try and launch some k8s
This commit is contained in:
parent
70ce759564
commit
ea6ce88dab
@ -20,12 +20,21 @@ deploy-k8s-dev:
|
|||||||
variables:
|
variables:
|
||||||
CI_DEBUG_TRACE: "true"
|
CI_DEBUG_TRACE: "true"
|
||||||
script:
|
script:
|
||||||
- kubectl config set-cluster k8s --server="${K8S_DEV_SERVER}"
|
- kubectl config set-cluster k8s --server="${K8S_DEV_SERVER?dev server missing}"
|
||||||
- kubectl config set clusters.k8s.certificate-authority-data ${K8S_DEV_CERTIFICATE_AUTHORITY_DATA}
|
- kubectl config set clusters.k8s.certificate-authority-data ${K8S_DEV_CERTIFICATE_AUTHORITY_DATA}
|
||||||
- kubectl config set-credentials gitlab --token="${K8S_DEV_USER_TOKEN}"
|
- kubectl config set-credentials gitlab --token="${K8S_DEV_USER_TOKEN}"
|
||||||
- kubectl config set-context default --cluster=k8s --user=gitlab
|
- kubectl config set-context grassroots --cluster=k8s --user=gitlab --namespace grassroots
|
||||||
- kubectl config use-context default
|
- kubectl config use-context grassroots
|
||||||
#- sed -i "s/<VERSION>/${CI_COMMIT_SHORT_SHA}/g" deployment.yaml
|
#- sed -i "s/<VERSION>/${CI_COMMIT_SHORT_SHA}/g" deployment.yaml
|
||||||
#- kubectl apply -f deployment.yaml
|
#- kubectl apply -f deployment.yaml
|
||||||
- kubectl config view
|
- echo "Wiping state..."
|
||||||
- kubectl -v=4 get po
|
- kubectl delete jobs.batch --all
|
||||||
|
- kubectl delete hr postgresql && kubectl delete --wait=false pvc -l 'app.kubernetes.io/name=postgresql'
|
||||||
|
- kubectl delete sts,pvc -l 'app=bloxberg-validator'
|
||||||
|
- kubectl delete hr redis && kubectl delete --wait=false pvc -l 'app=redis'
|
||||||
|
- kubectl apply -f kubernetes/grassroots/eth-node/ -f kubernetes/grassroots/postgresql/ -f kubernetes/grassroots/redis/
|
||||||
|
- echo "run database migrations..."
|
||||||
|
- kubectl rollout restart deployments
|
||||||
|
- echo "run contract migrations..."
|
||||||
|
- kubectl apply -f kubernetes/grassroots/contract-migration/contract-migration-job.yaml
|
||||||
|
- kubectl delete job --all
|
||||||
|
10
kubernetes/cic-auth-proxy/cic-auth-creds-configmap.yaml
Normal file
10
kubernetes/cic-auth-proxy/cic-auth-creds-configmap.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: cic-auth-proxy-credentials-configmap
|
||||||
|
namespace: grassroots
|
||||||
|
data:
|
||||||
|
credentials.yaml: |
|
||||||
|
level: 9
|
||||||
|
items:
|
||||||
|
user: 1
|
10
kubernetes/cic-auth-proxy/cic-auth-proxy-acl-configMap.yaml
Normal file
10
kubernetes/cic-auth-proxy/cic-auth-proxy-acl-configMap.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: cic-auth-proxy-acl-configmap
|
||||||
|
namespace: grassroots
|
||||||
|
data:
|
||||||
|
F3FAF668E82EF5124D5187BAEF26F4682343F692: |
|
||||||
|
- "^/user(/.*)?$":
|
||||||
|
read:
|
||||||
|
- user
|
114
kubernetes/cic-auth-proxy/cic-auth-proxy-meta-deployment.yaml
Normal file
114
kubernetes/cic-auth-proxy/cic-auth-proxy-meta-deployment.yaml
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-auth-proxy-meta
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-auth-proxy-meta
|
||||||
|
group: cic
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-auth-proxy-meta
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-auth-proxy-meta
|
||||||
|
group: cic
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-auth-proxy-meta
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 200Mi
|
||||||
|
env:
|
||||||
|
- name: PROXY_HOST
|
||||||
|
value: cic-meta-server
|
||||||
|
- name: PROXY_PORT
|
||||||
|
value: "80"
|
||||||
|
- name: PROXY_PATH_PREFIX
|
||||||
|
value: "/"
|
||||||
|
- name: HTTP_AUTH_ORIGIN
|
||||||
|
value: https://meta-auth.dev.grassrootseconomics.net:443
|
||||||
|
- name: HTTP_AUTH_REALM
|
||||||
|
value: GE
|
||||||
|
- name: ACL_CREDENTIALS_ENDPOINT
|
||||||
|
value: http://key-server:8081/
|
||||||
|
- name: ACL_PATH
|
||||||
|
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
|
||||||
|
- name: GPG_PUBLICKEYS_ENDPOINT
|
||||||
|
value: http://key-server:8080/.well-known/publickeys/
|
||||||
|
- name: GPG_SIGNATURE_ENDPOINT
|
||||||
|
value: http://key-server:8080/.well-known/signature/
|
||||||
|
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
|
||||||
|
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
|
||||||
|
- name: GPG_HOMEDIR
|
||||||
|
value: /usr/local/etc/cic-auth-proxy/.gnupg/
|
||||||
|
- name: GPG_IMPORT_DIR
|
||||||
|
value: /usr/local/etc/cic-auth-proxy/import/
|
||||||
|
- name: GPG_PUBLICKEY_FILENAME
|
||||||
|
value: publickeys.asc
|
||||||
|
- name: GPG_SIGNATURE_FILENAME
|
||||||
|
value: signature.asc
|
||||||
|
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
|
||||||
|
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
name: http
|
||||||
|
volumeMounts:
|
||||||
|
- name: acl-config
|
||||||
|
mountPath: /data/acls/
|
||||||
|
readOnly: true
|
||||||
|
- name: credentials-config
|
||||||
|
mountPath: /data/noop/
|
||||||
|
readOnly: true
|
||||||
|
- name: trusted-publickey
|
||||||
|
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
|
||||||
|
- name: gpg-homedir
|
||||||
|
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
|
||||||
|
- name: pgp-meta-test
|
||||||
|
mountPath: /usr/local/etc/cic-auth-proxy/import
|
||||||
|
volumes:
|
||||||
|
- name: pgp-meta-test
|
||||||
|
configMap:
|
||||||
|
name: pgp-meta-test
|
||||||
|
- name: acl-config
|
||||||
|
configMap:
|
||||||
|
name: cic-auth-proxy-acl-configmap
|
||||||
|
- name: credentials-config
|
||||||
|
configMap:
|
||||||
|
name: cic-auth-proxy-credentials-configmap
|
||||||
|
- name: trusted-publickey
|
||||||
|
configMap:
|
||||||
|
name: pgp-trusted-publickey
|
||||||
|
- name: gpg-homedir
|
||||||
|
emptyDir: {}
|
||||||
|
---
|
||||||
|
# https://kubernetes.io/docs/concepts/services-networking/service/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: cic-auth-proxy-meta
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: cic-auth-proxy-meta
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 80
|
||||||
|
targetPort: 8080
|
114
kubernetes/cic-auth-proxy/cic-auth-proxy-user-deployment.yaml
Normal file
114
kubernetes/cic-auth-proxy/cic-auth-proxy-user-deployment.yaml
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-auth-proxy-user
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-auth-proxy-user
|
||||||
|
group: cic
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-auth-proxy-user
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-auth-proxy-user
|
||||||
|
group: cic
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-auth-proxy-user
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 200Mi
|
||||||
|
env:
|
||||||
|
- name: PROXY_HOST
|
||||||
|
value: cic-user-server
|
||||||
|
- name: PROXY_PORT
|
||||||
|
value: "80"
|
||||||
|
- name: PROXY_PATH_PREFIX
|
||||||
|
value: "/"
|
||||||
|
- name: HTTP_AUTH_ORIGIN
|
||||||
|
value: https://meta-auth.dev.grassrootseconomics.net:443
|
||||||
|
- name: HTTP_AUTH_REALM
|
||||||
|
value: GE
|
||||||
|
- name: ACL_CREDENTIALS_ENDPOINT
|
||||||
|
value: http://key-server:8081/
|
||||||
|
- name: ACL_PATH
|
||||||
|
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
|
||||||
|
- name: GPG_PUBLICKEYS_ENDPOINT
|
||||||
|
value: http://key-server:8080/.well-known/publickeys/
|
||||||
|
- name: GPG_SIGNATURE_ENDPOINT
|
||||||
|
value: http://key-server:8080/.well-known/signature/
|
||||||
|
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
|
||||||
|
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
|
||||||
|
- name: GPG_HOMEDIR
|
||||||
|
value: /usr/local/etc/cic-auth-proxy/.gnupg/
|
||||||
|
- name: GPG_IMPORT_DIR
|
||||||
|
value: /usr/local/etc/cic-auth-proxy/import/
|
||||||
|
- name: GPG_PUBLICKEY_FILENAME
|
||||||
|
value: publickeys.asc
|
||||||
|
- name: GPG_SIGNATURE_FILENAME
|
||||||
|
value: signature.asc
|
||||||
|
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
|
||||||
|
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
name: http
|
||||||
|
volumeMounts:
|
||||||
|
- name: acl-config
|
||||||
|
mountPath: /data/acls/
|
||||||
|
readOnly: true
|
||||||
|
- name: credentials-config
|
||||||
|
mountPath: /data/noop/
|
||||||
|
readOnly: true
|
||||||
|
- name: trusted-publickey
|
||||||
|
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
|
||||||
|
- name: gpg-homedir
|
||||||
|
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
|
||||||
|
- name: pgp-user-test
|
||||||
|
mountPath: /usr/local/etc/cic-auth-proxy/import
|
||||||
|
volumes:
|
||||||
|
- name: pgp-meta-test
|
||||||
|
configMap:
|
||||||
|
name: pgp-meta-test
|
||||||
|
- name: acl-config
|
||||||
|
configMap:
|
||||||
|
name: cic-auth-proxy-acl-configmap
|
||||||
|
- name: credentials-config
|
||||||
|
configMap:
|
||||||
|
name: cic-auth-proxy-credentials-configmap
|
||||||
|
- name: trusted-publickey
|
||||||
|
configMap:
|
||||||
|
name: pgp-trusted-publickey
|
||||||
|
- name: gpg-homedir
|
||||||
|
emptyDir: {}
|
||||||
|
---
|
||||||
|
# https://kubernetes.io/docs/concepts/services-networking/service/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: cic-auth-proxy-user
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: cic-auth-proxy-user
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 80
|
||||||
|
targetPort: 8080
|
129
kubernetes/cic-auth-proxy/cic-auth-proxy-ussd-deployment.yaml
Normal file
129
kubernetes/cic-auth-proxy/cic-auth-proxy-ussd-deployment.yaml
Normal file
@ -0,0 +1,129 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-auth-proxy-ussd
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-auth-proxy-ussd
|
||||||
|
group: cic
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-auth-proxy-ussd
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-auth-proxy-ussd
|
||||||
|
group: cic
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-auth-proxy-ussd
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
command: ["uwsgi", "--wsgi-file", "meta/scripts/proxy-ussd.py", "--http",
|
||||||
|
":8080"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 200Mi
|
||||||
|
env:
|
||||||
|
- name: PROXY_HOST
|
||||||
|
value: cic-user-ussd-server
|
||||||
|
- name: PROXY_PORT
|
||||||
|
value: "80"
|
||||||
|
- name: PROXY_PATH_PREFIX
|
||||||
|
value: "/"
|
||||||
|
- name: HTTP_AUTH_ORIGIN
|
||||||
|
value: https://ussd-auth.dev.grassrootseconomics.net:443
|
||||||
|
- name: HTTP_AUTH_REALM
|
||||||
|
value: GE
|
||||||
|
- name: ACL_CREDENTIALS_ENDPOINT
|
||||||
|
value: http://key-server:8081/
|
||||||
|
- name: ACL_PATH
|
||||||
|
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
|
||||||
|
- name: ACL_QUERYSTRING_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cic-ussd-querystring-creds
|
||||||
|
key: username
|
||||||
|
- name: ACL_QUERYSTRING_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cic-ussd-querystring-creds
|
||||||
|
key: password
|
||||||
|
- name: ACL_WHITELIST
|
||||||
|
value: "37.188.113.15, 164.177.157.18, 5.79.0.242, 164.177.141.82, 164.177.141.83"
|
||||||
|
- name: GPG_PUBLICKEYS_ENDPOINT
|
||||||
|
value: http://key-server:8080/.well-known/publickeys/
|
||||||
|
- name: GPG_SIGNATURE_ENDPOINT
|
||||||
|
value: http://key-server:8080/.well-known/signature/
|
||||||
|
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
|
||||||
|
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
|
||||||
|
- name: GPG_HOMEDIR
|
||||||
|
value: /usr/local/etc/cic-auth-proxy/.gnupg/
|
||||||
|
- name: GPG_IMPORT_DIR
|
||||||
|
value: /usr/local/etc/cic-auth-proxy/import/
|
||||||
|
- name: GPG_PUBLICKEY_FILENAME
|
||||||
|
value: publickeys.asc
|
||||||
|
- name: GPG_SIGNATURE_FILENAME
|
||||||
|
value: signature.asc
|
||||||
|
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
|
||||||
|
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
name: http
|
||||||
|
volumeMounts:
|
||||||
|
- name: acl-config
|
||||||
|
mountPath: /data/acls/
|
||||||
|
readOnly: true
|
||||||
|
- name: credentials-config
|
||||||
|
mountPath: /data/noop/
|
||||||
|
readOnly: true
|
||||||
|
- name: trusted-publickey
|
||||||
|
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
|
||||||
|
- name: gpg-homedir
|
||||||
|
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
|
||||||
|
- name: pgp-meta-test
|
||||||
|
mountPath: /usr/local/etc/cic-auth-proxy/import
|
||||||
|
volumes:
|
||||||
|
- name: pgp-meta-test
|
||||||
|
configMap:
|
||||||
|
name: pgp-meta-test
|
||||||
|
- name: acl-config
|
||||||
|
configMap:
|
||||||
|
name: cic-auth-proxy-acl-configmap
|
||||||
|
- name: credentials-config
|
||||||
|
configMap:
|
||||||
|
name: cic-auth-proxy-credentials-configmap
|
||||||
|
- name: trusted-publickey
|
||||||
|
configMap:
|
||||||
|
name: pgp-trusted-publickey
|
||||||
|
- name: gpg-homedir
|
||||||
|
emptyDir: {}
|
||||||
|
---
|
||||||
|
# https://kubernetes.io/docs/concepts/services-networking/service/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: cic-auth-proxy-ussd
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: cic-auth-proxy-ussd
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 80
|
||||||
|
targetPort: 8080
|
16
kubernetes/cic-auth-proxy/cic-ussd-querystring-creds.yaml
Normal file
16
kubernetes/cic-auth-proxy/cic-ussd-querystring-creds.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cic-ussd-querystring-creds
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
password: AgAO18hv8gZZRoySuTqNOg06imdnfES7io54TEGO501cq8usRcj9Bu3us+7V8zD20DQTZ7xCGCV2eyZ1kMsnFNFUBPMG0raAtwe4dAskYeQxKp0VyE1y+d9TbecvlqRXmAD3lF1exMSS3PD68VZcrDpenXE7Ag74uEJM7YmAKnUXIzBhxZlG7bIwLrRuNiTye83e/jijaPD3+66NrExBM2H//b8u1l8QVNd13XwgAWkJEW9QNMP1b2ir9VWKE4P8Da22SQRIed/Nhyc+aR3izqEpCbeRYmQqlo9r66oXK4Yr5v0IkI38gBGORrPv1OZK01plvGgMoxTe3pSiW5cyMtCXx6GgyIFKII1yYvtlI86Sf4J3DRU6kC3NSvF+2B99yFrbUPyoAGQFd6oSWAQLBI2kYqf6NXuaT3kxBNroAICMlAYygPKG0t6jEzTWk+E5l4F/PHWFD5DM+diHRqQAdDStACcMCl2i2133PPjlK1gUhQkCmeRcKeEqMT5ssBx/KM5p+v8syV4/0VlNtJpnP/aWcbwvVsiHhDE9trM/+p5E6gsVymAIiW20nRnuOSjHCnHOtjtfPtEZ3A8eHAqgJjdE6fY7DvZmwKfx2A4tMcrikz208Pa7JIFE6nj9osTz7eMrWXTmquVRotZ9we3WmGBycgVUuv9hfzUC6srkTIyT9UGHH9UNiRba/73ZDF2Zr2XvN0ofkQz8dN0dKLxy/OptCciV3Rdn/4s/IQ0usSwXLEb2tQtHgy5+twj7IQij6amjLbulRm1U2GLatmvgbjqf
|
||||||
|
username: AgCJQ9JiJErCGfH3pkX3I3696Garu40pGWgvcUOa9wz3r3Q+5SY0IMnroWO3z66L/HG7DW70upgfJBVyhncrUBrC/z73D++nMz43JvFc39MHcUYVmqvjIw1401705+G7UxxgcMOx09++CBZ97wbEfKc251v98s8G/bLtMcqS/12pVNfMGgjpkE6InlS0n9VD26HDs4A3uNtfN2GK2dsazV05UXs8W+6JOZsJ60QfPJylCpKh+sxPLDlYt4lRIM/6pP7kQXLn+VmWtzuo1dZTaUliMYH+DOXO2V9ePnjTUXGrMgRfuZP2PCmG3usdC45mOPpuURPFUmF8SDQ4IXKhBd7N+8pjZDiqQ2RxK61Qz6MXv851u7HABgVMhtjlZfaD4hVY+mr7KYDVQvrhJ971y84KBHuQFOxwZZnXAx5FdBWmkKkz959bjulJaRe1ZWA01k1SQHiVFeIArbbNSlvH45XoNR8rxFiQE+5Olt9UwdpXAH/sAfH7CRY1SnRrAW3LCyCVqAJcXF9kU+bnezVgWoJ/h9ff6VKRFqh3o+wa6V6J8GNbwC0/oeXo0XyUjbwAUjIRKeWbJ1obkvWDfYILpo2CVt34tzYowiVqmYYB8SqKBPgrca+Xmn9GpggOMibJKk0LC6R04iAajMy73cuxkX+PMV1Wz5xOuF60ccCsdiD15deYOlA34UdfeNQgGA7EKPhsl0kD/xm5
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cic-ussd-querystring-creds
|
||||||
|
namespace: grassroots
|
||||||
|
|
100
kubernetes/cic-cache/cic-cache-server-deployment.yaml
Normal file
100
kubernetes/cic-cache/cic-cache-server-deployment.yaml
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-cache-server
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-cache-server
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-cache-server
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 25%
|
||||||
|
maxUnavailable: 25%
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-cache-server
|
||||||
|
group: cic
|
||||||
|
teir: backend
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-cache-server
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
command: ["/usr/local/bin/uwsgi", "--wsgi-file=/root/cic_cache/runnable/daemons/server.py",
|
||||||
|
"--http=:8000", "--pyargv", "-vv"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 100Mi
|
||||||
|
env:
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_cache
|
||||||
|
- name: SERVER_PORT
|
||||||
|
value: "8000"
|
||||||
|
- name: DATABASE_DEBUG
|
||||||
|
value: "0"
|
||||||
|
ports:
|
||||||
|
- containerPort: 8000
|
||||||
|
name: server
|
||||||
|
restartPolicy: Always
|
||||||
|
---
|
||||||
|
# https://kubernetes.io/docs/concepts/services-networking/service/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: cic-cache-svc
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: cic-cache-server
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: server
|
||||||
|
protocol: TCP
|
||||||
|
port: 80
|
||||||
|
targetPort: 8000
|
174
kubernetes/cic-cache/cic-cache-tasker-deployment.yaml
Normal file
174
kubernetes/cic-cache/cic-cache-tasker-deployment.yaml
Normal file
@ -0,0 +1,174 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-cache-watchers
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-cache-watchers
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-cache-watchers
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 25%
|
||||||
|
maxUnavailable: 25%
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-cache-watchers
|
||||||
|
group: cic
|
||||||
|
tier: queue
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-cache-tasker
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
command: ["/usr/local/bin/cic-cache-taskerd", "-vv"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 100Mi
|
||||||
|
env:
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: CIC_CHAIN_SPEC
|
||||||
|
value: "evm:bloxberg:8996"
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_cache
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: cic-cache-tracker
