From 8d125cf0c330ada04a84b88b71898fddc099b887 Mon Sep 17 00:00:00 2001 From: Vijay Date: Thu, 7 Aug 2025 20:43:21 +0530 Subject: [PATCH 1/2] fix: align core services parent values --- package-lock.json | 17 ++-- package.json | 9 +- sync-subchart-values.js | 214 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 231 insertions(+), 9 deletions(-) create mode 100644 sync-subchart-values.js diff --git a/package-lock.json b/package-lock.json index 7eb33daa2..2bfb1d100 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,11 +7,15 @@ "": { "name": "mojaloop-helm", "version": "1.0.0", - "license": "ISC", + "license": "Apache 2.0", + "dependencies": { + "yaml": "^2.8.1" + }, "devDependencies": { "eslint": "^9.20.1", "eslint-detailed-reporter": "^0.9.0", - "eslint-plugin-yml": "^1.17.0" + "eslint-plugin-yml": "^1.17.0", + "js-yaml": "^4.1.0" } }, "node_modules/@eslint-community/eslint-utils": { @@ -1131,16 +1135,15 @@ } }, "node_modules/yaml": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.7.0.tgz", - "integrity": "sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==", - "dev": true, + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz", + "integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==", "license": "ISC", "bin": { "yaml": "bin.mjs" }, "engines": { - "node": ">= 14" + "node": ">= 14.6" } }, "node_modules/yaml-eslint-parser": { diff --git a/package.json b/package.json index fc003067e..08986c92f 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,8 @@ "description": "[![Git Commit](https://img.shields.io/github/last-commit/mojaloop/helm.svg?style=flat)](https://github.com/mojaloop/helm/commits/main) [![Git Releases](https://img.shields.io/github/release/mojaloop/helm.svg?style=flat)](https://github.com/mojaloop/helm/releases) [![CircleCI](https://circleci.com/gh/mojaloop/helm.svg?style=svg)](https://circleci.com/gh/mojaloop/helm)", "main": "index.js", "scripts": { - "lint": "eslint test -f node_modules/eslint-detailed-reporter/lib/detailed.js -o test/lint.html" + "lint": "eslint test -f node_modules/eslint-detailed-reporter/lib/detailed.js -o test/lint.html", + "sync-subcharts": "node sync-subchart-values.js" }, "keywords": [], "author": "", @@ -12,6 +13,10 @@ "devDependencies": { "eslint": "^9.20.1", "eslint-detailed-reporter": "^0.9.0", - "eslint-plugin-yml": "^1.17.0" + "eslint-plugin-yml": "^1.17.0", + "js-yaml": "^4.1.0" + }, + "dependencies": { + "yaml": "^2.8.1" } } diff --git a/sync-subchart-values.js b/sync-subchart-values.js new file mode 100644 index 000000000..27ef6c4d1 --- /dev/null +++ b/sync-subchart-values.js @@ -0,0 +1,214 @@ +#!/usr/bin/env node + +const fs = require('fs'); +const path = require('path'); +const YAML = require('yaml'); + +/** + * Sync subchart values with parent chart values + * Usage: node sync-subchart-values.js + * Example: node sync-subchart-values.js ./centralledger + * + * Note: This script will preserve configuration values and the 'enabled' parameter + * positioning, but YAML comments will be lost during the sync process. This is + * a limitation of YAML parsing libraries that prioritize data integrity over + * comment preservation. + */ + +function readYamlFile(filePath) { + try { + const content = fs.readFileSync(filePath, 'utf8'); + return YAML.parse(content); + } catch (error) { + console.error(`Error reading ${filePath}:`, error.message); + return null; + } +} + +function writeYamlFile(filePath, data) { + try { + const yamlContent = YAML.stringify(data, { + indent: 2, + lineWidth: 0, + minContentWidth: 0, + commentString: '#', + nullStr: 'null', + simpleKeys: false + }); + fs.writeFileSync(filePath, yamlContent, 'utf8'); + return true; + } catch (error) { + console.error(`Error writing ${filePath}:`, error.message); + return false; + } +} + +function removeGlobalSection(obj) { + if (obj && typeof obj === 'object') { + if (Array.isArray(obj)) { + return obj.map(removeGlobalSection); + } else { + const newObj = {}; + for (const [key, value] of Object.entries(obj)) { + if (key !== 'global') { + newObj[key] = removeGlobalSection(value); + } + } + return newObj; + } + } + return obj; +} + +function syncSubchartValues(parentChartPath) { + const chartYamlPath = path.join(parentChartPath, 'Chart.yaml'); + const parentValuesPath = path.join(parentChartPath, 'values.yaml'); + + // Read parent Chart.yaml + const chartData = readYamlFile(chartYamlPath); + if (!chartData) { + console.error(`Failed to read Chart.yaml from ${parentChartPath}`); + return false; + } + + // Read parent values.yaml + const parentValues = readYamlFile(parentValuesPath); + if (!parentValues) { + console.error(`Failed to read values.yaml from ${parentChartPath}`); + return false; + } + + if (!chartData.dependencies) { + console.log('No dependencies found in Chart.yaml'); + return true; + } + + let hasChanges = false; + + // Process each dependency + for (const dependency of chartData.dependencies) { + const subchartName = dependency.name; + + // Determine the actual subchart folder path + let subchartFolderName = subchartName; + if (dependency.repository && dependency.repository.startsWith('file://./')) { + // Extract folder name from repository path (e.g., "file://./chart-service" -> "chart-service") + subchartFolderName = dependency.repository.replace('file://./', ''); + } + + const subchartPath = path.join(parentChartPath, subchartFolderName); + + // Check if subchart folder exists + if (!fs.existsSync(subchartPath) || !fs.statSync(subchartPath).isDirectory()) { + console.log(`Skipping ${subchartName}: folder ${subchartFolderName} not found`); + continue; + } + + const subchartValuesPath = path.join(subchartPath, 'values.yaml'); + + // Check if subchart values.yaml exists + if (!fs.existsSync(subchartValuesPath)) { + console.log(`Skipping ${subchartName}: values.yaml not found`); + continue; + } + + // Read subchart values + const subchartValues = readYamlFile(subchartValuesPath); + if (!subchartValues) { + console.log(`Skipping ${subchartName}: failed to read values.yaml`); + continue; + } + + // Remove global section from subchart values + const cleanedSubchartValues = removeGlobalSection(subchartValues); + + // Initialize parent section if it doesn't exist + if (!parentValues[subchartName]) { + parentValues[subchartName] = {}; + } + + // Preserve the enabled value if it exists (could be true, false, or undefined) + const wasEnabled = parentValues[subchartName].enabled; + + // Create new section with enabled at the beginning if it was previously set + const newSection = {}; + + // Add enabled first if it was previously set + if (wasEnabled !== undefined) { + newSection.enabled = wasEnabled; + } + + // Then add all other properties from subchart values, except enabled + for (const [key, value] of Object.entries(cleanedSubchartValues)) { + if (key !== 'enabled') { + newSection[key] = value; + } + } + + // If enabled wasn't previously set in parent, add it from subchart (if it exists) + if (wasEnabled === undefined && cleanedSubchartValues.enabled !== undefined) { + // Move enabled to the beginning + const { enabled, ...rest } = newSection; + parentValues[subchartName] = { enabled: cleanedSubchartValues.enabled, ...rest }; + } else { + parentValues[subchartName] = newSection; + } + + console.log(`✓ Synced ${subchartName}`); + hasChanges = true; + } + + // Write back the updated parent values + if (hasChanges) { + if (writeYamlFile(parentValuesPath, parentValues)) { + console.log(`✓ Updated ${parentValuesPath}`); + return true; + } else { + console.error(`Failed to write ${parentValuesPath}`); + return false; + } + } else { + console.log('No changes made'); + return true; + } +} + +function main() { + const args = process.argv.slice(2); + + if (args.length === 0) { + console.log('Usage: node sync-subchart-values.js '); + console.log('Example: node sync-subchart-values.js ./centralledger'); + process.exit(1); + } + + const parentChartPath = args[0]; + + if (!fs.existsSync(parentChartPath)) { + console.error(`Parent chart path does not exist: ${parentChartPath}`); + process.exit(1); + } + + if (!fs.statSync(parentChartPath).isDirectory()) { + console.error(`Parent chart path is not a directory: ${parentChartPath}`); + process.exit(1); + } + + console.log(`Syncing subchart values for: ${parentChartPath}`); + + const success = syncSubchartValues(parentChartPath); + + if (success) { + console.log('✓ Sync completed successfully'); + process.exit(0); + } else { + console.log('✗ Sync failed'); + process.exit(1); + } +} + +if (require.main === module) { + main(); +} + +module.exports = { syncSubchartValues }; From 4ba26c2bfb2e8b9ca2a75abdeed7a35423119f15 Mon Sep 17 00:00:00 2001 From: Vijay Date: Thu, 7 Aug 2025 20:44:01 +0530 Subject: [PATCH 2/2] fix: parent values using script --- account-lookup-service/values.yaml | 1142 +++++--------- centralledger/values.yaml | 2236 +++------------------------- centralsettlement/values.yaml | 931 ++---------- quoting-service/values.yaml | 475 ++---- 4 files changed, 777 insertions(+), 4007 deletions(-) diff --git a/account-lookup-service/values.yaml b/account-lookup-service/values.yaml index f60e6b10e..a24399128 100644 --- a/account-lookup-service/values.yaml +++ b/account-lookup-service/values.yaml @@ -1,80 +1,96 @@ account-lookup-service: enabled: true - # Default values for account-lookup-service. - # This is a YAML-formatted file. - # Declare variables to be passed into your templates. - image: registry: docker.io repository: mojaloop/account-lookup-service tag: v17.12.2 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/index.js", "server", "--api"]' - + diagnosticMode: + enabled: false + command: + - node + - src/index.js + - server + - --api + args: + - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} + debug: + internalPort: 9229 + port: 9229 nameOverride: "" fullnameOverride: "" - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - # - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## metric configuration for prometheus instrumentation + containerSecurityContext: + enabled: true + runAsUser: 1001 + readOnlyRootFilesystem: true + readinessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 60 + periodSeconds: 15 + livenessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 60 + periodSeconds: 15 + sidecar: + enabled: true + image: + repository: mojaloop/event-sidecar + tag: v14.2.0 + pullPolicy: IfNotPresent + command: '["npm", "run", "start"]' + service: + internalPort: 4001 + readinessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 120 + periodSeconds: 15 + livenessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 90 + periodSeconds: 15 + config: + event_log_grpc_host: localhost + event_log_grpc_port: 50051 + event_log_filter: audit:*, log:info, log:warn, log:error + event_log_metadata_only: true + log_level: info + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: true config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: account-lookup-service - config: + api_type: fspiop hub_participant: id: 1 name: Hub - ## Central-Ledger config - central_services_host: '$release_name-centralledger-service' + central_services_host: $release_name-centralledger-service central_services_port: 80 - # Log config log_level: info - log_transport: file - + log_transport: console error_handling: include_cause_extension: false truncate_extensions: true - + kafka_host: kafka + kafka_port: 9092 + kafka_partitioner: murmur2_random central_shared_end_point_cache: expiresIn: 180000 generateTimeout: 30000 @@ -87,23 +103,29 @@ account-lookup-service: enabled: false maxByteSize: 10000000 expiresIn: 61000 - - ## DB Configuration + protocol_versions: + CONTENT: + DEFAULT: "2.0" + VALIDATELIST: + - "1" + - "1.0" + - "1.1" + - "2" + - "2.0" + ACCEPT: + DEFAULT: "2" + VALIDATELIST: + - "1" + - "1.0" + - "1.1" + - "2" + - "2.0" db_type: mysql - db_driver: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: account_lookup - ## Secret-Management - ### Set this if you are using a clear text password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: account_lookup db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -114,37 +136,22 @@ account-lookup-service: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false - - # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept), - # and for generating requests/callbacks from the Switch itself (DEFAULT value) - protocol_versions: {"CONTENT": {"DEFAULT": "2.0", "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]}, "ACCEPT": {"DEFAULT": "2", "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]}} - + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false display_routes: true run_migrations: false - endpointSecurity: jwsSign: false - # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key. - # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored. - # Expected properties of `jwsSigningKeySecret` are `name` and `key`. jwsSigningKeySecret: null jwsSigningKey: null - # To generate this key: - # Private: - # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key - # Public: - # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub - # Should look like: - # -----BEGIN RSA PRIVATE KEY----- - # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R - # .. - # .. - # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4 - # -----END RSA PRIVATE KEY----- - # Thirdparty API Config featureEnableExtendedPartyIdType: false - - ## Proxy cache configuration + event_trace_vendor: mojaloop + event_log_filter: audit:*, log:warn, log:error + event_log_metadata_only: false + event_async_override: log,trace + event_trace_state_enabled: true + event_traceid_per_vendor: false proxy_cache: enabled: false type: redis-cluster @@ -152,241 +159,155 @@ account-lookup-service: cluster: - host: proxy-cache-redis port: 6379 - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] + handlers: + DISABLED: true + MONITORING_PORT: 4003 + TIMEOUT: + DISABLED: true + TIMEXP: "*/30 * * * * *" + TIMEZONE: UTC + BATCH_SIZE: 100 initContainers: | - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' - + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} + podLabels: {} + podAnnotations: {} service: internalPort: 4002 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: account-lookup-service.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - ## - # - secretName: chart-example-tls - # hosts: - # - chart-example.local + className: nginx resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi account-lookup-service-admin: enabled: true - # Default values for account-lookup-service. - # This is a YAML-formatted file. - # Declare variables to be passed into your templates. - image: registry: docker.io repository: mojaloop/account-lookup-service tag: v17.12.2 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/index.js", "server", "--admin"]' - + diagnosticMode: + enabled: false + command: + - node + - src/index.js + - server + - --admin + args: + - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} + debug: + internalPort: 9229 + port: 9229 nameOverride: "" fullnameOverride: "" - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - # - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## metric configuration for prometheus instrumentation + containerSecurityContext: + enabled: true + runAsUser: 1001 + readOnlyRootFilesystem: true + readinessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 60 + periodSeconds: 15 + livenessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 60 + periodSeconds: 15 + sidecar: + enabled: true + image: + repository: mojaloop/event-sidecar + tag: v14.2.0 + pullPolicy: IfNotPresent + command: '["npm", "run", "start"]' + service: + internalPort: 4003 + readinessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 120 + periodSeconds: 15 + livenessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 90 + periodSeconds: 15 + config: + event_log_grpc_host: localhost + event_log_grpc_port: 50051 + event_log_filter: audit:*, log:info, log:warn, log:error + event_log_metadata_only: true + log_level: info + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: true config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: account-lookup-service-admin - config: hub_participant: id: 1 name: Hub - ## Central-Ledger config - central_services_host: '$release_name-centralledger-service' + central_services_host: $release_name-centralledger-service central_services_port: 80 - + log_level: info + log_transport: console error_handling: include_cause_extension: false truncate_extensions: true - + protocol_versions: + CONTENT: + DEFAULT: "2.0" + VALIDATELIST: + - "1" + - "1.0" + - "1.1" + - "2" + - "2.0" + ACCEPT: + DEFAULT: "2" + VALIDATELIST: + - "1" + - "1.0" + - "1.1" + - "2" + - "2.0" + kafka_host: kafka + kafka_port: 9092 + kafka_partitioner: murmur2_random central_shared_end_point_cache: expiresIn: 180000 generateTimeout: 30000 @@ -399,22 +320,12 @@ account-lookup-service-admin: enabled: false maxByteSize: 10000000 expiresIn: 61000 - ## DB Configuration db_type: mysql - db_driver: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: account_lookup - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: account_lookup db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -425,41 +336,22 @@ account-lookup-service-admin: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false - - # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept), - # and for generating requests/callbacks from the Switch itself (DEFAULT value) - protocol_versions: {"CONTENT": {"DEFAULT": "2.0", "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]}, "ACCEPT": {"DEFAULT": "2", "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]}} - + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false display_routes: true run_migrations: false - endpointSecurity: jwsSign: false - # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key. - # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored. - # Expected properties of `jwsSigningKeySecret` are `name` and `key`. jwsSigningKeySecret: null jwsSigningKey: null - # To generate this key: - # Private: - # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key - # Public: - # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub - # Should look like: - # -----BEGIN RSA PRIVATE KEY----- - # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R - # .. - # .. - # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4 - # -----END RSA PRIVATE KEY----- - # Log config - log_level: info - log_transport: file - - # Thirdparty API Config + event_trace_vendor: mojaloop + event_log_filter: audit:*, log:warn, log:error + event_log_metadata_only: false + event_async_override: log,trace + event_trace_state_enabled: true + event_traceid_per_vendor: false featureEnableExtendedPartyIdType: false - - ## Proxy cache configuration proxy_cache: enabled: false type: redis-cluster @@ -467,51 +359,16 @@ account-lookup-service-admin: cluster: - host: proxy-cache-redis port: 6379 - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] + handlers: + DISABLED: true + MONITORING_PORT: 4003 + TIMEOUT: + DISABLED: true + TIMEXP: "*/30 * * * * *" + TIMEZONE: UTC + BATCH_SIZE: 100 initContainers: | - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -e 'select version()' ; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} - name: run-migration image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' imagePullPolicy: IfNotPresent @@ -531,203 +388,143 @@ account-lookup-service-admin: {{- else }} value: {{ .Values.config.db_password }} {{- end }} + {{- if .Values.config.db_ssl_enabled }} + - name: ALS_DATABASE__ADDITIONAL_CONNECTION_OPTIONS__ssl__rejectUnauthorized + value: {{ .Values.config.db_ssl_verify | quote}} + {{- if .Values.config.db_ssl_ca_secret }} + - name: ALS_DATABASE__ADDITIONAL_CONNECTION_OPTIONS__ssl__ca + valueFrom: + secretKeyRef: + name: '{{ .Values.config.db_ssl_ca_secret.name }}' + key: '{{ .Values.config.db_ssl_ca_secret.key }}' + {{- end }} + {{- end }} volumeMounts: - name: '{{ template "account-lookup-service-admin.fullname" . }}-config-volume' mountPath: /opt/app/config - + podLabels: {} + podAnnotations: {} service: internalPort: 4001 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: account-lookup-service-admin.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - ## - # - secretName: chart-example-tls - # hosts: - # - chart-example.local + className: nginx resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - account-lookup-service-handler-timeout: enabled: false - # Default values for account-lookup-service. - # This is a YAML-formatted file. - # Declare variables to be passed into your templates. - image: registry: docker.io repository: mojaloop/account-lookup-service - tag: v17.7.1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## + tag: v17.12.2 pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "handlers", "--timeout"]' - + diagnosticMode: + enabled: false + command: + - node + - src/handlers/index.js + - handlers + - --timeout + args: + - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} + debug: + internalPort: 9229 + port: 9229 nameOverride: "" fullnameOverride: "" - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - # - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## metric configuration for prometheus instrumentation + containerSecurityContext: + enabled: true + runAsUser: 1001 + readOnlyRootFilesystem: true + readinessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 60 + periodSeconds: 15 + livenessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 60 + periodSeconds: 15 + sidecar: + enabled: true + image: + repository: mojaloop/event-sidecar + tag: v14.2.0 + pullPolicy: IfNotPresent + command: '["npm", "run", "start"]' + service: + internalPort: 4001 + readinessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 120 + periodSeconds: 15 + livenessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 90 + periodSeconds: 15 + config: + event_log_grpc_host: localhost + event_log_grpc_port: 50051 + event_log_filter: audit:*, log:info, log:warn, log:error + event_log_metadata_only: true + log_level: info + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: true config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: account-lookup-service-handler-timeout - config: + api_type: fspiop hub_participant: id: 1 name: Hub - ## Central-Ledger config - central_services_host: '$release_name-centralledger-service' + central_services_host: $release_name-centralledger-service central_services_port: 80 - # Log config log_level: info - log_transport: file - + log_transport: console error_handling: include_cause_extension: false truncate_extensions: true - + kafka_host: kafka + kafka_port: 9092 + kafka_partitioner: murmur2_random central_shared_end_point_cache: expiresIn: 180000 generateTimeout: 30000 @@ -740,334 +537,155 @@ account-lookup-service-handler-timeout: enabled: false maxByteSize: 10000000 expiresIn: 61000 - - # ## DB Configuration - # db_type: mysql - # db_driver: mysql - # db_host: mysqldb - # db_port: 3306 - # db_user: account_lookup - # ## Secret-Management - # ### Set this if you are using a clear text password configured in the config section - # db_password: '' - # ### Configure this if you want to use a secret. Note, this will override the db_password, - # ### Use the next line if you do wish to use the db_password value instead. - # # db_secret: - # ### Example config for an existing secret - # # db_secret: - # # name: mysqldb - # # key: mysql-password - # db_database: account_lookup - # db_connection_pool_min: 10 - # db_connection_pool_max: 30 - # db_acquire_timeout_millis: 30000 - # db_create_timeout_millis: 30000 - # db_destroy_timeout_millis: 5000 - # db_idle_timeout_millis: 30000 - # db_reap_interval_millis: 1000 - # db_create_retry_interval_millis: 200 - # db_debug: false - - # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept), - # and for generating requests/callbacks from the Switch itself (DEFAULT value) - protocol_versions: {"CONTENT": {"DEFAULT": "2.0", "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]}, "ACCEPT": {"DEFAULT": "2", "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]}} - + protocol_versions: + CONTENT: + DEFAULT: "2.0" + VALIDATELIST: + - "1" + - "1.0" + - "1.1" + - "2" + - "2.0" + ACCEPT: + DEFAULT: "2" + VALIDATELIST: + - "1" + - "1.0" + - "1.1" + - "2" + - "2.0" + db_type: mysql + db_driver: mysql2 + db_host: mysqldb + db_port: 3306 + db_user: account_lookup + db_password: "" + db_database: account_lookup + db_connection_pool_min: 10 + db_connection_pool_max: 30 + db_acquire_timeout_millis: 30000 + db_create_timeout_millis: 30000 + db_destroy_timeout_millis: 5000 + db_idle_timeout_millis: 30000 + db_reap_interval_millis: 1000 + db_create_retry_interval_millis: 200 + db_debug: false + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false display_routes: true - # run_migrations: false - + run_migrations: false endpointSecurity: jwsSign: false - # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key. - # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored. - # Expected properties of `jwsSigningKeySecret` are `name` and `key`. jwsSigningKeySecret: null jwsSigningKey: null - # To generate this key: - # Private: - # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key - # Public: - # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub - # Should look like: - # -----BEGIN RSA PRIVATE KEY----- - # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R - # .. - # .. - # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4 - # -----END RSA PRIVATE KEY----- - # Thirdparty API Config featureEnableExtendedPartyIdType: false - - ## Proxy cache configuration + event_trace_vendor: mojaloop + event_log_filter: audit:*, log:warn, log:error + event_log_metadata_only: false + event_async_override: log,trace + event_trace_state_enabled: true + event_traceid_per_vendor: false proxy_cache: enabled: false - type: redis + type: redis-cluster proxyConfig: cluster: - host: proxy-cache-redis port: 6379 - handlers: - DISABLED: true + DISABLED: false MONITORING_PORT: 4003 TIMEOUT: - DISABLED: true + DISABLED: false TIMEXP: "*/30 * * * * *" - TIMEZONE: "UTC" + TIMEZONE: UTC BATCH_SIZE: 100 - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## initContainers: [] - # initContainers: | - # - name: wait-for-mysql - # image: mysql:9.0.1 - # imagePullPolicy: IfNotPresent - # command: - # - sh - # - -c - # - | - # until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; - # do - # echo --------------------; - # echo Waiting for MySQL...; - # sleep 2; - # done; - # echo ====================; - # echo MySQL ok!; - # env: - # - name: DB_HOST - # value: '{{ .Values.config.db_host }}' - # - name: DB_PORT - # value: '{{ .Values.config.db_port }}' - # - name: DB_USER - # value: '{{ .Values.config.db_user }}' - # - name: DB_PASSWORD - # {{- if .Values.config.db_secret }} - # valueFrom: - # secretKeyRef: - # name: '{{ .Values.config.db_secret.name }}' - # key: '{{ .Values.config.db_secret.key }}' - # {{- else }} - # value: {{ .Values.config.db_password }} - # {{- end }} - # - name: DB_DATABASE - # value: '{{ .Values.config.db_database }}' - + podLabels: {} + podAnnotations: {} service: internalPort: 4003 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: account-lookup-service-handler-timeout.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - ## - # - secretName: chart-example-tls - # hosts: - # - chart-example.local + className: nginx resources: {} - als-oracle-pathfinder: enabled: false - # Declare variables to be passed into your templates. image: repository: mojaloop/als-oracle-pathfinder tag: v12.3.1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "/opt/app/src/index.js"]' - - ## Enable diagnostic mode in the deployment - ## diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - /opt/app/src/index.js - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - ## @param diagnosticMode.debug config to override all debug information - ## debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: / initialDelaySeconds: 45 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: / initialDelaySeconds: 45 periodSeconds: 15 - config: db: - type: 'mysql' - driver: 'mysql' + type: mysql + driver: mysql central_ledger: - host: '$release_name-centralledger-mysql' - port: '3306' - database: 'central_ledger' - user: 'central_ledger' - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # secret: - ### Example config for an existing secret - # secret: - # name: mysqldb - # key: mysql-password + host: $release_name-centralledger-mysql + port: "3306" + database: central_ledger + user: central_ledger + password: "" account_lookup: - host: '$release_name-account-lookup-mysql' - port: '3306' - database: 'account_lookup' - user: 'account_lookup' - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # secret: - ### Example config for an existing secret - # secret: - # name: mysqldb - # key: mysql-password - log_level: 'info' - + host: $release_name-account-lookup-mysql + port: "3306" + database: account_lookup + user: account_lookup + password: "" + log_level: info pathfinder: - # Example host IP to be replaced by valid IP - host: 'localhost' + host: localhost port: 7007 queryTimeoutMs: 10000 tls: certs: - # These are example keys, please get valid keys for your deployment client_cert: |- -----BEGIN CERTIFICATE----- MIIDejCCAmICCQClh6JWji+/NjANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJV @@ -1163,27 +781,11 @@ als-oracle-pathfinder: gBabAqScAeoqssFv4bsWINawn/7JvmFEb4kwep6pIf9Lh/rkCgsgyq2xEh/9LXNs eCgyt9zbdU2HwsWnoOUEJ0Z4157ykgOkECCGErKl -----END CERTIFICATE----- - # rejectUnauthorized should be true in production rejectUnauthorized: false - # The following paths are all relative to this directory containing the values file - client_cert_path: '/opt/app/secrets/client_cert.pem' - client_key_path: '/opt/app/secrets/client_key.pem' - root_cert_path: '/opt/app/secrets/pathfinder_cert.pem' - # Intermediate cert is optional, but will likely be required for mutual auth if - # rejectUnauthorized is true, as Neustar's certificate doesn't seem to have been signed by any - # certs in the Mozilla bundle, which is used by Node as default. - intermediate_cert_path: '/opt/app/secrets/pathfinder_intermediate_cert.pem' - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] + client_cert_path: /opt/app/secrets/client_cert.pem + client_key_path: /opt/app/secrets/client_key.pem + root_cert_path: /opt/app/secrets/pathfinder_cert.pem + intermediate_cert_path: /opt/app/secrets/pathfinder_intermediate_cert.pem initContainers: | - name: wait-for-mysql-central-ledger image: mysql:9.0.1 @@ -1313,82 +915,32 @@ als-oracle-pathfinder: value: '{{ .Values.config.db.account_lookup.database }}' - name: SERVICE_NAME value: '{{ include "als-oracle-pathfinder.name" . }}' - service: type: ClusterIP name: http-api port: 80 - annotations: {} - - # This allows one to point the service to an external backend. - # This is useful for local development where one wishes to hijack - # the communication from the service to the node layer and point - # to a specific endpoint (IP, Port, etc). external: enabled: false - # 10.0.2.2 is the magic IP for the host on virtualbox's network ip: 10.0.2.2 ports: provisioning: name: http-api externalPort: 3000 - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: als-oracle-pathfinder.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - ## + className: nginx resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi diff --git a/centralledger/values.yaml b/centralledger/values.yaml index 1b7dfa25b..60786242e 100644 --- a/centralledger/values.yaml +++ b/centralledger/values.yaml @@ -1,106 +1,43 @@ -# Default values for central-ledger. -# This is a YAML-formatted file. - -# Declare global configurations global: {} - -# Declare variables to be passed into your templates. - centralledger-service: - # Default values for central-ledger. - # This is a YAML-formatted file. - - # Declare variables to be passed into your templates. enabled: true - image: registry: docker.io repository: mojaloop/central-ledger tag: v19.8.3 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/api/index.js"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - src/api/index.js - - ## @param diagnosticMode.debug config to override all debug information - ## debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context - ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser - ## containerSecurityContext: enabled: true runAsUser: 1001 - + readOnlyRootFilesystem: true sidecar: enabled: false image: @@ -125,51 +62,30 @@ centralledger-service: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: true config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-service - config: - ## Forensic Logging sidecar - # this is for Forensic Logging Sidecar forensicloggingsidecar_disabled: true forensicloggingsidecar_host: forensicloggingsidecar-ledger forensicloggingsidecar_port: 5678 - - ## Error handling Configuration error_handling: include_cause_extension: false truncate_extensions: true - - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql' + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -180,48 +96,28 @@ centralledger-service: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false - - ## Hub Configuration + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false hub_participant: id: 1 name: Hub - - ## MongoDB Configuration for Object Store objstore_disabled: true - mongo_host: 'cep-mongodb' + mongo_host: cep-mongodb mongo_port: 27017 mongo_user: mojaloop - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - mongo_password: '' - ### Configure this if you want to use a secret. Note, this will override the secret, - ### Use the next line if you do wish to use the secret value instead. - # mongo_secret: - ### Example config for an existing secret - # mongo_secret: - # name: cep-mongodb - # key: mongodb-passwords + mongo_password: "" mongo_database: mlos - - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 - kafka_partitioner: 'murmur2_random' - - ## Log Configuration + kafka_partitioner: murmur2_random log_level: info - log_filter: 'error, warn, info' - log_transport: file - ## Enable local logging of events being recorded + log_filter: error, warn, info + log_transport: console log_events_locally_enabled: false - - ## Cache configuration cache_enabled: false cache_max_byte_size: 10000000 cache_expires_in_ms: 1000 - - ## Proxy cache configuration proxy_cache: enabled: false type: redis-cluster @@ -229,273 +125,94 @@ centralledger-service: cluster: - host: proxy-cache-redis port: 6379 - - ## Tracing Configuration event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] initContainers: | - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -e 'select version()' ; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' - + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} + podLabels: {} + podAnnotations: {} service: internalPort: 3001 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-ledger.