From f93539dafc7d2e94355f30bda92b6ac205489c8a Mon Sep 17 00:00:00 2001 From: Steven Oderayi Date: Thu, 22 Aug 2024 11:37:19 +0100 Subject: [PATCH] feat: add ALS timeout handler (#648) * feat: add ALS timeout handler * feat: enable timeout by default * add comments * add missing config * add missing file * add missing defaults * add missing defaults --------- Co-authored-by: Kalin Krustev --- account-lookup-service/Chart.yaml | 4 + .../chart-admin/configs/default.json | 1 + .../chart-admin/values.yaml | 11 +- .../chart-handler-timeout/Chart.yaml | 14 + .../configs/default-sidecar.json | 50 +++ .../configs/default.json | 81 ++++ .../chart-handler-timeout/configs/knexfile.js | 18 + .../chart-handler-timeout/templates/NOTES.txt | 19 + .../templates/_helpers.tpl | 41 ++ .../templates/config-override.yaml | 16 + .../templates/config.yaml | 28 ++ .../templates/deployment.yaml | 226 ++++++++++ .../templates/ingress.yaml | 61 +++ .../templates/secret-jws.yaml | 18 + .../templates/service.yaml | 56 +++ .../chart-handler-timeout/values.yaml | 416 ++++++++++++++++++ .../chart-service/configs/default.json | 1 + .../chart-service/values.yaml | 10 + account-lookup-service/values.yaml | 336 ++++++++++++++ mojaloop/values.yaml | 382 +++++++++++++++- 20 files changed, 1787 insertions(+), 2 deletions(-) create mode 100644 account-lookup-service/chart-handler-timeout/Chart.yaml create mode 100644 account-lookup-service/chart-handler-timeout/configs/default-sidecar.json create mode 100644 account-lookup-service/chart-handler-timeout/configs/default.json create mode 100644 account-lookup-service/chart-handler-timeout/configs/knexfile.js create mode 100644 account-lookup-service/chart-handler-timeout/templates/NOTES.txt create mode 100644 account-lookup-service/chart-handler-timeout/templates/_helpers.tpl create mode 100644 account-lookup-service/chart-handler-timeout/templates/config-override.yaml create mode 100644 account-lookup-service/chart-handler-timeout/templates/config.yaml create mode 100644 account-lookup-service/chart-handler-timeout/templates/deployment.yaml create mode 100644 account-lookup-service/chart-handler-timeout/templates/ingress.yaml create mode 100644 account-lookup-service/chart-handler-timeout/templates/secret-jws.yaml create mode 100644 account-lookup-service/chart-handler-timeout/templates/service.yaml create mode 100644 account-lookup-service/chart-handler-timeout/values.yaml diff --git a/account-lookup-service/Chart.yaml b/account-lookup-service/Chart.yaml index e7b12e456..87ae6bdda 100644 --- a/account-lookup-service/Chart.yaml +++ b/account-lookup-service/Chart.yaml @@ -17,6 +17,10 @@ dependencies: version: ">= 14.6.0" repository: "file://./chart-admin" condition: account-lookup-service-admin.enabled + - name: account-lookup-service-handler-timeout + version: ">= 1.0.0" + repository: "file://./chart-handler-timeout" + condition: account-lookup-service-handler-timeout.enabled - name: als-oracle-pathfinder version: ">= 13.3.0" repository: "file://../als-oracle-pathfinder" diff --git a/account-lookup-service/chart-admin/configs/default.json b/account-lookup-service/chart-admin/configs/default.json index 4699c021b..ea47cc3e3 100644 --- a/account-lookup-service/chart-admin/configs/default.json +++ b/account-lookup-service/chart-admin/configs/default.json @@ -47,6 +47,7 @@ "EXPIRES_IN_MS": {{ .Values.config.general_cache.expiresIn }} }, "PROXY_CACHE": {{ .Values.config.proxy_cache | toPrettyJson | nindent 2 }}, + "HANDLERS": {{ .Values.config.handlers | toPrettyJson | nindent 2 }}, "ERROR_HANDLING": { "includeCauseExtension": {{ .Values.config.error_handling.include_cause_extension }}, "truncateExtensions": {{ .Values.config.error_handling.truncate_extensions }} diff --git a/account-lookup-service/chart-admin/values.yaml b/account-lookup-service/chart-admin/values.yaml index 9580975ee..2e38fbe27 100644 --- a/account-lookup-service/chart-admin/values.yaml +++ b/account-lookup-service/chart-admin/values.yaml @@ -203,7 +203,6 @@ config: db_create_retry_interval_millis: 200 db_debug: false - display_routes: true run_migrations: false @@ -248,6 +247,16 @@ config: cluster: - host: proxy-cache-redis port: 6379 + + ## Handlers configuration + handlers: + DISABLED: true + MONITORING_PORT: 4003 + TIMEOUT: + DISABLED: true + TIMEXP: "*/30 * * * * *" + TIMEZONE: "UTC" + BATCH_SIZE: 100 ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ diff --git a/account-lookup-service/chart-handler-timeout/Chart.yaml b/account-lookup-service/chart-handler-timeout/Chart.yaml new file mode 100644 index 000000000..bac89a263 --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +version: 1.0.0 +appVersion: v15.4.0-snapshot.31 +description: A Helm chart for Kubernetes +name: account-lookup-service-handler-timeout +maintainers: + - name: Steven Oderayi + email: steven.oderayi@infitx.com +dependencies: + - name: common + repository: "https://mojaloop.github.io/charts/repo" + version: 3.0.0 + tags: + - moja-common diff --git a/account-lookup-service/chart-handler-timeout/configs/default-sidecar.json b/account-lookup-service/chart-handler-timeout/configs/default-sidecar.json new file mode 100644 index 000000000..e802c6e99 --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/configs/default-sidecar.json @@ -0,0 +1,50 @@ +{{- $kafkaHost := ( .Values.config.kafka_host | replace "$release_name" .Release.Name ) -}} +{ + "PORT": {{ .Values.sidecar.service.internalPort }}, + "EVENT_LOGGER_GRPC_HOST": "{{ .Values.sidecar.config.event_log_grpc_host }}", + "EVENT_LOGGER_GRPC_PORT": {{ .Values.sidecar.config.event_log_grpc_port }}, + "INSTRUMENTATION": { + "METRICS": { + "DISABLED": false, + "labels": { + "eventId": "*" + }, + "config": { + "timeout": 5000, + "prefix": "moja_", + "defaultLabels": { + "serviceName": "{{ template "account-lookup-service-handler-timeout.name" . }}-event-sidecar" + } + } + } + }, + "KAFKA": { + "TOPIC_TEMPLATES": { + "GENERAL_TOPIC_TEMPLATE": { + "TEMPLATE": "topic-{{"{{"}}functionality{{"}}"}}", + "REGEX": "topic-(.