Überblick der gesamten B2B Kubernetes Installation
Das B2B System kann mit allen UIs und Keycloak über Docker Images und Helm Charts in Kubernetes Clustern betrieben werden. Wir empfehlen für den produktiven Einsatz den Betrieb in einem Kubernetes Cluster.
Es folgt die Template-Struktur eines unserer Kubernetes Entwicklungssysteme für eigene Deployments.
B2B-Services im Kubernetes
Anmerkungen
Die B2B-Services haben unterschiedliche Abhängigkeiten aufeinander und auf externe Umsysteme, wie z.B. die Datenbanken, Keycloak, SOLR, RabbitMQ etc. Entsprechend ist die Reihenfolge der Installation der Services und Bereitstellung von Umsystemen zuvor zu beachten.
Der Keycloak und SOLR B2B-Index sind in diesem Deployment integriert und werden über Helm-Charts der Hersteller installiert.
B2B-Services im Kubernetes
Das folgende Helm-Chart yaml Datei beinhaltet die B2B Services für ein Deployment aller Microservices (Backends und UIs) im Kubernetes Cluster. Als kann als Beispiel/Template für eigene Installationen genutzt werden.
values.yaml Konfigurationsdatei
global:
systemTimeZone: Europe/Berlin
systemName: B2B
as4Style: true
backgroundColor: "#008ECC"
activateUserMessages: true
b2bUrl: "http://b2b-dev-b2b-rest.b2b-dev.svc.cluster.local:8080"
b2bExternalUrl: "https://b2b-dev.level-365.com"
fssUrl: "http://fss.b2b-dev.svc.cluster.local:3331"
notificationUrl: "http://b2b-dev-notification.b2b-dev.svc.cluster.local:8080"
revisionUrl: "http://b2b-dev-revision.b2b-dev.svc.cluster.local:8080"
portalUiUrl: "http://b2b-dev-portal-ui.b2b-dev.svc.cluster.local:8080"
as4AddressUrl: "http://as4-dev-as4-address-service.as4-dev.svc.cluster.local:8080"
as4MessageUrl: "http://as4-dev-as4-message-service.as4-dev.svc.cluster.local:8080"
solrUrl: "http://10.29.208.69:8983/solr"
rabbitmqExternalUrl: "http://rabbitmq-as4-dev.level-365.com"
keycloak:
url: https://keycloak-dev.level-365.com
internalUrl: http://b2b-dev-keycloak-operator-service.keycloak-operator.svc.cluster.local:8080
realm: as4
sslRequired: external
b2bBackendSecret: '***'
b2b:
b2bUiServicePath: "/B2B-UI"
b2bAdminUiServicePath: "/B2B-Admin-UI"
portalUiServicePath: "/B2B-Portal-UI"
notificationUiServicePath: "/User-Messages-UI"
revisionUiServicePath: "/B2B-RevisionInfo-UI"
fssUiServicePath: "/FSS-UI"
indexUiServicePath: "/solr"
postgresql:
url: jdbc:postgresql://b2b-postgres.b2b-dev.svc.cluster.local:5432/b2b?currentSchema=b2bbp
driver: org.postgresql.Driver
username: b2b
password: "***"
rabbitmq:
host: rabbitmq-cluster.as4-dev.svc.cluster.local
port: 5672
user: rabbitmq-admin
password: '***'
b2b-message-service:
enabled: true
replicaCount: 1
resources:
limits:
cpu: 1200m
memory: 1024Mi
requests:
cpu: 400m
memory: 1024Mi
env:
TZ: Europe/Berlin
SPRING_RABBITMQ_HOST: rabbitmq-cluster.as4-dev.svc.cluster.local
SPRING_RABBITMQ_PORT: '5672'
SPRING_RABBITMQ_USERNAME: rabbitmq-admin
SPRING_RABBITMQ_PASSWORD: '***'
DATASOURCE_URL: 'jdbc:postgresql://b2b-postgres.b2b-dev.svc.cluster.local:5432/b2b?currentSchema=b2bbp'
DATASOURCE_USERNAME: 'b2b'
DATASOURCE_PASSWORD: '***'
DATASOURCE_SCHEMA: 'b2bbp'