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} - + migration: + restartPolicy: OnFailure + backoffLimit: 1 + annotations: + helm.sh/hook: pre-install,pre-upgrade centralledger-handler-transfer-prepare: - # Default values for central-ledger. - # This is a YAML-formatted file. - - # Declare variables to be passed into your templates. enabled: true - image: registry: docker.io repository: mojaloop/central-ledger tag: v19.8.3 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "handler", "--prepare"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## + rollingUpdate: + override: true + maxUnavailable: 20% + maxSurge: 20% diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - src/handlers/index.js - handler - - '--prepare' - - ## @param diagnosticMode.debug config to override all debug information - ## + - --prepare debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context - ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser - ## containerSecurityContext: enabled: true runAsUser: 1001 - + readOnlyRootFilesystem: true sidecar: enabled: true image: @@ -520,51 +237,30 @@ centralledger-handler-transfer-prepare: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: true config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-handler-prepare - config: - ## Forensic Logging sidecar - # this is for Forensic Logging Sidecar forensicloggingsidecar_disabled: true forensicloggingsidecar_host: forensicloggingsidecar-ledger forensicloggingsidecar_port: 5678 - - ## Error handling Configuration error_handling: include_cause_extension: false truncate_extensions: true - - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql' + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -575,57 +271,33 @@ centralledger-handler-transfer-prepare: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false - - ## Hub Configuration + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false hub_participant: id: 1 name: Hub - - ## MongoDB Configuration for Object Store objstore_disabled: true - mongo_host: 'cep-mongodb' + mongo_host: cep-mongodb mongo_port: 27017 mongo_user: mojaloop - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - mongo_password: '' - ### Configure this if you want to use a secret. Note, this will override the secret, - ### Use the next line if you do wish to use the secret value instead. - # mongo_secret: - ### Example config for an existing secret - # mongo_secret: - # name: cep-mongodb - # key: mongodb-passwords + mongo_password: "" mongo_database: mlos - - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 - kafka_partitioner: 'murmur2_random' - - ## Node Configuration - log_level: 'info' - log_filter: 'error, warn, info' - log_transport: file - - ## Tracing Configuration + kafka_partitioner: murmur2_random + log_level: info + log_filter: error, warn, info + log_transport: console event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## Cache configuration cache_enabled: false cache_max_byte_size: 10000000 cache_expires_in_ms: 1000 - - ## Proxy cache configuration proxy_cache: enabled: false type: redis-cluster @@ -633,20 +305,7 @@ centralledger-handler-transfer-prepare: cluster: - host: proxy-cache-redis port: 6379 - - ## Enable On-Us transfers enable_on_us_transfers: false - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] initContainers: | - name: wait-for-kafka image: solsson/kafka:2.8.1 @@ -667,250 +326,83 @@ centralledger-handler-transfer-prepare: value: '{{ .Values.config.kafka_host }}' - name: KAFKA_PORT value: '{{ .Values.config.kafka_port }}' - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' - + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} + podLabels: {} + podAnnotations: {} service: internalPort: 3001 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-ledger-transfer-prepare.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} - + usePdb: false centralledger-handler-transfer-position: - # Default values for central-ledger. - # This is a YAML-formatted file. - - # Declare variables to be passed into your templates. enabled: true - image: registry: docker.io repository: mojaloop/central-ledger tag: v19.8.3 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "handler", "--position"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## + rollingUpdate: + override: true + maxUnavailable: 20% + maxSurge: 20% diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - src/handlers/index.js - handler - - '--position' - - ## @param diagnosticMode.debug config to override all debug information - ## + - --position debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context - ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser - ## containerSecurityContext: enabled: true runAsUser: 1001 - + readOnlyRootFilesystem: true sidecar: enabled: true image: @@ -935,51 +427,30 @@ centralledger-handler-transfer-position: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: true config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-handler-position - config: - ## Forensic Logging sidecar - # this is for Forensic Logging Sidecar forensicloggingsidecar_disabled: true forensicloggingsidecar_host: forensicloggingsidecar-ledger forensicloggingsidecar_port: 5678 - - ## Error handling Configuration error_handling: include_cause_extension: false truncate_extensions: true - - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql' + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -990,57 +461,33 @@ centralledger-handler-transfer-position: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false - - ## Hub Configuration + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false hub_participant: id: 1 name: Hub - - ## MongoDB Configuration for Object Store objstore_disabled: true - mongo_host: 'cep-mongodb' + mongo_host: cep-mongodb mongo_port: 27017 mongo_user: mojaloop - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - mongo_password: '' - ### Configure this if you want to use a secret. Note, this will override the secret, - ### Use the next line if you do wish to use the secret value instead. - # mongo_secret: - ### Example config for an existing secret - # mongo_secret: - # name: cep-mongodb - # key: mongodb-passwords + mongo_password: "" mongo_database: mlos - - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 - kafka_partitioner: 'murmur2_random' - - ## Node Configuration - log_level: 'info' - log_filter: 'error, warn, info' - log_transport: file - - ## Tracing Configuration + kafka_partitioner: murmur2_random + log_level: info + log_filter: error, warn, info + log_transport: console event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## Cache configuration cache_enabled: false cache_max_byte_size: 10000000 cache_expires_in_ms: 1000 - - ## Proxy cache configuration proxy_cache: enabled: false type: redis-cluster @@ -1048,17 +495,6 @@ centralledger-handler-transfer-position: cluster: - host: proxy-cache-redis port: 6379 - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] initContainers: | - name: wait-for-kafka image: solsson/kafka:2.8.1 @@ -1079,250 +515,84 @@ centralledger-handler-transfer-position: value: '{{ .Values.config.kafka_host }}' - name: KAFKA_PORT value: '{{ .Values.config.kafka_port }}' - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' - + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} + podLabels: {} + podAnnotations: {} service: internalPort: 3001 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-ledger-transfer-position.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} - + usePdb: false centralledger-handler-transfer-position-batch: - # Default values for central-ledger. - # This is a YAML-formatted file. - - # Declare variables to be passed into your templates. enabled: false - + nameOverride: handler-pos-batch image: registry: docker.io repository: mojaloop/central-ledger - tag: v19.0.6 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## + tag: v19.8.0 pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "handler", "--positionbatch"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## + rollingUpdate: + override: true + maxUnavailable: 20% + maxSurge: 20% diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - src/handlers/index.js - handler - - '--positionbatch' - - ## @param diagnosticMode.debug config to override all debug information - ## + - --positionbatch debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context - ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser - ## containerSecurityContext: enabled: true runAsUser: 1001 - + readOnlyRootFilesystem: true sidecar: enabled: true image: @@ -1347,51 +617,30 @@ centralledger-handler-transfer-position-batch: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: true config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-handler-position - config: - ## Forensic Logging sidecar - # this is for Forensic Logging Sidecar forensicloggingsidecar_disabled: true forensicloggingsidecar_host: forensicloggingsidecar-ledger forensicloggingsidecar_port: 5678 - - ## Error handling Configuration error_handling: include_cause_extension: false truncate_extensions: true - - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql' + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -1402,57 +651,33 @@ centralledger-handler-transfer-position-batch: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false - - ## Hub Configuration + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false hub_participant: id: 1 name: Hub - - ## MongoDB Configuration for Object Store objstore_disabled: true - mongo_host: 'cep-mongodb' + mongo_host: cep-mongodb mongo_port: 27017 mongo_user: mojaloop - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - mongo_password: '' - ### Configure this if you want to use a secret. Note, this will override the secret, - ### Use the next line if you do wish to use the secret value instead. - # mongo_secret: - ### Example config for an existing secret - # mongo_secret: - # name: cep-mongodb - # key: mongodb-passwords + mongo_password: "" mongo_database: mlos - - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 - kafka_partitioner: 'murmur2_random' - - ## Node Configuration - log_level: 'info' - log_filter: 'error, warn, info' - log_transport: file - - ## Tracing Configuration + kafka_partitioner: murmur2_random + log_level: info + log_filter: error, warn, info + log_transport: console event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## Cache configuration cache_enabled: false cache_max_byte_size: 10000000 cache_expires_in_ms: 1000 - - ## Proxy cache configuration proxy_cache: enabled: false type: redis-cluster @@ -1460,23 +685,8 @@ centralledger-handler-transfer-position-batch: cluster: - host: proxy-cache-redis port: 6379 - - ## Batch configuration - # The batch size to be requested by the Kafka consumer. batch_size: 100 - # Maximum amount of time to wait for a messages to be received by consumer. batch_consume_timeout_in_ms: 10 - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] initContainers: | - name: wait-for-kafka image: solsson/kafka:2.8.1 @@ -1497,250 +707,83 @@ centralledger-handler-transfer-position-batch: value: '{{ .Values.config.kafka_host }}' - name: KAFKA_PORT value: '{{ .Values.config.kafka_port }}' - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' - + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} + podLabels: {} + podAnnotations: {} service: internalPort: 3001 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-ledger-transfer-position.