try and launch some k8s

This commit is contained in:
Blair Vanderlugt 2021-08-23 13:46:17 -07:00
parent 70ce759564
commit ea6ce88dab
48 changed files with 3802 additions and 5 deletions

View File

@ -20,12 +20,21 @@ deploy-k8s-dev:
variables: variables:
CI_DEBUG_TRACE: "true" CI_DEBUG_TRACE: "true"
script: script:
- kubectl config set-cluster k8s --server="${K8S_DEV_SERVER}" - kubectl config set-cluster k8s --server="${K8S_DEV_SERVER?dev server missing}"
- kubectl config set clusters.k8s.certificate-authority-data ${K8S_DEV_CERTIFICATE_AUTHORITY_DATA} - kubectl config set clusters.k8s.certificate-authority-data ${K8S_DEV_CERTIFICATE_AUTHORITY_DATA}
- kubectl config set-credentials gitlab --token="${K8S_DEV_USER_TOKEN}" - kubectl config set-credentials gitlab --token="${K8S_DEV_USER_TOKEN}"
- kubectl config set-context default --cluster=k8s --user=gitlab - kubectl config set-context grassroots --cluster=k8s --user=gitlab --namespace grassroots
- kubectl config use-context default - kubectl config use-context grassroots
#- sed -i "s/<VERSION>/${CI_COMMIT_SHORT_SHA}/g" deployment.yaml #- sed -i "s/<VERSION>/${CI_COMMIT_SHORT_SHA}/g" deployment.yaml
#- kubectl apply -f deployment.yaml #- kubectl apply -f deployment.yaml
- kubectl config view - echo "Wiping state..."
- kubectl -v=4 get po - kubectl delete jobs.batch --all
- kubectl delete hr postgresql && kubectl delete --wait=false pvc -l 'app.kubernetes.io/name=postgresql'
- kubectl delete sts,pvc -l 'app=bloxberg-validator'
- kubectl delete hr redis && kubectl delete --wait=false pvc -l 'app=redis'
- kubectl apply -f kubernetes/grassroots/eth-node/ -f kubernetes/grassroots/postgresql/ -f kubernetes/grassroots/redis/
- echo "run database migrations..."
- kubectl rollout restart deployments
- echo "run contract migrations..."
- kubectl apply -f kubernetes/grassroots/contract-migration/contract-migration-job.yaml
- kubectl delete job --all

View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cic-auth-proxy-credentials-configmap
namespace: grassroots
data:
credentials.yaml: |
level: 9
items:
user: 1

View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cic-auth-proxy-acl-configmap
namespace: grassroots
data:
F3FAF668E82EF5124D5187BAEF26F4682343F692: |
- "^/user(/.*)?$":
read:
- user

View File

@ -0,0 +1,114 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-auth-proxy-meta
namespace: grassroots
labels:
app: cic-auth-proxy-meta
group: cic
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-auth-proxy-meta
replicas: 1
template:
metadata:
labels:
app: cic-auth-proxy-meta
group: cic
spec:
containers:
- name: cic-auth-proxy-meta
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
imagePullPolicy: Always
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: PROXY_HOST
value: cic-meta-server
- name: PROXY_PORT
value: "80"
- name: PROXY_PATH_PREFIX
value: "/"
- name: HTTP_AUTH_ORIGIN
value: https://meta-auth.dev.grassrootseconomics.net:443
- name: HTTP_AUTH_REALM
value: GE
- name: ACL_CREDENTIALS_ENDPOINT
value: http://key-server:8081/
- name: ACL_PATH
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
- name: GPG_PUBLICKEYS_ENDPOINT
value: http://key-server:8080/.well-known/publickeys/
- name: GPG_SIGNATURE_ENDPOINT
value: http://key-server:8080/.well-known/signature/
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
- name: GPG_HOMEDIR
value: /usr/local/etc/cic-auth-proxy/.gnupg/
- name: GPG_IMPORT_DIR
value: /usr/local/etc/cic-auth-proxy/import/
- name: GPG_PUBLICKEY_FILENAME
value: publickeys.asc
- name: GPG_SIGNATURE_FILENAME
value: signature.asc
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: acl-config
mountPath: /data/acls/
readOnly: true
- name: credentials-config
mountPath: /data/noop/
readOnly: true
- name: trusted-publickey
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
- name: gpg-homedir
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
- name: pgp-meta-test
mountPath: /usr/local/etc/cic-auth-proxy/import
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
- name: acl-config
configMap:
name: cic-auth-proxy-acl-configmap
- name: credentials-config
configMap:
name: cic-auth-proxy-credentials-configmap
- name: trusted-publickey
configMap:
name: pgp-trusted-publickey
- name: gpg-homedir
emptyDir: {}
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-auth-proxy-meta
namespace: grassroots
spec:
selector:
app: cic-auth-proxy-meta
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080

View File

@ -0,0 +1,114 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-auth-proxy-user
namespace: grassroots
labels:
app: cic-auth-proxy-user
group: cic
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-auth-proxy-user
replicas: 1
template:
metadata:
labels:
app: cic-auth-proxy-user
group: cic
spec:
containers:
- name: cic-auth-proxy-user
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
imagePullPolicy: Always
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: PROXY_HOST
value: cic-user-server
- name: PROXY_PORT
value: "80"
- name: PROXY_PATH_PREFIX
value: "/"
- name: HTTP_AUTH_ORIGIN
value: https://meta-auth.dev.grassrootseconomics.net:443
- name: HTTP_AUTH_REALM
value: GE
- name: ACL_CREDENTIALS_ENDPOINT
value: http://key-server:8081/
- name: ACL_PATH
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
- name: GPG_PUBLICKEYS_ENDPOINT
value: http://key-server:8080/.well-known/publickeys/
- name: GPG_SIGNATURE_ENDPOINT
value: http://key-server:8080/.well-known/signature/
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
- name: GPG_HOMEDIR
value: /usr/local/etc/cic-auth-proxy/.gnupg/
- name: GPG_IMPORT_DIR
value: /usr/local/etc/cic-auth-proxy/import/
- name: GPG_PUBLICKEY_FILENAME
value: publickeys.asc
- name: GPG_SIGNATURE_FILENAME
value: signature.asc
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: acl-config
mountPath: /data/acls/
readOnly: true
- name: credentials-config
mountPath: /data/noop/
readOnly: true
- name: trusted-publickey
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
- name: gpg-homedir
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
- name: pgp-user-test
mountPath: /usr/local/etc/cic-auth-proxy/import
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
- name: acl-config
configMap:
name: cic-auth-proxy-acl-configmap
- name: credentials-config
configMap:
name: cic-auth-proxy-credentials-configmap
- name: trusted-publickey
configMap:
name: pgp-trusted-publickey
- name: gpg-homedir
emptyDir: {}
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-auth-proxy-user
namespace: grassroots
spec:
selector:
app: cic-auth-proxy-user
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080

View File

@ -0,0 +1,129 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-auth-proxy-ussd
namespace: grassroots
labels:
app: cic-auth-proxy-ussd
group: cic
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-auth-proxy-ussd
replicas: 1
template:
metadata:
labels:
app: cic-auth-proxy-ussd
group: cic
spec:
containers:
- name: cic-auth-proxy-ussd
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
imagePullPolicy: Always
command: ["uwsgi", "--wsgi-file", "meta/scripts/proxy-ussd.py", "--http",
":8080"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: PROXY_HOST
value: cic-user-ussd-server
- name: PROXY_PORT
value: "80"
- name: PROXY_PATH_PREFIX
value: "/"
- name: HTTP_AUTH_ORIGIN
value: https://ussd-auth.dev.grassrootseconomics.net:443
- name: HTTP_AUTH_REALM
value: GE
- name: ACL_CREDENTIALS_ENDPOINT
value: http://key-server:8081/
- name: ACL_PATH
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
- name: ACL_QUERYSTRING_USERNAME
valueFrom:
secretKeyRef:
name: cic-ussd-querystring-creds
key: username
- name: ACL_QUERYSTRING_PASSWORD
valueFrom:
secretKeyRef:
name: cic-ussd-querystring-creds
key: password
- name: ACL_WHITELIST
value: "37.188.113.15, 164.177.157.18, 5.79.0.242, 164.177.141.82, 164.177.141.83"
- name: GPG_PUBLICKEYS_ENDPOINT
value: http://key-server:8080/.well-known/publickeys/
- name: GPG_SIGNATURE_ENDPOINT
value: http://key-server:8080/.well-known/signature/
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
- name: GPG_HOMEDIR
value: /usr/local/etc/cic-auth-proxy/.gnupg/
- name: GPG_IMPORT_DIR
value: /usr/local/etc/cic-auth-proxy/import/
- name: GPG_PUBLICKEY_FILENAME
value: publickeys.asc
- name: GPG_SIGNATURE_FILENAME
value: signature.asc
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: acl-config
mountPath: /data/acls/
readOnly: true
- name: credentials-config
mountPath: /data/noop/
readOnly: true
- name: trusted-publickey
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
- name: gpg-homedir
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
- name: pgp-meta-test
mountPath: /usr/local/etc/cic-auth-proxy/import
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
- name: acl-config
configMap:
name: cic-auth-proxy-acl-configmap
- name: credentials-config
configMap:
name: cic-auth-proxy-credentials-configmap
- name: trusted-publickey
configMap:
name: pgp-trusted-publickey
- name: gpg-homedir
emptyDir: {}
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-auth-proxy-ussd
namespace: grassroots
spec:
selector:
app: cic-auth-proxy-ussd
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080

View File

@ -0,0 +1,16 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-ussd-querystring-creds
namespace: grassroots
spec:
encryptedData:
password: AgAO18hv8gZZRoySuTqNOg06imdnfES7io54TEGO501cq8usRcj9Bu3us+7V8zD20DQTZ7xCGCV2eyZ1kMsnFNFUBPMG0raAtwe4dAskYeQxKp0VyE1y+d9TbecvlqRXmAD3lF1exMSS3PD68VZcrDpenXE7Ag74uEJM7YmAKnUXIzBhxZlG7bIwLrRuNiTye83e/jijaPD3+66NrExBM2H//b8u1l8QVNd13XwgAWkJEW9QNMP1b2ir9VWKE4P8Da22SQRIed/Nhyc+aR3izqEpCbeRYmQqlo9r66oXK4Yr5v0IkI38gBGORrPv1OZK01plvGgMoxTe3pSiW5cyMtCXx6GgyIFKII1yYvtlI86Sf4J3DRU6kC3NSvF+2B99yFrbUPyoAGQFd6oSWAQLBI2kYqf6NXuaT3kxBNroAICMlAYygPKG0t6jEzTWk+E5l4F/PHWFD5DM+diHRqQAdDStACcMCl2i2133PPjlK1gUhQkCmeRcKeEqMT5ssBx/KM5p+v8syV4/0VlNtJpnP/aWcbwvVsiHhDE9trM/+p5E6gsVymAIiW20nRnuOSjHCnHOtjtfPtEZ3A8eHAqgJjdE6fY7DvZmwKfx2A4tMcrikz208Pa7JIFE6nj9osTz7eMrWXTmquVRotZ9we3WmGBycgVUuv9hfzUC6srkTIyT9UGHH9UNiRba/73ZDF2Zr2XvN0ofkQz8dN0dKLxy/OptCciV3Rdn/4s/IQ0usSwXLEb2tQtHgy5+twj7IQij6amjLbulRm1U2GLatmvgbjqf
username: AgCJQ9JiJErCGfH3pkX3I3696Garu40pGWgvcUOa9wz3r3Q+5SY0IMnroWO3z66L/HG7DW70upgfJBVyhncrUBrC/z73D++nMz43JvFc39MHcUYVmqvjIw1401705+G7UxxgcMOx09++CBZ97wbEfKc251v98s8G/bLtMcqS/12pVNfMGgjpkE6InlS0n9VD26HDs4A3uNtfN2GK2dsazV05UXs8W+6JOZsJ60QfPJylCpKh+sxPLDlYt4lRIM/6pP7kQXLn+VmWtzuo1dZTaUliMYH+DOXO2V9ePnjTUXGrMgRfuZP2PCmG3usdC45mOPpuURPFUmF8SDQ4IXKhBd7N+8pjZDiqQ2RxK61Qz6MXv851u7HABgVMhtjlZfaD4hVY+mr7KYDVQvrhJ971y84KBHuQFOxwZZnXAx5FdBWmkKkz959bjulJaRe1ZWA01k1SQHiVFeIArbbNSlvH45XoNR8rxFiQE+5Olt9UwdpXAH/sAfH7CRY1SnRrAW3LCyCVqAJcXF9kU+bnezVgWoJ/h9ff6VKRFqh3o+wa6V6J8GNbwC0/oeXo0XyUjbwAUjIRKeWbJ1obkvWDfYILpo2CVt34tzYowiVqmYYB8SqKBPgrca+Xmn9GpggOMibJKk0LC6R04iAajMy73cuxkX+PMV1Wz5xOuF60ccCsdiD15deYOlA34UdfeNQgGA7EKPhsl0kD/xm5
template:
metadata:
creationTimestamp: null
name: cic-ussd-querystring-creds
namespace: grassroots

