From 9191b2451e6cf17a473629a3c42d6b8383ee138c Mon Sep 17 00:00:00 2001
From: bodymindarts <justin@galoy.io>
Date: Mon, 16 Oct 2023 20:49:45 +0200
Subject: [PATCH] feat: add consent to galoy chart

---
 charts/galoy/templates/_helpers.tpl           |  8 +++
 .../galoy/templates/consent-deployment.yaml   | 52 +++++++++++++++++++
 charts/galoy/templates/consent-ingress.yaml   | 48 +++++++++++++++++
 charts/galoy/templates/consent-service.yaml   | 18 +++++++
 charts/galoy/values.yaml                      | 16 ++++++
 dev/.envrc                                    |  2 +
 6 files changed, 144 insertions(+)
 create mode 100644 charts/galoy/templates/consent-deployment.yaml
 create mode 100644 charts/galoy/templates/consent-ingress.yaml
 create mode 100644 charts/galoy/templates/consent-service.yaml

diff --git a/charts/galoy/templates/_helpers.tpl b/charts/galoy/templates/_helpers.tpl
index c3ce450a67..20defa2e8b 100644
--- a/charts/galoy/templates/_helpers.tpl
+++ b/charts/galoy/templates/_helpers.tpl
@@ -46,6 +46,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- default "trigger" .Values.galoy.trigger.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Create a default fully qualified consent name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "galoy.consent.fullname" -}}
+{{- default "consent" .Values.galoy.consent.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{/*
 CronJob name
 */}}
diff --git a/charts/galoy/templates/consent-deployment.yaml b/charts/galoy/templates/consent-deployment.yaml
new file mode 100644
index 0000000000..0d75509786
--- /dev/null
+++ b/charts/galoy/templates/consent-deployment.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "galoy.consent.fullname" . }}
+  labels:
+    app: {{ template "galoy.consent.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    app.kubernetes.io/managed-by: Helm
+
+    kube-monkey/enabled: enabled
+    kube-monkey/identifier: {{ template "galoy.trigger.fullname" . }}
+    kube-monkey/kill-mode: fixed
+    kube-monkey/kill-value: "1"
+    kube-monkey/mtbf: "8"
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "galoy.consent.fullname" . }}
+      release: {{ .Release.Name }}
+  replicas: {{ .Values.galoy.consent.replicas }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "galoy.consent.fullname" . }}
+        release: "{{ .Release.Name }}"
+        kube-monkey/enabled: enabled
+        kube-monkey/identifier: {{ template "galoy.trigger.fullname" . }}
+    spec:
+      serviceAccountName: {{ template "galoy.name" . }}
+      containers:
+      - name: consent
+        image: "{{ .Values.galoy.images.consent.repository }}@{{ .Values.galoy.images.consent.digest }}"
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        ports:
+        - name: http
+          containerPort: {{ .Values.galoy.consent.port }}
+          protocol: TCP
+        env:
+        - name: PORT
+          value: "{{ .Values.galoy.consent.port }}"
+        - name: GRAPHQL_PUBLIC_API
+          value: {{ .Values.galoy.consent.graphqlPublicApi }}
+        - name: CORE_AUTH_URL
+          value: {{ .Values.galoy.consent.coreAuthUrl }}
+        - name: OTEL_EXPORTER_OTLP_ENDPOINT
+          value: {{ .Values.tracing.otelExporterOtlpEndpoint }}
+        - name: TRACING_SERVICE_NAME
+          value: "{{ .Values.tracing.prefix }}-{{ template "galoy.consent.fullname" . }}"
+        - name: HYDRA_ADMIN_URL
+          value: {{ .Values.galoy.consent.hydraAdminUrl }}
diff --git a/charts/galoy/templates/consent-ingress.yaml b/charts/galoy/templates/consent-ingress.yaml
new file mode 100644
index 0000000000..d064ef56fb
--- /dev/null
+++ b/charts/galoy/templates/consent-ingress.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.galoy.consent.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ template "galoy.consent.fullname" . }}
+  labels:
+    app: {{ template "galoy.consent.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    cert-manager.io/cluster-issuer: {{ .Values.galoy.consent.ingress.clusterIssuer }}
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" # 1 hour
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" # 1 hour
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "1s"
+    nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout"
+    nginx.ingress.kubernetes.io/proxy-next-upstream-tries: "3"
+    nginx.ingress.kubernetes.io/limit-rpm: "10"
+    nginx.ingress.kubernetes.io/limit-burst-multiplier: "2"
+    nginx.ingress.kubernetes.io/limit-connections: "10"
+    {{- with .Values.galoy.consent.ingress.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  ingressClassName: nginx
+  tls:
+    {{- range .Values.galoy.consent.ingress.hosts }}
+    - hosts:
+      - {{ . }}
+      secretName: {{ printf "%s-tls" . }}
+    {{- end }}
+  rules:
+  {{- range .Values.galoy.consent.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          {{- if $.Values.galoy.consent.ingress.extraPaths }}
+          {{- toYaml $.Values.galoy.consent.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - pathType: ImplementationSpecific
+            path: /
+            backend:
+              service:
+                name: {{ template "galoy.consent.fullname" $ }}
+                port:
+                  number: {{ $.Values.galoy.consent.port }}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/galoy/templates/consent-service.yaml b/charts/galoy/templates/consent-service.yaml
new file mode 100644
index 0000000000..0c190114e1
--- /dev/null
+++ b/charts/galoy/templates/consent-service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "galoy.consent.fullname" . }}
+  labels:
+    app: {{ template "galoy.consent.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: {{ .Values.galoy.consent.serviceType }}
+  ports:
+    - port: {{ .Values.galoy.consent.port }}
+      targetPort: {{ .Values.galoy.consent.port }}
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ template "galoy.consent.fullname" . }}
diff --git a/charts/galoy/values.yaml b/charts/galoy/values.yaml
index 8e0b770ebc..7585059b35 100644
--- a/charts/galoy/values.yaml
+++ b/charts/galoy/values.yaml
@@ -61,6 +61,11 @@ galoy:
       ## Digest of the image
       ##
       digest: "sha256:aa16b25de59adef5b13b391394c9b637ce79c64e20ca36d0798968b5028a08d2"
+    consent:
+      repository: us.gcr.io/galoy-org/galoy-consent
+      ## Digest of the image
+      ##
+      digest: "sha256:f0a9190ad0b1f4accddc938c7ebd08ee7e9006011864d68cc1ad4aae6451ac46"
     ## Galoy Application MongoDB Migration Image details
     ##
     mongodbMigrate:
@@ -381,6 +386,17 @@ galoy:
         failureThreshold: 5
         successThreshold: 2
         timeoutSeconds: 1
+  consent:
+    resources: {}
+    port: 80
+    graphqlPublicApi: http://galoy-oathkeeper-proxy/graphql
+    coreAuthUrl: http://galoy-oathkeeper-proxy/auth
+    hydraAdminUrl: http://galoy-hydra-admin:4445
+    ingress:
+      enabled: false
+      hosts: [consent.staging.galoy.io]
+      clusterIssuer: letsencrypt-issuer
+      tlsSecretName: websocket-tls
   mongoBackupCron:
     resources: {}
   galoyCron:
diff --git a/dev/.envrc b/dev/.envrc
index e769ec85cb..4d3371af7a 100644
--- a/dev/.envrc
+++ b/dev/.envrc
@@ -1,2 +1,4 @@
+use flake ..
+
 export KUBE_CONFIG_PATH=~/.kube/config
 export KUBE_CTX=k3d-k3s-default