diff --git a/README.md b/README.md
index aaf256f..5e16b00 100644
--- a/README.md
+++ b/README.md
@@ -224,7 +224,7 @@ Horizon is a cloud-native solution that requires to be installed in a Kubernetes
### Subscription resource
All subscription information is currently stored in "Subscription" custom resources which will be watched by the Horizon components.
-You can find the custom resource definition here: [assets/subscription.crd.yaml](https://github.com/telekom/pubsub-horizon/blob/main/assets/subscription.crd.yaml).
+You can find the custom resource definition here: [resources/crds.yaml](./resources/crds.yaml).
A simple example Subscription for callback delivery would look like this:
@@ -252,7 +252,14 @@ A simple example Subscription for callback delivery would look like this:
```
-If the creation, update and deletion of subscriptions is to be automated, it is advisable to install a service account with appropriate rights in the cluster namespace in advance. A corresponding example can be found here: [assets/rbac.yaml](https://github.com/telekom/pubsub-horizon/blob/main/assets/subscription.crd.yaml)
+If the creation, update and deletion of subscriptions is to be automated, it is advisable to install a service account with appropriate rights in the cluster namespace in advance. A corresponding example can be found here: [resources/rbac.yaml](./resources/rbac.yaml)
+
+
+## Getting started
+
+If you want to learn more about how to install and run Horizon in a Kubernetes environment in general, visit: [Installing Horizon](./docs/installation.md)
+But if you want to get started right away with a non-productive local environment and try out Horizon, we recommend visting: [Local installation (Quickstart)](./docs/quickstart.md).
+
## Code of Conduct
diff --git a/docs/architecture.md b/docs/architecture.md
index 0e42535..1275b29 100644
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -1,3 +1,9 @@
+
+
# System architecture
The image below shows the entire system architecture of Horizon.
The graphic should be read starting at the entry points (Starlight, Pulsar, Voyager) and moving to the right. This way you can follow the high-level flow of each service.
diff --git a/docs/imgs/Horizon-Architecture-Detail.webp.license b/docs/imgs/Horizon-Architecture-Detail.webp.license
new file mode 100644
index 0000000..e815893
--- /dev/null
+++ b/docs/imgs/Horizon-Architecture-Detail.webp.license
@@ -0,0 +1,3 @@
+Copyright 2024 Deutsche Telekom IT GmbH
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/docs/imgs/Horizon-Architecture-Simple.webp.license b/docs/imgs/Horizon-Architecture-Simple.webp.license
new file mode 100644
index 0000000..e815893
--- /dev/null
+++ b/docs/imgs/Horizon-Architecture-Simple.webp.license
@@ -0,0 +1,3 @@
+Copyright 2024 Deutsche Telekom IT GmbH
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/docs/installation.md b/docs/installation.md
new file mode 100644
index 0000000..f1832d1
--- /dev/null
+++ b/docs/installation.md
@@ -0,0 +1,263 @@
+
+
+# Installing Horizon
+
+## Preface
+
+This article describes more generally how Horizon can be installed and operated in a Kubernetes environment. It serves less as a step-by-step guide.
+
+If you want to get started right away, we recommend visting: [Local installation (Quickstart)](../docs/quickstart.md).
+By following the instructions there, you can very quickly create a non-production environment locally on your system in which Horizon can be tested.
+
+## Prerequisites
+
+### Kubernetes
+
+Horizon is a cloud-native application that is designed to be deployed on Kubernetes. Currently, it is tested with Kubernetes version **1.24**.
+Operating Horizon also requires the installation of custom resource definitions (CRDs), which can only be done with cluster admin permissions.
+
+#### Additional required Kubernetes features:
+
+- Kubernetes Ingress Controller (preferably [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/))
+- Kubernetes DNS (preferably [CoreDNS](https://coredns.io/))
+- Persistent Volumes (NFS or [block storage](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) like gp2)
+
+### Other dependencies
+
+- [Kafka](https://github.com/bitnami/charts/tree/main/bitnami/kafka): Horizon in its current form has been built around Kafka and therefore requires Kafka to be installed in the target cluster in order to run.
+- [MongoDB](https://github.com/bitnami/charts/tree/main/bitnami/mongodb): Horizon requires a running MongoDB instance for many operations, which is used to store metadata and track the status of events.
+- [Keycloak](https://github.com/telekom/identity-iris-keycloak-charts) or any other identity provider (IDP) implementing OpenID Connect
+
+Note, that Keycloak is often referred to as "Iris" within the Horizon source code or Helm Charts.
+
+This article will also briefly explain the installation of the dependencies mentioned above.
+
+#### Gateway
+
+Even though a gateway is not absolutely necessary, we recommend the use of a gateway. Horizon itself was designed with the idea of being addressed via a gateway. For more information, please visit the documentation if the [Open Telekom Integration Platform](https://github.com/telekom/Open-Telekom-Integration-Platform), which includes a gateway.
+
+## 1. Preparations
+
+### 1.1. Installing Kafka
+
+*Note: Horizon relies only on connectivity to Kafka, but it is not necessary to install a dedicated instance for Horizon if an existing Kafka Broker can be used. If you like to use an existing instance instead which might be provided as managed service, you can skip the installation of Kafka.
+However, it's important that Horizon is able to administrate new topics.*
+
+You can use the following command to install the Kafka Helm chart from Bitnami with basic values, which is sufficient to run Horizon:
+
+```bash
+helm install horizon-kafka oci://registry-1.docker.io/bitnamicharts/kafka -f kafka-sample-values.yaml -n horizon --version 26.11.4
+```
+
+As example you can use the following `kafka-sample-values.yaml` file to set up Kafka. But these values are not intended to be used in production. For testing purpose we suggest to use changing the default client protocol to `PLAINTEXT` instead of `SASL_PLAINTEXT`.
+
+kafka-sample-values.yaml:
+```yaml
+listeners:
+ client:
+ containerPort: 9092
+ protocol: PLAINTEXT
+ name: CLIENT
+ sslClientAuth: ""
+```
+
+For more details on how to configure Kafka, we recommend checking out [Bitnami's Helm chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/kafka) and the official [Kafka documentation](https://docs.confluent.io/platform/current/installation/configuration/index.html).
