Hlæja concept v0.7.0

update README.md
add helmfile.yaml to .gitignore
rename helmfile.yaml to helmfile.yaml-dev

.gitignore

@@ -1,2 +1,6 @@
 .idea/
 cert/
+http/*/http-client.env.json
+helm/values/*/
+helm/charts/02-dependency/Chart.lock
+helm/helmfile.yaml

compose/development-compose.yml

@@ -15,7 +15,7 @@ volumes:
 services:
 
   influxdb:
-    image: influxdb:2.7.10-alpine
+    image: influxdb:2.7.12-alpine
     container_name: InfluxDB
     restart: unless-stopped
     environment:
@@ -34,7 +34,7 @@ services:
       - influx-config:/etc/influxdb2
 
   postgres:
-    image: postgres:17.1-alpine
+    image: postgres:17.5-alpine
     container_name: PostgreSQL
     restart: unless-stopped
     environment:
@@ -48,7 +48,7 @@ services:
       - postgres:/var/lib/postgresql/data
 
   cassandra:
-    image: cassandra:5.0.2
+    image: cassandra:5.0.4
     container_name: Cassandra
     restart: unless-stopped
     environment:
@@ -62,7 +62,7 @@ services:
       - cassandra:/var/lib/cassandra
 
   redis:
-    image: redis:7.4.1-alpine
+    image: redis:8.0.3-alpine
     container_name: Redis
     restart: unless-stopped
     environment:

compose/hlaeja-compose.yml

@@ -8,7 +8,7 @@ networks:
 services:
 
   device-registry:
-    image: hlaeja-device-registry:0.4.0
+    image: ghcr.io/swordsteel/hlaeja-device-registry:0.6.0
     container_name: DeviceRegistry
     restart: unless-stopped
     environment:
@@ -22,7 +22,7 @@ services:
       - ./cert/device_private_key.pem:/app/resources/cert/private_key.pem
 
   device-data:
-    image: hlaeja-device-data:0.1.1
+    image: ghcr.io/swordsteel/hlaeja-device-data:0.2.0
     container_name: DeviceData
     restart: unless-stopped
     environment:
@@ -34,7 +34,7 @@ services:
       - 9020:8080
 
   device-configuration:
-    image: hlaeja-device-configuration:0.1.0
+    image: ghcr.io/swordsteel/hlaeja-device-configuration:0.2.0
     container_name: DeviceConfiguration
     restart: unless-stopped
     environment:
@@ -45,7 +45,7 @@ services:
       - 9030:8080
 
   device-api:
-    image: hlaeja-device-api:0.4.0
+    image: ghcr.io/swordsteel/hlaeja-device-api:0.5.0
     container_name: DeviceApi
     restart: unless-stopped
     environment:
@@ -61,7 +61,7 @@ services:
       - ./cert/device_api_keystore.p12:/app/resources/cert/keystore.p12
 
   registry-api:
-    image: hlaeja-registry-api:0.2.0
+    image: ghcr.io/swordsteel/hlaeja-registry-api:0.3.0
     container_name: RegistryApi
     restart: unless-stopped
     environment:
@@ -77,7 +77,7 @@ services:
       - ./cert/account_public_key.pem:/app/resources/cert/public_key.pem
 
   account-registry:
-    image: hlaeja-account-registry:0.2.0
+    image: ghcr.io/swordsteel/hlaeja-account-registry:0.3.0
     container_name: AccountRegistry
     restart: unless-stopped
     environment:
@@ -91,7 +91,7 @@ services:
       - ./cert/account_private_key.pem:/app/resources/cert/private_key.pem
 
   management:
-    image: hlaeja-management:0.1.0
+    image: ghcr.io/swordsteel/hlaeja-management:0.3.0
     container_name: Management
     restart: unless-stopped
     environment:

doc/dependency.md

@@ -1,10 +1,43 @@
 # Hlæja dependency
 
+## Build Release Order
+
+*need to make pipeline for this.*
+
+Level 1
+
+- hlaeja-version-catalog
+
+Level 2
+
+- hlaeja-core-plugin
+
+Level 3
+
+- hlaeja-common-plugin
+
+Level 4
+
+- hlaeja-common-messages
+- hlaeja-jwt
+- test-library
+
+Level 5
+
+- hlaeja-account-registry
+- hlaeja-device-registry
+- hlaeja-device-configuration
+- hlaeja-device-data
+- hlaeja-device-api
+- hlaeja-registry-api
+- hlaeja-management
+
 ## Service dependency
 
 ```mermaid
 graph TD
 ;
+
   subgraph BE[Backend Services]
     subgraph HDR[Hlæja Device Registry]
       HDRS[Service] --> HDRD[(Postgres)]
@@ -20,23 +53,26 @@ graph TD
     end
   end
   subgraph HDA[Hlæja Device API]
-    HDAS[Service] --> HDAD[(Redis)]
+    HDAS[Service] --> HDAR[(Redis)]
   end
   subgraph HRA[Hlæja Registry API]
     HRAS[Service]
   end
   subgraph HM[Hlæja Management]
-    HMS[Service]
+    HMS[Service] -.-> HMR[(Redis)]
   end
 
+
   HM --> HAR
-  HM -.-> HDR
+  HM --> HDR
   HM -.-> HDC
+
+  HRA --> HAR
+  HRA --> HDR
+
   HDA --> HDR
   HDA --> HDC
   HDA --> HDD
-  HRA --> HAR
-  HRA --> HDR
 ```
 
 ## Library and Gradle plugin dependency
@@ -44,6 +80,7 @@ graph TD
 ```mermaid
 graph RL
 ;
+
   CP[Core Plugin]
   subgraph SCP [Common Plugin]
     PL[Plugin Library]
@@ -58,6 +95,7 @@ graph RL
     PSIT[Plugin Service Integration Test]
     PSPR[Plugin Service Process Resource]
   end
+  
   PLM --> PL
   PLP --> PL
   PCo ---> PL
@@ -81,21 +119,31 @@ graph RL
   DRS[Device Registry Service]
   PS --> DRS
   PCe --> DRS
+  TL -.-> DRS
   CML --> DRS
   JL --> DRS
 
   DDS[Device Data Service]
   PS --> DDS
+  TL -.-> DDS
   CML --> DDS
 
   DCS[Device Configuration Service]
+  TL -.-> DCS
   PS --> DCS
   CML --> DCS
 
+  AS[Account Service]
+  TL --> AS
+  CML --> AS
+  PS --> AS
+  PCe --> AS
+  JL --> AS
+
   DAS[Device API Service]
+  PS --> DAS
   CML --> DAS
   JL --> DAS
-  PS --> DAS
   PCe --> DAS
 
   RAS[Registry API Service]
@@ -104,17 +152,9 @@ graph RL
   PS --> RAS
   PCe --> RAS
 
-  AS[Account Service]
-  CML --> AS
-  JL --> AS
-  TL --> AS
-  PS --> AS
-  PCe --> AS
-
   MUS[Management UI Service]
   CML --> MUS
   JL --> MUS
   PS --> MUS
   PCe -.-> MUS
-
 ```

