adb-charts
AI-generated content
This document was generated by an AI assistant. Verify accuracy before relying on the details.
Role
Helm + Terraform repository that orchestrates the deployment of the whole platform on Kubernetes. Multi-cloud (AKS Azure primary, AWS secondary) and multi-environment (dev / int / staging / preprod / prod).
This is where the following are defined:
- The Kubernetes deployment of each microservice (Deployments, Services, ConfigMaps, Secrets).
- The Ingress routes (Traefik / Nginx) that expose the public API.
- Log collection to Elasticsearch (Filebeat).
- Neo4j provisioning via Terraform.
- TLS certificate management.
Stack
| Item | Value |
|---|---|
| Helm | v3 |
| Terraform | (versions per module) |
| Kubernetes | AKS (Azure) primary, AWS EKS secondary |
| Logging | Filebeat → Elasticsearch / ELK |
| Ingress | Traefik (ingress-route/) or Nginx depending on env |
| Log storage | Managed Elasticsearch |
Structure
adb-charts/
├── charts/
│ ├── services/ Business services (dev/int/staging)
│ │ └── templates/
│ │ ├── adb-accounting.yaml
│ │ ├── adb-aggregates.yaml
│ │ ├── adb-contracts.yaml
│ │ ├── adb-files.yaml
│ │ ├── adb-parts.yaml
│ │ ├── adb-persons.yaml
│ │ ├── adb-reports.yaml
│ │ ├── adb-tickets.yaml
│ │ ├── adb-ui.yaml
│ │ ├── adb-utilities.yaml
│ │ └── adb-views.yaml
│ ├── services_prod/ Prod variant
│ ├── security/ Legacy UAA + OAuth scopes
│ ├── filebeat/ Logs → ELK
│ ├── ingress-route/ Traefik routes (nginx-ingress.yaml)
│ └── cert/ TLS certificates
├── terraform/ Neo4j + other infra
├── scripts/ Cypher scripts for Neo4j
└── mq.md RabbitMQ doc for adb-graph
Deployed services
11 services via charts/services/templates/:
| Service | Present in the monorepo |
|---|---|
adb-accounting | ✓ |
adb-aggregates | ✓ |
adb-contracts | ✓ |
adb-files | ✓ |
adb-parts | ✓ |
adb-persons | ✓ |
adb-reports | ✓ |
adb-tickets | ✗ (external repo) |
adb-ui | ✓ |
adb-utilities | ✓ |
adb-views | ✓ |
Notably absent from the charts (but present in some FQDNs): adb-notes (deprecated), adb-graph (incomplete), adb-notifications.
Deployment architecture
flowchart TB
subgraph K8s[Kubernetes cluster]
subgraph Ingress[Traefik / Nginx]
R1["/persons → adb-persons"]
R2["/contracts → adb-contracts"]
R3["/parts → adb-parts"]
R4["/accounting → adb-accounting"]
Retc["..."]
end
subgraph Services
P[adb-persons Pod]
C[adb-contracts Pod]
Pa[adb-parts Pod]
A[adb-accounting Pod]
Etc[... 8 more pods]
end
Filebeat[Filebeat DaemonSet]
end
Mongo[(MongoDB Atlas<br/>external)]
S3[(AWS S3<br/>external)]
SQS[AWS SQS/SNS<br/>external]
KC[Keycloak]
ELK[Elasticsearch]
Internet[Internet] --> Ingress
R1 --> P
R2 --> C
R3 --> Pa
R4 --> A
P --> Mongo
C --> Mongo
Pa --> Mongo
A --> Mongo
A --> S3
C --> S3
P -.events.-> SQS
C -.events.-> SQS
P --> KC
C --> KC
Filebeat --> ELK
subgraph Neo4j[Neo4j cluster<br/>via Terraform]
N[Neo4j]
end
Adbgraph[adb-graph<br/>outside the monorepo] --> N
Multi-env configuration
Each chart has values-<env>.yaml files:
values-dev.yamlvalues-int.yamlvalues-staging.yamlvalues-preprod.yamlvalues-prod.yaml
Main variables per chart:
image.repository/image.tag- Resources (CPU, memory)
- Replicas
- Env variables (injected from Kubernetes Secrets)
- Health checks (liveness / readiness probes)
- Service ports
Ingress routes
charts/ingress-route/templates/nginx-ingress.yaml routes:
/persons→adb-persons/parts→adb-parts/contracts→adb-contracts/accounting→adb-accounting/files→adb-files/utilities→adb-utilities/aggregates→adb-aggregates/view→adb-views/reports→adb-reports/tickets→adb-tickets/notes→adb-tickets(redirect —adb-notesdeprecated)/ui→adb-ui
Logging
charts/filebeat/ deploys a Filebeat DaemonSet that collects every pod's stdout/stderr and forwards them to Elasticsearch. JSON log pattern (Logstash Logback) parsed automatically.
Terraform
terraform/ is split into environment-specific entry points and reusable modules:
terraform/
├── envs/
│ ├── dev/ → dev cluster (AKS)
│ ├── int/ → integration cluster
│ ├── kind/ → local kind cluster (CI)
│ ├── prod/ → production cluster
│ └── staging/ → staging cluster
└── services/ → reusable module (secrets, ingress, certs, service deployments)
├── secrets.tf Kubernetes Secrets (Keycloak, MongoDB, AWS, INSEE, SendGrid, …)
├── variables.tf All input variables (credentials, queue URLs, env name, …)
├── adb-services.tf Kubernetes Deployments + Services for all microservices
├── adb-ingress-route.tf Traefik IngressRoute definitions
├── adb-cert.tf cert-manager Certificate resources
├── adb-security.tf Keycloak / OAuth2 client resources
├── adb-filebeat.tf Filebeat DaemonSet for log shipping
└── cert-manager.tf cert-manager installation (Helm release)
The secrets.tf file in terraform/services/ is the authoritative list of all secrets injected into pods at runtime. It covers: Keycloak client credentials, MongoDB URI, AWS access keys, SQS/SNS queue URLs, S3 bucket names, SendGrid API key, INSEE API credentials, and DocaPost credentials. Variable declarations live in variables.tf and are populated per-environment in the corresponding envs/<env>/ directory.
Associated Cypher scripts for Neo4j provisioning: scripts/cypher_r4.cypher.
Documentation
terraform.md— Terraform guidemq.md— RabbitMQ config foradb-graph(exchanges, queues, DLX)
Links
- Code:
adb-charts/ - Service charts:
adb-charts/charts/services/templates/ - Ingress:
adb-charts/charts/ingress-route/templates/nginx-ingress.yaml - RabbitMQ doc:
adb-charts/mq.md