valitydev/helmsdeep
14
0
Fork 0
mirror of https://github.com/valitydev/helmsdeep.git synced 2024-11-06 00:45:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Changes (#246)

Browse Source 
* Ch values added

* initdb-related fixes

* no optional

* vault fix for k8s 1.21

* policy add

* configurable replicas count

* typo fix

* add new env

* fix ingressclass

* return correct config

* policy refactor

* add FRONTURL for realms

* refactor papi

* add cnp

* bump deps

* delete useless cnp

* new service

* comment l7 cnp

* add needed cnp

* move vhost to ingress

* ZK label for cnp

* change create time for fixing UpdatePassword

* delete ns from cnp

* bump

* last policy

Co-authored-by: i.panteleev <i.panteleev@rbk.money>
Co-authored-by: Dmitry Skokov <d.skokov@rbkmoney.com>
This commit is contained in:
vilorij 2021-11-15 04:38:10 +03:00 committed by GitHub
parent 01b16b6398
commit 18ebb1541f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
82 changed files with 971 additions and 3361 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1 +1,2 @@
.idea/
.idea/
prod*

2
config/analytics/entrypoint.sh.gotmpl
View File

@ -48,4 +48,4 @@ java \
--logging.level.com.rbkmoney.analytics.listener.handler.party.PartyMachineEventHandler=DEBUG \
--logging.level.com.rbkmoney.analytics.listener.mapper.party.ContractorCreatedHandler=DEBUG \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

68
config/analytics/values.yaml.gotmpl
View File

@ -39,7 +39,7 @@ secret:
postgres.db.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/analytics?sslmode=disable
postgres.db.user={{ .Values.services.postgres.uniUser }}
postgres.db.password={{ .Values.services.postgres.uniPassword }}
clickhouse.db.url=jdbc:clickhouse://chi-demo-cluster-0-0:8123/analytic
clickhouse.db.url=jdbc:clickhouse://clickhouse:8123/analytic
clickhouse.db.user=analytic
clickhouse.db.password=hackme
{{- end }}
@ -136,7 +136,7 @@ podAnnotations:
postgres.db.url=jdbc:postgresql://postgres-postgresql:5432/analytics?sslmode=disable
postgres.db.user={{ .Data.username }}
postgres.db.password={{ .Data.password }}
clickhouse.db.url=jdbc:clickhouse://chi-demo-cluster-0-0:8123/analytic
clickhouse.db.url=jdbc:clickhouse://clickhouse:8123/analytic
clickhouse.db.user=analytic
clickhouse.db.password=hackme
{{- end }}`}}
@ -158,9 +158,37 @@ ciliumPolicies:
- port: 5432
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 9092
type: TCP
name: kafka
- filters:
- port: 8123
type: TCP
name: clickhouse
- filters:
- port: 8200
type: TCP
name: vault
- filters:
- port: 8022
type: TCP
name: columbus
- filters:
- port: 8022
type: TCP
name: hellgate
- filters:
- port: 8022
type: TCP
name: payouter
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
{{/*
rules:
kafka:
- role: consume
@ -168,36 +196,4 @@ ciliumPolicies:
- mg-events-invoice
- payout
- mg-events-party
type: TCP
name: kafka
namespace: {{ .Release.Namespace }}
- filters:
- port: 8123
type: TCP
name: clickhouse
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: columbus
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: payouter
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
*/}}

14
config/anapi/values.yaml.gotmpl
View File

@ -106,3 +106,17 @@ ingress:
- api.{{ $ingressDomain | default "rbk.dev" }}
{{- end }}
servicePort: 8080
ciliumPolicies:
- filters:
- port: 8080
type: TCP
name: keycloak
- filters:
- port: 8022
type: TCP
name: analytics
- filters:
- port: 8022
type: TCP
name: magista

1
config/bender/values.yaml.gotmpl
View File

@ -53,4 +53,3 @@ ciliumPolicies:
- port: 8022
type: TCP
name: machinegun
namespace: {{ .Release.Namespace }}

8
config/binapi/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.pcidss.replicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/binapi
@ -114,3 +114,9 @@ ingress:
- api.{{ $ingressDomain | default "rbk.dev" }}
{{- end }}
servicePort: 8080
ciliumPolicies:
- filters:
- port: 8080
type: TCP
name: keycloak

2
config/binbase/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.pcidss.replicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/binbase-test-data

2
config/bouncer-policies/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/bouncer-policies

3
config/bouncer/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/bouncer
@ -52,4 +52,3 @@ ciliumPolicies:
- port: 8181
type: TCP
name: bouncer-policies
namespace: {{ .Release.Namespace }}

19
config/capi-pcidss-v2/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.pcidss.replicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/capi_pcidss-v2
@ -134,28 +134,27 @@ ciliumPolicies:
- port: 8080
type: TCP
name: keycloak
- filters:
- port: 8022
type: TCP
name: binbase
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: bender
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: cds
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: bouncer
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: binbase
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
- filters:
- port: 8022
type: TCP
name: token-keeper

7
config/capi-v1/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/capi-v1
@ -125,24 +125,19 @@ ciliumPolicies:
- port: 8080
type: TCP
name: keycloak
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: bender
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: shumway
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}

13
config/capi-v2/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/capi-v2
@ -121,44 +121,35 @@ ciliumPolicies:
- port: 8080
type: TCP
name: keycloak
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: bender
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: shumway
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: bouncer
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: party-management
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hooker
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hooker
namespace: {{ .Release.Namespace }}
name: token-keeper

4
config/cds/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.pcidss.replicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/cds
@ -73,11 +73,9 @@ ciliumPolicies:
- port: 8087
type: TCP
name: riak
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
- port: 8023
type: TCP
name: kds
namespace: {{ .Release.Namespace }}

11
config/claim-api/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/claim-management-api
@ -122,20 +122,19 @@ ciliumPolicies:
- port: 8022
type: TCP
name: claim-management
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: org-manager
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: party-management
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: bouncer
namespace: {{ .Release.Namespace }}
- filters:
- port: 8080
type: TCP
name: keycloak

2
config/claim-management/entrypoint.sh.gotmpl
View File

@ -31,4 +31,4 @@ java \
--claim-management.committers[0].uri=http://hellgate:8022/v1/processing/claim_committer \
--claim-management.committers[0].timeout=60000 \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

30
config/claim-management/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/claim-management
@ -119,25 +119,23 @@ ciliumPolicies:
- port: 5432
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 9092
type: TCP
name: kafka
- filters:
- port: 8200
type: TCP
name: vault
- filters:
- port: 8022
type: TCP
name: hellgate
{{/*
rules:
kafka:
- role: consume
topics:
- claim-event-sink
type: TCP
name: kafka
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}
*/}}

