IAM Service Chart
The IAM (Identity and Access Management) service handles authentication, authorization, user management, and RBAC for the MATIH platform.
Chart Configuration
# From matih-control-plane/values.yaml
iam-service:
enabled: true
replicaCount: 2
image:
repository: iam-service
tag: ""
service:
type: ClusterIP
port: 8080
ingress:
enabled: true
className: kong
annotations:
konghq.com/strip-path: "false"
konghq.com/protocols: "https"
hosts:
- host: api.matih.ai
paths:
- path: /api/v1/auth
pathType: Prefix
- path: /api/v1/users
pathType: Prefix
- path: /api/v1/roles
pathType: Prefix
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 80
config:
jwt:
accessTokenExpiry: 3600
refreshTokenExpiry: 604800
password:
minLength: 12
requireSpecialChar: true
lockout:
maxAttempts: 5
durationMinutes: 30Key Features
- JWT Authentication: Issues and validates JWT tokens with configurable expiry
- RBAC Engine: Role-based access control with hierarchical permissions
- Account Lockout: Automatic lockout after failed authentication attempts
- Password Policy: Configurable minimum length and complexity requirements
- Multi-Tenant: Tenant-scoped user management and role assignments
Health Probes
Uses the standard Spring Boot Actuator endpoints inherited from the base chart:
| Probe | Path | Interval |
|---|---|---|
| Startup | /actuator/health/liveness | 10s (max 300s) |
| Liveness | /actuator/health/liveness | 10s |
| Readiness | /actuator/health/readiness | 5s |