*)" + } + }, + "PRODUCER": { + "EVENT": { + "config": { + "options": { + "messageCharset": "utf8" + }, + "rdkafkaConf": { + "metadata.broker.list": "{{ $kafkaHost }}:{{ .Values.config.kafka_port }}", + "client.id": "es-prod-event", + "event_cb": true, + "dr_cb": true, + "socket.keepalive.enable": true, + "queue.buffering.max.messages": 10000000 + }, + "topicConf": { + "request.required.acks": "all", + "partitioner": "{{ .Values.config.kafka_partitioner }}" + } + } + } + } + } +} diff --git a/account-lookup-service/chart-handler-timeout/configs/default.json b/account-lookup-service/chart-handler-timeout/configs/default.json new file mode 100644 index 000000000..e132a42b2 --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/configs/default.json @@ -0,0 +1,81 @@ +{{- $centralServicesHost := ( .Values.config.central_services_host | replace "$release_name" .Release.Name ) -}} +{ + "HUB_PARTICIPANT": { + "ID": {{ .Values.config.hub_participant.id }}, + "NAME": {{ .Values.config.hub_participant.name | quote }} + }, + "ADMIN_PORT": 4001, + "API_PORT": {{ .Values.service.internalPort }}, + "PROTOCOL_VERSIONS": {{ .Values.config.protocol_versions | toPrettyJson }}, + "DATABASE": { + "DIALECT": "{{ .Values.config.db_driver }}", + "HOST": {{ .Values.config.db_host | quote }}, + "PORT": {{ .Values.config.db_port }}, + "USER": "{{ .Values.config.db_user }}", + "PASSWORD": "{{ .Values.config.db_password }}", + "DATABASE": "{{ .Values.config.db_database }}", + "POOL_MIN_SIZE": {{ .Values.config.db_connection_pool_min }}, + "POOL_MAX_SIZE": {{ .Values.config.db_connection_pool_max }}, + "ACQUIRE_TIMEOUT_MILLIS": {{ .Values.config.db_acquire_timeout_millis }}, + "CREATE_TIMEOUT_MILLIS": {{ .Values.config.db_create_timeout_millis }}, + "DESTROY_TIMEOUT_MILLIS": {{ .Values.config.db_destroy_timeout_millis }}, + "IDLE_TIMEOUT_MILLIS": {{ .Values.config.db_idle_timeout_millis }}, + "REAP_INTERVAL_MILLIS": {{ .Values.config.db_reap_interval_millis }}, + "CREATE_RETRY_INTERVAL_MILLIS": {{ .Values.config.db_create_retry_interval_millis }}, + "DEBUG": {{ .Values.config.db_debug }} + }, + "DISPLAY_ROUTES": {{ .Values.config.display_routes }}, + "RUN_MIGRATIONS": {{ .Values.config.run_migrations }}, + "PARTICIPANT_CACHE_CONFIG": { + "expiresIn": 10, + "generateTimeout": 30000, + "getDecoratedValue": true + }, + "CENTRAL_SHARED_ENDPOINT_CACHE_CONFIG": { + "expiresIn": {{ .Values.config.central_shared_end_point_cache.expiresIn }}, + "generateTimeout": {{ .Values.config.central_shared_end_point_cache.generateTimeout }}, + "getDecoratedValue": {{ .Values.config.central_shared_end_point_cache.getDecoratedValue }} + }, + "CENTRAL_SHARED_PARTICIPANT_CACHE_CONFIG": { + "expiresIn": {{ .Values.config.central_shared_participant_cache.expiresIn }}, + "generateTimeout": {{ .Values.config.central_shared_participant_cache.generateTimeout }}, + "getDecoratedValue": {{ .Values.config.central_shared_participant_cache.getDecoratedValue }} + }, + "GENERAL_CACHE_CONFIG": { + "CACHE_ENABLED": {{ .Values.config.general_cache.enabled }}, + "MAX_BYTE_SIZE": {{ .Values.config.general_cache.maxByteSize }}, + "EXPIRES_IN_MS": {{ .Values.config.general_cache.expiresIn }} + }, + "PROXY_CACHE": {{ .Values.config.proxy_cache | toPrettyJson | nindent 2 }}, + "HANDLERS": {{ .Values.config.handlers | toPrettyJson | nindent 2 }}, + "SWITCH_ENDPOINT": "http://{{ (default .Values.config.central_services_host $centralServicesHost) }}:{{ .Values.config.central_services_port }}", + "ERROR_HANDLING": { + "includeCauseExtension": {{ .Values.config.error_handling.include_cause_extension }}, + "truncateExtensions": {{ .Values.config.error_handling.truncate_extensions }} + }, + "INSTRUMENTATION": { + "METRICS": { + "DISABLED": {{ not .Values.metrics.enabled }}, + "labels": { + "fspId": "*" + }, + "config": { + "timeout": {{ .Values.metrics.config.timeout }}, + "prefix": {{ .Values.metrics.config.prefix | quote }}, + "defaultLabels": { + {{- range $key, $value := .Values.metrics.config.defaultLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + } + } + } + }, + "ENDPOINT_SECURITY": { + "JWS": { + "JWS_SIGN": {{ .Values.config.endpointSecurity.jwsSign }}, + "JWS_SIGNING_KEY_PATH": "secrets/jwsSigningKey.key" + } + }, + "API_DOCUMENTATION_ENDPOINTS": true, + "FEATURE_ENABLE_EXTENDED_PARTY_ID_TYPE": {{ .Values.config.featureEnableExtendedPartyIdType }} +} diff --git a/account-lookup-service/chart-handler-timeout/configs/knexfile.js b/account-lookup-service/chart-handler-timeout/configs/knexfile.js new file mode 100644 index 000000000..fd91336d5 --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/configs/knexfile.js @@ -0,0 +1,18 @@ +'use strict' +const migrationsDirectory = '/opt/app/migrations' +const seedsDirectory = '/opt/app/seeds' +const Config = require('/opt/app/src/lib/config') +module.exports = { + client: 'mysql', + version: '5.7', + connection: Config.DATABASE.connection, + pool: Config.DATABASE.pool, + migrations: { + directory: migrationsDirectory, + tableName: 'migration', + }, + seeds: { + directory: seedsDirectory, + loadExtensions: ['.js'] + } +} diff --git a/account-lookup-service/chart-handler-timeout/templates/NOTES.txt b/account-lookup-service/chart-handler-timeout/templates/NOTES.txt new file mode 100644 index 000000000..7e61af753 --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "account-lookup-service-handler-timeout.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "account-lookup-service-handler-timeout.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "account-lookup-service-handler-timeout.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "account-lookup-service-handler-timeout.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/account-lookup-service/chart-handler-timeout/templates/_helpers.tpl b/account-lookup-service/chart-handler-timeout/templates/_helpers.tpl new file mode 100644 index 000000000..31ac466fc --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/templates/_helpers.tpl @@ -0,0 +1,41 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "account-lookup-service-handler-timeout.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "account-lookup-service-handler-timeout.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "account-lookup-service-handler-timeout.