+
+
+### 1.2. Installing MongoDB
+
+ *Note: Similar to the installation step of Kafka, the installation of a dedicated MongoDB instance can be skipped if an existing MongoDB instance can be used, which might be provided as managed service.
+ However, it's important that Horizon is able to administrate new collections.*
+
+## MongoDB with Sharding
+
+You can use the following command to install the sharded MongoDB Helm chart from Bitnami with basic values, which is sufficient to run Horizon:
+
+```bash
+helm install horizon-mongodb oci://registry-1.docker.io/bitnamicharts/mongodb-sharded -n horizon --version 7.8.1
+```
+
+Note, that this setup is not intended to be used in production without any adjustments on the configuration.
+
+For more details on how to configure MongoDB, we recommend checking out [Bitnami's Helm chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mongodb-sharded) and the official [MongoDB documentation](https://www.mongodb.com/docs/manual/).
+
+
+#### 1.2.1 MongoDB configuration
+
+First, make sure you have [`mongosh`](https://www.mongodb.com/try/download/shell) installed, which is a shell for MongoDB. Alternatively you can also install the [MongoDB Compass GUI](https://www.mongodb.com/try/download/compass) which also comes with a shell but is also super useful for general working with MongoDB.
+
+Then you should be able to initialize a new Horizon database collection:
+
+init-database.js:
+```js
+db.adminCommand({
+ shardCollection: "horizon.status",
+ key: {"event.id": "hashed"}
+})
+```
+
+```bash
+mongosh -u $MONGODB_ROOT_USER -p $MONGODB_ROOT_PASSWORD "mongodb://$MONGODB_HOST" --file ./init-database.js
+```
+
+The following command will create indices on the status collection that are required to maintain the performance when doing any useful queries:
+
+
+init-indices.js:
+```js
+horizon = db.getSiblingDB('horizon')
+horizon.runCommand({
+ createIndexes: "status",
+ indexes: [
+ {
+ key: {"status": 1},
+ name: "status_1"
+ },
+ {
+ key: {"event.type": 1},
+ name: "event_type_1"
+ },
+ {
+ key: {"subscriptionId": 1},
+ name: "subscriptionId_1"
+ },
+ {
+ key: {"timestamp": 1},
+ name: "1w_ttl",
+ expireAfterSeconds: 604800
+ },
+ {
+ key: {"properties.multiplexed-from": 1},
+ name: "properties_multiplexed-from_1"
+ },
+ {
+ key: {"deliveryType": 1},
+ name: "deliveryType_1"
+ },
+ {
+ key: {"environment": 1},
+ name: "environment_1"
+ },
+ {
+ key: {"subscriptionId": 1, "status": 1, "timestamp": 1},
+ name: "subscriptionId_1_status_1"
+ },
+ {
+ key: {"status": 1, "deliveryType": 1,"subscriptionId": 1, "timestamp": 1},
+ name: "sse_sorted_index"
+ },
+ {
+ key: {"error.type": 1, "status": 1, "timestamp": 1},
+ name: "cb_error_status"
+ },
+ {
+ key: {"error.type": 1, "status": 1, "subscriptionId": 1, "timestamp": 1},
+ name: "cb_error_status_subscriptionId"
+ },
+ {
+ key: {"deliveryType": 1, "status": 1, "timestamp": 1},
+ name: "cb_deliveryType_status_timestamp"
+ }
+ ]
+})
+```
+
+```
+mongosh -u $MONGODB_ROOT_USER -p $MONGODB_ROOT_PASSWORD "mongodb://$MONGODB_HOST" --file ./init-indices.js
+```
+
+### 1.3. IDP configuration
+
+Horizon assumes that a client with the name "evenstore" exists in the "default" realm of the IDP. This must first be configured manually in the IDP so that Horizon can issue a valid token when delivering events via callback, among other things.
+
+### 1.4. Installing CRDs
+
+While Horizon components are usually installed by using Helm charts, the installation of the required CRDs is not managed through Helm currently.
+Assuming the necessary rights exist in the cluster, the CRD describing a Horizon Subscribtion can be easily installed via `kubectl` command:
+
+```
+kubectl apply -f resources/crds.yaml
+```
+
+#### Metrics
+
+By default, Horizon components will integrate with Prometheus through the use of a ServiceMonitor custom resource. Please refer to the instructions in the documentation of the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) to install the Prometheus operator and its CRDs.
+Alternatively, you can disable the installation of a ServiceMonitor for each component by setting `.Values.monitoring.serviceMonitor.enabled` to false.
+
+### 1.5. Installing headless services
+
+First create a new Kubernetes namespace that will be used to install all horizon related resources:
+
+```
+kubectl create namespace horizon
+```
+
+Some components (Galaxy, Comet, Polaris) depend on the existence of special headless Kubernetes services that will be used for the discovery of distributed cache instances used by Horizon. These services also need to be installed in the horizon namespace:
+
+```
+kubectl apply -f resources/services.yaml -n horizon
+```
+
+## 2. Preparing the images
+
+To install Horizon, all components to be installed must first be built and dockerized. The corresponding Docker images must be made available in a Docker registry so that they can be pulled during the installation.
+
+For information on how to build the individual components, please refer to the individual repositories of the Horizon components:
+
+- [Horizon Starlight](https://github.com/telekom/pubsub-horizon-starlight)
+- [Horizon Galaxy](https://github.com/telekom/pubsub-horizon-galaxy)
+- [Horizon Comet](https://github.com/telekom/pubsub-horizon-comet)
+- [Horizon Pulsar](https://github.com/telekom/pubsub-horizon-pulsar)
+- [Horizon Polaris](https://github.com/telekom/pubsub-horizon-polaris)
+- [Horizon Vortex](https://github.com/telekom/pubsub-horizon-vortex)
+
+## 3. Installing Horizon
+
+For a minimal setup of Horizon it is not necessary to install all components of Horizon. However, we recommend a complete installation with all components so that all Horizon features can be used.
+For example, a minimal setup would consists of Starlight, Galaxy, Comet.
+But with such a minimal setup, you would lose the tracking of status information, the ability to transmit events via SSE and the important circuit-breaker handling functionality that adds fundamental resilience to Horizon.