doc/k8s-docker-registry.md

@@ -0,0 +1,37 @@
+# K8s Docker Registry Configuration
+
+**How to make JSON Configuration**
+
+```json=
+{
+  "auths": {
+    "<your-registry>": {
+      "username": "<your-username>",
+      "password": "<your-password>",
+      "email": "<your-email@example.com>",
+      "auth": "<base64-of-your-username:your-password>"
+    }
+  }
+}
+```
+
+**Replace Values**
+
+- **Replace** <your-registry>: Use the hostname of your Gitea instance (e.g., registry.example.com).
+- **Replace** <your-username>: Use your Gitea username (e.g., user1).
+- **Replace** <your-password>: Use your Gitea personal access token generated with read:package scope (e.g., abc123).
+- **Replace** <your-email>: Use your email address (e.g., user1@example.com).
+
+**Linux Command**
+
+```bash
+echo -n 'your-username:your-password' | base64 -w 0
+```
+
+witch gives `eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk` then we use it in the `auth`
+
+```bash
+echo -n '{"auths":{"<your-registry>":{"username":"your-username","password":"your-password","email":"your-email","auth":"eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk"}}}' | base64 -w 0
+```
+
+witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=`

doc/k8s-testing.md

@@ -0,0 +1,583 @@
+# Hlæja K8s
+
+## Table of Contents
+
+<!-- TOC -->
+* [Hlæja K8s](#hlæja-k8s)
+  * [Table of Contents](#table-of-contents)
+  * [Initialize](#initialize)
+    * [Namespace](#namespace)
+    * [Registry Secret](#registry-secret)
+    * [JSON Web Token (JWT)](#json-web-token-jwt)
+    * [Keystore](#keystore)
+  * [Databases](#databases)
+    * [Postgres](#postgres)
+      * [Secret](#secret)
+      * [Config Map](#config-map)
+      * [Stateful Set](#stateful-set)
+      * [Service](#service)
+    * [Cassandra](#cassandra)
+      * [Stateful Set](#stateful-set-1)
+      * [Service](#service-1)
+    * [InfluxDb](#influxdb)
+      * [Secret](#secret-1)
+      * [Config Map](#config-map-1)
+      * [Stateful Set](#stateful-set-2)
+      * [Service](#service-2)
+    * [Redis](#redis)
+      * [Stateful Set](#stateful-set-3)
+      * [Service](#service-3)
+  * [Hlæja](#hlæja)
+    * [Account Register](#account-register)
+      * [Secret](#secret-2)
+      * [Config Map](#config-map-2)
+      * [Deployment](#deployment)
+      * [Service](#service-4)
+    * [Device Register](#device-register)
+      * [Secret](#secret-3)
+      * [Config Map](#config-map-3)
+      * [Deployment](#deployment-1)
+      * [Service](#service-5)
+    * [Device Configuration](#device-configuration)
+      * [Secret](#secret-4)
+      * [Config Map](#config-map-4)
+      * [Deployment](#deployment-2)
+      * [Service](#service-6)
+    * [Device Data](#device-data)
+      * [Secret](#secret-5)
+      * [Config Map](#config-map-5)
+      * [Deployment](#deployment-3)
+      * [Service](#service-7)
+    * [Device API](#device-api)
+      * [Config Map](#config-map-6)
+      * [Deployment](#deployment-4)
+      * [Service](#service-8)
+    * [Registry API](#registry-api)
+      * [Config Map](#config-map-7)
+      * [Deployment](#deployment-5)
+      * [Service](#service-9)
+<!-- TOC -->
+
+----
+
+## Initialize
+
+### Namespace
+
+Create the Namespace for the environment.
+
+```bash
+kubectl apply -f .\kube\01-initialize\01-namespace.yaml
+```
+
+---
+
+### Registry Secret
+
+Create [Docker Registry Configuration](./k8s-docker-registry.md) secret.
+
+```bash
+kubectl apply -f .\kube\01-initialize\02-registry-secret.yaml
+```
+
+---
+
+### JSON Web Token (JWT)
+
+For JWT we are using public and private keys, read more about [RSA keys](./rsa_key.md).
+
+Account private key for account service to make access token.
+
+```bash
+kubectl apply -f .\kube\01-initialize\03-account-jwt-private-key-secret.yaml
+```
+
+Account public key for all services identifying users
+
+```bash
+kubectl apply -f .\kube\01-initialize\04-account-jwt-public-key-secret.yaml
+```
+
+Device private key for device service to make device token.
+
+```bash
+kubectl apply -f .\kube\01-initialize\05-device-jwt-private-key-secret.yaml
+```
+
+Device public key for all services identifying devices
+
+```bash
+kubectl apply -f .\kube\01-initialize\06-device-jwt-public-key-secret.yaml
+```
+
+---
+
+### Keystore
+
+Keystore with password read more about [Keystore.p12](./keystore.md).
+
+check cert:
+
+```
+keytool -list -v -storetype PKCS12 -keystore keystore.p12 -storepass <password>
+```
+
+option:
+
+```
+kubectl create secret generic <name> \
+  --from-file=keystore.p12=<keystore.p12> \
+  --from-literal=keystore-password=<your-keystore-password> \
+  -n <namespace>
+```
+
+Device API Keystore
+```bash
+kubectl apply -f .\kube\01-initialize\07-device-api-keystore.yaml
+```
+
+Registry API Keystore
+```bash
+kubectl apply -f .\kube\01-initialize\08-register-api-keystore.yaml
+```
+
+---
+
+## Databases
+
+### Postgres
+
+Remember that you don't run replicas but many instances with its own storage and service.
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\01-secret.yaml
+```
+
+Set values:
+
+- postgres root password
+
+using something a bit more secure `SCRAM-SHA-256$4096:f/IWlCTGdMT9qOjQlPbWtA==$qePy5ArW+7ykg3yHqW7qYH0j2384OIoV2IcBcz0mIRM=:KuU1xgnAVtOVpCZhdUJlI8F7Viz0ApmYxYEo5yXNCW0=` in this case we use `password`, to make this... use postgres to make a user and password, copy this value and now will use as admin password.
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\02-configmap.yaml
+```
+
+Set values:
+
+- postgres root user
+
+#### Stateful Set
+
+This is the specifications for postgres.
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\03-statefulset.yaml
+```
+
+Set storage size for permanent storage
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\04-service.yaml
+```
+
+---
+
+### Cassandra
+
+For now... run basic cassandra, we need to add authentication later.
+
+to get a clean cassandra configuration:
+
+```bash
+docker run --rm cassandra:5.0 cat /etc/cassandra/cassandra.yaml > cassandra-default.yaml
+```
+
+modify `authenticator` and `authorizer` and som how get that change inside... local file get to big 262144 bytes limitation.
+
+some help things for later
+
+```bashe
+kubectl exec -it -n hlaeja cassandra-0 -- bash
+```
+
+run one of this
+
+```bash
+nodetool status
+```
+
+or
+
+```bash
+cqlsh
+SELECT data_center FROM system.local;
+```
+
+#### Stateful Set
+
+This is the specifications for cassandra.
+
+```bash
+kubectl apply -f .\kube\02-databases\02-cassandra\01-statefulset.yaml
+```
+
+Set storage size for permanent storage
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\02-cassandra\02-service.yaml
+```
+
+---
+
+### InfluxDb
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\02-databases\03-influxdb\01-secret.yaml
+```
+
+Set values:
+
+- influx root password
+- influx token
+
+using something a bit more secure `SCRAM-SHA-256$4096:f/IWlCTGdMT9qOjQlPbWtA==$qePy5ArW+7ykg3yHqW7qYH0j2384OIoV2IcBcz0mIRM=:KuU1xgnAVtOVpCZhdUJlI8F7Viz0ApmYxYEo5yXNCW0=` in this case we use `password`, to make this... use postgres to make a user and password, copy this value and now will use as admin password.
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\02-databases\03-influxdb\02-configmap.yaml
+```
+
+Set values:
+
+- influx root username
+- influx mode
+- influx organisation
+- influx bucket
+
+#### Stateful Set
+
+This is the specifications for influxdb.
+
+```bash
+kubectl apply -f .\kube\02-databases\03-infulxdb\03-statefulset.yaml
+```
+
+Set storage size for permanent storage
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\03-infulxdb\04-service.yaml
+```
+
+---
+
+### Redis
+
+For now... run basic redis, we need to add authentication, replication later? need to think mor about this later.
+
+#### Stateful Set
+
+This is the specifications for redis.
+
+```bash
+kubectl apply -f  .\kube\02-databases\04-redis\01-statefulset.yaml
+```
+
+Set storage size for permanent storage.
+
+did add storage for restarts and some limits.
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\04-redis\02-service.yaml
+```
+
+---
+
+## Hlæja
+
+To access service use `kubectl exec -it <pod-name> -n hlaeja -- /bin/sh`
+
+To tail a service log use `kubectl logs -f <pod-name> -n hlaeja`
+
+### Account Register
+
+This is only a ***concept*** and exist for testing rest of system. this need to be ***rewritten***.
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\01-secret.yaml
+```
+
+Set values:
+
+- postgres password
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- postgres username
+- postgres url
+- account private jwt file location
+
+#### Deployment
+
+Account Registry Service, using `account-jwt-private-key`
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\01-account-registry\04-service.yaml
+```
+
+---
+
+### Device Register
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\01-secret.yaml
+```
+
+Set values:
+
+- postgres password
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- postgres username
+- postgres url
+- device private jwt file location
+
+#### Deployment
+
+Account Registry Service, using `account-jwt-private-key`
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\02-device-registry\04-service.yaml
+```
+
+---
+
+### Device Configuration
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\01-secret.yaml
+```
+
+Set values:
+
+- cassandra password (db have not turned this on yet)
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- cassandra username (db have not turned this on yet)
+- cassandra contact points
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\03-device-configuration\04-service.yaml
+```
+
+---
+
+### Device Data
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\01-secret.yaml
+```
+
+Set values:
+
+- influxdb token
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\02-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- influxdb url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\03-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\04-device-data\04-service.yaml
+```
+
+---
+
+### Device API
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- spring data redis database
+- spring data redis host
+- device configuration url
+- device data url
+- device register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\05-device-api\03-service.yaml
+```
+
+---
+
+### Registry API
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- device register url
+- registry register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\06-registry-api\03-service.yaml
+```
+
+---
+
+# Management
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\01-configmap.yaml
+```
+
+Set values:
+
+- spring profile
+- spring data redis database
+- spring data redis host
+- device register url
+- registry register url
+
+#### Deployment
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\02-deployment.yaml
+```
+
+#### Service
+
+this service should not be accessible from world only open in testing
+
+```bash
+kubectl apply -f .\kube\03-hlaeja\07-management\03-service.yaml
+```