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "account-lookup-service-handler-timeout.apiVersion.Deployment" -}} + {{- if .Capabilities.APIVersions.Has "apps/v1/Deployment" -}} + {{- print "apps/v1" -}} + {{- else -}} + {{- print "apps/v1beta2" -}} + {{- end -}} +{{- end -}} + diff --git a/account-lookup-service/chart-handler-timeout/templates/config-override.yaml b/account-lookup-service/chart-handler-timeout/templates/config-override.yaml new file mode 100644 index 000000000..b6e987ba1 --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/templates/config-override.yaml @@ -0,0 +1,16 @@ +{{- if .Values.configOverride }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-config-override + labels: + app.kubernetes.io/name: {{ include "account-lookup-service-handler-timeout.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +data: +{{- range $fileName, $fileContents := .Values.configOverride }} + {{ $fileName | replace "/" "-" }}: | {{ $fileContents | toPrettyJson | nindent 4 }} +{{- end }} +{{- end }} diff --git a/account-lookup-service/chart-handler-timeout/templates/config.yaml b/account-lookup-service/chart-handler-timeout/templates/config.yaml new file mode 100644 index 000000000..0dab4e36b --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/templates/config.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-config + labels: + app.kubernetes.io/name: {{ include "account-lookup-service-handler-timeout.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +data: + default.json: {{ (tpl (.Files.Get "configs/default.json") . ) | quote }} + knexfile.js: {{ (tpl (.Files.Get "configs/knexfile.js") . ) | quote }} +{{- if .Values.sidecar.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-sidecar + labels: + app.kubernetes.io/name: {{ include "account-lookup-service-handler-timeout.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +data: + default.json: {{ (tpl (.Files.Get "configs/default-sidecar.json") . ) | quote }} +{{- end }} \ No newline at end of file diff --git a/account-lookup-service/chart-handler-timeout/templates/deployment.yaml b/account-lookup-service/chart-handler-timeout/templates/deployment.yaml new file mode 100644 index 000000000..9bca1015c --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/templates/deployment.yaml @@ -0,0 +1,226 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "account-lookup-service-handler-timeout.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "account-lookup-service-handler-timeout.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + annotations: + # Common annotations + {{- if $.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "account-lookup-service-handler-timeout.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "account-lookup-service-handler-timeout.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + # Custom Pod Labels + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + checksum/secret-jws: {{ include (print $.Template.BasePath "/secret-jws.yaml") . | sha256sum }} + # Custom Pod annotations + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.enabled }} + prometheus.io/port: "{{ .Values.service.internalPort }}" + prometheus.io/scrape: "true" + {{- end }} + spec: + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) | nindent 6 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: ALS_DATABASE__PASSWORD + {{- if .Values.config.db_secret }} + valueFrom: + secretKeyRef: + name: '{{ .Values.config.db_secret.name }}' + key: '{{ .Values.config.db_secret.key }}' + {{- else }} + value: {{ .Values.config.db_password }} + {{- end }} + - name: LOG_LEVEL + value: {{ .Values.config.log_level }} + - name: CSL_LOG_TRANSPORT + value: {{ .Values.config.log_transport}} + - name: EVENT_SDK_LOG_FILTER + value: {{ .Values.config.event_log_filter | quote }} + - name: EVENT_SDK_LOG_METADATA_ONLY + value: {{ .Values.config.event_log_metadata_only | quote }} + {{- if .Values.sidecar.enabled }} + - name: EVENT_SDK_SIDECAR_DISABLED + value: "false" + - name: EVENT_SDK_SERVER_HOST + value: {{ .Values.sidecar.config.event_log_grpc_host | quote }} + - name: EVENT_SDK_SERVER_PORT + value: {{ .Values.sidecar.config.event_log_grpc_port | quote }} + {{- end }} + - name: EVENT_SDK_VENDOR_PREFIX + value: {{ .Values.config.event_trace_vendor | quote }} + - name: EVENT_SDK_TRACESTATE_HEADER_ENABLED + value: {{ .Values.config.event_trace_state_enabled | quote }} + - name: EVENT_SDK_ASYNC_OVERRIDE_EVENTS + value: {{ .Values.config.event_async_override | quote }} + - name: EVENT_SDK_TRACEID_PER_VENDOR + value: {{ .Values.config.event_traceid_per_vendor | quote }} + ports: + - name: http + containerPort: {{ .Values.service.internalPort }} + {{- if .Values.diagnosticMode.enabled }} + - name: debug + containerPort: {{ .Values.diagnosticMode.debug.internalPort }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.readinessProbe.httpGet.path }} + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.livenessProbe.httpGet.path }} + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 12 }} + volumeMounts: + - name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-config-volume + mountPath: /opt/app/config +{{- range $fileName, $fileContents := .Values.configOverride }} + - name: config-override-volume + mountPath: /opt/app/{{ $fileName }} + subPath: {{ $fileName | replace "/" "-" }} +{{- end }} + {{- if .Values.config.endpointSecurity.jwsSign }} + - name: jws-signing-key + mountPath: /opt/app/secrets + {{- end }} + {{- if .Values.sidecar.enabled }} + - name: {{ .Chart.Name }}-sidecar + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + imagePullPolicy: {{ .Values.sidecar.image.pullPolicy }} + {{- if .Values.sidecar.image.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.sidecar.image.imagePullSecrets | indent 10 }} + {{- end }} + command: {{ .Values.sidecar.image.command }} + ports: + - containerPort: {{ .Values.sidecar.service.internalPort }} + {{- if .Values.sidecar.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.sidecar.readinessProbe.httpGet.path }} + port: {{ .Values.sidecar.service.internalPort }} + initialDelaySeconds: {{ .Values.sidecar.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sidecar.readinessProbe.periodSeconds }} + {{- end }} + {{- if .Values.sidecar.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.sidecar.livenessProbe.httpGet.path }} + port: {{ .Values.sidecar.service.internalPort }} + initialDelaySeconds: {{ .Values.sidecar.