refactor: galoy chart (#1193)

* refactor: galoy chart * refactor: add backups to values * refactor: cleanup and fresh values * chore: proper diff * refactor: rbac * refactor: add mongodb secrets * refactor: add checks * refactor: add mongodb envs * refactor: added firebase sa for notifications * refactor: added lnd1 and lnd2 * refactor: bitcoin, lnd, geetest, redis envs * refactor: added jwt * reactor: added apollo envs * refactor: added twilio creds * refactor: added probes and price/dealer server envs * refactor: misc renames * refactor: auto create secrets * refactor: add galoy config * fix: making secrets work (default install working) * chore: bringing back the originals for safer merge * refactor: move non-reused stuff * chore: add back custom yaml * fix: testflight values
GaloyMoney · Jul 27, 2022 · 8c9a899 · 8c9a899
1 parent e077d76
commit 8c9a899
Show file tree

Hide file tree

Showing 17 changed files with 1,115 additions and 119 deletions.
diff --git a/charts/galoy/templates/_helpers.tpl b/charts/galoy/templates/_helpers.tpl
@@ -1,3 +1,184 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "galoy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified api name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "galoy.api.fullname" -}}
+{{- $name := default "api" .Values.galoy.api.nameOverride -}}
+{{- if .Values.fullnameOverride -}}
+{{- printf "%s-%s" .Values.fullnameOverride $name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Migration Job name
+*/}}
+{{- define "galoy.migration.jobname" -}}
+{{- printf "%s-mongodb-migrate-%d" .Release.Name .Release.Revision -}}
+{{- end -}}
+
+{{/*
+Pre-Migration Job name
+*/}}
+{{- define "galoy.pre-migration.jobname" -}}
+{{- printf "%s-pre-mongodb-migrate-%d" .Release.Name .Release.Revision -}}
+{{- end -}}
+
+{{/*
+Return Galoy environment variables for MongoDB configuration
+*/}}
+{{- define "galoy.mongodb.env" -}}
+{{ if eq .Values.mongodb.architecture "replicaset" }}
+- name: MONGODB_ADDRESS
+  value: "{{ range until (.Values.mongodb.replicaCount | int) }}
+  {{- printf "galoy-mongodb-%d.galoy-mongodb-headless" . -}}
+  {{- if lt . (sub $.Values.mongodb.replicaCount 1 | int) -}},{{- end -}}
+  {{ end }}"
+- name: MONGODB_USER
+  value: {{ index .Values.mongodb.auth.usernames 0 | quote }}
+- name: MONGODB_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.mongodb.auth.existingSecret }}
+      key: mongodb-passwords
+{{ else if eq .Values.mongodb.architecture "standalone" }}
+- name: MONGODB_ADDRESS
+  value: "galoy-mongodb"
+- name: MONGODB_USER
+  value: {{ index .Values.mongodb.auth.usernames 0 | quote }}
+- name: MONGODB_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.mongodb.auth.existingSecret }}
+      key: mongodb-passwords
+{{ end }}
+{{- end -}}
+
+{{/*
+Return Galoy environment variables for BitcoinD configuration
+*/}}
+{{- define "galoy.bitcoind.env" -}}
+- name: BITCOINDADDR
+  value: {{ .Values.galoy.bitcoind.dns | quote }}
+- name: BITCOINDPORT
+  value: {{ .Values.galoy.bitcoind.port | quote }}
+- name: BITCOINDRPCPASS
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.bitcoind.rpcPasswordExistingSecret.name }}
+      key: {{ .Values.galoy.bitcoind.rpcPasswordExistingSecret.key }}
+{{- end -}}
+
+{{/*
+Return Galoy environment variables for LND 1 configuration
+*/}}