+
+The installation of Horizon is done by applying Helm charts. If you need help with Helm, please refer to Helm's [usage guide](https://helm.sh/docs/intro/using_helm/) first.
+Alternatively, the Helm Charts can also be installed using other Helm compatible continuous deployment solutions such as Argo CD. We also use Argo CD internally to install and update our Horizon instances and can recommend it for productive use.
+However, for the sake of simplicity, we will limit ourselves to the use of Helm commands in the following installation instructions.
+
+### 3. Installing Horizon
+
+First of all, clone Horizon's [Helm Chart repository](https://github.com/telekom/pubsub-horizon-helm-charts/tree/main) and change to the repository's directory. It will contain necessary Helm charts for installing Horizon.
+
+#### Pull secrets
+
+All Horizon Helm charts refer to a docker image for the respective component. Make sure that new deployments in the cluster have the rights to pull the docker images, which is not the case with many private registries. Please refer to the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#registry-secret-existing-credentials) if you need help with installing pull secrets.
+In the following we assume, you already installed a pull secret `open-telekom-integration-platform-pull-secret` that makes it possible to pull from the registry where all necessary Horizon docker images are located.
+
+#### Installation
+
+To simplify things, we added another Helm chart "horizon-all" which can be used to install all Horizon components at once. In the following sections we will use this Helm chart.
+
+You will find two different configurations in this repository. The first configuration ([examples/horizon-nonprod.yaml](../examples/horizon-nonprod.yaml)) for the installation of Horizon (all components) with minimal scaling intended for non-production environments and for trying out Horizon for the first time. The other configuration ([examples/horizon-prod.yaml](../examples/horizon-nonprod.yaml)) is a suggestion for a possible installation in productive environments. Both configurations differ mainly in the scaling of the individual components and the resources used.
+
+In this article, we will focus on installing a Horizon instance with minimal scaling so that you can try out Horizon quickly and without any special hardware requirements.
+
+Before installing Horizon you will need to adjust the default values to your needs depending on the target environment/cluster.
+The following fields in particular usually need to be changed for an error-free installation:
+
+- `global.imagePullSecrets`
+- `global.ingress.hosts`
+- `global.commonHorizon.issuerUrl`
+- `global.commonHorizon.iris.tokenEndpoint`
+- `global.commonHorizon.iris.clientSecret`
+- `global.commonHorizon.mongo.url`
+
+You can keep the dummy value for the host (`global.ingress.hosts`) if no Ingresses are planned to be installed (default).
+
+Additionally you should set the correct image repository for each sub-product image:
+
+- `.image.repository`
+
+```
+helm upgrade -i -n horizon -f horizon-nonprod.yaml horizon ./horizon-all
+```
\ No newline at end of file
diff --git a/docs/quickstart.md b/docs/quickstart.md
new file mode 100644
index 0000000..8b88485
--- /dev/null
+++ b/docs/quickstart.md
@@ -0,0 +1,495 @@
+
+
+# Local installation (Quickstart)
+
+This guide describes how to install Horizon using `k3d`/`k3s`. It is intended for development and testing purposes only.
+
+> **Warning:** Do not use it for installation on productive environments!
+
+If you do not know what k3d is, please refer to the [k3d documentation](https://k3d.io/).
+By following this quickstarter guide line by line, you will obtain an running instance of Horizon that you can use to try out the software.
+
+>*This guide has been written for and tested with k3d version v5.6.0, k3s version v1.27.4-k3s1, kubernetes version v1.27.4, and Helm version v3.14.1 on Microsoft Windows 10 (x64) with Docker Desktop version 4.28.0.*
+
+
+## System requirements
+
+* Microsoft Windows 10 (x64) or later
+* Docker Desktop installed
+* At least 6 GB free RAM recommended
+
+ If needed, limit the memory usage of Docker Desktop when creating/adjusting the `%USERPROFILE%/.wsl2config`:
+ ```
+ [wsl2]
+ memory=6GB
+ ````
+
+
+## Prepare the environment
+
+* Install `scoop` CLI package manager:
+ ```powershell
+ Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
+ Invoke-RestMethod -Uri https://get.scoop.sh | Invoke-Expression
+ ```
+
+* Install required tools via `scoop` package manager:
+ ```powershell
+ scoop install k3d helm yq openssl
+ ```
+
+ This will install:
+
+ * `yq`: A yaml processing CLI util
+ * `k3d`: Used for easily creating a new Kubernetes cluster locally
+ * `helm`: Used for installing software (here: Horizon) in the Kubernetes cluster
+
+
+* Create a new directory as workspace on your local machine:
+ ```powershell
+ New-Item -Path horizon -ItemType Directory; Set-Location -Path horizon
+ ```
+* Clone the following repositories:
+ ```powershell
+ git clone https://github.com/telekom/pubsub-horizon.git
+ git clone https://github.com/telekom/pubsub-horizon-helm-charts.git
+ git clone https://github.com/telekom/pubsub-horizon-starlight.git
+ git clone https://github.com/telekom/pubsub-horizon-galaxy.git
+ git clone https://github.com/telekom/pubsub-horizon-comet.git
+ git clone https://github.com/telekom/pubsub-horizon-polaris.git
+ git clone https://github.com/telekom/pubsub-horizon-vortex.git
+ git clone https://github.com/telekom/pubsub-horizon-pulsar.git
+
+ ```
+
+## Prepare the cluster
+
+For this guide we will use a [`k3s`](https://k3s.io/) Kubernetes cluster which will install by using [`k3d`](https://k3d.io/).
+
+> `k3s` works slightly differently to Minikube. For example, it uses the [Traefik Ingress Controller](https://docs.k3s.io/networking#traefik-ingress-controller) instead of an Ingress Controller based on Nginx. This detail will become relevant later when we want to replace the default self-signed certificate of the loadbalancer.