helm/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/README.md

@@ -0,0 +1,49 @@
+# Hlæja Helm
+
+Copy `helmfile.yaml-dev` to `helmfile.yaml` and start to add your environment.
+
+## Set up helm environment
+
+how to set up [Enviorment](./values/README.md)
+
+## Command using kubectl and helmfile
+
+> ⚠️**Warning:** always use `--selector namespace=<releasesEnviorment>` when running `helmfile` or **risk** lose it all!!! ⚠️
+
+> **Info:** limit even more by using `--selector namespace=<releasesEnviorment>,name=<releasesName>`
+
+**Info:** Create everything for a name space
+
+```shell
+helmfile --selector namespace=testing apply
+```
+
+⚠️**Warning:** Destroy everything for a name space
+
+```shell
+helmfile --selector namespace=testing destroy
+```
+
+**Info:** Create initialize for a name space
+
+```shell
+helmfile --selector namespace=testing,name=initialize apply
+```
+
+⚠️**Warning:** Destroy initialize for a name space
+
+```shell
+helmfile --selector namespace=testing,name=initialize destroy
+```
+
+**Info:** Get status
+
+```shell
+kubectl get secret,cm,pvc,pod,svc -n testing
+```
+
+⚠️**Warning:** Delete everything!
+
+```shell
+kubectl delete ns testing
+```

helm/charts/01-secrets/Chart.yaml

@@ -0,0 +1,5 @@
+# Chart.yaml
+apiVersion: v2
+name: hlaeja-secret
+description: A Helm chart for the hlaeja docker register, jwt, and keystore
+version: 0.1.0

helm/charts/01-secrets/templates/01-docker-registry.yaml

@@ -0,0 +1,13 @@
+{{- range .Values.secrets.dockerRegistry }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    environment: {{ $.Values.environment }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ .dockerRegistryConfigJson | quote }}
+---
+{{- end }}

helm/charts/01-secrets/templates/02-json-web-token.yaml

@@ -0,0 +1,15 @@
+{{- range .Values.secrets.jwt }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: {{ .app }}
+    environment: {{ $.Values.environment }}
+    tier: {{ .tier }}
+type: Opaque
+data:
+  {{ .jwtFilename }}: {{ .jwtFile | quote }}
+---
+{{- end }}

helm/charts/01-secrets/templates/03-keystore.yaml

@@ -0,0 +1,16 @@
+{{- range .Values.secrets.keystore }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: {{ .app }}
+    environment: {{ $.Values.environment }}
+    tier: {{ .tier }}
+type: Opaque
+data:
+  keystore.p12: {{ .keystoreFile | quote }}
+  keystore-password: {{ .keystorePassword | b64enc | quote }}
+---
+{{- end }}