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
|
||||||
|
# command: ["/usr/local/bin/cic-cache-trackerd", "-vv", "-c", "/usr/local/etc/cic-cache"]
|
||||||
|
command: ["./start_tracker.sh", "-c", "/usr/local/etc/cic-cache", "-vv"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 100Mi
|
||||||
|
env:
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_cache
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: CIC_CHAIN_SPEC
|
||||||
|
value: "evm:bloxberg:8996"
|
||||||
|
- name: SERVER_PORT
|
||||||
|
value: "8000"
|
||||||
|
- name: ETH_ABI_DIR
|
||||||
|
value: /usr/local/share/cic/solidity/abi
|
||||||
|
- name: DATABASE_DEBUG
|
||||||
|
value: "0"
|
||||||
|
restartPolicy: Always
|
221
kubernetes/cic-eth/cic-eth-tasker-deployment.yaml
Normal file
221
kubernetes/cic-eth/cic-eth-tasker-deployment.yaml
Normal file
@ -0,0 +1,221 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-eth-tasker
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-eth-tasker
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-eth-tasker
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 25%
|
||||||
|
maxUnavailable: 25%
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-eth-tasker
|
||||||
|
group: cic
|
||||||
|
tier: queue
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-eth-tasker
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
# command: ["./start_tasker.sh", "-q", "cic-eth", "-vv"]
|
||||||
|
command: ["/usr/local/bin/cic-eth-taskerd"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 250Mi
|
||||||
|
env:
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: redis-master
|
||||||
|
- name: REDIS_PORT
|
||||||
|
value: "6379"
|
||||||
|
- name: REDIS_DB
|
||||||
|
value: "0"
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: ETH_ABI_DIR
|
||||||
|
value: /usr/local/share/cic/solidity/abi
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_eth
|
||||||
|
- name: DATABASE_POOL_SIZE
|
||||||
|
value: "0"
|
||||||
|
- name: CIC_CHAIN_SPEC
|
||||||
|
value: "evm:bloxberg:8996"
|
||||||
|
- name: BANCOR_DIR
|
||||||
|
value: /usr/local/share/cic/bancor
|
||||||
|
- name: SIGNER_SOCKET_PATH
|
||||||
|
value: ipc:///run/crypto-dev-signer/jsonrpc.ipc
|
||||||
|
- name: SIGNER_SECRET
|
||||||
|
value: deadbeef
|
||||||
|
- name: ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
|
||||||
|
value: "0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
|
||||||
|
- name: TASKS_TRACE_QUEUE_STATUS
|
||||||
|
value: "1"
|
||||||
|
- name: "DATABASE_DEBUG"
|
||||||
|
value: "false"
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-path
|
||||||
|
mountPath: /run/crypto-dev-signer/
|
||||||
|
- name: cic-eth-signer
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
# command: ["./start_tasker.sh", "-q", "cic-eth", "-vv"]
|
||||||
|
command: ["python", "/usr/local/bin/crypto-dev-daemon", "-c", "/usr/local/etc/crypto-dev-signer",
|
||||||
|
"-vv"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 250Mi
|
||||||
|
env:
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: ETH_ABI_DIR
|
||||||
|
value: /usr/local/share/cic/solidity/abi
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_eth
|
||||||
|
- name: DATABASE_POOL_SIZE
|
||||||
|
value: "0"
|
||||||
|
- name: CIC_CHAIN_SPEC
|
||||||
|
value: "evm:bloxberg:8996"
|
||||||
|
- name: BANCOR_DIR
|
||||||
|
value: /usr/local/share/cic/bancor
|
||||||
|
- name: SIGNER_SOCKET_PATH
|
||||||
|
value: ipc:///run/crypto-dev-signer/jsonrpc.ipc
|
||||||
|
- name: SIGNER_SECRET
|
||||||
|
value: deadbeef
|
||||||
|
- name: ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
|
||||||
|
value: "0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
|
||||||
|
- name: TASKS_TRACE_QUEUE_STATUS
|
||||||
|
value: "1"
|
||||||
|
- name: "DATABASE_DEBUG"
|
||||||
|
value: "false"
|
||||||
|
- name: "CIC_DEFAULT_TOKEN_SYMBOL"
|
||||||
|
value: GFT
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-path
|
||||||
|
mountPath: /run/crypto-dev-signer/
|
||||||
|
volumes:
|
||||||
|
- name: socket-path
|
||||||
|
emptyDir: {}
|
||||||
|
restartPolicy: Always
|
248
kubernetes/cic-eth/cic-eth-tracker.yaml
Normal file
248
kubernetes/cic-eth/cic-eth-tracker.yaml
Normal file
@ -0,0 +1,248 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
# The guardian is composed of:
|
||||||
|
# cic-manager-head
|
||||||
|
# cic-dispatch
|
||||||
|
# cic-retrier
|
||||||
|
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-eth-tracker
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-eth-tracker
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-eth-tracker
|
||||||
|
replicas: 1 # these are all strictly 1
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 25%
|
||||||
|
maxUnavailable: 25%
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-eth-tracker
|
||||||
|
group: cic
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-eth-tracker
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
command: ["./start_tracker.sh", "-v", "-c", "/usr/local/etc/cic-eth"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 250Mi
|
||||||
|
env:
|
||||||
|
- name: TASKS_TRANSFER_CALLBACKS
|
||||||
|
value: "cic-eth:cic_eth.callbacks.noop.noop,cic-ussd:cic_ussd.tasks.callback_handler.transaction_callback"
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_eth
|
||||||
|
- name: DATABASE_DEBUG
|
||||||
|
value: "0"
|
||||||
|
- name: ETH_ABI_DIR
|
||||||
|
value: /usr/local/share/cic/solidity/abi
|
||||||
|
- name: CIC_CHAIN_SPEC
|
||||||
|
value: "evm:bloxberg:8996"
|
||||||
|
- name: REDIS_HOSTNAME
|
||||||
|
value: redis-master
|
||||||
|
- name: cic-eth-dispatcher
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
command: ["./start_dispatcher.sh", "-q", "cic-eth", "-v"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 250Mi
|
||||||
|
env:
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: TASKS_TRANSFER_CALLBACKS
|
||||||
|
value: "cic-eth:cic_eth.callbacks.noop.noop,cic-ussd:cic_ussd.tasks.callback_handler.transaction_callback"
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_eth
|
||||||
|
- name: DATABASE_DEBUG
|
||||||
|
value: "0"
|
||||||
|
- name: CIC_CHAIN_SPEC
|
||||||
|
value: "evm:bloxberg:8996"
|
||||||
|
- name: REDIS_HOSTNAME
|
||||||
|
value: redis-master
|
||||||
|
# - name: cic-eth-retrier
|
||||||
|
# image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
|
||||||
|
# command: [ "./start_retry.sh", "-v" ]
|
||||||
|
# resources:
|
||||||
|
# requests:
|
||||||
|
# cpu: 50m
|
||||||
|
# memory: 100Mi
|
||||||
|
# limits:
|
||||||
|
# cpu: 500m
|
||||||
|
# memory: 250Mi
|
||||||
|
# env:
|
||||||
|
# - name: CIC_REGISTRY_ADDRESS
|
||||||
|
# valueFrom:
|
||||||
|
# configMapKeyRef:
|
||||||
|
# name: contract-migration-output
|
||||||
|
# key: CIC_REGISTRY_ADDRESS
|
||||||
|
# - name: CIC_TRUST_ADDRESS
|
||||||
|
# valueFrom:
|
||||||
|
# configMapKeyRef:
|
||||||
|
# name: contract-migration-output
|
||||||
|
# key: CIC_TRUST_ADDRESS
|
||||||
|
# - name: CIC_TX_RETRY_DELAY # TODO what is this value?
|
||||||
|
# value: "15"
|
||||||
|
# - name: TASKS_TRANSFER_CALLBACKS # TODO what is this value?
|
||||||
|
# value: "taskcall:cic_eth.callbacks.noop.noop"
|
||||||
|
# - name: ETH_PROVIDER
|
||||||
|
# value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
# - name: DATABASE_USER
|
||||||
|
# value: grassroots
|
||||||
|
# - name: DATABASE_HOST
|
||||||
|
# value: postgres-helm-postgresqlsql
|
||||||
|
# - name: DATABASE_PASSWORD
|
||||||
|
# value: tralala
|
||||||
|
# - name: DATABASE_NAME
|
||||||
|
# value: cic_eth
|
||||||
|
# - name: DATABASE_PORT
|
||||||
|
# value: "5432"
|
||||||
|
# - name: DATABASE_ENGINE
|
||||||
|
# value: postgres
|
||||||
|
# - name: DATABASE_DRIVER
|
||||||
|
# value: psycopg2
|
||||||
|
# - name: DATABASE_DEBUG
|
||||||
|
# value: "1"
|
||||||
|
# - name: REDIS_HOSTNAME
|
||||||
|
# value: grassroots-redis-master
|
||||||
|
# - name: CIC_CHAIN_SPEC
|
||||||
|
# value: "evm:bloxberg:8996"
|
||||||
|
# - name: CELERY_BROKER_URL
|
||||||
|
# value: redis://grassroots-redis-master
|
||||||
|
# - name: CELERY_RESULT_URL
|
||||||
|
# value: redis://grassroots-redis-master
|
||||||
|
restartPolicy: Always
|
120
kubernetes/cic-imagepolicy.yaml
Normal file
120
kubernetes/cic-imagepolicy.yaml
Normal file
@ -0,0 +1,120 @@
|
|||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImagePolicy
|
||||||
|
metadata:
|
||||||
|
name: cic-eth
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
imageRepositoryRef:
|
||||||
|
name: cic-eth
|
||||||
|
filterTags:
|
||||||
|
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
|
||||||
|
extract: '$ts'
|
||||||
|
policy:
|
||||||
|
numerical:
|
||||||
|
order: asc
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImagePolicy
|
||||||
|
metadata:
|
||||||
|
name: cic-ussd
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
imageRepositoryRef:
|
||||||
|
name: cic-ussd
|
||||||
|
filterTags:
|
||||||
|
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
|
||||||
|
extract: '$ts'
|
||||||
|
policy:
|
||||||
|
numerical:
|
||||||
|
order: asc
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImagePolicy
|
||||||
|
metadata:
|
||||||
|
name: cic-cache
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
imageRepositoryRef:
|
||||||
|
name: cic-cache
|
||||||
|
filterTags:
|
||||||
|
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
|
||||||
|
extract: '$ts'
|
||||||
|
policy:
|
||||||
|
numerical:
|
||||||
|
order: asc
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImagePolicy
|
||||||
|
metadata:
|
||||||
|
name: cic-meta
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
imageRepositoryRef:
|
||||||
|
name: cic-meta
|
||||||
|
filterTags:
|
||||||
|
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
|
||||||
|
extract: '$ts'
|
||||||
|
policy:
|
||||||
|
numerical:
|
||||||
|
order: asc
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImagePolicy
|
||||||
|
metadata:
|
||||||
|
name: cic-staff-client
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
imageRepositoryRef:
|
||||||
|
name: cic-staff-client
|
||||||
|
filterTags:
|
||||||
|
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
|
||||||
|
extract: '$ts'
|
||||||
|
policy:
|
||||||
|
numerical:
|
||||||
|
order: asc
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImagePolicy
|
||||||
|
metadata:
|
||||||
|
name: cic-contract-migration
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
imageRepositoryRef:
|
||||||
|
name: cic-contract-migration
|
||||||
|
filterTags:
|
||||||
|
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
|
||||||
|
extract: '$ts'
|
||||||
|
policy:
|
||||||
|
numerical:
|
||||||
|
order: asc
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImagePolicy
|
||||||
|
metadata:
|
||||||
|
name: cic-notify
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
imageRepositoryRef:
|
||||||
|
name: cic-notify
|
||||||
|
filterTags:
|
||||||
|
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
|
||||||
|
extract: '$ts'
|
||||||
|
policy:
|
||||||
|
numerical:
|
||||||
|
order: asc
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImagePolicy
|
||||||
|
metadata:
|
||||||
|
name: cic-auth-proxy
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
imageRepositoryRef:
|
||||||
|
name: cic-auth-proxy
|
||||||
|
filterTags:
|
||||||
|
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
|
||||||
|
extract: '$ts'
|
||||||
|
policy:
|
||||||
|
numerical:
|
||||||
|
order: asc
|
||||||
|
|
71
kubernetes/cic-imagerepositories.yaml
Normal file
71
kubernetes/cic-imagerepositories.yaml
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImageRepository
|
||||||
|
metadata:
|
||||||
|
name: cic-eth
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth
|
||||||
|
interval: 1m0s
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImageRepository
|
||||||
|
metadata:
|
||||||
|
name: cic-ussd
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd
|
||||||
|
interval: 1m0s
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImageRepository
|
||||||
|
metadata:
|
||||||
|
name: cic-cache
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache
|
||||||
|
interval: 1m0s
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImageRepository
|
||||||
|
metadata:
|
||||||
|
name: cic-meta
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta
|
||||||
|
interval: 1m0s
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImageRepository
|
||||||
|
metadata:
|
||||||
|
name: cic-staff-client
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-staff-client
|
||||||
|
interval: 1m0s
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImageRepository
|
||||||
|
metadata:
|
||||||
|
name: cic-contract-migration
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration
|
||||||
|
interval: 1m0s
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImageRepository
|
||||||
|
metadata:
|
||||||
|
name: cic-notify
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify
|
||||||
|
interval: 1m0s
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1alpha1
|
||||||
|
kind: ImageRepository
|
||||||
|
metadata:
|
||||||
|
name: cic-auth-proxy
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy
|
||||||
|
interval: 1m0s
|
122
kubernetes/cic-meta/cic-meta-server-deployment.yaml
Normal file
122
kubernetes/cic-meta/cic-meta-server-deployment.yaml
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-meta-server
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-meta-server
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-meta-server
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 25%
|
||||||
|
maxUnavailable: 25%
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-meta-server
|
||||||
|
group: cic
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-meta-server
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:master-fe017d2b-1625932004 # {"$imagepolicy": "flux-system:cic-meta"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 250Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 500Mi
|
||||||
|
env:
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: SCHEMA_SQL_PATH
|
||||||
|
value: scripts/initdb/server.postgres.sql
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_meta
|
||||||
|
- name: SERVER_HOST
|
||||||
|
value: localhost
|
||||||
|
- name: SERVER_PORT
|
||||||
|
value: "8000"
|
||||||
|
- name: DATABASE_SCHEMA_SQL_PATH
|
||||||
|
value: ""
|
||||||
|
- name: PGP_EXPORTS_DIR
|
||||||
|
value: /tmp/src/keys
|
||||||
|
- name: PGP_PRIVATEKEY_FILE # Private key here is for enrypting data
|
||||||
|
value: privatekey.asc
|
||||||
|
- name: PGP_PASSPHRASE
|
||||||
|
value: queenmarlena # TODO move to secret
|
||||||
|
- name: PGP_PUBLICKEY_TRUSTED_FILE
|
||||||
|
value: publickeys.asc
|
||||||
|
- name: PGP_PUBLICKEY_ACTIVE_FILE # public key here is to know who to trust
|
||||||
|
value: publickeys.asc
|
||||||
|
- name: PGP_PUBLICKEY_ENCRYPT_FILE
|
||||||
|
value: publickeys.asc
|
||||||
|
ports:
|
||||||
|
- containerPort: 8000
|
||||||
|
name: cic-meta-server
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp/src/keys
|
||||||
|
readOnly: true
|
||||||
|
name: pgp
|
||||||
|
volumes:
|
||||||
|
- name: pgp
|
||||||
|
configMap:
|
||||||
|
name: pgp-meta-test
|
||||||
|
items:
|
||||||
|
restartPolicy: Always
|
||||||
|
---
|
||||||
|
# https://kubernetes.io/docs/concepts/services-networking/service/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: cic-meta-server
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: cic-meta-server
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 80
|
||||||
|
targetPort: 8000
|
@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cic-notify-africastalking-sandbox-secret
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
api_key: AgC1j5LwcOocVchLac0kPmCqyqljV40RzlCXVrtaxFvFvO+s2KcaUNFrIxfirZ8pbSDPKAUAgQam9tJiZFg4Wdu0x6LDDo6x2/0t/HXqb1eeH+OxO045T0AQZPpqFK+5QZ7y+c0tnUJfppCgOd+PhvB0AyHndWoWmTMGy48zpKaeRZriRRM5+rkNgGzazUNdsQoThOhEStIDCa1+zpq++KckU+VS5Qgsj7X1gOth+XFeyVFuXLY/QTTmvflgXj/YA5HMcJVCO3/l4UGaxHaUWps6IlZ5RgALamavAww7HIT7iecjXbAKx4fQt7bKuQY/FHiwDLAJmfdYUv7YK3EVsW4lSWVxgQ4RKM1dru8Kgs4nE+jmlApeuMl2Y3yT0tyCXSNPBzcsAbeumctsWO2gypQbL/0N1a9OZYgJv4/rfbonl8lK8detZDnAOqhOEiJ2fX/H9bkLc7n5hEHxnIt72sgdurD3r7WkxNsD8/laBx7hDtr7+Zv9RZ8MlyyUd+ZBVax6tO7immo8ya+BRsFKcrr3FqSuvwl3q7y/DNLMU6wqEv+/FmfSW7J1HuGlOJApHM96R6Jfqpw+ZNZ/hS6Z0CDNicLRdRfDaKglOu4UvkiWQ2F1JtqtJEtishbk3bNtZSAOO7Uan/V1XfeUvrYBAyXCoLLwK2pm/eWNZ71BW7TghCNgqRpeALPZy2JrDudnmyoXzcidJeBi5lBEnbXzIcOuos/0xgM/DiKQDO8mxh1ycbiu9XSydxdkLrRFXMtO8KK4qhIdgJp8INjZxIzgm5j3
|
||||||
|
api_sender_id: AgCTvYXxQNTCcRnMrfcc3D+OY+N8/mFtfI+O3xI45qxdC1n7/OE2MI0XIleYSbbAh3R7+5lNjq3pVhdKpRvCYxUGerCdSeYFQZf0RN71sAtDV8NnHCB6pRIsCWlvjDHw7XRH6PiPrr0xj4rwd1Qou8EMybVQXwT6nvV20kdKhAd6dTTgqT8x1AB5N+L0o1H/ThOKNadjN6oqlROz4in0DTTmis+Ebk4pywFroVWa5pMCjy7Ua5omKqB45lAKDp4FwogSnEUVS1b1pQTO/o0mnCQRObPcOzVjze6oqfUaEPkvtrOkmKuAxEXFKdAzG8bzPwx6EuSCbMmcUekeBGKDZBniE1YyOkPyLZelBEtyXFhQBmKbdW4qhlEJwYwflFBll8eNo2ruMVH7HTJvAqW4p2mxTIoM9Nx+UWDJjZ736aYvDfCgZX0MVKvXjrNtWEhuVBYGZxFIWfj/RqNkcJf+ZlNYK8MripzPReNWDlvhH1jzlPGJozUlYfLY8hY/NDGMbdc+EflLy8p4oRLWUo0Z0W3ARwLM1WQMk8FSXAgCjMmL7m3d310lVO5LLVdj3GTpjfCNPm2m7Re0lsOkLDE8x0vhJnlIUJ8WlY1EdezKfPWR0laNSknCCxfPYU88XiO2DVgUdWBH0Hg13yQQ3IXz49Pnf6LrAx46EgKUzoKnCgA5L/hRAIV3u8vav/5kdSF4CxY=
|
||||||
|