+
+* Initialize a new Kubernetes cluster:
+ ```powershell
+ k3d cluster create horizon-playground -p "443:443@loadbalancer" -p "80:80@loadbalancer" --agents 2
+ ```
+
+* Create a new kubeconfig file for the new cluster:
+ ```powershell
+ k3d kubeconfig get horizon-playground > $env:userprofile\horizon-playground.kubeconfig
+ ```
+
+* Set the new kubeconfig as default:
+ ```powershell
+ $env:KUBECONFIG = "$env:userprofile\horizon-playground.kubeconfig"
+ ```
+
+* Install an [ingress dns](https://github.com/talss89/kube-ingress-dns) for resolving ingress URLs within the cluster:
+ ```powershell
+ kubectl apply -f https://raw.githubusercontent.com/talss89/kube-ingress-dns/main/manifest/ingress-dns.yaml
+ kubectl apply -f .\pubsub-horizon\resources\ingress-dns.yaml
+
+ ```
+
+ >*Special thanks to [Tom Lawton](https://github.com/talss89) who created this rewrite of minikube-ingress-dns which works with any Kubernetes cluster.*
+
+* Edit the `coredns` ConfigMap:
+
+ Run the following
+
+ ```powershell
+ kubectl edit configmap coredns -n kube-system
+ ```
+
+ Add the following configuration and save the file:
+ ```
+ test:53 {
+ errors
+ cache 30
+ forward .
+ }
+ ```
+
+ *You can find the correct Cluster IP easily by running:*
+
+ ```powershell
+ kubectl get -n kube-system service/kube-ingress-dns -o jsonpath="{.spec.clusterIP}"
+ ```
+* Restart the `coredns` deployment:
+
+ ```powershell
+ kubectl rollout restart deployment coredns -n kube-system
+ ```
+
+* Create a new "platform" namespace in the cluster:
+ ```powershell
+ kubectl create namespace platform
+ ```
+
+### Create a self-signed certificate
+
+Since some of the Horizon components will later establish a secure connection to the IDP, a self-signed CA certificate with the common name (CN) `*.test` must be created first, which will be imported later into the truststore of the individual Horizon components.
+
+>*This step is particularly important if, as in this case, we are installing the Open Telekom Integration Platform locally and are not using a registered domain with a valid ROOT CA certificate.*
+
+* Create a private key first:
+ ```powershell
+ openssl genpkey -algorithm RSA -out private.key
+ ```
+
+* Create a Certificate Signing Request (CSR):
+ ```powershell
+ openssl req -new -key private.key -out wildcard.test.csr
+ ```
+
+* Create a self-signed wild-card certificate for *.test:
+ ```powershell
+ openssl x509 -req -days 365 -in wildcard.test.csr -signkey private.key -out wildcard.test.crt
+ ```
+
+ > Make sure to set `*.test` for the common name (CN) when asked. Any other question can be skipped (answered with `.`).
+
+* Configure the Traefik proxy to use the new certificate:
+
+ ```powershell
+ kubectl create secret tls tls-secret --cert=.\wildcard.test.crt --key=.\private.key -n platform
+ kubectl apply -f .\pubsub-horizon\examples\traefik-tlsstore.yaml -n platform
+ ```
+
+
+## Install Horizon
+
+### Install dependencies
+
+* Install Kafka:
+ ```powershell
+ helm install horizon-kafka oci://registry-1.docker.io/bitnamicharts/kafka -f .\pubsub-horizon\examples\kafka-sample-values.yaml -n platform --version 26.11.4
+ ```
+
+ Verify ready status of Kafka
+ ```powershell
+ while (1) {kubectl get sts horizon-kafka-controller -n platform; sleep 5}
+ ```
+ >*The command above will be executed every 5 seconds. It can take a few minutes until Kafka is ready.*
+
+* Install MongoDB:
+ ```powershell
+ helm install --set auth.rootPassword=topsecret horizon-mongodb oci://registry-1.docker.io/bitnamicharts/mongodb-sharded -n platform --version 7.8.1
+ ```
+
+ Verify ready status of MongoDB
+ ```powershell
+ while (1) {kubectl get sts -l app.kubernetes.io/name=mongodb-sharded -n platform; sleep 5}
+ ```
+ >*The command above will be executed every 5 seconds. It can take a few minutes until MongoDB is ready.*
+
+### Configure the database
+
+* Start a new process for port-forwarding the MongoDB service to your local machine:
+ ```powershell
+ Start-Process kubectl -ArgumentList "port-forward -n platform service/horizon-mongodb-mongodb-sharded 27017:27017"
+ ```
+
+ >**Note:** A new terminal will popup. Do not close it unless you want to terminate the port-forwarding. Let's continue in the original Poershell terminal
+
+
+* Initialize the database and create required indices:
+ ```powershell
+ mongosh -u root -p topsecret --file .\pubsub-horizon\examples\init-database.js
+ ```
+### Install CRDs
+
+* Install required Horizon custom resource definitions (CRDs):
+ ```powershell
+ kubectl apply -f .\pubsub-horizon\resources\crds.yaml
+ ```
+
+* Install required ServiceMonitor CRD:
+ ```powershell
+ kubectl apply -f https://raw.githubusercontent.com/prometheus-community/helm-charts/main/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml
+ ```
+
+### Install headless services
+
+* Install required Horizon headless services:
+ ```powershell
+ kubectl apply -f .\pubsub-horizon\resources\services.yaml -n platform
+ ```
+
+### Build the images
+
+* Copy the wildcard certificate previously created to the necessary places:
+ ```powershell
+ cp wildcard.test.crt .\pubsub-horizon-starlight\cacert.crt
+ cp wildcard.test.crt .\pubsub-horizon-comet\cacert.crt
+ cp wildcard.test.crt .\pubsub-horizon-polaris\cacert.crt
+ cp wildcard.test.crt .\pubsub-horizon-pulsar\cacert.crt
+
+ ```
+
+ > **Note:** This step is not necessary for every application, but only for the applications that communicate with the IDP
+
+* Build all Horizon images (this can take a few minutes):
+ ```powershell
+ docker build --build-arg="BUILD_ENV=with_cacert" -t horizon-starlight:latest -f .\pubsub-horizon-starlight\Dockerfile.multi-stage .\pubsub-horizon-starlight