helm/charts/01-secrets/values.yaml

@@ -0,0 +1,46 @@
+namespace: hlaeja-testing
+environment: testing
+
+secrets:
+
+  # Look at /doc/k8s-docker-registry.md to make these values
+  dockerRegistry:
+#    - name: dockerRegistry
+#      dockerRegistryConfigJson: DockerRegistryBase64==
+
+  # Look at /doc/rsa_key.md to make these values (we use rsa so and need a public and privet key)
+  jwt:
+#    - name: account-jwt-private-key
+#      app: account-register
+#      tier: backend
+#      jwtFilename: private_key.pem
+#      jwtFile: AccountJwtPrivateKeyFileBase64==
+#    - name: account-jwt-public-key
+#      app: account-register
+#      tier: frontend
+#      jwtFilename: private_key.pem
+#      jwtFile: AccountJwtPublicKeyFileBase64==
+#    - name: device-jwt-private-key
+#      app: device-register
+#      tier: backend
+#      jwtFilename: private_key.pem
+#      jwtFile: DeviceJwtPrivateKeyFileBase64==
+#    - name: device-jwt-public-key
+#      app: device-register
+#      tier: frontend
+#      jwtFilename: private_key.pem
+#      jwtFile: DeviceJwtPublicKeyFileBase64==
+
+  # Look at /doc/keystore.md to make these values
+  keystore:
+#    - name: device-api-keystore
+#      app: device-api
+#      tier: frontend
+#      keystorePassword: ServiceKeystorePassword
+#      keystoreFile: ServiceKeystoreFileBase64==
+#    - name: registry-api-keystore
+#      app: registry-api
+#      tier: frontend
+#      keystorePassword: ServiceKeystorePassword
+#      keystoreFile: ServiceKeystoreFileBase64==
+

helm/charts/02-dependency/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+name: hlaeja-dependency
+description: A Helm chart for the hlaeja dependency chart wrapper
+version: 0.1.0
+
+dependencies:
+
+  # https://artifacthub.io/packages/helm/bitnami/postgresql
+  - name: postgresql
+    version: 16.7.21
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/cassandra
+  - name: cassandra
+    version: 12.3.9
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/influxdb
+  - name: influxdb
+    version: 6.6.16
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+
+  # https://artifacthub.io/packages/helm/bitnami/redis
+  - name: redis
+    version: 21.2.13
+    repository: "oci://registry-1.docker.io/bitnamicharts"

helm/charts/02-dependency/values.yaml

@@ -0,0 +1,76 @@
+postgresql:
+  auth:
+    postgresPassword: mySecretPassword
+  primary:
+    persistence:
+      size: 10Gi
+    resources:
+      requests:
+        memory: 512Mi
+        cpu: 250m
+#    service:
+#      type: LoadBalancer
+#      loadBalancerIP: 10.0.3.31
+
+cassandra:
+  cluster:
+    name: hlaeja-cassandra
+  dbUser:
+    password: mySecretPassword
+  persistence:
+    enabled: true
+    size: 10Gi
+  resources:
+    requests:
+      cpu: 250m
+      memory: 512Mi
+#  service:
+#    type: LoadBalancer
+#    loadBalancerIP: 10.0.3.32
+
+influxdb:
+  auth:
+    admin:
+      username: influxdb
+      password: mySecretPassword
+      token: influxdbAdminToken==
+    user:
+      username: service
+      password: mySecretPassword
+      token: influxdbServiceToken==
+      org: hlaeja
+      bucket: device-data
+  persistence:
+    enabled: true
+    size: 10Gi
+  resources:
+    requests:
+      memory: 512Mi
+      cpu: 250m
+  influxdb:
+    service:
+      extraPorts:
+        - name: http-alt
+          port: 80
+          targetPort: 8086
+          protocol: TCP
+#      type: LoadBalancer
+#      loadBalancerIP: 10.0.3.33
+
+redis:
+  architecture: standalone
+  auth:
+    enabled: true
+    password: mySecretPassword
+  resources:
+    requests:
+      cpu: 250m
+      memory: 256Mi
+  master:
+    persistence:
+      enabled: true
+      size: 1Gi
+#    service:
+#      type: LoadBalancer
+#      loadBalancerIP: 10.0.3.34
+

helm/charts/03-account-registry/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-account-registry
+description: A Helm chart for the hlaeja account registry
+version: 0.1.0

helm/charts/03-account-registry/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-register-environment
+  labels:
+    app: account-register
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  SPRING_R2DBC_PASSWORD: {{ .Values.secrets.r2dbcPassword | b64enc | quote }}

helm/charts/03-account-registry/templates/02-configmap.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: account-register-environment
+  labels:
+    app: account-register
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_R2DBC_URL: {{ .Values.config.r2dbcUrl | quote }}
+  SPRING_R2DBC_USERNAME: {{ .Values.config.r2dbcUsername | quote }}
+  JWT_PRIVATE_KEY: "cert/{{ .Values.jwtPrivetKey.filename }}"

helm/charts/03-account-registry/templates/03-deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: account-register
+  labels:
+    app: account-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: account-register
+  template:
+    metadata:
+      labels:
+        app: account-register
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: account-register-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: account-register-environment
+            - secretRef:
+                name: account-register-environment
+          volumeMounts:
+            - name: jwt-key-volume
+              mountPath: /app/resources/cert
+              readOnly: true
+          ports:
+            - containerPort: 8080
+      volumes:
+        - name: jwt-key-volume
+          secret:
+            secretName: {{ .Values.jwtPrivetKey.name }}
+            items:
+              - key: {{ .Values.jwtPrivetKey.filename }}
+                path: {{ .Values.jwtPrivetKey.filename }}

helm/charts/03-account-registry/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: account-register
+  labels:
+    app: account-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: account-register
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/03-account-registry/values.yaml

@@ -0,0 +1,19 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.21
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-account-registry:0.1.0
+
+secrets:
+  r2dbcPassword: "password"
+
+config:
+  profiles: testing
+  r2dbcUrl: r2dbc:postgresql://dependency-postgresql:5432/account_registry
+  r2dbcUsername: services
+
+jwtPrivetKey:
+  name: account-jwt-private-key
+  filename: private_key.pem

helm/charts/04-device-registry/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-register
+description: A Helm chart for the hlaeja device registry
+version: 0.1.0

helm/charts/04-device-registry/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-register-environment
+  labels:
+    app: device-register
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  SPRING_R2DBC_PASSWORD: {{ .Values.secrets.r2dbcPassword | b64enc | quote }}

helm/charts/04-device-registry/templates/02-configmap.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-register-environment
+  labels:
+    app: device-register
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_R2DBC_URL: {{ .Values.config.r2dbcUrl | quote }}
+  SPRING_R2DBC_USERNAME: {{ .Values.config.r2dbcUsername | quote }}
+  JWT_PRIVATE_KEY: "cert/{{ .Values.jwtPrivetKey.filename }}"

helm/charts/04-device-registry/templates/03-deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-register
+  labels:
+    app: device-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-register
+  template:
+    metadata:
+      labels:
+        app: device-register
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-register-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-register-environment
+            - secretRef:
+                name: device-register-environment
+          volumeMounts:
+            - name: jwt-key-volume
+              mountPath: /app/resources/cert
+              readOnly: true
+          ports:
+            - containerPort: 8080
+      volumes:
+        - name: jwt-key-volume
+          secret:
+            secretName: {{ .Values.jwtPrivetKey.name }}
+            items:
+              - key: {{ .Values.jwtPrivetKey.filename }}
+                path: {{ .Values.jwtPrivetKey.filename }}

helm/charts/04-device-registry/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-register
+  labels:
+    app: device-register
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-register
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/04-device-registry/values.yaml