INBOUNDEDIFACTROUTINGKEY: 'https://www.bdew.de/as4/communication/services/MP,https://www.bdew.de/as4/communication/services/FP'
SPRING_CLOUD_STREAM_RABBIT_BINDINGS_RECEIVEDAS4MESSAGECONSUMERIN0_CONSUMER_BINDINGROUTINGKEYDELIMITER: ','
OUTBOUNDAS4RECEIPTROUTINGKEY: 'https://www.bdew.de/as4/communication/services/MP,https://www.bdew.de/as4/communication/services/FP'
SPRING_CLOUD_STREAM_RABBIT_BINDINGS_OUTBOUNDAS4RECEIPTCONSUMERIN0_CONSUMER_BINDINGROUTINGKEYDELIMITER: ','
OUTBOX_OUTBOXRELAY: 'true'
OUTBOX_OUTBOXEXCHANGE: 'as4.outbound.request'
OUTBOX_OUTBOXEXCHANGETYPE: 'direct'
B2BQUEUEPRIORITY_DEFAULTPRIORITY: 'low'
B2BQUEUEPRIORITY_PRIORITYCLASSES_0_TYPE: 'ALOCAT'
B2BQUEUEPRIORITY_PRIORITYCLASSES_0_LEVEL: 'ultra'
B2BQUEUEPRIORITY_PRIORITYCLASSES_1_SERVICEID: 'https://www.bdew.de/as4/communication/services/FP'
B2BQUEUEPRIORITY_PRIORITYCLASSES_1_LEVEL: 'high'
DUPLICATEDETECTION: 'false'
probes:
liveness:
enabled: true
custom: true
spec:
httpGet:
path: /aep-b2b-message-service/actuator/health
port: http
readiness:
enabled: true
custom: true
spec:
httpGet:
path: /aep-b2b-message-service/actuator/health
port: http
startup:
enabled: true
custom: true
spec:
httpGet:
path: /aep-b2b-message-service/actuator/health
port: http
failureThreshold: 900
periodSeconds: 5
admin-ui:
enabled: true
env:
TZ: "{{ .Values.global.systemTimeZone }}"
SYSTEM_NAME: "{{ .Values.global.systemName }}"
AS4_STYLE: "{{ .Values.global.as4Style }}"
KC_REALM: "{{ .Values.global.keycloak.realm }}"
KC_URL: "{{ .Values.global.keycloak.url }}"
KC_SSL_REQUIRED: "{{ .Values.global.keycloak.sslRequired }}"
KC_CLIENT: "b2b-admin-ui"
BACKGROUND_COLOR: "{{ .Values.global.backgroundColor }}"
ACTIVATE_USER_MESSAGES: "{{ .Values.global.activateUserMessages }}"
PORTAL_UI_URL: "{{ .Values.global.portalUiUrl }}"
B2B_URL: "{{ .Values.global.b2bUrl }}"
NOTIFICATION_URL: "{{ .Values.global.notificationUrl }}"
REVISION_URL: "{{ .Values.global.revisionUrl }}"
AS4_ADDRESS_URL: "{{ .Values.global.as4AddressUrl }}"
SERVICE_PATH: "{{ .Values.global.b2b.b2bAdminUiServicePath }}"
NO_PATHSWITCH: "false"
RESOLVER_IP: "10.0.0.10"
ingress:
enabled: true
ingressClassName: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: b2b-dev.level-365.com
paths:
- path: "{{ .Values.global.b2b.b2bAdminUiServicePath }}"
pathType: Prefix
tls:
- hosts:
- b2b-dev.level-365.com
secretName: "level-365-cert"
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
b2b-ui:
enabled: true
env:
TZ: "{{ .Values.global.systemTimeZone }}"
SYSTEM_NAME: "{{ .Values.global.systemName }}"
AS4_STYLE: "{{ .Values.global.as4Style }}"
AS4_RELATION_DEFAULT_CONFIRMED: "{{ .Values.global.as4RelationDefaultConfirmed }}"
KC_REALM: "{{ .Values.global.keycloak.realm }}"
KC_URL: "{{ .Values.global.keycloak.url }}"
KC_CLIENT: "b2b-ui"
KC_SSL_REQUIRED: "{{ .Values.global.keycloak.sslRequired }}"
BACKGROUND_COLOR: "{{ .Values.global.backgroundColor }}"
ACTIVATE_USER_MESSAGES: "{{ .Values.global.activateUserMessages }}"
PORTAL_UI_URL: "{{ .Values.global.portalUiUrl }}"
B2B_URL: "{{ .Values.global.b2bUrl }}"
NOTIFICATION_URL: "{{ .Values.global.notificationUrl }}"
