From 15a02e636827eafc4789b97d0a3887dc4f9c9486 Mon Sep 17 00:00:00 2001 From: Kartikeya Hegde Date: Tue, 6 Aug 2024 20:28:30 +0530 Subject: [PATCH] feat: add keymanager to helm (#100) --- .../hyperswitch-keymanager/.helmignore | 23 ++++ .../hyperswitch-keymanager/Chart.yaml | 30 +++++ .../hyperswitch-keymanager-0.1.0.tgz | Bin 0 -> 15037 bytes .../hyperswitch-keymanager/index.yaml | 14 ++ .../templates/NOTES.txt | 1 + .../templates/_helpers.tpl | 127 ++++++++++++++++++ .../templates/_init.tpl | 22 +++ .../templates/configmap.yaml | 32 +++++ .../templates/deployment.yaml | 107 +++++++++++++++ .../hyperswitch-keymanager/templates/hpa.yaml | 32 +++++ .../templates/migration.yaml | 51 +++++++ .../templates/secrets.yaml | 12 ++ .../templates/service.yaml | 21 +++ .../templates/serviceaccount.yaml | 7 + .../hyperswitch-keymanager/values.yaml | 60 +++++++++ 15 files changed, 539 insertions(+) create mode 100644 charts/incubator/hyperswitch-keymanager/.helmignore create mode 100644 charts/incubator/hyperswitch-keymanager/Chart.yaml create mode 100644 charts/incubator/hyperswitch-keymanager/hyperswitch-keymanager-0.1.0.tgz create mode 100644 charts/incubator/hyperswitch-keymanager/index.yaml create mode 100644 charts/incubator/hyperswitch-keymanager/templates/NOTES.txt create mode 100644 charts/incubator/hyperswitch-keymanager/templates/_helpers.tpl create mode 100644 charts/incubator/hyperswitch-keymanager/templates/_init.tpl create mode 100644 charts/incubator/hyperswitch-keymanager/templates/configmap.yaml create mode 100644 charts/incubator/hyperswitch-keymanager/templates/deployment.yaml create mode 100644 charts/incubator/hyperswitch-keymanager/templates/hpa.yaml create mode 100644 charts/incubator/hyperswitch-keymanager/templates/migration.yaml create mode 100644 charts/incubator/hyperswitch-keymanager/templates/secrets.yaml create mode 100644 charts/incubator/hyperswitch-keymanager/templates/service.yaml create mode 100644 charts/incubator/hyperswitch-keymanager/templates/serviceaccount.yaml create mode 100644 charts/incubator/hyperswitch-keymanager/values.yaml diff --git a/charts/incubator/hyperswitch-keymanager/.helmignore b/charts/incubator/hyperswitch-keymanager/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/incubator/hyperswitch-keymanager/Chart.yaml b/charts/incubator/hyperswitch-keymanager/Chart.yaml new file mode 100644 index 0000000..63604f0 --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: hyperswitch-keymanager +description: A Helm chart for deploying Hyperswitch Keymanager + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" + +dependency: + - name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 13.2.27 + condition: postgresql.enabled diff --git a/charts/incubator/hyperswitch-keymanager/hyperswitch-keymanager-0.1.0.tgz b/charts/incubator/hyperswitch-keymanager/hyperswitch-keymanager-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b1a47389009fc4e004793f4f8cc1a251e44f7a83 GIT binary patch literal 15037 zcmV;uIzq)CiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKAUJe1w{c%^kxAqg#>#x67Vr71<0$Zm*8dS>P^^JHe8F$=~X zij=fT3rZX9Wl4pU_Oww-N-C8~MYbZ$|1%4Qw7lQ<_j}*p@AvP%pHJ^IcRBZ*bMHOp zo^#K=C|m}_WCg=)A_WrwacLkOBtuLcOA5$jW4R!WI_&Q!U0q#WV?#s1|8;eB2mfDJ z-@s&;o}sakp`M536U4)kTpY7Lf@v*n&I@z!sv?03v^S0R9LQAVCZ&!iDK%z_x!T0rq_} z2}K8K5Dpl6nxWWS2807Z27?L{L4FUYpx)kfv3git)W6N1|MTew>puvjav;`!kpTF` z`qwu!(I2$_jrH_(|E&LiA}Iq_kUz+wvH{_c3l{azlLCuU2HYty3xHVw2rRX5binu{ zOd7~$LnOc-rb7G*RuGX2G9e%cWWpeU3b6n-0uUg80kT*S34rNr1mGeZCcuVh3@XTm zSXdN_2?+#%CBmVzaey8QMW!MIkcvYA089hP5Dr+$VKG2131P!