View File

@ -0,0 +1,100 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-cache-server
namespace: grassroots
labels:
app: cic-cache-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-cache-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-cache-server
group: cic
teir: backend
spec:
containers:
- name: cic-cache-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
imagePullPolicy: Always
command: ["/usr/local/bin/uwsgi", "--wsgi-file=/root/cic_cache/runnable/daemons/server.py",
"--http=:8000", "--pyargv", "-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_NAME
value: cic_cache
- name: SERVER_PORT
value: "8000"
- name: DATABASE_DEBUG
value: "0"
ports:
- containerPort: 8000
name: server
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-cache-svc
namespace: grassroots
spec:
selector:
app: cic-cache-server
type: ClusterIP
ports:
- name: server
protocol: TCP
port: 80
targetPort: 8000

View File

@ -0,0 +1,174 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-cache-watchers
namespace: grassroots
labels:
app: cic-cache-watchers
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-cache-watchers
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-cache-watchers
group: cic
tier: queue
spec:
containers:
- name: cic-cache-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
imagePullPolicy: Always
command: ["/usr/local/bin/cic-cache-taskerd", "-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: DATABASE_NAME
value: cic_cache
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: cic-cache-tracker
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
# command: ["/usr/local/bin/cic-cache-trackerd", "-vv", "-c", "/usr/local/etc/cic-cache"]
command: ["./start_tracker.sh", "-c", "/usr/local/etc/cic-cache", "-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_cache
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: SERVER_PORT
value: "8000"
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: DATABASE_DEBUG
value: "0"
restartPolicy: Always

View File

@ -0,0 +1,221 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-eth-tasker
namespace: grassroots
labels:
app: cic-eth-tasker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-eth-tasker
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-eth-tasker
group: cic
tier: queue
spec:
containers:
- name: cic-eth-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
# command: ["./start_tasker.sh", "-q", "cic-eth", "-vv"]
command: ["/usr/local/bin/cic-eth-taskerd"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DB
value: "0"
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_POOL_SIZE
value: "0"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: BANCOR_DIR
value: /usr/local/share/cic/bancor
- name: SIGNER_SOCKET_PATH
value: ipc:///run/crypto-dev-signer/jsonrpc.ipc
- name: SIGNER_SECRET
value: deadbeef
- name: ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
value: "0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
- name: TASKS_TRACE_QUEUE_STATUS
value: "1"
- name: "DATABASE_DEBUG"
value: "false"
volumeMounts:
- name: socket-path
mountPath: /run/crypto-dev-signer/
- name: cic-eth-signer
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
# command: ["./start_tasker.sh", "-q", "cic-eth", "-vv"]
command: ["python", "/usr/local/bin/crypto-dev-daemon", "-c", "/usr/local/etc/crypto-dev-signer",
"-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_POOL_SIZE
value: "0"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: BANCOR_DIR
value: /usr/local/share/cic/bancor
- name: SIGNER_SOCKET_PATH
value: ipc:///run/crypto-dev-signer/jsonrpc.ipc
- name: SIGNER_SECRET
value: deadbeef
- name: ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
value: "0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
- name: TASKS_TRACE_QUEUE_STATUS
value: "1"
- name: "DATABASE_DEBUG"
value: "false"
- name: "CIC_DEFAULT_TOKEN_SYMBOL"
value: GFT
volumeMounts:
- name: socket-path
mountPath: /run/crypto-dev-signer/
volumes:
- name: socket-path
emptyDir: {}
restartPolicy: Always

View File

@ -0,0 +1,248 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
# The guardian is composed of:
# cic-manager-head
# cic-dispatch
# cic-retrier
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-eth-tracker
namespace: grassroots
labels:
app: cic-eth-tracker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-eth-tracker
replicas: 1 # these are all strictly 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-eth-tracker
group: cic
spec:
containers:
- name: cic-eth-tracker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
command: ["./start_tracker.sh", "-v", "-c", "/usr/local/etc/cic-eth"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: TASKS_TRANSFER_CALLBACKS
value: "cic-eth:cic_eth.callbacks.noop.noop,cic-ussd:cic_ussd.tasks.callback_handler.transaction_callback"
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_DEBUG
value: "0"
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: REDIS_HOSTNAME
value: redis-master
- name: cic-eth-dispatcher
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
command: ["./start_dispatcher.sh", "-q", "cic-eth", "-v"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: TASKS_TRANSFER_CALLBACKS
value: "cic-eth:cic_eth.callbacks.noop.noop,cic-ussd:cic_ussd.tasks.callback_handler.transaction_callback"
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_DEBUG
value: "0"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: REDIS_HOSTNAME
value: redis-master
# - name: cic-eth-retrier
# image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
# command: [ "./start_retry.sh", "-v" ]
# resources:
# requests:
# cpu: 50m
# memory: 100Mi
# limits:
# cpu: 500m
# memory: 250Mi
# env:
# - name: CIC_REGISTRY_ADDRESS
# valueFrom:
# configMapKeyRef:
# name: contract-migration-output
# key: CIC_REGISTRY_ADDRESS
# - name: CIC_TRUST_ADDRESS
# valueFrom:
# configMapKeyRef:
# name: contract-migration-output
# key: CIC_TRUST_ADDRESS
# - name: CIC_TX_RETRY_DELAY # TODO what is this value?
# value: "15"
# - name: TASKS_TRANSFER_CALLBACKS # TODO what is this value?
# value: "taskcall:cic_eth.callbacks.noop.noop"
# - name: ETH_PROVIDER
# value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
# - name: DATABASE_USER
# value: grassroots
# - name: DATABASE_HOST
# value: postgres-helm-postgresqlsql
# - name: DATABASE_PASSWORD
# value: tralala
# - name: DATABASE_NAME
# value: cic_eth
# - name: DATABASE_PORT
# value: "5432"
# - name: DATABASE_ENGINE
# value: postgres
# - name: DATABASE_DRIVER
# value: psycopg2
# - name: DATABASE_DEBUG
# value: "1"
# - name: REDIS_HOSTNAME
# value: grassroots-redis-master
# - name: CIC_CHAIN_SPEC
# value: "evm:bloxberg:8996"
# - name: CELERY_BROKER_URL
# value: redis://grassroots-redis-master
# - name: CELERY_RESULT_URL
# value: redis://grassroots-redis-master
restartPolicy: Always

View File

@ -0,0 +1,120 @@
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImagePolicy
metadata:
name: cic-eth
namespace: flux-system
spec:
imageRepositoryRef:
name: cic-eth
filterTags:
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
extract: '$ts'
policy:
numerical:
order: asc
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImagePolicy
metadata:
name: cic-ussd
namespace: flux-system
spec:
imageRepositoryRef:
name: cic-ussd
filterTags:
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
extract: '$ts'
policy:
numerical:
order: asc
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImagePolicy
metadata:
name: cic-cache
namespace: flux-system
spec:
imageRepositoryRef:
name: cic-cache
filterTags:
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
extract: '$ts'
policy:
numerical:
order: asc
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImagePolicy
metadata:
name: cic-meta
namespace: flux-system
spec:
imageRepositoryRef:
name: cic-meta
filterTags:
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
extract: '$ts'
policy:
numerical:
order: asc
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImagePolicy
metadata:
name: cic-staff-client
namespace: flux-system
spec:
imageRepositoryRef:
name: cic-staff-client
filterTags:
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
extract: '$ts'
policy:
numerical:
order: asc
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImagePolicy
metadata:
name: cic-contract-migration
namespace: flux-system
spec:
imageRepositoryRef:
name: cic-contract-migration
filterTags:
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
extract: '$ts'
policy:
numerical:
order: asc
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImagePolicy
metadata:
name: cic-notify
namespace: flux-system
spec:
imageRepositoryRef:
name: cic-notify
filterTags:
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
extract: '$ts'
policy:
numerical:
order: asc
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImagePolicy
metadata:
name: cic-auth-proxy
namespace: flux-system
spec:
imageRepositoryRef:
name: cic-auth-proxy
filterTags:
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
extract: '$ts'
policy:
numerical:
order: asc

View File

@ -0,0 +1,71 @@
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageRepository
metadata:
name: cic-eth
namespace: flux-system
spec:
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth
interval: 1m0s
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageRepository
metadata:
name: cic-ussd
namespace: flux-system
spec:
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd
interval: 1m0s
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageRepository
metadata:
name: cic-cache
namespace: flux-system
spec:
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache
interval: 1m0s
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageRepository
metadata:
name: cic-meta
namespace: flux-system
spec:
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta
interval: 1m0s
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageRepository
metadata:
name: cic-staff-client
namespace: flux-system
spec:
image: registry.gitlab.com/grassrootseconomics/cic-staff-client
interval: 1m0s
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageRepository
metadata:
name: cic-contract-migration
namespace: flux-system
spec:
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration
interval: 1m0s
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageRepository
metadata:
name: cic-notify
namespace: flux-system
spec:
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify
interval: 1m0s
---
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageRepository
metadata:
name: cic-auth-proxy
namespace: flux-system
spec:
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy
interval: 1m0s

View File

@ -0,0 +1,122 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-meta-server
namespace: grassroots
labels:
app: cic-meta-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-meta-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-meta-server
group: cic
spec:
containers:
- name: cic-meta-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:master-fe017d2b-1625932004 # {"$imagepolicy": "flux-system:cic-meta"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:latest
imagePullPolicy: Always
resources:
requests:
cpu: 50m
memory: 250Mi
limits:
cpu: 100m
memory: 500Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: SCHEMA_SQL_PATH
value: scripts/initdb/server.postgres.sql
- name: DATABASE_NAME
value: cic_meta
- name: SERVER_HOST
value: localhost
- name: SERVER_PORT
value: "8000"
- name: DATABASE_SCHEMA_SQL_PATH
value: ""
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys
- name: PGP_PRIVATEKEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: PGP_PUBLICKEY_TRUSTED_FILE
value: publickeys.asc
- name: PGP_PUBLICKEY_ACTIVE_FILE # public key here is to know who to trust
value: publickeys.asc
- name: PGP_PUBLICKEY_ENCRYPT_FILE
value: publickeys.asc
ports:
- containerPort: 8000
name: cic-meta-server
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
volumes:
- name: pgp
configMap:
name: pgp-meta-test
items:
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-meta-server
namespace: grassroots
spec:
selector:
app: cic-meta-server
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8000