+ docker build -t horizon-galaxy:latest -f .\pubsub-horizon-galaxy\Dockerfile.multi-stage .\pubsub-horizon-galaxy
+ docker build --build-arg="BUILD_ENV=with_cacert" -t horizon-comet:latest -f .\pubsub-horizon-comet\Dockerfile.multi-stage .\pubsub-horizon-comet
+ docker build --build-arg="BUILD_ENV=with_cacert" -t horizon-polaris:latest -f .\pubsub-horizon-polaris\Dockerfile.multi-stage .\pubsub-horizon-polaris
+ docker build --build-arg="BUILD_ENV=with_cacert" -t horizon-pulsar:latest -f .\pubsub-horizon-pulsar\Dockerfile.multi-stage .\pubsub-horizon-pulsar
+ docker build -t horizon-vortex:latest -f .\pubsub-horizon-vortex\Dockerfile .\pubsub-horizon-vortex
+
+ ```
+
+* Import the images into the Kubernetes cluster (this can take a few minutes):
+ ```powershell
+ k3d image import docker.io/library/horizon-starlight:latest -c horizon-playground
+ k3d image import docker.io/library/horizon-galaxy:latest -c horizon-playground
+ k3d image import docker.io/library/horizon-comet:latest -c horizon-playground
+ k3d image import docker.io/library/horizon-polaris:latest -c horizon-playground
+ k3d image import docker.io/library/horizon-pulsar:latest -c horizon-playground
+ k3d image import docker.io/library/horizon-vortex:latest -c horizon-playground
+
+ ```
+## Configure the identity provider
+
+If you have not yet installed an identity provider in the cluster, you can do so at this point by installing Iris:
+
+
+Install the IDP
+
+
+* Clone the required repositories:
+ ```powershell
+ git clone https://github.com/telekom/identity-iris-keycloak-image.git
+ git clone https://github.com/telekom/identity-iris-keycloak-charts.git
+
+ ```
+
+* Build the image:
+ ```powershell
+ docker build -t iris:latest -f .\identity-iris-keycloak-image\Dockerfile.multi-stage .\identity-iris-keycloak-image
+ ```
+
+* Import the image into the cluster:
+ ```powershell
+ k3d image import docker.io/library/iris:latest -c horizon-playground
+ ```
+
+* Required for k3d/k3s: Set the StorageClass name to "local-path":
+ ```powershell
+ yq -i '.postgresql.persistence.storageClassName = \"local-path\"' .\identity-iris-keycloak-charts\values.local.yaml
+ ```
+
+* Install the IDP:
+ ```powershell
+ helm upgrade -i -n platform -f .\identity-iris-keycloak-charts\values.local.yaml iris .\identity-iris-keycloak-charts\
+ ```
+
+* Add a new entry to your `C:\Windows\System32\Drivers\etc\hosts` file, so that the IDP can be accessed from the host system:
+ ```text
+ 127.0.0.1 iris.test
+ ```
+ > **Note:** This needs administrative rights.
+
+
+
+#### Configuration
+
+* Follow the instruction of the [Configure the identity provider](https://github.com/telekom/Open-Telekom-Integration-Platform/wiki/Installation-on-Minikube#configure-the-identity-provider) section.
+
+* Create another new client with the name "eventstore". You may use the import client feature to import the client configuration below:
+
+
+ eventstore-client.json
+
+ ```json
+ {
+ "clientId": "eventstore",
+ "name": "eventstore",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "N25V3loiXgc8USBmoX0AVXmnb3gIs0N6",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "client-origin",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "open-telekom-integration-platform",
+ "offline_access",
+ "microprofile-jwt"
+ ],
+ "access": {
+ "view": true,
+ "configure": true,
+ "manage": true
+ }
+ }
+ ```
+
+
+
+ > *Of course you can also change the secret, but for the sake of simplicity we recommend leaving it as it is for this non-productive installation of Horizon.*
+
+## Horizon installation
+
+1. Create a new `horizon-nonprod-customized.yaml` file where the secret for "eventstore" client is properly set to the value configured in the step before:
+ ```powershell
+ yq -i '.global.commonHorizon.iris.clientSecret = \"default=N25V3loiXgc8USBmoX0AVXmnb3gIs0N6\"' .\pubsub-horizon\examples\horizon-nonprod.yaml
+ ```
+
+2. Install Horizon
+ ```powershell
+ helm upgrade -i -n platform -f .\horizon-nonprod.yaml horizon .\pubsub-horizon-helm-charts\horizon-all
+ ```
+
+## Try it out
+
+### Prerequisites
+
+* Install [Insomnium](https://github.com/ArchGPT/insomnium), a privacy-focused open-source tool for testing APIs:
+ ```powershell
+ scoop bucket add extras
+ scoop install extras/insomnium
+ ```
+
+* Clone Cosmoparrot echo service:
+ ```powershell
+ git clone https://github.com/telekom/pubsub-horizon-cosmoparrot.git
+ ```
+* Build the Cosmoparrot image:
+ ```powershell
+ docker build -t cosmoparrot:latest -f .\pubsub-horizon-cosmoparrot\Dockerfile .\pubsub-horizon-cosmoparrot
+ ```
+* Import the Cosmoparrot image into the cluster:
+ ```powershell
+ k3d image import docker.io/library/cosmoparrot:latest -c horizon-playground
+ ```
+* Install Cosmoparrot:
+ ```powershell
+ kubectl apply -f .\pubsub-horizon-cosmoparrot\manifest\deployment.yaml -n platform
+ ```
+* Port-forward Horizon Starlight:
+ ```powershell
+ Start-Process kubectl -ArgumentList "port-forward -n platform service/horizon-starlight 8080:8080"
+ ```
+
+### Create a new publisher/consumer client
+
+Just like before, you must first create a new client, but this time not for internal systems, but for the event provider and event consumer.
+In this example, we will keep it simple, which is why the event provider is also the event consumer - so you will only need to create one client.
+
+* Create a new client within the "default" realm with the name "ecommerce--billing--order-processing". You can easily import [examples/example-client.json](../examples/example-client.json) for this step. It also contains a password that we will use later.