@9dYa+I+4j0$R-R6 zVg|uP2p7bc90n)=0O@puEs!cK91s?PLV+AM!XkoHm`>({hUk0*NjShCq_Q9siVpx{ z{>@HV5RnP7S$rq}5CC!gU=j{sfiwmc@)Q0Pl)xa(kBLwrT;G= zJAVbOkGsF9*w5D=Rvb8+_$7TaiUyOJf_Vq5L}+@z~s;c zjr!`c0E9jOOyBgw0c<9R|C308hygB(V3r3%$VAc7?PWbq&lm$z8896(!0OEr)S!VO z7Hq!sVdDS;T@=vY-v9_i3KM3r5e6lg!(_2_NHD~Ls2Cy@#tEbr`~S$+r1SUo zYzoAJ03t%8fpiiJ_kU#W|4F~G{{1Krm0tzRX8fn7z|Ysep00t>p!Kh>t8ZlVXZ`;Z zDJ)D!3uPU`0O=%w5a4eb0K{MLEwJ*jC@r0c2vk@Y1|UKHFdYKWKQIsYP0;|Rzp}ur zzzSVSPJFmn;r0M4zGVc$`MR7=1dI&?pD+#2@%M*A05k>-h+si<68{q=K-Q88fouo> z`+D%_P^nxXkONX-e;6Y1<(PmBEXorS!WPtL^LyZv!~zHq5#+ESfQ8T?z@9^Zm~@B@ zv4q6?!w{9k0{BJ@6{f*_6LEs7)W95YB*X2t_76T$`Vo`Sf0287@{H=}v z2oa&PL72`Gc}fI%FdGPlsZ_o-#NpdQAm5DQBQL`Cclpe3GLYA>e;;dm3;WnBs`A6~ z-(f$M)dxpKKnl+6_s6#%$3CVAfneQ)922(f#dARBUqp_MFj~E_4fx^(5Qce2U8}_bm6ziZ3lz{d}|sc zLI8R;8bJG@|M~($Xf%W_M40v42n(wVF{VIN8kR-T5fFg`!omQUPNZ^3za$qcMCg~* zSr8Q>vJs|(s8g)iEEDm=qR*4bF9R72Y(U>a$HItCpQAA>Y=|b|Kp+QULxcG9Jrp5A zBn*Ko1k^j@@It@9ko?7qkpHV39!xZ5NQ{J5-*50xC_=D9(*@J{)-e$pNR{|P9cn!c zRv;qp2mlg^2#3z*%TW#s`U?aLnp+54JN-!H4XlPG3UL{vhBSV~j((|%)%+1?x;Xt} za;LWwwCDr;RNH7bF?n4C-qhByYu)hF{zeoRn zKlyAXXGrRW!U90(R4#zfi4edLu;T{=e?O&!b4mooMTi34)j{BD0_^BQ+yI0LSc~xd ze$EY^YW$}C3sHp)vDkhj0)J1?x5j=sO|e3>2d(5EGk%Z`6az~l3|91iSp$mA7R-?S zp?^9@gft1*B5L0|02r~s!2E197zpz}9Swfd|H9GeC3+d!$k0H48G67L;iokGjTzPJ zt^9Xq6?&)^LLatx4#;6s`Y;wB@V_~Kh64Fl=Fs2Z|G&Zezr+1LxAGwFi*?+`=-zHI zzwGxXV>48T|IpaEnBzhC?R^$d;l z2K)bwjP(Eb|Ne=@7g*MG7JpyeyR7<8?O+zbVF-4yy$1om6j%J&Vkz|V2+Vqj7=UF$ zAc-rKUl`HZs-OVV+hhNcJKx$AEqCD|Ay({!4=bo76i}kG2pr%8pmhi^U57`v(#af<44JVgC;$MNWWjMQ1`r-+I$C)7S-87fJG!{z&Gd8yd3XnFYZpJf zwWYI@6+d&XAQu!K6`F~D22)@v1k3^$WIvcCpbNlw46wF;ytm;?U;snIYEl%LiV z?!tvN89%Kl+#&L7&IL$_NXWwefDfP|q7J~2AwWf(DS+=>z9mBMGczC}1p&}vDvbn_ z0HN_hL}(BogB77hKA^Kww|VDZ>g|1PY`DFC!IgS z6j!FgfD%E6SS%LkJIw8+rmuGv6@nOm%7B3tmXQ!TB>ei0E|?_(jh;I|cl_H6^}i|o zQvM4yEDdD*=fPmVlK=X~27}LkjQ+%b{xfMn{HGp@FZuDh>!2 ztQH?(jFc~`HxLCd1B`Tag#uKt$u$Gex>&(~Xq2!C4PrB4BFj&_>33Dd;2G=bn~It; z5QOR{oPfPuB2>T(&=-|c5m7!BA^Qnq(fCkTvJg7DFP{npLHtH&5=7vTd$H=(al-a| zAq|-ErKr&D`&Z00(Z02B3;Nf<^feQK5pm|PfDkn4#X>YDh6egVK}Qha_}2jT>Hj{U z2-S}Thw|YV31etrx*trULc*~?1;BhwY$<5%2r^JKhz<76B%!_+(@DZkFhlv3g|%4> za45&KARG9=qf8_r^lEmdd$Y8K^g7ieo z*{W~g2droQo+ub*Qvi*=6JU`<5jg|IVoV1dgFsC2BGHM0ctC2O0oTjROSMMDI}@P84y-CQ^i_c74IG42C%BqTB&zlHXIpVlzQD zL>2|9G7%~jrjtDwB#;gD!li*Bcn*_qN$K_Hc+kNh5T*(PCxyCNc=5tb90UsJi^&$D zEjH=`WjcU@AJOnjDgdCD+X5i|{(M7^+YgqGkRXfia)n{HFcTtKahNcjj3-hc5{Hky z9hr{wWm|_pL{5J!r#Q^sV^?>GNn;Hx#t4VVI)uR={Qk)(UPBOP&4+{G^KMWv03ZyA z3GzoAu%mxhC=9J13{wQPclOfBqHPMXHzw&`F z#jjUj`bDCP;POMC$tezp!e%oDkchAmB0|Lh?v^fn`QKgU0EWEK0rXz#Fx1th4alWI zG=#|&6ga|tB`k=@VZv;#B|>LIA?$&yhJ#=#L>_qWgP+(ClLpfTn;%Dr#o`Yp$fn=` z9TF6zBUXr^BIKVn5{nK6iMy?{@Tm+xf47f&O>rzs9H!bal&G{y)$L^%nfLTm`b5Ez1J93aSKafn0+B0;3S-NHb(xVZOvkR|C%w*g@) zhuNzS1_VQiS-S)FFn=L}N_;O-Tp(H)0EP>YVfLU3 zWS9*QsR$hcFc^{dgun#pL<)fE{h)y`UEoP$;dFG!Fq^_5V2KD#NB9)ZFJ8gHe%~dL z1pK_sp!&jRHpHF_!C-o$5ilGkwf|iY9UT=HXT19&H*36~2j1EZ*ZtBaHFy8U!J@k&$U+<+qDjxgYji-NGrT(u!LX|5^GC`7hkt{rAa#T_a=tKkxtiOKFh&@0B~ky}7vH`ObhJ zaBe@uQT|_vyMsknBi)&NTb4NJ?3Q1FVFS`&Dh!FP@z}Wp8TMy$dmG>dRt=sF5(7|T zVFVbl5CP#qukaB?Lqh}MukT_7gq~Dkw1FtFU|>w&_bgxu&E7t<8*mc7EGZPPB2w&J z{)b7}-(CNrCp`WmG4QMPZ=gHq{-3^{vHqX;|NfEmv-K~EP8c8tzVpvP0W2&?149uy z7|as*3YZ8L!hlTr&-OgMuipM3l2;V}@aHzbe|!4D`o~frDh(ER1^<2@ztsN*MuXq~ z);0d4|NoJs47h-7zVa13)GZuwAeaKt0Rji6l3+R+V1UE`kPNZ<-v4HC7y{J_uqY6f zDtP8u==_E0WNm;6Q9(8w1OW_?O%cln=_HggK!?ae$DRg*3Hiez5J`BOV3sBpa27st zBWTG-31C1>fC|$gEDCFd_rtRhCWKN3MDLR=vBU!;n8`w6$uL_-@UIYk6qXRm)DisK zn?WJ#@c-%k$qJ(D^aCP*!~hOM@PauDrG;e$Gf-Ms0vLeO!m?