500
config/clickhouse/CH_db
View File

@ -1,500 +0,0 @@
CREATE DATABASE IF NOT EXISTS analytic;
CREATE TABLE analytic.chargeback (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
tokenProvider String,
status Enum8('accepted' = 1, 'rejected' = 2, 'cancelled' = 3),
category Enum8('fraud' = 1, 'dispute' = 2, 'authorisation' = 3, 'processing_error' = 4),
chargebackCode String,
paymentId String
) ENGINE = ReplacingMergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, category, status, currency, providerId, fingerprint, cardToken, id, paymentId);
CREATE TABLE analytic.events_p_to_p (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
identityId String,
transferId String,
ip String,
email String,
bin String,
fingerprint String,
amount UInt64,
currency String,
country String,
bankCountry String,
maskedPan String,
bankName String,
cardTokenFrom String,
cardTokenTo String,
resultStatus String,
checkedRule String,
checkedTemplate String
) ENGINE = MergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, identityId, cardTokenFrom, cardTokenTo, bin, fingerprint, currency);
CREATE TABLE analytic.events_sink (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
partyId String,
shopId String,
email String,
providerName String,
amount UInt64,
guaranteeDeposit UInt64,
systemFee UInt64,
providerFee UInt64,
externalFee UInt64,
currency String,
status Enum8('pending' = 1, 'processed' = 2, 'captured' = 3, 'cancelled' = 4, 'failed' = 5),
errorReason String,
errorCode String,
invoiceId String,
paymentId String,
sequenceId UInt64,
ip String,
bin String,
maskedPan String,
paymentTool String,
fingerprint String,
cardToken String,
paymentSystem String,
digitalWalletProvider String,
digitalWalletToken String,
cryptoCurrency String,
mobileOperator String,
paymentCountry String,
bankCountry String,
paymentTime UInt64,
providerId String,
terminal String,
cardHolderName String DEFAULT 'UNKNOWN',
bankCardTokenProvider String,
riskScore String,
rrn String,
paymentTerminal String
) ENGINE = ReplacingMergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, paymentTool, status, currency, providerName, fingerprint, cardToken, invoiceId, paymentId, sequenceId);
CREATE TABLE analytic.events_sink_payout (
payoutId String,
status Enum8('unpaid' = 1, 'paid' = 2, 'cancelled' = 3, 'confirmed' = 4),
payoutType Enum8('bank_account' = 1, 'wallet' = 2),
statusCancelledDetails String,
isCancelledAfterBeingPaid UInt8,
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
payoutTime UInt64,
shopId String,
partyId String,
contractId String,
amount UInt64,
fee UInt64,
currency String,
walletId String,
accountType Enum8('russian_payout_account' = 1, 'international_payout_account' = 2, 'UNKNOWN' = 3),
purpose String,
legalAgreementSignedAt UInt64,
legalAgreementId String,
legalAgreementValidUntil UInt64,
russianAccount String,
russianBankName String,
russianBankPostAccount String,
russianBankBik String,
russianInn String,
internationalAccountHolder String,
internationalBankName String,
internationalBankAddress String,
internationalIban String,
internationalBic String,
internationalLocalBankCode String,
internationalLegalEntityLegalName String,
internationalLegalEntityTradingName String,
internationalLegalEntityRegisteredAddress String,
internationalLegalEntityActualAddress String,
internationalLegalEntityRegisteredNumber String,
internationalBankNumber String,
internationalBankAbaRtn String,
internationalBankCountryCode String,
internationalCorrespondentBankNumber String,
internationalCorrespondentBankAccount String,
internationalCorrespondentBankName String,
internationalCorrespondentBankAddress String,
internationalCorrespondentBankBic String,
internationalCorrespondentBankIban String,
internationalCorrespondentBankAbaRtn String,
internationalCorrespondentBankCountryCode String
) ENGINE = ReplacingMergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, status, payoutId, currency, accountType, payoutType, contractId, walletId);
CREATE TABLE analytic.events_sink_refund (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
partyId String,
shopId String,
email String,
providerName String,
amount UInt64,
guaranteeDeposit UInt64,
systemFee UInt64,
providerFee UInt64,
externalFee UInt64,
currency String,
reason String,
status Enum8('pending' = 1, 'succeeded' = 2, 'failed' = 3),
errorReason String,
errorCode String,
invoiceId String,
refundId String,
paymentId String,
sequenceId UInt64,
ip String,
fingerprint String,
cardToken String,
paymentSystem String,
digitalWalletProvider String,
digitalWalletToken String,
cryptoCurrency String,
mobileOperator String,
paymentCountry String,
bankCountry String,
paymentTime UInt64,
providerId String,
terminal String
) ENGINE = ReplacingMergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, status, currency, providerName, fingerprint, cardToken, invoiceId, paymentId, refundId, sequenceId);
CREATE TABLE analytic.events_unique (
timestamp Date,
eventTimeHour UInt64,
eventTime UInt64,
payerType String,
tokenProvider String,
partyId String,
shopId String,
ip String,
email String,
bin String,
fingerprint String,
resultStatus String,
amount UInt64,
country String,
checkedRule String,
bankCountry String,
currency String,
invoiceId String,
maskedPan String,
bankName String,
cardToken String,
paymentId String,
mobile UInt8,
recurrent UInt8,
checkedTemplate String
) ENGINE = MergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, bin, resultStatus, cardToken, email, ip, fingerprint) TTL timestamp + toIntervalMonth(3);
CREATE TABLE analytic.fraud_payment (
timestamp Date,
id String,
eventTime String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
paymentToolType String,
cardToken String,
paymentSystem String,
maskedPan String,
issuerCountry String,
email String,
ip String,
fingerprint String,
status String,
rrn String,
providerId UInt32,
terminalId UInt32,
tempalateId String,
description String,
fraudType String,
comment String
) ENGINE = MergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (partyId, shopId, paymentToolType, status, currency, providerId, fingerprint, cardToken, id);
CREATE TABLE analytic.payment (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
payerType String,
tokenProvider String,
amount UInt64,
currency String,
checkedTemplate String,
checkedRule String,
resultStatus String,
checkedResultsJson String,
mobile UInt8,
recurrent UInt8,
status Enum8('pending' = 1, 'processed' = 2, 'captured' = 3, 'cancelled' = 4, 'failed' = 5),
errorReason String,
errorCode String,
paymentCountry String
) ENGINE = ReplacingMergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, paymentTool, status, currency, providerId, fingerprint, cardToken, id);
CREATE TABLE analytic.refund (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
tokenProvider String,
status Enum8('pending' = 1, 'succeeded' = 2, 'failed' = 3),
errorReason String,
errorCode String,
paymentId String
) ENGINE = ReplacingMergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, status, currency, providerId, fingerprint, cardToken, id, paymentId);
CREATE DATABASE IF NOT EXISTS fraud;
CREATE TABLE fraud.chargeback (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
tokenProvider String,
status Enum8('accepted' = 1, 'rejected' = 2, 'cancelled' = 3),
category Enum8('fraud' = 1, 'dispute' = 2, 'authorisation' = 3, 'processing_error' = 4),
chargebackCode String,
paymentId String
) ENGINE = ReplacingMergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, category, status, currency, providerId, fingerprint, cardToken, id, paymentId);
CREATE TABLE fraud.events_p_to_p (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
identityId String,
transferId String,
ip String,
email String,
bin String,
fingerprint String,
amount UInt64,
currency String,
country String,
bankCountry String,
maskedPan String,
bankName String,
cardTokenFrom String,
cardTokenTo String,
resultStatus String,
checkedRule String,
checkedTemplate String
) ENGINE = MergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, identityId, cardTokenFrom, cardTokenTo, bin, fingerprint, currency);
CREATE TABLE fraud.events_unique (
timestamp Date,
eventTimeHour UInt64,
eventTime UInt64,
payerType String,
tokenProvider String,
partyId String,
shopId String,
ip String,
email String,
bin String,
fingerprint String,
resultStatus String,
amount UInt64,
country String,
checkedRule String,
bankCountry String,
currency String,
invoiceId String,
maskedPan String,
bankName String,
cardToken String,
paymentId String,
mobile UInt8,
recurrent UInt8,
checkedTemplate String
) ENGINE = MergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, bin, resultStatus, cardToken, email, ip, fingerprint) TTL timestamp + toIntervalMonth(3);
CREATE TABLE fraud.fraud_payment (
timestamp Date,
id String,
eventTime String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
paymentToolType String,
cardToken String,
paymentSystem String,
maskedPan String,
issuerCountry String,
email String,
ip String,
fingerprint String,
status String,
rrn String,
providerId UInt32,
terminalId UInt32,
tempalateId String,
description String,
fraudType String,
comment String
) ENGINE = MergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (partyId, shopId, paymentToolType, status, currency, providerId, fingerprint, cardToken, id);
CREATE TABLE fraud.payment (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
payerType String,
tokenProvider String,
amount UInt64,
currency String,
checkedTemplate String,
checkedRule String,
resultStatus String,
checkedResultsJson String,
mobile UInt8,
recurrent UInt8,
status Enum8('pending' = 1, 'processed' = 2, 'captured' = 3, 'cancelled' = 4, 'failed' = 5),
errorReason String,
errorCode String,
paymentCountry String
) ENGINE = ReplacingMergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, paymentTool, status, currency, providerId, fingerprint, cardToken, id);
CREATE TABLE fraud.refund (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
tokenProvider String,
status Enum8('pending' = 1, 'succeeded' = 2, 'failed' = 3),
errorReason String,
errorCode String,
paymentId String
) ENGINE = ReplacingMergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, status, currency, providerId, fingerprint, cardToken, id, paymentId);