REVISION_URL: "{{ .Values.global.revisionUrl }}"
AS4_ADDRESS_URL: "{{ .Values.global.as4AddressUrl }}"
AS4_ADDRESS_CONTEXT_PATH: "aep-as4-address-service"
AS4_MESSAGE_URL: "{{ .Values.global.as4MessageUrl }}"
SERVICE_PATH: "{{ .Values.global.b2b.b2bUiServicePath }}"
AS4_ADDRESS_WRITE_HIDDEN: "true"
B2B_MESSAGE_MONITOR_FULLTEXT_SEARCH_MIN_CHARACTERS: "0"
B2B_MESSAGE_MONITOR_DEFAULT_PERIOD: "last-0-hours"
B2B_MESSAGE_MONITOR_DEFAULT_TABLE_VIEW: "load-all"
RESOLVER_IP: "10.0.0.10"
ingress:
enabled: true
ingressClassName: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: b2b-dev.level-365.com
paths:
- path: "{{ .Values.global.b2b.b2bUiServicePath }}"
pathType: Prefix
tls:
- hosts:
- b2b-dev.level-365.com
secretName: "level-365-cert"
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
portal-ui:
enabled: true
env:
TZ: "{{ .Values.global.systemTimeZone }}"
SYSTEM_NAME: "{{ .Values.global.systemName }}"
BACKGROUND_COLOR: "{{ .Values.global.backgroundColor }}"
ACTIVATE_USER_MESSAGES: "{{ .Values.global.activateUserMessages }}"
KC_REALM: "{{ .Values.global.keycloak.realm }}"
KC_URL: "{{ .Values.global.keycloak.url }}"
KC_SSL_REQUIRED: "{{ .Values.global.keycloak.sslRequired }}"
KC_CLIENT: "portal-ui"
B2B_URL: "{{ .Values.global.b2bUrl }}"
NOTIFICATION_URL: "{{ .Values.global.notificationUrl }}"
SERVICE_PATH: "{{ .Values.global.b2b.portalUiServicePath }}"
B2B_UI_URL: "{{ .Values.global.b2bExternalUrl }}{{ .Values.global.b2b.b2bUiServicePath }}"
FSS_UI_URL: "{{ .Values.global.b2bExternalUrl }}{{ .Values.global.b2b.fssUiServicePath }}"
NOTIFICATION_UI_URL: "{{ .Values.global.b2bExternalUrl }}{{ .Values.global.b2b.notificationUiServicePath }}"
REVISION_UI_URL: "{{ .Values.global.b2bExternalUrl }}{{ .Values.global.b2b.revisionUiServicePath }}"
ADMIN_UI_URL: "{{ .Values.global.b2bExternalUrl }}{{ .Values.global.b2b.b2bAdminUiServicePath }}"
INDEX_UI_URL: "{{ .Values.global.solrUrl }}"
PORTAL_UI_URL: "{{ .Values.global.b2bExternalUrl }}{{ .Values.global.b2b.portalUiServicePath }}"
QUEUE_MONITOR_UI_URL: "{{ .Values.global.rabbitmqExternalUrl }}"
RESOLVER_IP: "10.0.0.10"
ingress:
enabled: true
ingressClassName: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: b2b-dev.level-365.com
paths:
- path: "{{ .Values.global.b2b.portalUiServicePath }}"
pathType: Prefix
tls:
- hosts:
- b2b-dev.level-365.com
secretName: "level-365-cert"
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
notification-ui:
enabled: true
env:
TZ: "{{ .Values.global.systemTimeZone }}"
SYSTEM_NAME: "{{ .Values.global.systemName }}"
BACKGROUND_COLOR: "{{ .Values.global.backgroundColor }}"
ACTIVATE_USER_MESSAGES: "{{ .Values.global.activateUserMessages }}"
AS4_STYLE: "{{ .Values.global.as4Style }}"
KC_REALM: "{{ .Values.global.keycloak.realm }}"
KC_URL: "{{ .Values.global.keycloak.url }}"
KC_SSL_REQUIRED: "{{ .Values.global.keycloak.sslRequired }}"
PORTAL_UI_URL: "{{ .Values.global.portalUiUrl }}"
B2B_URL: "{{ .Values.global.b2bUrl }}"
NOTIFICATION_URL: "{{ .Values.global.notificationUrl }}"
SERVICE_PATH: "{{ .Values.global.b2b.notificationUiServicePath }}"