@nZ-fbxQCg9L=Z%># z!eIe+R@N*Omcc|;LPRzS3zHyFM_8SStVCghSVV*b>HKeyO+Q%wLuX?If0O~sCWro| zK7PLb_4W1j4ZqX>f6o8@nWVICtgPUJr#WmkXzQj+v~@Ig;Lb537%b5x;f-K#{2XKF zB}_i2RXvQrl)l&v^t zT61jwrL4Ju!OV;DG8bBVfL1xnv6<>C7GJoW8RxQa97Za1!a-BRCoAspYSLBgnW{w_ zi+J3Q`K*GubLScq&Mh>U8&;8}IP11bo%Z2Wl~Q+!g=m~@*vJOyohb*=qxV)9s_$@6 zYx&&#l9zgebca_an{mGK)$;kv&o6(rJR>8clEg&(cI;K$*gdBDxb6;lxy&Oso}I;z z-}Kna5H5eS+<8&cZQN#A^kqt3@y!EFr9%#J7NZXYDwoxdiecEw54$;G(w+m9XbWYF z126YajGLOQa_^e)W-Ap!^kSDz-N~m8*<_DQD7SsCQJN1d&N+?Ua`S+GxgREj_vO&~ zj@@xmYS+8sWz9#m_`P`juFjAb@oIU7M++}P#ZziTe!|)ntM0w-+K-KJv9&%9EKfEV zMjkd|^k^IF#d)$cb1yl9`MSv)CC0AOSanZIWtQOv%Gm3}wvA96yMF8?bIIo__N&}) zT1m($t{+*t&_+w9e52>Ei(A){Qp~Y3@5U~Um0B!4?9A|T3srfLu-;b7=9K9>(0PW6 zD=y`cqs-_EJ5y9j+RKgWhMC)LCU6gwYFK!mvyI#Cm1rS7LY*_+-dIG6;uQ6j#|0nC{(3;ReAore&)ZdO z@0*TJiQaS1%GO>tX>9b%j1d>4$E8Y5K2k7WVg&)fXph-$bGx`|@tN{X4&~crT0Kv$ z)jGQ=$@#$%L(;wL7PF+6>viwFQ5CXOY1)~Taf{rv9V@bDl4srANy#25xo)HULKl^5 zt2bSpFg9IFN<|7S=hGRN>0pRbn0?A{IvgWeCObJ<(Qz@5dP5Q|?EucP3Bjgwv9oZ) zToNC=#LZSSyK-{zbJV$(mZZkXOD18Iv*Jfxw=JI{F=bsYnri%R$uKYNNBYBOESl^| znC3cq*`k)ZiR0za+k& zwNw7dcygx#X0rYE-Al@6zn(7>r~6W+b?eP;?pTS07CP6P4ersWP3*j4J;G7T#Mh3F+#+&h*!I4v3<*1ZIq)PTIK5O;dIO48W`R!pAI)y za&jx%)qCg26)x+xNF|i%PC9d#0BDYWa~pN&`QpSkO^a6_i+vC|cbpBYVcyyiO3ppf zCfN?&n2ZsZW%N!yk5Rd5mKZ{ag%eIn0jK5i)M9K$DLal`6%d#Z7`mQpskJzI1bt@4 zYwzb?gy_+G6V|SZ&XkmD)q?@Yg>w2MTD+&r$V-?iuemV6l>GFh?20*;vbLzDOm(o$ zON@POs7#E@E_9d89A&5i6ij%zX^-p;wCN46d8*+v@5GSO0Mmf$mme=2OSTET?2~=$ zXxdq=4LMiyjmy2q(_ZFBZ(X`v;q&D66OyOhP1N7h-0kDA&rxH944ek&Wgbs)ioaE$ za>uq#<;bX)?d$iODF>CR8hUq>FX`NONj|S(8NJ6V+;iEr<{4B4%m~?46u`B^>CNmZ zUrrj3+ZRsFz|iOFDl#4##w-Lrp+^()zkXDghjd-`o9p7?m{E*X1Tz&$H=D+b2ALya zc$m6tX`ILP?TimM%(L%#hrw<(IPhYeC9MgZrD^G-b3)7hiXAnN?BIQEGRG zX_Kk!**-Zxuj6@9wAWMRVHU18t#Z<48tFA*#{*0qjq&E2thDyn%8pRh*`P0vowGkq54tEbd*hz>({2=Invc}H zH(En6&ik$QoHuFlik|r)=yRtwf|c9XJegee#%uK@cdd;d4Y!oZ72Q{)#LL|`)oDeF zM^q=t*&X`0wrqy-2c*uLD*|!^yMJ*0Enb*^Cq!<%b;(m%ZNj;+=CrbGbC5EqK8R&UsHO$IGXW5VT!5w40$Cb#VONHpf;9$o##QK zP>y;}QJg+`Mky3j$C7>_uXmw&=h189##RsC=aghH&(FN#?!{_s7;*_-0bIPf`gHt* z)bW}hN=Mle&u%Q8xGDC-Xx*E8Nr4!7$*0;+hp(MD!Xzv+Ib5moLaCS zG#x#%Zqxxusj)d1?4D7jgJ&O4jmb5qM?8A@Q2ofV8XPBQUeKn(LLd9p4`rm%UXM=S zw)f*y{H#53h>KRrh$j{&Ql|MdNDj}GJ~M}X)MbsUifqQ>rqu>=4_?wI23+$qbLH)K z&+M7H#7lzERd;d4ly_09v$9$`k_%2CDLqk2H)i$Vu`k^hC_P+=-#!isOx&8Yb(Kp@ zc^6edd!*fjDNAGB&4)E@yD@UqO@t{C?WOjbx7K>$6bTYM9eU92VIN)nqGi+UE^Ut_ zS?lc8!zr}QX!Bt%UN^_x-0bXv%a>Yr6`XO=Wq;K+=L;&=J!FV3#EPYda*hWsjBv7x z9rmpdwii#L0%(tHAAJE~n1TuIT|gc*9J=ja9PW0PzbwYlMb=EFA&X~_jEtB>5%xhGA+z@q{LYlYv)i!u0p&=xm zd*|cY&4EiM;T}6hV|HGBDS2|;0*>kERe2GcURzz9?^XH6lz3=W!m43zx{4c3*IH~I zwfw@xlLhaj#w4{|^O!)4%Z47;xvNYbA-(>BU3QFyHDSHX*QS6pRi_=UBj)h7#j#?> zUsKq&7q1*BaYt)7;^>w9e(N@hm0acctf12uy!Mr6uCXL&i1H~US zf8aj79!|a=`ay9LEK%pBEqzYI@XB>gGF_i#X$*1R{K$5pa4+;)Q%EN9%EvyYZXWXl>KS<&4HB zR^}Kjt)Z$unAOO-4-^I8K4lfN?Yh3&%aOxXn8@-~i8nWsK69iJPnU$w(p<9kRM(ZU zyKcbAi|*#wjFHpawor57xRM7*Jv!0p_4vIEpK%hd zlaq1}U6j31D*Mp&L5Pf#d3s&C6!z3cFZf`JhH9GD}N!<%lQ|d9U5e+PjWUL2tCRaXXfzUwVE-MR}>UDwsU`6tr$}BV*$>`s`E5UjwDmKBBf8xaZ|2 zd;~t?il!#*(Uq$(UH#bjV9&#~K|rFH#BEn__X0@gn4vq>K^&a%64F&TpZqT zexlF*wO*+4dFJNlWG8{DX#B^8dZQpB!fhVu86ACc^{BaAsiWJ}oqgvmYybkDyhwR7 z?nSeGh-KoGTBR3PqPGMZo5a*$?=Ei+(%rV$cJY;zL{K|rO}uZK;+FYDuKF z)AM~_52(piXs9eLoRM|;y}`*3dlDbH^?1C?Q`=*M|D3TJxe%!!V4LN$Z{nrM~k>x2-dI}svLf~vubNkJ+j^EEEs7l!vT{*CoxG`FLt321z z<><(8HR3|ov3d!QgT`;52ZlA~Z&6jSTr?RneQg_Q|TK?bPUb z6CWS%LtU?R-g8;@;u_~Eidou`NfX=;$q-&HoR7VON_M?6ySRAXl$rEd7Uip4GoJ#C zmEH*>#~+lmandxs=X=w{=>zt;>C8J-$%gUm={s{nPHRnl>8Ta8YD>YQh7}vOS{kZ9 zEV%YbzR@dk{KJgUZ%Y#Qy*!{wpVwV!|31p&FoQ>)Qxh^($;J9}l>X{lTwYdF+o5V+ zak9Hjm!GN=-G1)AoQd14wjaK#r>jT_F9O!068FfA$$I@l_WZ6Tqn)x0ZZ$V~mF!wF zU#;xaGH!zQZt9Wkd*^3L%tmWSAH+SE4yw|cxwlKVu-RE@_T(>tnzxu&Robf zE7xb@1^G4dj1lqM0_I7dvRi)T@u7z(t!IZ_PmSHFkuzR-W7X=hW5*Pij*%-anzy<@ z=G2H7b&mw&lOyF!uePSh4p-h@Y@9pIYP?