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} - + usePdb: false centralledger-handler-transfer-get: - # Default values for central-ledger. - # This is a YAML-formatted file. - - # Declare variables to be passed into your templates. enabled: true - image: registry: docker.io repository: mojaloop/central-ledger tag: v19.8.3 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "handler", "--get"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## + rollingUpdate: + override: true + maxUnavailable: 20% + maxSurge: 20% diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - src/handlers/index.js - handler - - '--get' - - ## @param diagnosticMode.debug config to override all debug information - ## + - --get debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context - ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser - ## containerSecurityContext: enabled: true runAsUser: 1001 - + readOnlyRootFilesystem: true sidecar: enabled: true image: @@ -1765,51 +808,30 @@ centralledger-handler-transfer-get: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: false config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-handler-get - config: - ## Forensic Logging sidecar - # this is for Forensic Logging Sidecar forensicloggingsidecar_disabled: true forensicloggingsidecar_host: forensicloggingsidecar-ledger forensicloggingsidecar_port: 5678 - - ## Error handling Configuration error_handling: include_cause_extension: false truncate_extensions: true - - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql' + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -1820,57 +842,33 @@ centralledger-handler-transfer-get: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false - - ## Hub Configuration + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false hub_participant: id: 1 name: Hub - - ## MongoDB Configuration for Object Store objstore_disabled: true - mongo_host: 'cep-mongodb' + mongo_host: cep-mongodb mongo_port: 27017 mongo_user: mojaloop - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - mongo_password: '' - ### Configure this if you want to use a secret. Note, this will override the secret, - ### Use the next line if you do wish to use the secret value instead. - # mongo_secret: - ### Example config for an existing secret - # mongo_secret: - # name: cep-mongodb - # key: mongodb-passwords + mongo_password: "" mongo_database: mlos - - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 - kafka_partitioner: 'murmur2_random' - - ## Node Configuration - log_level: 'info' - log_filter: 'error, warn, info' - log_transport: file - - ## Condig for tracing + kafka_partitioner: murmur2_random + log_level: info + log_filter: error, warn, info + log_transport: console event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## Cache configuration cache_enabled: false cache_max_byte_size: 10000000 cache_expires_in_ms: 1000 - - ## Proxy cache configuration proxy_cache: enabled: false type: redis-cluster @@ -1878,17 +876,6 @@ centralledger-handler-transfer-get: cluster: - host: proxy-cache-redis port: 6379 - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] initContainers: | - name: wait-for-kafka image: solsson/kafka:2.8.1 @@ -1909,250 +896,83 @@ centralledger-handler-transfer-get: value: '{{ .Values.config.kafka_host }}' - name: KAFKA_PORT value: '{{ .Values.config.kafka_port }}' - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' - + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} + podLabels: {} + podAnnotations: {} service: internalPort: 3001 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-ledger-transfer-get.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} - + usePdb: false centralledger-handler-transfer-fulfil: - # Default values for central-ledger. - # This is a YAML-formatted file. - - # Declare variables to be passed into your templates. enabled: true - image: registry: docker.io repository: mojaloop/central-ledger tag: v19.8.3 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "handler", "--fulfil"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## + rollingUpdate: + override: true + maxUnavailable: 20% + maxSurge: 20% diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - src/handlers/index.js - handler - - '--fulfil' - - ## @param diagnosticMode.debug config to override all debug information - ## + - --fulfil debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context - ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser - ## containerSecurityContext: enabled: true runAsUser: 1001 - + readOnlyRootFilesystem: true sidecar: enabled: false image: @@ -2177,51 +997,30 @@ centralledger-handler-transfer-fulfil: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: true config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-handler-fulfil - config: - ## Forensic Logging sidecar - # this is for Forensic Logging Sidecar forensicloggingsidecar_disabled: true forensicloggingsidecar_host: forensicloggingsidecar-ledger forensicloggingsidecar_port: 5678 - - ## Error handling Configuration error_handling: include_cause_extension: false truncate_extensions: true - - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql' + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -2232,57 +1031,33 @@ centralledger-handler-transfer-fulfil: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false - - ## Hub Configuration + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false hub_participant: id: 1 name: Hub - - ## MongoDB Configuration for Object Store objstore_disabled: true - mongo_host: 'cep-mongodb' + mongo_host: cep-mongodb mongo_port: 27017 mongo_user: mojaloop - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - mongo_password: '' - ### Configure this if you want to use a secret. Note, this will override the secret, - ### Use the next line if you do wish to use the secret value instead. - # mongo_secret: - ### Example config for an existing secret - # mongo_secret: - # name: cep-mongodb - # key: mongodb-passwords + mongo_password: "" mongo_database: mlos - - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 - kafka_partitioner: 'murmur2_random' - - ## Node Configuration - log_level: 'info' - log_filter: 'error, warn, info' - log_transport: file - - ## Tracing Configuration + kafka_partitioner: murmur2_random + log_level: info + log_filter: error, warn, info + log_transport: console event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## Cache configuration cache_enabled: false cache_max_byte_size: 10000000 cache_expires_in_ms: 1000 - - ## Proxy cache configuration proxy_cache: enabled: false type: redis-cluster @@ -2290,17 +1065,6 @@ centralledger-handler-transfer-fulfil: cluster: - host: proxy-cache-redis port: 6379 - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] initContainers: | - name: wait-for-kafka image: solsson/kafka:2.8.1 @@ -2321,250 +1085,79 @@ centralledger-handler-transfer-fulfil: value: '{{ .Values.config.kafka_host }}' - name: KAFKA_PORT value: '{{ .Values.config.kafka_port }}' - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' - + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} + podLabels: {} + podAnnotations: {} service: internalPort: 3001 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-ledger-transfer-fulfil.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} - + usePdb: false centralledger-handler-timeout: - # Default values for central-ledger. - # This is a YAML-formatted file. - - # Declare variables to be passed into your templates. enabled: true - image: registry: docker.io repository: mojaloop/central-ledger tag: v19.8.3 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "handler", "--timeout"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - src/handlers/index.js - handler - - '--timeout' - - ## @param diagnosticMode.debug config to override all debug information - ## + - --timeout debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context - ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser - ## containerSecurityContext: enabled: true runAsUser: 1001 - + readOnlyRootFilesystem: true sidecar: enabled: true image: @@ -2589,51 +1182,30 @@ centralledger-handler-timeout: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: false config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-handler-timeout - config: - ## Forensic Logging sidecar - # this is for Forensic Logging Sidecar forensicloggingsidecar_disabled: true forensicloggingsidecar_host: forensicloggingsidecar-ledger forensicloggingsidecar_port: 5678 - - ## Error handling Configuration error_handling: include_cause_extension: false truncate_extensions: true - - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql' + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -2644,62 +1216,36 @@ centralledger-handler-timeout: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false - - ## Hub Configuration + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false hub_participant: id: 1 name: Hub - - ## Timeout Configuration timeout: - expiration: '*/15 * * * * *' + expiration: "*/15 * * * * *" timezone: UTC - - ## MongoDB Configuration for Object Store objstore_disabled: true - mongo_host: 'cep-mongodb' + mongo_host: cep-mongodb mongo_port: 27017 mongo_user: mojaloop - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - mongo_password: '' - ### Configure this if you want to use a secret. Note, this will override the secret, - ### Use the next line if you do wish to use the secret value instead. - # mongo_secret: - ### Example config for an existing secret - # mongo_secret: - # name: cep-mongodb - # key: mongodb-passwords + mongo_password: "" mongo_database: mlos - - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 - kafka_partitioner: 'murmur2_random' - - ## Log Configuration + kafka_partitioner: murmur2_random log_level: info - log_filter: 'error, warn, info' - log_transport: file - - ## Tracing Configuration + log_filter: error, warn, info + log_transport: console event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## Cache configuration cache_enabled: false cache_max_byte_size: 10000000 cache_expires_in_ms: 1000 - - ## Proxy cache configuration proxy_cache: enabled: false type: redis-cluster @@ -2707,17 +1253,19 @@ centralledger-handler-timeout: cluster: - host: proxy-cache-redis port: 6379 - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] + distLockConfig: + enabled: false + lockTimeout: 10000 + acquireTimeout: 5000 + driftFactor: 0.01 + retryCount: 3 + retryDelay: 200 + retryJitter: 100 + redisConfigs: + - type: redis-cluster + cluster: + - host: proxy-cache-redis + port: 6379 initContainers: | - name: wait-for-kafka image: solsson/kafka:2.8.1 @@ -2738,250 +1286,82 @@ centralledger-handler-timeout: value: '{{ .Values.config.kafka_host }}' - name: KAFKA_PORT value: '{{ .Values.config.kafka_port }}' - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' - + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} + podLabels: {} + podAnnotations: {} service: internalPort: 3001 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-ledger-timeout.