api_username: AgBQZXCDQY5B1RKfwjih04XSvdPJjmlfuA2bL6qiphYDIM223DJ5HEolHIWlCeSAjDC5JjkkesPmVzxybgD7hRwVuyOyWfmiXBG6+552v/DNv17IfSNNtZMCsEj9jyscHfvRI1NCG5pxywhBfRxhOVIYflbFI/H+13ReAs/6J/uhVfWVPMXzdg7Zj7mYsWzj3otv0npzXc+j2G4JZk53h7fDTY/XsXyZCe+Xpn9auf7Y+m+/shOiaM67CuE+eMWYhpTpTDy6oG3rjSrqhjVnE4wu8fP85nTGK2ctrQ9qgyOdcf1vPdlt1CwP5FZ+zxY8GrhUsYnunQ50znPD55e/8m5AqZhIrCjQ0lfzB2iCn0OzwOjnQpfv0W0QXpw6aDH/GYfMbDBLyXnF5yU0J+R7tv2Q45NKyRHbdO2VQXhXak95YGvK0Er3+8b0Jx4k3L+hM3OTFaJgdGOyb4IsUFG6vfQlfG3Bl4ggYqAGCJo041SpT4gc1XgGkar8WD4sOir61qKde8NnIOdRn1bhaZ8qD2eP+4p20hqsgpAA38SN6qZfrZc5sj/Re2mXxYIbmdALlP6yt1exhtU4QRzF23RDHmwiGtzh0YqIUj62+icrLcn+ZXgpufW9BgxKXilczF/bfsN2v4VFKsrkp+wRtAlFj3riDoles/IhItIJ9KpmSHEsRDRrkrUl+sFQ5xqQvfIuEoy/DHKf/Q3L
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cic-notify-africastalking-sandbox-secret
|
||||||
|
namespace: grassroots
|
||||||
|
|
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cic-notify-africastalking-sandbox-secret
|
||||||
|
namespace: grassroots
|
||||||
|
stringData:
|
||||||
|
api_username: sandbox
|
||||||
|
api_key: 2d76d4920c244d40828a03d9349730af5bdd22863f245810910a5855b2ba0749
|
||||||
|
api_sender_id:
|
@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cic-notify-africastalking-secret
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
api_key: AgAbH1KDx0kVxtqPBvkb0w1uYJm0Vwd/eHBMhLJRC9Z5zs/YkHkV+Zrz4Pk0loSIdyV3fFdL+zcqnwWmkYjrkBYUXqB+F6HcfYPlND+zAtv8QMbpmHoF6faqx1MY981Sx7qqURlORCZzkwzrDEC4XK2nwut414PFEQ4Rn9SWe2RWXl75G3+TVkj0jd24rYYlGCmD8krjFLY9IMigKZOr0TqoPhHv9xKPg7+Xpwtd86QpiFcTR0fBtN8FLDuKlYGHvTvaUqT2kyBEXeiSn3V+rB7mD72QtNBwS9KJfQla/Gh1z4kps5DkZNoHKRz3O0SnMND1UrID713g7coYI+3q3Xk4/IFiYH4iTQwls/TZWuu/aAc74Ofs6tNwNfUeGGwa0uX/EdMpQ0cWBsGQXi3wG91kvCbnHQ1IERXgCLzGur9yB7YARy6H3tJkQrjzY2ETmMK6wj8yelKC1LLiVk/UVPiRI3O85JPxDDdtcOWkRtGso5Z1Q4D0AFWhbrhBXZc3cS2MmU1bIXoZ+fsYoZ1Mrg+uFQyuf4XwIq+HZuaYksN6xN0olId/H53Bau/z54pteFwT3VOKJNrLHCnAz0YJG2LO08Iu3FcNIUVh1tf39019QOFW2QGemhxznfPH1Mn4l9GwhE2MNfU2JqbFLnCfPZPoFSY+7YZ8I271aY4sM/OlaE2Nrk9RSsSgpS+WUCijSzZ8Crgc8dffVQryDEc/t+JIW7T4BH16lk+fgx2W1JoU/BMMvaRitHX5XsIs5xchwfuvb5+WbNnT8WbYdomGokEg
|
||||||
|
api_sender_id: AgBt9Sp+yb1Qek38Imhs4zW4pcujj2ExStcfLgWPXgD3WhIOfMS7AFAe5uDTICZqLEoMnluVTJn8Hk02BIU3quXWjOOgLJRmpNlgqAbchR1XA07BwGeYWMZomC4M+8nknMOHeQvo8HGN/Y5HnXw5N2Gw8Utlm/cLVVJOEYCKGiR8vWpzMMGepxIKVeex93Ev09SQsxbOJ3QO3SGdJiKFBvXgSeGnsdg+uAeC0NG1zzVBbiCgiNoIZgv6ZnwzBZSl7BYAazt4xOoHSRoicgmIX3PWdjIz+lzVHIuEuFZK9heq+MODQhZcvf54JRB1qPURGJobu3IVDAckIvnFlSCRaBp2rAqtyzAtngkau3Et/66eI3SChJFDgnbourQ1QRPzqWipzYQ11JpUbc0luXRfA+HvzrlIf5r/rSL93jepWQS0Exk2VuCrBAS+QPJccmncJYRZ98SU0fAu+5ZcHFVkEpc4iatW6j1tXyxn+tO1pl7yB/9GGfNA72XxVHwLZmTE7LN0Y4VyhdIQYtXX5ZX49bD0Lfk/m1pkwkWtj1Cas7YpFvX0JUN0bjn6JQoJAIh7fCW5O2ATp/eqpsCcfyw+Fy8kNPFVXlfvVmD9aqwYojfCE2CV0lXFGwHLkNp0nxxTPoqrx2YAa9R/nILaUawvMdMU+a8n1Ee79al/eVpqr4WdTkQikrxcoud8PDzNOyk2y8eZY+Kb2dU=
|
||||||
|
api_username: AgBOCaA5MnRsnGSkQw8Md2XIRsb+9Dg3XiM5yagk1GvAcO+eNnL4i2F4pbA0Ctad0LpQVXwVhppJDqxS7ffy3VJwMdEWxChKN3AiE3e8Eqx8LzD1xXU48OxAfksFKQrXNBVjfBcSgyoTwI5ohYSGxuUL3fWo4/Wp0AWdy92bwNZfhOvkLpfn+Q3nblLX9tQeu/ky6+hqkiyZSWjgykJXGnVnpPMoRS8BLbcxRD1kpJfMORfW7q1JyzheBGByStRvr7i6z3m4KVC/a9H3o0OpIQQTNtvvy4zECQ5NnjrxXYdOJfJZNq1enVqqCeA06h2e3DESfxYPPx6tL8+Ugo+4TorFb5Fw8vqFQRd/1SiGQE++W/MRY4P+fj9hQrxyzdnG5oBq1j2JTpx5VMwkOEk1yVLmRS9nYrZOfFE/6EJJSzRZMbh+xVTEvcag9ZzSzkbKoakR+VKjZ2Rpum6rwXPUUhJ5F6ohIZx2x/qE3QJlmxtnJQGfmNwe6HTiLxqjU3o0SkVQgMPN275Uydlm6Omn9eo2jkYnA5hg4TPoFjcqAmbgV5O372U6ShpNtA2hYi6CdF7K/sbKxhFtHTrPAdF5NhMGZ6N81X1AMWq3a1mojMBJbVTPVzSWPovkiqhQ62gKUUbPp191aLuQlX83dqEuRxyYTprId/ODB7RtaAddDcLsF4z/7i7yh8VtKyqHBs7hA52O1b2sQJwxmhw=
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cic-notify-africastalking-secret
|
||||||
|
namespace: grassroots
|
||||||
|
|
10
kubernetes/cic-notify/cic-notify-africastalking-secret.yaml
Normal file
10
kubernetes/cic-notify/cic-notify-africastalking-secret.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cic-notify-africastalking-sandbox-secret
|
||||||
|
namespace: grassroots
|
||||||
|
stringData:
|
||||||
|
api_username: GrassEcon
|
||||||
|
api_key: d041139805531435ceed9673cc5815a92a1c0f26df1fec45bdcc2b5e99b833df
|
||||||
|
api_sender_id: Sarafu
|
100
kubernetes/cic-notify/cic-notify-deployment.yaml
Normal file
100
kubernetes/cic-notify/cic-notify-deployment.yaml
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-notify-tasker
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-notify-tasker
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-notify-tasker
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-notify-tasker
|
||||||
|
group: cic
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-notify-tasker
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:master-7a3cb7ab-1627053362 # {"$imagepolicy": "flux-system:cic-notify"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
command: ["./start_tasker.sh", "-q", "cic-notify", "-vv"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 25m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 200Mi
|
||||||
|
env:
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: DATABASE_POOL_SIZE
|
||||||
|
value: "0"
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_notify
|
||||||
|
- name: AFRICASTALKING_API_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cic-notify-africastalking-sandbox-secret
|
||||||
|
key: api_username
|
||||||
|
- name: AFRICASTALKING_API_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cic-notify-africastalking-sandbox-secret
|
||||||
|
key: api_key
|
||||||
|
- name: AFRICASTALKING_API_SENDER_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cic-notify-africastalking-sandbox-secret
|
||||||
|
key: api_sender_id
|
||||||
|
ports:
|
||||||
|
- containerPort: 80 # What is this value?
|
||||||
|
name: cic-eth-manager
|
||||||
|
restartPolicy: Always
|
55
kubernetes/cic-staff-client/cic-staff-client-deployment.yaml
Normal file
55
kubernetes/cic-staff-client/cic-staff-client-deployment.yaml
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-staff-client
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-staff-client
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-staff-client
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-staff-client
|
||||||
|
group: cic
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cicada
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-staff-client:master-858e1e65-1627284988 # {"$imagepolicy": "flux-system:cic-staff-client"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-staff-client:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 100Mi
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
name: http
|
||||||
|
restartPolicy: Always
|
||||||
|
---
|
||||||
|
# https://kubernetes.io/docs/concepts/services-networking/service/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: cic-staff-client
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: cic-staff-client
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 80
|
||||||
|
targetPort: 80
|
119
kubernetes/cic-ussd/cic-user-server-deployment.yaml
Normal file
119
kubernetes/cic-ussd/cic-user-server-deployment.yaml
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-user-server
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-user-server
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-user-server
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 25%
|
||||||
|
maxUnavailable: 25%
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-user-server
|
||||||
|
group: cic
|
||||||
|
tier: backend
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-user-server
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-fad0a4b5-1628267359 # {"$imagepolicy": "flux-system:cic-ussd"}
|
||||||
|
command: ["/root/start_cic_user_server.sh", "-vv"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 250Mi
|
||||||
|
env:
|
||||||
|
- name: APP_PASSWORD_PEPPER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cic-ussd-secret
|
||||||
|
key: app_password_pepper
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: DATABASE_POOL_SIZE
|
||||||
|
value: "0"
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_ussd
|
||||||
|
- name: HTTP_PORT_CIC_USER_SERVER
|
||||||
|
value: "9500"
|
||||||
|
- name: PGP_KEYS_PATH
|
||||||
|
value: /tmp/src/keys/
|
||||||
|
- name: PGP_EXPORTS_DIR
|
||||||
|
value: /tmp/src/keys/
|
||||||
|
- name: APP_PASSWORD_PEPPER
|
||||||
|
value: "QYbzKff6NhiQzY3ygl2BkiKOpER8RE/Upqs/5aZWW+I="
|
||||||
|
ports:
|
||||||
|
- containerPort: 9500
|
||||||
|
name: server
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp/src/keys
|
||||||
|
name: pgp
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
#- name: pgp
|
||||||
|
# secret:
|
||||||
|
# secretName: pgp
|
||||||
|
- name: pgp
|
||||||
|
configMap:
|
||||||
|
name: pgp-meta-test
|
||||||
|
restartPolicy: Always
|
||||||
|
---
|
||||||
|
# https://kubernetes.io/docs/concepts/services-networking/service/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: cic-user-server-svc
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: cic-user-server
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: server
|
||||||
|
protocol: TCP
|
||||||
|
port: 80
|
||||||
|
targetPort: 9500
|
124
kubernetes/cic-ussd/cic-user-tasker-deployment.yaml
Normal file
124
kubernetes/cic-ussd/cic-user-tasker-deployment.yaml
Normal file
@ -0,0 +1,124 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-user-tasker
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-user-tasker
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-user-tasker
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 25%
|
||||||
|
maxUnavailable: 25%
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-user-tasker
|
||||||
|
group: cic
|
||||||
|
task: queue
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-user-tasker
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-7a3cb7ab-1627053361 # {"$imagepolicy": "flux-system:cic-ussd"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
command: ["/root/start_cic_user_tasker.sh", "-q", "cic-ussd", "-vv"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 250Mi
|
||||||
|
env:
|
||||||
|
- name: APP_PASSWORD_PEPPER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cic-ussd-secret
|
||||||
|
key: app_password_pepper
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_ussd
|
||||||
|
- name: DATABASE_POOL_SIZE
|
||||||
|
value: "0"
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: redis-master
|
||||||
|
- name: REDIS_PORT
|
||||||
|
value: "6379"
|
||||||
|
- name: REDIS_DATABASE
|
||||||
|
value: "0"
|
||||||
|
- name: CIC_META_URL
|
||||||
|
value: http://cic-meta-server:80
|
||||||
|
- name: PGP_KEYS_PATH
|
||||||
|
value: /tmp/src/keys/
|
||||||
|
- name: PGP_EXPORTS_DIR
|
||||||
|
value: /tmp/src/keys/
|
||||||
|
- name: PGP_PRIVATE_KEYS
|
||||||
|
value: privatekey.asc
|
||||||
|
- name: PGP_PASSPHRASE
|
||||||
|
value: queenmarlena # TODO move to secret
|
||||||
|
- name: CIC_META_URL
|
||||||
|
value: http://cic-meta-server:80
|
||||||
|
- name: APP_PASSWORD_PEPPER
|
||||||
|
value: "QYbzKff6NhiQzY3ygl2BkiKOpER8RE/Upqs/5aZWW+I="
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp/src/keys
|
||||||
|
name: pgp
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
#- name: pgp
|
||||||
|
# secret:
|
||||||
|
# secretName: pgp
|
||||||
|
- name: pgp
|
||||||
|
configMap:
|
||||||
|
name: pgp-meta-test
|
||||||
|
restartPolicy: Always
|
141
kubernetes/cic-ussd/cic-user-ussd-server-deployment.yaml
Normal file
141
kubernetes/cic-ussd/cic-user-ussd-server-deployment.yaml
Normal file
@ -0,0 +1,141 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: cic-user-ussd-server
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: cic-user-ussd-server
|
||||||
|
annotations:
|
||||||
|
keel.sh/policy: "glob:master-*"
|
||||||
|
keel.sh/trigger: poll
|
||||||
|
keel.sh/pollSchedule: "@every 5m"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cic-user-ussd-server
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 25%
|
||||||
|
maxUnavailable: 25%
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: cic-user-ussd-server
|
||||||
|
group: cic
|
||||||
|
tier: backend
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: cic-user-ussd-server
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-7a3cb7ab-1627053361 # {"$imagepolicy": "flux-system:cic-ussd"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
command: ["/root/start_cic_user_ussd_server.sh", "-vv"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 250Mi
|
||||||
|
env:
|
||||||
|
- name: APP_PASSWORD_PEPPER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cic-ussd-secret
|
||||||
|
key: app_password_pepper
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: DATABASE_POOL_SIZE
|
||||||
|
value: "0"
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: redis-master
|
||||||
|
- name: REDIS_PORT
|
||||||
|
value: "6379"
|
||||||
|
- name: REDIS_DATABASE
|
||||||
|
value: "0"
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_ussd
|
||||||
|
- name: SERVER_PORT
|
||||||
|
value: "9000"
|
||||||
|
- name: APP_ALLOWED_IP
|
||||||
|
value: "0.0.0.0/0"
|
||||||
|
- name: CIC_META_URL
|
||||||
|
value: http://cic-meta-server:80
|
||||||
|
- name: PGP_KEYS_PATH
|
||||||
|
value: /tmp/src/keys/
|
||||||
|
- name: PGP_EXPORTS_DIR
|
||||||
|
value: /tmp/src/keys/
|
||||||
|
- name: PGP_PRIVATE_KEYS
|
||||||
|
value: privatekey.asc
|
||||||
|
- name: PGP_PASSPHRASE
|
||||||
|
value: queenmarlena # TODO move to secret
|
||||||
|
- name: APP_PASSWORD_PEPPER
|
||||||
|
value: "QYbzKff6NhiQzY3ygl2BkiKOpER8RE/Upqs/5aZWW+I="
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp/src/keys
|
||||||
|
name: pgp
|
||||||
|
ports:
|
||||||
|
- containerPort: 9000
|
||||||
|
name: server
|
||||||
|
volumes:
|
||||||
|
- name: pgp
|
||||||
|
configMap:
|
||||||
|
name: pgp-meta-test
|
||||||
|
restartPolicy: Always
|
||||||
|
---
|
||||||
|
# https://kubernetes.io/docs/concepts/services-networking/service/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: cic-user-ussd-svc
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: cic-user-ussd-server
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: server
|
||||||
|
protocol: TCP
|
||||||
|
port: 80
|
||||||
|
targetPort: 9000
|
15
kubernetes/cic-ussd/cic-ussd-sealedsecret.yaml
Normal file
15
kubernetes/cic-ussd/cic-ussd-sealedsecret.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cic-ussd-secret
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
app_password_pepper: AgCrkW9x9iLDjcmmNHTopd1CXAdamuqWkiS3Tviev5OtR5d4FBw9L9Qm8P9ZsBiH9ucQSNu4XLxUuIEgyBLEPQDM5DELl+qvCmPboQ73kPxjEH4/ppqE1QnJHBFcTqfkUVDu4dBkmGPCbYAGrWqDa1bZt1Hujl+ZpWuc919nN2yxFEArs8jt8JIP2bbGKwPl21MDNP53ITtpw1euBswxUzLRcfUrw+6ghce8faFjDEnCS9NKftCwBFMQN2ddNn8aY0K1Dl/DJLTJw9c6L+3YAHzaQAkNz2I6W6ERri6Mmkc1bE1cujvftNxrWkPqh9bJD163xhMbA6vQd8rEpQelilBQpT0plcH5dj11mhAX+n3IR4Xp5kD+fwwPPgoQ5P3TJj4nfAccM/ubVVR6vLCXrO2TV56V8YgQ2pd0H3H8IJYRdU6LE9xLWdG5J32EKrhnhTNaGcFpWq3g4UUv6Fy0z7iZ8TkBce13zCiEf7AXeXzdj2KDgVW6/FBLknJoDd2m/j4GA5UC6MiKXc/X9sgHeSIOstR5nGBuYYr/12FbAPdnvV8zQzfHQsSCysciLQBqFhC5Yeepwu+UYsYCDWKGgvmC284zl52VkK2G6cXi77qcKNc6NtViZpKkJ0vRysgLLpBiDERB/NOrXef+kA6hJXsc5hqAPJjceh0XV0iT/4FA/2qq0A7qfm4meSJAxrj2PssoVQSUQmo2jopTCsa7IEq9opqy0yJaXu+dJG32IHimDLcAm1Sp0uumcd9MOg==
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cic-ussd-secret
|
||||||
|
namespace: grassroots
|
||||||
|
|
@ -0,0 +1,68 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/configuration/configmap/
|
||||||
|
kind: ConfigMap
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: contract-migration-envlist
|
||||||
|
namespace: grassroots
|
||||||
|
data:
|
||||||
|
envlist: |
|
||||||
|
SYNCER_LOOP_INTERVAL
|
||||||
|
SSL_ENABLE_CLIENT
|
||||||
|
SSL_CERT_FILE
|
||||||
|
SSL_KEY_FILE
|
||||||
|
SSL_PASSWORD
|
||||||
|
SSL_CA_FILE
|
||||||
|
BANCOR_DIR
|
||||||
|
REDIS_HOST
|
||||||
|
REDIS_PORT
|
||||||
|
REDIS_DB
|
||||||
|
PGP_PRIVATEKEY_FILE
|
||||||
|
PGP_PASSPHRASE
|
||||||
|
DATABASE_USER
|
||||||
|
DATABASE_PASSWORD
|
||||||
|
DATABASE_NAME
|
||||||
|
DATABASE_HOST
|
||||||
|
DATABASE_PORT
|
||||||
|
DATABASE_ENGINE
|
||||||
|
DATABASE_DRIVER
|
||||||
|
DATABASE_DEBUG
|
||||||
|
TASKS_AFRICASTALKING
|
||||||
|
TASKS_SMS_DB
|
||||||
|
TASKS_LOG
|
||||||
|
TASKS_TRACE_QUEUE_STATUS
|
||||||
|
TASKS_TRANSFER_CALLBACKS
|
||||||
|
DEV_MNEMONIC
|
||||||
|
DEV_ETH_RESERVE_ADDRESS
|
||||||
|
DEV_ETH_ACCOUNTS_INDEX_ADDRESS
|
||||||
|
DEV_ETH_RESERVE_AMOUNT
|
||||||
|
DEV_ETH_ACCOUNT_BANCOR_DEPLOYER
|
||||||
|
DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER
|
||||||
|
DEV_ETH_ACCOUNT_GAS_PROVIDER
|
||||||
|
DEV_ETH_ACCOUNT_RESERVE_OWNER
|
||||||
|
DEV_ETH_ACCOUNT_RESERVE_MINTER
|
||||||
|
DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_OWNER
|
||||||
|
DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
|
||||||
|
DEV_ETH_ACCOUNT_SARAFU_OWNER
|
||||||
|
DEV_ETH_ACCOUNT_SARAFU_GIFTER
|
||||||
|
DEV_ETH_ACCOUNT_APPROVAL_ESCROW_OWNER
|
||||||
|
DEV_ETH_ACCOUNT_SINGLE_SHOT_FAUCET_OWNER
|
||||||
|
DEV_ETH_SARAFU_TOKEN_NAME
|
||||||
|
DEV_ETH_SARAFU_TOKEN_SYMBOL
|
||||||
|
DEV_ETH_SARAFU_TOKEN_DECIMALS
|
||||||
|
DEV_ETH_SARAFU_TOKEN_ADDRESS
|
||||||
|
DEV_PGP_PUBLICKEYS_ACTIVE_FILE
|
||||||
|
DEV_PGP_PUBLICKEYS_TRUSTED_FILE
|
||||||
|
DEV_PGP_PUBLICKEYS_ENCRYPT_FILE
|
||||||
|
CIC_REGISTRY_ADDRESS
|
||||||
|
CIC_APPROVAL_ESCROW_ADDRESS
|
||||||
|
CIC_TOKEN_INDEX_ADDRESS
|
||||||
|
CIC_ACCOUNTS_INDEX_ADDRESS
|
||||||
|
CIC_DECLARATOR_ADDRESS
|
||||||
|
CIC_CHAIN_SPEC
|
||||||
|
ETH_PROVIDER
|
||||||
|
ETH_ABI_DIR
|
||||||
|
SIGNER_SOCKET_PATH
|
||||||
|
SIGNER_SECRET
|
||||||
|
CELERY_BROKER_URL
|
||||||
|
CELERY_RESULT_URL
|
||||||
|
META_PROVIDER
|
122
kubernetes/contract-migration/contract-migration-job.yaml
Normal file
122
kubernetes/contract-migration/contract-migration-job.yaml