50
config/clickhouse/cluster-define.yaml
View File

@ -1,50 +0,0 @@
apiVersion: "clickhouse.altinity.com/v1"
kind: "ClickHouseInstallation"
metadata:
name: "demo"
spec:
configuration:
clusters:
- name: "cluster"
# Templates are specified for this cluster explicitly
templates:
podTemplate: pod-template-with-volumes
layout:
shardsCount: 1
replicasCount: 1
users:
analytic/networks/ip: "::/0"
analytic/password: hackme
analytic/profile: default
fraud/networks/ip: "::/0"
fraud/password: hackme
fraud/profile: default
templates:
podTemplates:
- name: pod-template-with-volumes
spec:
containers:
- name: clickhouse
image: yandex/clickhouse-server:19.17
volumeMounts:
- name: data-storage-vc-template
mountPath: /var/lib/clickhouse
- name: log-storage-vc-template
mountPath: /var/log/clickhouse-server
volumeClaimTemplates:
- name: data-storage-vc-template
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
- name: log-storage-vc-template
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

2264
config/clickhouse/operator.yaml
View File

File diff suppressed because it is too large Load Diff

589
config/clickhouse/values.yaml.gotmpl Normal file
View File

@ -0,0 +1,589 @@
# -*- mode: yaml -*-
clusterName: "rbkmoney"
shardsCount: 1
replicasCount: 1
replicasUseFQDN: "no"
zookeeper:
- host: kafka-zookeeper
port: 2181
users:
- username: analytic
password: hackme
profile: default
databases:
- analytic
networks:
- "::/0"
- username: fraud
password: hackme
profile: default
databases:
- fraud
networks:
- "::/0"
configMap:
data:
01_create_databases.sh: |
#!/bin/bash
sleep 60
set -e
clickhouse client -n <<-EOSQL
CREATE DATABASE IF NOT EXISTS analytic;
CREATE DATABASE IF NOT EXISTS fraud;
EOSQL
02_create_tables.sh: |
#!/bin/bash
set -e
clickhouse client -n <<-EOSQL
CREATE TABLE IF NOT EXISTS analytic.chargeback_local (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
tokenProvider String,
status Enum8('accepted' = 1, 'rejected' = 2, 'cancelled' = 3),
category Enum8('fraud' = 1, 'dispute' = 2, 'authorisation' = 3, 'processing_error' = 4),
chargebackCode String,
paymentId String
) ENGINE = ReplicatedReplacingMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, category, status, currency, providerId, fingerprint, cardToken, id, paymentId);
CREATE TABLE IF NOT EXISTS analytic.chargeback on cluster '{cluster}' AS analytic.chargeback_local
ENGINE = Distributed('{cluster}', analytic, chargeback_local, rand());
CREATE TABLE IF NOT EXISTS analytic.events_p_to_p_local (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
identityId String,
transferId String,
ip String,
email String,
bin String,
fingerprint String,
amount UInt64,
currency String,
country String,
bankCountry String,
maskedPan String,
bankName String,
cardTokenFrom String,
cardTokenTo String,
resultStatus String,
checkedRule String,
checkedTemplate String
) ENGINE = ReplicatedMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, identityId, cardTokenFrom, cardTokenTo, bin, fingerprint, currency);
CREATE TABLE IF NOT EXISTS analytic.events_p_to_p on cluster '{cluster}' AS analytic.events_p_to_p_local
ENGINE = Distributed('{cluster}', analytic, events_p_to_p_local, rand());
CREATE TABLE IF NOT EXISTS analytic.events_sink_local (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
partyId String,
shopId String,
email String,
providerName String,
amount UInt64,
guaranteeDeposit UInt64,
systemFee UInt64,
providerFee UInt64,
externalFee UInt64,
currency String,
status Enum8('pending' = 1, 'processed' = 2, 'captured' = 3, 'cancelled' = 4, 'failed' = 5),
errorReason String,
errorCode String,
invoiceId String,
paymentId String,
sequenceId UInt64,
ip String,
bin String,
maskedPan String,
paymentTool String,
fingerprint String,
cardToken String,
paymentSystem String,
digitalWalletProvider String,
digitalWalletToken String,
cryptoCurrency String,
mobileOperator String,
paymentCountry String,
bankCountry String,
paymentTime UInt64,
providerId String,
terminal String,
cardHolderName String DEFAULT 'UNKNOWN',
bankCardTokenProvider String,
riskScore String,
rrn String,
paymentTerminal String
) ENGINE = ReplicatedReplacingMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, paymentTool, status, currency, providerName, fingerprint, cardToken, invoiceId, paymentId, sequenceId);
CREATE TABLE IF NOT EXISTS analytic.events_sink on cluster '{cluster}' AS analytic.events_sink_local
ENGINE = Distributed('{cluster}', analytic, events_sink_local, rand());
CREATE TABLE IF NOT EXISTS analytic.events_sink_payout_local (
payoutId String,
status Enum8('unpaid' = 1, 'paid' = 2, 'cancelled' = 3, 'confirmed' = 4),
payoutType Enum8('bank_account' = 1, 'wallet' = 2),
statusCancelledDetails String,
isCancelledAfterBeingPaid UInt8,
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
payoutTime UInt64,
shopId String,
partyId String,
contractId String,
amount UInt64,
fee UInt64,
currency String,
walletId String,
accountType Enum8('russian_payout_account' = 1, 'international_payout_account' = 2, 'UNKNOWN' = 3),
purpose String,
legalAgreementSignedAt UInt64,
legalAgreementId String,
legalAgreementValidUntil UInt64,
russianAccount String,
russianBankName String,
russianBankPostAccount String,
russianBankBik String,
russianInn String,
internationalAccountHolder String,
internationalBankName String,
internationalBankAddress String,
internationalIban String,
internationalBic String,
internationalLocalBankCode String,
internationalLegalEntityLegalName String,
internationalLegalEntityTradingName String,
internationalLegalEntityRegisteredAddress String,
internationalLegalEntityActualAddress String,
internationalLegalEntityRegisteredNumber String,
internationalBankNumber String,
internationalBankAbaRtn String,
internationalBankCountryCode String,
internationalCorrespondentBankNumber String,
internationalCorrespondentBankAccount String,
internationalCorrespondentBankName String,
internationalCorrespondentBankAddress String,
internationalCorrespondentBankBic String,
internationalCorrespondentBankIban String,
internationalCorrespondentBankAbaRtn String,
internationalCorrespondentBankCountryCode String
) ENGINE = ReplicatedReplacingMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, status, payoutId, currency, accountType, payoutType, contractId, walletId);
CREATE TABLE IF NOT EXISTS analytic.events_sink_payout on cluster '{cluster}' AS analytic.events_sink_payout_local
ENGINE = Distributed('{cluster}', analytic, events_sink_payout_local, rand());
CREATE TABLE IF NOT EXISTS analytic.events_sink_refund_local (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
partyId String,
shopId String,
email String,
providerName String,
amount UInt64,
guaranteeDeposit UInt64,
systemFee UInt64,
providerFee UInt64,
externalFee UInt64,
currency String,
reason String,
status Enum8('pending' = 1, 'succeeded' = 2, 'failed' = 3),
errorReason String,
errorCode String,
invoiceId String,
refundId String,
paymentId String,
sequenceId UInt64,
ip String,
fingerprint String,
cardToken String,
paymentSystem String,
digitalWalletProvider String,
digitalWalletToken String,
cryptoCurrency String,
mobileOperator String,
paymentCountry String,
bankCountry String,
paymentTime UInt64,
providerId String,
terminal String
) ENGINE = ReplicatedReplacingMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, status, currency, providerName, fingerprint, cardToken, invoiceId, paymentId, refundId, sequenceId);
CREATE TABLE IF NOT EXISTS analytic.events_sink_refund on cluster '{cluster}' AS analytic.events_sink_refund_local
ENGINE = Distributed('{cluster}', analytic, events_sink_refund_local, rand());
CREATE TABLE IF NOT EXISTS analytic.events_unique_local (