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} - centralledger-handler-admin-transfer: - # Default values for central-ledger. - # This is a YAML-formatted file. - - # Declare variables to be passed into your templates. enabled: true - image: registry: docker.io repository: mojaloop/central-ledger tag: v19.8.3 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "handler", "--admin"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## + rollingUpdate: + override: true + maxUnavailable: 20% + maxSurge: 20% diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - src/handlers/index.js - handler - - '--admin' - - ## @param diagnosticMode.debug config to override all debug information - ## + - --admin debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context - ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser - ## containerSecurityContext: enabled: true runAsUser: 1001 - + readOnlyRootFilesystem: true sidecar: enabled: false image: @@ -3006,51 +1386,30 @@ centralledger-handler-admin-transfer: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: false config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-handler-admin-transfer - config: - ## Forensic Logging sidecar - # this is for Forensic Logging Sidecar forensicloggingsidecar_disabled: true forensicloggingsidecar_host: forensicloggingsidecar-ledger forensicloggingsidecar_port: 5678 - - ## Error handling Configuration error_handling: include_cause_extension: false truncate_extensions: true - - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql' + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -3061,57 +1420,33 @@ centralledger-handler-admin-transfer: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false - - ## Hub Configuration + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false hub_participant: id: 1 name: Hub - - ## MongoDB Configuration for Object Store objstore_disabled: true - mongo_host: 'cep-mongodb' + mongo_host: cep-mongodb mongo_port: 27017 mongo_user: mojaloop - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - mongo_password: '' - ### Configure this if you want to use a secret. Note, this will override the secret, - ### Use the next line if you do wish to use the secret value instead. - # mongo_secret: - ### Example config for an existing secret - # mongo_secret: - # name: cep-mongodb - # key: mongodb-passwords + mongo_password: "" mongo_database: mlos - - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 - kafka_partitioner: 'murmur2_random' - - ## Log Configuration + kafka_partitioner: murmur2_random log_level: info - log_filter: 'error, warn, info' - log_transport: file - - ## Tracing Configuration + log_filter: error, warn, info + log_transport: console event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## Cache configuration cache_enabled: false cache_max_byte_size: 10000000 cache_expires_in_ms: 1000 - - ## Proxy cache configuration proxy_cache: enabled: false type: redis-cluster @@ -3119,17 +1454,6 @@ centralledger-handler-admin-transfer: cluster: - host: proxy-cache-redis port: 6379 - - ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - # initContainers: [] initContainers: | - name: wait-for-kafka image: solsson/kafka:2.8.1 @@ -3150,149 +1474,35 @@ centralledger-handler-admin-transfer: value: '{{ .Values.config.kafka_host }}' - name: KAFKA_PORT value: '{{ .Values.config.kafka_port }}' - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' - + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} + podLabels: {} + podAnnotations: {} service: internalPort: 3001 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-ledger-transfer-prepare.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} + usePdb: false diff --git a/centralsettlement/values.yaml b/centralsettlement/values.yaml index cb2d0b119..4290aa122 100644 --- a/centralsettlement/values.yaml +++ b/centralsettlement/values.yaml @@ -1,91 +1,45 @@ -# Default values for central-settlement. -# This is a YAML-formatted file. - -# Declare global configurations global: {} - centralsettlement-service: enabled: true - image: registry: docker.io repository: mojaloop/central-settlement tag: v17.2.2 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 - command: '["node", "src/api/index.js"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## + command: '["node", "src/handlers/index.js", "h", "--grossSettlement"]' diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - - src/api/index.js - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - - ## @param diagnosticMode.debug config to override all debug information - ## + - src/handlers/index.js + - h + - --grossSettlement debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /v2/health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /v2/health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - + containerSecurityContext: + enabled: true + runAsUser: 1001 + readOnlyRootFilesystem: true sidecar: enabled: false image: @@ -110,26 +64,21 @@ centralsettlement-service: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: false config: timeout: 5000 prefix: moja_ defaultLabels: - serviceName: central-settlement-service - + serviceName: central-handler-position config: - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 + kafka_partitioner: murmur2_random kafka: consumer: notification: @@ -140,7 +89,7 @@ centralsettlement-service: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -153,7 +102,7 @@ centralsettlement-service: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -167,7 +116,7 @@ centralsettlement-service: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -178,10 +127,10 @@ centralsettlement-service: event: config: options: - messageCharset: 'utf8' + messageCharset: utf8 rdkafkaConf: event_cb: true - compression_codec: 'none' + compression_codec: none retry_backoff_ms: 100 message_send_max_retries: 2 socket_keepalive_enable: true @@ -189,41 +138,29 @@ centralsettlement-service: dr_cb: false socket_blocking_max_ms: 1 queue_buffering_max_ms: 1 - broker_version_fallback: '0.10.1.0' + broker_version_fallback: 0.10.1.0 api_version_request: true topicConf: - request_required_acks: 'all' - partitioner: 'murmur2_random' + request_required_acks: all + partitioner: murmur2_random deferredsettlement: close: config: options: - messageCharset: 'utf8' + messageCharset: utf8 rdkafkaConf: event_cb: true dr_cb: true socket_keepalive_enable: true topicConf: - request_required_acks: "all" - partitioner: 'murmur2_random' - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql2' + request_required_acks: all + partitioner: murmur2_random + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -235,251 +172,120 @@ centralsettlement-service: db_create_retry_interval_millis: 200 db_debug: false db_additional_connection_options: {} - - ## SSL Configuration db_ssl_enabled: false db_ssl_verify: false - ### Configure this if you want to pass a CA certificate of the server. - # db_ssl_ca_secret: - # name: mysql-tls-client-creds - # key: cacert.pem - - # Api Handler Configuration handlers: - disabled: true + disabled: false api: disabled: false - # Settlement Window aggregation Configuration + settings: + scripts_folder: scripts/grosssettlementTemp window_aggregation: retry_count: 3 retry_interval: 3000 hub_participant: id: 1 name: Hub - - ## Log config log_level: info log_transport: console - - ## Tracing Configuration event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## Error Handling error_handling: include_cause_extension: false truncate_extensions: true - - ## @param initContainers - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## The initContainers configuration comes from the corresponding sub chart. - ## If you want to add additional initContainers, you can do so by copying the existing configuration from the subchart and add new items in the array. - # initContainers: [] - + rules: {} + initContainers: | + - name: wait-for-kafka + image: solsson/kafka:2.8.1 + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT}; + do + echo --------------------; + echo Waiting for Kafka...; + sleep 2; + done; + echo ====================; + echo Kafka ok!; + env: + - name: KAFKA_HOST + value: '{{ .Values.config.kafka_host }}' + - name: KAFKA_PORT + value: '{{ .Values.config.kafka_port }}' + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} + podLabels: {} + podAnnotations: {} service: internalPort: 3007 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: null - https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## - hostname: central-settlement-service.local - ## @param servicePort : port for the service - ## + hostname: central-settlement-grosssettlement.local servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} - centralsettlement-handler-deferredsettlement: enabled: true - image: registry: docker.io repository: mojaloop/central-settlement tag: v17.2.2 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "h", "--deferredSettlement"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - src/handlers/index.js - h - - "--deferredSettlement" - ## @param diagnosticMode.args Args to override all containers in the deployment - ## + - --deferredSettlement args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - - ## @param diagnosticMode.debug config to override all debug information - ## debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /v2/health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /v2/health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - sidecar: enabled: false image: @@ -504,24 +310,18 @@ centralsettlement-handler-deferredsettlement: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: false config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-settlement-handler-deferredsettlement - config: - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 kafka: @@ -534,7 +334,7 @@ centralsettlement-handler-deferredsettlement: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -547,7 +347,7 @@ centralsettlement-handler-deferredsettlement: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -561,7 +361,7 @@ centralsettlement-handler-deferredsettlement: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -572,10 +372,10 @@ centralsettlement-handler-deferredsettlement: event: config: options: - messageCharset: 'utf8' + messageCharset: utf8 rdkafkaConf: event_cb: true - compression_codec: 'none' + compression_codec: none retry_backoff_ms: 100 message_send_max_retries: 2 socket_keepalive_enable: true @@ -583,41 +383,29 @@ centralsettlement-handler-deferredsettlement: dr_cb: false socket_blocking_max_ms: 1 queue_buffering_max_ms: 1 - broker_version_fallback: '0.10.1.0' + broker_version_fallback: 0.10.1.0 api_version_request: true topicConf: - request_required_acks: 'all' - partitioner: 'murmur2_random' + request_required_acks: all + partitioner: murmur2_random deferredsettlement: close: config: options: - messageCharset: 'utf8' + messageCharset: utf8 rdkafkaConf: event_cb: true dr_cb: true socket_keepalive_enable: true topicConf: - request_required_acks: "all" - partitioner: 'murmur2_random' - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql2' + request_required_acks: all + partitioner: murmur2_random + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -629,253 +417,98 @@ centralsettlement-handler-deferredsettlement: db_create_retry_interval_millis: 200 db_debug: false db_additional_connection_options: {} - - ## SSL Configuration db_ssl_enabled: false db_ssl_verify: false - ### Configure this if you want to pass a CA certificate of the server. - # db_ssl_ca_secret: - # name: mysql-tls-client-creds - # key: cacert.pem - - # Api Handler Configuration handlers: disabled: false api: disabled: false - # Settlement Window aggregation Configuration window_aggregation: retry_count: 3 retry_interval: 3000 hub_participant: id: 1 name: Hub - - ## Log config log_level: info log_transport: console - - ## Tracing Configuration event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## Error Handling error_handling: include_cause_extension: false truncate_extensions: true - - ## @param initContainers - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## The initContainers configuration comes from the corresponding sub chart. - ## If you want to add additional initContainers, you can do so by copying the existing configuration from the subchart and add new items in the array. - # initContainers: [] - service: internalPort: 3007 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## nodePorts: http: null https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: false - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-settlement-deferredsettlement.