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/job/
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: contract-migration
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: contract-migration
|
||||||
|
spec:
|
||||||
|
backoffLimit: 0
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
imagePullSecrets:
|
||||||
|
- name: gitlab-internal-integration-registry
|
||||||
|
# securityContext:
|
||||||
|
# runAsUser: 1000
|
||||||
|
# runAsGroup: 1000
|
||||||
|
restartPolicy: Never
|
||||||
|
containers:
|
||||||
|
- name: contract-migration
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:master-621780e9-1618865959 # {"$imagepolicy": "flux-system:cic-contract-migration"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
|
||||||
|
command: ["./run_job.sh"]
|
||||||
|
# command: ["sleep", "3600"]
|
||||||
|
env:
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_eth
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: redis-master
|
||||||
|
- name: REDIS_PORT
|
||||||
|
value: "6379"
|
||||||
|
- name: REDIS_DB
|
||||||
|
value: "0"
|
||||||
|
- name: DEV_PIP_EXTRA_INDEX_URL
|
||||||
|
value: https://pip.grassrootseconomics.net:8433
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: ETH_PROVIDER_HOST
|
||||||
|
value: bloxberg-validator.grassroots.svc.cluster.local
|
||||||
|
- name: ETH_PROVIDER_PORT
|
||||||
|
value: "8547"
|
||||||
|
- name: CIC_CHAIN_SPEC
|
||||||
|
value: "evm:bloxberg:8996"
|
||||||
|
- name: CIC_DATA_DIR
|
||||||
|
value: /tmp/cic/config
|
||||||
|
- name: RUN_MASK
|
||||||
|
value: "3" # bit flags; 1: contract migrations 2: seed data
|
||||||
|
- name: DEV_FAUCET_AMOUNT
|
||||||
|
value: "50000000"
|
||||||
|
- name: CIC_DEFAULT_TOKEN_SYMBOL
|
||||||
|
value: GFT
|
||||||
|
- name: DEV_SARAFU_DEMURRAGE_LEVEL
|
||||||
|
value: "196454828847045000000000000000000"
|
||||||
|
- name: DEV_ETH_GAS_PRICE
|
||||||
|
value: "1"
|
||||||
|
- name: TOKEN_TYPE
|
||||||
|
value: giftable_erc20_token
|
||||||
|
- name: WALLET_KEY_FILE
|
||||||
|
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp/cic/config
|
||||||
|
name: migration-output
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: "250Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "500Mi"
|
||||||
|
cpu: "250m"
|
||||||
|
volumes:
|
||||||
|
- name: migration-output
|
||||||
|
emptyDir: {}
|
@ -0,0 +1,11 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/configuration/configmap/
|
||||||
|
# PURPOSE: These values are *manually* populated after execution of the contract migration container
|
||||||
|
# The contract migration pod should output these vars among the STDOUT
|
||||||
|
kind: ConfigMap
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: contract-migration-output
|
||||||
|
namespace: grassroots
|
||||||
|
data:
|
||||||
|
CIC_REGISTRY_ADDRESS: "0xea6225212005e86a4490018ded4bf37f3e772161"
|
||||||
|
CIC_TRUST_ADDRESS: "0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C"
|
118
kubernetes/contract-migration/contract-seeding-job.yaml
Normal file
118
kubernetes/contract-migration/contract-seeding-job.yaml
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/job/
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: contract-seeding
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: contract-seeding
|
||||||
|
spec:
|
||||||
|
backoffLimit: 0
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
imagePullSecrets:
|
||||||
|
- name: gitlab-internal-integration-registry
|
||||||
|
# securityContext:
|
||||||
|
# runAsUser: 1000
|
||||||
|
# runAsGroup: 1000
|
||||||
|
restartPolicy: Never
|
||||||
|
containers:
|
||||||
|
- name: registry-seeder
|
||||||
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:master-621780e9-1618865959 # {"$imagepolicy": "flux-system:cic-contract-migration"}
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
|
||||||
|
command: ["./run_job.sh"]
|
||||||
|
# command: ["sleep", "3600"]
|
||||||
|
env:
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_eth
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: redis-master
|
||||||
|
- name: REDIS_PORT
|
||||||
|
value: "6379"
|
||||||
|
- name: REDIS_DB
|
||||||
|
value: "0"
|
||||||
|
- name: DEV_PIP_EXTRA_INDEX_URL
|
||||||
|
value: https://pip.grassrootseconomics.net:8433
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: ETH_PROVIDER_HOST
|
||||||
|
value: bloxberg-validator.grassroots.svc.cluster.local
|
||||||
|
- name: ETH_PROVIDER_PORT
|
||||||
|
value: "8547"
|
||||||
|
- name: CIC_CHAIN_SPEC
|
||||||
|
value: "evm:bloxberg:8996"
|
||||||
|
- name: CIC_DATA_DIR
|
||||||
|
value: /tmp/cic/config
|
||||||
|
- name: RUN_MASK
|
||||||
|
value: "2" # bit flags; 1: contract migrations 2: seed data
|
||||||
|
- name: DEV_FAUCET_AMOUNT
|
||||||
|
value: "50000000"
|
||||||
|
- name: CIC_DEFAULT_TOKEN_SYMBOL
|
||||||
|
value: GFT
|
||||||
|
- name: DEV_SARAFU_DEMURRAGE_LEVEL
|
||||||
|
value: "196454828847045000000000000000000"
|
||||||
|
- name: DEV_ETH_GAS_PRICE
|
||||||
|
value: "1"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp/cic/config
|
||||||
|
name: migration-output
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: "250Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "500Mi"
|
||||||
|
cpu: "250m"
|
||||||
|
volumes:
|
||||||
|
- name: migration-output
|
||||||
|
emptyDir: {}
|
229
kubernetes/contract-migration/data-seeding-deployment.yaml
Normal file
229
kubernetes/contract-migration/data-seeding-deployment.yaml
Normal file
@ -0,0 +1,229 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/pods/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: data-seeding
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: data-seeding
|
||||||
|
group: cic
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
# This container should stay up for interactive use for now.
|
||||||
|
- name: data-seeding
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
|
||||||
|
command: bash -c "while true; do sleep 1; done" # Infinite loop to keep container live doing nothing
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 200Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 400Mi
|
||||||
|
env:
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_eth
|
||||||
|
- name: META_URL
|
||||||
|
value: http://cic-meta-server:80
|
||||||
|
- name: META_HOST
|
||||||
|
value: cic-meta-server
|
||||||
|
- name: META_PORT
|
||||||
|
value: "80"
|
||||||
|
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
|
||||||
|
value: privatekey.asc
|
||||||
|
- name: PGP_PUBLIC_KEY_FILE
|
||||||
|
value: publickeys.asc
|
||||||
|
- name: PGP_PASSPHRASE
|
||||||
|
value: queenmarlena # TODO move to secret
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: redis-master
|
||||||
|
- name: REDIS_PORT
|
||||||
|
value: "6379"
|
||||||
|
- name: TOKEN_SYMBOL
|
||||||
|
value: "GFT"
|
||||||
|
- name: USER_USSD_HOST
|
||||||
|
value: cic-user-ussd-svc
|
||||||
|
- name: USER_USSD_PORT
|
||||||
|
value: "80"
|
||||||
|
- name: KEYSTORE_FILE_PATH
|
||||||
|
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp/src/keys
|
||||||
|
readOnly: true
|
||||||
|
name: pgp
|
||||||
|
- moutPath: /root/out
|
||||||
|
name: out-dir
|
||||||
|
- name: data-seeding-tasker
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
|
||||||
|
command: bash -c "while true; do sleep 1; done" # Infinite loop to keep container live doing nothing
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 200Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 400Mi
|
||||||
|
env:
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_eth
|
||||||
|
- name: META_URL
|
||||||
|
value: http://cic-meta-server:80
|
||||||
|
- name: META_HOST
|
||||||
|
value: cic-meta-server
|
||||||
|
- name: META_PORT
|
||||||
|
value: "80"
|
||||||
|
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
|
||||||
|
value: privatekey.asc
|
||||||
|
- name: PGP_PUBLIC_KEY_FILE
|
||||||
|
value: publickeys.asc
|
||||||
|
- name: PGP_PASSPHRASE
|
||||||
|
value: queenmarlena # TODO move to secret
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: redis-master
|
||||||
|
- name: REDIS_PORT
|
||||||
|
value: "6379"
|
||||||
|
- name: TOKEN_SYMBOL
|
||||||
|
value: "GFT"
|
||||||
|
- name: USER_USSD_HOST
|
||||||
|
value: cic-user-ussd-svc
|
||||||
|
- name: USER_USSD_PORT
|
||||||
|
value: "80"
|
||||||
|
- name: KEYSTORE_FILE_PATH
|
||||||
|
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp/src/keys
|
||||||
|
readOnly: true
|
||||||
|
name: pgp
|
||||||
|
- moutPath: /root/out
|
||||||
|
name: out-dir
|
||||||
|
volumes:
|
||||||
|
- name: out-dir
|
||||||
|
emptyDir: {}
|
||||||
|
- name: pgp
|
||||||
|
configMap:
|
||||||
|
name: pgp-meta-test
|
||||||
|
restartPolicy: Never
|
127
kubernetes/contract-migration/data-seeding-pod.yaml
Normal file
127
kubernetes/contract-migration/data-seeding-pod.yaml
Normal file
@ -0,0 +1,127 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/pods/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: data-seeding
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: data-seeding
|
||||||
|
group: cic
|
||||||
|
spec:
|
||||||
|
imagePullSecrets:
|
||||||
|
- name: gitlab-grassroots-registry
|
||||||
|
containers:
|
||||||
|
- name: data-seeding
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
|
||||||
|
command: ["sleep", "360000"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 200Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 400Mi
|
||||||
|
env:
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_USER
|
||||||
|
- name: DATABASE_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_HOST
|
||||||
|
- name: DATABASE_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PORT
|
||||||
|
- name: DATABASE_ENGINE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_ENGINE
|
||||||
|
- name: DATABASE_DRIVER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_DRIVER
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
key: DATABASE_PASSWORD
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: ETH_PROVIDER
|
||||||
|
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
|
||||||
|
- name: CIC_REGISTRY_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_REGISTRY_ADDRESS
|
||||||
|
- name: CIC_TRUST_ADDRESS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: contract-migration-output
|
||||||
|
key: CIC_TRUST_ADDRESS
|
||||||
|
- name: CELERY_BROKER_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_BROKER_URL
|
||||||
|
- name: CELERY_RESULT_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: redis-conn-common
|
||||||
|
key: CELERY_RESULT_URL
|
||||||
|
- name: DATABASE_NAME
|
||||||
|
value: cic_eth
|
||||||
|
- name: META_URL
|
||||||
|
value: http://cic-meta-server:80
|
||||||
|
- name: META_HOST
|
||||||
|
value: cic-meta-server
|
||||||
|
- name: META_PORT
|
||||||
|
value: "80"
|
||||||
|
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
|
||||||
|
value: privatekey.asc
|
||||||
|
- name: PGP_PUBLIC_KEY_FILE
|
||||||
|
value: publickeys.asc
|
||||||
|
- name: PGP_PASSPHRASE
|
||||||
|
value: queenmarlena # TODO move to secret
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: redis-master
|
||||||
|
- name: REDIS_PORT
|
||||||
|
value: "6379"
|
||||||
|
- name: TOKEN_SYMBOL
|
||||||
|
value: "GFT"
|
||||||
|
- name: USER_USSD_HOST
|
||||||
|
value: cic-user-ussd-svc
|
||||||
|
- name: USER_USSD_PORT
|
||||||
|
value: "80"
|
||||||
|
- name: KEYSTORE_FILE_PATH
|
||||||
|
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
|
||||||
|
- name: PGP_EXPORTS_DIR
|
||||||
|
value: /tmp/src/keys
|
||||||
|
- name: OUT_DIR
|
||||||
|
value: /root/out
|
||||||
|
- name: NUMBER_OF_USERS
|
||||||
|
value: "10"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp/src/keys
|
||||||
|
readOnly: true
|
||||||
|
name: pgp
|
||||||
|
volumes:
|
||||||
|
- name: pgp
|
||||||
|
configMap:
|
||||||
|
name: pgp-meta-test
|
||||||
|
restartPolicy: Never
|
83
kubernetes/eth-node/bloxberg-dev-validator.yaml
Normal file
83
kubernetes/eth-node/bloxberg-dev-validator.yaml
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
# See https://github.com/openethereum/openethereum/issues/7288#issuecomment-393500569
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: bloxberg-validator
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: bloxberg-validator
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: bloxberg-validator
|
||||||
|
serviceName: bloxberg-validator
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: bloxberg-validator
|
||||||
|
name: bloxberg-validator
|
||||||
|
spec:
|
||||||
|
terminationGracePeriodSeconds: 20
|
||||||
|
initContainers:
|
||||||
|
- name: data-permission-fix
|
||||||
|
image: busybox
|
||||||
|
command: ["/bin/sh", "-c"]
|
||||||
|
args: [ "cp -r /keys /keys-cp ; /bin/chown -R 1000:1000 /data /keys-cp" ]
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
volumeMounts:
|
||||||
|
- name: bloxberg-keys
|
||||||
|
mountPath: /keys/Bloxberg
|
||||||
|
- name: bloxberg-keys-cp
|
||||||
|
mountPath: /keys-cp
|
||||||
|
- name: pv
|
||||||
|
mountPath: /data
|
||||||
|
containers:
|
||||||
|
- image: parity/parity:latest
|
||||||
|
name: parity
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
args: ["--config=/config/config.toml",
|
||||||
|
"--keys-path=/keys-cp/keys",
|
||||||
|
"--password=/secret/validator.pwd"]
|
||||||
|
ports:
|
||||||
|
- containerPort: 8547
|
||||||
|
- containerPort: 8548
|
||||||
|
- containerPort: 30303
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: "100m"
|
||||||
|
memory: "120Mi"
|
||||||
|
volumeMounts:
|
||||||
|
- name: bloxberg-keys-cp
|
||||||
|
mountPath: /keys-cp/
|
||||||
|
- name: bloxberg-keys
|
||||||
|
mountPath: /keys/Bloxberg
|
||||||
|
- name: bloxberg-validator-config
|
||||||
|
mountPath: /config
|
||||||
|
readOnly: true
|
||||||
|
- name: bloxberg-validator-secret
|
||||||
|
mountPath: /secret
|
||||||
|
readOnly: true
|
||||||
|
- name: pv
|
||||||
|
mountPath: /data
|
||||||
|
volumes:
|
||||||
|
- name: bloxberg-keys-cp
|
||||||
|
emptyDir: {}
|
||||||
|
- name: bloxberg-validator-config
|
||||||
|
configMap:
|
||||||
|
name: bloxberg-validator-config
|
||||||
|
items:
|
||||||
|
|
||||||
|
- name: bloxberg-validator-secret
|
||||||
|
secret:
|
||||||
|
secretName: bloxberg-validator-secret
|
||||||
|
- name: bloxberg-keys
|
||||||
|
secret:
|
||||||
|
secretName: bloxberg-keys
|
||||||
|
defaultMode: 0755
|
||||||
|
- name: pv
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: bloxberg-validator
|
||||||
|
---
|
15
kubernetes/eth-node/bloxberg-keys-sealedsecret.yaml
Normal file
15
kubernetes/eth-node/bloxberg-keys-sealedsecret.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: bloxberg-keys
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
UTC--2021-05-06T18-26-15Z--c083b446-591e-6a78-17ac-b8a99d92ad78: AgAOl4s5nOwdCRf46ufW23L0StYcDy+P81PtlIIsTCnpqAph7AHA/8Wa6QI6qwubUbryL9x+sfM09w6ESgdmWOAuqcLYqO8N3L538kpPWwO8I1/VSE3mv9f9SFYvT20XcVt7qWYa/BoQjt9KCQjIst5VB0qp4HjKjxWY5NWwrPv1x9r7rS+4NLWZ2FV4x+BhNB9aq3jYW+uyNoFnruFHBdKDjCSiX7HrBPEH9MNf5r+9+ND5EcMTk2Wc4WQIeDsiNcpetDkDPZx/Mz7OTwLH8EpYou80Mh/b70x5/VJgNzr5LeO5gGWVNwzgOlWVb+SaTuvnnDqzcCjXQpUqIbh7Eqy4g2ItEXvDE58EWmNqXUKPGflOGXuDT6pzwyCQfvjGGbfyQGH3nP1RFHBtm+DqtlqOcMm/qmg2AX2yGnzSJ2c3Qv+2en7Xakh6LUlHhcWxPaq9vGZOuoWKDHQOO+eDGGA6/Rm5yjZGXwTebYzoW1LZcx1ZvZl1d7AO1xt4aoFNP4/rbQPyYmKAFZmuIXz3bUSVQ3IgeKErRK35Gxx13HCb+8hWcKuXFsmEQJpaxUbFG4RWcdczrEjyYeiRs358h+YhZKYyWyeGq1SVPR0GIKCyzBBQ8cgvl4Vm6VtIMhzFWZproLLwNDjFgMoCBxz5k92uQpNlpHHS4PvQsvfSuPd0a6Iiizcm+aAxSp12B3PotAw4qTDDvY5vyfF2px0BG5YUqNNAZRzcRxNMiLqi/VKYuGBtyrCzN1vnE6bRVgFELj+dbESE096ukdPP6PEuCEpCngrdbOJSy4oS6KPmNg6gG0kgMFo8HrG2kdry632TG4vZIV8QHijuhD4CIN3WEoC7fXvn99GjY36uuRTWnseGhUxbOJWqiTgKJlaChikfSjZ/HfNeQ2f/1Pb1k7enoSFIQsiYKdMcEsuVVV6WoM7re/gm8RAXXUrz2s+rnu0VyVRxC2jpWD0r7jfneYWwgMqS8FDrraa1zUsA8wm9rA7O4fuK9ZWMhyO7JkQOzzBpN0lp7pNkyoyqgqLJNIqjH4Nhb9w3Ijx7Ajfzj2tCYxTvlLX4WyiVWUG40nSenrEoIaxYhpwNZ4+wvdCEBX3JmfSNZ6uuCn1rTb5w3Eqo0+ddFo1hbsxKF0DUTTaYZlzR6+yUSv2HpqqP2K9j83bJB+8go0WySiz0+sUdj8YLBdld/MaWocFTuewC52l1joapMsnNcvBouETwe0jHpvTBcve1TymVlzQl7s8/lpLxp8/iphqCwkvykDehV7J18VTH+zvPBL094WTkPJLv0NWsAEeUnHApjXgyzWY5PLZboL0OW4fCfU8NwlU2r8zryd6txQKeAgzyYghKvUuJ5gOs9U+fw5rdLc16xUA3QQ5qO/2zzC+XmvscQ7Fk
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: bloxberg-keys
|
||||||
|
namespace: grassroots
|
||||||
|
|
250
kubernetes/eth-node/bloxberg-validator-miner-configMap.yaml
Normal file
250
kubernetes/eth-node/bloxberg-validator-miner-configMap.yaml
Normal file
@ -0,0 +1,250 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: bloxberg-validator-config
|
||||||
|
namespace: grassroots
|
||||||
|
data:
|
||||||
|
config.toml: |
|
||||||
|
[parity]
|
||||||
|
base_path = "/data"
|
||||||
|
chain = "/config/bloxberg.json"
|
||||||
|
|
||||||
|
[network]
|
||||||
|
port = 30303
|
||||||
|
# reserved_peers = "/config/bootnodes.txt"
|
||||||
|
nat = "none"
|
||||||
|
discovery = false
|
||||||
|
|
||||||
|
[rpc]
|
||||||
|
port = 8547
|
||||||
|
apis = ["all"]
|
||||||
|
interface = "all"
|
||||||
|
cors = ["*"]
|
||||||
|
|
||||||
|
[websockets]
|
||||||
|
disable = false
|
||||||
|
port = 8548
|
||||||
|
apis = ["all"]
|
||||||
|
interface = "all"
|
||||||
|
origins = ["*"]
|
||||||
|
|
||||||
|
[mining]
|
||||||
|
#CHANGE ENGINE SIGNER TO VALIDATOR ADDRESS
|
||||||
|
engine_signer = "0x494cc42e63f076ff7bc81043ff310255a527b377"
|
||||||
|
reseal_on_txs = "none"
|
||||||
|
force_sealing = true
|
||||||
|
min_gas_price = 1000000
|
||||||
|
gas_floor_target = "10000000"
|
||||||
|
|
||||||
|
[footprint]
|
||||||
|
tracing = "off"
|
||||||
|
|
||||||
|
[misc]