View File

@ -0,0 +1,17 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-notify-africastalking-sandbox-secret
namespace: grassroots
spec:
encryptedData:
api_key: AgC1j5LwcOocVchLac0kPmCqyqljV40RzlCXVrtaxFvFvO+s2KcaUNFrIxfirZ8pbSDPKAUAgQam9tJiZFg4Wdu0x6LDDo6x2/0t/HXqb1eeH+OxO045T0AQZPpqFK+5QZ7y+c0tnUJfppCgOd+PhvB0AyHndWoWmTMGy48zpKaeRZriRRM5+rkNgGzazUNdsQoThOhEStIDCa1+zpq++KckU+VS5Qgsj7X1gOth+XFeyVFuXLY/QTTmvflgXj/YA5HMcJVCO3/l4UGaxHaUWps6IlZ5RgALamavAww7HIT7iecjXbAKx4fQt7bKuQY/FHiwDLAJmfdYUv7YK3EVsW4lSWVxgQ4RKM1dru8Kgs4nE+jmlApeuMl2Y3yT0tyCXSNPBzcsAbeumctsWO2gypQbL/0N1a9OZYgJv4/rfbonl8lK8detZDnAOqhOEiJ2fX/H9bkLc7n5hEHxnIt72sgdurD3r7WkxNsD8/laBx7hDtr7+Zv9RZ8MlyyUd+ZBVax6tO7immo8ya+BRsFKcrr3FqSuvwl3q7y/DNLMU6wqEv+/FmfSW7J1HuGlOJApHM96R6Jfqpw+ZNZ/hS6Z0CDNicLRdRfDaKglOu4UvkiWQ2F1JtqtJEtishbk3bNtZSAOO7Uan/V1XfeUvrYBAyXCoLLwK2pm/eWNZ71BW7TghCNgqRpeALPZy2JrDudnmyoXzcidJeBi5lBEnbXzIcOuos/0xgM/DiKQDO8mxh1ycbiu9XSydxdkLrRFXMtO8KK4qhIdgJp8INjZxIzgm5j3
api_sender_id: AgCTvYXxQNTCcRnMrfcc3D+OY+N8/mFtfI+O3xI45qxdC1n7/OE2MI0XIleYSbbAh3R7+5lNjq3pVhdKpRvCYxUGerCdSeYFQZf0RN71sAtDV8NnHCB6pRIsCWlvjDHw7XRH6PiPrr0xj4rwd1Qou8EMybVQXwT6nvV20kdKhAd6dTTgqT8x1AB5N+L0o1H/ThOKNadjN6oqlROz4in0DTTmis+Ebk4pywFroVWa5pMCjy7Ua5omKqB45lAKDp4FwogSnEUVS1b1pQTO/o0mnCQRObPcOzVjze6oqfUaEPkvtrOkmKuAxEXFKdAzG8bzPwx6EuSCbMmcUekeBGKDZBniE1YyOkPyLZelBEtyXFhQBmKbdW4qhlEJwYwflFBll8eNo2ruMVH7HTJvAqW4p2mxTIoM9Nx+UWDJjZ736aYvDfCgZX0MVKvXjrNtWEhuVBYGZxFIWfj/RqNkcJf+ZlNYK8MripzPReNWDlvhH1jzlPGJozUlYfLY8hY/NDGMbdc+EflLy8p4oRLWUo0Z0W3ARwLM1WQMk8FSXAgCjMmL7m3d310lVO5LLVdj3GTpjfCNPm2m7Re0lsOkLDE8x0vhJnlIUJ8WlY1EdezKfPWR0laNSknCCxfPYU88XiO2DVgUdWBH0Hg13yQQ3IXz49Pnf6LrAx46EgKUzoKnCgA5L/hRAIV3u8vav/5kdSF4CxY=
api_username: AgBQZXCDQY5B1RKfwjih04XSvdPJjmlfuA2bL6qiphYDIM223DJ5HEolHIWlCeSAjDC5JjkkesPmVzxybgD7hRwVuyOyWfmiXBG6+552v/DNv17IfSNNtZMCsEj9jyscHfvRI1NCG5pxywhBfRxhOVIYflbFI/H+13ReAs/6J/uhVfWVPMXzdg7Zj7mYsWzj3otv0npzXc+j2G4JZk53h7fDTY/XsXyZCe+Xpn9auf7Y+m+/shOiaM67CuE+eMWYhpTpTDy6oG3rjSrqhjVnE4wu8fP85nTGK2ctrQ9qgyOdcf1vPdlt1CwP5FZ+zxY8GrhUsYnunQ50znPD55e/8m5AqZhIrCjQ0lfzB2iCn0OzwOjnQpfv0W0QXpw6aDH/GYfMbDBLyXnF5yU0J+R7tv2Q45NKyRHbdO2VQXhXak95YGvK0Er3+8b0Jx4k3L+hM3OTFaJgdGOyb4IsUFG6vfQlfG3Bl4ggYqAGCJo041SpT4gc1XgGkar8WD4sOir61qKde8NnIOdRn1bhaZ8qD2eP+4p20hqsgpAA38SN6qZfrZc5sj/Re2mXxYIbmdALlP6yt1exhtU4QRzF23RDHmwiGtzh0YqIUj62+icrLcn+ZXgpufW9BgxKXilczF/bfsN2v4VFKsrkp+wRtAlFj3riDoles/IhItIJ9KpmSHEsRDRrkrUl+sFQ5xqQvfIuEoy/DHKf/Q3L
template:
metadata:
creationTimestamp: null
name: cic-notify-africastalking-sandbox-secret
namespace: grassroots

View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
name: cic-notify-africastalking-sandbox-secret
namespace: grassroots
stringData:
api_username: sandbox
api_key: 2d76d4920c244d40828a03d9349730af5bdd22863f245810910a5855b2ba0749
api_sender_id:

View File

@ -0,0 +1,17 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-notify-africastalking-secret
namespace: grassroots
spec:
encryptedData:
api_key: AgAbH1KDx0kVxtqPBvkb0w1uYJm0Vwd/eHBMhLJRC9Z5zs/YkHkV+Zrz4Pk0loSIdyV3fFdL+zcqnwWmkYjrkBYUXqB+F6HcfYPlND+zAtv8QMbpmHoF6faqx1MY981Sx7qqURlORCZzkwzrDEC4XK2nwut414PFEQ4Rn9SWe2RWXl75G3+TVkj0jd24rYYlGCmD8krjFLY9IMigKZOr0TqoPhHv9xKPg7+Xpwtd86QpiFcTR0fBtN8FLDuKlYGHvTvaUqT2kyBEXeiSn3V+rB7mD72QtNBwS9KJfQla/Gh1z4kps5DkZNoHKRz3O0SnMND1UrID713g7coYI+3q3Xk4/IFiYH4iTQwls/TZWuu/aAc74Ofs6tNwNfUeGGwa0uX/EdMpQ0cWBsGQXi3wG91kvCbnHQ1IERXgCLzGur9yB7YARy6H3tJkQrjzY2ETmMK6wj8yelKC1LLiVk/UVPiRI3O85JPxDDdtcOWkRtGso5Z1Q4D0AFWhbrhBXZc3cS2MmU1bIXoZ+fsYoZ1Mrg+uFQyuf4XwIq+HZuaYksN6xN0olId/H53Bau/z54pteFwT3VOKJNrLHCnAz0YJG2LO08Iu3FcNIUVh1tf39019QOFW2QGemhxznfPH1Mn4l9GwhE2MNfU2JqbFLnCfPZPoFSY+7YZ8I271aY4sM/OlaE2Nrk9RSsSgpS+WUCijSzZ8Crgc8dffVQryDEc/t+JIW7T4BH16lk+fgx2W1JoU/BMMvaRitHX5XsIs5xchwfuvb5+WbNnT8WbYdomGokEg
api_sender_id: AgBt9Sp+yb1Qek38Imhs4zW4pcujj2ExStcfLgWPXgD3WhIOfMS7AFAe5uDTICZqLEoMnluVTJn8Hk02BIU3quXWjOOgLJRmpNlgqAbchR1XA07BwGeYWMZomC4M+8nknMOHeQvo8HGN/Y5HnXw5N2Gw8Utlm/cLVVJOEYCKGiR8vWpzMMGepxIKVeex93Ev09SQsxbOJ3QO3SGdJiKFBvXgSeGnsdg+uAeC0NG1zzVBbiCgiNoIZgv6ZnwzBZSl7BYAazt4xOoHSRoicgmIX3PWdjIz+lzVHIuEuFZK9heq+MODQhZcvf54JRB1qPURGJobu3IVDAckIvnFlSCRaBp2rAqtyzAtngkau3Et/66eI3SChJFDgnbourQ1QRPzqWipzYQ11JpUbc0luXRfA+HvzrlIf5r/rSL93jepWQS0Exk2VuCrBAS+QPJccmncJYRZ98SU0fAu+5ZcHFVkEpc4iatW6j1tXyxn+tO1pl7yB/9GGfNA72XxVHwLZmTE7LN0Y4VyhdIQYtXX5ZX49bD0Lfk/m1pkwkWtj1Cas7YpFvX0JUN0bjn6JQoJAIh7fCW5O2ATp/eqpsCcfyw+Fy8kNPFVXlfvVmD9aqwYojfCE2CV0lXFGwHLkNp0nxxTPoqrx2YAa9R/nILaUawvMdMU+a8n1Ee79al/eVpqr4WdTkQikrxcoud8PDzNOyk2y8eZY+Kb2dU=
api_username: AgBOCaA5MnRsnGSkQw8Md2XIRsb+9Dg3XiM5yagk1GvAcO+eNnL4i2F4pbA0Ctad0LpQVXwVhppJDqxS7ffy3VJwMdEWxChKN3AiE3e8Eqx8LzD1xXU48OxAfksFKQrXNBVjfBcSgyoTwI5ohYSGxuUL3fWo4/Wp0AWdy92bwNZfhOvkLpfn+Q3nblLX9tQeu/ky6+hqkiyZSWjgykJXGnVnpPMoRS8BLbcxRD1kpJfMORfW7q1JyzheBGByStRvr7i6z3m4KVC/a9H3o0OpIQQTNtvvy4zECQ5NnjrxXYdOJfJZNq1enVqqCeA06h2e3DESfxYPPx6tL8+Ugo+4TorFb5Fw8vqFQRd/1SiGQE++W/MRY4P+fj9hQrxyzdnG5oBq1j2JTpx5VMwkOEk1yVLmRS9nYrZOfFE/6EJJSzRZMbh+xVTEvcag9ZzSzkbKoakR+VKjZ2Rpum6rwXPUUhJ5F6ohIZx2x/qE3QJlmxtnJQGfmNwe6HTiLxqjU3o0SkVQgMPN275Uydlm6Omn9eo2jkYnA5hg4TPoFjcqAmbgV5O372U6ShpNtA2hYi6CdF7K/sbKxhFtHTrPAdF5NhMGZ6N81X1AMWq3a1mojMBJbVTPVzSWPovkiqhQ62gKUUbPp191aLuQlX83dqEuRxyYTprId/ODB7RtaAddDcLsF4z/7i7yh8VtKyqHBs7hA52O1b2sQJwxmhw=
template:
metadata:
creationTimestamp: null
name: cic-notify-africastalking-secret
namespace: grassroots

View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
name: cic-notify-africastalking-sandbox-secret
namespace: grassroots
stringData:
api_username: GrassEcon
api_key: d041139805531435ceed9673cc5815a92a1c0f26df1fec45bdcc2b5e99b833df
api_sender_id: Sarafu

View File

@ -0,0 +1,100 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-notify-tasker
namespace: grassroots
labels:
app: cic-notify-tasker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-notify-tasker
replicas: 1
template:
metadata:
labels:
app: cic-notify-tasker
group: cic
spec:
containers:
- name: cic-notify-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:master-7a3cb7ab-1627053362 # {"$imagepolicy": "flux-system:cic-notify"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:latest
imagePullPolicy: Always
command: ["./start_tasker.sh", "-q", "cic-notify", "-vv"]
resources:
requests:
cpu: 25m
memory: 100Mi
limits:
cpu: 50m
memory: 200Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_POOL_SIZE
value: "0"
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_notify
- name: AFRICASTALKING_API_USERNAME
valueFrom:
secretKeyRef:
name: cic-notify-africastalking-sandbox-secret
key: api_username
- name: AFRICASTALKING_API_KEY
valueFrom:
secretKeyRef:
name: cic-notify-africastalking-sandbox-secret
key: api_key
- name: AFRICASTALKING_API_SENDER_ID
valueFrom:
secretKeyRef:
name: cic-notify-africastalking-sandbox-secret
key: api_sender_id
ports:
- containerPort: 80 # What is this value?
name: cic-eth-manager
restartPolicy: Always

View File

@ -0,0 +1,55 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-staff-client
namespace: grassroots
labels:
app: cic-staff-client
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-staff-client
replicas: 1
template:
metadata:
labels:
app: cic-staff-client
group: cic
spec:
containers:
- name: cicada
#image: registry.gitlab.com/grassrootseconomics/cic-staff-client:master-858e1e65-1627284988 # {"$imagepolicy": "flux-system:cic-staff-client"}
image: registry.gitlab.com/grassrootseconomics/cic-staff-client:latest
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 80
name: http
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-staff-client
namespace: grassroots
spec:
selector:
app: cic-staff-client
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80

