chore: charts

deploy/argocd-bootstrap/Chart.yaml

@@ -3,6 +3,6 @@ name: argocd-bootstrap
 version: 0.0.1
 dependencies:
   - name: argo-cd
-    version: 5.33.4
+    version: 5.52.1
     repository: https://argoproj.github.io/argo-helm
     condition: argo-cd.enabled

deploy/argocd-bootstrap/init-dev-mainnet.sh

@@ -18,14 +18,18 @@ if [ $? != 0 ]; then
   kubectl create ns cf-metadata-server > /dev/null 2>&1
 fi
 
+# Installing ArgoCD CRD
+kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.8.4"
+
 ## DockerHub secret
-kubectl create secret -n cf-metadata-server generic regcred \
-  --from-file=.dockerconfigjson=../../.keys/docker-cred.json \
-  --type=kubernetes.io/dockerconfigjson \
-  --save-config \
-  --dry-run=client \
-  -o yaml \
-  | kubectl apply -f -
+# Not Needed as long as we don't release docker images to docker hub.
+#kubectl create secret -n cf-metadata-server generic regcred \
+#  --from-file=.dockerconfigjson=../../.keys/docker-cred.json \
+#  --type=kubernetes.io/dockerconfigjson \
+#  --save-config \
+#  --dry-run=client \
+#  -o yaml \
+#  | kubectl apply -f -
 
 ## Git Hub deploy key
 kubectl create secret generic github-deploy-key \

deploy/cf-metadata-server/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deploy/cf-metadata-server/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: cf-metadata-server
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1

deploy/cf-metadata-server/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-metadata-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cf-metadata-server.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cf-metadata-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-metadata-server.labels" -}}
+helm.sh/chart: {{ include "cf-metadata-server.chart" . }}
+{{ include "cf-metadata-server.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-metadata-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cf-metadata-server.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cf-metadata-server.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cf-metadata-server.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

deploy/cf-metadata-server/templates/deployment.yaml

@@ -0,0 +1,125 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "cf-metadata-server.fullname" . }}
+  labels:
+    {{- include "cf-metadata-server.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "cf-metadata-server.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "cf-metadata-server.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+#            - name: SPRING_PROFILES_ACTIVE
+#              value: {{ .springProfiles }}
+            - name: CARDANO_NETWORK
+              value: {{ .Values.network | default "preprod" | upper}}
+            - name: CORS_ALLOWED_ORIGINS
+              value: {{ tpl $.Values.corsAllowedOrigins $ }}
+
+            ## Postgres
+            - name: DB_DRIVER
+              value: "org.postgresql.Driver"
+            - name: DB_DIALECT
+              value: "org.hibernate.dialect.PostgreSQLDialect"
+            - name: POSTGRES_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secrets
+                  key: POSTGRES_HOST
+            - name: POSTGRES_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secrets
+                  key: POSTGRES_PORT
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secrets
+                  key: POSTGRES_DB
+            - name: DB_SCHEMA
+              value: {{ .Values.dbSchema | default "public" }}
+            - name: DB_URL
+              value: jdbc:postgresql://$(POSTGRES_HOST):$(POSTGRES_PORT)/$(POSTGRES_DB)?currentSchema=$(DB_SCHEMA)
+            - name: DB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secrets
+                  key: POSTGRES_USER
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secrets
+                  key: POSTGRES_PASSWORD
+            - name: H2_CONSOLE_ENABLED
+              value: "false"
+
+            ## SNS Text
+            - name: AWS_SNS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: sns-secrets
+                  key: AWS_SNS_ACCESS_KEY_ID
+
+            - name: AWS_SNS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: sns-secrets
+                  key: AWS_SNS_SECRET_ACCESS_KEY
+
+            - name: AWS_SNS_REGION
+              valueFrom:
+                secretKeyRef:
+                  name: sns-secrets
+                  key: AWS_SNS_REGION
+
+            - name: LEDGER_FOLLOWER_APP_URL
+              value: {{ $.Values.ledgerFollowerAppUrl }}
+
+            - name: DISCORD_BOT_EVENT_ID_BINDING
+              value: {{ $.Values.discordBotEventIdBinding }}
+
+            - name: SALT
+              valueFrom:
+                secretKeyRef:
+                  name: user-verification-secrets
+                  key: SALT
+
+            - name: DISCORD_BOT_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: discord-secrets
+                  key: BACKEND_BASIC_AUTH_USER
+            - name: DISCORD_BOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: discord-secrets
+                  key: BACKEND_BASIC_AUTH_PASSWORD
+
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+#          livenessProbe:
+#            httpGet:
+#              path: /
+#              port: http
+#          readinessProbe:
+#            httpGet:
+#              path: /
+#              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}

deploy/cf-metadata-server/templates/ingress.yaml

@@ -0,0 +1,62 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "cf-metadata-server.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "cf-metadata-server.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  rules:
+    - host: "api.{{ .Values.domain }}"
+      http:
+        paths:
+{{ if .Values.ingress.disableActuatorEndpoint }}
+          - path: /actuator
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx-not-found
+                port:
+                  number: 80
+{{ end }}
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+    {{- range $domain := .Values.ingress.additionalDomains }}
+    - host: {{ $domain }}
+      http:
+        paths:
+{{ if $.Values.ingress.disableActuatorEndpoint }}
+          - path: /actuator
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx-not-found
+                port:
+                  number: 80
+{{ end }}
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+    {{- end }}
+  tls:
+    - hosts:
+        - "api.{{ .Values.domain }}"
+{{ with .Values.ingress.additionalDomains }}
+        {{- toYaml . | nindent 8 }}
+{{ end }}
+{{ end }}

deploy/cf-metadata-server/templates/service-monitor.yaml

@@ -0,0 +1,20 @@
+{{ if .Values.monitoring.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "cf-metadata-server.fullname" . }}
+  labels:
+    release: prometheus-stack
+    {{- include "cf-metadata-server.labels" . | nindent 4 }}
+spec:
+  endpoints:
+    - path: /actuator/prometheus
+      port: http
+  namespaceSelector:
+    matchNames:
+      - {{ $.Release.Namespace }}
+  selector:
+    matchLabels:
+      {{- include "cf-metadata-server.labels" . | nindent 6 }}
+{{ end }}

deploy/cf-metadata-server/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "cf-metadata-server.fullname" . }}
+  labels:
+    {{- include "cf-metadata-server.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "cf-metadata-server.selectorLabels" . | nindent 4 }}

deploy/cf-metadata-server/values.yaml

@@ -0,0 +1,37 @@
+replicaCount: 1
+
+image:
+  repository: pro.registry.gitlab.metadata.dev.cf-deployments.org/base-infrastructure/docker-registry/cf-metadata-server
+  tag: "0.0.1"
+  pullPolicy: Always
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+  type: ClusterIP
+  port: 9093
+
+ingress:
+  enabled: true
+  disableActuatorEndpoint: true
+  additionalDomains: []
+
+resources: {}
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+monitoring:
+  enabled: true
+
+discordBotEventIdBinding: ""
+ledgerFollowerAppUrl: http://cf-cardano-ballot-ledger-follower-api-voting-ledger-follower-ap:9090
+corsAllowedOrigins: https://{{ .Values.domain }}
+dbSchema: user_verification