|
||||||
|
# Logging pattern (`<module>=<level>`, e.g. `own_tx=trace`).
|
||||||
|
logging = "miner=trace,own_tx=trace"
|
||||||
|
|
||||||
|
#bootnodes.txt: |
|
||||||
|
#MPDL Bootnode and Authority
|
||||||
|
# enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@141.5.98.231:30304
|
||||||
|
# enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@130.183.206.234:30304
|
||||||
|
# enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@141.5.98.231:30303
|
||||||
|
# enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@130.183.206.234:30303
|
||||||
|
# #GeorgiaTech
|
||||||
|
# enode://4d9e6925ef3a92315283a655e856aa29dd516172c4f38d2a8fcd58c233a2cd80c57b507fed3bf351b1ac0611e8c7fefd6fb1c49de2d0d15eb1816d43629ac4ba@3.14.148.213:30303
|
||||||
|
# #CMU
|
||||||
|
# enode://ce0154eb13c1c038017151dd1ff4d736178ffedc33f5e11fe694c247eb09279886d253c3c775486eb709a65057901e2788098f991c58e6ad26ff957a8f45253e@128.2.25.89:30303
|
||||||
|
# #UCL
|
||||||
|
# enode://e41a38d659f13d47f3d88c5178e0cfe97487d3568000b85ae3a4abbcc35404d2628cee8a7e9071b63802542bafd886447ecf1d02fc663be0534779094a3e4fd1@128.16.12.165:30303
|
||||||
|
# #Sarajevo
|
||||||
|
# enode://6959137e1c66384e82ce6d9ba7e09bb0e56817f4834416448b98f646a335168c2967760a1daa5e3ec5ac2a3401be1cd05927568cdebf49c25d4770f5bb8fbfd7@195.222.43.21:30303
|
||||||
|
# #Zurich
|
||||||
|
# enode://6173beaabd1a82d41e3615da2a755e99f3bd53e04737e2ae2f02a004c42445d8dfd1d87aadfafabc4c45a1df2a80f359ab628c93522d1dac70690a9689912bbc@129.132.178.74:30303
|
||||||
|
# #Internet Security
|
||||||
|
# enode://bc50cf41d29f346f43f84ee7d03b21cd2d4176cd759cd0d26ce04c16448d4c8611c4eab4c5543e29075c758c0afc2fd6743fa38f48dc0ed1f016efbb5c5a7654@194.94.127.78:30303
|
||||||
|
|
||||||
|
bloxberg.json: |
|
||||||
|
{
|
||||||
|
"name": "Bloxberg",
|
||||||
|
"engine": {
|
||||||
|
"authorityRound": {
|
||||||
|
"params": {
|
||||||
|
"maximumUncleCountTransition": 5006743,
|
||||||
|
"maximumUncleCount": 0,
|
||||||
|
"stepDuration": "5",
|
||||||
|
"validators": {
|
||||||
|
"list": ["0x494cc42e63f076ff7bc81043ff310255a527b377"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"params": {
|
||||||
|
"gasLimitBoundDivisor": "0x400",
|
||||||
|
"maximumExtraDataSize": "0x20",
|
||||||
|
"minGasLimit": "0x7A1200",
|
||||||
|
"networkID": "0x2324",
|
||||||
|
|
||||||
|
"eip140Transition": "0x0",
|
||||||
|
"eip211Transition": "0x0",
|
||||||
|
"eip214Transition": "0x0",
|
||||||
|
"eip658Transition": "0x0",
|
||||||
|
|
||||||
|
"eip145Transition": 5006743,
|
||||||
|
"eip1014Transition": 5006743,
|
||||||
|
"eip1052Transition": 5006743,
|
||||||
|
|
||||||
|
"eip1283Transition": 5006743,
|
||||||
|
"eip1344Transition": 5006743,
|
||||||
|
"eip1706Transition": 5006743,
|
||||||
|
"eip1884Transition": 5006743,
|
||||||
|
"eip2028Transition": 5006743
|
||||||
|
},
|
||||||
|
"genesis": {
|
||||||
|
"seal": {
|
||||||
|
"authorityRound": {
|
||||||
|
"step": "0x0",
|
||||||
|
"signature": "0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"difficulty": "0x20000",
|
||||||
|
"gasLimit": "0x7A1200"
|
||||||
|
},
|
||||||
|
"accounts": {
|
||||||
|
"0x0000000000000000000000000000000000000001": {
|
||||||
|
"balance": "1",
|
||||||
|
"builtin": {
|
||||||
|
"name": "ecrecover",
|
||||||
|
"pricing": {
|
||||||
|
"linear": {
|
||||||
|
"base": 3000,
|
||||||
|
"word": 0
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"0x0000000000000000000000000000000000000002": {
|
||||||
|
"balance": "1",
|
||||||
|
"builtin": {
|
||||||
|
"name": "sha256",
|
||||||
|
"pricing": {
|
||||||
|
"linear": {
|
||||||
|
"base": 60,
|
||||||
|
"word": 12
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"0x0000000000000000000000000000000000000003": {
|
||||||
|
"balance": "1",
|
||||||
|
"builtin": {
|
||||||
|
"name": "ripemd160",
|
||||||
|
"pricing": {
|
||||||
|
"linear": {
|
||||||
|
"base": 600,
|
||||||
|
"word": 120
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"0x0000000000000000000000000000000000000004": {
|
||||||
|
"balance": "1",
|
||||||
|
"builtin": {
|
||||||
|
"name": "identity",
|
||||||
|
"pricing": {
|
||||||
|
"linear": {
|
||||||
|
"base": 15,
|
||||||
|
"word": 3
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"0x0000000000000000000000000000000000000005": {
|
||||||
|
"builtin": {
|
||||||
|
"name": "modexp",
|
||||||
|
"activate_at": 0,
|
||||||
|
"pricing": {
|
||||||
|
"modexp": {
|
||||||
|
"divisor": 20
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"0x0000000000000000000000000000000000000006": {
|
||||||
|
"builtin": {
|
||||||
|
"name": "alt_bn128_add",
|
||||||
|
"activate_at": 0,
|
||||||
|
"pricing": {
|
||||||
|
"alt_bn128_const_operations": {
|
||||||
|
"price": 500
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"0000000000000000000000000000000000000007": {
|
||||||
|
"builtin": {
|
||||||
|
"name": "alt_bn128_mul",
|
||||||
|
"pricing": {
|
||||||
|
"0": {
|
||||||
|
"price": {
|
||||||
|
"alt_bn128_const_operations": {
|
||||||
|
"price": 40000
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"5006743": {
|
||||||
|
"info": "Istanbul HF",
|
||||||
|
"price": {
|
||||||
|
"alt_bn128_const_operations": {
|
||||||
|
"price": 6000
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"0000000000000000000000000000000000000008": {
|
||||||
|
"builtin": {
|
||||||
|
"name": "alt_bn128_pairing",
|
||||||
|
"pricing": {
|
||||||
|
"0": {
|
||||||
|
"price": {
|
||||||
|
"alt_bn128_pairing": {
|
||||||
|
"base": 100000,
|
||||||
|
"pair": 80000
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"5006743": {
|
||||||
|
"info": "Istanbul HF",
|
||||||
|
"price": {
|
||||||
|
"alt_bn128_pairing": {
|
||||||
|
"base": 45000,
|
||||||
|
"pair": 34000
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"0x0000000000000000000000000000000000000009": {
|
||||||
|
"builtin": {
|
||||||
|
"name": "blake2_f",
|
||||||
|
"pricing": {
|
||||||
|
"5006743": {
|
||||||
|
"info": "Istanbul HF",
|
||||||
|
"price": {
|
||||||
|
"blake2_f": {
|
||||||
|
"gas_per_round": 1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C": {
|
||||||
|
"balance": "102000000000000000000000000000000"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
14
kubernetes/eth-node/bloxberg-validator-pvc.yaml
Normal file
14
kubernetes/eth-node/bloxberg-validator-pvc.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: bloxberg-validator
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: bloxberg-validator
|
||||||
|
spec:
|
||||||
|
storageClassName: do-block-storage
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 20Gi
|
15
kubernetes/eth-node/bloxberg-validator-sealedsecret.yaml
Normal file
15
kubernetes/eth-node/bloxberg-validator-sealedsecret.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: bloxberg-validator-secret
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
validator.pwd: AgAu6Seh37ELi6AXKetNOGMZpOrzkjukS6FLCGJTzF8jsIlgoCMbZ3krLfDoJqmbidNJRxmGtHbsjHwwfCNdqkOoPDBMKdRGzPD62zro5a8Spw2hr6VtEY/dA/sRswKfwMTCgHxG7eF3SVAOwZ/kqNMSMCJWhxtFDjcwdi2F4S33lR+3Otw7Bbc5dBRSEA7UvC6DRfasx1Tmd4Tcw19W3tRtqG6CM6HgIfmACYLgQucMOZDr5MZK/MzvOngrLc4wLHTO5ilmrdZFWfpX+KhGpYPDS8sUrKjrGTfHpCHpuzdX+Q6wgfVWxK/8X3bCryG+BB4zY4FR+ETpIlaSd4RXCpVVUYdZYXi8OURFAyf/+hCEDucOFpkqSTOATu0bzU5o0Jvpx9XiGOsjYv0GfYpIoc+6Ii9pV9J4EJMxRDKgGJXfFSZPmNJuDU/0Xx+FeKk8/8f7p0C1M12CqBk/XxqveNJTiMC3cfdCULsUKYSmEbxbXjz46RIcTvsu9I3Tc2spgHpagmUnl05MnlWBswV0kQkjy1tfkO3emqzfNWLZeTN5H7B2/vmewdq/3VTROnx9IRG0fRIpkOEPWgzO9MlNfM/ltBRRhyhmbFS1wNWJqxG8IiSVLzegKC33boknmqGP+qI1nQGZ08GFWUNZMhQmRHQCQj/H5rPtzxDzNQtGM0S4ZbZjmuv4M50IM06vJvsVrps1sETbiIt7ojg=
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: bloxberg-validator-secret
|
||||||
|
namespace: grassroots
|
||||||
|
|
18
kubernetes/eth-node/bloxberg-validator-svc.yaml
Normal file
18
kubernetes/eth-node/bloxberg-validator-svc.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: bloxberg-validator
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: bloxberg-validator
|
||||||
|
ports:
|
||||||
|
- name: eth-net
|
||||||
|
port: 30303
|
||||||
|
protocol: TCP
|
||||||
|
- name: rpc #TODO change to rpc
|
||||||
|
port: 8547
|
||||||
|
protocol: TCP
|
||||||
|
- name: websocket # TODO change to websocket
|
||||||
|
port: 8548
|
||||||
|
protocol: TCP
|
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: gitlab-internal-integration-registry
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
.dockerconfigjson: AgBBXZyqqPhVZ53L4avFRFQxUmH7pw+fqFQap/4tK+anHhnrbb5sBSPSBJsB4mKzmmdVpaKgrjteFLaDcukWBVLQTB8b3MOKbXB42batIy+7ev0+vpARXUDiBuqw/Suaatqi10D4X6sV+COxXEOgxtZpD9OAiTtUVXWIOHRnenWZztLjtr/LvRJFtBTYuXyj1dFo1HZ8kjDufPjE6K5rVgZNNkudKmk5tAYrIxiE7PTPyRrJ/eO6ybVqtRtahv0sXjTGWTLlUS0OksJbinprCp8mAUFddUxdo+6rX5AIUHqmIupE0KyRyNio4WB/Kkg4zsOPh96C6Gtd1NgjrCwibDxBDUIgKbWVK9b3LQ80FHSmdUC1vQfxplTt+G0zchiaP/HTHjXfrMy5f5w0k6gP5dTLL58/FJtUUF4O1CWqkr9tsPhKtvEAA1t9EIHUYGxsY7fIsUTmZe6vLT5KGD6sbjBFD2I6IHxQsKlzYwO5GBC2OGYQbbmFJZNyVVWShnEMZFRWnx283O9LewM64euJKJ5EVnuLFNOSrrljRS5gJgjS1IwyL3JqG6fzANqBfj+J8Vv3NOEkcNB2j4/1a3DIpqh2gO/ObnQn3TEtbYGCmiLtbv3S8Jx1J/Wvnz3PzwrfxoV6wxPF3qofQkALQWh5jQcj+gG/K30raYOxGFBXCAl7Ms6xmbn6wgsXy8sABXGAQsuvPie8422KeZ1J3nd3DUfzMUeGNy2clDVgDTvfttmPlPeS4RdQCQZ9tbos8TsJIKWlHGRy+77cXmqvA+QYNvmUk5CAPaGL0gWktChvdRz8VHC736OXQzEN6kKFZKNzEo0xYjRUgMCuzy0c10mE4C59FyqQi9wjqmukzaUh2lCMgxXpueGNZQHDBT6pZYlO7gYDtkgq7eyVXhcHW2xVhYh8yaQMDANAhSad6oGEqmf812tgpCq8sM4zWysX6bU+7MPRkWXTcRPJh6EtTrw2wMED8Op0pQ==
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: gitlab-internal-integration-registry
|
||||||
|
namespace: kube-system
|
||||||
|
type: kubernetes.io/dockerconfigjson
|
||||||
|
|
129
kubernetes/grassroots-ingress.yaml
Normal file
129
kubernetes/grassroots-ingress.yaml
Normal file
@ -0,0 +1,129 @@
|
|||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: grassroots-ingress
|
||||||
|
namespace: grassroots
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: nginx
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
|
||||||
|
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
|
||||||
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||||
|
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
|
||||||
|
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
|
||||||
|
nginx.ingress.kubernetes.io/cors-allow-headers: "x-cic-automerge, authorization, content-type"
|
||||||
|
spec:
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- meta-auth.dev.grassrootseconomics.net
|
||||||
|
- meta.dev.grassrootseconomics.net
|
||||||
|
- user.dev.grassrootseconomics.net
|
||||||
|
- ussd.dev.grassrootseconomics.net
|
||||||
|
- ussd-auth.dev.grassrootseconomics.net
|
||||||
|
- cache.dev.grassrootseconomics.net
|
||||||
|
- dev.grassrootseconomics.net
|
||||||
|
- cicada.dev.grassrootseconomics.net
|
||||||
|
- bloxberg-rpc.dev.grassrootseconomics.net
|
||||||
|
- bloxberg-ws.dev.grassrootseconomics.net
|
||||||
|
secretName: dev-grassrootseconomics-net-tls
|
||||||
|
rules:
|
||||||
|
- host: cicada.dev.grassrootseconomics.net
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: cic-staff-client