KC_CLIENT: "notification-ui"
ingress:
enabled: true
ingressClassName: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: b2b-dev.level-365.com
paths:
- path: "{{ .Values.global.b2b.notificationUiServicePath }}"
pathType: Prefix
tls:
- hosts:
- b2b-dev.level-365.com
secretName: "level-365-cert"
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
notification-backend:
enabled: true
nameOverride: 'notification'
env:
SPRING_DATASOURCE_URL: "{{ .Values.global.b2b.postgresql.url }}"
SPRING_DATASOURCE_USERNAME: "{{ .Values.global.b2b.postgresql.username }}"
SPRING_DATASOURCE_PASSWORD: "{{ .Values.global.b2b.postgresql.password }}"
SPRING_PROFILES_ACTIVE: keycloak-enriched
KEYCLOAK_AUTHSERVERURL: "{{ .Values.global.keycloak.url }}"
KEYCLOAK_REALM: "{{ .Values.global.keycloak.realm }}"
KEYCLOAK_RESOURCE: notification
KEYCLOAK_PUBLICCLIENT: 'false'
KEYCLOAK_BEARERONLY: 'true'
MANAGEMENT_HEALTH_MAIL_ENABLED: 'false'
APPLICATIONINSIGHTS_ROLE_NAME: "B2B Notification Service .Release.Namespace"
revisioninfo-ui:
enabled: true
env:
TZ: "{{ .Values.global.systemTimeZone }}"
SYSTEM_NAME: "{{ .Values.global.systemName }}"
AS4_STYLE: "{{ .Values.global.as4Style }}"
KC_REALM: "{{ .Values.global.keycloak.realm }}"
KC_URL: "{{ .Values.global.keycloak.url }}"
KC_SSL_REQUIRED: "{{ .Values.global.keycloak.sslRequired }}"
BACKGROUND_COLOR: "{{ .Values.global.backgroundColor }}"
ACTIVATE_USER_MESSAGES: "{{ .Values.global.activateUserMessages }}"
PORTAL_UI_URL: "{{ .Values.global.portalUiUrl }}"
B2B_URL: "{{ .Values.global.b2bUrl }}"
NOTIFICATION_URL: "{{ .Values.global.notificationUrl }}"
REVISION_URL: "{{ .Values.global.revisionUrl }}"
AS4_ADDRESS_URL: "{{ .Values.global.as4AddressUrl }}"
SERVICE_PATH: "{{ .Values.global.b2b.revisionUiServicePath }}"
KC_CLIENT: "revision-ui"
NO_PATHSWITCH: "false"
RESOLVER_IP: "10.0.0.10"
ingress:
enabled: true
ingressClassName: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: b2b-dev.level-365.com
paths:
- path: "{{ .Values.global.b2b.revisionUiServicePath }}"
pathType: Prefix
tls:
- hosts:
- b2b-dev.level-365.com
secretName: "level-365-cert"
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
revision-backend:
enabled: true
nameOverride: 'revision'
env:
SPRING_DATASOURCE_URL: "{{ .Values.global.b2b.postgresql.url }}"
SPRING_DATASOURCE_USERNAME: "{{ .Values.global.b2b.postgresql.username }}"
SPRING_DATASOURCE_PASSWORD: "{{ .Values.global.b2b.postgresql.password }}"
SPRING_PROFILES_ACTIVE: keycloak-enriched
KEYCLOAK_AUTHSERVERURL: "{{ .Values.global.keycloak.url }}"
KEYCLOAK_REALM: "{{ .Values.global.keycloak.realm }}"
KEYCLOAK_RESOURCE: revision
KEYCLOAK_PUBLICCLIENT: 'false'
KEYCLOAK_BEARERONLY: 'true'
MANAGEMENT_HEALTH_MAIL_ENABLED: 'false'
APPLICATIONINSIGHTS_ROLE_NAME: "B2B Revision Service .Release.Namespace"
b2b-rest:
enabled: true
replicaCount: 1
autoscaling:
enabled: false
env:
DB_URL: "{{ .Values.global.b2b.postgresql.url }}"
DB_DRIVER: "{{ .Values.global.b2b.postgresql.driver }}"
DB_USERNAME: "{{ .Values.global.b2b.postgresql.username }}"
DB_PASSWORD: "{{ .Values.global.b2b.postgresql.password }}"