timestamp Date,
eventTimeHour UInt64,
eventTime UInt64,
payerType String,
tokenProvider String,
partyId String,
shopId String,
ip String,
email String,
bin String,
fingerprint String,
resultStatus String,
amount UInt64,
country String,
checkedRule String,
bankCountry String,
currency String,
invoiceId String,
maskedPan String,
bankName String,
cardToken String,
paymentId String,
mobile UInt8,
recurrent UInt8,
checkedTemplate String
) ENGINE = ReplicatedMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, bin, resultStatus, cardToken, email, ip, fingerprint) TTL timestamp + toIntervalMonth(3);
CREATE TABLE IF NOT EXISTS analytic.events_unique on cluster '{cluster}' AS analytic.events_unique_local
ENGINE = Distributed('{cluster}', analytic, events_unique_local, rand());
CREATE TABLE IF NOT EXISTS analytic.fraud_payment_local (
timestamp Date,
id String,
eventTime String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
paymentToolType String,
cardToken String,
paymentSystem String,
maskedPan String,
issuerCountry String,
email String,
ip String,
fingerprint String,
status String,
rrn String,
providerId UInt32,
terminalId UInt32,
tempalateId String,
description String,
fraudType String,
comment String
) ENGINE = ReplicatedMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (partyId, shopId, paymentToolType, status, currency, providerId, fingerprint, cardToken, id);
CREATE TABLE IF NOT EXISTS analytic.fraud_payment on cluster '{cluster}' AS analytic.fraud_payment_local
ENGINE = Distributed('{cluster}', analytic, fraud_payment_local, rand());
CREATE TABLE IF NOT EXISTS analytic.payment_local (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
payerType String,
tokenProvider String,
amount UInt64,
currency String,
checkedTemplate String,
checkedRule String,
resultStatus String,
checkedResultsJson String,
mobile UInt8,
recurrent UInt8,
status Enum8('pending' = 1, 'processed' = 2, 'captured' = 3, 'cancelled' = 4, 'failed' = 5),
errorReason String,
errorCode String,
paymentCountry String
) ENGINE = ReplicatedReplacingMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, paymentTool, status, currency, providerId, fingerprint, cardToken, id);
CREATE TABLE IF NOT EXISTS analytic.payment on cluster '{cluster}' AS analytic.payment_local
ENGINE = Distributed('{cluster}', analytic, payment_local, rand());
CREATE TABLE IF NOT EXISTS analytic.refund_local (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
tokenProvider String,
status Enum8('pending' = 1, 'succeeded' = 2, 'failed' = 3),
errorReason String,
errorCode String,
paymentId String
) ENGINE = ReplicatedReplacingMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, status, currency, providerId, fingerprint, cardToken, id, paymentId);
CREATE TABLE IF NOT EXISTS analytic.refund on cluster '{cluster}' AS analytic.refund_local
ENGINE = Distributed('{cluster}', analytic, refund_local, rand());
CREATE TABLE IF NOT EXISTS fraud.chargeback_local (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
tokenProvider String,
status Enum8('accepted' = 1, 'rejected' = 2, 'cancelled' = 3),
category Enum8('fraud' = 1, 'dispute' = 2, 'authorisation' = 3, 'processing_error' = 4),
chargebackCode String,
paymentId String
) ENGINE = ReplicatedReplacingMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, category, status, currency, providerId, fingerprint, cardToken, id, paymentId);
CREATE TABLE IF NOT EXISTS fraud.chargeback on cluster '{cluster}' AS fraud.chargeback_local
ENGINE = Distributed('{cluster}', fraud, chargeback_local, rand());
CREATE TABLE IF NOT EXISTS fraud.events_p_to_p_local (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
identityId String,
transferId String,
ip String,
email String,
bin String,
fingerprint String,
amount UInt64,
currency String,
country String,
bankCountry String,
maskedPan String,
bankName String,
cardTokenFrom String,
cardTokenTo String,
resultStatus String,
checkedRule String,
checkedTemplate String
) ENGINE = ReplicatedMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, identityId, cardTokenFrom, cardTokenTo, bin, fingerprint, currency);
CREATE TABLE IF NOT EXISTS fraud.events_p_to_p on cluster '{cluster}' AS fraud.events_p_to_p_local
ENGINE = Distributed('{cluster}', fraud, events_p_to_p_local, rand());
CREATE TABLE IF NOT EXISTS fraud.events_unique_local (
timestamp Date,
eventTimeHour UInt64,
eventTime UInt64,
payerType String,
tokenProvider String,
partyId String,
shopId String,
ip String,
email String,
bin String,
fingerprint String,
resultStatus String,
amount UInt64,
country String,
checkedRule String,
bankCountry String,
currency String,
invoiceId String,
maskedPan String,
bankName String,
cardToken String,
paymentId String,
mobile UInt8,
recurrent UInt8,
checkedTemplate String
) ENGINE = ReplicatedMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, bin, resultStatus, cardToken, email, ip, fingerprint) TTL timestamp + toIntervalMonth(3);
CREATE TABLE IF NOT EXISTS fraud.events_unique on cluster '{cluster}' AS fraud.events_unique_local
ENGINE = Distributed('{cluster}', fraud, events_unique_local, rand());
CREATE TABLE IF NOT EXISTS fraud.fraud_payment_local (
timestamp Date,
id String,
eventTime String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
paymentToolType String,
cardToken String,
paymentSystem String,
maskedPan String,
issuerCountry String,
email String,
ip String,
fingerprint String,
status String,
rrn String,
providerId UInt32,
terminalId UInt32,
tempalateId String,
description String,
fraudType String,
comment String
) ENGINE = ReplicatedMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (partyId, shopId, paymentToolType, status, currency, providerId, fingerprint, cardToken, id);
CREATE TABLE IF NOT EXISTS fraud.fraud_payment on cluster '{cluster}' AS fraud.fraud_payment_local
ENGINE = Distributed('{cluster}', fraud, fraud_payment_local, rand());
CREATE TABLE IF NOT EXISTS fraud.payment_local (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
payerType String,
tokenProvider String,
amount UInt64,
currency String,
checkedTemplate String,
checkedRule String,
resultStatus String,
checkedResultsJson String,
mobile UInt8,
recurrent UInt8,
status Enum8('pending' = 1, 'processed' = 2, 'captured' = 3, 'cancelled' = 4, 'failed' = 5),
errorReason String,
errorCode String,
paymentCountry String
) ENGINE = ReplicatedReplacingMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, paymentTool, status, currency, providerId, fingerprint, cardToken, id);
CREATE TABLE IF NOT EXISTS fraud.payment on cluster '{cluster}' AS fraud.payment_local
ENGINE = Distributed('{cluster}', fraud, payment_local, rand());
CREATE TABLE IF NOT EXISTS fraud.refund_local (
timestamp Date,
eventTime UInt64,
eventTimeHour UInt64,
id String,
email String,
ip String,
fingerprint String,
bin String,
maskedPan String,
cardToken String,
paymentSystem String,
paymentTool String,
terminal String,
providerId String,
bankCountry String,
partyId String,
shopId String,
amount UInt64,
currency String,
payerType String,
tokenProvider String,
status Enum8('pending' = 1, 'succeeded' = 2, 'failed' = 3),
errorReason String,
errorCode String,
paymentId String
) ENGINE = ReplicatedReplacingMergeTree('/clickhouse/{installation}/{cluster}/tables/{shard}/{database}/{table}', '{replica}')
PARTITION BY toYYYYMM(timestamp)
ORDER BY (eventTimeHour, partyId, shopId, status, currency, providerId, fingerprint, cardToken, id, paymentId);
CREATE TABLE IF NOT EXISTS fraud.refund on cluster '{cluster}' AS fraud.refund_local
ENGINE = Distributed('{cluster}', fraud, refund_local, rand());
ciliumPolicies:
- filters:
- port: 2181
type: TCP
name: kafka-zookeeper

