valitydev/helmsdeep
14
0
Fork 0
mirror of https://github.com/valitydev/helmsdeep.git synced 2024-11-06 00:45:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add-flexibility-config (#239)

Browse Source 
* bouncer ip family

* bump dark-api

* move iddqd locations to ingress

* values for future flex config of external storages

* improove anaytics

* improove anapi

* improove bender

* fix ImagePullSecret

* add binapi tolerations

* binbase tolerate

* improove capi-v2-pcidss

* improove cds

* improove deanon

* improove dominant hook container

* improove ff-magista

* improove hooker

* kafka ClusterDomain in values

* kds improove with tolerate

* improove KK

* improove machinegun

* improove magista

* improove messages

* improove org-manager

* improove payouter

* mocketbank tolerate

* improove questionary

* improove reporter

* improove shumway

* Testtransaction changeble registry

* improove wapi-pcidss

* kafka endpoint from template

* payouts limits fix

* typo fix

* add file-storage

* add registry secret to reporter and riak

Co-authored-by: Dmitry Skokov <d.skokov@rbkmoney.com>
This commit is contained in:
vilorij 2021-10-07 19:07:42 +03:00 committed by GitHub
parent 4009ca4c13
commit d3d938a294
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
78 changed files with 963 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/analytics/entrypoint.sh → config/analytics/entrypoint.sh.gotmpl
View File

@ -15,7 +15,7 @@ java \
--management.endpoint.prometheus.enabled=true \
--management.endpoints.web.exposure.include=health,info,prometheus \
--spring.application.name=analytics \
--kafka.bootstrap.servers=kafka:9092 \
--kafka.bootstrap.servers={{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }} \
--kafka.topic.event.sink.initial=mg-events-invoice \
--kafka.topic.payout.initial=payout \
--kafka.topic.party.initial=mg-events-party \

67
config/analytics/values.yaml.gotmpl
View File

@ -4,12 +4,12 @@ replicaCount: 1
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/analytics
tag: b9da0376e15b3aabf89141b1343e7c68f3b5af05
tag: dd401f0aae1cb73170dc5ca5ab654b86080addaa
pullPolicy: IfNotPresent
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -18,17 +18,59 @@ runopts:
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
secret:
data:
db_config: |
{{- if .Values.services.postgres.external }}
spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/analytics?sslmode=disable
spring.datasource.username={{ .Values.services.postgres.uniUser }}
spring.datasource.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/analytics?sslmode=disable
spring.flyway.user={{ .Values.services.postgres.uniUser }}
spring.flyway.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.schemas=analytics
postgres.db.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/analytics?sslmode=disable
postgres.db.user={{ .Values.services.postgres.uniUser }}
postgres.db.password={{ .Values.services.postgres.uniPassword }}
clickhouse.db.url=jdbc:clickhouse://chi-demo-cluster-0-0:8123/analytic
clickhouse.db.user=analytic
clickhouse.db.password=hackme
{{- end }}
{{- if .Values.services.kafka.ssl.enabled }}
kafka.ssl.enabled=true
kafka.ssl.key-store-location=/vault/secrets/kafka-keystore.p12
kafka.ssl.key-store-password={{ .Values.services.kafka.ssl.keystorePass }}
kafka.ssl.key-password={{ .Values.services.kafka.ssl.keyPass }}
kafka.ssl.trust-store-location=/vault/secrets/kafka-truststore.p12
kafka.ssl.trust-store-password={{ .Values.services.kafka.ssl.truststorePass }}
{{- end }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-cert
secret:
secretName: {{ .Release.Name }}-kafka-cert
- name: kafka-ca
secret:
secretName: java-ca-kafka
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -43,6 +85,22 @@ volumeMounts:
mountPath: /opt/analytics/loggers.xml
subPath: loggers.xml
readOnly: true
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-ca
subPath: kafka-truststore.p12
mountPath: /vault/secrets/kafka-truststore.p12
readOnly: true
- name: kafka-cert
subPath: {{ .Release.Name }}.p12
mountPath: /vault/secrets/kafka-keystore.p12
readOnly: true
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
ports:
@ -61,6 +119,7 @@ readinessProbe:
path: /actuator/health
port: management
{{- if .Values.services.vault.enabled }}
podAnnotations:
vault.hashicorp.com/role: "db-app"
vault.hashicorp.com/agent-inject: "true"
@ -81,6 +140,7 @@ podAnnotations:
clickhouse.db.user=analytic
clickhouse.db.password=hackme
{{- end }}`}}
{{- end }}
metrics:
serviceMonitor:
@ -141,4 +201,3 @@ ciliumPolicies:
type: TCP
name: dominant
namespace: {{ .Release.Namespace }}

2
config/anapi/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

2
config/bender/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

10
config/binapi/values.yaml.gotmpl
View File

@ -9,9 +9,17 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
{{- if .Values.services.global.pcidss.taints.enabled }}
tolerations:
- key: "{{ .Values.services.global.pcidss.taints.key }}"
operator: "Equal"
value: "{{ .Values.services.global.pcidss.taints.value }}"
effect: "NoSchedule"
{{- end }}
configMap:
data:
sys.config: |

10
config/binbase/values.yaml.gotmpl
View File

@ -9,9 +9,17 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
{{- if .Values.services.global.pcidss.taints.enabled }}
tolerations:
- key: "{{ .Values.services.global.pcidss.taints.key }}"
operator: "Equal"
value: "{{ .Values.services.global.pcidss.taints.value }}"
effect: "NoSchedule"
{{- end }}
runopts:
command : ["/opt/binbase/entrypoint.sh"]

2
config/bouncer-policies/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

14
config/bouncer/sys.config → config/bouncer/sys.config.gotmpl
View File

@ -54,7 +54,11 @@
% Which transport to use? (tcp | tls)
transport => tcp,
% Which `gen_tcp:connect_option()`s to use? Relevant only for `tcp` transport.
{{- if .Values.services.global.ipv6only -}}
tcp_opts => [inet6],
{{- else -}}
tcp_opts => [inet],
{{- end }}
% Total timeout for estabilishing a connection. (ms)
connect_timeout => 1000
}
@ -81,16 +85,6 @@
]},
{how_are_you, [
{metrics_publishers, [
{hay_statsd_publisher, #{
key_prefix => <<"bouncer.">>,
host => "localhost",
port => 8125
}}
]}
]},
{os_mon, [
{disksup_posix_only, true}
]},

4
config/bouncer/values.yaml.gotmpl
View File

@ -9,13 +9,13 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:
data:
sys.config: |
{{- readFile "sys.config" | nindent 6 }}
{{- tpl (readFile "sys.config.gotmpl") . | nindent 6 }}
erl_inetrc: |
{{- tpl (readFile "../vm/erl_inetrc.gotmpl") . | nindent 6 }}
vm.args: |

10
config/capi-pcidss-v2/values.yaml.gotmpl
View File

@ -9,9 +9,17 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
{{- if .Values.services.global.pcidss.taints.enabled }}
tolerations:
- key: "{{ .Values.services.global.pcidss.taints.key }}"
operator: "Equal"
value: "{{ .Values.services.global.pcidss.taints.value }}"
effect: "NoSchedule"
{{- end }}
configMap:
data:
sys.config: |

2
config/capi-v1/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

2
config/capi-v2/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

10
config/cds/values.yaml.gotmpl
View File

@ -9,9 +9,17 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
{{- if .Values.services.global.pcidss.taints.enabled }}
tolerations:
- key: "{{ .Values.services.global.pcidss.taints.key }}"
operator: "Equal"
value: "{{ .Values.services.global.pcidss.taints.value }}"
effect: "NoSchedule"
{{- end }}
configMap:
data:
sys.config: |

2
config/claim-management/entrypoint.sh → config/claim-management/entrypoint.sh.gotmpl
View File

@ -22,7 +22,7 @@ java \
--spring.datasource.hikari.maximum-pool-size=20 \
--spring.application.name=claim-management \
--claim-management.limit=1000 \
--kafka.bootstrap.servers=kafka:9092 \
--kafka.bootstrap.servers={{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }} \
--kafka.topics.claim-event-sink.enabled=true \
--kafka.topics.claim-event-sink.id=claim-event-sink \
--kafka.client-id=claim-management \

4
config/claim-management/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -18,7 +18,7 @@ runopts:
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |

2
config/columbus-pg/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
env:

2
config/columbus/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:

2
config/controlcenter/values.yaml.gotmpl
View File

@ -8,7 +8,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
service:

20
config/controlcenter/vhost.conf
View File

@ -10,26 +10,6 @@ server {
try_files $uri $uri/ /index.html =404;
}
# location /v1 {
# proxy_pass http://dominant:8022;
# }
# location /v1/cm {
# proxy_pass http://claim-management:8022;
# }
# location /v1/processing/invoicing {
# proxy_pass http://hellgate:8022;
# }
location /v1/admin {
proxy_pass http://fistful:8022;
}
location /fistful/stat {
proxy_pass http://fistful-magista:8022;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;

2
config/dark-api/entrypoint.sh.gotmpl
View File

@ -28,7 +28,7 @@ java \
--questionary.networkTimeout=30000 \
--filestorage.client.adapter.url=http://file-storage:8022/file_storage \
--filestorage.client.adapter.networkTimeout=30000 \
--partyManagement.url=http://hellgate:8022/v1/processing/partymgmt \
--partyManagement.url=http://party-management:8022/v1/processing/partymgmt \
--partyManagement.networkTimeout=30000 \
--cabi.url=http://cabi:8022/v1/cabi \
--cabi.networkTimeout=30000 \

4
config/dark-api/values.yaml.gotmpl
View File

@ -4,12 +4,12 @@ replicaCount: 1
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/dark-api
tag: 933d0b9506ba312d69dfd46c5432ced36e3fce64
tag: 8b686ed44a3a65078aa637c5e1cf1d31265d5dba
pullPolicy: IfNotPresent
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:

2
config/dashboard/values.yaml.gotmpl
View File

@ -8,7 +8,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
service:

2
config/deanonimus/entrypoint.sh → config/deanonimus/entrypoint.sh.gotmpl
View File

@ -9,7 +9,7 @@ java \
--logging.config=/opt/deanonimus/logback.xml \
--spring.elasticsearch.rest.uris="deanonimus-es:9200" \
--spring.elasticsearch.rest.connection-timeout=5s \
--kafka.bootstrap-servers="kafka:9092" \
--kafka.bootstrap-servers="{{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }}" \
--kafka.client-id=deanonimus \
--kafka.topics.party-management.id=mg-events-party \
--kafka.topics.party-management.enabled=true \

43
config/deanonimus/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -18,12 +18,26 @@ runopts:
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
{{- if .Values.services.kafka.ssl.enabled }}
secret:
data:
db_config: |
{{- if .Values.services.kafka.ssl.enabled }}
kafka.ssl.enabled=true
kafka.ssl.keystore-location=/vault/secrets/kafka-keystore.p12
kafka.ssl.keystore-password={{ .Values.services.kafka.ssl.keystorePass }}
kafka.ssl.key-password={{ .Values.services.kafka.ssl.keyPass }}
kafka.ssl.truststore-location=/vault/secrets/kafka-truststore.p12
kafka.ssl.truststore-password={{ .Values.services.kafka.ssl.truststorePass }}
{{- end }}
{{- end }}
env:
- name: LOGBACK_SERVICE_NAME
value: "deanonimus"
@ -33,6 +47,17 @@ volumes:
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-cert
secret:
secretName: {{ .Release.Name }}-kafka-cert
- name: kafka-ca
secret:
secretName: java-ca-kafka
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -47,6 +72,20 @@ volumeMounts:
mountPath: /opt/deanonimus/loggers.xml
subPath: loggers.xml
readOnly: true
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-ca
subPath: kafka-truststore.p12
mountPath: /vault/secrets/kafka-truststore.p12
readOnly: true
- name: kafka-cert
subPath: {{ .Release.Name }}.p12
mountPath: /vault/secrets/kafka-keystore.p12
readOnly: true
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
ports:

9
config/dominant/init-script.sh
View File

@ -427,7 +427,7 @@ FIXTURE=$(cat <<END
},
"lower": {
"inclusive": {
"amount": 0,
"amount": -1000000000,
"currency": {
"symbolic_code": "RUB"
}
@ -467,10 +467,10 @@ FIXTURE=$(cat <<END
"value": [
{
"source": {
"provider": "settlement"
"wallet": 1
},
"destination": {
"merchant": "settlement"
"wallet": 3
},
"volume": {
"share": {
@ -478,7 +478,7 @@ FIXTURE=$(cat <<END
"p": 1,
"q": 1
},
"of": "operation_amount"
"of": 1
}
}
}
@ -1524,6 +1524,7 @@ FIXTURE=$(cat <<END
"realm": "test",
"wallet_system_account_set": {"value": {"id": 1}},
"residences": ["rus", "aus", "jpn"],
"identity" : "1",
"withdrawal_routing_rules" : {"policies": {"id":11},"prohibitions": {"id":8}},
"payment_routing_rules" : {"policies": {"id":1},"prohibitions": {"id":8}}
}

4
config/dominant/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:
@ -26,7 +26,7 @@ configMap:
hook:
enabled: true
image:
repository: docker.io/rbkmoney/holmes
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/holmes
tag: 99978815b561daaab33e6a35b9e300262186c78e
pullPolicy: IfNotPresent
kind: post-install

27
config/file-storage/entrypoint.sh.gotmpl Normal file
View File

@ -0,0 +1,27 @@
#!/bin/sh
set -ue
java \
"-XX:OnOutOfMemoryError=kill %p" -XX:+HeapDumpOnOutOfMemoryError \
-jar \
/opt/file-storage/file-storage.jar \
--logging.config=/opt/file-storage/logback.xml \
--management.security.flag=false \
--management.metrics.export.statsd.flavor=etsy \
--management.metrics.export.statsd.enabled=true \
--management.metrics.export.prometheus.enabled=true \
--management.endpoint.health.show-details=always \
--management.endpoint.metrics.enabled=true \
--management.endpoint.prometheus.enabled=true \
--management.endpoints.web.exposure.include=health,info,prometheus \
--spring.servlet.multipart.max-file-size=10MB \
--spring.servlet.multipart.max-request-size=10MB \
--storage.endpoint={{ .Values.services.s3.endpoint }} \
--storage.signingRegion={{ .Values.services.s3.region }} \
--storage.bucketName={{ .Values.services.s3.bucket }} \
--storage.accessKey={{ .Values.services.s3.accessKey }} \
--storage.secretKey={{ .Values.services.s3.secretKey }} \
--storage.client.protocol=HTTP \
--storage.clientMaxErrorRetry=5 \
${@} \
--spring.config.additional-location=/vault/secrets/application.properties \

4
config/file-storage/loggers.xml Normal file
View File

@ -0,0 +1,4 @@
<included>
<logger name="com.rbkmoney" level="INFO"/>
<logger name="com.rbkmoney.woody" level="INFO"/>
</included>

80
config/file-storage/values.yaml.gotmpl Normal file
View File

@ -0,0 +1,80 @@
# -*- mode: yaml -*-
replicaCount: 1
image:
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/file-storage
tag: d1d6c25f90d571a214eda243559cda5b8b78d9ec
pullPolicy: IfNotPresent
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
command: ["/opt/file-storage/entrypoint.sh"]
configMap:
data:
entrypoint.sh: |
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
volumes:
- name: config-volume
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
volumeMounts:
- name: config-volume
mountPath: /opt/file-storage/entrypoint.sh
subPath: entrypoint.sh
readOnly: true
- name: config-volume
mountPath: /opt/file-storage/logback.xml
subPath: logback.xml
readOnly: true
- name: config-volume
mountPath: /opt/file-storage/loggers.xml
subPath: loggers.xml
readOnly: true
service:
ports:
- name: api
port: 8022
- name: management
port: 8023
livenessProbe:
httpGet:
path: /actuator/health
port: management
readinessProbe:
httpGet:
path: /actuator/health
port: management
metrics:
serviceMonitor:
enabled: {{ .Values.services.global.metrics.enabled }}
namespace: {{ .Release.Namespace }}
additionalLabels:
release: prometheus
endpoints:
- port: "management"
path: /actuator/prometheus
scheme: http
ciliumPolicies:
- filters:
- port: 9000
type: TCP
name: minio
namespace: {{ .Release.Namespace }}

2
config/fistful-magista/entrypoint.sh → config/fistful-magista/entrypoint.sh.gotmpl
View File

@ -24,7 +24,7 @@ java \
--flyway.schemas=mst \
--identity-management.url=http://wapi-v0:8080/v1/identity \
--identity-management.timeout=5000 \
--kafka.bootstrap-servers=kafka:9092 \
--kafka.bootstrap-servers={{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }} \
--kafka.consumer.group-id=fistful-magista \
--kafka.consumer.concurrency=7 \
--kafka.max-poll-records=1 \

98
config/fistful-magista/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -18,17 +18,56 @@ runopts:
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
secret:
data:
db_config: |
{{- if .Values.services.postgres.external }}
spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/fistful-magista?sslmode=disable
spring.datasource.username={{ .Values.services.postgres.uniUser }}
spring.datasource.password={{ .Values.services.postgres.uniPassword }}
flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/fistful-magista?sslmode=disable
flyway.user={{ .Values.services.postgres.uniUser }}
flyway.password={{ .Values.services.postgres.uniPassword }}
flyway.schemas=mst
spring.flyway.schemas=mst
{{- end }}
{{- if .Values.services.kafka.ssl.enabled }}
kafka.ssl.enabled=true
kafka.ssl.key-store-location=/vault/secrets/kafka-keystore.p12
kafka.ssl.key-store-password={{ .Values.services.kafka.ssl.keystorePass }}
kafka.ssl.key-password={{ .Values.services.kafka.ssl.keyPass }}
kafka.ssl.key-store-type=PKCS12
kafka.ssl.trust-store-location=/vault/secrets/kafka-truststore.p12
kafka.ssl.trust-store-password={{ .Values.services.kafka.ssl.truststorePass }}
kafka.ssl.trust-store-type=PKCS12
{{- end }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-cert
secret:
secretName: {{ .Release.Name }}-kafka-cert
- name: kafka-ca
secret:
secretName: java-ca-kafka
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -43,6 +82,22 @@ volumeMounts:
mountPath: /opt/fistful-magista/loggers.xml
subPath: loggers.xml
readOnly: true
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-ca
subPath: kafka-truststore.p12
mountPath: /vault/secrets/kafka-truststore.p12
readOnly: true
- name: kafka-cert
subPath: {{ .Release.Name }}.p12
mountPath: /vault/secrets/kafka-keystore.p12
readOnly: true
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
ports:
@ -60,6 +115,7 @@ readinessProbe:
path: /actuator/health
port: management
{{- if .Values.services.vault.enabled }}
podAnnotations:
vault.hashicorp.com/role: "db-app"
vault.hashicorp.com/agent-inject: "true"
@ -75,6 +131,34 @@ podAnnotations:
flyway.schemas=mst
spring.flyway.schemas=mst
{{- end }}`}}
{{- end }}
{{ $domainWithNamespace := printf "%s.%s" .Release.Namespace .Values.services.ingress.rootDomain }}
{{ $ingressDomain := .Values.services.ingress.namespacedDomain | ternary $domainWithNamespace .Values.services.ingress.rootDomain }}
ingress:
enabled: true
annotations:
{{- if .Values.services.ingress.tls.letsEncrypt.enabled }}
cert-manager.io/cluster-issuer: {{ .Values.services.ingress.tls.letsEncrypt.issuer }}
{{- end }}
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Request-ID"
kubernetes.io/ingress.class: {{ .Values.services.ingress.class | quote }}
hosts:
- host: iddqd.{{ $ingressDomain | default "rbk.dev" }}
paths:
- /fistful/stat
{{- if .Values.services.ingress.tls.enabled }}
tls:
{{ if .Values.services.ingress.tls.letsEncrypt.enabled }}
- secretName: iddqd-{{ .Values.services.ingress.tls.secretName }}
{{- else }}
- secretName: {{ .Values.services.ingress.tls.secretName }}
{{- end }}
hosts:
- iddqd.{{ $ingressDomain | default "rbk.dev" }}
{{- end }}
servicePort: 8022
metrics:
serviceMonitor:
@ -116,13 +200,3 @@ ciliumPolicies:
type: TCP
name: wapi
namespace: {{ .Release.Namespace }}
##In case of kafka mTLS auth move it to vault template
# {{- /*
# kafka.ssl.enabled={{ kafka.ssl.enable }}
# kafka.ssl.key-store-location=/opt/{{ service_name }}/kafka-keystore.p12
# kafka.ssl.key-store-password="{{ service.keystore.pass }}"
# kafka.ssl.key-password="{{ service.keystore.pass }}"
# kafka.ssl.trust-store-location=/opt/{{ service_name }}/kafka-truststore.p12
# kafka.ssl.trust-store-password="{{ kafka.truststore.java.pass }}"
# */ -}}

30
config/fistful/values.yaml.gotmpl
View File

@ -7,7 +7,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:
@ -48,6 +48,34 @@ service:
- name: management
port: 8022
{{ $domainWithNamespace := printf "%s.%s" .Release.Namespace .Values.services.ingress.rootDomain }}
{{ $ingressDomain := .Values.services.ingress.namespacedDomain | ternary $domainWithNamespace .Values.services.ingress.rootDomain }}
ingress:
enabled: true
annotations:
{{- if .Values.services.ingress.tls.letsEncrypt.enabled }}
cert-manager.io/cluster-issuer: {{ .Values.services.ingress.tls.letsEncrypt.issuer }}
{{- end }}
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Request-ID"
kubernetes.io/ingress.class: {{ .Values.services.ingress.class | quote }}
hosts:
- host: iddqd.{{ $ingressDomain | default "rbk.dev" }}
paths:
- /v1/admin
{{- if .Values.services.ingress.tls.enabled }}
tls:
{{ if .Values.services.ingress.tls.letsEncrypt.enabled }}
- secretName: iddqd-{{ .Values.services.ingress.tls.secretName }}
{{- else }}
- secretName: {{ .Values.services.ingress.tls.secretName }}
{{- end }}
hosts:
- iddqd.{{ $ingressDomain | default "rbk.dev" }}
{{- end }}
servicePort: 8022
livenessProbe:
httpGet:
path: /health

4
config/fraudbusters-mgmt/entrypoint.sh → config/fraudbusters-mgmt/entrypoint.sh.gotmpl
View File

@ -8,7 +8,7 @@ java \
-jar \
/opt/fraudbusters-management/fraudbusters-management.jar \
--logging.config=/opt/fraudbusters-management/logback.xml \
--kafka.bootstrap.servers=kafka:9092 \
--kafka.bootstrap.servers={{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }} \
--kafka.topic.wblist.command=wb-list-command \
--kafka.topic.wblist.topic.event.sink=wb-list-event-sink \
--kafka.topic.fraudbusters.payment.template=fraud-template-command\
@ -41,4 +41,4 @@ java \
--keycloak.resource=fraudbusters-app \
--keycloak.auth-server-url=https://auth.{{ $ingressDomain | default "rbk.dev" }}/auth \
${@} \
--spring.config.additional-location=/vault/secrets/application.properties
--spring.config.additional-location=/vault/secrets/application.properties

4
config/fraudbusters-mgmt/values.yaml.gotmpl
View File

@ -11,7 +11,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -20,7 +20,7 @@ runopts:
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |

4
config/fraudbusters-warehouse/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -95,4 +95,4 @@ ciliumPolicies:
- port: 8123
type: TCP
name: clickhouse
namespace: {{ .Release.Namespace }}
namespace: {{ .Release.Namespace }}

2
config/fraudbusters/entrypoint.sh → config/fraudbusters/entrypoint.sh.gotmpl
View File

@ -16,7 +16,7 @@ java \
--spring.cache.cache-names=resolveCountry \
--spring.cache.caffeine.spec=maximumSize=500,expireAfterAccess=100s \
--kafka.ssl.enable=false \
--kafka.bootstrap.servers=kafka:9092 \
--kafka.bootstrap.servers={{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }} \
--kafka.aggr.payment.min.bytes=50000 \
--kafka.consumer.prefix=fraudbusters \
--kafka.max.retry.attempts=3 \

6
config/fraudbusters/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -22,7 +22,7 @@ env:
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |
@ -113,4 +113,4 @@ ciliumPolicies:
- port: 8123
type: TCP
name: clickhouse
namespace: {{ .Release.Namespace }}
namespace: {{ .Release.Namespace }}

2
config/hellgate/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

2
config/holmes/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
livenessProbe: null

2
config/hooker/entrypoint.sh → config/hooker/entrypoint.sh.gotmpl
View File

@ -23,7 +23,7 @@ java \
--service.invoicing.url=http://hellgate:8022/v1/processing/invoicing \
--service.customer.url=http://hellgate:8022/v1/processing/customer_management \
--service.fault-detector.url=http://fault-detector:8022/v1/fault-detector \
--kafka.bootstrap-servers=kafka:9092 \
--kafka.bootstrap-servers={{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }} \
--kafka.topics.invoice.id=mg-events-invoice \
--kafka.topics.invoice.enabled=true \
--kafka.topics.invoice.concurrency=7 \

69
config/hooker/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -18,17 +18,54 @@ runopts:
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
secret:
data:
db_config: |
{{- if .Values.services.postgres.external }}
spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/hooker?sslmode=disable
spring.datasource.username={{ .Values.services.postgres.uniUser }}
spring.datasource.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/hooker?sslmode=disable
spring.flyway.user={{ .Values.services.postgres.uniUser }}
spring.flyway.password={{ .Values.services.postgres.uniPassword }}
{{- end }}
{{- if .Values.services.kafka.ssl.enabled }}
kafka.ssl.enabled=true
kafka.ssl.key-store-location=/vault/secrets/kafka-keystore.p12
kafka.ssl.key-store-password={{ .Values.services.kafka.ssl.keystorePass }}
kafka.ssl.key-store-type=PKCS12
kafka.ssl.key-password={{ .Values.services.kafka.ssl.keyPass }}
kafka.ssl.trust-store-location=/vault/secrets/kafka-truststore.p12
kafka.ssl.trust-store-password={{ .Values.services.kafka.ssl.truststorePass }}
kafka.ssl.trust-store-type=PKCS12
{{- end }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-cert
secret:
secretName: {{ .Release.Name }}-kafka-cert
- name: kafka-ca
secret:
secretName: java-ca-kafka
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -43,6 +80,22 @@ volumeMounts:
mountPath: /opt/hooker/loggers.xml
subPath: loggers.xml
readOnly: true
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-ca
subPath: kafka-truststore.p12
mountPath: /vault/secrets/kafka-truststore.p12
readOnly: true
- name: kafka-cert
subPath: {{ .Release.Name }}.p12
mountPath: /vault/secrets/kafka-keystore.p12
readOnly: true
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
ports:
@ -61,6 +114,7 @@ readinessProbe:
path: /actuator/health
port: management
{{- if .Values.services.vault.enabled }}
podAnnotations:
vault.hashicorp.com/role: "db-app"
vault.hashicorp.com/agent-inject: "true"
@ -74,6 +128,7 @@ podAnnotations:
spring.flyway.user={{ .Data.username }}
spring.flyway.password={{ .Data.password }}
{{- end }}`}}
{{- end }}
metrics:
serviceMonitor:
@ -118,13 +173,3 @@ ciliumPolicies:
type: TCP
name: fault-detector
namespace: {{ .Release.Namespace }}
##In case of kafka mTLS auth move it to vault template
# {{- /*
# kafka.ssl.enabled={{ kafka.ssl.enable }}
# kafka.ssl.key-store-location=/opt/{{ service_name }}/kafka-keystore.p12
# kafka.ssl.key-store-password="{{ service.keystore.pass }}"
# kafka.ssl.key-password="{{ service.keystore.pass }}"
# kafka.ssl.trust-store-location=/opt/{{ service_name }}/kafka-truststore.p12
# kafka.ssl.trust-store-password="{{ kafka.truststore.java.pass }}"
# */ -}}

2
config/kafka/values.yaml.gotmpl
View File

@ -7,6 +7,7 @@ logRetentionHours: -1
podLabels:
selector.cilium.rbkmoney/release: {{ .Release.Name }}
clusterDomain: cluster.local
zookeeper:
## If true, install the Zookeeper chart alongside Kafka
## ref: https://github.com/kubernetes/charts/tree/master/incubator/zookeeper
@ -18,6 +19,7 @@ zookeeper:
replicaCount: 1
persistence:
enabled: true
clusterDomain: cluster.local
ciliumPolicies:
- filters:

14
config/kds/values.yaml.gotmpl
View File

@ -9,14 +9,22 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
{{- if .Values.services.global.pcidss.taints.enabled }}
tolerations:
- key: "{{ .Values.services.global.pcidss.taints.key }}"
operator: "Equal"
value: "{{ .Values.services.global.pcidss.taints.value }}"
effect: "NoSchedule"
{{- end }}
hook:
enabled: true
image:
repository: docker.io/rbkmoney/holmes
tag: 07f58e297c03bcd50dc4695ddbcfa4eb30c9928e
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/holmes
tag: 99978815b561daaab33e6a35b9e300262186c78e
pullPolicy: IfNotPresent
kind: post-install
command: "/opt/holmes/scripts/cds/keyring.py -a kds init"

8
config/keycloak/values.yaml.gotmpl
View File

@ -18,16 +18,16 @@ extraEnv: |
value: https://auth.{{ $ingressDomain | default "rbk.dev" }}/auth
- name: DB_VENDOR
value: postgres
- name: DB_ADDR
value: postgres-postgresql
- name: DB_PORT
value: "5432"
- name: DB_DATABASE
value: keycloak
- name: DB_ADDR
value: {{ .Values.services.postgres.endpoint | default "postgres-postgresql" }}
- name: DB_USER
value: postgres
value: {{ .Values.services.postgres.uniUser | default "postgres" }}
- name: DB_PASSWORD
value: "H@ckM3"
value: {{ .Values.services.postgres.uniPassword | default "H@ckM3" }}
- name: JAVA_OPTS
value: >-
-XX:+UseContainerSupport

2
config/limiter/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

10
config/machinegun/config.yaml.gotmpl
View File

@ -314,8 +314,14 @@ namespaces:
kafka:
default_kafka_client:
endpoints:
- host: "kafka-headless"
port: 9092
- host: "{{ .Values.services.kafka.endpoint | default "kafka" }}"
port: {{ .Values.services.kafka.port | default "9092" }}
{{- if .Values.services.kafka.ssl.enabled }}
ssl:
certfile: "/vault/secrets/kafka/tls.crt"
keyfile: "/vault/secrets/kafka/tls.key"
cacertfile: "/vault/secrets/ca.crt"
{{- end }}
producer:
compression: no_compression # 'gzip' or 'snappy' to enable compression
# How many message sets (per-partition) can be sent to kafka broker

19
config/machinegun/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:
@ -28,6 +28,14 @@ volumes:
- name: cookie-secret
secret:
secretName: {{ .Release.Name }}
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-cert
secret:
secretName: {{ .Release.Name }}-kafka-cert
- name: kafka-ca
secret:
secretName: erl-kafka-ca
{{- end }}
volumeMounts:
- name: config-volume
@ -38,6 +46,15 @@ volumeMounts:
mountPath: /opt/machinegun/etc/cookie
subPath: cookie
readOnly: true
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-ca
subPath: ca.crt
mountPath: /vault/secrets/ca.crt
readOnly: true
- name: kafka-cert
mountPath: /vault/secrets/kafka/
readOnly: true
{{- end }}
metrics:
serviceMonitor:

4
config/magista/entrypoint.sh → config/magista/entrypoint.sh.gotmpl
View File

@ -23,11 +23,11 @@ java \
--spring.datasource.hikari.maximum-pool-size=20 \
--flyway.schemas=mst \
--payouter.pooling.url=http://payouter:8022/repo \
--hellgate.url=http://hellgate:8022/v1/processing/partymgmt \
--hellgate.url=http://party-management:8022/v1/processing/partymgmt \
--hellgate.timeout=30000 \
--columbus.url=http://columbus:8022/repo \
--retry-policy.maxAttempts=-1 \
--kafka.bootstrap-servers=kafka:9092 \
--kafka.bootstrap-servers={{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }} \
--kafka.topics.invoicing=mg-events-invoice \
--kafka.client-id=magista \
--kafka.consumer.group-id=magista-invoicing-1 \

69
config/magista/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -18,17 +18,54 @@ runopts:
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
secret:
data:
db_config: |
{{- if .Values.services.postgres.external }}
spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/magista?sslmode=disable
spring.datasource.username={{ .Values.services.postgres.uniUser }}
spring.datasource.password={{ .Values.services.postgres.uniPassword }}
flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/magista?sslmode=disable
flyway.user={{ .Values.services.postgres.uniUser }}
flyway.password={{ .Values.services.postgres.uniPassword }}
{{- end }}
{{- if .Values.services.kafka.ssl.enabled }}
kafka.ssl.enabled=true
kafka.ssl.key-store-location=/vault/secrets/kafka-keystore.p12
kafka.ssl.key-store-password={{ .Values.services.kafka.ssl.keystorePass }}
kafka.ssl.key-store-type=PKCS12
kafka.ssl.key-password={{ .Values.services.kafka.ssl.keyPass }}
kafka.ssl.trust-store-location=/vault/secrets/kafka-truststore.p12
kafka.ssl.trust-store-password={{ .Values.services.kafka.ssl.truststorePass }}
kafka.ssl.trust-store-type=PKCS12
{{- end }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-cert
secret:
secretName: {{ .Release.Name }}-kafka-cert
- name: kafka-ca
secret:
secretName: java-ca-kafka
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -43,6 +80,22 @@ volumeMounts:
mountPath: /opt/magista/loggers.xml
subPath: loggers.xml
readOnly: true
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-ca
subPath: kafka-truststore.p12
mountPath: /vault/secrets/kafka-truststore.p12
readOnly: true
- name: kafka-cert
subPath: {{ .Release.Name }}.p12
mountPath: /vault/secrets/kafka-keystore.p12
readOnly: true
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
ports:
@ -61,6 +114,7 @@ readinessProbe:
path: /actuator/health
port: management
{{- if .Values.services.vault.enabled }}
podAnnotations:
vault.hashicorp.com/role: "db-app"
vault.hashicorp.com/agent-inject: "true"
@ -74,6 +128,7 @@ podAnnotations:
flyway.user={{ .Data.username }}
flyway.password={{ .Data.password }}
{{- end }}`}}
{{- end }}
metrics:
serviceMonitor:
@ -150,13 +205,3 @@ ciliumPolicies:
type: TCP
name: payouter
namespace: {{ .Release.Namespace }}
# add it to vault tamlate if kafka mTLS auth enable
#{{- /*
# --kafka.ssl.enabled={{ kafka.ssl.enable }}
# --kafka.ssl.key-store-location=/opt/{{ service_name }}/kafka-keystore.p12
# --kafka.ssl.key-store-password="{{ service.keystore.pass }}"
# --kafka.ssl.key-password="{{ service.keystore.pass }}"
# --kafka.ssl.trust-store-location=/opt/{{ service_name }}/kafka-truststore.p12
# --kafka.ssl.trust-store-password="{{ kafka.truststore.java.pass }}"
# */ -}}

8
config/messages/entrypoint.sh
View File

@ -8,13 +8,5 @@ java \
--logging.file=/var/log/messages/messages.json \
--logging.config=/opt/messages/logback.xml \
-Dwoody.node_id=1 \
--spring.datasource.url=jdbc:postgresql://postgres-postgresql:5432/messages?sslmode=disable \
--spring.datasource.username=postgres \
--spring.datasource.password=H@ckM3 \
--spring.flyway.url=jdbc:postgresql://postgres-postgresql:5432/messages?sslmode=disable \
--spring.flyway.user=postgres \
--spring.flyway.password=H@ckM3 \
--spring.flyway.schemas=msgs \
--flyway.schemas=msgs \
${@} \
--spring.config.additional-location=/vault/secrets/application.properties

76
config/messages/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -24,6 +24,22 @@ configMap:
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
{{- if .Values.services.postgres.external }}
secret:
data:
db_config: |
{{- if .Values.services.postgres.external }}
spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/messages?sslmode=disable
spring.datasource.username={{ .Values.services.postgres.uniUser }}
spring.datasource.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/messages?sslmode=disable
spring.flyway.user={{ .Values.services.postgres.uniUser }}
spring.flyway.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.schemas=msgs
flyway.schemas=msgs
{{- end }}
{{- end }}
env:
- name: LOGBACK_SERVICE_NAME
value: "messages"
@ -33,6 +49,11 @@ volumes:
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
{{- if .Values.services.postgres.external }}
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -47,6 +68,12 @@ volumeMounts:
mountPath: /opt/messages/loggers.xml
subPath: loggers.xml
readOnly: true
{{- if or .Values.services.postgres.external }}
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
ports:
@ -63,21 +90,23 @@ readinessProbe:
path: /actuator/health
port: api
# podAnnotations:
# vault.hashicorp.com/role: "db-app"
# vault.hashicorp.com/agent-inject: "true"
# vault.hashicorp.com/agent-inject-secret-application.properties: "database/creds/db-app-messages"
# vault.hashicorp.com/agent-inject-template-application.properties: |
# {{`{{- with secret "database/creds/db-app-messages" -}}
# spring.datasource.url=jdbc:postgresql://postgres-postgresql:5432/messages?sslmode=disable
# spring.datasource.username={{ .Data.username }}
# spring.datasource.password={{ .Data.password }}
# spring.flyway.url=jdbc:postgresql://postgres-postgresql:5432/messages?sslmode=disable
# spring.flyway.user={{ .Data.username }}
# spring.flyway.password={{ .Data.password }}
# spring.flyway.schemas=msgs
# flyway.schemas=msgs
# {{- end }}`}}
{{- if .Values.services.vault.enabled }}
podAnnotations:
vault.hashicorp.com/role: "db-app"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-secret-application.properties: "database/creds/db-app-messages"
vault.hashicorp.com/agent-inject-template-application.properties: |
{{`{{- with secret "database/creds/db-app-messages" -}}
spring.datasource.url=jdbc:postgresql://postgres-postgresql:5432/messages?sslmode=disable
spring.datasource.username={{ .Data.username }}
spring.datasource.password={{ .Data.password }}
spring.flyway.url=jdbc:postgresql://postgres-postgresql:5432/messages?sslmode=disable
spring.flyway.user={{ .Data.username }}
spring.flyway.password={{ .Data.password }}
spring.flyway.schemas=msgs
flyway.schemas=msgs
{{- end }}`}}
{{- end }}
{{ $domainWithNamespace := printf "%s.%s" .Release.Namespace .Values.services.ingress.rootDomain }}
{{ $ingressDomain := .Values.services.ingress.namespacedDomain | ternary $domainWithNamespace .Values.services.ingress.rootDomain }}
@ -122,26 +151,11 @@ ciliumPolicies:
type: TCP
name: postgres
namespace: {{ .Release.Namespace }}
- filters:
- port: 9092
rules:
kafka:
- role: consume
topics:
- claim-event-sink
type: TCP
name: kafka
namespace: {{ .Release.Namespace }}
- filters:
- port: 8200
type: TCP
name: vault
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP
name: hellgate
namespace: {{ .Release.Namespace }}
- filters:
- port: 8022
type: TCP

29
config/org-manager/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -34,6 +34,20 @@ configMap:
fetchKeycloakPubkey: |
{{- readFile "../api-common/fetch-keycloak-pubkey.sh" | nindent 6 }}
{{- if or .Values.services.postgres.external }}
secret:
data:
db_config: |
spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/org-manager?sslmode=disable
spring.datasource.username={{ .Values.services.postgres.uniUser }}
spring.datasource.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/org-manager?sslmode=disable
spring.flyway.user={{ .Values.services.postgres.uniUser }}
spring.flyway.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.schemas=org_manager
flyway.schemas=org_manager
{{- end }}
volumes:
- name: config-volume
configMap:
@ -41,6 +55,11 @@ volumes:
defaultMode: 0755
- name: keycloak-pubkey
emptyDir: {}
{{- if or .Values.services.postgres.external }}
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -58,6 +77,12 @@ volumeMounts:
- name: keycloak-pubkey
mountPath: /var/lib/org-manager/keys/keycloak
readOnly: true
{{- if or .Values.services.postgres.external }}
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
@ -79,6 +104,7 @@ readinessProbe:
path: /actuator/health
port: management
{{- if .Values.services.vault.enabled }}
podAnnotations:
vault.hashicorp.com/role: "db-app"
vault.hashicorp.com/agent-inject: "true"
@ -94,6 +120,7 @@ podAnnotations:
spring.flyway.schemas=org_manager
flyway.schemas=org_manager
{{- end }}`}}
{{- end }}
metrics:
serviceMonitor:

2
config/papi/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:

2
config/party-management/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

2
config/payform/values.yaml.gotmpl
View File

@ -8,7 +8,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
service:

6
config/payouter/entrypoint.sh → config/payouter/entrypoint.sh.gotmpl
View File

@ -10,10 +10,10 @@ java \
-Dwoody.node_id=346 \
--service.dominant.url=http://dominant:8022/v1/domain/repository_client \
--service.shumway.url=http://shumway:8022/shumpune \
--service.partyManagement.url=http://hellgate:8022/v1/processing/partymgmt \
--service.partyManagement.url=http://party-management:8022/v1/processing/partymgmt \
--service.fistful.url=http://fistful:8022/v1/admin \
--service.fistful.sourceId={{ service['service']['fistful']['sourceId'] }} \
--kafka.bootstrap-servers=kafka:9092 \
--service.fistful.sourceId=3 \
--kafka.bootstrap-servers={{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }} \
--kafka.topics.party-management.id=mg-events-party \
--kafka.topics.invoice.enabled=false \
--kafka.topics.party-management.enabled=false \

66
config/payouter/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -22,17 +22,61 @@ env:
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
secret:
data:
db_config: |
{{- if .Values.services.postgres.external }}
spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/payouter?sslmode=disable
spring.datasource.username={{ .Values.services.postgres.uniUser }}
spring.datasource.password={{ .Values.services.postgres.uniPassword}}
spring.flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/payouter?sslmode=disable
spring.flyway.user={{ .Values.services.postgres.uniUser }}
spring.flyway.password={{ .Values.services.postgres.uniPassword}}
spring.datasource.hikari.data-source-properties.prepareThreshold=0
spring.datasource.hikari.leak-detection-threshold=5300
flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/payouter?sslmode=disable
flyway.user={{ .Values.services.postgres.uniUser }}
flyway.password={{ .Values.services.postgres.uniPassword}}
flyway.schemas=sht
spring.flyway.schemas=sht
{{- end }}
{{- if .Values.services.kafka.ssl.enabled }}
kafka.ssl.enabled=true
kafka.ssl.key-store-location=/vault/secrets/kafka-keystore.p12
kafka.ssl.key-store-password={{ .Values.services.kafka.ssl.keystorePass }}
kafka.ssl.key-store-type=PKCS12
kafka.ssl.key-password={{ .Values.services.kafka.ssl.keyPass }}
kafka.ssl.trust-store-location=/vault/secrets/kafka-truststore.p12
kafka.ssl.trust-store-password={{ .Values.services.kafka.ssl.truststorePass }}
kafka.ssl.trust-store-type=PKCS12
{{- end }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-cert
secret:
secretName: {{ .Release.Name }}-kafka-cert
- name: kafka-ca
secret:
secretName: java-ca-kafka
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -47,6 +91,22 @@ volumeMounts:
mountPath: /opt/payouter/loggers.xml
subPath: loggers.xml
readOnly: true
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-ca
subPath: kafka-truststore.p12
mountPath: /vault/secrets/kafka-truststore.p12
readOnly: true
- name: kafka-cert
subPath: {{ .Release.Name }}.p12
mountPath: /vault/secrets/kafka-keystore.p12
readOnly: true
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
ports:
@ -65,6 +125,7 @@ readinessProbe: null
# path: /actuator/health
# port: management
{{- if .Values.services.vault.enabled }}
podAnnotations:
vault.hashicorp.com/role: "db-app"
vault.hashicorp.com/agent-inject: "true"
@ -85,6 +146,7 @@ podAnnotations:
flyway.schemas=sht
spring.flyway.schemas=sht
{{- end }}`}}
{{- end }}
metrics:
serviceMonitor:

2
config/proxy-mocket-inspector/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

10
config/proxy-mocketbank-mpi/values.yaml.gotmpl
View File

@ -9,9 +9,17 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
{{- if .Values.services.global.pcidss.taints.enabled }}
tolerations:
- key: "{{ .Values.services.global.pcidss.taints.key }}"
operator: "Equal"
value: "{{ .Values.services.global.pcidss.taints.value }}"
effect: "NoSchedule"
{{- end }}
configMap:
data:
entrypoint.sh: |

10
config/proxy-mocketbank/values.yaml.gotmpl
View File

@ -9,9 +9,17 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
{{- if .Values.services.global.pcidss.taints.enabled }}
tolerations:
- key: "{{ .Values.services.global.pcidss.taints.key }}"
operator: "Equal"
value: "{{ .Values.services.global.pcidss.taints.value }}"
effect: "NoSchedule"
{{- end }}
configMap:
data:
entrypoint.sh: |

2
config/questionary-aggr-proxy/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:

30
config/questionary/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -24,11 +24,31 @@ configMap:
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
{{- if or .Values.services.postgres.external }}
secret:
data:
db_config: |
spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/questionary?sslmode=disable
spring.datasource.username={{ .Values.services.postgres.uniUser }}
spring.datasource.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/questionary?sslmode=disable
spring.flyway.user={{ .Values.services.postgres.uniUser }}
spring.flyway.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.schemas=qs
flyway.schemas=qs
postgres.db.schema=qs
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
{{- if or .Values.services.postgres.external }}
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -43,6 +63,12 @@ volumeMounts:
mountPath: /opt/questionary/loggers.xml
subPath: loggers.xml
readOnly: true
{{- if or .Values.services.postgres.external }}
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
ports:
@ -61,6 +87,7 @@ readinessProbe:
path: /actuator/health
port: management
{{- if .Values.services.vault.enabled }}
podAnnotations:
vault.hashicorp.com/role: "db-app"
vault.hashicorp.com/agent-inject: "true"
@ -77,6 +104,7 @@ podAnnotations:
flyway.schemas=qs
postgres.db.schema=qs
{{- end }}`}}
{{- end }}
metrics:
serviceMonitor:

14
config/reporter/entrypoint.sh → config/reporter/entrypoint.sh.gotmpl
View File

@ -6,7 +6,7 @@ java \
-jar \
/opt/reporter/reporter.jar \
--logging.config=/opt/reporter/logback.xml \
--management.security.flag=false \
--management.security.enabled=false \
--management.metrics.export.statsd.flavor=etsy \
--management.metrics.export.statsd.enabled=true \
--management.metrics.export.prometheus.enabled=true \
@ -29,17 +29,17 @@ java \
--magista.timeout=700000 \
--domainConfig.url=http://dominant:8022/v1/domain/repository \
--domainConfig.timeout=30000 \
--storage.endpoint=eu-central-1.linodeobjects.com \
--storage.signingRegion=EU \
--storage.bucketName=files \
--storage.accessKey=YOUR_S3_ACCESS_KEY \
--storage.secretKey=YOUR_S3_SECRET_KEY \
--storage.endpoint={{ .Values.services.s3.endpoint }} \
--storage.signingRegion={{ .Values.services.s3.region }} \
--storage.bucketName={{ .Values.services.s3.bucket }} \
--storage.accessKey={{ .Values.services.s3.accessKey }} \
--storage.secretKey={{ .Values.services.s3.secretKey }} \
--storage.client.protocol=HTTP \
--payouter.polling.enabled=true \
--payouter.polling.url=http://payouter:8022/repo \
--hellgate.invoicing.url=http://hellgate:8022/v1/processing/invoicing \
--hellgate.invoicing.timeout=60000 \
--kafka.bootstrap-servers=kafka:9092 \
--kafka.bootstrap-servers=kafka-node-0001.dc1.xpay.local:9093 \
--kafka.topics.invoicing.enabled=true \
--kafka.topics.invoicing.id=mg-events-invoice \
--kafka.topics.invoicing.concurrency=10 \

65
config/reporter/values.yaml.gotmpl
View File

@ -3,27 +3,70 @@
replicaCount: 1
image:
repository: rbkmoney/reporter
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/reporter
tag: 6872c8d1bdce6b4e1d9d5e8eabc462bb2c6daa71
pullPolicy: IfNotPresent
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
command: ["/opt/reporter/entrypoint.sh"]
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
secret:
data:
db_config: |
{{- if .Values.services.postgres.external }}
spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/reporter?sslmode=disable
spring.datasource.username={{ .Values.services.postgres.uniUser }}
spring.datasource.password={{ .Values.services.postgres.uniPassword }}
flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/reporter?sslmode=disable
flyway.user={{ .Values.services.postgres.uniUser }}
flyway.password={{ .Values.services.postgres.uniPassword }}
flyway.schemas=rpt
{{- end }}
{{- if .Values.services.kafka.ssl.enabled }}
kafka.ssl.enabled=true
kafka.ssl.key-store-location=/vault/secrets/kafka-keystore.p12
kafka.ssl.key-store-password={{ .Values.services.kafka.ssl.keystorePass }}
kafka.ssl.key-store-type=PKCS12
kafka.ssl.key-password={{ .Values.services.kafka.ssl.keyPass }}
kafka.ssl.trust-store-location=/vault/secrets/kafka-truststore.p12
kafka.ssl.trust-store-password={{ .Values.services.kafka.ssl.truststorePass }}
kafka.ssl.trust-store-type=PKCS12
{{- end }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-cert
secret:
secretName: {{ .Release.Name }}-kafka-cert
- name: kafka-ca
secret:
secretName: java-ca-kafka
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -38,6 +81,22 @@ volumeMounts:
mountPath: /opt/reporter/loggers.xml
subPath: loggers.xml
readOnly: true
{{- if .Values.services.kafka.ssl.enabled }}
- name: kafka-ca
subPath: kafka-truststore.p12
mountPath: /vault/secrets/kafka-truststore.p12
readOnly: true
- name: kafka-cert
subPath: {{ .Release.Name }}.p12
mountPath: /vault/secrets/kafka-keystore.p12
readOnly: true
{{- end }}
{{- if or .Values.services.postgres.external .Values.services.kafka.ssl.enabled }}
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
ports:
@ -56,6 +115,7 @@ readinessProbe:
path: /actuator/health
port: management
{{- if .Values.services.vault.enabled }}
podAnnotations:
vault.hashicorp.com/role: "db-app"
vault.hashicorp.com/agent-inject: "true"
@ -70,6 +130,7 @@ podAnnotations:
flyway.password={{ .Data.password }}
flyway.schemas=rpt
{{- end }}`}}
{{- end }}
metrics:
serviceMonitor:

8
config/riak/values.yaml.gotmpl
View File

@ -3,8 +3,14 @@
replicaCount: 1
image:
repository: docker.io/rbkmoney/riak-base
repository: {{ .Values.services.global.registry.repository | default "docker.io/rbkmoney" }}/riak-base
tag: f5b757c2ec73c7db1460c94a17a20a3b5799fde6
pullPolicy: IfNotPresent
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:
data:

28
config/shumway/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -24,11 +24,29 @@ configMap:
logback.xml: |
{{- readFile "../logs/logback.xml" | nindent 6 }}
{{- if or .Values.services.postgres.external }}
secret:
data:
db_config: |
spring.datasource.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/shumway?sslmode=disable
spring.datasource.username={{ .Values.services.postgres.uniUser }}
spring.datasource.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.url=jdbc:postgresql://{{ .Values.services.postgres.endpoint | default "external-postgres" }}:5432/shumway?sslmode=disable
spring.flyway.user={{ .Values.services.postgres.uniUser }}
spring.flyway.password={{ .Values.services.postgres.uniPassword }}
spring.flyway.schemas=shm
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ .Release.Name }}
defaultMode: 0755
{{- if or .Values.services.postgres.external }}
- name: secret
secret:
secretName: {{ .Release.Name }}
{{- end }}
volumeMounts:
- name: config-volume
@ -43,6 +61,12 @@ volumeMounts:
mountPath: /opt/shumway/loggers.xml
subPath: loggers.xml
readOnly: true
{{- if or .Values.services.postgres.external }}
- name: secret
subPath: db_config
mountPath: /vault/secrets/application.properties
readOnly: true
{{- end }}
service:
type: ClusterIP
@ -62,6 +86,7 @@ readinessProbe:
path: /actuator/health
port: management
{{- if .Values.services.vault.enabled }}
podAnnotations:
vault.hashicorp.com/role: "db-app"
vault.hashicorp.com/agent-inject: "true"
@ -76,6 +101,7 @@ podAnnotations:
spring.flyway.password={{ .Data.password }}
spring.flyway.schemas=shm
{{- end }}`}}
{{- end }}
metrics:
serviceMonitor:

4
config/test-transaction/values.yaml.gotmpl
View File

@ -5,7 +5,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
imagePullSecrets: []
@ -52,7 +52,7 @@ serviceAccount:
cronjob:
enabled: true
image:
repository: docker.io/rbkmoney/test_transaction_v2
repository: {{ .Values.services.global.registry.repository | default "docker.io" }}/test_transaction_v2
tag: d00bb62cb1b685fc5227cdce224174bf21ef333f
pullPolicy: IfNotPresent
schedule: "*/1 * * * *"

2
config/token-keeper/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

2
config/url-shortener/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

10
config/wapi-pcidss-v0/values.yaml.gotmpl
View File

@ -7,9 +7,17 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
{{- if .Values.services.global.pcidss.taints.enabled }}
tolerations:
- key: "{{ .Values.services.global.pcidss.taints.key }}"
operator: "Equal"
value: "{{ .Values.services.global.pcidss.taints.value }}"
effect: "NoSchedule"
{{- end }}
configMap:
data:
sys.config: |

2
config/wapi-v0/values.yaml.gotmpl
View File

@ -8,7 +8,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
configMap:

2
config/wb-list-manager/entrypoint.sh → config/wb-list-manager/entrypoint.sh.gotmpl
View File

@ -10,7 +10,7 @@ java \
--management.security.enabled=false \
--riak.address=riak \
--riak.port=8087 \
--kafka.bootstrap.servers=kafka:9092 \
--kafka.bootstrap.servers={{ .Values.services.kafka.endpoint | default "kafka" }}:{{ .Values.services.kafka.port | default "9092" }} \
--management.metrics.export.statsd.enabled=false \
${@}

4
config/wb-list-manager/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:
@ -18,7 +18,7 @@ runopts:
configMap:
data:
entrypoint.sh: |
{{- readFile "entrypoint.sh" | nindent 6 }}
{{- tpl (readFile "entrypoint.sh.gotmpl") . | nindent 6 }}
loggers.xml: |
{{- readFile "loggers.xml" | nindent 6 }}
logback.xml: |

2
config/weezing/values.yaml.gotmpl
View File

@ -8,7 +8,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
service:

2
config/xrates/values.yaml.gotmpl
View File

@ -9,7 +9,7 @@ image:
{{ if .Values.services.global.registry.imagePullSecret }}
imagePullSecrets:
- {{ .Values.services.global.registry.imagePullSecret }}
- name: {{ .Values.services.global.registry.imagePullSecret }}
{{ end }}
runopts:

46
default.values.yaml
View File

@ -33,10 +33,52 @@ services:
registry:
repository: docker.io/rbkmoney
imagePullSecret: {}
# Set tolerations for pcidss services. Need manually set taints to pcidss nodes:
# kubectl taint nodes wrk1-dss wrk2-dss pcidss=true:NoSchedule
pcidss:
taints:
enabled: false
key: pcidss
value: true
vault:
# enabled:false switch getting postgres user and password from annotations to secret
enabled: true
dev: true
# Change in case of external splited riak clusters for CDS and Machinegun
riak:
riakMgAddress: riak
riakCdAddress: riak
# Enable postgresql external cluster with One user for any services
# TODO: split users
postgres:
external: false
# Values below uses only if postgres.external is true
endpoint: postgresql-postgres
uniUser: postgres
uniPassword: H@ckM3
# Enable external kafka cluster
kafka:
external: false
endpoint: kafka
port: 9092
ssl:
enabled: false
keystorePass: 12341234
# Set if differ from keystore password
keyPass: 12341234
truststorePass: 43214321
s3:
endpoint: minio:9000
region: EU
bucket: bucket-files
accessKey: user_01
secretKey: SomeSecretKeyFromS3AdminConsole
ingress:
# Ingressclass if have more than one controller:
class: "nginx"
@ -55,7 +97,3 @@ services:
# If use Lets Encrypt for cert this value will be used as suffix for secrets with certs
secretName: sometlssecret
riak:
splitDss: false
riakMgAddress: riak
riakCdAddress: riak

35
devstand.rbk.yaml
View File

@ -18,10 +18,43 @@ services:
registry:
repository: docker.io/rbkmoney
imagePullSecret: {}
pcidss:
taints:
enabled: false
key: pcidss
value: true
vault:
dev: true
riak:
riakMgAddress: riak
riakCdAddress: riak
# TODO: split users
postgres:
external: false
endpoint: postgresql-postgres
uniUser: postgres
uniPassword: H@ckM3
kafka:
external: false
endpoint: kafka:9092
ssl:
enabled: false
keystorePass: 12341234
keyPass: 12341234
truststorePass: 43214321
s3:
endpoint: minio:9000
region: EU
bucket: bucket-files
accessKey: user_01
secretKey: SomeSecretKeyFromS3AdminConsole
ingress:
class: "nginx"
rootDomain: dev.rbk.mn

2
helmfile.yaml
View File

@ -298,3 +298,5 @@ releases:
- {{ .Namespace | default "default" }}/party-management
- {{ .Namespace | default "default" }}/bouncer
- {{ .Namespace | default "default" }}/claim-management
- name: file-storage
<<: *generic_stateless