KC_REALM: "{{ .Values.global.keycloak.realm }}"
KC_URL: "{{ .Values.global.keycloak.url }}"
KC_INTERNAL_URL: "{{ .Values.global.keycloak.internalUrl }}"
KC_CLIENT: "b2b"
KC_SECRET: "{{ .Values.global.keycloak.b2bBackendSecret }}"
ingress:
enabled: true
ingressClassName: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: b2b-dev.level-365.com
paths:
- path: /b2bbp-engine
pathType: Prefix
tls:
- hosts:
- b2b-dev.level-365.com
secretName: "level-365-cert"
resources:
limits:
cpu: 1800m
memory: 3Gi
requests:
cpu: 300m
memory: 3Gi
b2b-queue:
enabled: true
replicaCount: 1
autoscaling:
enabled: false
env:
DB_URL: "{{ .Values.global.b2b.postgresql.url }}"
DB_DRIVER: "{{ .Values.global.b2b.postgresql.driver }}"
DB_USERNAME: "{{ .Values.global.b2b.postgresql.username }}"
DB_PASSWORD: "{{ .Values.global.b2b.postgresql.password }}"
KC_REALM: "{{ .Values.global.keycloak.realm }}"
KC_URL: "{{ .Values.global.keycloak.url }}"
KC_INTERNAL_URL: "{{ .Values.global.keycloak.internalUrl }}"
KC_CLIENT: "b2b"
KC_SECRET: "{{ .Values.global.keycloak.b2bBackendSecret }}"
resources:
limits:
cpu: 1800m
memory: 3Gi
requests:
cpu: 300m
memory: 3Gi
b2b-index:
enabled: true
replicaCount: 1
autoscaling:
enabled: false
env:
DB_URL: "{{ .Values.global.b2b.postgresql.url }}"
DB_DRIVER: "{{ .Values.global.b2b.postgresql.driver }}"
DB_USERNAME: "{{ .Values.global.b2b.postgresql.username }}"
DB_PASSWORD: "{{ .Values.global.b2b.postgresql.password }}"
KC_REALM: "{{ .Values.global.keycloak.realm }}"
KC_URL: "{{ .Values.global.keycloak.url }}"
KC_INTERNAL_URL: "{{ .Values.global.keycloak.internalUrl }}"
KC_CLIENT: "b2b"
KC_SECRET: "{{ .Values.global.keycloak.b2bBackendSecret }}"
resources:
limits:
cpu: 1800m
memory: 3Gi
requests:
cpu: 300m
memory: 3Gi
b2b-services:
enabled: true
replicaCount: 1
autoscaling:
enabled: false
env:
DB_URL: "{{ .Values.global.b2b.postgresql.url }}"
DB_DRIVER: "{{ .Values.global.b2b.postgresql.driver }}"
DB_USERNAME: "{{ .Values.global.b2b.postgresql.username }}"
DB_PASSWORD: "{{ .Values.global.b2b.postgresql.password }}"
KC_REALM: "{{ .Values.global.keycloak.realm }}"
KC_URL: "{{ .Values.global.keycloak.url }}"
KC_INTERNAL_URL: "{{ .Values.global.keycloak.internalUrl }}"
KC_CLIENT: "b2b"
KC_SECRET: "{{ .Values.global.keycloak.b2bBackendSecret }}"
resources:
limits:
cpu: 1800m
memory: 3Gi
requests:
cpu: 300m
memory: 3Gi
fss-secure:
enabled: true
replicaCount: 1
autoscaling:
enabled: false
type: statefulset
ingress:
enabled: true
ingressClassName: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: b2b-dev.level-365.com
paths:
- path: /fss
pathType: Prefix
tls:
- hosts:
- b2b-dev.level-365.com
secretName: "level-365-cert"
service:
enabled: true
type: ClusterIP
port:
port: 3331
name: http
protocol: HTTP
forcePodRecreationOnHelmUpdate: false
env:
TZ: 'Europe/Berlin'
SPRING_PROFILES_ACTIVE: 'secure'
DB_DRIVER: 'org.postgresql.Driver'
DB_URL: 'jdbc:postgresql://as4-postgres.as4-dev.svc.cluster.local:5432/as4?currentSchema=fss'
DB_USERNAME: 'as4'
DB_PASSWORD: '***'
DB_DIALECT: org.hibernate.dialect.PostgreSQLDialect
KEYCLOAK_ENABLED: 'true'