2
config/columbus-pg/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/postgres-geodata

2
config/columbus/entrypoint.sh
View File

@ -17,5 +17,5 @@ java \
--spring.flyway.user=postgres \
--spring.flyway.password=postgres \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

2
config/columbus/values.yaml.gotmpl
View File

@ -75,9 +75,7 @@ ciliumPolicies:
- port: 5432
type: TCP
name: columbus-pg
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}

2
config/controlcenter/values.yaml.gotmpl
View File

@ -1,5 +1,5 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/control-center

13
config/dark-api/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/dark-api
@ -122,54 +122,43 @@ ciliumPolicies:
- port: 8022
type: TCP
name: magista
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: claim-management
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: messages
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: questionary-aggr-proxy
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: questionary
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: file-storage
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: cabi
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dudoser
namespace: {{ .Release.Namespace }}
- filters:
- port: 8080
type: TCP
name: keycloak
namespace: {{ .Release.Namespace }}

3
config/dashboard/values.yaml.gotmpl
View File

@ -1,5 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/dashboard

2
config/deanonimus-es/values.yaml
View File

@ -8,6 +8,8 @@ roles:
replicas: 1
minimumMasterNodes: 1
labels:
selector.cilium.rbkmoney/release: deanonimus-es
masterService: deanonimus-es
# extraEnvs:
# - name: discovery.type

2
config/deanonimus/entrypoint.sh.gotmpl
View File

@ -19,4 +19,4 @@ java \
--kafka.error-handler.sleep-time-seconds=5 \
--kafka.error-handler.maxAttempts=-1 \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

42
config/deanonimus/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/deanonimus
@ -146,29 +146,31 @@ ciliumPolicies:
- port: 5432
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 9092
type: TCP
name: kafka
- filters:
- port: 8200
type: TCP
name: vault
- filters:
- port: 8022
type: TCP
name: hellgate
- filters:
- port: 8022
type: TCP
name: cashier
- filters:
- port: 9200
type: TCP
name: deanonimus-es
{{/*
rules:
kafka:
- role: consume
topics:
- claim-event-sink
type: TCP
name: kafka
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: cashier
namespace: {{ .Release.Namespace }}
*/}}

6
config/dominant/init-script.sh
View File

@ -467,10 +467,10 @@ FIXTURE=$(cat <<END
"value": [
{
"source": {
"wallet": 1
"provider": "settlement"
},
"destination": {
"wallet": 3
"merchant": "settlement"
},
"volume": {
"share": {
@ -478,7 +478,7 @@ FIXTURE=$(cat <<END
"p": 1,
"q": 1
},
"of": 1
"of": "operation_amount"
}
}
}

17
config/dominant/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/dominant
@ -83,6 +83,9 @@ ingress:
- host: iddqd.{{ $ingressDomain | default "rbk.dev" }}
paths:
- /v1
- host: idkfa.{{ $ingressDomain | default "rbk.dev" }}
paths:
- /v1
{{- if .Values.services.ingress.tls.enabled }}
tls:
{{ if .Values.services.ingress.tls.letsEncrypt.enabled }}
@ -92,6 +95,13 @@ ingress:
{{- end }}
hosts:
- iddqd.{{ $ingressDomain | default "rbk.dev" }}
{{ if .Values.services.ingress.tls.letsEncrypt.enabled }}
- secretName: idkfa-{{ .Values.services.ingress.tls.secretName }}
{{- else }}
- secretName: {{ .Values.services.ingress.tls.secretName }}
{{- end }}
hosts:
- idkfa.{{ $ingressDomain | default "rbk.dev" }}
{{- end }}
servicePort: 8022
@ -100,24 +110,19 @@ ciliumPolicies:
- port: 8022
type: TCP
name: shumway
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: machinegun
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: proxy-mocket-inspector
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: proxy-mocketbank
namespace: {{ .Release.Namespace }}

2
config/file-storage/entrypoint.sh.gotmpl
View File

@ -24,4 +24,4 @@ java \
--storage.client.protocol=HTTP \
--storage.clientMaxErrorRetry=5 \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

4
config/file-storage/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/file-storage
@ -77,4 +77,4 @@ ciliumPolicies:
- port: 9000
type: TCP
name: minio
namespace: {{ .Release.Namespace }}

2
config/fistful-magista/entrypoint.sh.gotmpl
View File

@ -39,4 +39,4 @@ java \
--kafka.topic.withdrawal.name=mg-events-ff-withdrawal \
--kafka.topic.withdrawal.listener.enabled=true \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

27
config/fistful-magista/values.yaml.gotmpl
View File

@ -176,9 +176,20 @@ ciliumPolicies:
- port: 5432
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 9092
type: TCP
name: kafka
- filters:
- port: 8200
type: TCP
name: vault
- filters:
- port: 8022
type: TCP
name: wapi
{{/*
rules:
kafka:
- role: consume
@ -187,16 +198,4 @@ ciliumPolicies:
- mg-events-ff-identity
- mg-events-ff-wallet
- mg-events-ff-withdrawal
type: TCP
name: kafka
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: wapi
namespace: {{ .Release.Namespace }}
*/}}

9
config/fistful/values.yaml.gotmpl
View File

@ -19,9 +19,6 @@ configMap:
vm.args: |
{{- tpl (readFile "../vm/erl_vm_args.gotmpl") . | nindent 6 }}
apiInitContainers:
enabled: false
volumeMounts:
- name: config-volume
mountPath: /opt/fistful-server/releases/0.1/sys.config
@ -90,29 +87,23 @@ ciliumPolicies:
- port: 8022
type: TCP
name: binbase
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: cds
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: shumway
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: machinegun
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}

2
config/fraudbusters-mgmt/entrypoint.sh.gotmpl
View File

@ -41,4 +41,4 @@ java \
--keycloak.resource=fraudbusters-app \
--keycloak.auth-server-url=http://keycloak-headless:8080/auth \
${@} \
--spring.config.additional-location=optional:file:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

5
config/fraudbusters-mgmt/values.yaml.gotmpl
View File

@ -152,24 +152,19 @@ ciliumPolicies:
- port: 5432
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 9092
type: TCP
name: kafka
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: fraudbusters-notificator
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: fraudbusters
namespace: {{ .Release.Namespace }}

2
config/fraudbusters-notificator/entrypoint.sh
View File

@ -26,4 +26,4 @@ java \
--mail.smtp.from-address="NotificationService@rbkmoney.com" \
--mail.smtp.starttls.enable=true \
${@} \
--spring.config.additional-location=optional:file:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

3
config/fraudbusters-notificator/values.yaml.gotmpl
View File

@ -122,14 +122,11 @@ ciliumPolicies:
- port: 5432
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: fraudbusters-warehouse
namespace: {{ .Release.Namespace }}

1
config/fraudbusters-warehouse/values.yaml.gotmpl
View File

@ -95,4 +95,3 @@ ciliumPolicies:
- port: 8123
type: TCP
name: clickhouse
namespace: {{ .Release.Namespace }}