@@ -0,0 +1,19 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.22
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-registry:0.1.0
+
+secrets:
+  r2dbcPassword: "password"
+
+config:
+  profiles: testing
+  r2dbcUrl: r2dbc:postgresql://dependency-postgresql:5432/device_registry
+  r2dbcUsername: services
+
+jwtPrivetKey:
+  name: device-jwt-private-key
+  filename: private_key.pem

helm/charts/05-device-configuration/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-configuration
+description: A Helm chart for the hlaeja device configuration
+version: 0.1.0

helm/charts/05-device-configuration/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-configuration-environment
+  labels:
+    app: device-configuration
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  SPRING_CASSANDRA_PASSWORD: {{ .Values.secrets.cassandraPassword | b64enc | quote }}

helm/charts/05-device-configuration/templates/02-configmap.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-configuration-environment
+  labels:
+    app: device-configuration
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_CASSANDRA_CONTACT_POINTS: {{ .Values.config.cassandraContactPoints | quote }}
+  SPRING_CASSANDRA_USERNAME: {{ .Values.config.cassandraUsername | quote }}

helm/charts/05-device-configuration/templates/03-deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-configuration
+  labels:
+    app: device-configuration
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-configuration
+  template:
+    metadata:
+      labels:
+        app: device-configuration
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-configuration-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-configuration-environment
+            - secretRef:
+                name: device-configuration-environment
+          ports:
+            - containerPort: 8080

helm/charts/05-device-configuration/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-configuration
+  labels:
+    app: device-configuration
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-configuration
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/05-device-configuration/values.yaml

@@ -0,0 +1,15 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.23
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-configuration:0.1.0
+
+secrets:
+  cassandraPassword: "password"
+
+config:
+  profiles: testing
+  cassandraContactPoints: dependency-cassandra
+  cassandraUsername: service

helm/charts/06-device-data/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-data
+description: A Helm chart for the hlaeja device data
+version: 0.1.0

helm/charts/06-device-data/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-data-environment
+  labels:
+    app: device-data
+    environment:  {{ .Values.environment }}
+    tier: backend
+type: Opaque
+data:
+  INFLUXDB_TOKEN: {{ .Values.secrets.influxdbToken | b64enc | quote }}

helm/charts/06-device-data/templates/02-configmap.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-data-environment
+  labels:
+    app: device-data
+    environment: {{ .Values.environment }}
+    tier: backend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  INFLUXDB_URL: {{ .Values.config.influxdbUrl | quote }}
+  {{- if and .Values.config.influxdbBucket (ne .Values.config.influxdbBucket "") }}
+  INFLUXDB_BUCKET: {{ .Values.config.influxdbBucket | quote }}
+  {{- end }}
+  {{- if and .Values.config.influxdbOrg (ne .Values.config.influxdbOrg "") }}
+  INFLUXDB_ORG: {{ .Values.config.influxdbOrg | quote }}
+  {{- end }}

helm/charts/06-device-data/templates/03-deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-data
+  labels:
+    app: device-data
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-data
+  template:
+    metadata:
+      labels:
+        app: device-data
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-data-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-data-environment
+            - secretRef:
+                name: device-data-environment
+          ports:
+            - containerPort: 8080

helm/charts/06-device-data/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-data
+  labels:
+    app: device-data
+    environment: {{ .Values.environment }}
+    tier: backend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-data
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/06-device-data/values.yaml

@@ -0,0 +1,16 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.24
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-data:0.1.0
+
+secrets:
+  influxdbToken: influxdbToken==
+
+config:
+  profiles: testing
+  influxdbUrl: http://dependency-influxdb
+#  influxdbOrg: hlaeja
+#  influxdbBucket: hlaeja_ltd

helm/charts/07-device-api/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-device-api
+description: A Helm chart for the hlaeja device api
+version: 0.1.0

helm/charts/07-device-api/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-api-environment
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+type: Opaque
+data:
+  SPRING_DATA_REDIS_PASSWORD: {{ .Values.secrets.redisPassword | b64enc | quote }}

helm/charts/07-device-api/templates/02-configmap.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: device-api-environment
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_DATA_REDIS_DATABASE: {{ .Values.config.redis.database | quote }}
+  SPRING_DATA_REDIS_HOST: {{ .Values.config.redis.host | quote }}
+  DEVICE_CONFIGURATION_URL: {{ .Values.config.deviceConfigurationUrl | quote }}
+  DEVICE_DATA_URL: {{ .Values.config.deviceDataUrl | quote }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}
+
+  # all of this should be preset in application.yaml
+  SERVER_PORT: "8443"
+  SERVER_SSL_ENABLED: "true"
+  SERVER_SSL_KEY_STORE: "/app/resources/cert/keystore.p12"
+  SERVER_SSL_KEY_STORE_TYPE: "PKCS12"
+
+  # This was experimental and should be removed in later versions
+  MANAGEMENT_METRICS_TAGS_APPLICATION: "device-api"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_ENABLED: "false"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_URL: "http://influxdb"
+  # adding this here as it's going to be deleted and is not sued internally
+  MANAGEMENT_INFLUX_METRICS_EXPORT_TOKEN: "invalidInfluxDbToken=="

helm/charts/07-device-api/templates/03-deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: device-api
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: device-api
+  template:
+    metadata:
+      labels:
+        app: device-api
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: device-api-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: device-api-environment
+            - secretRef:
+                name: device-api-environment
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.keystoreRef }}
+                  key: keystore-password
+          ports:
+            - containerPort: 8443
+          volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
+            - name: jwt-volume
+              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
+              subPath: {{ .Values.jwtPublicKey.filename }}
+              readOnly: true
+      volumes:
+        - name: keystore-volume
+          secret:
+            secretName: {{ .Values.keystoreRef }}
+            items:
+              - key: keystore.p12
+                path: keystore.p12
+        - name: jwt-volume
+          secret:
+            secretName: {{ .Values.jwtPublicKey.name }}
+            items:
+              - key: {{ .Values.jwtPublicKey.filename }}
+                path: {{ .Values.jwtPublicKey.filename }}

helm/charts/07-device-api/templates/04-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: device-api
+  labels:
+    app: device-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: device-api
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 8443