+{{- define "galoy.lnd1.env" -}}
+- name: LND1_DNS
+  value: {{ .Values.galoy.lnd1.dns | quote }}
+- name: LND1_MACAROON
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.lnd1.credentialsExistingSecret.name }}
+      key: {{ .Values.galoy.lnd1.credentialsExistingSecret.macaroon_key }}
+- name: LND1_TLS
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.lnd1.credentialsExistingSecret.name }}
+      key: {{ .Values.galoy.lnd1.credentialsExistingSecret.tls_key }}
+- name: LND1_PUBKEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.lnd1.pubkeyExistingSecret.name }}
+      key: {{ .Values.galoy.lnd1.pubkeyExistingSecret.key }}
+{{- end -}}
+
+{{/*
+Return Galoy environment variables for LND 2 configuration
+*/}}
+{{- define "galoy.lnd2.env" -}}
+- name: LND2_DNS
+  value: {{ .Values.galoy.lnd2.dns | quote }}
+- name: LND2_MACAROON
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.lnd2.credentialsExistingSecret.name }}
+      key: {{ .Values.galoy.lnd2.credentialsExistingSecret.macaroon_key }}
+- name: LND2_TLS
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.lnd2.credentialsExistingSecret.name }}
+      key: {{ .Values.galoy.lnd2.credentialsExistingSecret.tls_key }}
+- name: LND2_PUBKEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.lnd2.pubkeyExistingSecret.name }}
+      key: {{ .Values.galoy.lnd2.pubkeyExistingSecret.key }}
+{{- end -}}
+
+{{/*
+Return Galoy environment variables for Redis configuration
+*/}}
+{{- define "galoy.redis.env" -}}
+- name: REDIS_MASTER_NAME
+  value: {{ .Values.redis.sentinel.masterSet | quote }}
+- name: REDIS_PASSWORD
+  value: {{ .Values.redis.auth.password | quote }}
+{{ range until (.Values.redis.replica.replicaCount | int) }}
+- name: {{ printf "REDIS_%d_DNS" . }}
+  value: {{ printf "galoy-redis-node-%d.galoy-redis-headless" . | quote }}
+{{ end }}
+{{- end -}}
+
+{{/*
+Return Galoy environment variables for Reporting to Apollo
+*/}}
+{{- define "galoy.apollo.env" -}}
+- name: APOLLO_GRAPH_VARIANT
+  value: {{ .Values.galoy.api.apollo.graphVariant | quote }}
+- name: APOLLO_SCHEMA_REPORTING
+  value: {{ .Values.galoy.api.apollo.schemaReporting | quote }}
+- name: APOLLO_GRAPH_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.api.apollo.existingSecret.name }}
+      key: {{ .Values.galoy.api.apollo.existingSecret.id_key }}
+- name: APOLLO_KEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.api.apollo.existingSecret.name }}
+      key: {{ .Values.galoy.api.apollo.existingSecret.key_key }}
+{{- end -}}
+
+{{/*
+Return Galoy environment variables for Twilio
+*/}}
+{{- define "galoy.twilio.env" -}}
+- name: TWILIO_PHONE_NUMBER
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.api.twilioExistingSecret.name }}
+      key: {{ .Values.galoy.api.twilioExistingSecret.phone_number_key }}
+- name: TWILIO_ACCOUNT_SID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.api.twilioExistingSecret.name }}
+      key: {{ .Values.galoy.api.twilioExistingSecret.account_sid_key }}
+- name: TWILIO_AUTH_TOKEN
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.galoy.api.twilioExistingSecret.name }}
+      key: {{ .Values.galoy.api.twilioExistingSecret.auth_token_key }}
+{{- end -}}
+
 {{- define "galoy.jwtSecret" -}}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace "jwt-secret") -}}
 {{- if $secret -}}