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sidecar.livenessProbe.periodSeconds }} + {{- end }} + volumeMounts: + - name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-sidecar-volume + mountPath: /opt/app/config + env: + - name: LOG_LEVEL + value: {{ .Values.sidecar.config.log_level | quote }} + - name: LOG_FILTER + value: {{ .Values.sidecar.config.log_filter | quote }} + - name: EVENT_SDK_LOG_FILTER + value: {{ .Values.sidecar.config.event_log_filter | quote }} + - name: EVENT_SDK_LOG_METADATA_ONLY + value: {{ .Values.sidecar.config.event_log_metadata_only | quote }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- if .Values.configOverride }} + - name: config-override-volume + configMap: + name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-config-override + {{- end }} + - name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-config-volume + configMap: + name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-config + items: + - key: default.json + path: default.json + - key: knexfile.js + path: knexfile.js + {{- if .Values.config.endpointSecurity.jwsSign }} + - name: jws-signing-key + secret: + {{- if .Values.config.endpointSecurity.jwsSigningKeySecret }} + secretName: {{ .Values.config.endpointSecurity.jwsSigningKeySecret.name }} + items: + - key: {{ .Values.config.endpointSecurity.jwsSigningKeySecret.key }} + path: jwsSigningKey.key + {{ else }} + secretName: {{ template "account-lookup-service-handler-timeout.fullname" . }}-jws-signing-key + {{- end }} + {{- end }} + {{- if .Values.sidecar.enabled }} + - name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-sidecar-volume + configMap: + name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-sidecar + items: + - key: default.json + path: default.json + {{- end }} diff --git a/account-lookup-service/chart-handler-timeout/templates/ingress.yaml b/account-lookup-service/chart-handler-timeout/templates/ingress.yaml new file mode 100644 index 000000000..de881ed18 --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: {{ template "common.names.chart" . }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} + annotations: + {{- if .Values.ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.className }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.ingress.servicePort "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" .Values.ingress.servicePort "context" $) | nindent 14 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/account-lookup-service/chart-handler-timeout/templates/secret-jws.yaml b/account-lookup-service/chart-handler-timeout/templates/secret-jws.yaml new file mode 100644 index 000000000..862efb790 --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/templates/secret-jws.yaml @@ -0,0 +1,18 @@ +{{- if (and .Values.config.endpointSecurity.jwsSign (not .Values.config.endpointSecurity.jwsSigningKeySecret)) }} +{{- if (not .Values.config.endpointSecurity.jwsSigningKey) }} + {{- fail "JWS signing enabled but neither jwsSigningKey nor jwsSigningKeySecret was provided. You will need to supply a JWS signing key in string form via .Values.endpointSecurity.jwsSigningKey or a secret via .Values.endpointSecurity.jwsSigningKeySecret." }} +{{- end }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "account-lookup-service-handler-timeout.fullname" . }}-jws-signing-key + labels: + app.kubernetes.io/name: {{ include "account-lookup-service-handler-timeout.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +type: Opaque +data: + jwsSigningKey.key: {{ .Values.config.endpointSecurity.jwsSigningKey | b64enc }} +{{- end }} diff --git a/account-lookup-service/chart-handler-timeout/templates/service.yaml b/account-lookup-service/chart-handler-timeout/templates/service.yaml new file mode 100644 index 000000000..2ec2d0392 --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/templates/service.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "account-lookup-service-handler-timeout.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "account-lookup-service-handler-timeout.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.port }} + targetPort: {{ .Values.service.internalPort }} + protocol: TCP + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.nodePort) }} + nodePort: {{ .Values.service.nodePort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + - name: debug + port: {{ .Values.diagnosticMode.debug.port }} + targetPort: {{ .Values.diagnosticMode.debug.internalPort }} + protocol: TCP + {{- end }} + selector: + app.kubernetes.io/name: {{ include "account-lookup-service-handler-timeout.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/account-lookup-service/chart-handler-timeout/values.yaml b/account-lookup-service/chart-handler-timeout/values.yaml new file mode 100644 index 000000000..28f5d3412 --- /dev/null +++ b/account-lookup-service/chart-handler-timeout/values.yaml @@ -0,0 +1,416 @@ +# Default values for account-lookup-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + registry: docker.io + repository: mojaloop/account-lookup-service + tag: v15.4.0-snapshot.31 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + +replicaCount: 1 +command: '["node", "src/handlers/index.js", "handlers", "--timeout"]' + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - node + - src/handlers/index.js + - handlers + - "--timeout" + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }} + ## @param diagnosticMode.debug config to override all debug information + ## + debug: + internalPort: 9229 + port: 9229 + +nameOverride: "" +fullnameOverride: "" + +## Pod scheduling preferences. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: {} + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +## Set toleration for scheduler +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +## Configure Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context +## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + +readinessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 60 + periodSeconds: 15 + +livenessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 60 + periodSeconds: 15 + +sidecar: + enabled: true + image: + repository: mojaloop/event-sidecar + tag: v14.0.0 + pullPolicy: IfNotPresent + command: '["npm", "run", "start"]' + service: + internalPort: 4001 + readinessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 120 + periodSeconds: 15 + livenessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 90 + periodSeconds: 15 + config: + event_log_grpc_host: localhost + event_log_grpc_port: 50051 + event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_metadata_only: true + log_level: info + log_filter: 'error, warn, info' + +## metric configuration for prometheus instrumentation +metrics: + ## flag to enable/disable the metrics end-points + enabled: true + config: + timeout: 5000 + prefix: moja_ + defaultLabels: + serviceName: account-lookup-service-handler-timeout + +config: + hub_participant: + id: 1 + name: Hub + ## Central-Ledger config + central_services_host: '$release_name-centralledger-service' + central_services_port: 80 + + # Log config + log_level: info + log_transport: file + + error_handling: + include_cause_extension: false + truncate_extensions: true + + ## Kafka Configuration + # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used. + kafka_host: kafka + kafka_port: 9092 + kafka_partitioner: 'murmur2_random' + + central_shared_end_point_cache: + expiresIn: 180000 + generateTimeout: 30000 + getDecoratedValue: true + central_shared_participant_cache: + expiresIn: 61000 + generateTimeout: 30000 + getDecoratedValue: true + general_cache: + enabled: false + maxByteSize: 10000000 + expiresIn: 61000 + + # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept), + # and for generating requests/callbacks from the Switch itself (DEFAULT value) + protocol_versions: | + { + "CONTENT": { + "DEFAULT": "1.1", + "VALIDATELIST": [ + "1", + "1.0", + "1.1" + ] + }, + "ACCEPT": { + "DEFAULT": "1", + "VALIDATELIST": [ + "1", + "1.0", + "1.1" + ] + } + } + ## DB Configuration + db_type: mysql + db_driver: mysql + db_host: mysqldb + db_port: 3306 + db_user: account_lookup + ## Secret-Management + ### Set this if you are using a clear password configured in the config section + db_password: '' + ### Configure this if you want to use a secret. Note, this will override the db_password, + ### Use the next line if you do wish to use the db_password value instead. + # db_secret: + ### Example config for an existing secret + # db_secret: + # name: mysqldb + # key: mysql-password + db_database: account_lookup + db_connection_pool_min: 10 + db_connection_pool_max: 30 + db_acquire_timeout_millis: 30000 + db_create_timeout_millis: 30000 + db_destroy_timeout_millis: 5000 + db_idle_timeout_millis: 30000 + db_reap_interval_millis: 1000 + db_create_retry_interval_millis: 200 + db_debug: false + + display_routes: true + run_migrations: false + + endpointSecurity: + jwsSign: false + # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key. + # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored. + # Expected properties of `jwsSigningKeySecret` are `name` and `key`. + jwsSigningKeySecret: null + jwsSigningKey: null +# To generate this key: +# Private: +# ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key +# Public: +# openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub +# Should look like: +# -----BEGIN RSA PRIVATE KEY----- +# MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R +# .. +# .. +# mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4 +# -----END RSA PRIVATE KEY----- +# Thirdparty API Config + featureEnableExtendedPartyIdType: false + ## Tracing Configuration + event_trace_vendor: mojaloop + event_log_filter: 'audit:*, log:warn, log:error' + # If set to true, only the metadata object from the event will be printed. + event_log_metadata_only: false + # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve + # Any combination of: `log,audit,trace` + event_async_override: 'log,trace' + event_trace_state_enabled: true + event_traceid_per_vendor: false + + ## Proxy cache configuration + proxy_cache: + enabled: false + type: redis-cluster + proxyConfig: + cluster: + - host: proxy-cache-redis + port: 6379 + + ## Handlers configuration + handlers: + DISABLED: false + MONITORING_PORT: 4003 + TIMEOUT: + DISABLED: false + TIMEXP: "*/30 * * * * *" + TIMEZONE: "UTC" + BATCH_SIZE: 100 + +## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## command: ['sh', '-c', 'echo "hello world"'] +## +initContainers: [] +# initContainers: | +# - name: wait-for-mysql +# image: mysql:5.7 +# imagePullPolicy: IfNotPresent +# command: +# - sh +# - -c +# - | +# until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; +# do +# echo --------------------; +# echo Waiting for MySQL...; +# sleep 2; +# done; +# echo ====================; +# echo MySQL ok!; +# env: +# - name: DB_HOST +# value: '{{ .Values.config.db_host }}' +# - name: DB_PORT +# value: '{{ .Values.config.db_port }}' +# - name: DB_USER +# value: '{{ .Values.config.db_user }}' +# - name: DB_PASSWORD +# {{- if .Values.config.db_secret }} +# valueFrom: +# secretKeyRef: +# name: '{{ .Values.config.db_secret.name }}' +# key: '{{ .Values.config.db_secret.key }}' +# {{- else }} +# value: {{ .Values.config.db_password }} +# {{- end }} +# - name: DB_DATABASE +# value: '{{ .Values.config.db_database }}' + +## @param master.podLabels Extra labels for pod(s) +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} + +## @param podAnnotations Additional custom annotations for pod(s) +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} + +service: + internalPort: 4003 + ## @param service.type %%MAIN_CONTAINER_NAME%% service type + ## + type: ClusterIP + ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port + ## + port: 80 + ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: null ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP +## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer +## + loadBalancerIP: null ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources +## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service +## e.g: +## loadBalancerSourceRanges: +## - 10.10.10.0/24 +## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service + ## + annotations: {} + ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} +ingress: + enabled: true + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: null ## @param ingress.hostname Default host for the ingress record +## + hostname: account-lookup-service-handler-timeout.local + ## @param servicePort : port for the service + ## + servicePort: 80 + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + path: / + ## @param ingress.annotations Additional custom annotations for the ingress record + ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added + ## + annotations: null ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter +## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` +## You can: +## - Use the `ingress.secrets` parameter to create this TLS secret +## - Relay on cert-manager to create it by setting `ingress.certManager=true` +## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` +## + tls: false + ## @param ingress.certManager Add the corresponding annotations for cert-manager integration + ## + certManager: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: transfer-api-svc.local + ## path: / + ## + extraHosts: null + extraPaths: null + extraTls: null + secrets: null + className: "nginx" + ## + # - secretName: chart-example-tls + # hosts: + # - chart-example.local +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi diff --git a/account-lookup-service/chart-service/configs/default.json b/account-lookup-service/chart-service/configs/default.json index 8327463ff..e132a42b2 100644 --- a/account-lookup-service/chart-service/configs/default.json +++ b/account-lookup-service/chart-service/configs/default.json @@ -47,6 +47,7 @@ "EXPIRES_IN_MS": {{ .Values.config.general_cache.expiresIn }} }, "PROXY_CACHE": {{ .Values.config.proxy_cache | toPrettyJson | nindent 2 }}, + "HANDLERS": {{ .Values.config.handlers | toPrettyJson | nindent 2 }}, "SWITCH_ENDPOINT": "http://{{ (default .Values.config.central_services_host $centralServicesHost) }}:{{ .Values.config.central_services_port }}", "ERROR_HANDLING": { "includeCauseExtension": {{ .Values.config.error_handling.include_cause_extension }}, diff --git a/account-lookup-service/chart-service/values.yaml b/account-lookup-service/chart-service/values.yaml index 0cd0e40f0..09a1f8a7b 100644 --- a/account-lookup-service/chart-service/values.yaml +++ b/account-lookup-service/chart-service/values.yaml @@ -249,6 +249,16 @@ config: cluster: - host: proxy-cache-redis port: 6379 + + ## Handlers configuration + handlers: + DISABLED: true + MONITORING_PORT: 4003 + TIMEOUT: + DISABLED: true + TIMEXP: "*/30 * * * * *" + TIMEZONE: "UTC" + BATCH_SIZE: 100 ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ diff --git a/account-lookup-service/values.yaml b/account-lookup-service/values.yaml index b85421277..87a4b3298 100644 --- a/account-lookup-service/values.yaml +++ b/account-lookup-service/values.yaml @@ -686,6 +686,342 @@ account-lookup-service-admin: # requests: # cpu: 100m # memory: 128Mi + +account-lookup-service-handler-timeout: + enabled: true + # Default values for account-lookup-service. + # This is a YAML-formatted file. + # Declare variables to be passed into your templates. + + image: + registry: docker.io + repository: mojaloop/account-lookup-service + tag: v15.4.0-snapshot.31 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + replicaCount: 1 + command: '["node", "src/handlers/index.js", "handlers", "--timeout"]' + + nameOverride: "" + fullnameOverride: "" + + # Mount configuration files in the app folder for overriding defaults + # configOverride: + # # event sdk settings override + # .EVENT_SDKrc: + # AUDIT: kafka + # + # # logging settings override + # .CSLrc: + # LOG_FILTER: "" + + ## Pod scheduling preferences. + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + nodeSelector: {} + + ## Set toleration for scheduler + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## metric configuration for prometheus instrumentation + metrics: + ## flag to enable/disable the metrics end-points + enabled: true + config: + timeout: 5000 + prefix: moja_ + defaultLabels: + serviceName: account-lookup-service-handler-timeout + + config: + hub_participant: + id: 1 + name: Hub + ## Central-Ledger config + central_services_host: '$release_name-centralledger-service' + central_services_port: 80 + # Log config + log_level: info + log_transport: file + + error_handling: + include_cause_extension: false + truncate_extensions: true + + central_shared_end_point_cache: + expiresIn: 180000 + generateTimeout: 30000 + getDecoratedValue: true + central_shared_participant_cache: + expiresIn: 61000 + generateTimeout: 30000 + getDecoratedValue: true + general_cache: + enabled: false + maxByteSize: 10000000 + expiresIn: 61000 + + # ## DB Configuration + # db_type: mysql + # db_driver: mysql + # db_host: mysqldb + # db_port: 3306 + # db_user: account_lookup + # ## Secret-Management + # ### Set this if you are using a clear text password configured in the config section + # db_password: '' + # ### Configure this if you want to use a secret. Note, this will override the db_password, + # ### Use the next line if you do wish to use the db_password value instead. + # # db_secret: + # ### Example config for an existing secret + # # db_secret: + # # name: mysqldb + # # key: mysql-password + # db_database: account_lookup + # db_connection_pool_min: 10 + # db_connection_pool_max: 30 + # db_acquire_timeout_millis: 30000 + # db_create_timeout_millis: 30000 + # db_destroy_timeout_millis: 5000 + # db_idle_timeout_millis: 30000 + # db_reap_interval_millis: 1000 + # db_create_retry_interval_millis: 200 + # db_debug: false + + # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept), + # and for generating requests/callbacks from the Switch itself (DEFAULT value) + protocol_versions: | + { + "CONTENT": { + "DEFAULT": "1.1", + "VALIDATELIST": [ + "1", + "1.0", + "1.1" + ] + }, + "ACCEPT": { + "DEFAULT": "1", + "VALIDATELIST": [ + "1", + "1.0", + "1.1" + ] + } + } + + display_routes: true + # run_migrations: false + + endpointSecurity: + jwsSign: false + # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key. + # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored. + # Expected properties of `jwsSigningKeySecret` are `name` and `key`. + jwsSigningKeySecret: null + jwsSigningKey: null + # To generate this key: + # Private: + # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key + # Public: + # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub + # Should look like: + # -----BEGIN RSA PRIVATE KEY----- + # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R + # .. + # .. + # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4 + # -----END RSA PRIVATE KEY----- + # Thirdparty API Config + featureEnableExtendedPartyIdType: false + + ## Proxy cache configuration + proxy_cache: + enabled: false + type: redis + proxyConfig: + cluster: + - host: proxy-cache-redis + port: 6379 + + handlers: + DISABLED: true + MONITORING_PORT: 