helm/charts/07-device-api/values.yaml

@@ -0,0 +1,26 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.12
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-device-api:0.1.0
+
+secrets:
+  redisPassword: redisPassword
+
+config:
+  profiles: testing
+  redis:
+    database: 1
+    host: dependency-redis-master
+  deviceConfigurationUrl: http://device-configuration
+  deviceDataUrl: http://device-data
+  deviceRegistryUrl: http://device-register
+
+jwtPublicKey:
+  name: device-jwt-public-key
+  filename: public_key.pem
+
+
+keystoreRef: device-api-keystore

helm/charts/08-registry-api/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-registry-api
+description: A Helm chart for the hlaeja registry api
+version: 0.1.0

helm/charts/08-registry-api/templates/01-configmap.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: registry-api-environment
+  labels:
+    app: registry-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl | quote }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}
+
+  # all of this should be preset in application.yaml
+  SERVER_PORT: "8443"
+  SERVER_SSL_ENABLED: "true"
+  SERVER_SSL_KEY_STORE: "/app/resources/cert/keystore.p12"
+  SERVER_SSL_KEY_STORE_TYPE: "PKCS12"
+
+  # This was experimental and should be removed in later versions
+  MANAGEMENT_METRICS_TAGS_APPLICATION: "register-api"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_ENABLED: "false"
+  MANAGEMENT_INFLUX_METRICS_EXPORT_URL: "http://influxdb"
+  # adding this here as it's going to be deleted and is not sued internally
+  MANAGEMENT_INFLUX_METRICS_EXPORT_TOKEN: "invalidInfluxDbToken=="

helm/charts/08-registry-api/templates/02-deployment.yaml

@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: registry-api
+  labels:
+    app: registry-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: registry-api
+  template:
+    metadata:
+      labels:
+        app: registry-api
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: registry-api-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: registry-api-environment
+          env:
+            - name: SERVER_SSL_KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.keystoreRef }}
+                  key: keystore-password
+          ports:
+            - containerPort: 8443
+          volumeMounts:
+            - name: keystore-volume
+              mountPath: /app/resources/cert/keystore.p12
+              subPath: keystore.p12
+              readOnly: true
+            - name: jwt-volume
+              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
+              subPath: {{ .Values.jwtPublicKey.filename }}
+              readOnly: true
+      volumes:
+        - name: keystore-volume
+          secret:
+            secretName: {{ .Values.keystoreRef }}
+            items:
+              - key: keystore.p12
+                path: keystore.p12
+        - name: jwt-volume
+          secret:
+            secretName: {{ .Values.jwtPublicKey.name }}
+            items:
+              - key: {{ .Values.jwtPublicKey.filename }}
+                path: {{ .Values.jwtPublicKey.filename }}

helm/charts/08-registry-api/templates/03-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry-api
+  labels:
+    app: registry-api
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: registry-api
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 8443

helm/charts/08-registry-api/values.yaml

@@ -0,0 +1,18 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.13
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-registry-api:0.1.0
+
+config:
+  profiles: testing
+  accountRegistryUrl: http://account-register
+  deviceRegistryUrl: http://device-register
+
+jwtPublicKey:
+  name: account-jwt-public-key
+  filename: public_key.pem
+
+keystoreRef: registry-api-keystore

helm/charts/09-management/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: hlaeja-management
+description: A Helm chart for the hlaeja management
+version: 0.1.0

helm/charts/09-management/templates/01-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: management-environment
+  labels:
+    app: management
+    environment:  {{ .Values.environment }}
+    tier: frontend
+type: Opaque
+data:
+  SPRING_DATA_REDIS_PASSWORD: {{ .Values.secrets.redisPassword | b64enc | quote }}

helm/charts/09-management/templates/02-configmap.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: management-environment
+  labels:
+    app: management
+    environment: {{ .Values.environment }}
+    tier: frontend
+data:
+  SPRING_PROFILES_ACTIVE: {{ .Values.config.profiles | quote }}
+  SPRING_DATA_REDIS_DATABASE: {{ .Values.config.redis.database | quote }}
+  SPRING_DATA_REDIS_HOST: {{ .Values.config.redis.host | quote }}
+  ACCOUNT_REGISTRY_URL: {{ .Values.config.accountRegistryUrl | quote }}
+  DEVICE_REGISTRY_URL: {{ .Values.config.deviceRegistryUrl | quote }}

helm/charts/09-management/templates/03-deployment.yaml

@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: management
+  labels:
+    app: management
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: management
+  template:
+    metadata:
+      labels:
+        app: management
+    spec:
+      imagePullSecrets:
+        - name: {{ .Values.docker.registry }}
+      containers:
+        - name: management-app
+          image: {{ .Values.docker.image }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: management-environment
+            - secretRef:
+                name: management-environment
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - name: jwt-volume
+              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
+              subPath: {{ .Values.jwtPublicKey.filename }}
+              readOnly: true
+      volumes:
+        - name: jwt-volume
+          secret:
+            secretName: {{ .Values.jwtPublicKey.name }}
+            items:
+              - key: {{ .Values.jwtPublicKey.filename }}
+                path: {{ .Values.jwtPublicKey.filename }}

helm/charts/09-management/templates/03-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: management
+  labels:
+    app: management
+    environment: {{ .Values.environment }}
+    tier: frontend
+spec:
+  {{- if and .Values.loadBalancerIP (ne .Values.loadBalancerIP "") }}
+  type: LoadBalancer
+  loadBalancerIP: {{ .Values.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: management
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

helm/charts/09-management/values.yaml

@@ -0,0 +1,22 @@
+environment: testing
+replicas: 1
+#loadBalancerIP: 10.0.3.11
+
+docker:
+  registry: dockerRegistry
+  image: lulz.ltd/hlaeja/hlaeja-management:0.1.0
+
+secrets:
+  redisPassword: redisPassword
+
+config:
+  profiles: testing
+  redis:
+    database: 2
+    host: dependency-redis-master
+  accountRegistryUrl: http://account-register
+  deviceRegistryUrl: http://device-register
+
+jwtPublicKey:
+  name: account-jwt-public-key
+  filename: public_key.pem

helm/helmfile.yaml-dev

@@ -0,0 +1,54 @@
+releases:
+  - name: secrets
+    namespace: hlaeja-testing
+    chart: ./charts/01-secrets
+    values: []
+    historyMax: 3
+
+  - name: dependency
+    namespace: hlaeja-testing
+    chart: ./charts/02-dependency
+    values: []
+    historyMax: 3
+
+  - name: account-register
+    namespace: hlaeja-testing
+    chart: ./charts/03-account-registry
+    values: []
+    historyMax: 3
+
+  - name: device-registry
+    namespace: hlaeja-testing
+    chart: ./charts/04-device-registry
+    values: []
+    historyMax: 3
+
+  - name: device-configuration
+    namespace: hlaeja-testing
+    chart: ./charts/05-device-configuration
+    values: []
+    historyMax: 3
+
+  - name: device-data
+    namespace: hlaeja-testing
+    chart: ./charts/06-device-data
+    values: []
+    historyMax: 3
+
+  - name: device-api
+    namespace: hlaeja-testing
+    chart: ./charts/07-device-api
+    values: []
+    historyMax: 3
+
+  - name: registry-api
+    namespace: hlaeja-testing
+    chart: ./charts/08-registry-api
+    values: []
+    historyMax: 3
+
+  - name: management
+    namespace: hlaeja-testing
+    chart: ./charts/09-management
+    values: []
+    historyMax: 3