View File

@ -0,0 +1,119 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-user-server
namespace: grassroots
labels:
app: cic-user-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-user-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-user-server
group: cic
tier: backend
spec:
containers:
- name: cic-user-server
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-fad0a4b5-1628267359 # {"$imagepolicy": "flux-system:cic-ussd"}
command: ["/root/start_cic_user_server.sh", "-vv"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: APP_PASSWORD_PEPPER
valueFrom:
secretKeyRef:
name: cic-ussd-secret
key: app_password_pepper
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_POOL_SIZE
value: "0"
- name: DATABASE_NAME
value: cic_ussd
- name: HTTP_PORT_CIC_USER_SERVER
value: "9500"
- name: PGP_KEYS_PATH
value: /tmp/src/keys/
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys/
- name: APP_PASSWORD_PEPPER
value: "QYbzKff6NhiQzY3ygl2BkiKOpER8RE/Upqs/5aZWW+I="
ports:
- containerPort: 9500
name: server
volumeMounts:
- mountPath: /tmp/src/keys
name: pgp
readOnly: true
volumes:
#- name: pgp
# secret:
# secretName: pgp
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-user-server-svc
namespace: grassroots
spec:
selector:
app: cic-user-server
type: ClusterIP
ports:
- name: server
protocol: TCP
port: 80
targetPort: 9500

View File

@ -0,0 +1,124 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-user-tasker
namespace: grassroots
labels:
app: cic-user-tasker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-user-tasker
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-user-tasker
group: cic
task: queue
spec:
containers:
- name: cic-user-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-7a3cb7ab-1627053361 # {"$imagepolicy": "flux-system:cic-ussd"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
imagePullPolicy: Always
command: ["/root/start_cic_user_tasker.sh", "-q", "cic-ussd", "-vv"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: APP_PASSWORD_PEPPER
valueFrom:
secretKeyRef:
name: cic-ussd-secret
key: app_password_pepper
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_NAME
value: cic_ussd
- name: DATABASE_POOL_SIZE
value: "0"
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DATABASE
value: "0"
- name: CIC_META_URL
value: http://cic-meta-server:80
- name: PGP_KEYS_PATH
value: /tmp/src/keys/
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys/
- name: PGP_PRIVATE_KEYS
value: privatekey.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: CIC_META_URL
value: http://cic-meta-server:80
- name: APP_PASSWORD_PEPPER
value: "QYbzKff6NhiQzY3ygl2BkiKOpER8RE/Upqs/5aZWW+I="
volumeMounts:
- mountPath: /tmp/src/keys
name: pgp
readOnly: true
volumes:
#- name: pgp
# secret:
# secretName: pgp
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Always

View File

@ -0,0 +1,141 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-user-ussd-server
namespace: grassroots
labels:
app: cic-user-ussd-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-user-ussd-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-user-ussd-server
group: cic
tier: backend
spec:
containers:
- name: cic-user-ussd-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-7a3cb7ab-1627053361 # {"$imagepolicy": "flux-system:cic-ussd"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
imagePullPolicy: Always
command: ["/root/start_cic_user_ussd_server.sh", "-vv"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: APP_PASSWORD_PEPPER
valueFrom:
secretKeyRef:
name: cic-ussd-secret
key: app_password_pepper
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_POOL_SIZE
value: "0"
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DATABASE
value: "0"
- name: DATABASE_NAME
value: cic_ussd
- name: SERVER_PORT
value: "9000"
- name: APP_ALLOWED_IP
value: "0.0.0.0/0"
- name: CIC_META_URL
value: http://cic-meta-server:80
- name: PGP_KEYS_PATH
value: /tmp/src/keys/
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys/
- name: PGP_PRIVATE_KEYS
value: privatekey.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: APP_PASSWORD_PEPPER
value: "QYbzKff6NhiQzY3ygl2BkiKOpER8RE/Upqs/5aZWW+I="
volumeMounts:
- mountPath: /tmp/src/keys
name: pgp
ports:
- containerPort: 9000
name: server
volumes:
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-user-ussd-svc
namespace: grassroots
spec:
selector:
app: cic-user-ussd-server
type: ClusterIP
ports:
- name: server
protocol: TCP
port: 80
targetPort: 9000

View File

@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-ussd-secret
namespace: grassroots
spec:
encryptedData:
app_password_pepper: AgCrkW9x9iLDjcmmNHTopd1CXAdamuqWkiS3Tviev5OtR5d4FBw9L9Qm8P9ZsBiH9ucQSNu4XLxUuIEgyBLEPQDM5DELl+qvCmPboQ73kPxjEH4/ppqE1QnJHBFcTqfkUVDu4dBkmGPCbYAGrWqDa1bZt1Hujl+ZpWuc919nN2yxFEArs8jt8JIP2bbGKwPl21MDNP53ITtpw1euBswxUzLRcfUrw+6ghce8faFjDEnCS9NKftCwBFMQN2ddNn8aY0K1Dl/DJLTJw9c6L+3YAHzaQAkNz2I6W6ERri6Mmkc1bE1cujvftNxrWkPqh9bJD163xhMbA6vQd8rEpQelilBQpT0plcH5dj11mhAX+n3IR4Xp5kD+fwwPPgoQ5P3TJj4nfAccM/ubVVR6vLCXrO2TV56V8YgQ2pd0H3H8IJYRdU6LE9xLWdG5J32EKrhnhTNaGcFpWq3g4UUv6Fy0z7iZ8TkBce13zCiEf7AXeXzdj2KDgVW6/FBLknJoDd2m/j4GA5UC6MiKXc/X9sgHeSIOstR5nGBuYYr/12FbAPdnvV8zQzfHQsSCysciLQBqFhC5Yeepwu+UYsYCDWKGgvmC284zl52VkK2G6cXi77qcKNc6NtViZpKkJ0vRysgLLpBiDERB/NOrXef+kA6hJXsc5hqAPJjceh0XV0iT/4FA/2qq0A7qfm4meSJAxrj2PssoVQSUQmo2jopTCsa7IEq9opqy0yJaXu+dJG32IHimDLcAm1Sp0uumcd9MOg==
template:
metadata:
creationTimestamp: null
name: cic-ussd-secret
namespace: grassroots

View File

@ -0,0 +1,68 @@
# https://kubernetes.io/docs/concepts/configuration/configmap/
kind: ConfigMap
apiVersion: v1
metadata:
name: contract-migration-envlist
namespace: grassroots
data:
envlist: |
SYNCER_LOOP_INTERVAL
SSL_ENABLE_CLIENT
SSL_CERT_FILE
SSL_KEY_FILE
SSL_PASSWORD
SSL_CA_FILE
BANCOR_DIR
REDIS_HOST
REDIS_PORT
REDIS_DB
PGP_PRIVATEKEY_FILE
PGP_PASSPHRASE
DATABASE_USER
DATABASE_PASSWORD
DATABASE_NAME
DATABASE_HOST
DATABASE_PORT
DATABASE_ENGINE
DATABASE_DRIVER
DATABASE_DEBUG
TASKS_AFRICASTALKING
TASKS_SMS_DB
TASKS_LOG
TASKS_TRACE_QUEUE_STATUS
TASKS_TRANSFER_CALLBACKS
DEV_MNEMONIC
DEV_ETH_RESERVE_ADDRESS
DEV_ETH_ACCOUNTS_INDEX_ADDRESS
DEV_ETH_RESERVE_AMOUNT
DEV_ETH_ACCOUNT_BANCOR_DEPLOYER
DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER
DEV_ETH_ACCOUNT_GAS_PROVIDER
DEV_ETH_ACCOUNT_RESERVE_OWNER
DEV_ETH_ACCOUNT_RESERVE_MINTER
DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_OWNER
DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
DEV_ETH_ACCOUNT_SARAFU_OWNER
DEV_ETH_ACCOUNT_SARAFU_GIFTER
DEV_ETH_ACCOUNT_APPROVAL_ESCROW_OWNER
DEV_ETH_ACCOUNT_SINGLE_SHOT_FAUCET_OWNER
DEV_ETH_SARAFU_TOKEN_NAME
DEV_ETH_SARAFU_TOKEN_SYMBOL
DEV_ETH_SARAFU_TOKEN_DECIMALS
DEV_ETH_SARAFU_TOKEN_ADDRESS
DEV_PGP_PUBLICKEYS_ACTIVE_FILE
DEV_PGP_PUBLICKEYS_TRUSTED_FILE
DEV_PGP_PUBLICKEYS_ENCRYPT_FILE
CIC_REGISTRY_ADDRESS
CIC_APPROVAL_ESCROW_ADDRESS
CIC_TOKEN_INDEX_ADDRESS
CIC_ACCOUNTS_INDEX_ADDRESS
CIC_DECLARATOR_ADDRESS
CIC_CHAIN_SPEC
ETH_PROVIDER
ETH_ABI_DIR
SIGNER_SOCKET_PATH
SIGNER_SECRET
CELERY_BROKER_URL
CELERY_RESULT_URL
META_PROVIDER

View File

@ -0,0 +1,122 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/job/
apiVersion: batch/v1
kind: Job
metadata:
name: contract-migration
namespace: grassroots
labels:
app: contract-migration
spec:
backoffLimit: 0
template:
spec:
imagePullSecrets:
- name: gitlab-internal-integration-registry
# securityContext:
# runAsUser: 1000
# runAsGroup: 1000
restartPolicy: Never
containers:
- name: contract-migration
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:master-621780e9-1618865959 # {"$imagepolicy": "flux-system:cic-contract-migration"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
command: ["./run_job.sh"]
# command: ["sleep", "3600"]
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DB
value: "0"
- name: DEV_PIP_EXTRA_INDEX_URL
value: https://pip.grassrootseconomics.net:8433
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_PROVIDER_HOST
value: bloxberg-validator.grassroots.svc.cluster.local
- name: ETH_PROVIDER_PORT
value: "8547"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: CIC_DATA_DIR
value: /tmp/cic/config
- name: RUN_MASK
value: "3" # bit flags; 1: contract migrations 2: seed data
- name: DEV_FAUCET_AMOUNT
value: "50000000"
- name: CIC_DEFAULT_TOKEN_SYMBOL
value: GFT
- name: DEV_SARAFU_DEMURRAGE_LEVEL
value: "196454828847045000000000000000000"
- name: DEV_ETH_GAS_PRICE
value: "1"
- name: TOKEN_TYPE
value: giftable_erc20_token
- name: WALLET_KEY_FILE
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
volumeMounts:
- mountPath: /tmp/cic/config
name: migration-output
resources:
requests:
memory: "250Mi"
cpu: "100m"
limits:
memory: "500Mi"
cpu: "250m"
volumes:
- name: migration-output
emptyDir: {}

View File

@ -0,0 +1,11 @@
# https://kubernetes.io/docs/concepts/configuration/configmap/
# PURPOSE: These values are *manually* populated after execution of the contract migration container
# The contract migration pod should output these vars among the STDOUT
kind: ConfigMap
apiVersion: v1
metadata:
name: contract-migration-output
namespace: grassroots
data:
CIC_REGISTRY_ADDRESS: "0xea6225212005e86a4490018ded4bf37f3e772161"
CIC_TRUST_ADDRESS: "0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C"

View File

@ -0,0 +1,118 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/job/
apiVersion: batch/v1
kind: Job
metadata:
name: contract-seeding
namespace: grassroots
labels:
app: contract-seeding
spec:
backoffLimit: 0
template:
spec:
imagePullSecrets:
- name: gitlab-internal-integration-registry
# securityContext:
# runAsUser: 1000
# runAsGroup: 1000
restartPolicy: Never
containers:
- name: registry-seeder
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:master-621780e9-1618865959 # {"$imagepolicy": "flux-system:cic-contract-migration"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
command: ["./run_job.sh"]
# command: ["sleep", "3600"]
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DB
value: "0"
- name: DEV_PIP_EXTRA_INDEX_URL
value: https://pip.grassrootseconomics.net:8433
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_PROVIDER_HOST
value: bloxberg-validator.grassroots.svc.cluster.local
- name: ETH_PROVIDER_PORT
value: "8547"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: CIC_DATA_DIR
value: /tmp/cic/config
- name: RUN_MASK
value: "2" # bit flags; 1: contract migrations 2: seed data
- name: DEV_FAUCET_AMOUNT
value: "50000000"
- name: CIC_DEFAULT_TOKEN_SYMBOL
value: GFT
- name: DEV_SARAFU_DEMURRAGE_LEVEL
value: "196454828847045000000000000000000"
- name: DEV_ETH_GAS_PRICE
value: "1"
volumeMounts:
- mountPath: /tmp/cic/config
name: migration-output
resources:
requests:
memory: "250Mi"
cpu: "100m"
limits:
memory: "500Mi"
cpu: "250m"
volumes:
- name: migration-output
emptyDir: {}

