Life ConnectLife Connect
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
  • Backend (Java / Spring Boot)

    • adb
    • adb-persons
    • adb-parts
    • adb-contracts
    • adb-accounting
    • adb-files
    • adb-utilities
    • adb-aggregates
    • adb-views
    • adb-reports
  • Frontend

    • adb-ui
    • adb-web
  • Infrastructure & tooling

    • adb-charts
    • adb-infrastructure
    • adb-tests-artillery
    • adb-doc
  • External services (out-of-monorepo)

    • adb-tickets
    • adb-notes
    • adb-graph
Last updated 2026-05-21

adb-charts

AI-generated content

This document was generated by an AI assistant. Verify accuracy before relying on the details.

Role

Helm + Terraform repository that orchestrates the deployment of the whole platform on Kubernetes. Multi-cloud (AKS Azure primary, AWS secondary) and multi-environment (dev / int / staging / preprod / prod).

This is where the following are defined:

  • The Kubernetes deployment of each microservice (Deployments, Services, ConfigMaps, Secrets).
  • The Ingress routes (Traefik / Nginx) that expose the public API.
  • Log collection to Elasticsearch (Filebeat).
  • Neo4j provisioning via Terraform.
  • TLS certificate management.

Stack

ItemValue
Helmv3
Terraform(versions per module)
KubernetesAKS (Azure) primary, AWS EKS secondary
LoggingFilebeat → Elasticsearch / ELK
IngressTraefik (ingress-route/) or Nginx depending on env
Log storageManaged Elasticsearch

Structure

adb-charts/
├── charts/
│   ├── services/                 Business services (dev/int/staging)
│   │   └── templates/
│   │       ├── adb-accounting.yaml
│   │       ├── adb-aggregates.yaml
│   │       ├── adb-contracts.yaml
│   │       ├── adb-files.yaml
│   │       ├── adb-parts.yaml
│   │       ├── adb-persons.yaml
│   │       ├── adb-reports.yaml
│   │       ├── adb-tickets.yaml
│   │       ├── adb-ui.yaml
│   │       ├── adb-utilities.yaml
│   │       └── adb-views.yaml
│   ├── services_prod/            Prod variant
│   ├── security/                 Legacy UAA + OAuth scopes
│   ├── filebeat/                 Logs → ELK
│   ├── ingress-route/            Traefik routes (nginx-ingress.yaml)
│   └── cert/                     TLS certificates
├── terraform/                    Neo4j + other infra
├── scripts/                      Cypher scripts for Neo4j
└── mq.md                         RabbitMQ doc for adb-graph

Deployed services

11 services via charts/services/templates/:

ServicePresent in the monorepo
adb-accounting✓
adb-aggregates✓
adb-contracts✓
adb-files✓
adb-parts✓
adb-persons✓
adb-reports✓
adb-tickets✗ (external repo)
adb-ui✓
adb-utilities✓
adb-views✓

Notably absent from the charts (but present in some FQDNs): adb-notes (deprecated), adb-graph (incomplete), adb-notifications.

Deployment architecture

flowchart TB
    subgraph K8s[Kubernetes cluster]
        subgraph Ingress[Traefik / Nginx]
            R1["/persons → adb-persons"]
            R2["/contracts → adb-contracts"]
            R3["/parts → adb-parts"]
            R4["/accounting → adb-accounting"]
            Retc["..."]
        end

        subgraph Services
            P[adb-persons Pod]
            C[adb-contracts Pod]
            Pa[adb-parts Pod]
            A[adb-accounting Pod]
            Etc[... 8 more pods]
        end

        Filebeat[Filebeat DaemonSet]
    end

    Mongo[(MongoDB Atlas<br/>external)]
    S3[(AWS S3<br/>external)]
    SQS[AWS SQS/SNS<br/>external]
    KC[Keycloak]
    ELK[Elasticsearch]

    Internet[Internet] --> Ingress
    R1 --> P
    R2 --> C
    R3 --> Pa
    R4 --> A

    P --> Mongo
    C --> Mongo
    Pa --> Mongo
    A --> Mongo

    A --> S3
    C --> S3

    P -.events.-> SQS
    C -.events.-> SQS

    P --> KC
    C --> KC

    Filebeat --> ELK

    subgraph Neo4j[Neo4j cluster<br/>via Terraform]
        N[Neo4j]
    end

    Adbgraph[adb-graph<br/>outside the monorepo] --> N

Multi-env configuration

Each chart has values-<env>.yaml files:

  • values-dev.yaml
  • values-int.yaml
  • values-staging.yaml
  • values-preprod.yaml
  • values-prod.yaml

Main variables per chart:

  • image.repository / image.tag
  • Resources (CPU, memory)
  • Replicas
  • Env variables (injected from Kubernetes Secrets)
  • Health checks (liveness / readiness probes)
  • Service ports

Ingress routes

charts/ingress-route/templates/nginx-ingress.yaml routes:

  • /persons → adb-persons
  • /parts → adb-parts
  • /contracts → adb-contracts
  • /accounting → adb-accounting
  • /files → adb-files
  • /utilities → adb-utilities
  • /aggregates → adb-aggregates
  • /view → adb-views
  • /reports → adb-reports
  • /tickets → adb-tickets
  • /notes → adb-tickets (redirect — adb-notes deprecated)
  • /ui → adb-ui

Logging

charts/filebeat/ deploys a Filebeat DaemonSet that collects every pod's stdout/stderr and forwards them to Elasticsearch. JSON log pattern (Logstash Logback) parsed automatically.

Terraform

terraform/ is split into environment-specific entry points and reusable modules:

terraform/
├── envs/
│   ├── dev/        → dev cluster (AKS)
│   ├── int/        → integration cluster
│   ├── kind/       → local kind cluster (CI)
│   ├── prod/       → production cluster
│   └── staging/    → staging cluster
└── services/       → reusable module (secrets, ingress, certs, service deployments)
    ├── secrets.tf          Kubernetes Secrets (Keycloak, MongoDB, AWS, INSEE, SendGrid, …)
    ├── variables.tf        All input variables (credentials, queue URLs, env name, …)
    ├── adb-services.tf     Kubernetes Deployments + Services for all microservices
    ├── adb-ingress-route.tf Traefik IngressRoute definitions
    ├── adb-cert.tf         cert-manager Certificate resources
    ├── adb-security.tf     Keycloak / OAuth2 client resources
    ├── adb-filebeat.tf     Filebeat DaemonSet for log shipping
    └── cert-manager.tf     cert-manager installation (Helm release)

The secrets.tf file in terraform/services/ is the authoritative list of all secrets injected into pods at runtime. It covers: Keycloak client credentials, MongoDB URI, AWS access keys, SQS/SNS queue URLs, S3 bucket names, SendGrid API key, INSEE API credentials, and DocaPost credentials. Variable declarations live in variables.tf and are populated per-environment in the corresponding envs/<env>/ directory.

Associated Cypher scripts for Neo4j provisioning: scripts/cypher_r4.cypher.

Documentation

  • terraform.md — Terraform guide
  • mq.md — RabbitMQ config for adb-graph (exchanges, queues, DLX)

Links

  • Code: adb-charts/
  • Service charts: adb-charts/charts/services/templates/
  • Ingress: adb-charts/charts/ingress-route/templates/nginx-ingress.yaml
  • RabbitMQ doc: adb-charts/mq.md
Edit this page
Last Updated:
Contributors: Yevhenii Khudolii
Next
adb-infrastructure