helm/values/README.md

@@ -0,0 +1,39 @@
+# Hlæja Helm Environment
+
+To make the environment copy `values.yaml` file from `charts/<name>` to `values/<releasesEnviorment>` then change the values you need. or make the file and add the value you like to overwrite.
+
+```
+helm/
+├── helmfile.yaml
+├── values/
+│   ├── <releasesEnviorment>/
+│   │   ├── <name>.yaml
+|   │   └── ...
+│   └── ...
+└── charts/
+    ├── <name>/
+    │   ├── Chart.yaml
+    │   ├── values.yaml
+    │   └── templates/
+    │       └── <template>.yaml
+    └── ...
+```
+
+Then we need to update `helmfile.yaml` one for each environment.
+
+```
+releases:
+  - name: <releasesName>
+    namespace: <releasesEnviorment>
+    chart: ./charts/<name>
+    values: []
+
+  - name: <releasesName>
+    namespace: <releasesEnviorment>
+    chart: ./charts/<name>
+    values: [./values/<environment>/<name>]
+
+  - ...
+```
+
+> **Info:** using default fake base64 values and not specify custom values can break execution.

http/account-registry/account.http

@@ -0,0 +1,41 @@
+### get user by id
+GET {{hostname}}/account-00000000-0000-7000-0000-000000000001
+
+### add user
+POST {{hostname}}/account
+Content-Type: application/json
+
+{
+    "username": "user01010101",
+    "password": "p4ssw0rd",
+    "enabled": true,
+    "roles": [
+        "ROLE_ADMIN",
+        "ROLE_TEST"
+    ]
+}
+
+### update user all information
+PUT {{hostname}}/account-00000000-0000-7000-0000-000000000002
+Content-Type: application/json
+
+{
+    "username": "user",
+    "password": "pass",
+    "enabled": true,
+    "roles": [
+        "ROLE_TEST"
+    ]
+}
+
+### update user information
+PUT {{hostname}}/account-00000000-0000-7000-0000-000000000002
+Content-Type: application/json
+
+{
+    "username": "user",
+    "enabled": true,
+    "roles": [
+        "ROLE_TEST"
+    ]
+}

http/account-registry/accounts.http

@@ -0,0 +1,8 @@
+### Get accounts
+GET {{hostname}}/accounts
+
+### Get accounts by page
+GET {{hostname}}/accounts/page-1
+
+### Get accounts by page and size
+GET {{hostname}}/accounts/page-1/show-1

http/account-registry/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/account-registry/authentication.http

@@ -0,0 +1,44 @@
+### Get admin information
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "admin",
+    "password": "pass"
+}
+
+### Get user information
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "user",
+    "password": "pass"
+}
+
+### Get bad user
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "bad user",
+    "password": "pass"
+}
+
+### Get bad pass
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "user",
+    "password": "bad pass"
+}
+
+### Get disabled user
+POST {{hostname}}/authenticate
+Content-Type: application/json
+
+{
+    "username": "disabled",
+    "password": "pass"
+}

http/account-registry/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9050"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-api/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-api/configuration.http

@@ -0,0 +1,3 @@
+### get configuration
+GET {{hostname}}/configuration
+Identity: {{identity}}

http/device-api/http-client.env.json-dev

@@ -0,0 +1,14 @@
+{
+  "development": {
+    "hostname": "https://localhost:8443",
+    "identity": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "docker": {
+    "hostname": "https://localhost:9000",
+    "identity": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "testing": {
+    "hostname": "https://10.0.x.x",
+    "identity": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  }
+}

http/device-api/measurement.http

@@ -0,0 +1,23 @@
+### get measurement
+GET {{hostname}}/measurement
+Identity: {{identity}}
+
+### add measurement for all
+POST {{hostname}}/measurement
+Content-Type: application/json
+Identity: {{identity}}
+
+{
+  "button0": 0,
+  "button1": 1,
+  "button2": 0
+}
+
+### add measurement for one
+POST {{hostname}}/measurement
+Content-Type: application/json
+Identity: {{identity}}
+
+{
+  "button0": 1
+}

http/device-configuration/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-configuration/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9030"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-configuration/node.http

@@ -0,0 +1,11 @@
+###
+GET {{hostname}}/node-00000000-0000-7000-0000-000000000001
+
+
+### add measurement for one
+PUT {{hostname}}/node-01983d73-3a1e-792e-b910-5673f366fb3b
+Content-Type: application/json
+
+{
+  "configuration": "test"
+}

http/device-data/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-data/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9020"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-data/measurement.http

@@ -0,0 +1,34 @@
+
+
+### add measurement for all
+POST {{hostname}}/client-00000000-0000-7000-0001-000000000001
+Content-Type: application/json
+
+{
+  "tags": {
+    "device": "00000000-0000-7000-0002-000000000001",
+    "node": "00000000-0000-7000-0003-000000000001"
+  },
+  "fields": {
+    "button0": 1,
+    "button1": 0,
+    "button2": 1
+  }
+}
+
+### add measurement for one
+POST {{hostname}}/client-00000000-0000-7000-0001-000000000001
+Content-Type: application/json
+
+{
+  "tags": {
+    "device": "00000000-0000-7000-0002-000000000001",
+    "node": "00000000-0000-7000-0003-000000000001"
+  },
+  "fields": {
+    "button1": 0
+  }
+}
+
+### add measurement
+GET {{hostname}}/client-00000000-0000-7000-0001-000000000001/node-00000000-0000-7000-0003-000000000001

http/device-registry/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/device-registry/device.http

@@ -0,0 +1,10 @@
+### register device for a type
+POST {{hostname}}/device
+Content-Type: application/json
+
+{
+  "type": "00000000-0000-0000-0000-000000000000"
+}
+
+### register device for a type
+GET {{hostname}}/device-00000000-0000-0000-0000-000000000000

http/device-registry/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9050"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/device-registry/identity.http