AEP_SECURITY_AUTHMETHOD: 'no-secure'
KEYCLOAK_AUTHSERVERURL: "{{ .Values.global.keycloak.url }}"
KEYCLOAK_REALM: "{{ .Values.global.keycloak.realm }}"
KEYCLOAK_RESOURCE: fss
KEYCLOAK_CREDENTIALS_SECRET: ***
NO_DEFAULT_CERT_PURPOSE: 'true'
SERVER_PORT: '3331'
CLUSTER_USE_CLUSTERNODE_HOSTNAME: "true"
JAVA_OPTS: "-Dcluster.service.period=30 -Dverify.filter.mapping=/opt/securityserver/conf/verifyFilterMapping.properties -Drevision.info.server.url=http://changeme -Djavax.net.ssl.trustStoreType=JKS -Xmx2048m -Xms512m"
resources:
limits:
cpu: 800m
memory: 1600Mi
requests:
cpu: 800m
memory: 1600Mi
fss-ui:
enabled: true
env:
TZ: "{{ .Values.global.systemTimeZone }}"
SYSTEM_NAME: "{{ .Values.global.systemName }}"
AS4_STYLE: "{{ .Values.global.as4Style }}"
KC_REALM: "{{ .Values.global.keycloak.realm }}"
KC_URL: "{{ .Values.global.keycloak.url }}"
KC_CLIENT: "fss-ui"
KC_SSL_REQUIRED: "{{ .Values.global.keycloak.sslRequired }}"
BACKGROUND_COLOR: "{{ .Values.global.backgroundColor }}"
ACTIVATE_USER_MESSAGES: "{{ .Values.global.activateUserMessages }}"
PORTAL_UI_URL: "{{ .Values.global.portalUiUrl }}"
B2B_URL: "{{ .Values.global.b2bUrl }}"
FSS_URL: "{{ .Values.global.fssUrl }}"
NOTIFICATION_URL: "{{ .Values.global.notificationUrl }}"
REVISION_URL: "{{ .Values.global.revisionUrl }}"
SERVICE_PATH: "{{ .Values.global.b2b.fssUiServicePath }}"
NO_DEFAULT_CERT_PURPOSE: "true"
ingress:
enabled: true
ingressClassName: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
hosts:
- host: b2b-dev.level-365.com
paths:
- path: "{{ .Values.global.b2b.fssUiServicePath }}"
pathType: Prefix
tls:
- hosts:
- b2b-dev.level-365.com
secretName: "level-365-cert"
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
solr-operator:
enabled: true
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 200m
memory: 256Mi
solr:
image:
repository: solr
tag: 9.10.0
enabled: true
dataStorage:
type: "persistent"
capacity: "20Gi"
persistent:
reclaimPolicy: "Retain"
pvc:
storageClassName: "solr-storage"
annotations: {"volume.beta.kubernetes.io/storage-provisioner: disk.csi.azure.com","volume.kubernetes.io/storage-provisioner: disk.csi.azure.com"}
labels: {"app: b2b-dev-solrcloud"}
resources:
limits:
cpu: 1024m
memory: 2Gi
requests:
cpu: 1024m
memory: 2Gi
keycloak-operator:
enabled: true
operator:
replicaCount: 1
namespace: keycloak-operator
image:
repository: quay.io/keycloak/keycloak-operator
tag: "26.3.2"
resources:
requests:
cpu: 400m
memory: 1024Mi
limits:
cpu: 800m
memory: 1024Mi
keycloak:
enabled: true
instances: 2
namespace: keycloak-operator
startOptimized: false
bootstrapAdmin:
user:
secret: 'keycloak-temp-admin-secret'
image:
repository: quay.io/keycloak/keycloak
tag: "26.3.2"
db:
passwordSecret:
name: 'keycloak-postgres-secret'
key: 'POSTGRES_PASSWORD'
usernameSecret:
name: 'keycloak-postgres-secret'
key: 'POSTGRES_USER'
url: 'jdbc:postgresql://keycloak-postgres.keycloak-operator.svc.cluster.local:5432/keycloak'
vendor: 'postgres'
hostname:
admin: https://keycloak-dev.level-365.com
hostname: https://keycloak-dev.level-365.com
strict: true
http:
tls-secret: "level-365-cert"