^%?1Lk#Qxd95cC0z}p{pRgv~JR&Rf%s( zvK&55=asGUyv_Tv@#Zexwznh47`c=#7&BQxlVEP+sAxv)pEOS5PS~j0;w03gDCb6*THZF#W4uPyvoT(AujTxDENd1f z$CAucR$YyoEbsI_TH0c=^b8WUmgnza6A6!6KT~ETZye=f$GR=&jz_N;gi2ilwbh`^cUkGIlD? z+N`FhvDzY;H@e3CYL||gPbp6$c57u)=n-SB?Y#5zRnPM@zZ~l9;eE5CWmR@>jM6Ri zY>0`wcH>@?#_sFxQAiRwO5tGh)iH;p8t7FUI2M5yq zvbNtn=6mL4ZC%*<$Im#J$a7^k!%sC{Dr?K#>(4%8*t6$gRENG`-s97b7qe~~WSz67IXfSIjDI>tW5dI@ zQnH3M#W%(*diW;uN&Rvk`vPa*_Yct;exF-+d|k1x=}O{~q*&HA!v%Qahhm&(^RD!& z)cL0OZ-t*oC<#5I7+BF2da)-Z;1;L7(f3}{>#EahaGu8mzkv^tqtrXRev)!U_$3{>%#WpO`$C^N1}Aq zU%o1>yx;cuaj^2~%Jas6{((k>gyTVjTeFxrG zv<~)~W>|Kt<=8qSY(F|$;(yy zI7ZPBH+e0mt>c=ZNveWRgKYbexwc1;r-~Dq<2$%H+6`MI?C4indl=?-4uy@$xV?Q# zRoDyrR9_Ie7(cd9QB5_alSPtSMIrVuej~} zhGo{X^k$qd%T6yp{OM>GE3zXnsB9*OZus8Eo^#~>=a`_wmWAHauX{zXZ{L0&nQTNa z%aRM{GAQ-aZdA1rQ>XeiryWlSi6lk`+LV4uZjUb-ow?ibX+_bStaa_1ebi1|Mf+rQ zGkRny)g=znpL9@ohmb9Pk}}Tk;9FX64PQ7uQ9iYq8^0u27t>i&`G8C2MBFuz@T|0y zi`=&~Hn{ozftmQD?+U{^*?~2ji<*x3>ZeN_=j^@ywe8ux81XKi1a0UzfDp{l3@T+!^)L4IkJvJ2{wkFP;3z#$hsK{^|BX>A=Zh zhVc5Lv0u-8$vw{5?5#AdHoN_!8i&#xueY;i#-xHfwUx?-w;JTn2R*(#GyNelYto|y z>5=o!FIsqCwPt0vTFPjLcS)M(l{OLS6;AnYsTa1+d4VlBJ<-hM?UoaT_MyS};_EkO zbY5&~n#<9_emFAcVDOVUZDp5~Cd{Am_~p^3^`&cKu6x|wHUm-WxSLY)K5NXy;RW?Y z%~i)uy$k)*eH`k&&tn6xCe*iir}>5#-tBx*&|UK3+?m%~u6+u~zu9_gwbHF|A3|yL zXPHgXsZ)|mAL`%}C(fWm`54ib`Zd=z?akAfS%kay)_a{t;H-+*sgaG7=VWrs?-eB+ zbv}Kr?F+1b>40NtJ#psK35fpNkXmkakMA3~w(E0F&aLZAY3o={L-J@HDYGz8r!z~x zZduKww%QXj@=n*^+`rE!cN*qfczMU`tOVDym$o4__m|G=9(O*79?vB{22Ww8Jxn(X z>%Q`NMOkyg+w(MX64$_GivP2RK5`FopsS^Kivw1s8i$-L;C#wv9KLgF+W4v8oUSY6 z90&lY#$?xqIVIfgwBYQZ$ckBPSo^G2%|53kM`jo;=Xsm>FMQVexGaOD?Rl)W=Io_0 zH^#T0J<6J~B)Br~R+pthiBn42q6U0@GkM86vn2d20`_e zhu*AtpPYkN+oeQ)=&X}{UYn5%^4bb>XHKeBp0*|MOJ@x5`0Ny}g#Ph+B@bMenDD;2 z#rtQ)T+e;9e7Piw7fGu@CZ(gaH@E0Jg?kNKM@t#{Djp= z&QCP1Y)!fqsbW_$M?WIGKB;! zJkiU2oVXSrZ1Pw-d8K!|Pq36yj7$0+R5XrUq3WG3aToP`EmyCDM2L zrV72Hx9{VubC!D+DSA$uso+;YoSk~&h_&6c%A{L!eHm)apPpOPhNnJxhcj*re3fiZ z%&#{-oYmon%vaaFj3n4M)a_oMZH+aeIVhw*(SHHgq>c|d`t?P8ZcS=qgm2T6W9by~ z4dqLv>CX;^bttVrcKS>Eqq%FI&S_?rZjsyNIq~bYH4{B!-9Nh7Ycm7T471&;B~TiK`&S~sdqTKQ!e#|uCERm(oJcpc=7OeH0Y>rdY^AARkEW7@0D5zwveSX$@NW|o0rk&ijM_I}3Ff>7IA zH@nu5Z*Td8m~=)(!mNk;_QiYC5~|rNt;=KYZ<@BvcUp1H34B%NrKPh^+BeAgMFoD1 zbZPD=je0oKHzKjH{uZX=P2QFhk=;R!XEfNh=4lEeGe zNEW*kJlfJde&6_AF9NV_&lDJl!?ooV4F}s^JXzTa&w~i57g(-3&T6a5ibn+J>7Ji> z14`}QZhHJA!{cdr=kUUbkwITfUhgn7d!~Kj>r*fX2dSmD&Zq=S*MD5t}NAIil&(5bOPiM3?yS9n!2bK9u; z;kB<8jh_^r;#v4+^od39o!x26?jo6lshAJU^$HySrCD!uz6IYue*dhZ_m~YG+Mlvp z9q6$=S?ca(*Y!9b4G0r{MEjP?jL+hQE? zXl2ErBQ0x^(o9iGconsdls7#oY|%uK7FEADIM%9V`y*O0K!%R5pj)x$^6lw>nSmo;h*DH!}D} zx$<5_C;fWTJ1)87z~vh2Mf2YUX^m{GC6aD`BStQ5t31>e=DUMi_2A=p8TF5FglBVz zkKfeVue-5dXs6z}E^j|}EdLhKQ?`40m)4VwaQoXLO`m1oO6RqVnebq#`qje$=U0Bc z`n2xli?q*&-+G6^*)}~m^vkJR!ZCt;Vnq>F5C4vgpDb}1A^AXwn zxo%NG!J2DprzPu8-Ei)aOLutqt{A1$cbm1mKj#-cuAFMEwCk$u{7dx<=2erJ>y2Nv z#leojh+oZng{4yM+=WfYJxd&teNt*L4IQ_SoVs>tZU(iaDm=5q^ToL{2ls9w%Z;26 zu*sPhNqSt-$%~O#^DOk#-H6n1t7UI=lCP@fRp-y1zta5Lq+Mj4mM!Yt8@cUQcOAu7 z$L%>$9wagGZb=&>F!b53XJx^6PegH`;5P5t9hwGyAHvVRD|_u4>-o`po_SKvhqTao zhmu;O*RLk-HV)_nzKjc#F`jwuq}jLjcD={3O1sUNB|Ox-(zm(qa350BS>B&^uX+!S z+c)=;Q%S-nLz=(o{8x+ggL$|uUv}iq)zM)r=&3aONW9%L>B+>iMUab3KIgh;_x-33 z1<(&xdFBBoRzv^N9eb@Me8P%-FY9eygTS+!r|)X_P0fj z#1ke?RS}U7W9WrjQ?EI8Ql6YzflA|Pcf{*NTDI4_P7R;9!;)NL8g(yii@^sE*Sq6u z-shhMBM(Fgl*>0J?!}CfuB}UeCy(l|v^z5i%{q9?xD;;0frB78)Z1~`l z6I`!Vo^-p!>G90=obx(CVRA3>*KAr$R@d=1GO24h@(z^XwJl5Mc1l;?hcpx0Zr#kN zZ7xmqPrmr=R_&_*Z?