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} - centralsettlement-handler-grosssettlement: - ## Enable this handler if you wish to support Continuous Gross Settlement (CGS) and rule processing. - ## Note: Ensure that you have configured the appropriated settlementModels (refer to the associated tagged release on https://github.com/mojaloop/postman for an example). See below more information on how to configure rule processing for Interchange Fees. enabled: false - image: registry: docker.io repository: mojaloop/central-settlement tag: v17.2.2 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "h", "--grossSettlement"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - src/handlers/index.js - h - - "--grossSettlement" - ## @param diagnosticMode.args Args to override all containers in the deployment - ## + - --grossSettlement args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - - ## @param diagnosticMode.debug config to override all debug information - ## debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /v2/health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /v2/health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - sidecar: enabled: false image: @@ -900,24 +533,18 @@ centralsettlement-handler-grosssettlement: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: false config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-settlement-handler-grosssettlement - config: - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 kafka: @@ -930,7 +557,7 @@ centralsettlement-handler-grosssettlement: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -943,7 +570,7 @@ centralsettlement-handler-grosssettlement: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -957,7 +584,7 @@ centralsettlement-handler-grosssettlement: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -968,10 +595,10 @@ centralsettlement-handler-grosssettlement: event: config: options: - messageCharset: 'utf8' + messageCharset: utf8 rdkafkaConf: event_cb: true - compression_codec: 'none' + compression_codec: none retry_backoff_ms: 100 message_send_max_retries: 2 socket_keepalive_enable: true @@ -979,41 +606,29 @@ centralsettlement-handler-grosssettlement: dr_cb: false socket_blocking_max_ms: 1 queue_buffering_max_ms: 1 - broker_version_fallback: '0.10.1.0' + broker_version_fallback: 0.10.1.0 api_version_request: true topicConf: - request_required_acks: 'all' - partitioner: 'murmur2_random' + request_required_acks: all + partitioner: murmur2_random deferredsettlement: close: config: options: - messageCharset: 'utf8' + messageCharset: utf8 rdkafkaConf: event_cb: true dr_cb: true socket_keepalive_enable: true topicConf: - request_required_acks: "all" - partitioner: 'murmur2_random' - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql2' + request_required_acks: all + partitioner: murmur2_random + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -1025,252 +640,98 @@ centralsettlement-handler-grosssettlement: db_create_retry_interval_millis: 200 db_debug: false db_additional_connection_options: {} - - ## SSL Configuration db_ssl_enabled: false db_ssl_verify: false - ### Configure this if you want to pass a CA certificate of the server. - # db_ssl_ca_secret: - # name: mysql-tls-client-creds - # key: cacert.pem - - # Api Handler Configuration handlers: disabled: false api: disabled: false - # Settlement Window aggregation Configuration window_aggregation: retry_count: 3 retry_interval: 3000 hub_participant: id: 1 name: Hub - - ## Log config log_level: info log_transport: console - - ## Tracing Configuration event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - error_handling: include_cause_extension: false truncate_extensions: true - - ## @param initContainers - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## The initContainers configuration comes from the corresponding sub chart. - ## If you want to add additional initContainers, you can do so by copying the existing configuration from the subchart and add new items in the array. - # initContainers: [] - service: internalPort: 3007 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## nodePorts: http: null https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: false - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-settlement-grosssettlement.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} - centralsettlement-handler-rules: - ## Enable this handler if you wish to support Continuous Gross Settlement (CGS) and rule processing. - ## Note: Ensure that you have configured the appropriated settlementModels (refer to the associated tagged release on https://github.com/mojaloop/postman for an example). See below more information on how to configure rule processing for Interchange Fees. enabled: false - image: registry: docker.io repository: mojaloop/central-settlement tag: v17.2.2 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "h", "--rules"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - src/handlers/index.js - h - - "--rules" - ## @param diagnosticMode.args Args to override all containers in the deployment - ## + - --rules args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - - ## @param diagnosticMode.debug config to override all debug information - ## debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /v2/health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /v2/health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - sidecar: enabled: false image: @@ -1295,24 +756,18 @@ centralsettlement-handler-rules: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: false config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: central-settlement-handler-rules - config: - ## Kafka Configuration - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. kafka_host: kafka kafka_port: 9092 kafka: @@ -1325,7 +780,7 @@ centralsettlement-handler-rules: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -1338,7 +793,7 @@ centralsettlement-handler-rules: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -1352,7 +807,7 @@ centralsettlement-handler-rules: batchSize: 1 pollFrequency: 10 recursiveTimeout: 100 - messageCharset: 'utf8' + messageCharset: utf8 messageAsJSON: true sync: true consumeTimeout: 1000 @@ -1363,10 +818,10 @@ centralsettlement-handler-rules: event: config: options: - messageCharset: 'utf8' + messageCharset: utf8 rdkafkaConf: event_cb: true - compression_codec: 'none' + compression_codec: none retry_backoff_ms: 100 message_send_max_retries: 2 socket_keepalive_enable: true @@ -1374,41 +829,29 @@ centralsettlement-handler-rules: dr_cb: false socket_blocking_max_ms: 1 queue_buffering_max_ms: 1 - broker_version_fallback: '0.10.1.0' + broker_version_fallback: 0.10.1.0 api_version_request: true topicConf: - request_required_acks: 'all' - partitioner: 'murmur2_random' + request_required_acks: all + partitioner: murmur2_random deferredsettlement: close: config: options: - messageCharset: 'utf8' + messageCharset: utf8 rdkafkaConf: event_cb: true dr_cb: true socket_keepalive_enable: true topicConf: - request_required_acks: "all" - partitioner: 'murmur2_random' - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql2' + request_required_acks: all + partitioner: murmur2_random + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - # db_secret: - # name: mysqldb - # key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -1420,83 +863,30 @@ centralsettlement-handler-rules: db_create_retry_interval_millis: 200 db_debug: false db_additional_connection_options: {} - - ## SSL Configuration db_ssl_enabled: false db_ssl_verify: false - ### Configure this if you want to pass a CA certificate of the server. - # db_ssl_ca_secret: - # name: mysql-tls-client-creds - # key: cacert.pem - - # Api Handler Configuration handlers: disabled: false api: disabled: false - # Settlement Window aggregation Configuration window_aggregation: retry_count: 3 retry_interval: 3000 hub_participant: id: 1 name: Hub - - ## Log config log_level: info log_transport: console - - ## Tracing Configuration event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - - ## Error Handling error_handling: include_cause_extension: false truncate_extensions: true - rules: - ## The rules object defines rules files represented as key-value pairs. These rules will be executed per commited transfer. - ## Expected key-value format for the rules object: - ## nameOfFile.js: fileContents - ## See below example of interchange fee rule. - - ## Default Empty Script - This is required as the rule engine requires a rule-file to function properly. - ## Note: Uncomment this and comment-out the interchangeFeeCalculation.js below is you wish to enable CGS processing but do not want Interchange Fee processing. - # defaultEmptyScript.js: | - # // ******************************************************** - # // Name: Default Empty Rule - # // Type: notification - # // Action: commit - # // Status: success - # // Start: 2020-06-01T00:00:00.000Z - # // End: 2100-12-31T23:59:59.999Z - # // Description: This is empty rules script - # // ******************************************************** - ## Globals: - # // payload: The contents of the message from the Kafka topic. - # // transfer: The transfer object. - # // # Functions: - ## Data retrieval functions: - # // getTransfer(transferId): Retrieves a mojaloop transfer from the central-ledger API. - ## Helper functions: - # // getExtensionValue(list, key): Gets a value from an extension list - # // log(message): allows the script to log to standard out for debugging purposes - # // Math functions: - # // multiply(number1, number2, decimalPlaces): Uses ml-number to handle multiplication of money values - # // Ledger functions: - # // addLedgerEntry: Adds a debit and credit ledger entry to the specified account to the specified DFSPs - # log('Running - DEFAULT EMPTY RULES SCRIPT') - - ## Interchange Fee Calculation Script - Ensure that a settlementModel (refer to the associated tagged release on https://github.com/mojaloop/postman for an example) is created for the ledgerAccounType "INTERCHANGE_FEE". - ## Note: Uncomment this is you wish to enable CGS processing but also want Interchange Fee processing. interchangeFeeCalculation.js: | /* eslint-disable no-undef */ // ******************************************************** @@ -1550,122 +940,35 @@ centralsettlement-handler-rules: payerFspId, payeeFspId) } - - ## @param initContainers - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## The initContainers configuration comes from the corresponding sub chart. - ## If you want to add additional initContainers, you can do so by copying the existing configuration from the subchart and add new items in the array. - # initContainers: [] - service: internalPort: 3007 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port - ## httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## nodePorts: http: null https: null - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} - ingress: enabled: false - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: central-settlement-rules.