5
config/fraudbusters/values.yaml.gotmpl
View File

@ -93,24 +93,19 @@ ciliumPolicies:
- port: 5432
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: columbus
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: wb-list-manager
namespace: {{ .Release.Namespace }}
- filters:
- port: 8123
type: TCP
name: clickhouse
namespace: {{ .Release.Namespace }}

9
config/hellgate/values.yaml.gotmpl
View File

@ -78,24 +78,23 @@ ciliumPolicies:
- port: 8022
type: TCP
name: shumway
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: machinegun
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: proxy-mocket-inspector
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: proxy-mocketbank
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: party-management

7
config/holmes/values.yaml.gotmpl
View File

@ -14,3 +14,10 @@ imagePullSecrets:
livenessProbe: null
readinessProbe: null
ciliumPolicies:
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}

2
config/hooker/entrypoint.sh.gotmpl
View File

@ -36,4 +36,4 @@ java \
--spring.application.name=hooker \
--logging.level.com.rbkmoney.hooker.scheduler.MessageScheduler=DEBUG \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

39
config/hooker/values.yaml.gotmpl
View File

@ -1,6 +1,6 @@
# -*- mode: yaml -*-
replicaCount: 1
replicaCount: {{ .Values.services.global.statelessReplicas }}
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/hooker
@ -146,30 +146,29 @@ ciliumPolicies:
- port: 5432
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 9092
type: TCP
name: kafka
- filters:
- port: 8200
type: TCP
name: vault
- filters:
- port: 8022
type: TCP
name: hellgate
- filters:
- port: 8022
type: TCP
name: fault-detector
namespace: {{ .Release.Namespace }}
{{/*
rules:
kafka:
- role: consume
topics:
- mg-events-customer
- mg-events-invoice
type: TCP
name: kafka
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: fault-detector
namespace: {{ .Release.Namespace }}
*/}}

2
config/kafka/values.yaml.gotmpl
View File

@ -20,6 +20,8 @@ zookeeper:
persistence:
enabled: true
clusterDomain: cluster.local
podLabels:
selector.cilium.rbkmoney/release: kafka-zookeeper
ciliumPolicies:
- filters:

8
config/keycloak-realms/external.json.gotmpl
View File

@ -609,7 +609,7 @@
"users": [
{
"id": "281220eb-a4ef-4d03-b666-bdec4b26c5f7",
"createdTimestamp": 1479212158721,
"createdTimestamp": 1623413226000,
"username": "demo_merchant",
"enabled": true,
"totp": false,
@ -621,7 +621,7 @@
{
"id": "b1c7ced6-ac98-4c1f-aa78-5218530cdb46",
"type": "password",
"createdDate": 1602080657263,
"createdDate": 1623413226000,
"secretData": "{\"value\":\"Pib3j1q5Hk2E0IfQX08TcAcZTXVsLMlE3ZrgFwMpgvTCY1CkiyPb89U+zSzcxFTXwL15zVPQsBU5wbK9s/NSFg==\",\"salt\":\"jQc7ZQwO7g+mXytqhl23lQ==\"}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}"
}
@ -3916,7 +3916,9 @@
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {},
"attributes": {
"frontendUrl": "https://auth.{{ $ingressDomain | default "rbk.dev" }}/auth"
},
"keycloakVersion": "11.0.0",
"userManagedAccessAllowed": false
}

7
config/keycloak-realms/internal.json.gotmpl
View File

@ -643,7 +643,7 @@
"users" : [
{
"id" : "33be8807-ffe6-435d-a967-8508690d4685",
"createdTimestamp" : 1499775150747,
"createdTimestamp" : 1623413226000,
"username" : "manager",
"enabled" : true,
"totp" : false,
@ -655,7 +655,7 @@
{
"id": "ceedced6-ac98-4c1f-aa78-5218530deb46",
"type": "password",
"createdDate": 1602080657263,
"createdDate": 1623413226000,
"secretData": "{\"value\":\"Pib3j1q5Hk2E0IfQX08TcAcZTXVsLMlE3ZrgFwMpgvTCY1CkiyPb89U+zSzcxFTXwL15zVPQsBU5wbK9s/NSFg==\",\"salt\":\"jQc7ZQwO7g+mXytqhl23lQ==\"}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}"
}
@ -2220,7 +2220,8 @@
"maxFailureWaitSeconds" : "900",
"_browser_header.contentSecurityPolicy" : "frame-src 'self'",
"minimumQuickLoginWaitSeconds" : "60",
"waitIncrementSeconds" : "60"
"waitIncrementSeconds" : "60",
"frontendUrl": "https://auth.{{ $ingressDomain | default "rbk.dev" }}/auth"
},
"keycloakVersion" : "3.4.0.Final"
}

67
config/machinegun/values.yaml.gotmpl
View File

@ -68,9 +68,40 @@ ciliumPolicies:
- port: 8500
type: TCP
name: consul
namespace: {{ .Release.Namespace }}
- filters:
- port: 9092
type: TCP
name: kafka
- filters:
- port: 8087
type: TCP
name: riak
- filters:
- port: 8022
type: TCP
name: bender
- filters:
- port: 8022
type: TCP
name: url-shortener
- filters:
- port: 8022
type: TCP
name: machinegun
- filters:
- port: 8022
type: TCP
name: dominant
- filters:
- port: 8022
type: TCP
name: hellgate
- filters:
- port: 8022
type: TCP
name: party-management
{{/*
rules:
kafka:
- role: produce
@ -94,36 +125,4 @@ ciliumPolicies:
- mg-events-rates
- mg-events-recurrent-paytools
- mg-events-schedulers
type: TCP
name: kafka
namespace: {{ .Release.Namespace }}
- filters:
- port: 8087
type: TCP
name: riak
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: bender
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: url-shortener
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: machinegun
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}
*/}}

2
config/magista/entrypoint.sh.gotmpl
View File

@ -33,4 +33,4 @@ java \
--kafka.consumer.group-id=magista-invoicing-1 \
--kafka.consumer.concurrency=7 \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

14
config/magista/values.yaml.gotmpl
View File

@ -177,11 +177,6 @@ ciliumPolicies:
namespace: {{ .Release.Namespace }}
- filters:
- port: 9092
rules:
kafka:
- role: consume
topics:
- mg-events-invoice
type: TCP
name: kafka
namespace: {{ .Release.Namespace }}
@ -204,4 +199,11 @@ ciliumPolicies:
- port: 8022
type: TCP
name: payouter
namespace: {{ .Release.Namespace }}
{{/*
rules:
kafka:
- role: consume
topics:
- mg-events-invoice
*/}}

2
config/messages/entrypoint.sh
View File

@ -9,4 +9,4 @@ java \
--logging.config=/opt/messages/logback.xml \
-Dwoody.node_id=1 \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

2
config/org-manager/entrypoint.sh.gotmpl
View File

@ -34,4 +34,4 @@ java \
--bouncer.rule-set-id=service/authz/api \
--access-check.enabled=true \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

11
config/org-manager/values.yaml.gotmpl
View File

@ -167,10 +167,15 @@ ciliumPolicies:
- port: 5432
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}
- filters:
- port: 8080
type: TCP
name: keycloak
- filters:
- port: 8022
type: TCP
name: bouncer

7
config/papi/entrypoint.sh.gotmpl
View File

@ -4,7 +4,6 @@
set -ue
mkdir -p /opt/papi/bin/
cp -pr /var/lib/papi/keys/keycloak/keycloak.pubkey.pem /opt/papi/bin/secret
java \
"-XX:OnOutOfMemoryError=kill %p" -XX:+HeapDumpOnOutOfMemoryError \
-jar \
@ -29,9 +28,9 @@ java \
--magista.url=http://magista:8022/stat \
--shitter.url=http://payouter:8022/payout/management \
--walker.url=http://walker:8022/walker \
--keycloak.auth-server-url=https://auth.{{ $ingressDomain | default "rbk.dev" }}/auth \
--keycloak.realm-public-key.file-path="/opt/papi/bin/secret" \
--keycloak.auth-server-url=http://keycloak-headless:8080/auth \
--keycloak.realm-public-key.file-path="/var/lib/papi/keys/keycloak/keycloak.pubkey.pem" \
--keycloak.realm=internal \
--keycloak.resource=private-api \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

