Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add consent to galoy chart #4474

Merged
merged 2 commits into from
Oct 17, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/galoy/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,4 @@ dependencies:
repository: oci://ghcr.io/apollographql/helm-charts
version: 1.25.0
digest: sha256:bb886d7d909ea493a1113209c3544efde2497772abd7ca7f3466cb73060eb759
generated: "2023-10-16T07:29:50.903201944Z"
generated: "2023-10-17T00:27:44.993098112+05:30"
23 changes: 23 additions & 0 deletions charts/galoy/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- default "trigger" .Values.galoy.trigger.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create a default fully qualified consent name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "galoy.consent.fullname" -}}
{{- default "consent" .Values.galoy.consent.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
CronJob name
*/}}
Expand Down Expand Up @@ -283,3 +291,18 @@ Return Galoy environment variables for Geetest
name: {{ .Values.galoy.geetestExistingSecret.name }}
key: {{ .Values.galoy.geetestExistingSecret.secret_key }}
{{- end -}}

# TODO: Remove this once https://github.com/apollographql/router/issues/4002 is resolved
# This is copied from https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_tplvalues.tpl
{{- define "common.tplvalues.render" -}}
{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }}
{{- if contains "{{" (toJson .value) }}
{{- if .scope }}
{{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
{{- else }}
{{- tpl $value .context }}
{{- end }}
{{- else }}
{{- $value }}
{{- end }}
{{- end -}}
52 changes: 52 additions & 0 deletions charts/galoy/templates/consent-deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "galoy.consent.fullname" . }}
labels:
app: {{ template "galoy.consent.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
app.kubernetes.io/managed-by: Helm