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
- host: dev.grassrootseconomics.net
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: key-server
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
- host: meta.dev.grassrootseconomics.net
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: cic-meta-server
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
- host: meta-auth.dev.grassrootseconomics.net
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: cic-auth-proxy-meta
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
- host: user.dev.grassrootseconomics.net
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: cic-user-server-svc
|
||||||
|
port:
|
||||||
|
name: server
|
||||||
|
- host: ussd.dev.grassrootseconomics.net
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: cic-user-ussd-svc
|
||||||
|
port:
|
||||||
|
name: server
|
||||||
|
- host: ussd-auth.dev.grassrootseconomics.net
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: cic-auth-proxy-ussd
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
- host: cache.dev.grassrootseconomics.net
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: cic-cache-svc
|
||||||
|
port:
|
||||||
|
name: server
|
||||||
|
- host: bloxberg-rpc.dev.grassrootseconomics.net
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: bloxberg-validator
|
||||||
|
port:
|
||||||
|
name: rpc
|
||||||
|
- host: bloxberg-ws.dev.grassrootseconomics.net
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: bloxberg-validator
|
||||||
|
port:
|
||||||
|
name: websocket
|
57
kubernetes/key-server/key-server-pod.yaml
Normal file
57
kubernetes/key-server/key-server-pod.yaml
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/pods/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: "key-server"
|
||||||
|
namespace: grassroots
|
||||||
|
labels:
|
||||||
|
app: "key-server"
|
||||||
|
spec:
|
||||||
|
imagePullSecrets:
|
||||||
|
- name: grassroots-registry-dev
|
||||||
|
containers:
|
||||||
|
- name: key-server
|
||||||
|
image: registry.gitlab.com/grassrootseconomics/devops/key-server:latest
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 200Mi
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
name: http
|
||||||
|
- containerPort: 8081
|
||||||
|
name: http-internal
|
||||||
|
volumeMounts:
|
||||||
|
- name: pgp-meta-test
|
||||||
|
mountPath: "/etc/nginx/html/"
|
||||||
|
volumes:
|
||||||
|
- name: pgp-meta-test
|
||||||
|
configMap:
|
||||||
|
name: pgp-meta-test
|
||||||
|
items:
|
||||||
|
- key: publickeys.asc
|
||||||
|
path: publickeys/index.html
|
||||||
|
- key: signature.asc
|
||||||
|
path: signature/index.html
|
||||||
|
---
|
||||||
|
# https://kubernetes.io/docs/concepts/services-networking/service/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: key-server
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: key-server
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 8080
|
||||||
|
targetPort: 8080
|
||||||
|
- name: http-internal
|
||||||
|
port: 8081
|
||||||
|
targetPort: 8081
|
260
kubernetes/pgp-meta-test-configmap.yaml
Normal file
260
kubernetes/pgp-meta-test-configmap.yaml
Normal file
@ -0,0 +1,260 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
data:
|
||||||
|
privatekey.asc: |
|
||||||
|
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||||
|
|
||||||
|
lQWGBGCufzABDADb+aeREhuVWeqoWyeGosQeDypDnFFPlutXUtfEBMjp05gt+zhq
|
||||||
|
o0TCmS6U5XIRTsKimEQepvuZ6MmWznv9mhSEYFNHfJkrzoQSstw7YNbzMR8hhjqV
|
||||||
|
T9xaumSbOhxKXIdioZi8xk/z4PFxxCd8V16oS3+s6/n40f1aNaz4onB8ATNoRl3g
|
||||||
|
Qn+bn4FNOpQWGEI8zXqzFQduuXwDfBJ7ZuQYlh0o8vIowml3xcJjLlRz068nYRR5
|
||||||
|
yX1MTCJmxTC028Ep/EcIi5hgsnXqAMCweYCnMCAft+7a4lVSziNQc+4lhG4hQaIO
|
||||||
|
zNUcr3iPsyGEd3/PZi+AdGStX7nnHr34b/M59LGAvtoMEXi4z6UjMEoYDKdm9GJ8
|
||||||
|
0z5CFwElj28RgVilawDufluycmfmRTY5B+1Oq6ugN30xEjgPEoGKbZHwm9+9WRek
|
||||||
|
81YV7GhgwOO7UYbSK4rsgD/B+Cse7ADXD0o9DGvULYjvD5BpMG0jdRkFBTFFZ3UN
|
||||||
|
kb4UZtILMyPQA7cAEQEAAf4HAwIUu1QuUtT4sOClIovUmBqdEwQ4uzir883YkCQ+
|
||||||
|
p2zfZVNWjnMqWv2UnVVelumWlkLXFe5eYbYVfl+VN563xZremkZp1/pxUMeH48FT
|
||||||
|
M3xb2rTulthQLydwDftq1mTmcMaXKoeoHmbEqM7AtmVTN7NnsGYZ+2bmL6JYo54V
|
||||||
|
/C9dtc4ZLrVtHkJAI2TqxebpYEzBUFM+l0G6xUo8r5SaDWCU6WEtY5zD1m86b1yT
|
||||||
|
PZ0IyvfUEOCKE9zs+gG/CjTmYrZPnLIHTeFcLuexB4OJBnJ+n4P92PJlDXNkBmSp
|
||||||
|
fyGFykRtT6rgiBmW2mu6pA52Yn9sonrYREvxIUsk57ADvTFPWQxEan94QBKVb363
|
||||||
|
ADzOaluuxlD9y30P5FgJNQGoamPlfN8haMRCjHuWjfb3KVc1E+SaEHubF532/QxN
|
||||||
|
BtujSE1O4ieymilCBHdcBOazi5+89h1zwcj2QWo9+VKnYXqIWnmH4T94d64wkPht
|
||||||
|
4rCpyWlTsAWvJTUBpoeIyofTB3uRx+nogvLBJisdaahPOyGHxmj3ARwa43WH4xZj
|
||||||
|
rkkeCSd6bCtnTIHWrscYeNkmp+yg75uW30Rs5litKYZ/TwsYrHPOVHyDax0f/mOH
|
||||||
|
4L9Jy2pT68i6AON0H57oET+lNZmfWSi9nCvoJNYkbAYuApnQM75zwgZuvPed3uAN
|
||||||
|
NxlYaWxPhL7CzyVZYPdX5LdfN1sGK1nHE38G0k82NNkNJH7Bqz55ar2cLPxDWJjD
|
||||||
|
iso4mBO/9bEOTGrpfI7EhuuQIk6pML20yD1v/Pmrqkys58gxJ8GrLucv7b1J2mB2
|
||||||
|
b1wVxi8ftcttpSni6uDjUPRoEEAOAojyuwOfNcUhq07mvjPwg2JBCi4LJsRVL7jc
|
||||||
|
jKJBa73Ez9WvgkwbW1d5w9yDEdos6MBMHZQueKrWKhOiFnToAce3PSwUh4jx3tN6
|
||||||
|
eVKkBnc/r48Q5ZvJP4JfVqq9tmO55GeXp5UYQtSIHYwAKNpxt9OdGR8qNvgMO3xu
|
||||||
|
CCibusYv6Jis4QnnFUl+KsZZLk0afq7KvXdfvBs0QNfGzd5IdGFXXa7+hwlHaRG5
|
||||||
|
j8k3T/5DjzTdE59r7PA5l5aUcN+SamkhGNaJMm4TRSJBGwxUkvX3rSfinA8WCh19
|
||||||
|
8BSoFMWSYP18CEDsHqZKs9QgKTFx+KiYmh/nAcTZrSrgLWCz0Bzox097zUurwDs9
|
||||||
|
ZBtcZonVBnUOYX/YT1oqSVXJEpynZ5HfdkZ4l2jfp3ixMeuE4gJvELzOA2Y8FaM/
|
||||||
|
oDYt+Danj1bcKNcXWKOPyW7qL1LjiD1VC5oVlhUiw32YSLh4blP5SrHQTGyetLVi
|
||||||
|
TWaTh7z2Rhyf+PGpfnUWu2Hsp1V1WdfzArRMUXVlZW4gTWFybGVuYSAoU2hlIGlz
|
||||||
|
IHRoZSBxdWVlbiBhbmQgaXMgdHJ1c3RlZCkgPHF1ZWVubWFybGVuYUBncmV5c2N1
|
||||||
|
bGwuY29tPokBzgQTAQgAOBYhBMzi4dLQ42reBAXi0JlbshgWMTvVBQJgrn8wAhsD
|
||||||
|
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJlbshgWMTvVLqQL/jnG2Y3ua7d9
|
||||||
|
CC83VFeOkMOVkZs1Vl4/2o9fsdo2Ji4YxaozKatboJubwpO3NjLaFYQx6+C/6btm
|
||||||
|
IZ5kFVBHxDB4sw8rKfkl56DqQMKXjAyWYLcC/UNcZdfV4w0+Woj+KgL1uh1bxpiU
|
||||||
|
My7NNnxvPzo2YGMrOg0xbjhwuPuXHv0bywrJS8kFnHEz2o75afHmwIZmmzZci4Fw
|
||||||
|
pFDYxOWszFRF7XcQu0tlJj/eRzr/T9eOlhtTOs5/Fjt007TNOjBBHsF9U3zkf1AX
|
||||||
|
xn3kxFcdgbdYXEMp2uSr+sMSFqSsnm9KAqwC+RU8iG2Sv9Ff5YnOvg7CfqymGGFi
|
||||||
|
eLvplMxpqdlOpywMrhpXqT/a54vqzxeJ3axTKkg/c3T4Gek0P0IAsM6nTWa43zVm
|
||||||
|
BKhkFNdP3TuTvqQFy4ZqLFDNHCk4SfNSYW1Dei+irvcysdFb6+ZDXAYNdk0N+Ajl
|
||||||
|
rwxcQSQaA6maufgcO/sA+b7e0JOMgM2Dr5LrND4Uz16zMGYgeQQp/p0FhgRgrn8w
|
||||||
|
AQwAtwZKgIDeylKFox3edzPBTS5ZF5Rs46Wp6e+OF1ecvfbQmPV8vHPZkLrNYTt5
|
||||||
|
UODKJJLJO5hopNgJigMHmAbrXqFSZB/XrkkwfuZ6yY3Fyxa7qaSeyEdDX0SH3533
|
||||||
|
EP7vDFryZEt5bO9g1aUbPeBYamSMfrkgGdj7M+ToERuvpVV2LhgBAJeAbnk+2a0S
|
||||||
|
/Jcx873mWax/TmFLz2yO2TZFT74iMC2CyQMLPbjq/r5gaMsMzRj20jJ4+matT88X
|
||||||
|
L4lr3JkytkWx5H9G+n0kuNXmq6GTklwMXyV7XIux9iUvqhr7+cSqJFniVbiGbWTo
|
||||||
|
zfBk/rJrCCcCN+zUh+iQUtVbw4WsrBvo7Po+urlw0bbf/BptOmhQ+bICAApxVR/F
|
||||||
|
0teNe82LaFHrRXcQOm/F4cJqMPtZvBz/iOJO+nqGDgRsgUR8gA48RZdRgYxS5ePR
|
||||||
|
bWEKUhlmtyju9162CP2c24FqBuUb+nYz0F3vnRhRC9n5MO7ZjtNFkQwl6O+wJ0UA
|
||||||
|
wnqdABEBAAH+BwMCtM/xijzS4N3gHy+0b+fuxTijqtNa/w4U3efhzEByB43uK465
|
||||||
|
i/mNLD/JaAcegWEdi1kAhxJchemlxtnNYyXo00KVFoEkU8nMCwfSbuXuVDTcRHUp
|
||||||
|
7ruHgI0s+71q1M/IfVrr43UxwWNzMAahJT2Nl3NDgRSU4lPRnDAhSEknw93J/6w4
|
||||||
|
DcvOZZjvmVsxA/95S8JqO4sdPnfv/aod1+UI8s03vN17WKlvMYU4OJnfGhkw3dfI
|
||||||
|
sC7JYF/l/VrZ+rRSLsMitMRqlNJndIR4h0ph8dg/LfIhOJK8h/41MPliw1w32qyN
|
||||||
|
m1d/fQgkLBi3dTgZPIxFEjH2povCErYmzOt/axHAp8o3Fhj4leXq8noTuX5aQ7MT
|
||||||
|
Ccp9xt5bQdpTkb2ZPCS28DrKqKHOFyK9NQJe37qzoDedF5HqDECo/bE7dnYb+xZc
|
||||||
|
Wa91CTdlzWrlVRPvQ0NhnxWoUuveG5ytVWpMScQIsqt13PL4H1pDaPG6I8kHrWjJ
|
||||||
|
BW+7iVafvb6rRQCQXs3ZX56X8syDZh+wVzXsiCpojWH8ydgpltr4AjN7iCMcsHqI
|
||||||
|
Gd+OOB9DOdAbZU2xbBQ74vQZS/hfrswMdSixeOYRFCtfNqCHRrifryPSG2po+OkB
|
||||||
|
AJ+JJECvIFxLZwgMxT4AH2fDP7ULa8IDj+5oIwziGuqX6qbQQsRiExvWOOP281M7
|
||||||
|
AaVcOjeEGgc+puNxM9PzwIZWHxETi7ks2QDJQHQqD+MxdkLztqAnR+ln+hZ/WAQD
|
||||||
|
197wu4WG6OSpjaw+khMSl2tAOKZzeyhZGanC3VhFe1Z9CzWmwSgeO6aOXejFTzeE
|
||||||
|
A2ZRD9QjvdIIFj0aaLshsFcF/inO9HHRlmJMYmue4PLJYJTBvs/N4/XWdWUhMWxG
|
||||||
|
YJTBp335WtGsuqCWVZPzJb5lkcdC8yUa4FO3Z/fmHT3tKZSrvwROa7YBqDkUfhuP
|
||||||
|
64/4n1TVXcgRMA4IgEJNYt5mVVgOb8o/0G13LqoByI9/V8sHrW0TTIZPblyaoFah
|
||||||
|
BfnWekdgWzeyYJWgm+IzqVAWOgrkQAzalFuZuBF0qoYb2SDdqohNw/erTcd3CM35
|
||||||
|
dgQozqFpKeT31HRVYOjA0ZyjBllY3EYTCU5mFtfH45Ao7d2C3lbRiHzXOxS0sF0+
|
||||||
|
fIDKZXHXAnt141Ni1vNrs+WxyfJ5yMZHEQ5R0o749I67rg9x3hXnwDUw+mzibBOx
|
||||||
|
U/7xxcuRe5PkITjk2EwjkZvrM4KEHsuVvRQF7cJ9AhqYFaVZKOBGAvKJ5OGaijaF
|
||||||
|
oiKNP1vIpmCvFHS2kD8mi8oMx786f8Tks6r9gCFq+nnSbFV3W2hzzwD6825V3wMB
|
||||||
|
d28RBBk8wtyD2G5mAWQNHISJAbYEGAEIACAWIQTM4uHS0ONq3gQF4tCZW7IYFjE7
|
||||||
|
1QUCYK5/MAIbDAAKCRCZW7IYFjE71fmOC/9zly33PS50gR6kcFtN8KBgfNcwd/Yz
|
||||||
|
ZzI8A2o5nAFhcHwWH/f25hGXxbh3hGoz8NaiGFFktiefaQ+9M2Usb15OSjTeKT6H
|
||||||
|
KoBxSkn641fkV77Ed+a0rGtOhrelKviqQJtS/5509LbIpiYPpfSEw0OwlHfY7ZeA
|
||||||
|
l3PCOZHkiyOwR/hmj2gbHpbSqxSJdWftTLMUDaCTzqfSkIjkB6pTgJkLPM4eUnTL
|
||||||
|
xFP4VckDhbnj1a92AjI0BoUVRlQUKDwhquDlP4XjOmRSRZh4Yi8cQh0MDN3SR72x
|
||||||
|
wP3953xYOYanABMcANqV0wPRm1tLXORT/kQDBVsDsYATS9a5Kt4QyF6FnR16rcK5
|
||||||
|
lAqXet1/O1rvVvaJDzXnzoQOa0ORgdFcti+2pdCbwNy3LY2LvJDl+I4PDGTqk32H
|
||||||
|
/HUuCprWkcZu2dLCP0TeEVRg95wyCFc4C0G1eL6yeIKcH/l6Dp5ToLfqpaIt6LXL
|
||||||
|
HpfJD0o0eOq46T+IQlOFsqLmeqZTM7wRlwM=
|
||||||
|
=8eSx
|
||||||
|
-----END PGP PRIVATE KEY BLOCK-----
|
||||||
|
publickeys.asc: |
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQGNBF+hSOgBDACpkPQEjADjnQtjmAsdPYpx5N+OMJBYj1DAoIYsDtV6vbcBJQt9
|
||||||
|
4Om3xl7RBhv9m2oLgzPsiRwjCEFRWyNSu0BUp5CFjcXfm0S4K2egx4erFnTnSSC9
|
||||||
|
S6tmVNrVNEXvScE6sKAnmJ7JNX1ExJuEiWPbUDRWJ1hoI9+AR+8EONeJRLo/j0Np
|
||||||
|
+S4IFDn0PsxdT+SB0GY0z2cEgjvjoPr4lW9IAb8Ft9TDYp+mOzejn1Fg7CuIrlBR
|
||||||
|
SAv+sj7bVQw15dh1SpbwtS5xxubCa8ExEGI4ByXmeXdR0KZJ+EA5ksO0iSsQ/6ip
|
||||||
|
SOdSg+i0niOClFNm1P/OhbUsYAxCUfiX654FMn2zoxVBEjJ3e7l0pH7ktodaxEct
|
||||||
|
PofQLBA9LSDUIejqJsU0npw/DHDD2uvxG+/A6lgV9L8ETlvgp8RzeOCf2bHuiKYY
|
||||||
|
z87txvkFwsXgU1+TZxbk+mtCBbngsVPLNarY/KGkVJL+yhcHRD0Pl4wXUd6auQuY
|
||||||
|
6vQ9AuKiCT1We2sAEQEAAbQeTWVyIE1hbiA8bWVybWFuQGdyZXlza3VsbC5jb20+
|
||||||
|
iQHUBBMBCAA+FiEE8/r2aOgu9RJNUYe67yb0aCND9pIFAl+hSOgCGwMFCQPCZwAF
|
||||||
|
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ7yb0aCND9pLwiwwAhFJbAyUK05TJ
|
||||||
|
KfDz81757N472STtB8sfr0auwmRr8Zs1utHRVM0b/jkjTuo4uJNr7YVVKTKgE7+r
|
||||||
|
J+pwhm3wlTQ44LVLjByWAi/7NWg3E9b2elm+qkfgm/RfFt3vkuOxGSyZyIFFh+/t
|
||||||
|
wv6iABPvr6w7MZwrFaS0UP3g1VGa5TFqg6KNxod9H/gPLxv45lutXf3VvBZTJpr1
|
||||||
|
pxn7aLHlFzEyIgNZbP/N1QF44GSrN/k0DfL631sZjauUXaZXbi5xGsKKCYwJ1g3q
|
||||||
|
587pi6mTdTV3n0hKgVuipO8hGy5++YeOv+hXsCxDwyZ+Shv+qavd/SapxYgCdEue
|
||||||
|
uwONIFfsIsWCd3SCcjKXicTTEFMu8nvBmf7xuo2hv6vEOxoijlXV+4LkGrskdB8Z
|
||||||
|
Mg8PywEx6DLmDokgnAhTLrTc1ShbkOtQ3yNjjyFK7BDpqobsJal6d8SpbhccUJLe
|
||||||
|
paSmsk0CgJsTjhAl6EwX0EYgTo3kP5fScqrbD8VwQaT8CcE4rCV4uQGNBF+hSOgB
|
||||||
|
