystorePasswordBase64==

kubectl/02-databases/01-postgres/01-secret.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres
+  namespace: hlaeja
+  labels:
+    app: postgres
+    environment: testing
+    tier: database
+type: Opaque
+stringData:
+  POSTGRES_PASSWORD: "password"

kubectl/02-databases/01-postgres/02-configmap.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres
+  namespace: hlaeja
+  labels:
+    app: postgres
+    environment: testing
+    tier: database
+data:
+  POSTGRES_USER: "postgres"