+
+### Create a callback subscription
+
+* Apply the example subscription:
+ ```powershell
+ kubectl apply -f .\pubsub-horizon\examples\example-subscription.yaml -n platform
+ ```
+
+ > This will create a new subscription for the eventType "orders.v1" and the consumer "ecommerce--billing--order-processing". The callback URL points to the internal Kubernetes service URL "http://cosmoparrot.platform:8080/callback" (our echo seervice).
+
+### Send an event
+
+1. Start Insomnium
+2. Create a new `POST` HTTP request for the URL `http://localhost:8080/v1/nonprod/events`
+3. Set `OAuth 2` as auth type.
+4. Set `Client Credentials` as grant type.
+5. Set "ecommerce--billing--order-processing" as client ID.
+6. Set "75DdRxQpcWUMKpAajw5OmSW8U3CnXg2p" as client secret.
+7. Add the following JSON body:
+ ```json
+ {
+ "id":"b5882acc-e40e-47c4-b767-079d310f1ec0",
+ "source":"http://apihost/some/path/resource/1234",
+ "specversion":"1.0",
+ "type":"orders.v1",
+ "datacontenttype":"application/json",
+ "dataref":"http://apihost/some/api/v1/resource/1234",
+ "data":{
+ "orderNumber":"123"
+ },
+ "dataschema":"http://apihost/schema/definition.json"
+ }
+ ```
+
+ *Make sure to use a new UUID for the `id` field (=event ID) everytime yo make a request.*
+
+ > **Tip:** You can use the internal `UUID` (v4) function of Insomnium to generate a proper UUID for the `id` field.
+
+8. Execute the request, you should see a `201` HTTP response code
+
+### Verify event has been received
+
+* Verify the callback request reached the event consumer by viewing the logs of Cosmoparrot:
+ ```powershell
+ kubectl logs -l app=cosmoparrot -n platform
+ ```
+
diff --git a/examples/example-client.json b/examples/example-client.json
new file mode 100644
index 0000000..796d984
--- /dev/null
+++ b/examples/example-client.json
@@ -0,0 +1,86 @@
+{
+ "clientId": "ecommerce--billing--order-processing",
+ "name": "ecommerce--billing--order-processing",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "75DdRxQpcWUMKpAajw5OmSW8U3CnXg2p",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers":
+ [
+ {
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "client-origin",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "open-telekom-integration-platform",
+ "offline_access",
+ "microprofile-jwt"
+ ],
+ "access": {
+ "view": true,
+ "configure": true,
+ "manage": true
+ }
+ }
\ No newline at end of file
diff --git a/examples/example-client.json.license b/examples/example-client.json.license
new file mode 100644
index 0000000..e815893
--- /dev/null
+++ b/examples/example-client.json.license
@@ -0,0 +1,3 @@
+Copyright 2024 Deutsche Telekom IT GmbH
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/examples/example-subscription.yaml b/examples/example-subscription.yaml
new file mode 100644
index 0000000..acc32e8
--- /dev/null
+++ b/examples/example-subscription.yaml
@@ -0,0 +1,18 @@
+# Copyright 2024 Deutsche Telekom IT GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: subscriber.horizon.telekom.de/v1
+kind: Subscription
+metadata:
+ name: 4ca708e09edfb9745b1c9ceeb070aacde42cf02d
+spec:
+ subscription:
+ callback: http://cosmoparrot.platform:8080/callback
+ deliveryType: callback
+ payloadType: data
+ publisherId: ecommerce--billing--order-processing
+ subscriberId: ecommerce--billing--order-processing
+ subscriptionId: 4ca708e09edfb9745b1c9ceeb070aacde42cf02d
+ trigger: {}
+ type: orders.v1
\ No newline at end of file
diff --git a/examples/horizon-nonprod.yaml b/examples/horizon-nonprod.yaml
new file mode 100644
index 0000000..bd487ce
--- /dev/null
+++ b/examples/horizon-nonprod.yaml
@@ -0,0 +1,161 @@
+# Copyright 2024 Deutsche Telekom IT GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+global: &global
+ affinity:
+ podAntiAffinity: {}
+ imagePullSecrets:
+ - name: open-telekom-integration-platform-pull-secret
+ ingress:
+ enabled: false
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ hosts:
+ - host: nonprod.example.domain.com
+ paths:
+ - path: /
+ pathType: Prefix
+ commonHorizon:
+ issuerUrl: https://iris.test/auth/realms/default
+ informer:
+ namespace: platform
+ defaultEnvironment: nonprod
+ iris: &iris
+ tokenEndpoint: https://iris.test/auth/realms//protocol/openid-connect/token
+ clientId: eventstore
+ clientSecret: changeme
+ kafka:
+ brokers: horizon-kafka.platform:9092
+ mongo: &mongo
+ url: mongodb://root:topsecret@horizon-mongodb-mongodb-sharded.platform.svc.cluster.local:27017
+ tracing:
+ jaegerCollectorBaseUrl: http://jaeger-collector.monitoring:9411
+
+horizon-starlight:
+ <<: *global
+ image:
+ repository: docker.io/library/horizon-starlight
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 2
+ resources:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 200Mi
+
+horizon-galaxy:
+ <<: *global
+ image:
+ repository: docker.io/library/horizon-galaxy
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 2
+ galaxy:
+ kafka:
+ consumingPartitionCount: 8
+ cache:
+ serviceDns: horizon-galaxy-cache-discovery-headless.platform.svc.cluster.local
+ resources:
+ limits:
+ cpu: 1
+ memory: 1.5Gi
+ requests:
+ cpu: 0.5
+ memory: 200Mi
+
+horizon-comet:
+ <<: *global
+ image:
+ repository: docker.io/library/horizon-comet
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 2
+ comet:
+ iris:
+ <<: *iris
+ cache:
+ serviceDNS: horizon-callback-cache-discovery-headless.platform.svc.cluster.local
+ callback:
+ redeliveryThreadpoolSize: 100
+ kafka:
+ consumingPartitionCount: 8
+ consumerThreadpoolSize: 512
+ consumerQueueCapacity: 1024
+ maxPollRecords: 512