+Q6sii8ry2`%m?W>Qor==#<6r{^@@_E&9Uuol%unY9S`r`F3 z;-|Jw=xKj^P6zqm-Pv*QjeOSkBYI`j?8x%{Gj`87 z6jd2~50hHQx*Kw1$DrEhW;=})9CFElDWddI2b_3eh+kD8lD+)g%7 ziZofepsuwcCQ3))EDJ8QQ@%9XMlMpmUY~vXo2PU0mn%_0r}k9t2*q40G_jcM{Y5kU zjnanIT_2)0C2-$HMKo+sR5}*%ps2mM5<6q}+Ixk&cbqs}-LC8JQKonKL-5j?ci^Rc zqsndv&z$G`;1+~5T>3^pJuc6G-I6@dcUo=Js?PWig}Jv{Ru)xnLiN)S4&EhX_bM__EcHe$BDdfPx_pOxa(w$fGeXfnE#V-5u zVm_O5A<^2&rIg94M)4|-X!X<=t7Nq(+2-WE-k9IIY1Z^CT=&YOugxEHq!K%Zxy-*c z4L{=4!h=nluZOFmtc#vHzk7Gc{i|(vclhg!NMF*k#m;4mE0%DHHMcyxDJwKXhYs&reKQTfAM=2}eJl7!3@@4YJnZ(h7{I6lteYq8{233b;k zqrpQtPftz>C3mbzkF@g~V`rQCWXk;c`pyBKU6q$|v^)+Rc27B6u{*6tXV@?v4|r9r zJuLd)j)?mIEBzq;52ll#kiYxxS8w|D{ZErY@xMkU`hV_!{v&Bn{69ozGewtdhMpP1 z>ofye>GxiU>C4i?>KS8&Zwm^a`5@r{w7#ysAx75(qp$C-XNog0!08)f=a`!48JN!2 zHNqK){s;sKViB1zL-@>*1z-zNX`(-%?2j-3;bZhLoebED-Ojfk_<|@2CPOSX4lo6c z^^N_F4M6`nh6GcRDaoJYZ)j@dud5G1B%;3&$w1dg*T~r4m_(dopa&Wo7#JInAd;z( z?i_z`j-kHTLtjJlLU>b1aJ>g)2wvXmdqaZ5?7b_6>3dE=_=W;j^r`}k3<$ENKvbIW z?WZ{Yih)pY$jF TH>dv>00960L2sPR0G0p%K_mMK literal 0 HcmV?d00001 diff --git a/charts/incubator/hyperswitch-keymanager/index.yaml b/charts/incubator/hyperswitch-keymanager/index.yaml new file mode 100644 index 0000000..267bc7b --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/index.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +entries: + hyperswitch-keymanager: + - apiVersion: v2 + appVersion: 1.16.0 + created: "2024-07-22T18:33:26.987138+05:30" + description: A Helm chart for deploying Hyperswitch Keymanager + digest: 8a626f63af94b8d8dfdf485f02eedcf5d305056f6dc931a63363ded8509fa942 + name: hyperswitch-keymanager + type: application + urls: + - https://juspay.github.io/hyperswitch-helm/charts/incubator/hyperswitch-keymanager/hyperswitch-keymanager-0.1.0.tgz + version: 0.1.0 +generated: "2024-07-22T18:33:26.986603+05:30" diff --git a/charts/incubator/hyperswitch-keymanager/templates/NOTES.txt b/charts/incubator/hyperswitch-keymanager/templates/NOTES.txt new file mode 100644 index 0000000..7d790da --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/templates/NOTES.txt @@ -0,0 +1 @@ +1. Get the application URL by running these commands: diff --git a/charts/incubator/hyperswitch-keymanager/templates/_helpers.tpl b/charts/incubator/hyperswitch-keymanager/templates/_helpers.tpl new file mode 100644 index 0000000..c260366 --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/templates/_helpers.tpl @@ -0,0 +1,127 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "hyperswitch-keymanager.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "hyperswitch-keymanager.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "hyperswitch-keymanager.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "hyperswitch-keymanager.labels" -}} +helm.sh/chart: {{ include "hyperswitch-keymanager.chart" . }} +{{ include "hyperswitch-keymanager.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "hyperswitch-keymanager.selectorLabels" -}} +app.kubernetes.io/name: {{ include "hyperswitch-keymanager.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "hyperswitch-keymanager.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "hyperswitch-keymanager.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* validation */}} +{{- define "validate.keymanager-psql.config" -}} + {{- if not (or .Values.postgresql.enabled .Values.external.postgresql.enabled) }} + {{- fail + "Both postgresql.enabled and external.postgresql.enabled cannot be 'false' at the same time. Please, onfigure at least one Redis." + }} + {{- else if and .Values.postgresql.enabled .Values.external.postgresql.enabled }} + {{- fail + "Both postgresql.enabled and external.postgresql.enabled cannot be 'true' at the same time. Select only once please" + }} + {{- end }} +{{- end }} + + +{{/* Select PostgreSQL host Internal or External */}} +{{- define "keymanager-psql.host" -}} +{{- $test_db := include "validate.keymanager-psql.config" . }} + {{- if .Values.postgresql.enabled }} + {{- printf "%s-keymanager-db" .Release.Name | replace "+" "_" | trunc 63 | trimSuffix "-" }} + {{- else -}} + {{- printf "%s" .Values.external.postgresql.config.host -}} + {{- end -}} +{{- end -}} + + +{{/* Select PostgreSQL port Internal or External */}} +{{- define "keymanager-psql.port" -}} +{{- $test_db := include "validate.keymanager-psql.config" . }} + {{- printf "\"5432\"" }} +{{- end -}} + + +{{/* Select PostgreSQL host Internal or External */}} +{{- define "keymanager-psql.username" -}} +{{- $test_db := include "validate.keymanager-psql.config" . }} + {{- if .Values.postgresql.enabled }} + {{- printf "%s" .Values.postgresql.global.postgresql.auth.username -}} + {{- else -}} + {{- printf "%s" .Values.external.postgresql.config.username -}} + {{- end -}} +{{- end -}} + + +{{/* Select PostgreSQL host Internal or External */}} +{{- define "keymanager-psql.name" -}} +{{- $test_db := include "validate.keymanager-psql.config" . }} + {{- if .Values.postgresql.enabled }} + {{- printf "%s" .Values.postgresql.global.postgresql.auth.database -}} + {{- else if .Values.external.enabled -}} + {{- printf "%s" .Values.external.postgresql.config.database -}} + {{- end -}} +{{- end -}} + + +{{/* Select PostgreSQL host Internal or External */}} +{{- define "keymanager-psql.password" -}} +{{- $test_db := include "validate.keymanager-psql.config" . }} + {{- if .Values.postgresql.enabled }} + {{- printf "%s" .Values.postgresql.global.postgresql.auth.password -}} + {{- else if .Values.external.enabled -}} + {{- printf "%s" .Values.external.postgresql.config.password -}} + {{- end -}} +{{- end -}} + diff --git a/charts/incubator/hyperswitch-keymanager/templates/_init.tpl b/charts/incubator/hyperswitch-keymanager/templates/_init.tpl new file mode 100644 index 0000000..b73d4b8 --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/templates/_init.tpl @@ -0,0 +1,22 @@ +{{/*Ensure postgres database is up and running */}} +{{- define "keymanager-psql.initContainer.check.ready" -}} +- name: check-postgres + image: {{ .Values.initDB.checkPGisUp.image }} + command: [ "/bin/sh", "-c" ] + #language=sh + args: + - > + MAX_ATTEMPTS=10 + SLEEP_SECONDS=10; + attempt=0; + while ! pg_isready -U {{ include "keymanager-psql.username" . }} -d {{ include "keymanager-psql.name" . }} -h {{ include "keymanager-psql.host" . }} -p {{ include "keymanager-psql.port" . }}; do + if [ $attempt -ge $MAX_ATTEMPTS ]; then + echo "PostgreSQL did not become ready in time"; + exit 1; + fi; + attempt=$((attempt+1)); + echo "Waiting for PostgreSQL to be ready... Attempt: $attempt"; + sleep $SLEEP_SECONDS; + done; + echo "PostgreSQL is ready."; +{{- end -}} diff --git a/charts/incubator/hyperswitch-keymanager/templates/configmap.yaml b/charts/incubator/hyperswitch-keymanager/templates/configmap.yaml new file mode 100644 index 0000000..b0b76b8 --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/templates/configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +data: + production.toml: | + [server] + port = 5000 + host = "0.0.0.0" + + [metrics_server] + host = "0.0.0.0" + port = 6128 + + [pool_config] + pool = 2 + + [log] + log_format = "json" + log_level = "debug" + + [database] + user = {{ quote .Values.external.postgresql.config.username }} + password = {{ quote .Values.external.postgresql.config.password }} + host = {{ quote .Values.external.postgresql.config.host }} + port = 5432 + dbname = {{ quote .Values.external.postgresql.config.database }} + pool_size = 5 + min_idle = 2 + + +kind: ConfigMap +metadata: + name: keymanager-config-{{ .Release.Name }} + namespace: {{ .Release.Namespace }} diff --git a/charts/incubator/hyperswitch-keymanager/templates/deployment.yaml b/charts/incubator/hyperswitch-keymanager/templates/deployment.yaml new file mode 100644 index 0000000..0761b3c --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/templates/deployment.