kube-monkey/enabled: enabled
kube-monkey/identifier: {{ template "galoy.trigger.fullname" . }}
kube-monkey/kill-mode: fixed
kube-monkey/kill-value: "1"
kube-monkey/mtbf: "8"
spec:
selector:
matchLabels:
app: {{ template "galoy.consent.fullname" . }}
release: {{ .Release.Name }}
replicas: {{ .Values.galoy.consent.replicas }}
template:
metadata:
labels:
app: {{ template "galoy.consent.fullname" . }}
release: "{{ .Release.Name }}"
kube-monkey/enabled: enabled
kube-monkey/identifier: {{ template "galoy.trigger.fullname" . }}
spec:
serviceAccountName: {{ template "galoy.name" . }}
containers:
- name: consent
image: "{{ .Values.galoy.images.consent.repository }}@{{ .Values.galoy.images.consent.digest }}"
resources:
{{- toYaml .Values.resources | nindent 10 }}
ports:
- name: http
containerPort: {{ .Values.galoy.consent.port }}
protocol: TCP
env:
- name: PORT
value: "{{ .Values.galoy.consent.port }}"
- name: GRAPHQL_PUBLIC_API
value: {{ .Values.galoy.consent.graphqlPublicApi }}
- name: CORE_AUTH_URL
value: {{ .Values.galoy.consent.coreAuthUrl }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .Values.tracing.otelExporterOtlpEndpoint }}
- name: TRACING_SERVICE_NAME
value: "{{ .Values.tracing.prefix }}-{{ template "galoy.consent.fullname" . }}"
- name: HYDRA_ADMIN_URL
value: {{ .Values.galoy.consent.hydraAdminUrl }}
48 changes: 48 additions & 0 deletions charts/galoy/templates/consent-ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
{{- if .Values.galoy.consent.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ template "galoy.consent.fullname" . }}
labels:
app: {{ template "galoy.consent.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
app.kubernetes.io/managed-by: Helm
annotations:
cert-manager.io/cluster-issuer: {{ .Values.galoy.consent.ingress.clusterIssuer }}
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" # 1 hour
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" # 1 hour
nginx.ingress.kubernetes.io/proxy-connect-timeout: "1s"
nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout"
nginx.ingress.kubernetes.io/proxy-next-upstream-tries: "3"
nginx.ingress.kubernetes.io/limit-rpm: "10"
nginx.ingress.kubernetes.io/limit-burst-multiplier: "2"
nginx.ingress.kubernetes.io/limit-connections: "10"
{{- with .Values.galoy.consent.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: nginx
tls:
{{- range .Values.galoy.consent.ingress.hosts }}
- hosts:
- {{ . }}
secretName: {{ printf "%s-tls" . }}
{{- end }}
rules:
{{- range .Values.galoy.consent.ingress.hosts }}
- host: {{ . }}
http:
paths:
{{- if $.Values.galoy.consent.ingress.extraPaths }}
{{- toYaml $.Values.galoy.consent.ingress.extraPaths | nindent 10 }}
{{- end }}
- pathType: ImplementationSpecific
path: /
backend:
service:
name: {{ template "galoy.consent.fullname" $ }}
port:
number: {{ $.Values.galoy.consent.port }}
{{- end -}}
{{- end -}}
18 changes: 18 additions & 0 deletions charts/galoy/templates/consent-service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "galoy.consent.fullname" . }}
labels:
app: {{ template "galoy.consent.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
app.kubernetes.io/managed-by: Helm
spec:
type: {{ .Values.galoy.consent.serviceType }}
ports:
- port: {{ .Values.galoy.consent.port }}
targetPort: {{ .Values.galoy.consent.port }}
protocol: TCP
name: http
selector:
app: {{ template "galoy.consent.fullname" . }}
16 changes: 16 additions & 0 deletions charts/galoy/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,11 @@ galoy:
## Digest of the image
##
digest: "sha256:aa16b25de59adef5b13b391394c9b637ce79c64e20ca36d0798968b5028a08d2"
consent:
repository: us.gcr.io/galoy-org/galoy-consent
## Digest of the image
##
digest: "sha256:f0a9190ad0b1f4accddc938c7ebd08ee7e9006011864d68cc1ad4aae6451ac46"
## Galoy Application MongoDB Migration Image details
##
mongodbMigrate:
Expand Down Expand Up @@ -381,6 +386,17 @@ galoy:
failureThreshold: 5
successThreshold: 2
timeoutSeconds: 1
consent:
resources: {}
port: 80
graphqlPublicApi: http://galoy-oathkeeper-proxy/graphql
coreAuthUrl: http://galoy-oathkeeper-proxy/auth
hydraAdminUrl: http://galoy-hydra-admin:4445
ingress:
enabled: false
hosts: [consent.staging.galoy.io]
clusterIssuer: letsencrypt-issuer
tlsSecretName: websocket-tls
mongoBackupCron:
resources: {}
galoyCron:
Expand Down
2 changes: 0 additions & 2 deletions charts/loop/charts/loopserver/templates/pvc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "loopserver.fullname" $ }}
annotations:
"helm.sh/resource-policy": keep
labels:
{{- include "loopserver.labels" . | nindent 4 }}
spec:
Expand Down
3 changes: 3 additions & 0 deletions dev/Tiltfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# include('./galoy-deps/Tiltfile')
include('./bitcoin/Tiltfile')
include('./galoy/Tiltfile')
118 changes: 118 additions & 0 deletions dev/bitcoin/Tiltfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
load('ext://helm_resource', 'helm_resource')
load('ext://namespace', 'namespace_create')
load('ext://secret', 'secret_from_dict', 'secret_create_generic')

name_prefix = "galoy-dev"
bitcoin_network = "regtest"
bitcoind_rpcpassword = "rpcpassword"
bitcoin_namespace = "{}-bitcoin".format(name_prefix)

namespace_create(bitcoin_namespace)

k8s_yaml(secret_from_dict(
name='bitcoind-rpcpassword',
namespace=bitcoin_namespace,
inputs={'password': bitcoind_rpcpassword},
))

helm_resource(
name="bitcoind",
chart="../../charts/bitcoind",
namespace=bitcoin_namespace,
flags=['--values=./bitcoind-regtest-values.yml'],
labels="bitcoin"
)

k8s_yaml(secret_from_dict(
name='bitcoind-onchain-rpcpassword',
namespace=bitcoin_namespace,
inputs={'password': bitcoind_rpcpassword},
))