+ resources:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 0.5
+ memory: 200Mi
+
+horizon-polaris:
+ <<: *global
+ image:
+ repository: docker.io/library/horizon-polaris
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 1
+ polaris:
+ iris:
+ <<: *iris
+ cache:
+ serviceDNS: horizon-callback-cache-discovery-headless.platform.svc.cluster.local
+ mongo:
+ <<: *mongo
+ informer:
+ pods:
+ namespace: platform
+ polling:
+ batchSize: 10
+ resources:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 500m
+ memory: 200Mi
+
+horizon-vortex:
+ <<: *global
+ image:
+ repository: docker.io/library/horizon-vortex
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 4
+ kafka:
+ broker: horizon-kafka.platform:9092
+ mongo:
+ <<: *mongo
+ bulkSize: 500
+ flushIntervalSec: 5
+ resources:
+ limits:
+ cpu: 750m
+ memory: 800Mi
+ requests:
+ cpu: 50m
+ memory: 200Mi
+
+horizon-pulsar:
+ <<: *global
+ image:
+ repository: docker.io/library/horizon-pulsar
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 2
+ pulsar:
+ mongo:
+ <<: *mongo
+ resources:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 200Mi
diff --git a/examples/horizon-prod.yaml b/examples/horizon-prod.yaml
new file mode 100644
index 0000000..660bc83
--- /dev/null
+++ b/examples/horizon-prod.yaml
@@ -0,0 +1,158 @@
+# Copyright 2024 Deutsche Telekom IT GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+global: &global
+ imagePullSecrets:
+ - name: open-telekom-integration-platform-pull-secret
+ ingress:
+ enabled: false
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ hosts:
+ - host: prod.example.domain.com
+ paths:
+ - path: /
+ pathType: Prefix
+ commonHorizon:
+ issuerUrl: https://keycloak.example.domain.com/auth/realms/default
+ informer:
+ namespace: platform
+ defaultEnvironment: prod
+ iris: &iris
+ tokenEndpoint: https://keycloak.example.domain.com/auth/realms//protocol/openid-connect/token
+ clientId: eventstore
+ clientSecret: changeme
+ kafka:
+ brokers: horizon-kafka.platform:9092
+ mongo: &mongo
+ url: mongodb://user:pass@horizon-mongodb-sharded.platform.svc.cluster.local:27017
+ tracing:
+ jaegerCollectorBaseUrl: http://jaeger-collector.monitoring:9411
+
+horizon-starlight:
+ <<: *global
+ image:
+ repository: registry.example.domain.com/horizon/horizon-starlight
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 4
+ resources:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 200Mi
+
+horizon-galaxy:
+ <<: *global
+ image:
+ repository: registry.example.domain.com/horizon/horizon-galaxy
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 8
+ galaxy:
+ kafka:
+ consumingPartitionCount: 4
+ cache:
+ serviceDns: horizon-galaxy-cache-discovery-headless.platform.svc.cluster.local
+ resources:
+ limits:
+ cpu: 1
+ memory: 1.5Gi
+ requests:
+ cpu: 0.5
+ memory: 200Mi
+
+horizon-comet:
+ <<: *global
+ image:
+ repository: registry.example.domain.com/horizon/horizon-comet
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 8
+ comet:
+ iris:
+ <<: *iris
+ cache:
+ serviceDNS: horizon-callback-cache-discovery-headless.platform.svc.cluster.local
+ callback:
+ redeliveryThreadpoolSize: 100
+ kafka:
+ consumingPartitionCount: 4
+ consumerThreadpoolSize: 512
+ consumerQueueCapacity: 1024
+ maxPollRecords: 512
+ resources:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 0.5
+ memory: 200Mi
+
+horizon-polaris:
+ <<: *global
+ image:
+ repository: registry.example.domain.com/horizon/horizon-polaris
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 4
+ polaris:
+ iris:
+ <<: *iris
+ cache:
+ serviceDNS: horizon-callback-cache-discovery-headless.platform.svc.cluster.local
+ mongo:
+ <<: *mongo
+ informer:
+ pods:
+ namespace: horizon
+ polling:
+ batchSize: 100
+ resources:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 500m
+ memory: 200Mi
+
+horizon-vortex:
+ <<: *global
+ image:
+ repository: registry.example.domain.com/horizon/horizon-vortex
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 8
+ kafka:
+ broker: horizon-kafka.platform:9092
+ mongo:
+ <<: *mongo
+ flushIntervalSec: 5
+ resources:
+ limits:
+ cpu: 1.5
+ memory: 2Gi
+ requests:
+ cpu: 50m
+ memory: 200Mi
+
+horizon-pulsar:
+ <<: *global
+ image:
+ repository: registry.example.domain.com/horizon/horizon-pulsar
+ pullPolicy: IfNotPresent
+ tag: latest
+ replicas: 4
+ pulsar:
+ mongo:
+ <<: *mongo
+ resources:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 0.5
+ memory: 200Mi
diff --git a/examples/init-database.js b/examples/init-database.js
new file mode 100644
index 0000000..d6299c7
--- /dev/null
+++ b/examples/init-database.js
@@ -0,0 +1,66 @@
+// Copyright 2024 Deutsche Telekom IT GmbH
+//
+// SPDX-License-Identifier: Apache-2.0
+
+// initialize new database collection
+db.adminCommand({
+ shardCollection: "horizon.status",
+ key: {"event.id": "hashed"}
+})
+
+// create indices
+horizon = db.getSiblingDB('horizon')
+horizon.runCommand({
+ createIndexes: "status",
+ indexes: [
+ {
+ key: {"status": 1},
+ name: "status_1"
+ },
+ {
+ key: {"event.type": 1},
+ name: "event_type_1"
+ },
+ {
+ key: {"subscriptionId": 1},
+ name: "subscriptionId_1"
+ },
+ {
+ key: {"timestamp": 1},
+ name: "1w_ttl",
+ expireAfterSeconds: 604800
+ },
+ {
+ key: {"properties.multiplexed-from": 1},
+ name: "properties_multiplexed-from_1"
+ },
+ {
+ key: {"deliveryType": 1},
+ name: "deliveryType_1"
+ },
+ {
+ key: {"environment": 1},
+ name: "environment_1"
+ },
+ {
+ key: {"subscriptionId": 1, "status": 1, "timestamp": 1},
+ name: "subscriptionId_1_status_1"
+ },
+ {