ingress:
enabled: false
proxy:
headers: "forwarded"
resources:
requests:
cpu: 500m
memory: 1024Mi
limits:
cpu: 1
memory: 2048Mi
Chart.yaml Konfigurationsdatei
Die Versionen der Helm-Charts und Docker-Images sind in der Chart.yaml Datei angegeben, wie zum Beispiel hier:
apiVersion: v2
name: deployment
type: application
version: 2025-12-02
appVersion: "1.0.0"
dependencies:
- name: backend-transmission-status-sender-helm
version: 2025-12-10
condition: backend-transmission-status-sender.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: backend-transmission-status-sender
- name: b2b-message-service-helm
version: 2025-12-02
condition: b2b-message-service.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: b2b-message-service
- name: admin-ui-helm
version: 2025-12-09-3
condition: admin-ui.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: admin-ui
- name: b2b-ui-helm
version: 2025-12-10-1
condition: b2b-ui.enabled
repository: "oci://v/b2b"
alias: b2b-ui
- name: portal-ui-helm
version: 2025-12-10
condition: portal-ui.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: portal-ui
- name: notification-ui-helm
version: 2025-12-10-1
condition: notification-ui.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: notification-ui
- name: notification-helm
version: 2025-12-15-1
condition: notification-backend.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: notification-backend
- name: b2b-revisioninfo-ui-helm
version: 2025-12-10-1
condition: revisioninfo-ui.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: revisioninfo-ui
- name: revision-helm
version: 2025-12-10-1
condition: revision-backend.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: revision-backend
- name: aep-b2b-monolith-distro-rest
version: 2025-12-04
condition: b2b-rest.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: b2b-rest
- name: aep-b2b-monolith-distro-rest
version: 2025-12-04
condition: b2b-queue.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: b2b-queue
- name: aep-b2b-monolith-distro-rest
version: 2025-12-04
condition: b2b-index.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: b2b-index
- name: aep-b2b-monolith-distro-rest
version: 2025-12-04
condition: b2b-services.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: b2b-services
- name: fss-helm
version: 2025-09-12
condition: fss-secure.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: fss-secure
- name: fss-ui-helm
version: 2025-10-28-4
condition: fss-ui.enabled
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
alias: fss-ui
- name: solr-operator
version: 0.9.1
repository: https://nightlies.apache.org/solr/release/helm-charts/
condition: solr-operator.enabled
- name: solr
version: 0.9.1
repository: https://nightlies.apache.org/solr/release/helm-charts/
condition: solr.enabled
- name: data-loader-helm
version: 2025-12-10
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
condition: aep-b2b-aaas-data-loader.enabled
alias: aep-b2b-aaas-data-loader
- name: finish-service-helm
version: 2025-12-10
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