View File

@ -0,0 +1,229 @@
# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Deployment
metadata:
name: data-seeding
namespace: grassroots
labels:
app: data-seeding
group: cic
spec:
containers:
# This container should stay up for interactive use for now.
- name: data-seeding
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
command: bash -c "while true; do sleep 1; done" # Infinite loop to keep container live doing nothing
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
cpu: 100m
memory: 400Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: META_URL
value: http://cic-meta-server:80
- name: META_HOST
value: cic-meta-server
- name: META_PORT
value: "80"
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PUBLIC_KEY_FILE
value: publickeys.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: TOKEN_SYMBOL
value: "GFT"
- name: USER_USSD_HOST
value: cic-user-ussd-svc
- name: USER_USSD_PORT
value: "80"
- name: KEYSTORE_FILE_PATH
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
- moutPath: /root/out
name: out-dir
- name: data-seeding-tasker
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
command: bash -c "while true; do sleep 1; done" # Infinite loop to keep container live doing nothing
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
cpu: 100m
memory: 400Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: META_URL
value: http://cic-meta-server:80
- name: META_HOST
value: cic-meta-server
- name: META_PORT
value: "80"
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PUBLIC_KEY_FILE
value: publickeys.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: TOKEN_SYMBOL
value: "GFT"
- name: USER_USSD_HOST
value: cic-user-ussd-svc
- name: USER_USSD_PORT
value: "80"
- name: KEYSTORE_FILE_PATH
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
- moutPath: /root/out
name: out-dir
volumes:
- name: out-dir
emptyDir: {}
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Never

View File

@ -0,0 +1,127 @@
# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Pod
metadata:
name: data-seeding
namespace: grassroots
labels:
app: data-seeding
group: cic
spec:
imagePullSecrets:
- name: gitlab-grassroots-registry
containers:
- name: data-seeding
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
command: ["sleep", "360000"]
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
cpu: 100m
memory: 400Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: META_URL
value: http://cic-meta-server:80
- name: META_HOST
value: cic-meta-server
- name: META_PORT
value: "80"
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PUBLIC_KEY_FILE
value: publickeys.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: TOKEN_SYMBOL
value: "GFT"
- name: USER_USSD_HOST
value: cic-user-ussd-svc
- name: USER_USSD_PORT
value: "80"
- name: KEYSTORE_FILE_PATH
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys
- name: OUT_DIR
value: /root/out
- name: NUMBER_OF_USERS
value: "10"
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
volumes:
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Never

View File

@ -0,0 +1,83 @@
# See https://github.com/openethereum/openethereum/issues/7288#issuecomment-393500569
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: bloxberg-validator
namespace: grassroots
labels:
app: bloxberg-validator
spec:
replicas: 1
selector:
matchLabels:
app: bloxberg-validator
serviceName: bloxberg-validator
template:
metadata:
labels:
app: bloxberg-validator
name: bloxberg-validator
spec:
terminationGracePeriodSeconds: 20
initContainers:
- name: data-permission-fix
image: busybox
command: ["/bin/sh", "-c"]
args: [ "cp -r /keys /keys-cp ; /bin/chown -R 1000:1000 /data /keys-cp" ]
securityContext:
runAsUser: 0
volumeMounts:
- name: bloxberg-keys
mountPath: /keys/Bloxberg
- name: bloxberg-keys-cp
mountPath: /keys-cp
- name: pv
mountPath: /data
containers:
- image: parity/parity:latest
name: parity
imagePullPolicy: IfNotPresent
args: ["--config=/config/config.toml",
"--keys-path=/keys-cp/keys",
"--password=/secret/validator.pwd"]
ports:
- containerPort: 8547
- containerPort: 8548
- containerPort: 30303
resources:
requests:
cpu: "100m"
memory: "120Mi"
volumeMounts:
- name: bloxberg-keys-cp
mountPath: /keys-cp/
- name: bloxberg-keys
mountPath: /keys/Bloxberg
- name: bloxberg-validator-config
mountPath: /config
readOnly: true
- name: bloxberg-validator-secret
mountPath: /secret
readOnly: true
- name: pv
mountPath: /data
volumes:
- name: bloxberg-keys-cp
emptyDir: {}
- name: bloxberg-validator-config
configMap:
name: bloxberg-validator-config
items:
- name: bloxberg-validator-secret
secret:
secretName: bloxberg-validator-secret
- name: bloxberg-keys
secret:
secretName: bloxberg-keys
defaultMode: 0755
- name: pv
persistentVolumeClaim:
claimName: bloxberg-validator
---

View File

@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: bloxberg-keys
namespace: grassroots
spec:
encryptedData:
UTC--2021-05-06T18-26-15Z--c083b446-591e-6a78-17ac-b8a99d92ad78: AgAOl4s5nOwdCRf46ufW23L0StYcDy+P81PtlIIsTCnpqAph7AHA/8Wa6QI6qwubUbryL9x+sfM09w6ESgdmWOAuqcLYqO8N3L538kpPWwO8I1/VSE3mv9f9SFYvT20XcVt7qWYa/BoQjt9KCQjIst5VB0qp4HjKjxWY5NWwrPv1x9r7rS+4NLWZ2FV4x+BhNB9aq3jYW+uyNoFnruFHBdKDjCSiX7HrBPEH9MNf5r+9+ND5EcMTk2Wc4WQIeDsiNcpetDkDPZx/Mz7OTwLH8EpYou80Mh/b70x5/VJgNzr5LeO5gGWVNwzgOlWVb+SaTuvnnDqzcCjXQpUqIbh7Eqy4g2ItEXvDE58EWmNqXUKPGflOGXuDT6pzwyCQfvjGGbfyQGH3nP1RFHBtm+DqtlqOcMm/qmg2AX2yGnzSJ2c3Qv+2en7Xakh6LUlHhcWxPaq9vGZOuoWKDHQOO+eDGGA6/Rm5yjZGXwTebYzoW1LZcx1ZvZl1d7AO1xt4aoFNP4/rbQPyYmKAFZmuIXz3bUSVQ3IgeKErRK35Gxx13HCb+8hWcKuXFsmEQJpaxUbFG4RWcdczrEjyYeiRs358h+YhZKYyWyeGq1SVPR0GIKCyzBBQ8cgvl4Vm6VtIMhzFWZproLLwNDjFgMoCBxz5k92uQpNlpHHS4PvQsvfSuPd0a6Iiizcm+aAxSp12B3PotAw4qTDDvY5vyfF2px0BG5YUqNNAZRzcRxNMiLqi/VKYuGBtyrCzN1vnE6bRVgFELj+dbESE096ukdPP6PEuCEpCngrdbOJSy4oS6KPmNg6gG0kgMFo8HrG2kdry632TG4vZIV8QHijuhD4CIN3WEoC7fXvn99GjY36uuRTWnseGhUxbOJWqiTgKJlaChikfSjZ/HfNeQ2f/1Pb1k7enoSFIQsiYKdMcEsuVVV6WoM7re/gm8RAXXUrz2s+rnu0VyVRxC2jpWD0r7jfneYWwgMqS8FDrraa1zUsA8wm9rA7O4fuK9ZWMhyO7JkQOzzBpN0lp7pNkyoyqgqLJNIqjH4Nhb9w3Ijx7Ajfzj2tCYxTvlLX4WyiVWUG40nSenrEoIaxYhpwNZ4+wvdCEBX3JmfSNZ6uuCn1rTb5w3Eqo0+ddFo1hbsxKF0DUTTaYZlzR6+yUSv2HpqqP2K9j83bJB+8go0WySiz0+sUdj8YLBdld/MaWocFTuewC52l1joapMsnNcvBouETwe0jHpvTBcve1TymVlzQl7s8/lpLxp8/iphqCwkvykDehV7J18VTH+zvPBL094WTkPJLv0NWsAEeUnHApjXgyzWY5PLZboL0OW4fCfU8NwlU2r8zryd6txQKeAgzyYghKvUuJ5gOs9U+fw5rdLc16xUA3QQ5qO/2zzC+XmvscQ7Fk
template:
metadata:
creationTimestamp: null
name: bloxberg-keys
namespace: grassroots

View File

@ -0,0 +1,250 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: bloxberg-validator-config
namespace: grassroots
data:
config.toml: |
[parity]
base_path = "/data"
chain = "/config/bloxberg.json"
[network]
port = 30303
# reserved_peers = "/config/bootnodes.txt"
nat = "none"
discovery = false
[rpc]
port = 8547
apis = ["all"]
interface = "all"
cors = ["*"]
[websockets]
disable = false
port = 8548
apis = ["all"]
interface = "all"
origins = ["*"]
[mining]
#CHANGE ENGINE SIGNER TO VALIDATOR ADDRESS
engine_signer = "0x494cc42e63f076ff7bc81043ff310255a527b377"
reseal_on_txs = "none"
force_sealing = true
min_gas_price = 1000000
gas_floor_target = "10000000"
[footprint]
tracing = "off"
[misc]
# Logging pattern (`<module>=<level>`, e.g. `own_tx=trace`).
logging = "miner=trace,own_tx=trace"
#bootnodes.txt: |
#MPDL Bootnode and Authority
# enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@141.5.98.231:30304
# enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@130.183.206.234:30304
# enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@141.5.98.231:30303
# enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@130.183.206.234:30303
# #GeorgiaTech
# enode://4d9e6925ef3a92315283a655e856aa29dd516172c4f38d2a8fcd58c233a2cd80c57b507fed3bf351b1ac0611e8c7fefd6fb1c49de2d0d15eb1816d43629ac4ba@3.14.148.213:30303
# #CMU
# enode://ce0154eb13c1c038017151dd1ff4d736178ffedc33f5e11fe694c247eb09279886d253c3c775486eb709a65057901e2788098f991c58e6ad26ff957a8f45253e@128.2.25.89:30303
# #UCL
# enode://e41a38d659f13d47f3d88c5178e0cfe97487d3568000b85ae3a4abbcc35404d2628cee8a7e9071b63802542bafd886447ecf1d02fc663be0534779094a3e4fd1@128.16.12.165:30303
# #Sarajevo
# enode://6959137e1c66384e82ce6d9ba7e09bb0e56817f4834416448b98f646a335168c2967760a1daa5e3ec5ac2a3401be1cd05927568cdebf49c25d4770f5bb8fbfd7@195.222.43.21:30303
# #Zurich
# enode://6173beaabd1a82d41e3615da2a755e99f3bd53e04737e2ae2f02a004c42445d8dfd1d87aadfafabc4c45a1df2a80f359ab628c93522d1dac70690a9689912bbc@129.132.178.74:30303
# #Internet Security
# enode://bc50cf41d29f346f43f84ee7d03b21cd2d4176cd759cd0d26ce04c16448d4c8611c4eab4c5543e29075c758c0afc2fd6743fa38f48dc0ed1f016efbb5c5a7654@194.94.127.78:30303
bloxberg.json: |
{
"name": "Bloxberg",
"engine": {
"authorityRound": {
"params": {
"maximumUncleCountTransition": 5006743,
"maximumUncleCount": 0,
"stepDuration": "5",
"validators": {
"list": ["0x494cc42e63f076ff7bc81043ff310255a527b377"]
}
}
}
},
"params": {
"gasLimitBoundDivisor": "0x400",
"maximumExtraDataSize": "0x20",
"minGasLimit": "0x7A1200",
"networkID": "0x2324",
"eip140Transition": "0x0",
"eip211Transition": "0x0",
"eip214Transition": "0x0",
"eip658Transition": "0x0",
"eip145Transition": 5006743,
"eip1014Transition": 5006743,
"eip1052Transition": 5006743,
"eip1283Transition": 5006743,
"eip1344Transition": 5006743,
"eip1706Transition": 5006743,
"eip1884Transition": 5006743,
"eip2028Transition": 5006743
},
"genesis": {
"seal": {
"authorityRound": {
"step": "0x0",
"signature": "0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
}
},
"difficulty": "0x20000",
"gasLimit": "0x7A1200"
},
"accounts": {
"0x0000000000000000000000000000000000000001": {
"balance": "1",
"builtin": {
"name": "ecrecover",
"pricing": {
"linear": {
"base": 3000,
"word": 0
}
}
}
},
"0x0000000000000000000000000000000000000002": {
"balance": "1",
"builtin": {
"name": "sha256",
"pricing": {
"linear": {
"base": 60,
"word": 12
}
}
}
},
"0x0000000000000000000000000000000000000003": {
"balance": "1",
"builtin": {
"name": "ripemd160",
"pricing": {
"linear": {
"base": 600,
"word": 120
}
}
}
},
"0x0000000000000000000000000000000000000004": {
"balance": "1",
"builtin": {
"name": "identity",
"pricing": {
"linear": {
"base": 15,
"word": 3
}
}
}
},
"0x0000000000000000000000000000000000000005": {
"builtin": {
"name": "modexp",
"activate_at": 0,
"pricing": {
"modexp": {
"divisor": 20
}
}
}
},
"0x0000000000000000000000000000000000000006": {
"builtin": {
"name": "alt_bn128_add",
"activate_at": 0,
"pricing": {
"alt_bn128_const_operations": {
"price": 500
}
}
}
},
"0000000000000000000000000000000000000007": {
"builtin": {
"name": "alt_bn128_mul",
"pricing": {
"0": {
"price": {
"alt_bn128_const_operations": {
"price": 40000
}
}
},
"5006743": {
"info": "Istanbul HF",
"price": {
"alt_bn128_const_operations": {
"price": 6000
}
}
}
}
}
},
"0000000000000000000000000000000000000008": {
"builtin": {
"name": "alt_bn128_pairing",
"pricing": {
"0": {
"price": {
"alt_bn128_pairing": {
"base": 100000,
"pair": 80000
}
}
},
"5006743": {
"info": "Istanbul HF",
"price": {
"alt_bn128_pairing": {
"base": 45000,
"pair": 34000
}
}
}
}
}
},
"0x0000000000000000000000000000000000000009": {
"builtin": {
"name": "blake2_f",
"pricing": {
"5006743": {
"info": "Istanbul HF",
"price": {
"blake2_f": {
"gas_per_round": 1
}
}
}
}
}
},
"0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C": {
"balance": "102000000000000000000000000000000"
}
}
}