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + className: nginx resources: {} diff --git a/quoting-service/values.yaml b/quoting-service/values.yaml index 75b47160e..e0d4b5ffa 100644 --- a/quoting-service/values.yaml +++ b/quoting-service/values.yaml @@ -1,103 +1,43 @@ -# Default values for quoting-service. -# This is a YAML-formatted file. - -# Declare global configurations global: {} - -quoting-service: # API +quoting-service: enabled: true - # Default values for ml-api-adapter. - # This is a YAML-formatted file. - # Declare variables to be passed into your templates. - image: registry: docker.io repository: mojaloop/quoting-service tag: v17.12.1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/index.js"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - src/index.js - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - - ## @param diagnosticMode.debug config to override all debug information - ## debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context - ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser - ## containerSecurityContext: enabled: true runAsUser: 1001 - + readOnlyRootFilesystem: true sidecar: enabled: true image: @@ -122,25 +62,19 @@ quoting-service: # API config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: true config: timeout: 5000 prefix: moja_ defaultLabels: - serviceName: quoting-service - + serviceName: quoting-service-api config: - ## fspiop | iso20022 api_type: fspiop - ## kafka | redis | "" original_payload_storage: "" payload_cache: enabled: false @@ -152,26 +86,29 @@ quoting-service: # API hub_participant: id: 1 name: Hub - # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept), - # and for generating requests/callbacks from the Switch itself (DEFAULT value) - protocol_versions: {"CONTENT": {"DEFAULT": "2.0", "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]}, "ACCEPT": {"DEFAULT": "2", "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]}} - - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql' + protocol_versions: + CONTENT: + DEFAULT: "2.0" + VALIDATELIST: + - "1" + - "1.0" + - "1.1" + - "2" + - "2.0" + ACCEPT: + DEFAULT: "2" + VALIDATELIST: + - "1" + - "1.0" + - "1.1" + - "2" + - "2.0" + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - db_secret: - name: mysqldb - key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -182,56 +119,31 @@ quoting-service: # API db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false simple_routing_mode_enabled: true log_level: info - log_transport: file - - ## Kafka Configuration (used for sidecar) - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. + log_transport: console kafka_host: kafka kafka_port: 9092 - kafka_partitioner: 'murmur2_random' - - kafka_producer_quote_post_topic: 'topic-quotes-post' - - ## Tracing Configuration + kafka_partitioner: murmur2_random + kafka_producer_quote_post_topic: topic-quotes-post event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - endpointSecurity: jwsSign: false jwsSigningKey: null - # To generate this key: - # Private: - # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key - # Public: - # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub - # Should look like: - # -----BEGIN RSA PRIVATE KEY----- - # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R - # .. - # .. - # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4 - # -----END RSA PRIVATE KEY----- error_handling: include_cause_extension: false truncate_extensions: true - cache: enum_data_expires_in_ms: 4170000 - # Setting this any higher will most likely cause GP tests to fail - # Best to only set this higher if you are not running GP tests - # Not specifying or setting to 0 will default the cache to 60 seconds participant_data_expires_in_ms: 10 - - ## Proxy cache configuration proxy_cache: enabled: false type: redis-cluster @@ -239,10 +151,7 @@ quoting-service: # API cluster: - host: proxy-cache-redis port: 6379 - rules: [] - - # think, iof we need this initContainer for quoting-service API initContainers: | - name: wait-for-kafka image: solsson/kafka:2.8.1 @@ -252,9 +161,9 @@ quoting-service: # API - -c - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT}; do - echo --------------------; - echo Waiting for Kafka...; - sleep 2; + echo --------------------; + echo Waiting for Kafka...; + sleep 2; done; echo ====================; echo Kafka ok!; @@ -263,211 +172,79 @@ quoting-service: # API value: '{{ .Values.config.kafka_host }}' - name: KAFKA_PORT value: '{{ .Values.config.kafka_port }}' - - ## @param master.podLabels Extra labels for pod(s) - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## podLabels: {} - - ## @param podAnnotations Additional custom annotations for pod(s) - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## podAnnotations: {} - service: internalPort: 3002 - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## type: ClusterIP - ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port - ## port: 80 - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## clusterIP: null - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## loadBalancerIP: null - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## sessionAffinityConfig: {} ingress: enabled: true - ## @param ingress.pathType Ingress path type - ## pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## apiVersion: null - ## @param ingress.hostname Default host for the ingress record - ## hostname: quoting-service.local - ## @param servicePort : port for the service - ## servicePort: 80 - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## annotations: null - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: transfer-api-svc.local - ## path: / - ## extraHosts: null extraPaths: null extraTls: null secrets: null - className: "nginx" - ## + className: nginx resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi quoting-service-handler: enabled: true - # Default values for ml-api-adapter. - # This is a YAML-formatted file. - # Declare variables to be passed into your templates. - image: registry: docker.io repository: mojaloop/quoting-service tag: v17.12.1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## pullSecrets: [] - replicaCount: 1 command: '["node", "src/handlers/index.js", "handler", "--quotes", "--bulk_quotes", "--fx_quotes"]' - - # Mount configuration files in the app folder for overriding defaults - # configOverride: - # # event sdk settings override - # .EVENT_SDKrc: - # AUDIT: kafka - - # # logging settings override - # .CSLrc: - # LOG_FILTER: "" - - ## Enable diagnostic mode in the deployment - ## + rollingUpdate: + override: true + maxUnavailable: 20% + maxSurge: 20% diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## command: - node - src/handlers/index.js h --quotes --bulk_quotes --fx_quotes - ## @param diagnosticMode.args Args to override all containers in the deployment - ## args: - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} - - ## @param diagnosticMode.debug config to override all debug information - ## debug: internalPort: 9229 port: 9229 - readinessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - livenessProbe: enabled: true httpGet: path: /health initialDelaySeconds: 60 periodSeconds: 15 - - ## Pod scheduling preferences. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} - - ## Set toleration for scheduler - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] - - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context - ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser - ## containerSecurityContext: enabled: true runAsUser: 1001 - + readOnlyRootFilesystem: true sidecar: enabled: true image: @@ -492,22 +269,19 @@ quoting-service-handler: config: event_log_grpc_host: localhost event_log_grpc_port: 50051 - event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_filter: audit:*, log:info, log:warn, log:error event_log_metadata_only: true log_level: info - log_filter: 'error, warn, info' - - ## metric configuration for prometheus instrumentation + log_filter: error, warn, info metrics: - ## flag to enable/disable the metrics end-points enabled: true config: timeout: 5000 prefix: moja_ defaultLabels: serviceName: quoting-service-handler - config: + original_payload_storage: "" payload_cache: enabled: false type: redis-cluster @@ -518,28 +292,29 @@ quoting-service-handler: hub_participant: id: 1 name: Hub - # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept), - # and for generating requests/callbacks from the Switch itself (DEFAULT value) - protocol_versions: {"CONTENT": {"DEFAULT": "2.0", "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]}, "ACCEPT": {"DEFAULT": "2", "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]}} - - ## DB Configuration - # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled - db_type: 'mysql' - # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. - db_driver: 'mysql' + protocol_versions: + CONTENT: + DEFAULT: "2.0" + VALIDATELIST: + - "1" + - "1.0" + - "1.1" + - "2" + - "2.0" + ACCEPT: + DEFAULT: "2" + VALIDATELIST: + - "1" + - "1.0" + - "1.1" + - "2" + - "2.0" + db_type: mysql + db_driver: mysql2 db_host: mysqldb db_port: 3306 db_user: central_ledger - ## Secret-Management - ### Set this if you are using a clear password configured in the config section - db_password: '' - ### Configure this if you want to use a secret. Note, this will override the db_password, - ### Use the next line if you do wish to use the db_password value instead. - # db_secret: - ### Example config for an existing secret - db_secret: - name: mysqldb - key: mysql-password + db_password: "" db_database: central_ledger db_connection_pool_min: 10 db_connection_pool_max: 30 @@ -550,64 +325,40 @@ quoting-service-handler: db_reap_interval_millis: 1000 db_create_retry_interval_millis: 200 db_debug: false + db_additional_connection_options: {} + db_ssl_enabled: false + db_ssl_verify: false simple_routing_mode_enabled: true log_level: info - log_transport: file - - ## Kafka Configuration (used for sidecar) - # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. + log_transport: console kafka_host: kafka kafka_port: 9092 - - ## Proxy cache configuration - proxy_cache: - enabled: false - type: redis-cluster - proxyConfig: - cluster: - - host: proxy-cache-redis - port: 6379 - - ## Tracing Configuration event_trace_vendor: mojaloop - event_log_filter: 'audit:*, log:warn, log:error' - # If set to true, only the metadata object from the event will be printed. + event_log_filter: audit:*, log:warn, log:error event_log_metadata_only: false - # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve - # Any combination of: `log,audit,trace` - event_async_override: 'log,trace' + event_async_override: log,trace event_trace_state_enabled: true event_traceid_per_vendor: false - endpointSecurity: jwsSign: false jwsSigningKey: null - # To generate this key: - # Private: - # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key - # Public: - # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub - # Should look like: - # -----BEGIN RSA PRIVATE KEY----- - # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R - # .. - # .. - # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4 - # -----END RSA PRIVATE KEY----- error_handling: include_cause_extension: false truncate_extensions: true - cache: enum_data_expires_in_ms: 4170000 - # Setting this any higher will most likely cause GP tests to fail - # Best to only set this higher if you are not running GP tests - # Not specifying or setting to 0 will default the cache to 60 seconds participant_data_expires_in_ms: 10 - + proxy_cache: + enabled: false + type: redis-cluster + proxyConfig: + cluster: + - host: proxy-cache-redis + port: 6379 + uv_threadpool_size: 20 rules: [] - initContainers: | + {{- include "mojaloop-common.waitForMysqlInitContainer" . | nindent 0 }} - name: wait-for-kafka image: solsson/kafka:2.8.1 imagePullPolicy: IfNotPresent @@ -627,64 +378,18 @@ quoting-service-handler: value: '{{ .Values.config.kafka_host }}' - name: KAFKA_PORT value: '{{ .Values.config.kafka_port }}' - - - name: wait-for-mysql - image: mysql:9.0.1 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - | - until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; - do - echo --------------------; - echo Waiting for MySQL...; - sleep 2; - done; - echo ====================; - echo MySQL ok!; - env: - - name: DB_HOST - value: '{{ .Values.config.db_host }}' - - name: DB_PORT - value: '{{ .Values.config.db_port }}' - - name: DB_USER - value: '{{ .Values.config.db_user }}' - - name: DB_PASSWORD - {{- if .Values.config.db_secret }} - valueFrom: - secretKeyRef: - name: '{{ .Values.config.db_secret.name }}' - key: '{{ .Values.config.db_secret.key }}' - {{- else }} - value: {{ .Values.config.db_password }} - {{- end }} - - name: DB_DATABASE - value: '{{ .Values.config.db_database }}' - - ## @param master.podLabels Extra labels for pod(s) - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## podLabels: {} - - ## @param podAnnotations Additional custom annotations for pod(s) - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## podAnnotations: {} - - # think, if we need "service" for consumer service: - type: ClusterIP - externalPort: 80 internalPort: 3003 + type: ClusterIP + port: 80 + clusterIP: null + loadBalancerIP: null + loadBalancerSourceRanges: [] + externalTrafficPolicy: Cluster + annotations: {} + sessionAffinity: None + sessionAffinityConfig: {} resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + usePdb: false