4003 + TIMEOUT: + DISABLED: true + TIMEXP: "*/30 * * * * *" + TIMEZONE: "UTC" + BATCH_SIZE: 100 + + + ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + # initContainers: | + # - name: wait-for-mysql + # image: mysql:5.7 + # imagePullPolicy: IfNotPresent + # command: + # - sh + # - -c + # - | + # until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; + # do + # echo --------------------; + # echo Waiting for MySQL...; + # sleep 2; + # done; + # echo ====================; + # echo MySQL ok!; + # env: + # - name: DB_HOST + # value: '{{ .Values.config.db_host }}' + # - name: DB_PORT + # value: '{{ .Values.config.db_port }}' + # - name: DB_USER + # value: '{{ .Values.config.db_user }}' + # - name: DB_PASSWORD + # {{- if .Values.config.db_secret }} + # valueFrom: + # secretKeyRef: + # name: '{{ .Values.config.db_secret.name }}' + # key: '{{ .Values.config.db_secret.key }}' + # {{- else }} + # value: {{ .Values.config.db_password }} + # {{- end }} + # - name: DB_DATABASE + # value: '{{ .Values.config.db_database }}' + + service: + internalPort: 4003 + ## @param service.type %%MAIN_CONTAINER_NAME%% service type + ## + type: ClusterIP + ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port + ## + port: 80 + ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port + ## + httpsPort: 443 + ## Node ports to expose + ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.https Node port for HTTPS + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: null + https: null + ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: null + ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: null + ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service + ## + annotations: {} + ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + + ingress: + enabled: true + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: null + ## @param ingress.hostname Default host for the ingress record + ## + hostname: account-lookup-service-handler-timeout.local + ## @param servicePort : port for the service + ## + servicePort: 80 + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + path: / + ## @param ingress.annotations Additional custom annotations for the ingress record + ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added + ## + annotations: null + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Relay on cert-manager to create it by setting `ingress.certManager=true` + ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.certManager Add the corresponding annotations for cert-manager integration + ## + certManager: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: transfer-api-svc.local + ## path: / + ## + extraHosts: null + extraPaths: null + extraTls: null + secrets: null + className: "nginx" + ## + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + resources: {} + + als-oracle-pathfinder: enabled: false # Declare variables to be passed into your templates. diff --git a/mojaloop/values.yaml b/mojaloop/values.yaml index f1e4de5d0..4f716bf0a 100644 --- a/mojaloop/values.yaml +++ b/mojaloop/values.yaml @@ -84,7 +84,7 @@ CONFIG: ## PROXY CACHE proxy_cache: &PROXY_CACHE enabled: false - type: redis-cluster + type: redis-cluster # redis-cluster is the preferred and the only tested cache type proxyConfig: cluster: - host: proxy-cache-redis @@ -853,6 +853,386 @@ account-lookup-service: affinity: {} + account-lookup-service-handler-timeout: + enabled: true + # Default values for account-lookup-service-handler-timeout. + image: + registry: docker.io + repository: mojaloop/account-lookup-service + tag: v15.4.0-snapshot.31 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + replicaCount: 1 # timeout handler is designed to run as a single instance + command: '["node", "src/handlers/index.js", "handlers", "--timeout"]' + + nameOverride: "" + fullnameOverride: "" + + sidecar: + enabled: true + image: + repository: mojaloop/event-sidecar + tag: v14.0.0 + pullPolicy: IfNotPresent + command: '["npm", "run", "start"]' + service: + internalPort: 4001 + readinessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 120 + periodSeconds: 15 + livenessProbe: + enabled: true + httpGet: + path: /health + initialDelaySeconds: 90 + periodSeconds: 15 + config: + event_log_grpc_host: localhost + event_log_grpc_port: 50051 + event_log_filter: 'audit:*, log:info, log:warn, log:error' + event_log_metadata_only: true + log_level: info + log_filter: 'error, warn, info' + + ## metric configuration for prometheus instrumentation + metrics: + ## flag to enable/disable the metrics end-points + enabled: true + config: + timeout: 5000 + prefix: moja_ + defaultLabels: + serviceName: account-lookup-service-handler-timeout + + config: + hub_participant: *HUB_PARTICIPANT + ## Central-Ledger config + central_services_host: '$release_name-centralledger-service' + central_services_port: 80 + + # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept), + # and for generating requests/callbacks from the Switch itself (DEFAULT value) + protocol_versions: | + { + "CONTENT": { + "DEFAULT": "1.1", + "VALIDATELIST": [ + "1", + "1.0", + "1.1" + ] + }, + "ACCEPT": { + "DEFAULT": "1", + "VALIDATELIST": [ + "1", + "1.0", + "1.1" + ] + } + } + + # Log config + log_level: info + log_transport: file + + central_shared_end_point_cache: + expiresIn: 180000 + generateTimeout: 30000 + getDecoratedValue: true + central_shared_participant_cache: + expiresIn: 61000 + generateTimeout: 30000 + getDecoratedValue: true + general_cache: + enabled: true + maxByteSize: 10000000 + expiresIn: 61000 + + error_handling: + include_cause_extension: false + truncate_extensions: true + + # ## DB Configuration + # # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled + # db_type: 'mysql' + # # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set. + # db_driver: 'mysql' + # db_host: *ALS_DB_HOST + # db_port: *ALS_DB_PORT + # db_user: *ALS_DB_USER + # ## Secret-Management + # ### Set this if you are using a clear password configured in the config section + # # db_password: *ALS_DB_PASSWORD + # ### Configure this if you want to use a secret. Note, this will override the db_password, + # ### Use the next line if you do wish to use the db_password value instead. + # # db_secret: + # ### Example config for an existing secret + # db_secret: + # name: *ALS_DB_SECRET_NAME + # key: *ALS_DB_SECRET_KEY + # db_database: *ALS_DB_NAME + # db_connection_pool_min: 10 + # db_connection_pool_max: 30 + # db_acquire_timeout_millis: 30000 + # db_create_timeout_millis: 30000 + # db_destroy_timeout_millis: 5000 + # db_idle_timeout_millis: 30000 + # db_reap_interval_millis: 1000 + # db_create_retry_interval_millis: 200 + # db_debug: false + display_routes: true + # run_migrations: false + + endpointSecurity: + jwsSign: true + # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key. + # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored. + # Expected properties of `jwsSigningKeySecret` are `name` and `key`. + jwsSigningKeySecret: null + # jwsSigningKey: + # To generate this key: + # Private: + # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key + # Public: + # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub + # Should look like: + # -----BEGIN RSA PRIVATE KEY----- + # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R + # .. + # .. + # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4 + # -----END RSA PRIVATE KEY----- + # The following is an example key and shouldn't be used in production + jwsSigningKey: |- + -----BEGIN PRIVATE KEY----- + MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQDuB5HuHRH5BqI/ + VAC/ixm6lz8kJmigIB5jMxLrhB9cgqM+pb0O+is88VRHdxtw8eKG3nvrZYy/4nsJ + z32qo4sOIMqHWTlZgbURVK4FAUEZ/qn63UnXJ1YVqT4UGg31BBj2c1JdlxG2t4JV + DvzGrI2/ia/t4gYZCWrQz6a8OClBIaXu2t6EGFnysyS+1YDWtNIHO+z0lvAY9oad + 5MZPHN51o04eIoLO0tPfkz0+NDs4ECwUWuFAg8yo1hxnvSoERiCAwEbFgq2wDe1+ + oBhOpusd4VastD/TEqO8RhrwTodddOMKzapJPrQJuvTkrpkmkPOGE8DgIVHsULLR + UYEMKvTVAgMBAAECgf94Meq77xrcFg8sSqe5eNHYP39tvaWyqE7mY/slvpNDH5Pl + D/p21akS156E32BEJuYPk/TLiI2kMWjnvbHvNgr9tq8x3ToyTjtrg5clq8Hr1Ozo + FnFiqkVHMFPFPQZEVU64CQPA33DixuWjMWS3YINfCAinErBry0PiNZGmuFi1K/wy + e1z2F9WfG3IEBEe3NaeXwN55ZPJve0LtneJy3YqNwMg2FpPKBRHFV4lKTaU/hqhC + NK6HQoEXN4Y9AQHn53Fl8n0iNO3qx0Tb7EuGNFmZ2xTlpDKAp8M+BA5Qm5YDkbd6 + OoxbGj2YxZncbG+RsvICtVMLqIytubvYREY9WGkCgYEA+K64xhJzWV3cGc8/90ko + TryGMBj1ly5TNa1YyOQxl5z4Glc0aI8a+1vJGEAA+c/OEhMR8MRn3+QfV2LJOI5X + V8Zo2Ger6Ln99LBddTh2HXL3M60cMgs8MYGuJ75g5R/UHnJBLo7NFyVddCOMT3hc + AYSDN3XCw9ycqTw2/mJHB9kCgYEA9QiaCfTtnXdjMqLeYbp2uQEyyO6IZs956ym7 + sEQMwx/3wnlE9eiJ6iQxZfddkfOCyV/4MMAlYfpTBQFg7Cwb32Xrv3Ezy0HfZrnt + 5Nj4SVQWuOXJhdfC9dmTF+cvBeP+vC6PyDbikxdCo9+05chxS7I3MLxCue4qxy0C + QfQIE10CgYA+kHacHng2u45sT9/f7t/dL0DzSNRAvL7iekIkCIURh8RDnDzrMVWw + d18YYsHcF5PYqEOTN1aK1XGtIoVNXUJMKvaluy9c1a42qUhZ/WJ59jqLHbpCPOFf + 8yhFh3gJLQDIyCXt+K9Qa24fkfHy7Gz5VMVOZqohbJddXHDZfxAvwQKBgAdU947+ + tjF1BhHYz8Cq3KySfZuHj6tL4AEKYaRXlO4twbMe/9I/4AiShqvfZ/xbBfnSllGX + Hkc9P0iyDt1iQH9BxHkZAQy+7tlbDORBHcTL8FYeAhawKxRCK2WWtFB/zvqAhire + gY8XLhZLNlV91u4F6iLaL0DzAHKvRRcGH0u9AoGATNigZgbRRHJC21JucHeE0tP7 + HjGALvb4qn1o0oDHsxNY8i6vVNw9YeQpZaJhceuRHJTGcsq2dJSXpYwIhIVs/8RK + bKbkEndra96L6FRZN8LYBl8zbRUPx39ojGeSbFliQv1eaoA/1DDhCiC2NlcSmbJl + ecaG/Oyo/S+eM8nR7mc= + -----END PRIVATE KEY----- + + # Thirdparty API Config + featureEnableExtendedPartyIdType: false + + ## Proxy cache configuration + proxy_cache: *PROXY_CACHE + + ## Handlers configuration + handlers: + DISABLED: false + MONITORING_PORT: 4003 + TIMEOUT: + DISABLED: false + TIMEXP: "*/30 * * * * *" + TIMEZONE: "UTC" + BATCH_SIZE: 100 + + # @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) + # ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + # e.g: + # initContainers: + # - name: your-image-name + # image: your-image + # imagePullPolicy: Always + # command: ['sh', '-c', 'echo "hello world"'] + # + initContainers: [] + # initContainers: | + # - name: wait-for-mysql + # image: mysql:5.7 + # imagePullPolicy: IfNotPresent + # command: + # - sh + # - -c + # - | + # until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi; + # do + # echo --------------------; + # echo Waiting for MySQL...; + # sleep 2; + # done; + # echo ====================; + # echo MySQL ok!; + # env: + # - name: DB_HOST + # value: '{{ .Values.config.db_host }}' + # - name: DB_PORT + # value: '{{ .Values.config.db_port }}' + # - name: DB_USER + # value: '{{ .Values.config.db_user }}' + # - name: DB_PASSWORD + # {{- if .Values.config.db_secret }} + # valueFrom: + # secretKeyRef: + # name: '{{ .Values.config.db_secret.name }}' + # key: '{{ .Values.config.db_secret.key }}' + # {{- else }} + # value: {{ .Values.config.db_password }} + # {{- end }} + # - name: DB_DATABASE + # value: '{{ .Values.config.db_database }}' + + service: + internalPort: 4003 + ## @param service.type %%MAIN_CONTAINER_NAME%% service type + ## + type: ClusterIP + ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port + ## + port: 80 + ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port + ## + httpsPort: 443 + ## Node ports to expose + ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.https Node port for HTTPS + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: null + https: null + ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: null + ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: null + ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service + ## + annotations: {} + ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + + ingress: + enabled: true + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: null + ## @param ingress.hostname Default host for the ingress record + ## + hostname: account-lookup-service.local + ## @param servicePort : port for the service + ## + servicePort: 80 + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + path: / + ## @param ingress.annotations Additional custom annotations for the ingress record + ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added + ## + annotations: null + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Relay on cert-manager to create it by setting `ingress.certManager=true` + ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.certManager Add the corresponding annotations for cert-manager integration + ## + certManager: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: transfer-api-svc.local + ## path: / + ## + extraHosts: null + extraPaths: null + extraTls: null + secrets: null + className: "nginx" + ## + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + resources: {} + + nodeSelector: {} + + tolerations: [] + + affinity: {} + als-oracle-pathfinder: enabled: false # Declare variables to be passed into your templates.