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (default .Values.global.annotations .Values.server.annotations) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + name: keymanager-{{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: keymanager + version: {{ .Release.Name }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: keymanager + version: {{ .Release.Name }} + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-type + operator: In + values: + - keymanager-ng + containers: + - env: + - name: CRIPTA__SECRETS__KMS_CONFIG__KEY_ID + valueFrom: + secretKeyRef: + name: keymanager-secrets-{{ .Release.Name }} + key: CRIPTA__SECRETS__KMS_CONFIG__KEY_ID + - name: CRIPTA__SECRETS__KMS_CONFIG__REGION + valueFrom: + secretKeyRef: + name: keymanager-secrets-{{ .Release.Name }} + key: CRIPTA__SECRETS__KMS_CONFIG__REGION + - name: CRIPTA__CERTS__TLS_CERT + valueFrom: + secretKeyRef: + name: keymanager-secrets-{{ .Release.Name }} + key: CRIPTA__CERTS__TLS_CERT + - name: CRIPTA__CERTS__TLS_KEY + valueFrom: + secretKeyRef: + name: keymanager-secrets-{{ .Release.Name }} + key: CRIPTA__CERTS__TLS_KEY + - name: CRIPTA__CERTS__ROOT_CA + valueFrom: + secretKeyRef: + name: keymanager-secrets-{{ .Release.Name }} + key: CRIPTA__CERTS__ROOT_CA + image: {{ .Values.server.image }} + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - pkill -15 node + name: keymanager + ports: + - containerPort: 5000 + name: http + protocol: TCP + resources: + requests: + cpu: 400m + memory: 400Mi + securityContext: + privileged: false + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /local/config/production.toml + name: keymanager-config + subPath: production.toml + dnsConfig: + options: + - name: ndots + value: "1" + - name: single-request-reopen + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: keymanager-role + serviceAccountName: keymanager-role + terminationGracePeriodSeconds: 90 + volumes: + - configMap: + defaultMode: 420 + name: keymanager-config-{{ .Release.Name }} + name: keymanager-config diff --git a/charts/incubator/hyperswitch-keymanager/templates/hpa.yaml b/charts/incubator/hyperswitch-keymanager/templates/hpa.yaml new file mode 100644 index 0000000..407f92b --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "hyperswitch-keymanager.fullname" . }} + labels: + {{- include "hyperswitch-keymanager.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "hyperswitch-keymanager.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/incubator/hyperswitch-keymanager/templates/migration.yaml b/charts/incubator/hyperswitch-keymanager/templates/migration.yaml new file mode 100644 index 0000000..e8a68d4 --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/templates/migration.yaml @@ -0,0 +1,51 @@ +{{- if .Values.initDB.enable }} +apiVersion: batch/v1 +kind: Job +metadata: + name: create-keymanager-db + labels: + app: create-keymanager-db + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + restartPolicy: OnFailure + initContainers: + {{- include "keymanager-psql.initContainer.check.ready" . | nindent 8 }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-type + operator: In + values: + - keymanager-ng + containers: + - name: run-keymanager-db-migration + image: {{ .Values.initDB.migration.image }} + command: [ '/bin/sh', '-c' ] + #language=sh + args: + - |- + apt update + apt install -y git + git clone --single-branch --branch main https://github.com/juspay/hyperswitch-encryption-service.git + cd hyperswitch-encryption-service + diesel migration --database-url postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$DBNAME run + echo "Completed hyperswitch database migration" + env: + - name: POSTGRES_HOST + value: {{ include "keymanager-psql.host" . }} + - name: DBNAME + value: {{ include "keymanager-psql.name" . }} + - name: POSTGRES_USER + value: {{ include "keymanager-psql.username" . }} + - name: POSTGRES_PASSWORD + value: {{ include "keymanager-psql.password" . }} +{{- end }} + + diff --git a/charts/incubator/hyperswitch-keymanager/templates/secrets.yaml b/charts/incubator/hyperswitch-keymanager/templates/secrets.yaml new file mode 100644 index 0000000..ea11007 --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/templates/secrets.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + CRIPTA__SECRETS__KMS_CONFIG__KEY_ID: {{ .Values.server.secrets.key_id | b64enc }} + CRIPTA__SECRETS__KMS_CONFIG__REGION: {{ .Values.server.secrets.region | b64enc }} + CRIPTA__CERTS__TLS_CERT: {{ .Values.server.secrets.tls_cert | b64enc }} + CRIPTA__CERTS__ROOT_CA: {{ .Values.server.secrets.ca_cert | b64enc }} + CRIPTA__CERTS__TLS_KEY: {{ .Values.server.secrets.tls_key | b64enc }} +kind: Secret +metadata: + name: keymanager-secrets-{{ .Release.Name }} + namespace: {{ .Release.Namespace }} +type: Opaque diff --git a/charts/incubator/hyperswitch-keymanager/templates/service.yaml b/charts/incubator/hyperswitch-keymanager/templates/service.yaml new file mode 100644 index 0000000..92e5342 --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: keymanager + name: keymanager + namespace: {{ .Release.Namespace }} +spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: https + port: 443 + protocol: TCP + targetPort: http + selector: + app: keymanager + sessionAffinity: None + type: ClusterIP diff --git a/charts/incubator/hyperswitch-keymanager/templates/serviceaccount.yaml b/charts/incubator/hyperswitch-keymanager/templates/serviceaccount.yaml new file mode 100644 index 0000000..710168e --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + eks.amazonaws.com/role-arn: {{ .Values.server.secrets.iam_role }} + name: keymanager-role + namespace: {{ .Release.Namespace }} diff --git a/charts/incubator/hyperswitch-keymanager/values.yaml b/charts/incubator/hyperswitch-keymanager/values.yaml new file mode 100644 index 0000000..c4fbf7b --- /dev/null +++ b/charts/incubator/hyperswitch-keymanager/values.yaml @@ -0,0 +1,60 @@ +# Default values for hyperswitch-keymanager. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +global: + image: juspaydotin/hyperswitch-encryption-service:v0.1.3 + annotations: {} + +autoscaling: + enabled: false + +server: + image: juspaydotin/hyperswitch-encryption-service:v0.1.3 + secrets: + key_id: sample_key_id + iam_role: iam_role + region: us-east-1 + ca_cert: sample_cert + tls_key: sample_cert + tls_cert: sample_cert + annotations: {} + +# Values for database (postgresql). +postgresql: + enabled: false + nameOverride: locker-db + global: + postgresql: + auth: + username: db_user + password: V2tkS1ptTkhSbnBqZDI4OUNnPT0K + database: locker-db + architecture: standalone + primary: + name: "" + resources: + requests: + cpu: 100m + +external: + postgresql: + enabled: false + config: + host: # + port: # + username: # + password: # + database: # + +# Values for the database migration job +initDB: + # Should we run the migrations on the database + enable: true + checkPGisUp: + image: postgres:16-alpine3.19 + maxAttempt: 30 + migration: + image: christophwurst/diesel-cli:latest