+ key: {"status": 1, "deliveryType": 1,"subscriptionId": 1, "timestamp": 1},
+ name: "sse_sorted_index"
+ },
+ {
+ key: {"error.type": 1, "status": 1, "timestamp": 1},
+ name: "cb_error_status"
+ },
+ {
+ key: {"error.type": 1, "status": 1, "subscriptionId": 1, "timestamp": 1},
+ name: "cb_error_status_subscriptionId"
+ },
+ {
+ key: {"deliveryType": 1, "status": 1, "timestamp": 1},
+ name: "cb_deliveryType_status_timestamp"
+ }
+ ]
+})
\ No newline at end of file
diff --git a/examples/kafka-sample-values.yaml b/examples/kafka-sample-values.yaml
new file mode 100644
index 0000000..0c38acb
--- /dev/null
+++ b/examples/kafka-sample-values.yaml
@@ -0,0 +1,10 @@
+# Copyright 2024 Deutsche Telekom IT GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+listeners:
+ client:
+ containerPort: 9092
+ protocol: PLAINTEXT
+ name: CLIENT
+ sslClientAuth: ""
\ No newline at end of file
diff --git a/examples/traefik-tlsstore.yaml b/examples/traefik-tlsstore.yaml
new file mode 100644
index 0000000..7750f8b
--- /dev/null
+++ b/examples/traefik-tlsstore.yaml
@@ -0,0 +1,11 @@
+# Copyright 2024 Deutsche Telekom IT GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSStore
+metadata:
+ name: default
+spec:
+ defaultCertificate:
+ secretName: tls-secret
\ No newline at end of file
diff --git a/assets/subscription.crd.yaml b/resources/crds.yaml
similarity index 93%
rename from assets/subscription.crd.yaml
rename to resources/crds.yaml
index d33b71b..ee02d0b 100644
--- a/assets/subscription.crd.yaml
+++ b/resources/crds.yaml
@@ -1,7 +1,11 @@
+# Copyright 2024 Deutsche Telekom IT GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- name: subscriptions.subscriber.horizon.telekom.de-
+ name: subscriptions.subscriber.horizon.telekom.de
spec:
group: subscriber.horizon.telekom.de
names:
diff --git a/resources/eventstore-client.json b/resources/eventstore-client.json
new file mode 100644
index 0000000..cfe6edf
--- /dev/null
+++ b/resources/eventstore-client.json
@@ -0,0 +1,86 @@
+{
+ "clientId": "eventstore",
+ "name": "eventstore",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "N25V3loiXgc8USBmoX0AVXmnb3gIs0N6",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers":
+ [
+ {
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "client-origin",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "open-telekom-integration-platform",
+ "offline_access",
+ "microprofile-jwt"
+ ],
+ "access": {
+ "view": true,
+ "configure": true,
+ "manage": true
+ }
+ }
\ No newline at end of file
diff --git a/resources/eventstore-client.json.license b/resources/eventstore-client.json.license
new file mode 100644
index 0000000..e815893
--- /dev/null
+++ b/resources/eventstore-client.json.license
@@ -0,0 +1,3 @@
+Copyright 2024 Deutsche Telekom IT GmbH
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/resources/ingress-dns.yaml b/resources/ingress-dns.yaml
new file mode 100644
index 0000000..2e2e13c
--- /dev/null
+++ b/resources/ingress-dns.yaml
@@ -0,0 +1,26 @@
+# Copyright 2024 Deutsche Telekom IT GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: kube-ingress-dns
+ namespace: kube-system
+ labels:
+ k8s-app: kube-dns
+ kubernetes.io/cluster-service: 'true'
+ kubernetes.io/name: kube-ingress-dns
+spec:
+ ports:
+ - name: dns
+ protocol: UDP
+ port: 53
+ targetPort: 53
+ - name: dns-tcp
+ protocol: TCP
+ port: 53
+ targetPort: 53
+ selector:
+ app: kube-ingress-dns
+ type: ClusterIP
\ No newline at end of file
diff --git a/assets/rbac.yaml b/resources/rbac.yaml
similarity index 73%
rename from assets/rbac.yaml
rename to resources/rbac.yaml
index f3bf5db..628a2e9 100644
--- a/assets/rbac.yaml
+++ b/resources/rbac.yaml
@@ -1,14 +1,18 @@
+# Copyright 2024 Deutsche Telekom IT GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
apiVersion: v1
kind: ServiceAccount
metadata:
name: horizon
- namespace: horizon
+ namespace: platform
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: manage-subscriptions
- namespace: horizon
+ namespace: platform
rules:
- apiGroups:
- subscriber.horizon.telekom.de
@@ -27,7 +31,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: horizon-manage-subscriptions
- namespace: horizon
+ namespace: platform
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -35,4 +39,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: rover
- namespace: horizon
\ No newline at end of file
+ namespace: platform
\ No newline at end of file
diff --git a/resources/services.yaml b/resources/services.yaml
new file mode 100644
index 0000000..c82d70a
--- /dev/null
+++ b/resources/services.yaml
@@ -0,0 +1,41 @@
+# Copyright 2024 Deutsche Telekom IT GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: horizon-callback-cache-discovery-headless
+ labels:
+ app.kubernetes.io/name: horizon-essentials
+ app.kubernetes.io/component: headless-service
+ app.kubernetes.io/part-of: horizon
+spec:
+ selector:
+ app.kubernetes.io/part-of: horizon
+ developer.telekom.de/pubsub-horizon-cache-context: callback
+ ports:
+ - name: discovery
+ port: 5701
+ protocol: TCP
+ publishNotReadyAddresses: true
+ clusterIP: None
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: horizon-galaxy-cache-discovery-headless
+ labels:
+ app.kubernetes.io/name: horizon-essentials
+ app.kubernetes.io/component: headless-service
+ app.kubernetes.io/part-of: horizon
+spec:
+ selector:
+ app.kubernetes.io/part-of: horizon
+ developer.telekom.de/pubsub-horizon-cache-context: galaxy
+ ports:
+ - name: discovery
+ port: 5701
+ protocol: TCP
+ publishNotReadyAddresses: true
+ clusterIP: None