# Hlæja K8s

## Table of Contents

<!-- TOC -->
* [Hlæja K8s](#hlæja-k8s)
  * [Table of Contents](#table-of-contents)
  * [Initialize](#initialize)
    * [Namespace](#namespace)
    * [Registry Secret](#registry-secret)
    * [JSON Web Token (JWT)](#json-web-token-jwt)
    * [Keystore](#keystore)
  * [Databases](#databases)
    * [Postgres](#postgres)
      * [Secret](#secret)
      * [Config Map](#config-map)
      * [Stateful Set](#stateful-set)
      * [Service](#service)
  * [Hlæja](#hlæja)
    * [Account Register](#account-register)
      * [Secret](#secret-1)
      * [Config Map](#config-map-1)
      * [Deployment](#deployment)
      * [Service](#service-1)
    * [Device Register](#device-register)
      * [Secret](#secret-2)
      * [Config Map](#config-map-2)
      * [Deployment](#deployment-1)
      * [Service](#service-2)
<!-- TOC -->

----

## Initialize

### Namespace

Create the Namespace for the environment.

```bash
kubectl apply -f .\kube\01-initialize\01-namespace.yaml
```

---

### Registry Secret

Create repository secret

```bash
kubectl apply -f .\kube\01-initialize\02-registry-secret.yaml
```

**How to make JSON Configuration**

```json=
{
  "auths": {
    "<your-registry>": {
      "username": "<your-username>",
      "password": "<your-password>",
      "email": "<your-email@example.com>",
      "auth": "<base64-of-your-username:your-password>"
    }
  }
}
```

**Replace Values**

- **Replace** <your-registry>: Use the hostname of your Gitea instance (e.g., registry.example.com).
- **Replace** <your-username>: Use your Gitea username (e.g., user1).
- **Replace** <your-password>: Use your Gitea personal access token generated with read:package scope (e.g., abc123).
- **Replace** <your-email>: Use your email address (e.g., user1@example.com).

**Linux Command**

```bash
echo -n 'your-username:your-password' | base64 -w 0
```

witch gives `eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk` then we use it in the `auth`

```bash
echo -n '{"auths":{"<your-registry>":{"username":"your-username","password":"your-password","email":"your-email","auth":"eW91ci11c2VybmFtZTp5b3VyLXBhc3N3b3Jk"}}}' | base64 -w 0
```

witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=`

---

### JSON Web Token (JWT)

For JWT we are using public and private keys, read more about [RSA keys](./rsa_key.md).

Account private key for account service to make access token.

```bash
kubectl apply -f .\kube\01-initialize\03-account-jwt-private-key-secret.yaml
```

Account public key for all services identifying users

```bash
kubectl apply -f .\kube\01-initialize\04-account-jwt-public-key-secret.yaml
```

Device private key for device service to make device token.

```bash
kubectl apply -f .\kube\01-initialize\05-device-jwt-private-key-secret.yaml
```

Device public key for all services identifying devices

```bash
kubectl apply -f .\kube\01-initialize\06-device-jwt-public-key-secret.yaml
```

---

## Databases

### Postgres

Remember that you don't run replicas but many instances with its own storage and service.

#### Secret

```bash
kubectl apply -f .\kube\02-databases\01-postgres\01-secret.yaml
```

Set values:

- postgres root password

using something a bit more secure `SCRAM-SHA-256$4096:f/IWlCTGdMT9qOjQlPbWtA==$qePy5ArW+7ykg3yHqW7qYH0j2384OIoV2IcBcz0mIRM=:KuU1xgnAVtOVpCZhdUJlI8F7Viz0ApmYxYEo5yXNCW0=` in this case we use `password`, to make this... use postgres to make a user and password, copy this value and now will use as admin password.

#### Config Map

```bash
kubectl apply -f .\kube\02-databases\01-postgres\02-configmap.yaml
```

Set values:

- postgres root user

#### Stateful Set

This is the specifications for postgres.

```bash
kubectl apply -f .\kube\02-databases\01-postgres\03-statefulset.yaml
```

Set storage size for permanent storage

#### Service

this exposes port and ip.

```bash
kubectl apply -f .\kube\02-databases\01-postgres\04-service.yaml
```

---

## Hlæja

### Account Register

This is only a ***concept*** and exist for testing rest of system. this need to be ***rewritten***.

#### Secret

```bash
kubectl apply -f .\kube\03-hlaeja\01-account-registry\01-secret.yaml
```

Set values:

- postgres password

#### Config Map

```bash
kubectl apply -f .\kube\03-hlaeja\01-account-registry\02-configmap.yaml
```

Set values:

- spring profile
- postgres username
- postgres url
- account private jwt file location

#### Deployment

Account Registry Service, using `account-jwt-private-key`

```bash
kubectl apply -f .\kube\03-hlaeja\01-account-registry\03-deployment.yaml
```

#### Service

this service should not be accessible from world only open in testing

```bash
kubectl apply -f .\kube\03-hlaeja\01-account-registry\04-service.yaml
```

---

### Device Register

#### Secret

```bash
kubectl apply -f .\kube\03-hlaeja\02-device-registry\01-secret.yaml
```

Set values:

- postgres password

#### Config Map

```bash
kubectl apply -f .\kube\03-hlaeja\02-device-registry\02-configmap.yaml
```

Set values:

- spring profile
- postgres username
- postgres url
- device private jwt file location

#### Deployment

Account Registry Service, using `account-jwt-private-key`

```bash
kubectl apply -f .\kube\03-hlaeja\02-device-registry\03-deployment.yaml
```

#### Service

this service should not be accessible from world only open in testing

```bash
kubectl apply -f .\kube\03-hlaeja\02-device-registry\04-service.yaml
```