View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bloxberg-validator
namespace: grassroots
labels:
app: bloxberg-validator
spec:
storageClassName: do-block-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi

View File

@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: bloxberg-validator-secret
namespace: grassroots
spec:
encryptedData:
validator.pwd: AgAu6Seh37ELi6AXKetNOGMZpOrzkjukS6FLCGJTzF8jsIlgoCMbZ3krLfDoJqmbidNJRxmGtHbsjHwwfCNdqkOoPDBMKdRGzPD62zro5a8Spw2hr6VtEY/dA/sRswKfwMTCgHxG7eF3SVAOwZ/kqNMSMCJWhxtFDjcwdi2F4S33lR+3Otw7Bbc5dBRSEA7UvC6DRfasx1Tmd4Tcw19W3tRtqG6CM6HgIfmACYLgQucMOZDr5MZK/MzvOngrLc4wLHTO5ilmrdZFWfpX+KhGpYPDS8sUrKjrGTfHpCHpuzdX+Q6wgfVWxK/8X3bCryG+BB4zY4FR+ETpIlaSd4RXCpVVUYdZYXi8OURFAyf/+hCEDucOFpkqSTOATu0bzU5o0Jvpx9XiGOsjYv0GfYpIoc+6Ii9pV9J4EJMxRDKgGJXfFSZPmNJuDU/0Xx+FeKk8/8f7p0C1M12CqBk/XxqveNJTiMC3cfdCULsUKYSmEbxbXjz46RIcTvsu9I3Tc2spgHpagmUnl05MnlWBswV0kQkjy1tfkO3emqzfNWLZeTN5H7B2/vmewdq/3VTROnx9IRG0fRIpkOEPWgzO9MlNfM/ltBRRhyhmbFS1wNWJqxG8IiSVLzegKC33boknmqGP+qI1nQGZ08GFWUNZMhQmRHQCQj/H5rPtzxDzNQtGM0S4ZbZjmuv4M50IM06vJvsVrps1sETbiIt7ojg=
template:
metadata:
creationTimestamp: null
name: bloxberg-validator-secret
namespace: grassroots

View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: bloxberg-validator
namespace: grassroots
spec:
selector:
app: bloxberg-validator
ports:
- name: eth-net
port: 30303
protocol: TCP
- name: rpc #TODO change to rpc
port: 8547
protocol: TCP
- name: websocket # TODO change to websocket
port: 8548
protocol: TCP

View File

@ -0,0 +1,16 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: gitlab-internal-integration-registry
namespace: kube-system
spec:
encryptedData:
.dockerconfigjson: AgBBXZyqqPhVZ53L4avFRFQxUmH7pw+fqFQap/4tK+anHhnrbb5sBSPSBJsB4mKzmmdVpaKgrjteFLaDcukWBVLQTB8b3MOKbXB42batIy+7ev0+vpARXUDiBuqw/Suaatqi10D4X6sV+COxXEOgxtZpD9OAiTtUVXWIOHRnenWZztLjtr/LvRJFtBTYuXyj1dFo1HZ8kjDufPjE6K5rVgZNNkudKmk5tAYrIxiE7PTPyRrJ/eO6ybVqtRtahv0sXjTGWTLlUS0OksJbinprCp8mAUFddUxdo+6rX5AIUHqmIupE0KyRyNio4WB/Kkg4zsOPh96C6Gtd1NgjrCwibDxBDUIgKbWVK9b3LQ80FHSmdUC1vQfxplTt+G0zchiaP/HTHjXfrMy5f5w0k6gP5dTLL58/FJtUUF4O1CWqkr9tsPhKtvEAA1t9EIHUYGxsY7fIsUTmZe6vLT5KGD6sbjBFD2I6IHxQsKlzYwO5GBC2OGYQbbmFJZNyVVWShnEMZFRWnx283O9LewM64euJKJ5EVnuLFNOSrrljRS5gJgjS1IwyL3JqG6fzANqBfj+J8Vv3NOEkcNB2j4/1a3DIpqh2gO/ObnQn3TEtbYGCmiLtbv3S8Jx1J/Wvnz3PzwrfxoV6wxPF3qofQkALQWh5jQcj+gG/K30raYOxGFBXCAl7Ms6xmbn6wgsXy8sABXGAQsuvPie8422KeZ1J3nd3DUfzMUeGNy2clDVgDTvfttmPlPeS4RdQCQZ9tbos8TsJIKWlHGRy+77cXmqvA+QYNvmUk5CAPaGL0gWktChvdRz8VHC736OXQzEN6kKFZKNzEo0xYjRUgMCuzy0c10mE4C59FyqQi9wjqmukzaUh2lCMgxXpueGNZQHDBT6pZYlO7gYDtkgq7eyVXhcHW2xVhYh8yaQMDANAhSad6oGEqmf812tgpCq8sM4zWysX6bU+7MPRkWXTcRPJh6EtTrw2wMED8Op0pQ==
template:
metadata:
creationTimestamp: null
name: gitlab-internal-integration-registry
namespace: kube-system
type: kubernetes.io/dockerconfigjson

View File

@ -0,0 +1,129 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grassroots-ingress
namespace: grassroots
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-headers: "x-cic-automerge, authorization, content-type"
spec:
tls:
- hosts:
- meta-auth.dev.grassrootseconomics.net
- meta.dev.grassrootseconomics.net
- user.dev.grassrootseconomics.net
- ussd.dev.grassrootseconomics.net
- ussd-auth.dev.grassrootseconomics.net
- cache.dev.grassrootseconomics.net
- dev.grassrootseconomics.net
- cicada.dev.grassrootseconomics.net
- bloxberg-rpc.dev.grassrootseconomics.net
- bloxberg-ws.dev.grassrootseconomics.net
secretName: dev-grassrootseconomics-net-tls
rules:
- host: cicada.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-staff-client
port:
name: http
- host: dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: key-server
port:
name: http
- host: meta.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-meta-server
port:
name: http
- host: meta-auth.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-auth-proxy-meta
port:
name: http
- host: user.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-user-server-svc
port:
name: server
- host: ussd.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-user-ussd-svc
port:
name: server
- host: ussd-auth.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-auth-proxy-ussd
port:
name: http
- host: cache.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-cache-svc
port:
name: server
- host: bloxberg-rpc.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bloxberg-validator
port:
name: rpc
- host: bloxberg-ws.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bloxberg-validator
port:
name: websocket

View File

@ -0,0 +1,57 @@
# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Pod
metadata:
name: "key-server"
namespace: grassroots
labels:
app: "key-server"
spec:
imagePullSecrets:
- name: grassroots-registry-dev
containers:
- name: key-server
image: registry.gitlab.com/grassrootseconomics/devops/key-server:latest
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 50m
memory: 100Mi
ports:
- containerPort: 8080
name: http
- containerPort: 8081
name: http-internal
volumeMounts:
- name: pgp-meta-test
mountPath: "/etc/nginx/html/"
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
items:
- key: publickeys.asc
path: publickeys/index.html
- key: signature.asc
path: signature/index.html
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: key-server
namespace: grassroots
spec:
selector:
app: key-server
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
- name: http-internal
port: 8081
targetPort: 8081