63
config/papi/fetch-keycloak-pubkey.sh.gotmpl
View File

@ -1,63 +0,0 @@
{{- $domainWithNamespace := printf "%s.%s" .Release.Namespace .Values.services.ingress.rootDomain -}}
{{- $ingressDomain := .Values.services.ingress.namespacedDomain | ternary $domainWithNamespace .Values.services.ingress.rootDomain -}}
#!/bin/sh
set -o pipefail
KK_HOST=${KK_HOST:-keycloak-headless}
KK_PORT=${KK_PORT:-8080}
KK_REALM=${KK_REALM:-external}
TARGET=${TARGET:-secret}
MAX_RETRY_TIMEOUT=${MAX_RETRY_TIMEOUT:-10}
TIMEOUT=0
LOG_FILE=${SCRIPT_LOGFILE:-/dev/null}
function log() {
local severity=$1
local msg=$2
local log_msg="$(date -Iseconds) [ $severity ] $msg"
echo "$0: $log_msg"
echo $log_msg >> $LOG_FILE
}
while true; do
REALM_FAIL=false
log INFO "Attempting to fetch Keycloak key..."
REALM_DATA=$(wget --quiet --timeout=10 "https://auth.{{ $ingressDomain | default "rbk.dev" }}/auth/realms/internal" -O -)
EXIT_CODE=$?
if [ "${EXIT_CODE}" -ne "0" ]; then
REALM_FAIL=true
log ERROR "Keycloak realm data fetching failed with exit code: ${EXIT_CODE}"
fi
if [ -z "${REALM_DATA}" ]; then
REALM_FAIL=true
log ERROR "Keycloak realm data is empty"
fi
if [ "$REALM_FAIL" == false ]; then
break
else
TIMEOUT=$((TIMEOUT + 1))
TIMEOUT=$([ $TIMEOUT -le $MAX_RETRY_TIMEOUT ] && echo "$TIMEOUT" || echo "$MAX_RETRY_TIMEOUT")
fi
log ERROR "Keycloak request timeout: ${TIMEOUT}"
sleep $TIMEOUT
done
log INFO "Keycloak realm data fetched successfully"
log DEBUG "${REALM_DATA}"
log INFO "Writing public key to: ${TARGET} ..."
echo "-----BEGIN PUBLIC KEY-----" > ${TARGET}
echo "${REALM_DATA}" | \
sed -E -e 's/^.*"public_key":"([^"]*)".*$/\1/' | \
fold -w80 \
>> ${TARGET}
echo "-----END PUBLIC KEY-----" >> ${TARGET}
log INFO "Everything is ok"

11
config/papi/values.yaml.gotmpl
View File

@ -24,7 +24,7 @@ configMap:
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
fetchKeycloakPubkey: |
{{- tpl (readFile "fetch-keycloak-pubkey.sh.gotmpl") . | nindent 6 }}
{{- readFile "../api-common/fetch-keycloak-pubkey.sh" | nindent 6 }}
env:
- name: LOGBACK_SERVICE_NAME
@ -57,6 +57,9 @@ volumeMounts:
apiInitContainers:
enabled: true
env:
- name: KK_REALM
value: internal
service:
ports:
@ -138,29 +141,23 @@ ciliumPolicies:
- port: 8022
type: TCP
name: magista
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: cabi
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dudoser
namespace: {{ .Release.Namespace }}
- filters:
- port: 8080
type: TCP
name: keycloak
namespace: {{ .Release.Namespace }}

3
config/party-management/values.yaml.gotmpl
View File

@ -78,14 +78,11 @@ ciliumPolicies:
- port: 8022
type: TCP
name: shumway
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: machinegun
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}

2
config/payouter/entrypoint.sh.gotmpl
View File

@ -23,4 +23,4 @@ java \
--kafka.consumer.concurrency=5 \
--kafka.consumer.auto-offset-reset=latest \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

14
config/proxy-mocketbank/values.yaml.gotmpl
View File

@ -72,3 +72,17 @@ readinessProbe:
port: api
initialDelaySeconds: 30
timeoutSeconds: 3
ciliumPolicies:
- filters:
- port: 8080
type: TCP
name: proxy-mocketbank-mpi
- filters:
- port: 8022
type: TCP
name: cds
- filters:
- port: 8022
type: TCP
name: hellgate

2
config/questionary/entrypoint.sh
View File

@ -21,5 +21,5 @@ java \
--spring.datasource.hikari.minimum-idle=2 \
--spring.datasource.hikari.maximum-pool-size=20 \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

2
config/reporter/entrypoint.sh.gotmpl
View File

@ -55,4 +55,4 @@ java \
--kafka.consumer.session-timeout-ms=300000 \
--kafka.consumer.auto-offset-reset=earliest \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

15
config/reporter/values.yaml.gotmpl
View File

@ -151,12 +151,6 @@ ciliumPolicies:
namespace: {{ .Release.Namespace }}
- filters:
- port: 9092
rules:
kafka:
- role: consume
topics:
- mg-events-invoice
- mg-events-party
type: TCP
name: kafka
namespace: {{ .Release.Namespace }}
@ -190,3 +184,12 @@ ciliumPolicies:
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
{{/*
rules:
kafka:
- role: consume
topics:
- mg-events-invoice
- mg-events-party
*/}}

2
config/shumway/entrypoint.sh
View File

@ -22,4 +22,4 @@ java \
--spring.datasource.hikari.minimum-idle=2 \
--spring.datasource.hikari.maximum-pool-size=20 \
${@} \
--spring.config.additional-location=optional:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

2
config/shumway/values.yaml.gotmpl
View File

@ -119,9 +119,7 @@ ciliumPolicies:
- port: 5432
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}

24
config/test-transaction/values.yaml.gotmpl
View File

@ -1,5 +1,5 @@
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io" }}/nginx
repository: docker.io/nginx
tag: latest
pullPolicy: IfNotPresent
@ -70,3 +70,25 @@ configMap:
data:
virtualhost.conf: |
{{- tpl (readFile "virtualhost.conf") . | nindent 6 }}
ciliumPolicies:
- filters:
- port: 8080
type: TCP
name: keycloak
- filters:
- port: 8080
type: TCP
name: capi-v1
- filters:
- port: 8080
type: TCP
name: capi-v2
- filters:
- port: 8080
type: TCP
name: capi-pcidss-v2
- filters:
- port: 80
type: TCP
name: test-transaction

5
config/token-keeper/values.yaml.gotmpl
View File

@ -128,4 +128,7 @@ ciliumPolicies:
- port: 8022
type: TCP
name: machinegun
namespace: {{ .Release.Namespace }}
- filters:
- port: 8080
type: TCP
name: keycloak

4
config/url-shortener/values.yaml.gotmpl
View File

@ -99,4 +99,8 @@ ciliumPolicies:
- port: 8022
type: TCP
name: machinegun
- filters:
- port: 8080
type: TCP
name: keycloak
namespace: {{ .Release.Namespace }}

7
config/vault-cm/values.yaml.gotmpl
View File

@ -261,6 +261,10 @@ configMap:
vault auth enable kubernetes
{{/*
If you have kubernetes >=1.21, or use any cloud provider look at https://www.vaultproject.io/docs/auth/kubernetes#discovering-the-service-account-issuer
You need set issuer according your config
*/}}
vault write auth/kubernetes/config \
token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
{{- if .Values.services.global.ipv6only }}
@ -268,7 +272,8 @@ configMap:
{{- else }}
kubernetes_host="https://${KUBERNETES_PORT_443_TCP_ADDR}:443" \
{{- end }}
kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
issuer="https://kubernetes.default.svc.cluster.local"
vault write auth/kubernetes/role/db-app \
bound_service_account_names="*" \