condition: aep-b2b-aaas-finish-service.enabled
alias: aep-b2b-aaas-finish-service
- name: static-starter-service-helm
version: 2025-12-10
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
condition: aep-b2b-aaas-static-starter-service.enabled
alias: aep-b2b-aaas-static-starter-service
- name: dynamic-starter-service-helm
version: 2025-12-10
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
condition: aep-b2b-aaas-dynamic-starter-service.enabled
alias: aep-b2b-aaas-dynamic-starter-service
- name: keycloak-operator-helm
version: 1.6.3
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
condition: keycloak-operator.enabled
alias: keycloak-operator
- name: b2b-aaas-imagemaster-archive-adapter-helm
version: 2025-12-10
repository: "oci://docker-nob-erp.next-level-apps.com/b2b"
condition: b2b-aaas-imagemaster-archive-adapter.enabled
alias: b2b-aaas-imagemaster-archive-adapter
UIs
Die Installation der B2B/AS4 UIs im Kubernetes Cluster finden sie hier.
Einbindung des Datenbank-Treibers
Wenn als Remote B2B-Datenbank eine Oracle eingesetzt wird und die entsprechenden Datenbank-Treiber aus Lizenzgründen nicht durch uns ausgeliefert werden dürfen, sind diese durch den Kunden in die Docker Images zu kopieren. Das ist auf verschiedenen Wegen möglich, z.B. per InitContainer, oder durch manuelle Erweiterung des Docker Images. Siehe zu letzterem auch hier.
Zu beachten ist, dass je nach Service teilweise das Zielverzeichnis oder auch die zu verwendende Treiber-Version unterschiedlich sein kann.
- für die Services b2b und b2b-basicauth ist das Zielverzeichnis
/usr/local/tomcat/libund es mussojdbc8.jarverwendet werden - für die Services notification-service und revision ist das Zielverzeichnis
/libund es mussojdbc8.jarverwendet werden - für alle anderen Services ist das Zielverzeichnis
/app/lib/und es kannojdbc17.jarverwendet werden
Weiterhin sind bei den betroffenen Services die Umgebungsvariablen entsprechend anzupassen:
b2b-message-service:
env:
SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: org.hibernate.dialect.OracleDialect
notification-backend:
env:
SPRING_JPA_DATABASE-PLATFORM: org.hibernate.dialect.OracleDialect
SPRING_DATASOURCE_DRIVER-CLASS-NAME: oracle.jdbc.OracleDriver
revision-backend:
env:
SPRING_JPA_DATABASE-PLATFORM: org.hibernate.dialect.OracleDialect
b2b-backend-ui:
env:
DB_DRIVER: oracle.jdbc.OracleDriver
b2b-rest: # analog auch b2b-queue und weitere b2b Instanzen
env:
DB_DRIVER: oracle.jdbc.OracleDriver
DB_VALIDATION_QUERY: 'SELECT 1 FROM DUAL'
fss:
env:
DB_DRIVER: oracle.jdbc.driver.OracleDriver
DB_DIALECT: com.nextlevel.security.persistence.dialect.Oracle10gSecServerDialect
aep-b2b-aaas-data-loader:
env:
SPRING_DATASOURCE_DRIVER_CLASS_NAME: oracle.jdbc.OracleDriver
SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: org.hibernate.dialect.OracleDialect
aep-b2b-aaas-finish-service:
env:
SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: org.hibernate.dialect.Oracle12cDialect
Als Bezugsquelle für die JDBC-Treiber kann die entsprechende Download-Seite von Oracle verwendet werden.
View Me Edit Me