k8s_yaml(secret_from_dict(
name='bitcoind-signer-descriptor',
namespace=bitcoin_namespace,
inputs={
'descriptor_json_base64': local(
"base64 bitcoind_signers_descriptors.json | tr -d '\n\r'"
)
},
))

helm_resource(
name="bitcoind-onchain",
chart="../../charts/bitcoind",
namespace=bitcoin_namespace,
flags=[
'--values=./bitcoind-regtest-values.yml',
'--values=./bitcoind-onchain-values.yml'
],
labels="bitcoin"
)

local_resource(
name="bitcoind-block-generator",
cmd='./generateBlock.sh',
labels="bitcoin",
resource_deps=["bitcoind-onchain", "bitcoind"]
)

helm_resource(
name="lnd1",
chart="../../charts/lnd",
namespace=bitcoin_namespace,
flags=[
'--values=./lnd-regtest-values.yml',
],
labels="bitcoin"
)

helm_resource(
name="loop1",
chart="../../charts/loop",
namespace=bitcoin_namespace,
flags=[
'--values=./loop-values.yml',
],
labels="bitcoin"
)

# helm_resource(
# name="fulcrum",
# chart="../../charts/fulcrum",
# namespace=bitcoin_namespace,
# flags=[
# '--values=./fulcrum-regtest-values.yml',
# ],
# labels="bitcoin"
# )

k8s_yaml(secret_from_dict(
name='bria',
namespace=bitcoin_namespace,
inputs={
'pg-con': 'postgres://bria:bria@bria-postgresql:5432/bria',
'signer-encryption-key': local('openssl rand -hex 32'),
},
))

helm_resource(
name="bria",
chart="../../charts/bria",
namespace=bitcoin_namespace,
flags=[
'--values=./bria-values.yml',
],
labels="bitcoin"
)

# TODO: uncomment mempool when we actually use it
# helm_resource(
# name="mempool",
# chart="../../charts/mempool",
# namespace=bitcoin_namespace,
# flags=[
# '--values=./mempool-regtest-values.yml',
# ],
# labels="bitcoin"
# )
68 changes: 68 additions & 0 deletions dev/galoy-deps/Tiltfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
load('ext://helm_resource', 'helm_resource')
load('ext://namespace', 'namespace_create')
update_settings(k8s_upsert_timeout_secs=120)

name_prefix = "galoy-dev"
kafka_namespace = "{}-kafka".format(name_prefix)
ingress_namespace = "{}-ingress".format(name_prefix)
otel_namespace = "{}-otel".format(name_prefix)
kubemonkey_namespace = "{}-kubemonkey".format(name_prefix)

namespace_create(kafka_namespace)

# Attaching the namespace to the workload means that the namespace will be deleted when the workload is deleted
# k8s_resource(workload="kafka-operator", objects=["galoy-dev-kafka:namespace"])

helm_resource(
name="kafka",
chart="../../charts/galoy-deps",
namespace=kafka_namespace,
flags=['--values=./kafka-values.yml'],
labels="kafka"
)

## cert-manager and ingress-nginx

namespace_create(ingress_namespace)

# TODO: decide how to label the ingress namespace
# k8s_resource(workload="cert-manager?", objects=["galoy-dev-ingress:namespace"])

helm_resource(
name="cert-manager",
chart="../../charts/galoy-deps",
namespace=ingress_namespace,
flags=['--values=./cert-manager-values.yml'],
labels="cert-manager-and-ingress"
)

helm_resource(
name="ingress-nginx",
chart="../../charts/galoy-deps",
namespace=ingress_namespace,
flags=['--values=./ingress-nginx-values.yml'],
labels="cert-manager-and-ingress"
)

## opentelemetry-collector

namespace_create(otel_namespace)

helm_resource(
name="opentelemetry-collector",
chart="../../charts/galoy-deps",
namespace=otel_namespace,
flags=['--values=./otel-values.yml'],
labels="otel"
)

# do we need kubemonkey in local dev?

# helm_resource(
# name="kubemonkey",
# chart="../../charts/galoy-deps",
# namespace=kubemonkey_namespace,
# flags=['--values=./kubemonkey-values.yml'],
# labels="kubemonkey"
# )

Loading
Loading