DADHtpTT1k4x+6FN5OeURpKAaIsoPHghkJ2lb6yWmESCa+DaR6GXAKlbd0L9UMcX
|
||||||
|
LqnaCn4SpZvbf8hP4fJRgWdRl5uVN/rmyVbZLUVjM8NcVdFRIrTsNyu4mLBmydc3
|
||||||
|
iA/90sCTEOj9e7DSvxLmmLFjpwM5xXLd6z0l6+9G+woNmARXVS3V/RryFntyKC3A
|
||||||
|
TCqVlJoQBG45Tj2gMIunpadTJXWmdioooeGW3sLeUv5MM98mSB4SjKRlJqGPNjx5
|
||||||
|
lO6MmJbZeXZ/L/aO6EsXUQD2h82Wphll4rpGYWPiHTCYqZYiqNYr6E3xUpzcvWVp
|
||||||
|
3uCYVJWP6Ds117p7BoyKVz00yxC9ledF3eppktZWqFVowCMihQE3676L3DDTZsnJ
|
||||||
|
f1/8xKUh5U2Mj3lBvjlvCECKi00qo8b1mn/OklQjJ5T4WzTrH6X+/zpez8ZkmtcO
|
||||||
|
ayHdUKD/64roZ9dXbXG/hp5A+UWj8oSVYKg2QNAwAnZ+aiZ2KVRE/Y61DCgFg6Cc
|
||||||
|
x/cAEQEAAYkBvAQYAQgAJhYhBPP69mjoLvUSTVGHuu8m9GgjQ/aSBQJfoUjoAhsM
|
||||||
|
BQkDwmcAAAoJEO8m9GgjQ/aSIPcL/3jqL2A2SmC+s0BO4vMPEfCpa2gZ/vo1azzj
|
||||||
|
UieZu5WhIxb5ik0V6T75EW5F0OeZj9qXI06gW+IM8+C6ImUgaR3l47UjBiBPq+uK
|
||||||
|
O9QuT/nOtbSs2dXoTNCLMQN7MlrdUBix+lnqZZGSDgh6n/uVyAYw8Sh4c3/3thHU
|
||||||
|
iR7xzVKGxAKDT8LoVjhHshTzYuQq8MqlfvwVI4eESLaryQ+Y+j5+VLDzSLgPAnnI
|
||||||
|
qF/ui2JQjefJxm/VLoYNaPAGdqoz/u/R0Tmz94bZUfLjgQaDoUpnxYywK2JGlf3m
|
||||||
|
PZ3PNWjxJzuQTF5Ge5bz/TylnRYIyBT7KD7oaKHO62fhDbYPJ4f94iZN4B6nnTAe
|
||||||
|
P34zFDlkUbX4AHudXU7bvxT5OUk9x9c2tj7xwxQHaEhq2+JsYW0EVw27RLhbymnB
|
||||||
|
fLjVVUktNF0nQGvU2TEocw4pr2ZkDHQkSnlbNa4kujlL7VzbpnEgyOmi5er9GaIu
|
||||||
|
VSVADovBu+pz/Ov1y/3jUe8hZ/KleZkBjQRfoUkaAQwA2r2HiLvpnclyZMoeck1L
|
||||||
|
FoVyEU/CjPcYWF1B76ekO9mrlYvbKsnsyL0WcuEqwCmHdLk70i743Fn21WQK4uvv
|
||||||
|
lvrEpev9aj9DihyLctv4qrPm6wAU/Xibf75tg1iRL+muMQfv6hQhjdhwkYFx/7XQ
|
||||||
|
6UWkEibqFS7xJwrhz9lHL4KTA4sO5PeW713+mpz7tM5RmGV6NOQAyEEfAv6OawlW
|
||||||
|
k0f5o8xngIoyo2BS5qIeEBO+iz45+GG8GQC6XufOIx7VVl++ZpsxZKtDq/AXfAsk
|
||||||
|
xfLRwZMqH9Db5pPMzrL1bPV16AwoWqhAGd2HIMkODLEC5XTGIKCqO5+n288rHhAJ
|
||||||
|
TqFmE7TpAo+Eb0Tkk4jfm6LyRonmQGpu/Zxa53n5D6d+AgYWAMeHkEthWJkES4mK
|
||||||
|
pZu4nV21+n9mynnPg8wzthL705Q6IBjtlxX8EP6eeRFE1BUCNp2RZttTSdI+8iwz
|
||||||
|
YsGOJdJeeXeLOGhvU9/PLkRj9jgZLgCLAo1QGo2oxetZABEBAAG0IkJlYXN0IE1h
|
||||||
|
biA8YmVhc3RtYW5AZ3JleXNrdWxsLmNvbT6JAdQEEwEIAD4WIQT2ReBH7lvE4oJM
|
||||||
|
lNtC3JHPqKugKwUCX6FJGgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
|
||||||
|
gAAKCRBC3JHPqKugK25hC/9VF1fekj0IKnrOJRUcK/Cv4RBowl60V91w27ApsoP2
|
||||||
|
awEJiFhY7qRijtkA3NKrT3tke7aTnC3yAJ8SFOmvIAC94ijb7Iv97xkG+1IIz8pv
|
||||||
|
ru9y+dzd2NnvCkts8gFF0CI/xtEME90rU3Pay9B5IyrpP++UdmSmnp3Neuwi94BZ
|
||||||
|
DfMlqkeiYOzWWSeYbmSSVfKTXeBdUuTyfRI4m/bPbh6gegOB/XdgSIrNY74D0nR3
|
||||||
|
np0I+s0IGZepK24kgBKfUPwRDk7f98PXCh29iL3xH+TBxu30WHq7xKmPoXxCRyFL
|
||||||
|
tnKF0MN5Ib276fHnJZM+hXf5i/1EPi4NLnk86e7fNI69hwiUd1msEt3VmZWe7anJ
|
||||||
|
e/1p3sSXwbQGhhGWM5K41/rQ1CZ9qD95d6wkHRSc0n4z78qxgYV73yJHinN8xIFn
|
||||||
|
PWbopPPIJbELSoM3IEpHobsj95pH4hzZAPSmDfOfLzV1G2ec1QPfWnTqUriUt7ed
|
||||||
|
Ds4//7Cczj6sRh2B6ax2diC5AY0EX6FJGgEMAMqxn5io6fWKnMz8h5THqp4gEzDu
|
||||||
|
oImapfMKbAKcxEtJmcLkvn+4ufEP/hcll66InqJHsqMOrdb+zbduCruYWpizhqCI
|
||||||
|
GSsuRu7+ZEEkQFmF5juCOV/5qKQJgZZmxSKbRtboapMRR/jmg1pvhnUG7wJOGWi7
|
||||||
|
qv+iRdsWKskDO7tUQE34+ID7IwfDZe2fbFKxf66nPlUunF8aMglsvGmtCEzm/xwj
|
||||||
|
unHnmoqZBQIzTdEXIaEwhVosbgY7A1iwOJ/gT2dcF2KJa7tygrtcbgdVzYCibynw
|
||||||
|
tlvDGXukweuYLQFsObyBG3UHRhJg61p7n344sy1U9uwCP3/pVCr9bNY9mLZpCgHF
|
||||||
|
kqxErmB8cWouQkbwnqxQFm21KtGFzjUawuKBXVtDEeA8C5Ha0sx7lw5JrX8GD3EL
|
||||||
|
60qKWjqujJsR1kyijXx1No7Xr9NWWuPoIDYH06ZoYE+j065VTRqZIGr3NjUZnqT7
|
||||||
|
s9M41roQMnKAzRBXousRXRW9dXfS5YIG4nWTlwARAQABiQG8BBgBCAAmFiEE9kXg
|
||||||
|
R+5bxOKCTJTbQtyRz6iroCsFAl+hSRoCGwwFCQPCZwAACgkQQtyRz6iroCt8igwA
|
||||||
|
gopqy+UgxJ7oTL2zvOgL1ez7bv+E/U1/7Rdy5MHwr4WF6oZRpIBlgv3GXXeIFH9b
|
||||||
|
FdDhgyPKgh+Tz24JBL+7YjUtWGe/G/pmmNK1YazB/OxrwiGFpTCyk1zhxEkhMu7H
|
||||||
|
u3LgD571K+4TUUpaPCqEeoBBg6O3T29DH1AxpWpEPGXlOrRDHYgVziEpLdUNahAj
|
||||||
|
F53auNWvya+Vc2qZwM4NFt608LLf7J5yIA2vbsvf6+gVopPE3whXESKXo08B2hC1
|
||||||
|
f3Pr9/Tgt6oIvy9/dAcTMalxRyyc42E2wX5kyzDlfhY9kqaNNfaGMZJO5g//gB7B
|
||||||
|
dtrAfo/LhWtary/YfAOtbbnMYkf+HODAPZItaIjMZngBM0c0m78YoCetAQE8uBFK
|
||||||
|
6aXmht3BZGPOwgyZpK5QT6ClYst2N9ca3tPUEfnddotKySmCEk/JWtu5/0lFl75W
|
||||||
|
zHulc7iUNGJmnUffVZyH12CjBWsTtqombHDkdEKFocavqpVcCCbKbtW5GZhuZC65
|
||||||
|
mQGNBF+hSUIBDADStlWquV7SdREZtxXBVVzdCkV1xkeHYfo2Z244W0LTwmvpbO+o
|
||||||
|
6P5GCAW2c336qWElsMO9ujeV2nuUZy3k3AtJLx19iWC+ywYVzJ8f878XAxq0ya1V
|
||||||
|
BBnfsBc7iRI3umf2JSi+fHXf9l+rJ8Zr5AkLrUo3tQoxX8xWQIfUVY481nlkOvuM
|
||||||
|
txEI6h1t+z7PWjAJsdKKdevRPApPIBGXX0iGE/98ATsLYtvh9ln26j1SrSdtKpPk
|
||||||
|
tuYve3zkphlZAdf5ReViicik6gpEdyEfIxNab6nyV8LTbSeCHe+6/cz+AEqA+cr3
|
||||||
|
K3MwriaapPzNhRV8izzGnIWChIZptGBKH5nLivfIAB/hbOgU6tM+YgUKrpJCXXA1
|
||||||
|
My2q68o2kARJxh6s0tuuT6pFEAG9RmzS3ywrPz4PAgkwrJA1uUa9fy9ngkOnQN3C
|
||||||
|
EeVQTUU55b+6zVhW1Qq8PII6AGqj1lSY9jLpjxEr3q227OlTaxfgg19x5o9rcycc
|
||||||
|
AZlQqzL2p3Z7HZ0AEQEAAbQcSGUgTWFuIDxoZW1hbkBncmV5c2t1bGwuY29tPokB
|
||||||
|
1AQTAQgAPhYhBIYPcR68MZb6cOhv9wDz8yhlQWZrBQJfoUlCAhsDBQkDwmcABQsJ
|
||||||
|
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEADz8yhlQWZrD0YMAJp6WkrSzghIgrGm
|
||||||
|
EquhUPu4n8dnaGraGxu1Om9Z6HrUvphBvm/yZMlZxYbsQRvd8DUCuQD7fScBS12W
|
||||||
|
X3AYe001REfAbj0kDAdDQ0Z8sFCeCDSBJ9ulX07FzTHH0qROcSv6NONjGYVeTFic
|
||||||
|
L2W0rATygnFzzjjSGboMq1qA8u6/5JNM7MAxJcIS0Dr8Fhdwv8TwTJrVg6ZzJDHN
|
||||||
|
8OVAUkPaciQI5lDDP5+kOVqbZZ92Ua8byxKtNACCdSsWZr2OvYyjUz4JKMp5X6yH
|
||||||
|
bDQB3vlwRkRS7Voo3pUGsdLwiBWiryklSa++DIbBemrALFLc5YnLgfCV0frPOEqs
|
||||||
|
dDwWECRxwN4r+2DjY6TYCEEDfhM2Hm7MoMx/jM4uhI4KwPdOKmHsBPVBeXqBRXz3
|
||||||
|
2NMMZg6to0HRjDapR8AkbfdC5vjiuwnDA6llmxnVtx2oPX3g8RVOIw65f8KfWzWS
|
||||||
|
fzEqhoKTccsHMMza8J1ax6T6HXkqa/Tt/B/3d7nUzp53V3luG7kBjQRfoUlCAQwA
|
||||||
|
4rFxmKwr4RAoVEqhDDWl8ecd/KQXEg0iCpkkmED6mEpPE9qAi8ORNId66E+rveS1
|
||||||
|
SsbmbqVlrN9iHphtvYqvlwwb2IkgPaFpmVSqWrQ3yzEPrL5CLAWiiEq7M4ux7pue
|
||||||
|
YKcOmv3wQSta9eMgy9jaGUXrxFl4qotCevcEsLzkKC045OdVxkL++NFsiQUSfMYO
|
||||||
|
tgGKXuBh0ycI/pOb66lY186zPT0tR+QA18uzeCizEjhCZmPIlPHjN8NOEM7ZLU4U
|
||||||
|
QrLdSrm1quhO6DvGEoO5FulvGtp5hVHdJL5oB7svzNurXB3WVjdXCnRijoaCR07A
|
||||||
|
/X9JVZY2+kRxdl6ZkuLZxb5UE6usW7pTA5DKiuFG/w6CSGZA1Dv3+yoZnjN8KhnG
|
||||||
|
mIWmEJgvddWWoaJ3wFvSAGkYa3qBLX3noV3ZCm0c/r2LBcyFGyuyddEhg9wrqWU9
|
||||||
|
vM7W/4BkTqSJdeMRlS9FD803V9GqxAJBJ1KOSFt2s6b+ekYCI/d+Buso8GPp8eUH
|
||||||
|
ABEBAAGJAbwEGAEIACYWIQSGD3EevDGW+nDob/cA8/MoZUFmawUCX6FJQgIbDAUJ
|
||||||
|
A8JnAAAKCRAA8/MoZUFma/gCC/9xkH8EF1Ka3TUa1kiBdcII4dyoX7gs/dA/os0+
|
||||||
|
fLb/iZZcG+bJZcKLma7DRiyDGXYc7nG3uPvho7/cOCUUg5P/EG5z0CDXzLbmBrk2
|
||||||
|
WlRnREmK/5NTcisCyezRMXHOxpya4pmExVMqSPGA0QbKGwdHqfbHQv2OyI3PYBKv
|
||||||
|
lN+eu6e5SEbT76AQijj5RSPcgbko24/sSqJylD1lnRocQK1p4XelosBraty4wzYS
|
||||||
|
vQY9dRD4nafxPHI3YjKiAG0I7nJDQ0d1jDaW5FP0BkMvn51SmfGsuSg1s46h9JlG
|
||||||
|
RZvS0enjBb1Ic9oBmHAWGQhlD1hvILlqIZOCdj8oWVjwmpZ7BK3/82wOdVkUxy09
|
||||||
|
IdIot+AIH+F/LA3KKgfDmjldyhXjI/HDrpmXwSUkJOBHebNLz5t1EdauF+4DY5BH
|
||||||
|
MsgtyyiYJBzRGT5pgrXMt4yCqZP+0jZwKt1Ech/Q6djIKjt+9wOGe9UB1VrzRbOS
|
||||||
|
5ymseDJcjejtMxuCOuSTN9R5KuSZAY0EYK5/MAEMANv5p5ESG5VZ6qhbJ4aixB4P
|
||||||
|
KkOcUU+W61dS18QEyOnTmC37OGqjRMKZLpTlchFOwqKYRB6m+5noyZbOe/2aFIRg
|
||||||
|
U0d8mSvOhBKy3Dtg1vMxHyGGOpVP3Fq6ZJs6HEpch2KhmLzGT/Pg8XHEJ3xXXqhL
|
||||||
|
f6zr+fjR/Vo1rPiicHwBM2hGXeBCf5ufgU06lBYYQjzNerMVB265fAN8Entm5BiW
|
||||||
|
HSjy8ijCaXfFwmMuVHPTrydhFHnJfUxMImbFMLTbwSn8RwiLmGCydeoAwLB5gKcw
|
||||||
|
IB+37triVVLOI1Bz7iWEbiFBog7M1RyveI+zIYR3f89mL4B0ZK1fuecevfhv8zn0
|
||||||
|
sYC+2gwReLjPpSMwShgMp2b0YnzTPkIXASWPbxGBWKVrAO5+W7JyZ+ZFNjkH7U6r
|
||||||
|
q6A3fTESOA8SgYptkfCb371ZF6TzVhXsaGDA47tRhtIriuyAP8H4Kx7sANcPSj0M
|
||||||
|
a9QtiO8PkGkwbSN1GQUFMUVndQ2RvhRm0gszI9ADtwARAQABtExRdWVlbiBNYXJs
|
||||||
|
ZW5hIChTaGUgaXMgdGhlIHF1ZWVuIGFuZCBpcyB0cnVzdGVkKSA8cXVlZW5tYXJs
|
||||||
|
ZW5hQGdyZXlzY3VsbC5jb20+iQHOBBMBCAA4FiEEzOLh0tDjat4EBeLQmVuyGBYx
|
||||||
|
O9UFAmCufzACGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQmVuyGBYxO9Uu
|
||||||
|
pAv+OcbZje5rt30ILzdUV46Qw5WRmzVWXj/aj1+x2jYmLhjFqjMpq1ugm5vCk7c2
|
||||||
|
MtoVhDHr4L/pu2YhnmQVUEfEMHizDysp+SXnoOpAwpeMDJZgtwL9Q1xl19XjDT5a
|
||||||
|
iP4qAvW6HVvGmJQzLs02fG8/OjZgYys6DTFuOHC4+5ce/RvLCslLyQWccTPajvlp
|
||||||
|
8ebAhmabNlyLgXCkUNjE5azMVEXtdxC7S2UmP95HOv9P146WG1M6zn8WO3TTtM06
|
||||||
|
MEEewX1TfOR/UBfGfeTEVx2Bt1hcQyna5Kv6wxIWpKyeb0oCrAL5FTyIbZK/0V/l
|
||||||
|
ic6+DsJ+rKYYYWJ4u+mUzGmp2U6nLAyuGlepP9rni+rPF4ndrFMqSD9zdPgZ6TQ/
|
||||||
|
QgCwzqdNZrjfNWYEqGQU10/dO5O+pAXLhmosUM0cKThJ81JhbUN6L6Ku9zKx0Vvr
|
||||||
|
5kNcBg12TQ34COWvDFxBJBoDqZq5+Bw7+wD5vt7Qk4yAzYOvkus0PhTPXrMwZiB5
|
||||||
|
BCn+uQGNBGCufzABDAC3BkqAgN7KUoWjHd53M8FNLlkXlGzjpanp744XV5y99tCY
|
||||||
|
9Xy8c9mQus1hO3lQ4Mokksk7mGik2AmKAweYButeoVJkH9euSTB+5nrJjcXLFrup
|
||||||
|
pJ7IR0NfRIffnfcQ/u8MWvJkS3ls72DVpRs94FhqZIx+uSAZ2Psz5OgRG6+lVXYu
|
||||||
|
GAEAl4BueT7ZrRL8lzHzveZZrH9OYUvPbI7ZNkVPviIwLYLJAws9uOr+vmBoywzN
|
||||||
|
GPbSMnj6Zq1PzxcviWvcmTK2RbHkf0b6fSS41earoZOSXAxfJXtci7H2JS+qGvv5
|
||||||
|
xKokWeJVuIZtZOjN8GT+smsIJwI37NSH6JBS1VvDhaysG+js+j66uXDRtt/8Gm06
|
||||||
|
aFD5sgIACnFVH8XS1417zYtoUetFdxA6b8Xhwmow+1m8HP+I4k76eoYOBGyBRHyA
|
||||||
|
DjxFl1GBjFLl49FtYQpSGWa3KO73XrYI/ZzbgWoG5Rv6djPQXe+dGFEL2fkw7tmO
|
||||||
|
00WRDCXo77AnRQDCep0AEQEAAYkBtgQYAQgAIBYhBMzi4dLQ42reBAXi0JlbshgW
|
||||||
|
MTvVBQJgrn8wAhsMAAoJEJlbshgWMTvV+Y4L/3OXLfc9LnSBHqRwW03woGB81zB3
|
||||||
|
9jNnMjwDajmcAWFwfBYf9/bmEZfFuHeEajPw1qIYUWS2J59pD70zZSxvXk5KNN4p
|
||||||
|
PocqgHFKSfrjV+RXvsR35rSsa06Gt6Uq+KpAm1L/nnT0tsimJg+l9ITDQ7CUd9jt
|
||||||
|
l4CXc8I5keSLI7BH+GaPaBseltKrFIl1Z+1MsxQNoJPOp9KQiOQHqlOAmQs8zh5S
|
||||||
|
dMvEU/hVyQOFuePVr3YCMjQGhRVGVBQoPCGq4OU/heM6ZFJFmHhiLxxCHQwM3dJH
|
||||||
|
vbHA/f3nfFg5hqcAExwA2pXTA9GbW0tc5FP+RAMFWwOxgBNL1rkq3hDIXoWdHXqt
|
||||||
|
wrmUCpd63X87Wu9W9okPNefOhA5rQ5GB0Vy2L7al0JvA3LctjYu8kOX4jg8MZOqT
|
||||||
|
fYf8dS4KmtaRxm7Z0sI/RN4RVGD3nDIIVzgLQbV4vrJ4gpwf+XoOnlOgt+qloi3o
|
||||||
|
tcsel8kPSjR46rjpP4hCU4WyouZ6plMzvBGXAw==
|
||||||
|
=Mjei
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
signature.asc: |
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQGzBAABCAAdFiEEzOLh0tDjat4EBeLQmVuyGBYxO9UFAmC4Be8ACgkQmVuyGBYx
|
||||||
|
O9W36Qv/amj4XpRAZfa5VAGKWWQq7RKtAsD7cIsygenG1BYUXFWSSQc4wnnbdmZF
|
||||||
|
vizM7j9ibWwhXIJuslA9oZaH2V+8Lt+69xUhN1EEKbYKZ45Amxm5Hi23Y9myUIFF
|
||||||
|
+uvgkayLHKIFH8vy5snVsll8QmmZvwPtu/+VuUWMHMeVqSbWQmAwz1+rwTAqGbbO
|
||||||
|
bVt2cqVYPO1HQWGzc6E2S4TDUR6HZUuSSDUDL17bejMEy0cFgySxBji5p9UQXmfN
|
||||||
|
7I82QdAB5wEuUE5zFr/GdvzBpbeAiLNz7rn0uhW5zbzZVMnaRfMmVl8fR7vgveXE
|
||||||
|
ILii5JYjJ0FJbO9xRoDhOlnqvMzfLCrHtwcnUd82b9iFvlt5NiiZQDrleIqvDC9S
|
||||||
|
ntY3ZrxhhaVh6qa59hJkEASzU06i120w+1hMc+6DU1e2DjwUCbEtWaDDG6iVdD2S
|
||||||
|
13QIXmo9EgCSVsrYRGv3k8LcdZFQQ2sypP1PvktFoqPz144nw8RIqLBUFS60mj5m
|
||||||
|
JBGF3FnI
|
||||||
|
=M69r
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
|
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: pgp-meta-test
|
||||||
|
namespace: grassroots
|
50
kubernetes/pgp-trusted-publickey-configmap.yaml
Normal file
50
kubernetes/pgp-trusted-publickey-configmap.yaml
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
data:
|
||||||
|
trustedpublickey.asc: |
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQGNBGCufzABDADb+aeREhuVWeqoWyeGosQeDypDnFFPlutXUtfEBMjp05gt+zhq