View File

@ -0,0 +1,260 @@
apiVersion: v1
data:
privatekey.asc: |
-----BEGIN PGP PRIVATE KEY BLOCK-----
lQWGBGCufzABDADb+aeREhuVWeqoWyeGosQeDypDnFFPlutXUtfEBMjp05gt+zhq
o0TCmS6U5XIRTsKimEQepvuZ6MmWznv9mhSEYFNHfJkrzoQSstw7YNbzMR8hhjqV
T9xaumSbOhxKXIdioZi8xk/z4PFxxCd8V16oS3+s6/n40f1aNaz4onB8ATNoRl3g
Qn+bn4FNOpQWGEI8zXqzFQduuXwDfBJ7ZuQYlh0o8vIowml3xcJjLlRz068nYRR5
yX1MTCJmxTC028Ep/EcIi5hgsnXqAMCweYCnMCAft+7a4lVSziNQc+4lhG4hQaIO
zNUcr3iPsyGEd3/PZi+AdGStX7nnHr34b/M59LGAvtoMEXi4z6UjMEoYDKdm9GJ8
0z5CFwElj28RgVilawDufluycmfmRTY5B+1Oq6ugN30xEjgPEoGKbZHwm9+9WRek
81YV7GhgwOO7UYbSK4rsgD/B+Cse7ADXD0o9DGvULYjvD5BpMG0jdRkFBTFFZ3UN
kb4UZtILMyPQA7cAEQEAAf4HAwIUu1QuUtT4sOClIovUmBqdEwQ4uzir883YkCQ+
p2zfZVNWjnMqWv2UnVVelumWlkLXFe5eYbYVfl+VN563xZremkZp1/pxUMeH48FT
M3xb2rTulthQLydwDftq1mTmcMaXKoeoHmbEqM7AtmVTN7NnsGYZ+2bmL6JYo54V
/C9dtc4ZLrVtHkJAI2TqxebpYEzBUFM+l0G6xUo8r5SaDWCU6WEtY5zD1m86b1yT
PZ0IyvfUEOCKE9zs+gG/CjTmYrZPnLIHTeFcLuexB4OJBnJ+n4P92PJlDXNkBmSp
fyGFykRtT6rgiBmW2mu6pA52Yn9sonrYREvxIUsk57ADvTFPWQxEan94QBKVb363
ADzOaluuxlD9y30P5FgJNQGoamPlfN8haMRCjHuWjfb3KVc1E+SaEHubF532/QxN
BtujSE1O4ieymilCBHdcBOazi5+89h1zwcj2QWo9+VKnYXqIWnmH4T94d64wkPht
4rCpyWlTsAWvJTUBpoeIyofTB3uRx+nogvLBJisdaahPOyGHxmj3ARwa43WH4xZj
rkkeCSd6bCtnTIHWrscYeNkmp+yg75uW30Rs5litKYZ/TwsYrHPOVHyDax0f/mOH
4L9Jy2pT68i6AON0H57oET+lNZmfWSi9nCvoJNYkbAYuApnQM75zwgZuvPed3uAN
NxlYaWxPhL7CzyVZYPdX5LdfN1sGK1nHE38G0k82NNkNJH7Bqz55ar2cLPxDWJjD
iso4mBO/9bEOTGrpfI7EhuuQIk6pML20yD1v/Pmrqkys58gxJ8GrLucv7b1J2mB2
b1wVxi8ftcttpSni6uDjUPRoEEAOAojyuwOfNcUhq07mvjPwg2JBCi4LJsRVL7jc
jKJBa73Ez9WvgkwbW1d5w9yDEdos6MBMHZQueKrWKhOiFnToAce3PSwUh4jx3tN6
eVKkBnc/r48Q5ZvJP4JfVqq9tmO55GeXp5UYQtSIHYwAKNpxt9OdGR8qNvgMO3xu
CCibusYv6Jis4QnnFUl+KsZZLk0afq7KvXdfvBs0QNfGzd5IdGFXXa7+hwlHaRG5
j8k3T/5DjzTdE59r7PA5l5aUcN+SamkhGNaJMm4TRSJBGwxUkvX3rSfinA8WCh19
8BSoFMWSYP18CEDsHqZKs9QgKTFx+KiYmh/nAcTZrSrgLWCz0Bzox097zUurwDs9
ZBtcZonVBnUOYX/YT1oqSVXJEpynZ5HfdkZ4l2jfp3ixMeuE4gJvELzOA2Y8FaM/
oDYt+Danj1bcKNcXWKOPyW7qL1LjiD1VC5oVlhUiw32YSLh4blP5SrHQTGyetLVi
TWaTh7z2Rhyf+PGpfnUWu2Hsp1V1WdfzArRMUXVlZW4gTWFybGVuYSAoU2hlIGlz
IHRoZSBxdWVlbiBhbmQgaXMgdHJ1c3RlZCkgPHF1ZWVubWFybGVuYUBncmV5c2N1
bGwuY29tPokBzgQTAQgAOBYhBMzi4dLQ42reBAXi0JlbshgWMTvVBQJgrn8wAhsD
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJlbshgWMTvVLqQL/jnG2Y3ua7d9
CC83VFeOkMOVkZs1Vl4/2o9fsdo2Ji4YxaozKatboJubwpO3NjLaFYQx6+C/6btm
IZ5kFVBHxDB4sw8rKfkl56DqQMKXjAyWYLcC/UNcZdfV4w0+Woj+KgL1uh1bxpiU
My7NNnxvPzo2YGMrOg0xbjhwuPuXHv0bywrJS8kFnHEz2o75afHmwIZmmzZci4Fw
pFDYxOWszFRF7XcQu0tlJj/eRzr/T9eOlhtTOs5/Fjt007TNOjBBHsF9U3zkf1AX
xn3kxFcdgbdYXEMp2uSr+sMSFqSsnm9KAqwC+RU8iG2Sv9Ff5YnOvg7CfqymGGFi
eLvplMxpqdlOpywMrhpXqT/a54vqzxeJ3axTKkg/c3T4Gek0P0IAsM6nTWa43zVm
BKhkFNdP3TuTvqQFy4ZqLFDNHCk4SfNSYW1Dei+irvcysdFb6+ZDXAYNdk0N+Ajl
rwxcQSQaA6maufgcO/sA+b7e0JOMgM2Dr5LrND4Uz16zMGYgeQQp/p0FhgRgrn8w
AQwAtwZKgIDeylKFox3edzPBTS5ZF5Rs46Wp6e+OF1ecvfbQmPV8vHPZkLrNYTt5
UODKJJLJO5hopNgJigMHmAbrXqFSZB/XrkkwfuZ6yY3Fyxa7qaSeyEdDX0SH3533
EP7vDFryZEt5bO9g1aUbPeBYamSMfrkgGdj7M+ToERuvpVV2LhgBAJeAbnk+2a0S
/Jcx873mWax/TmFLz2yO2TZFT74iMC2CyQMLPbjq/r5gaMsMzRj20jJ4+matT88X
L4lr3JkytkWx5H9G+n0kuNXmq6GTklwMXyV7XIux9iUvqhr7+cSqJFniVbiGbWTo
zfBk/rJrCCcCN+zUh+iQUtVbw4WsrBvo7Po+urlw0bbf/BptOmhQ+bICAApxVR/F
0teNe82LaFHrRXcQOm/F4cJqMPtZvBz/iOJO+nqGDgRsgUR8gA48RZdRgYxS5ePR
bWEKUhlmtyju9162CP2c24FqBuUb+nYz0F3vnRhRC9n5MO7ZjtNFkQwl6O+wJ0UA
wnqdABEBAAH+BwMCtM/xijzS4N3gHy+0b+fuxTijqtNa/w4U3efhzEByB43uK465
i/mNLD/JaAcegWEdi1kAhxJchemlxtnNYyXo00KVFoEkU8nMCwfSbuXuVDTcRHUp
7ruHgI0s+71q1M/IfVrr43UxwWNzMAahJT2Nl3NDgRSU4lPRnDAhSEknw93J/6w4
DcvOZZjvmVsxA/95S8JqO4sdPnfv/aod1+UI8s03vN17WKlvMYU4OJnfGhkw3dfI
sC7JYF/l/VrZ+rRSLsMitMRqlNJndIR4h0ph8dg/LfIhOJK8h/41MPliw1w32qyN
m1d/fQgkLBi3dTgZPIxFEjH2povCErYmzOt/axHAp8o3Fhj4leXq8noTuX5aQ7MT
Ccp9xt5bQdpTkb2ZPCS28DrKqKHOFyK9NQJe37qzoDedF5HqDECo/bE7dnYb+xZc
Wa91CTdlzWrlVRPvQ0NhnxWoUuveG5ytVWpMScQIsqt13PL4H1pDaPG6I8kHrWjJ
BW+7iVafvb6rRQCQXs3ZX56X8syDZh+wVzXsiCpojWH8ydgpltr4AjN7iCMcsHqI
Gd+OOB9DOdAbZU2xbBQ74vQZS/hfrswMdSixeOYRFCtfNqCHRrifryPSG2po+OkB
AJ+JJECvIFxLZwgMxT4AH2fDP7ULa8IDj+5oIwziGuqX6qbQQsRiExvWOOP281M7
AaVcOjeEGgc+puNxM9PzwIZWHxETi7ks2QDJQHQqD+MxdkLztqAnR+ln+hZ/WAQD
197wu4WG6OSpjaw+khMSl2tAOKZzeyhZGanC3VhFe1Z9CzWmwSgeO6aOXejFTzeE
A2ZRD9QjvdIIFj0aaLshsFcF/inO9HHRlmJMYmue4PLJYJTBvs/N4/XWdWUhMWxG
YJTBp335WtGsuqCWVZPzJb5lkcdC8yUa4FO3Z/fmHT3tKZSrvwROa7YBqDkUfhuP
64/4n1TVXcgRMA4IgEJNYt5mVVgOb8o/0G13LqoByI9/V8sHrW0TTIZPblyaoFah
BfnWekdgWzeyYJWgm+IzqVAWOgrkQAzalFuZuBF0qoYb2SDdqohNw/erTcd3CM35
dgQozqFpKeT31HRVYOjA0ZyjBllY3EYTCU5mFtfH45Ao7d2C3lbRiHzXOxS0sF0+
fIDKZXHXAnt141Ni1vNrs+WxyfJ5yMZHEQ5R0o749I67rg9x3hXnwDUw+mzibBOx
U/7xxcuRe5PkITjk2EwjkZvrM4KEHsuVvRQF7cJ9AhqYFaVZKOBGAvKJ5OGaijaF
oiKNP1vIpmCvFHS2kD8mi8oMx786f8Tks6r9gCFq+nnSbFV3W2hzzwD6825V3wMB
d28RBBk8wtyD2G5mAWQNHISJAbYEGAEIACAWIQTM4uHS0ONq3gQF4tCZW7IYFjE7
1QUCYK5/MAIbDAAKCRCZW7IYFjE71fmOC/9zly33PS50gR6kcFtN8KBgfNcwd/Yz
ZzI8A2o5nAFhcHwWH/f25hGXxbh3hGoz8NaiGFFktiefaQ+9M2Usb15OSjTeKT6H
KoBxSkn641fkV77Ed+a0rGtOhrelKviqQJtS/5509LbIpiYPpfSEw0OwlHfY7ZeA
l3PCOZHkiyOwR/hmj2gbHpbSqxSJdWftTLMUDaCTzqfSkIjkB6pTgJkLPM4eUnTL
xFP4VckDhbnj1a92AjI0BoUVRlQUKDwhquDlP4XjOmRSRZh4Yi8cQh0MDN3SR72x
wP3953xYOYanABMcANqV0wPRm1tLXORT/kQDBVsDsYATS9a5Kt4QyF6FnR16rcK5
lAqXet1/O1rvVvaJDzXnzoQOa0ORgdFcti+2pdCbwNy3LY2LvJDl+I4PDGTqk32H
/HUuCprWkcZu2dLCP0TeEVRg95wyCFc4C0G1eL6yeIKcH/l6Dp5ToLfqpaIt6LXL
HpfJD0o0eOq46T+IQlOFsqLmeqZTM7wRlwM=
=8eSx
-----END PGP PRIVATE KEY BLOCK-----
publickeys.asc: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF+hSOgBDACpkPQEjADjnQtjmAsdPYpx5N+OMJBYj1DAoIYsDtV6vbcBJQt9
4Om3xl7RBhv9m2oLgzPsiRwjCEFRWyNSu0BUp5CFjcXfm0S4K2egx4erFnTnSSC9
S6tmVNrVNEXvScE6sKAnmJ7JNX1ExJuEiWPbUDRWJ1hoI9+AR+8EONeJRLo/j0Np
+S4IFDn0PsxdT+SB0GY0z2cEgjvjoPr4lW9IAb8Ft9TDYp+mOzejn1Fg7CuIrlBR
SAv+sj7bVQw15dh1SpbwtS5xxubCa8ExEGI4ByXmeXdR0KZJ+EA5ksO0iSsQ/6ip
SOdSg+i0niOClFNm1P/OhbUsYAxCUfiX654FMn2zoxVBEjJ3e7l0pH7ktodaxEct
PofQLBA9LSDUIejqJsU0npw/DHDD2uvxG+/A6lgV9L8ETlvgp8RzeOCf2bHuiKYY
z87txvkFwsXgU1+TZxbk+mtCBbngsVPLNarY/KGkVJL+yhcHRD0Pl4wXUd6auQuY
6vQ9AuKiCT1We2sAEQEAAbQeTWVyIE1hbiA8bWVybWFuQGdyZXlza3VsbC5jb20+