@@ -0,0 +1,2 @@
+### get identity
+GET {{hostname}}/identity/device-00000000-0000-0000-0000-000000000001

http/device-registry/node.http

@@ -0,0 +1,9 @@
+### register node for a client and device with name
+POST {{hostname}}/node
+Content-Type: application/json
+
+{
+  "client": "00000000-0000-0000-0000-000000000000",
+  "device": "01983d72-476e-77ab-9b17-5ba7045b15fa",
+  "name": "my test device"
+}

http/device-registry/type.http

@@ -0,0 +1,20 @@
+### add type
+POST {{hostname}}/type
+Content-Type: application/json
+
+{
+  "name": "Test Device 001",
+  "description": "Description of test device."
+}
+
+### get type by id
+GET {{hostname}}/type-00000000-0000-0000-0000-000000000000
+
+### update type by id
+PUT {{hostname}}/type-00000000-0000-0000-0000-000000000000
+Content-Type: application/json
+
+{
+  "name": "Test Device 001",
+  "description": "Description of test device."
+}

http/device-registry/types.http

@@ -0,0 +1,17 @@
+### get all types
+GET {{hostname}}/types
+
+### get all types
+GET {{hostname}}/types/page-1
+
+### get all types
+GET {{hostname}}/types/page-1/show-2
+
+### get all types
+GET {{hostname}}/types/filter-{filter}
+
+### get all types
+GET {{hostname}}/types/filter-{filter}/page-1
+
+### get all types
+GET {{hostname}}/types/filter-{filter}/page-1/show-2

http/management/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/management/http-client.env.json-dev

@@ -0,0 +1,11 @@
+{
+  "development": {
+    "hostname": "http://localhost:8080"
+  },
+  "docker": {
+    "hostname": "http://localhost:9060"
+  },
+  "testing": {
+    "hostname": "http://10.0.x.x"
+  }
+}

http/registry-api/actuator.http

@@ -0,0 +1,5 @@
+### get actuator
+GET {{hostname}}/actuator
+
+### get actuator health
+GET {{hostname}}/actuator/health

http/registry-api/authentication.http

@@ -0,0 +1,8 @@
+### account login
+POST {{hostname}}/login
+Content-Type: application/json
+
+{
+    "username": "admin",
+    "password": "pass"
+}

http/registry-api/http-client.env.json-dev

@@ -0,0 +1,14 @@
+{
+  "development": {
+    "hostname": "https://localhost:8443",
+    "token": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "docker": {
+    "hostname": "https://localhost:9040",
+    "token": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  },
+  "testing": {
+    "hostname": "https://10.0.x.x",
+    "token": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  }
+}

http/registry-api/registry.http

@@ -0,0 +1,8 @@
+### register device for a type
+POST {{hostname}}/register
+Authorization: Bearer {{token}}
+Content-Type: application/json
+
+{
+  "type": "00000000-0000-0000-0000-000000000000"
+}

kubectl/01-initialize/01-namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: hlaeja
+  labels:
+    environment: testing

kubectl/01-initialize/02-registry-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: github
+  namespace: hlaeja
+  labels:
+    environment: testing
+type: kubernetes.io/dockerconfigjson
+data:
+  # Look at /doc/k8s-docker-registry.md to this value
+  .dockerconfigjson: DockerRegistryBase64==

kubectl/01-initialize/03-account-jwt-private-key-secret.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-jwt-private-key
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: backend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  private_key.pem: AccountJwtPrivateKeyFileBase64==
+
+

kubectl/01-initialize/04-account-jwt-public-key-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: account-jwt-public-key
+  namespace: hlaeja
+  labels:
+    app: account-register
+    environment: testing
+    tier: frontend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  public_key.pem: AccountJwtPublicKeyFileBase64==

kubectl/01-initialize/05-device-jwt-private-key-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-jwt-private-key
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: backend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  private_key.pem: DeviceJwtPrivateKeyFileBase64==

kubectl/01-initialize/06-device-jwt-public-key-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-jwt-public-key
+  namespace: hlaeja
+  labels:
+    app: device-register
+    environment: testing
+    tier: frontend
+type: Opaque
+data:
+  # Look at /doc/rsa_key.md, for how to make real values
+  public_key.pem: DeviceJwtPublicKeyFileBase64==

kubectl/01-initialize/07-device-api-keystore.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: device-api-keystore
+  namespace: hlaeja
+  labels:
+    environment: testing
+type: Opaque
+data:
+  # Look at /doc/keystore.md, for how to make real values
+  keystore.p12: DeviceApiKeystoreFileBase64==
+  keystore-password: DeviceApiKeystorePasswordBase64==

kubectl/01-initialize/08-register-api-keystore.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry-api-keystore
+  namespace: hlaeja
+  labels:
+    environment: testing
+type: Opaque
+data:
+  # Look at /doc/keystore.md, for how to make real values
+  keystore.p12: RegistryApiKeystoreFileBase64==
+  keystore-password: RegistryApiKeystorePasswordBase64==

kubectl/02-databases/01-postgres/01-secret.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres
+  namespace: hlaeja
+  labels:
+    app: postgres
+    environment: testing
+    tier: database
+type: Opaque
+stringData:
+  POSTGRES_PASSWORD: "password"

kubectl/02-databases/01-postgres/02-configmap.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres
+  namespace: hlaeja
+  labels:
+    app: postgres
+    environment: testing
+    tier: database
+data:
+  POSTGRES_USER: "postgres"

kubectl/02-databases/01-postgres/03-statefulset.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+  namespace: hlaeja
+  labels:
+    app: postgres
+    environment: testing
+    tier: database
+spec:
+  serviceName: postgres
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:17
+          ports:
+            - containerPort: 5432
+          envFrom:
+            - configMapRef:
+                name: postgres
+            - secretRef:
+                name: postgres
+          volumeMounts:
+            - name: postgres-data
+              mountPath: /var/lib/postgresql/data
+  volumeClaimTemplates:
+    - metadata:
+        name: postgres-data
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 10Gi

kubectl/02-databases/01-postgres/04-service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: hlaeja
+  labels:
+    app: postgres
+    environment: testing
+    tier: database
+  annotations:
+    metallb.universe.tf/address-pool: default
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.0.3.141
+  selector:
+    app: postgres
+  ports:
+    - port: 5432
+      targetPort: 5432
+      protocol: TCP
+      name: postgres

kubectl/02-databases/02-cassandra/01-statefulset.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: cassandra
+  namespace: hlaeja
+  labels:
+    app: cassandra
+    environment: testing
+    tier: database
+spec:
+  serviceName: cassandra
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cassandra
+  template:
+    metadata:
+      labels:
+        app: cassandra
+    spec:
+      terminationGracePeriodSeconds: 1800
+      containers:
+        - name: cassandra
+          image: cassandra:5.0.4
+          ports:
+            - containerPort: 9042
+          volumeMounts:
+            - name: cassandra-data
+              mountPath: /var/lib/cassandra
+  volumeClaimTemplates:
+    - metadata:
+        name: cassandra-data
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 10Gi

kubectl/02-databases/02-cassandra/02-service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cassandra
+  namespace: hlaeja
+  labels:
+    app: cassandra
+    environment: testing
+    tier: database
+  annotations:
+    metallb.universe.tf/address-pool: default
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.0.3.142
+  selector:
+    app: cassandra
+  ports:
+    - port: 9042
+      targetPort: 9042
+      protocol: TCP
+      name: cql