|
||||||
|
o0TCmS6U5XIRTsKimEQepvuZ6MmWznv9mhSEYFNHfJkrzoQSstw7YNbzMR8hhjqV
|
||||||
|
T9xaumSbOhxKXIdioZi8xk/z4PFxxCd8V16oS3+s6/n40f1aNaz4onB8ATNoRl3g
|
||||||
|
Qn+bn4FNOpQWGEI8zXqzFQduuXwDfBJ7ZuQYlh0o8vIowml3xcJjLlRz068nYRR5
|
||||||
|
yX1MTCJmxTC028Ep/EcIi5hgsnXqAMCweYCnMCAft+7a4lVSziNQc+4lhG4hQaIO
|
||||||
|
zNUcr3iPsyGEd3/PZi+AdGStX7nnHr34b/M59LGAvtoMEXi4z6UjMEoYDKdm9GJ8
|
||||||
|
0z5CFwElj28RgVilawDufluycmfmRTY5B+1Oq6ugN30xEjgPEoGKbZHwm9+9WRek
|
||||||
|
81YV7GhgwOO7UYbSK4rsgD/B+Cse7ADXD0o9DGvULYjvD5BpMG0jdRkFBTFFZ3UN
|
||||||
|
kb4UZtILMyPQA7cAEQEAAbRMUXVlZW4gTWFybGVuYSAoU2hlIGlzIHRoZSBxdWVl
|
||||||
|
biBhbmQgaXMgdHJ1c3RlZCkgPHF1ZWVubWFybGVuYUBncmV5c2N1bGwuY29tPokB
|
||||||
|
zgQTAQgAOBYhBMzi4dLQ42reBAXi0JlbshgWMTvVBQJgrn8wAhsDBQsJCAcCBhUK
|
||||||
|
CQgLAgQWAgMBAh4BAheAAAoJEJlbshgWMTvVLqQL/jnG2Y3ua7d9CC83VFeOkMOV
|
||||||
|
kZs1Vl4/2o9fsdo2Ji4YxaozKatboJubwpO3NjLaFYQx6+C/6btmIZ5kFVBHxDB4
|
||||||
|
sw8rKfkl56DqQMKXjAyWYLcC/UNcZdfV4w0+Woj+KgL1uh1bxpiUMy7NNnxvPzo2
|
||||||
|
YGMrOg0xbjhwuPuXHv0bywrJS8kFnHEz2o75afHmwIZmmzZci4FwpFDYxOWszFRF
|
||||||
|
7XcQu0tlJj/eRzr/T9eOlhtTOs5/Fjt007TNOjBBHsF9U3zkf1AXxn3kxFcdgbdY
|
||||||
|
XEMp2uSr+sMSFqSsnm9KAqwC+RU8iG2Sv9Ff5YnOvg7CfqymGGFieLvplMxpqdlO
|
||||||
|
pywMrhpXqT/a54vqzxeJ3axTKkg/c3T4Gek0P0IAsM6nTWa43zVmBKhkFNdP3TuT
|
||||||
|
vqQFy4ZqLFDNHCk4SfNSYW1Dei+irvcysdFb6+ZDXAYNdk0N+AjlrwxcQSQaA6ma
|
||||||
|
ufgcO/sA+b7e0JOMgM2Dr5LrND4Uz16zMGYgeQQp/rkBjQRgrn8wAQwAtwZKgIDe
|
||||||
|
ylKFox3edzPBTS5ZF5Rs46Wp6e+OF1ecvfbQmPV8vHPZkLrNYTt5UODKJJLJO5ho
|
||||||
|
pNgJigMHmAbrXqFSZB/XrkkwfuZ6yY3Fyxa7qaSeyEdDX0SH3533EP7vDFryZEt5
|
||||||
|
bO9g1aUbPeBYamSMfrkgGdj7M+ToERuvpVV2LhgBAJeAbnk+2a0S/Jcx873mWax/
|
||||||
|
TmFLz2yO2TZFT74iMC2CyQMLPbjq/r5gaMsMzRj20jJ4+matT88XL4lr3JkytkWx
|
||||||
|
5H9G+n0kuNXmq6GTklwMXyV7XIux9iUvqhr7+cSqJFniVbiGbWTozfBk/rJrCCcC
|
||||||
|
N+zUh+iQUtVbw4WsrBvo7Po+urlw0bbf/BptOmhQ+bICAApxVR/F0teNe82LaFHr
|
||||||
|
RXcQOm/F4cJqMPtZvBz/iOJO+nqGDgRsgUR8gA48RZdRgYxS5ePRbWEKUhlmtyju
|
||||||
|
9162CP2c24FqBuUb+nYz0F3vnRhRC9n5MO7ZjtNFkQwl6O+wJ0UAwnqdABEBAAGJ
|
||||||
|
AbYEGAEIACAWIQTM4uHS0ONq3gQF4tCZW7IYFjE71QUCYK5/MAIbDAAKCRCZW7IY
|
||||||
|
FjE71fmOC/9zly33PS50gR6kcFtN8KBgfNcwd/YzZzI8A2o5nAFhcHwWH/f25hGX
|
||||||
|
xbh3hGoz8NaiGFFktiefaQ+9M2Usb15OSjTeKT6HKoBxSkn641fkV77Ed+a0rGtO
|
||||||
|
hrelKviqQJtS/5509LbIpiYPpfSEw0OwlHfY7ZeAl3PCOZHkiyOwR/hmj2gbHpbS
|
||||||
|
qxSJdWftTLMUDaCTzqfSkIjkB6pTgJkLPM4eUnTLxFP4VckDhbnj1a92AjI0BoUV
|
||||||
|
RlQUKDwhquDlP4XjOmRSRZh4Yi8cQh0MDN3SR72xwP3953xYOYanABMcANqV0wPR
|
||||||
|
m1tLXORT/kQDBVsDsYATS9a5Kt4QyF6FnR16rcK5lAqXet1/O1rvVvaJDzXnzoQO
|
||||||
|
a0ORgdFcti+2pdCbwNy3LY2LvJDl+I4PDGTqk32H/HUuCprWkcZu2dLCP0TeEVRg
|
||||||
|
95wyCFc4C0G1eL6yeIKcH/l6Dp5ToLfqpaIt6LXLHpfJD0o0eOq46T+IQlOFsqLm
|
||||||
|
eqZTM7wRlwM=
|
||||||
|
=irpP
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: pgp-trusted-publickey
|
||||||
|
namespace: grassroots
|
12
kubernetes/postgresql-conn-configmap.yaml
Normal file
12
kubernetes/postgresql-conn-configmap.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: postgresql-conn-common
|
||||||
|
namespace: grassroots
|
||||||
|
data:
|
||||||
|
DATABASE_USER: grassroots
|
||||||
|
DATABASE_HOST: postgresql
|
||||||
|
DATABASE_PORT: "5432"
|
||||||
|
DATABASE_ENGINE: postgres
|
||||||
|
DATABASE_DRIVER: psycopg2
|
||||||
|
DATABASE_PASSWORD: tralala
|
16
kubernetes/postgresql/postgres-db-sealedsecrets.yaml
Normal file
16
kubernetes/postgresql/postgres-db-sealedsecrets.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: postgres-db-secrets
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
postgresql-password: AgAE+2sX6nGxEeSDEZ6oOShpGqyEi0p8A1QIUNl99WBU/Dg/djdEF2F36SLcw48c2sO47/1Z4Ry4I0qk12GhVv6MPBpQYm1O8Unj822DpT1PW25G1dyRuZZjIE2zuIRoX/4Xvt+5T3Zfhan5ORFsY2H2tj4+v+I+VKdmOOICeffDCb45NPShfR8yWHTlQyvlvlukQBpyiefBTme6EDWo2658ik8Z/CvwXK49w8y+H02wJ5RMavaAplZTi0K5VibM95AiyLEVgGdrtn+ibXFdeWDaZTOgmL4XHqREbWokLHioRsje0nvp6gYZhTjFr8BAgVudbfkmxHZr4Z0EkJsPibznVbVU/gjbTk2mNvrbzoDYbVONAz5YKdCSPlY3f8+a75GfDts+nLGyiNgq2+6zAMn6FkeIGQtqJCy54vqO24wpwGBVXv+ifdBN7n8ifF7/Erd2G1Zt2zz19AQPwo9rAwdM4d2xgCR4t6lxDax2vWMlNdX9f85W6Yn52x57CxCNjqOzlnB/BUF/MnCKlO1NjZwnlzSV40W68HKNdW4XGZL03HgEeZFsgIb92cSL+blp27fn/DnL1jiSZQiktwfHSwHPJb6lYpMysjB/ST/iRTnzlQ8dQcHl+HC35/dH9YL0hU5ZXx7Qh/cRzJDT9hpPaHFVmmuiKG9ZdBICm4BOavQ+vUyRaJqXkTPDO/7SNVUM6U54H7oy2UXCZCrG
|
||||||
|
postgresql-replication-password: AgB5QMqB/htvwFHOwONjwE+Iqvu0opAQ/Wa0oKWb1Lt7oXCRF7wJ2n1xmpNIjFib3gVfGUb/hIt0nBS//B8CDYmz/WiJvylSLdStZhC7gMo6OfK7XD1BubwM2oj4/31eepBRfPMD7OkPXtFcBYpcE7nOq3I1bbbYq3uGjO0vaCozawqKG0ytMpNgcRVHLhuKY8rcIrCiqyZ/Z7DUjG4J7+HtvpBAkC9MFL1t03nEABZocwsf5AF9xzqSJsyVfJq0pmwxYPsu/tZdaUhh2dk64YBgap0VL3Xz5EzMVsu+2PKizafwOXlsxEoeEbdaxcqduVwTl9xIr6p/b+MBVMbuzV8VrsBgDStCijrRFB3Yjep5MRZrumISJG/s9/V77A1lQ2zdPk6dWRbdneScuJhYyG85zZr+B0ThwDxO7eOsL70s0fsebeVh+TVWj/rUE1bT5QDw5nXaXxAj/qx+z/c/urh+X8wmR6ztVj2IhGT4rnxtBzdKGDtpnS4Zm0IJbCaz8fI6c0YJW6Sqmvmh7GmA0j6BARugOcpkM5U8GavKBcEDPPJWPvATpZ4NJLG9yL3fddDO1hGGd0rPvxOIG8iF6fVFJlGWES7Zv8VHEDtAcP26QDjrP/mKcaXr9V/RvtSXVcN/pNCxkiWOYicMeeJ1XqWwFHELcZreBCav0aEDO+vqRIsJWewbX/8ESsOO0GaB+werenNwRXHJeCe7
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: postgres-db-secrets
|
||||||
|
namespace: grassroots
|
||||||
|
|
35
kubernetes/postgresql/postgres-helmrelease.yaml
Normal file
35
kubernetes/postgresql/postgres-helmrelease.yaml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: postgresql
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
# The interval at which to reconcile the Helm release
|
||||||
|
interval: 10m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
# The name of the chart as made available by the HelmRepository
|
||||||
|
# (without any aliases)
|
||||||
|
chart: postgresql
|
||||||
|
# A fixed SemVer, or any SemVer range
|
||||||
|
# (i.e. >=4.0.0 <5.0.0)
|
||||||
|
version: 10.3.17
|
||||||
|
# The reference to the HelmRepository
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bitnami
|
||||||
|
# Optional, defaults to the namespace of the HelmRelease
|
||||||
|
namespace: default
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
tag: 12.5.0
|
||||||
|
existingSecret: postgres-db-secrets
|
||||||
|
postgresqlDatabase: postgres
|
||||||
|
volumePermissions: # related to permissions error on file postgres/data when pod restart
|
||||||
|
enabled: true
|
||||||
|
initdbScriptsConfigMap: postgres-initdb-scipts
|
||||||
|
initdbUser: postgres
|
||||||
|
replication:
|
||||||
|
readReplicas: 0
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
21
kubernetes/postgresql/postgres-initdb-scripts-configMap.yaml
Normal file
21
kubernetes/postgresql/postgres-initdb-scripts-configMap.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/configuration/configmap/
|
||||||
|
kind: ConfigMap
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: postgres-initdb-scipts
|
||||||
|
namespace: grassroots
|
||||||
|
data:
|
||||||
|
create_db.sql: |
|
||||||
|
CREATE ROLE common_role;
|
||||||
|
CREATE USER grassroots WITH PASSWORD 'tralala' CREATEDB;
|
||||||
|
CREATE DATABASE "cic_cache";
|
||||||
|
CREATE DATABASE "cic_eth";
|
||||||
|
CREATE DATABASE "cic_notify";
|
||||||
|
CREATE DATABASE "cic_meta";
|
||||||
|
CREATE DATABASE "cic_signer";
|
||||||
|
CREATE DATABASE "cic_ussd";
|
||||||
|
CREATE DATABASE "cic_syncer";
|
||||||
|
GRANT ALL PRIVILEGES
|
||||||
|
ON DATABASE "cic_cache", "cic_eth", "cic_notify", "cic_meta", "cic_signer", "cic_ussd", "cic_syncer"
|
||||||
|
TO grassroots;
|
||||||
|
|
28
kubernetes/pub-sealed-secrets.pem
Normal file
28
kubernetes/pub-sealed-secrets.pem
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIErTCCApWgAwIBAgIQQ/6gWxjyWjlUu/orGmbkkTANBgkqhkiG9w0BAQsFADAA
|
||||||
|
MB4XDTIxMDQxNjEzMzk1N1oXDTMxMDQxNDEzMzk1N1owADCCAiIwDQYJKoZIhvcN
|
||||||
|
AQEBBQADggIPADCCAgoCggIBALlHzjP+WopinMhSgNRMywms5IJ4u2UuY8k6YAnZ
|
||||||
|
dVeA9wBg+dPuhLqrOgfYSCPfwK+18ZaKpNw9qOUZBr/hRyWIQZrMc5rd6IMcm7aM
|
||||||
|
35Fxs5GPigMvp6GxBd/btfUxept/Ro1egwtl7U+6w4AfHrjOAqwnOgDib8U6wK9w
|
||||||
|
3+5BlhqPia3HmjE9XzvNp0SKl+C40xv6oGQ2RmU62ESN1uB5FL0+jbmhNZk/chhd
|
||||||
|
thhNQ9jo/QqROB/VeRh8LaX7MLzC2caI1fICXE4/4Mcr+rRnqr4dljKtQHobW5/4
|
||||||
|
lgH85XqeioFHpaB1cgKg0tgHAk6/UHNThy9aMaXjn/I1s5E8ZvwshWBWw7r14+Vt
|
||||||
|
dZaGzhw4RE0RQ8ubYQTiB0b+hXQhY4OdQnAm/yCkf9XODsuxJV9Dr+9coI7ftnyt
|
||||||
|
uU0JBBi6Jg9eZdkQjO3E7hyhVUyeer0LbE6W3BHTpz5ZZjp7aiCe94Q5BpqXBmU2
|
||||||
|
3JbYjasrGr/5F9YX7sCVdTkfe9I/NzeigAEgNKf+3nxMJB+bFsJ26kDFxREYOxni
|
||||||
|
NmDFwczZmUArowDaObh6yXAKz56s2bNJApzkKmKtdq7dpErz0XPOwyPzGoKeMO2p
|
||||||
|
8MUapopuCUVW20GR7YCmuTu/xBxfT3ocAS3u3kwYvwzYLeagpl+0Sh1q+6CZBAtK
|
||||||
|
jl6FAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwIAATAPBgNVHRMBAf8EBTADAQH/MA0G
|
||||||
|
CSqGSIb3DQEBCwUAA4ICAQBYtcMUaxO5yX8fsn1LPm0CAZqTeI3xjkrHGDGXDQqv
|
||||||
|
9DHElHkjvWKjNem923hKBwbPdzhKbFQg2Dy93b6LeHj0cCOSQ21bvDrfpfBK3yit
|
||||||
|
AlvtuIIn4ktuIvegCDX/e9rxeIQPz3IhrKAnK36UpnMj8L+g2fz9+HYWowiGjx7n
|
||||||
|
lCik7ang8rtpbetU1BiXaLo58bJnbjoHxuVryTkSKiPiJ9nK+K2WP7IB+Uunr4c0
|
||||||
|
MlCoFrXCEfuShzW3lFRStfc4sazv2wv3utozukmrSWr9y5PXVPQxl8CUmTGG8Bnl
|
||||||
|
51RyaldiKRQ0J7LEMv+2fanDoOAZE8gjUVu0NqNahZwK3ya186AUCyUkoVVD7Wnv
|
||||||
|
R77SdeuVw0ULn4bpy9n4iXYzRXDha/q3Y2PP5yeBN1NhggxZ6Cyj8s9KeusVw5Oz
|
||||||
|
CueAczTlU3VUHI1VEtaacIon/5yuJRz4wW7opLbv1G8kh2v1zDtpWbbb2tnj3foq
|
||||||
|
Yt8UIeAkBIW4GPClM5A/Bzv2Gl3Gijp6dDF1Tim1w/6t4C/OBlEbzWII8wvdUTwn
|
||||||
|
NBKnmgsnErkSekYuNsGYl4Ua5gu05Bef4dQ7ShAkJcbXTKKPNdTyJmv4I99wRL1l
|
||||||
|
WaKawKjnMoO71c6lHuxt/D3p0jjdnsH4BAAMlUrIQ+Jlp+JHa/xcVjAMTvij14fT
|
||||||
|
Eg==
|
||||||
|
-----END CERTIFICATE-----
|
8
kubernetes/redis-conn-common-configmap.yaml
Normal file
8
kubernetes/redis-conn-common-configmap.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: redis-conn-common
|
||||||
|
namespace: grassroots
|
||||||
|
data:
|
||||||
|
CELERY_BROKER_URL: redis://redis-master
|
||||||
|
CELERY_RESULT_URL: redis://redis-master
|
29
kubernetes/redis/redis-helmrelease.yaml
Normal file
29
kubernetes/redis/redis-helmrelease.yaml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# hhttps://github.com/bitnami/charts/tree/master/bitnami/redis
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: redis
|
||||||
|
namespace: grassroots
|
||||||
|
spec:
|
||||||
|
# The interval at which to reconcile the Helm release
|
||||||
|
interval: 10m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
# The name of the chart as made available by the HelmRepository
|
||||||
|
# (without any aliases)
|
||||||
|
chart: redis
|
||||||
|
# A fixed SemVer, or any SemVer range
|
||||||
|
# (i.e. >=4.0.0 <5.0.0)
|
||||||
|
version: 12.8.3
|
||||||
|
# The reference to the HelmRepository
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bitnami
|
||||||
|
# Optional, defaults to the namespace of the HelmRelease
|
||||||
|
namespace: default
|
||||||
|
values:
|
||||||
|
cluster:
|
||||||
|
slaveCount: 0
|
||||||
|
usePassword: false
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
Loading…
Reference in New Issue
Block a user