12
config/wapi-pcidss-v0/values.yaml.gotmpl
View File

@ -87,7 +87,7 @@ ingress:
{{- if .Values.services.ingress.tls.letsEncrypt.enabled }}
cert-manager.io/cluster-issuer: {{ .Values.services.ingress.tls.letsEncrypt.issuer }}
{{- end }}
kubernetes.io/ingress.class: "nginx"
kubernetes.io/ingress.class: {{ .Values.services.ingress.class | quote }}
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
@ -115,9 +115,15 @@ ciliumPolicies:
- port: 8022
type: TCP
name: bender
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: cds
namespace: {{ .Release.Namespace }}
- filters:
- port: 8080
type: TCP
name: keycloak
- filters:
- port: 8022
type: TCP
name: dominant

15
config/wapi-v0/values.yaml.gotmpl
View File

@ -100,7 +100,7 @@ ingress:
{{- if .Values.services.ingress.tls.letsEncrypt.enabled }}
cert-manager.io/cluster-issuer: {{ .Values.services.ingress.tls.letsEncrypt.issuer }}
{{- end }}
kubernetes.io/ingress.class: "nginx"
kubernetes.io/ingress.class: {{ .Values.services.ingress.class | quote }}
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "content-type,content-disposition,authorization,x-request-id"
@ -129,37 +129,30 @@ ciliumPolicies:
- port: 8080
type: TCP
name: keycloak
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: cds
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: fistful_magista
namespace: {{ .Release.Namespace }}
name: fistful-magista
- filters:
- port: 8022
type: TCP
name: fistful_reporter
namespace: {{ .Release.Namespace }}
name: fistful-reporter
- filters:
- port: 8022
type: TCP
name: file_storage
namespace: {{ .Release.Namespace }}
name: file-storage
- filters:
- port: 8022
type: TCP
name: fistful
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP

2
config/wb-list-manager/entrypoint.sh.gotmpl
View File

@ -18,5 +18,5 @@ java \
--kafka.bootstrap-servers={{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }} \
--management.metrics.export.statsd.enabled=false \
${@} \
--spring.config.additional-location=optional:file:/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

6
config/weezing/vhost.conf
View File

@ -10,11 +10,7 @@ server {
index index.html index.htm;
try_files $uri $uri/ /index.html =404;
}
location /v1 {
proxy_pass http://dominant:8022;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;

4
default.values.yaml
View File

@ -40,7 +40,11 @@ services:
enabled: false
key: pcidss
value: true
replicas: 1
statelessReplicas: 1
# In case of dev:true and If you use kubernetes >=1.21, or use any cloud provider look at https://www.vaultproject.io/docs/auth/kubernetes#discovering-the-service-account-issuer
# You need set issuer according to your cluster in config/vault-cm/values.yaml.gotmpl
vault:
# enabled:false switch getting postgres user and password from annotations to secret
enabled: true

5
devstand.rbk.yaml
View File

@ -40,13 +40,14 @@ services:
# TODO: split users
postgres:
external: false
endpoint: postgresql-postgres
endpoint: postgres-postgresql
uniUser: postgres
uniPassword: H@ckM3
kafka:
external: false
endpoint: kafka:9092
endpoint: kafka
port: 9092
ssl:
enabled: false
keystorePass: 12341234

4
environments.yaml
View File

@ -7,4 +7,6 @@ environments:
devstand:
values:
- devstand.rbk.yaml
production:
prod:
values:
- prod.values.yaml

10
helmfile-infra.lock
View File

@ -1,10 +1,10 @@
version: v0.140.0
version: v0.140.1
dependencies:
- name: kube-prometheus-stack
repository: https://prometheus-community.github.io/helm-charts
version: 18.0.5
version: 19.2.2
- name: netpolicy
repository: https://rbkmoney.github.io/charts
version: 0.1.14
digest: sha256:c9f0356038a75ab2f3d76699408b5db4add8d6f01ca6d9d3fb55cc9e4cb6182f
generated: "2021-09-09T19:15:03.586698+03:00"
version: 0.1.16
digest: sha256:b60f54b0dea3627be53cfe4701907d9246fb0750b6615e65856fca0184e2df0b
generated: "2021-10-29T05:41:19.296549+03:00"

2
helmfile-infra.yaml
View File

@ -25,6 +25,8 @@ releases:
<<: *infra_default
chart: prometheus-community/kube-prometheus-stack
namespace: monitoring
values:
- namespaceOverride: "monitoring"
{{- end }}
{{- if eq .Values.elk.enabled true }}
- name: logs

171
helmfile.lock
View File

@ -1,17 +1,23 @@
version: v0.140.0
version: v0.140.1
dependencies:
- name: clickhouse
repository: https://rbkmoney.github.io/charts
version: 0.1.12
- name: clickhouse-operator
repository: https://rbkmoney.github.io/charts
version: 0.1.3
- name: consul
repository: https://helm.releases.hashicorp.com
version: 0.33.0
version: 0.35.0
- name: elasticsearch
repository: https://helm.elastic.co
version: 7.14.0
version: 7.15.0
- name: kafka
repository: https://charts.bitnami.com/bitnami
version: 12.7.3
- name: keycloak
repository: https://codecentric.github.io/helm-charts
version: 15.0.2
version: 15.1.0
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 9.7.2
@ -23,159 +29,12 @@ dependencies:
version: 0.1.1
- name: statefull
repository: https://rbkmoney.github.io/charts
version: 0.1.21
- name: statefull
repository: https://rbkmoney.github.io/charts
version: 0.1.21
version: 0.1.23
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
- name: stateless
repository: https://rbkmoney.github.io/charts
version: 0.1.18
version: 0.1.24
- name: vault
repository: https://helm.releases.hashicorp.com
version: 0.15.0
digest: sha256:fafb11cc92200741c3e5611cf74243894aa43507f35bb1cceac3d643479102fc
generated: "2021-09-09T19:15:29.886974+03:00"
version: 0.17.1
digest: sha256:0b442fc5dc26354aae711ef1521dd7a5db6bde199b342dff4925780985a48fb5
generated: "2021-10-29T05:41:42.200765+03:00"

14
helmfile.yaml
View File

@ -28,6 +28,15 @@ helmfiles:
releases:
#External releases
- name: clickhouse-operator
<<: *default
chart: rbkmoney/clickhouse-operator
- name: clickhouse
<<: *default
chart: rbkmoney/clickhouse
needs:
- {{ .Namespace | default "default" }}/clickhouse-operator
- {{ .Namespace | default "default" }}/kafka
- name: kafka
<<: *default
chart: bitnami/kafka
@ -192,8 +201,8 @@ releases:
needs:
- {{ .Namespace | default "default" }}/vault
- {{ .Namespace | default "default" }}/kafka
# - {{ .Namespace | default "default" }}/columbus
- {{ .Namespace | default "default" }}/payouter
- {{ .Namespace | default "default" }}/clickhouse
- {{ .Namespace | default "default" }}/columbus
- name: questionary
<<: *generic_stateless
needs:
@ -277,6 +286,7 @@ releases:
<<: *generic_stateless_json
needs:
- {{ .Namespace | default "default" }}/postgres
- {{ .Namespace | default "default" }}/vault
- name: papi
<<: *generic_stateless_json
needs:

5
hf-templates.yaml
View File

@ -1,9 +1,8 @@
templates:
default: &default
chart: ./services/{{ .Release.Name }}
namespace: '{{ .Namespace | default "default" }}'
missingFileHandler: Warn
timeout: 900
timeout: 300
values:
- default.values.yaml
- config/{{ .Release.Name }}/values.yaml
@ -11,7 +10,7 @@ templates:
infra: &infra_default
missingFileHandler: Warn
timeout: 900
timeout: 300
values:
- config/{{ .Release.Name }}/values.yaml
- config/{{ .Release.Name }}/values.yaml.gotmpl