diff --git a/charts/galoy/templates/api-deployment.yaml b/charts/galoy/templates/api-deployment.yaml
@@ -0,0 +1,182 @@
+apiVersion: apps/v1
+kind: Deployment
+
+metadata:
+  name: {{ template "galoy.api.fullname" . }}
+  labels:
+    app: {{ template "galoy.api.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    app.kubernetes.io/managed-by: Helm
+
+    kube-monkey/enabled: enabled
+    kube-monkey/identifier: {{ template "galoy.api.fullname" . }}
+    kube-monkey/kill-mode: fixed
+    kube-monkey/kill-value: "1"
+    kube-monkey/mtbf: "8"
+
+spec:
+
+  replicas: {{ .Values.galoy.api.replicas }}
+
+  selector:
+    matchLabels:
+      app: {{ template "galoy.api.fullname" . }}
+
+  template:
+
+    metadata:
+      name: {{ template "galoy.api.fullname" . }}
+      labels:
+        app: {{ template "galoy.api.fullname" . }}
+        kube-monkey/enabled: enabled
+        kube-monkey/identifier: {{ template "galoy.api.fullname" . }}
+        allow-to-lnd: "true"
+        allow-to-bitcoind: "true"
+
+    spec:
+      serviceAccountName: {{ template "galoy.name" . }}
+
+      initContainers:
+      - name: wait-for-mongodb-migrate
+        image: "groundnuty/k8s-wait-for:v1.5.1"
+        args:
+        - job-wr
+        - {{ template "galoy.migration.jobname" . }}
+
+      containers:
+      - name: api
+        image: "{{ .Values.galoy.images.app.repository }}@{{ .Values.galoy.images.app.digest }}"
+        args: 
+        - "-r"
+        - "/app/lib/services/tracing.js"
+        - "lib/servers/graphql-main-server.js"
+
+        resources:
+          requests:
+            cpu: 100m
+          limits:
+            cpu: 1000m
+
+        ports:
+        - name: http
+          containerPort: {{ .Values.galoy.api.port }}
+          protocol: TCP
+
+        env:
+        - name: HELMREVISION
+          value: {{ .Release.Revision | quote}}
+        - name: NODE_ENV
+          value: "production"
+        - name: LOGLEVEL
+          value: {{ .Values.galoy.api.logLevel }}
+
+        - name: NETWORK
+          value: {{ .Values.galoy.network }}
+
+        - name: JAEGER_HOST
+          value: {{ .Values.tracing.jaegerHost | quote }}
+        - name: TRACING_SERVICE_NAME
+          value: {{ template "galoy.api.fullname" . }}
+
+{{/* Databases */}}
+{{ include "galoy.mongodb.env" . | indent 8 }}
+{{ include "galoy.redis.env" . | indent 8 }}
+
+{{/* Bitcoin/LND */}}
+{{ include "galoy.bitcoind.env" . | indent 8 }}
+{{ include "galoy.lnd1.env" . | indent 8 }}
+{{ include "galoy.lnd2.env" . | indent 8 }}
+
+{{/* API Specifics */}}
+{{ include "galoy.twilio.env" . | indent 8 }}
+
+        - name: GEETEST_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.galoy.api.geetestExistingSecret.name }}
+              key: {{ .Values.galoy.api.geetestExistingSecret.id_key }}
+        - name: GEETEST_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.galoy.api.geetestExistingSecret.name }}
+              key: {{ .Values.galoy.api.geetestExistingSecret.secret_key }}
+
+        - name: APOLLO_GRAPH_VARIANT
+          value: {{ .Values.galoy.api.apollo.graphVariant | quote }}
+        - name: APOLLO_SCHEMA_REPORTING
+          value: {{ .Values.galoy.api.apollo.schemaReporting | quote }}
+        - name: APOLLO_GRAPH_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.galoy.api.apollo.existingSecret.name }}
+              key: {{ .Values.galoy.api.apollo.existingSecret.id_key }}
+        - name: APOLLO_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.galoy.api.apollo.existingSecret.name }}
+              key: {{ .Values.galoy.api.apollo.existingSecret.key_key }}
+
+        - name: JWT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.galoy.api.jwtSecretExistingSecret.name }}
+              key: {{ .Values.galoy.api.jwtSecretExistingSecret.key }}
+
+        - name: PRICE_HISTORY_HOST
+          value: {{ .Values.price.host | quote }}
+        - name: PRICE_HISTORY_PORT
+          value: {{ .Values.price.port | quote }}
+
+        - name: PRICE_SERVER_HOST
+          value: {{ .Values.galoy.dealer.host | quote }}
+        - name: PRICE_SERVER_PORT
+          value: {{ .Values.galoy.dealer.port | quote }}
+
+        {{ if .Values.galoy.api.firebaseNotifications.enabled }}
+        - name: GOOGLE_APPLICATION_CREDENTIALS
+          value: "/tmp/firebase-notifications-service-account/service-account.json"
+        {{ end }}
+
+        {{ if .Values.galoy.api.probes.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: {{ .Values.galoy.api.port }}
+          initialDelaySeconds: {{ .Values.galoy.api.probes.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.galoy.api.probes.liveness.periodSeconds }}
+          failureThreshold: {{ .Values.galoy.api.probes.liveness.failureThreshold }}
+          timeoutSeconds: {{ .Values.galoy.api.probes.liveness.timeoutSeconds }}
+
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: {{ .Values.galoy.api.port }}
+          initialDelaySeconds: {{ .Values.galoy.api.probes.readiness.initialDelaySeconds }}
+          failureThreshold: {{ .Values.galoy.api.probes.readiness.failureThreshold }}
+          successThreshold: {{ .Values.galoy.api.probes.readiness.successThreshold }}
+          timeoutSeconds: {{ .Values.galoy.api.probes.readiness.timeoutSeconds }}
+        {{ end }}
+
+        volumeMounts:
+        {{ if .Values.galoy.api.firebaseNotifications.enabled }}
+        - name: firebase-notifications-service-account
+          mountPath: /tmp
+          readOnly: true
+        {{ end }}
+
+        - name: custom-yaml
+          mountPath: "/var/yaml/"
+      volumes:
+      {{ if .Values.galoy.api.firebaseNotifications.enabled }}
+      - name: firebase-notifications-service-account
+        secret:
+          secretName: {{ .Values.galoy.api.firebaseNotifications.existingSecret.name }}
+          items:
+          - key: {{ .Values.galoy.api.firebaseNotifications.existingSecret.key }}
+            path: service-account.json
+      {{ end }}
+
+      - name: custom-yaml
+        secret:
+          secretName: "galoy-config"
diff --git a/charts/galoy/templates/app-configmap.yaml b/charts/galoy/templates/app-configmap.yaml
diff --git a/charts/galoy/templates/cronjob.yaml b/charts/galoy/templates/cronjob.yaml
@@ -131,7 +131,7 @@ spec:
               secretName: galoyapp-firebase-serviceaccount
           - name: "custom-yaml"
             secret:
-              secretName: "galoy-config-map"
+              secretName: "galoy-config"
 
 ---
 {{- end }}