Added xrates service (#205)

* Added xrates service * adjust annotations and typofix * store xrates secret in dev vault * disable xrates deploy Co-authored-by: Dmitry Skokov <d.skokov@rbkmoney.com> Co-authored-by: vilorij <vilorij@ya.ru>
2024-11-06 00:45:18 +00:00 · 2021-09-03 15:35:26 +03:00 · 2021-09-03 15:35:26 +03:00 · cee683d4df
commit cee683d4df
parent 49679b7aea
5 changed files with 143 additions and 1 deletions
--- a/config/vault-cm/values.yaml.gotmpl
+++ b/config/vault-cm/values.yaml.gotmpl
@ -187,6 +187,14 @@ configMap:
        default_ttl="1h" \
        max_ttl="240h"

+      vault secrets enable kv
+
+      vault kv put secret/xrates \
+        psb-mastercard-ID=1234 \
+        psb-mastercard-KEY=trururu \
+        psb-visa-ID=4321 \
+        psb-visa-KEY=ururu
+
      vault auth enable kubernetes

      vault write auth/kubernetes/config \
@ -239,3 +247,6 @@ configMap:
      path "database/creds/db-app-reporter" {
        capabilities = ["read"]
      }
+      path "secret/data/xrates" {
+        capabilities = ["read"]
+      }
--- a/config/xrates/entrypoint.sh
+++ b/config/xrates/entrypoint.sh
@ -0,0 +1,26 @@
+#!/bin/sh
+set -ue
+
+java \
+    "-XX:OnOutOfMemoryError=kill %p" -XX:+HeapDumpOnOutOfMemoryError \
+    -jar \
+    /opt/xrates/xrates.jar \
+    --logging.config=/opt/xrates/logback.xml \
+    --management.security.enabled=false \
+    --management.security.flag=false \
+    --management.metrics.export.statsd.flavor=etsy \
+    --management.metrics.export.statsd.enabled=true \
+    --management.metrics.export.prometheus.enabled=true \
+    --management.endpoint.health.show-details=always \
+    --management.endpoint.metrics.enabled=true \
+    --management.endpoint.prometheus.enabled=true \
+    --management.endpoints.web.exposure.include=health,info,prometheus \
+    --spring.application.name=xrates \
+    --service.mg.automaton.url=http://machinegun:8022/v1/automaton \
+    --service.mg.automaton.namespace=xrates \
+    --service.mg.eventSink.url=http://machinegun:8022/v1/event_sink
+    --service.mg.eventSink.sinkId=xrates \
+    --sources.needInitialize=true \
+    ${@} \
+    --spring.config.additional-location=/vault/secrets/application.properties \
+    --sources.provider.secrets.file.path=/vault/secrets/secret.file \
--- a/config/xrates/loggers.xml
+++ b/config/xrates/loggers.xml
@ -0,0 +1,4 @@
+<included>
+    <logger name="com.rbkmoney" level="INFO"/>
+    <logger name="com.rbkmoney.woody" level="INFO"/>
+</included>
--- a/config/xrates/values.yaml.gotmpl
+++ b/config/xrates/values.yaml.gotmpl
@ -0,0 +1,95 @@
+# -*- mode: yaml -*-
+
+replicaCount: 1
+
+image:
+  repository: docker.io/rbkmoney/xrates
+  tag: 242bcbf35a9711fba1503e273ce1c213ec50d167
+  pullPolicy: IfNotPresent
+
+runopts:
+  command: ["/opt/xrates/entrypoint.sh"]
+
+configMap:
+  data:
+    entrypoint.sh: |
+      {{- readFile "entrypoint.sh" | nindent 6 }}
+    loggers.xml: |
+      {{- readFile "loggers.xml" | nindent 6 }}
+    logback.xml: |
+      {{- readFile "../logs/logback.xml" | nindent 6 }}
+
+volumes:
+  - name: config-volume
+    configMap:
+      name: {{ .Release.Name }}
+      defaultMode: 0755
+
+volumeMounts:
+  - name: config-volume
+    mountPath: /opt/xrates/entrypoint.sh
+    subPath: entrypoint.sh
+    readOnly: true
+  - name: config-volume
+    mountPath: /opt/xrates/logback.xml
+    subPath: logback.xml
+    readOnly: true
+  - name: config-volume
+    mountPath: /opt/xrates/loggers.xml
+    subPath: loggers.xml
+    readOnly: true
+
+service:
+  ports:
+    - name: api
+      port: 8022
+    - name: management
+      port: 8023
+
+livenessProbe:
+  httpGet:
+    path: /actuator/health
+    port: management
+
+readinessProbe:
+  httpGet:
+    path: /actuator/health
+    port: management
+
+podAnnotations:
+  #todo role
+  vault.hashicorp.com/role: "db-app"
+  vault.hashicorp.com/agent-inject: "true"
+  #todo file path
+  vault.hashicorp.com/agent-inject-secret-secret.file: "secret/data/xrates"
+  vault.hashicorp.com/agent-inject-template-secret.file: |
+    {{`{{- with secret "secret/data/xrates" -}}
+    sources.psb-mastercard.provider.terminalId={{ .DATA.data.psb-mastercard-ID }}
+    sources.psb-mastercard.provider.secretKey={{ .DATA.data.psb-mastercard-KEY }}
+    sources.psb-visa.provider.terminalId={{ .DATA.data.psb-visa-ID }}
+    sources.psb-visa.provider.secretKey={{ .DATA.data.psb-visa-KEY }}
+    {{- end }}`}}
+
+metrics:
+  serviceMonitor:
+    enabled: false
+    namespace: {{ .Release.Namespace }}
+    additionalLabels:
+      release: prometheus
+    endpoints:
+      - port: "management"
+        path: /actuator/prometheus
+        scheme: http
+
+ciliumPolicies:
+  - filters:
+    - port: 8200
+      type: TCP
+    name: vault
+    namespace: {{ .Release.Namespace }}
+  - filters:
+    - port: 8022
+      type: TCP
+    name: machinegun
+    namespace: {{ .Release.Namespace }}
+
--- a/helmfile.yaml
+++ b/helmfile.yaml
@ -210,7 +210,13 @@ releases:
    - {{ .Namespace | default "default" }}/kafka
 #    - {{ .Namespace | default "default" }}/columbus
    - {{ .Namespace | default "default" }}/hellgate
-#    - {{ .Namespace | default "default" }}/payouter
+#    - {{ .Namespace | default "default" }}/payouter-
+- name: xrates
+  <<: *generic_stateless
+  installed: false
+  needs:
+    - {{ .Namespace | default "default" }}/vault
+    - {{ .Namespace | default "default" }}/machinegun
 - name: payouter
  <<: *generic_stateless_json
  needs: