mirror of
https://github.com/valitydev/solar-values.git
synced 2024-11-06 02:25:23 +00:00
bump rules
This commit is contained in:
parent
33cf3b2451
commit
786bc20e1c
@ -124,3 +124,8 @@ ciliumPolicies:
|
||||
type: TCP
|
||||
name: hellgate
|
||||
namespace: {{ .Release.Namespace }}
|
||||
- filters:
|
||||
- port: 8022
|
||||
type: TCP
|
||||
name: payouter
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
@ -1,5 +1,5 @@
|
||||
{
|
||||
"realm": "internal",
|
||||
"realm": "external",
|
||||
"auth-server-url": "https://auth.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337/auth/",
|
||||
"ssl-required": "external",
|
||||
"resource": "control-center",
|
||||
|
@ -1,5 +1,5 @@
|
||||
{
|
||||
"realm": "internal",
|
||||
"realm": "external",
|
||||
"auth-server-url": "https://auth.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337/auth/",
|
||||
"ssl-required": "external",
|
||||
"resource": "koffing",
|
||||
|
@ -1529,10 +1529,10 @@
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"secret": "**********",
|
||||
"redirectUris": [
|
||||
"{{ .Values.services.keycloak.externalUrl }}/*"
|
||||
"https://dashboard.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337/*"
|
||||
],
|
||||
"webOrigins": [
|
||||
"{{ .Values.services.keycloak.externalUrl }}"
|
||||
"https://dashboard.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337"
|
||||
],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
@ -2225,10 +2225,10 @@
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"secret": "**********",
|
||||
"redirectUris": [
|
||||
"{{ .Values.services.keycloak.externalUrl }}/*"
|
||||
"https://auth.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337/*"
|
||||
],
|
||||
"webOrigins": [
|
||||
"{{ .Values.services.keycloak.externalUrl }}"
|
||||
"https://auth.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337"
|
||||
],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
@ -3133,10 +3133,10 @@
|
||||
"ssl": "false",
|
||||
"user": "no-reply@rbkmoney.com"
|
||||
},
|
||||
"loginTheme": "rbkmoney-hood",
|
||||
"accountTheme": "rbkmoney",
|
||||
"loginTheme": "keycloak",
|
||||
"accountTheme": "keycloak",
|
||||
"adminTheme": "keycloak",
|
||||
"emailTheme": "rbkmoney-hood",
|
||||
"emailTheme": "keycloak",
|
||||
"eventsEnabled": true,
|
||||
"eventsExpiration": 51840000,
|
||||
"eventsListeners": [
|
1863
config/keycloak-realms/internal.json.gotmpl
Normal file
1863
config/keycloak-realms/internal.json.gotmpl
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,7 @@
|
||||
# -*- mode: yaml -*-
|
||||
configMap:
|
||||
data:
|
||||
realms.json: |
|
||||
{{- tpl (readFile "realms.json.gotmpl") . | nindent 6 }}
|
||||
|
||||
internal.json: |
|
||||
{{- tpl (readFile "internal.json.gotmpl") . | nindent 6 }}
|
||||
external.json: |
|
||||
{{- tpl (readFile "external.json.gotmpl") . | nindent 6 }}
|
||||
|
@ -4,6 +4,9 @@ postgresql:
|
||||
podLabels:
|
||||
selector.cilium.rbkmoney/release: {{ .Release.Name }}
|
||||
|
||||
image:
|
||||
tag: 12.0.4
|
||||
|
||||
extraEnv: |
|
||||
- name: PROXY_ADDRESS_FORWARDING
|
||||
value: "true"
|
||||
@ -32,7 +35,7 @@ extraEnv: |
|
||||
-Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS
|
||||
-Djava.awt.headless=true
|
||||
- name: KEYCLOAK_IMPORT
|
||||
value: /realm/realms.json
|
||||
value: /realm/internal.json,/realm/external.json
|
||||
|
||||
extraVolumes: |
|
||||
- name: keycloak-realms-volume
|
||||
|
21
config/payouter/entrypoint.sh
Normal file
21
config/payouter/entrypoint.sh
Normal file
@ -0,0 +1,21 @@
|
||||
#!/bin/sh
|
||||
set -ue
|
||||
|
||||
java \
|
||||
"-XX:OnOutOfMemoryError=kill %p" -XX:+HeapDumpOnOutOfMemoryError \
|
||||
-jar /opt/payouter/payouter.jar \
|
||||
--logging.file=/var/log/payouter/payouter.json \
|
||||
--logging.config=/opt/payouter/logback.xml \
|
||||
--management.security.enabled=false \
|
||||
-Dwoody.node_id=346 \
|
||||
--service.dominant.url=http://dominant:8022/v1/domain/repository_client \
|
||||
--service.shumway.url=http://shumway:8022/shumpune \
|
||||
--kafka.bootstrap-servers=kafka:9092 \
|
||||
--kafka.topics.invoice.enabled=false \
|
||||
--kafka.topics.party-management.enabled=false \
|
||||
--kafka.topics.party-management.concurrency=5 \
|
||||
--kafka.client-id=payouter \
|
||||
--kafka.consumer.group-id=payouter-invoicing \
|
||||
--kafka.consumer.concurrency=5 \
|
||||
--kafka.consumer.auto-offset-reset=latest \
|
||||
--spring.config.additional-location=/vault/secrets/application.properties
|
4
config/payouter/loggers.xml
Normal file
4
config/payouter/loggers.xml
Normal file
@ -0,0 +1,4 @@
|
||||
<included>
|
||||
<logger name="com.rbkmoney" level="INFO"/>
|
||||
<logger name="com.rbkmoney.woody" level="INFO"/>
|
||||
</included>
|
131
config/payouter/values.yaml.gotmpl
Normal file
131
config/payouter/values.yaml.gotmpl
Normal file
@ -0,0 +1,131 @@
|
||||
# -*- mode: yaml -*-
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
repository: docker.io/rbkmoney/payouter
|
||||
tag: a0e37ad47ee5563008d2af47c58a9f117e941db0
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
runopts:
|
||||
command: ["/opt/payouter/entrypoint.sh"]
|
||||
|
||||
env:
|
||||
- name: LOGBACK_SERVICE_NAME
|
||||
value: "payouter"
|
||||
|
||||
configMap:
|
||||
data:
|
||||
entrypoint.sh: |
|
||||
{{- readFile "entrypoint.sh" | nindent 6 }}
|
||||
loggers.xml: |
|
||||
{{- readFile "loggers.xml" | nindent 6 }}
|
||||
logback.xml: |
|
||||
{{- readFile "../logs/logback.xml" | nindent 6 }}
|
||||
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: {{ .Release.Name }}
|
||||
defaultMode: 0755
|
||||
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /opt/payouter/entrypoint.sh
|
||||
subPath: entrypoint.sh
|
||||
readOnly: true
|
||||
- name: config-volume
|
||||
mountPath: /opt/payouter/logback.xml
|
||||
subPath: logback.xml
|
||||
readOnly: true
|
||||
- name: config-volume
|
||||
mountPath: /opt/payouter/loggers.xml
|
||||
subPath: loggers.xml
|
||||
readOnly: true
|
||||
|
||||
service:
|
||||
ports:
|
||||
- name: api
|
||||
port: 8022
|
||||
- name: management
|
||||
port: 8023
|
||||
|
||||
livenessProbe: null
|
||||
# httpGet:
|
||||
# path: /actuator/health
|
||||
# port: management
|
||||
|
||||
readinessProbe: null
|
||||
# httpGet:
|
||||
# path: /actuator/health
|
||||
# port: management
|
||||
|
||||
podAnnotations:
|
||||
vault.hashicorp.com/role: "db-app"
|
||||
vault.hashicorp.com/agent-inject: "true"
|
||||
vault.hashicorp.com/agent-inject-secret-application.properties: "database/creds/db-app-payouter"
|
||||
vault.hashicorp.com/agent-inject-template-application.properties: |
|
||||
{{`{{- with secret "database/creds/db-app-payouter" -}}
|
||||
spring.datasource.url=jdbc:postgresql://postgres-postgresql:5432/payouter?sslmode=disable
|
||||
spring.datasource.username={{ .Data.username }}
|
||||
spring.datasource.password={{ .Data.password }}
|
||||
spring.flyway.url=jdbc:postgresql://postgres-postgresql:5432/payouter?sslmode=disable
|
||||
spring.flyway.user={{ .Data.username }}
|
||||
spring.flyway.password={{ .Data.password }}
|
||||
spring.datasource.hikari.data-source-properties.prepareThreshold=0
|
||||
spring.datasource.hikari.leak-detection-threshold=5300
|
||||
flyway.url=jdbc:postgresql://postgres-postgresql:5432/payouter?sslmode=disable
|
||||
flyway.user={{ .Data.username }}
|
||||
flyway.password={{ .Data.password }}
|
||||
flyway.schemas=sht
|
||||
{{- end }}`}}
|
||||
|
||||
metrics:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
namespace: {{ .Release.Namespace }}
|
||||
additionalLabels:
|
||||
release: prometheus
|
||||
endpoints:
|
||||
- port: "management"
|
||||
path: /actuator/prometheus
|
||||
scheme: http
|
||||
|
||||
ciliumPolicies:
|
||||
- filters:
|
||||
- port: 5432
|
||||
type: TCP
|
||||
name: postgres
|
||||
namespace: {{ .Release.Namespace }}
|
||||
- filters:
|
||||
- port: 9092
|
||||
type: TCP
|
||||
name: kafka
|
||||
namespace: {{ .Release.Namespace }}
|
||||
- filters:
|
||||
- port: 8022
|
||||
type: TCP
|
||||
name: shumway
|
||||
namespace: {{ .Release.Namespace }}
|
||||
- filters:
|
||||
- port: 8022
|
||||
type: TCP
|
||||
name: dominant
|
||||
namespace: {{ .Release.Namespace }}
|
||||
- filters:
|
||||
- port: 8200
|
||||
type: TCP
|
||||
name: vault
|
||||
namespace: {{ .Release.Namespace }}
|
||||
- filters:
|
||||
- port: 8022
|
||||
type: TCP
|
||||
name: hellgate
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- /*
|
||||
- filters:
|
||||
- port: 8022
|
||||
type: TCP
|
||||
name: fault-detector
|
||||
namespace: {{ .Release.Namespace }}
|
||||
*/ -}}
|
@ -8,6 +8,7 @@ initdbScripts:
|
||||
CREATE DATABASE keycloak;
|
||||
CREATE DATABASE shumway;
|
||||
CREATE DATABASE hooker;
|
||||
CREATE DATABASE payouter;
|
||||
|
||||
#TODO: If bump version, change master to primary
|
||||
master:
|
||||
|
@ -47,3 +47,10 @@ readinessProbe:
|
||||
httpGet:
|
||||
path: /actuator/health
|
||||
port: api
|
||||
|
||||
ciliumPolicies:
|
||||
- filters:
|
||||
- port: 8022
|
||||
type: TCP
|
||||
name: cds
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
@ -4,7 +4,7 @@ replicaCount: 1
|
||||
|
||||
image:
|
||||
repository: docker.io/rbkmoney/proxy-mocketbank
|
||||
tag: 91953e1e9874a851816474b47ad0f123c7c936d1
|
||||
tag: 42361269e9a3b49c9e9dbfad0c04674e9d3787fb
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
configMap:
|
||||
|
@ -36,6 +36,23 @@ configMap:
|
||||
default_ttl="1h" \
|
||||
max_ttl="240h"
|
||||
|
||||
vault write database/config/payouter \
|
||||
plugin_name=postgresql-database-plugin \
|
||||
allowed_roles="*" \
|
||||
connection_url="postgresql://{{username}}:{{password}}@postgres-postgresql:5432/payouter?sslmode=disable" \
|
||||
username="postgres" \
|
||||
password="H@ckM3"
|
||||
vault write database/roles/db-app-payouter \
|
||||
db_name=payouter \
|
||||
creation_statements="CREATE SCHEMA IF NOT EXISTS sht;
|
||||
CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';
|
||||
GRANT CREATE ON DATABASE payouter TO \"{{name}}\";
|
||||
GRANT ALL ON SCHEMA sht TO \"{{name}}\";
|
||||
GRANT ALL ON ALL TABLES IN SCHEMA sht TO \"{{name}}\";
|
||||
GRANT ALL ON ALL SEQUENCES IN SCHEMA sht TO \"{{name}}\";" \
|
||||
default_ttl="1h" \
|
||||
max_ttl="240h"
|
||||
|
||||
vault auth enable kubernetes
|
||||
vault write auth/kubernetes/config \
|
||||
token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
|
||||
@ -56,3 +73,6 @@ configMap:
|
||||
path "database/creds/db-app-hooker" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
path "database/creds/db-app-payouter" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
@ -203,3 +203,6 @@ releases:
|
||||
tier: front
|
||||
needs:
|
||||
- {{ .Namespace | default "default" }}/keycloak
|
||||
- name: payouter
|
||||
<<: *generic_stateless_json
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user