iQHUBBMBCAA+FiEE8/r2aOgu9RJNUYe67yb0aCND9pIFAl+hSOgCGwMFCQPCZwAF
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ7yb0aCND9pLwiwwAhFJbAyUK05TJ
KfDz81757N472STtB8sfr0auwmRr8Zs1utHRVM0b/jkjTuo4uJNr7YVVKTKgE7+r
J+pwhm3wlTQ44LVLjByWAi/7NWg3E9b2elm+qkfgm/RfFt3vkuOxGSyZyIFFh+/t
wv6iABPvr6w7MZwrFaS0UP3g1VGa5TFqg6KNxod9H/gPLxv45lutXf3VvBZTJpr1
pxn7aLHlFzEyIgNZbP/N1QF44GSrN/k0DfL631sZjauUXaZXbi5xGsKKCYwJ1g3q
587pi6mTdTV3n0hKgVuipO8hGy5++YeOv+hXsCxDwyZ+Shv+qavd/SapxYgCdEue
uwONIFfsIsWCd3SCcjKXicTTEFMu8nvBmf7xuo2hv6vEOxoijlXV+4LkGrskdB8Z
Mg8PywEx6DLmDokgnAhTLrTc1ShbkOtQ3yNjjyFK7BDpqobsJal6d8SpbhccUJLe
paSmsk0CgJsTjhAl6EwX0EYgTo3kP5fScqrbD8VwQaT8CcE4rCV4uQGNBF+hSOgB
DADHtpTT1k4x+6FN5OeURpKAaIsoPHghkJ2lb6yWmESCa+DaR6GXAKlbd0L9UMcX
LqnaCn4SpZvbf8hP4fJRgWdRl5uVN/rmyVbZLUVjM8NcVdFRIrTsNyu4mLBmydc3
iA/90sCTEOj9e7DSvxLmmLFjpwM5xXLd6z0l6+9G+woNmARXVS3V/RryFntyKC3A
TCqVlJoQBG45Tj2gMIunpadTJXWmdioooeGW3sLeUv5MM98mSB4SjKRlJqGPNjx5
lO6MmJbZeXZ/L/aO6EsXUQD2h82Wphll4rpGYWPiHTCYqZYiqNYr6E3xUpzcvWVp
3uCYVJWP6Ds117p7BoyKVz00yxC9ledF3eppktZWqFVowCMihQE3676L3DDTZsnJ
f1/8xKUh5U2Mj3lBvjlvCECKi00qo8b1mn/OklQjJ5T4WzTrH6X+/zpez8ZkmtcO
ayHdUKD/64roZ9dXbXG/hp5A+UWj8oSVYKg2QNAwAnZ+aiZ2KVRE/Y61DCgFg6Cc
x/cAEQEAAYkBvAQYAQgAJhYhBPP69mjoLvUSTVGHuu8m9GgjQ/aSBQJfoUjoAhsM
BQkDwmcAAAoJEO8m9GgjQ/aSIPcL/3jqL2A2SmC+s0BO4vMPEfCpa2gZ/vo1azzj
UieZu5WhIxb5ik0V6T75EW5F0OeZj9qXI06gW+IM8+C6ImUgaR3l47UjBiBPq+uK
O9QuT/nOtbSs2dXoTNCLMQN7MlrdUBix+lnqZZGSDgh6n/uVyAYw8Sh4c3/3thHU
iR7xzVKGxAKDT8LoVjhHshTzYuQq8MqlfvwVI4eESLaryQ+Y+j5+VLDzSLgPAnnI
qF/ui2JQjefJxm/VLoYNaPAGdqoz/u/R0Tmz94bZUfLjgQaDoUpnxYywK2JGlf3m
PZ3PNWjxJzuQTF5Ge5bz/TylnRYIyBT7KD7oaKHO62fhDbYPJ4f94iZN4B6nnTAe
P34zFDlkUbX4AHudXU7bvxT5OUk9x9c2tj7xwxQHaEhq2+JsYW0EVw27RLhbymnB
fLjVVUktNF0nQGvU2TEocw4pr2ZkDHQkSnlbNa4kujlL7VzbpnEgyOmi5er9GaIu
VSVADovBu+pz/Ov1y/3jUe8hZ/KleZkBjQRfoUkaAQwA2r2HiLvpnclyZMoeck1L
FoVyEU/CjPcYWF1B76ekO9mrlYvbKsnsyL0WcuEqwCmHdLk70i743Fn21WQK4uvv
lvrEpev9aj9DihyLctv4qrPm6wAU/Xibf75tg1iRL+muMQfv6hQhjdhwkYFx/7XQ
6UWkEibqFS7xJwrhz9lHL4KTA4sO5PeW713+mpz7tM5RmGV6NOQAyEEfAv6OawlW
k0f5o8xngIoyo2BS5qIeEBO+iz45+GG8GQC6XufOIx7VVl++ZpsxZKtDq/AXfAsk
xfLRwZMqH9Db5pPMzrL1bPV16AwoWqhAGd2HIMkODLEC5XTGIKCqO5+n288rHhAJ
TqFmE7TpAo+Eb0Tkk4jfm6LyRonmQGpu/Zxa53n5D6d+AgYWAMeHkEthWJkES4mK
pZu4nV21+n9mynnPg8wzthL705Q6IBjtlxX8EP6eeRFE1BUCNp2RZttTSdI+8iwz
YsGOJdJeeXeLOGhvU9/PLkRj9jgZLgCLAo1QGo2oxetZABEBAAG0IkJlYXN0IE1h
biA8YmVhc3RtYW5AZ3JleXNrdWxsLmNvbT6JAdQEEwEIAD4WIQT2ReBH7lvE4oJM
lNtC3JHPqKugKwUCX6FJGgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gAAKCRBC3JHPqKugK25hC/9VF1fekj0IKnrOJRUcK/Cv4RBowl60V91w27ApsoP2
awEJiFhY7qRijtkA3NKrT3tke7aTnC3yAJ8SFOmvIAC94ijb7Iv97xkG+1IIz8pv
ru9y+dzd2NnvCkts8gFF0CI/xtEME90rU3Pay9B5IyrpP++UdmSmnp3Neuwi94BZ
DfMlqkeiYOzWWSeYbmSSVfKTXeBdUuTyfRI4m/bPbh6gegOB/XdgSIrNY74D0nR3
np0I+s0IGZepK24kgBKfUPwRDk7f98PXCh29iL3xH+TBxu30WHq7xKmPoXxCRyFL
tnKF0MN5Ib276fHnJZM+hXf5i/1EPi4NLnk86e7fNI69hwiUd1msEt3VmZWe7anJ
e/1p3sSXwbQGhhGWM5K41/rQ1CZ9qD95d6wkHRSc0n4z78qxgYV73yJHinN8xIFn
PWbopPPIJbELSoM3IEpHobsj95pH4hzZAPSmDfOfLzV1G2ec1QPfWnTqUriUt7ed
Ds4//7Cczj6sRh2B6ax2diC5AY0EX6FJGgEMAMqxn5io6fWKnMz8h5THqp4gEzDu
oImapfMKbAKcxEtJmcLkvn+4ufEP/hcll66InqJHsqMOrdb+zbduCruYWpizhqCI
GSsuRu7+ZEEkQFmF5juCOV/5qKQJgZZmxSKbRtboapMRR/jmg1pvhnUG7wJOGWi7
qv+iRdsWKskDO7tUQE34+ID7IwfDZe2fbFKxf66nPlUunF8aMglsvGmtCEzm/xwj
unHnmoqZBQIzTdEXIaEwhVosbgY7A1iwOJ/gT2dcF2KJa7tygrtcbgdVzYCibynw
tlvDGXukweuYLQFsObyBG3UHRhJg61p7n344sy1U9uwCP3/pVCr9bNY9mLZpCgHF
kqxErmB8cWouQkbwnqxQFm21KtGFzjUawuKBXVtDEeA8C5Ha0sx7lw5JrX8GD3EL
60qKWjqujJsR1kyijXx1No7Xr9NWWuPoIDYH06ZoYE+j065VTRqZIGr3NjUZnqT7
s9M41roQMnKAzRBXousRXRW9dXfS5YIG4nWTlwARAQABiQG8BBgBCAAmFiEE9kXg
R+5bxOKCTJTbQtyRz6iroCsFAl+hSRoCGwwFCQPCZwAACgkQQtyRz6iroCt8igwA
gopqy+UgxJ7oTL2zvOgL1ez7bv+E/U1/7Rdy5MHwr4WF6oZRpIBlgv3GXXeIFH9b
FdDhgyPKgh+Tz24JBL+7YjUtWGe/G/pmmNK1YazB/OxrwiGFpTCyk1zhxEkhMu7H
u3LgD571K+4TUUpaPCqEeoBBg6O3T29DH1AxpWpEPGXlOrRDHYgVziEpLdUNahAj
F53auNWvya+Vc2qZwM4NFt608LLf7J5yIA2vbsvf6+gVopPE3whXESKXo08B2hC1
f3Pr9/Tgt6oIvy9/dAcTMalxRyyc42E2wX5kyzDlfhY9kqaNNfaGMZJO5g//gB7B
dtrAfo/LhWtary/YfAOtbbnMYkf+HODAPZItaIjMZngBM0c0m78YoCetAQE8uBFK
6aXmht3BZGPOwgyZpK5QT6ClYst2N9ca3tPUEfnddotKySmCEk/JWtu5/0lFl75W
zHulc7iUNGJmnUffVZyH12CjBWsTtqombHDkdEKFocavqpVcCCbKbtW5GZhuZC65
mQGNBF+hSUIBDADStlWquV7SdREZtxXBVVzdCkV1xkeHYfo2Z244W0LTwmvpbO+o
6P5GCAW2c336qWElsMO9ujeV2nuUZy3k3AtJLx19iWC+ywYVzJ8f878XAxq0ya1V
BBnfsBc7iRI3umf2JSi+fHXf9l+rJ8Zr5AkLrUo3tQoxX8xWQIfUVY481nlkOvuM
txEI6h1t+z7PWjAJsdKKdevRPApPIBGXX0iGE/98ATsLYtvh9ln26j1SrSdtKpPk
tuYve3zkphlZAdf5ReViicik6gpEdyEfIxNab6nyV8LTbSeCHe+6/cz+AEqA+cr3
K3MwriaapPzNhRV8izzGnIWChIZptGBKH5nLivfIAB/hbOgU6tM+YgUKrpJCXXA1
My2q68o2kARJxh6s0tuuT6pFEAG9RmzS3ywrPz4PAgkwrJA1uUa9fy9ngkOnQN3C
EeVQTUU55b+6zVhW1Qq8PII6AGqj1lSY9jLpjxEr3q227OlTaxfgg19x5o9rcycc
AZlQqzL2p3Z7HZ0AEQEAAbQcSGUgTWFuIDxoZW1hbkBncmV5c2t1bGwuY29tPokB
1AQTAQgAPhYhBIYPcR68MZb6cOhv9wDz8yhlQWZrBQJfoUlCAhsDBQkDwmcABQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEADz8yhlQWZrD0YMAJp6WkrSzghIgrGm
EquhUPu4n8dnaGraGxu1Om9Z6HrUvphBvm/yZMlZxYbsQRvd8DUCuQD7fScBS12W
X3AYe001REfAbj0kDAdDQ0Z8sFCeCDSBJ9ulX07FzTHH0qROcSv6NONjGYVeTFic
L2W0rATygnFzzjjSGboMq1qA8u6/5JNM7MAxJcIS0Dr8Fhdwv8TwTJrVg6ZzJDHN
8OVAUkPaciQI5lDDP5+kOVqbZZ92Ua8byxKtNACCdSsWZr2OvYyjUz4JKMp5X6yH
bDQB3vlwRkRS7Voo3pUGsdLwiBWiryklSa++DIbBemrALFLc5YnLgfCV0frPOEqs
dDwWECRxwN4r+2DjY6TYCEEDfhM2Hm7MoMx/jM4uhI4KwPdOKmHsBPVBeXqBRXz3
2NMMZg6to0HRjDapR8AkbfdC5vjiuwnDA6llmxnVtx2oPX3g8RVOIw65f8KfWzWS
fzEqhoKTccsHMMza8J1ax6T6HXkqa/Tt/B/3d7nUzp53V3luG7kBjQRfoUlCAQwA
4rFxmKwr4RAoVEqhDDWl8ecd/KQXEg0iCpkkmED6mEpPE9qAi8ORNId66E+rveS1
SsbmbqVlrN9iHphtvYqvlwwb2IkgPaFpmVSqWrQ3yzEPrL5CLAWiiEq7M4ux7pue
YKcOmv3wQSta9eMgy9jaGUXrxFl4qotCevcEsLzkKC045OdVxkL++NFsiQUSfMYO
tgGKXuBh0ycI/pOb66lY186zPT0tR+QA18uzeCizEjhCZmPIlPHjN8NOEM7ZLU4U
QrLdSrm1quhO6DvGEoO5FulvGtp5hVHdJL5oB7svzNurXB3WVjdXCnRijoaCR07A
/X9JVZY2+kRxdl6ZkuLZxb5UE6usW7pTA5DKiuFG/w6CSGZA1Dv3+yoZnjN8KhnG
mIWmEJgvddWWoaJ3wFvSAGkYa3qBLX3noV3ZCm0c/r2LBcyFGyuyddEhg9wrqWU9
vM7W/4BkTqSJdeMRlS9FD803V9GqxAJBJ1KOSFt2s6b+ekYCI/d+Buso8GPp8eUH
ABEBAAGJAbwEGAEIACYWIQSGD3EevDGW+nDob/cA8/MoZUFmawUCX6FJQgIbDAUJ
A8JnAAAKCRAA8/MoZUFma/gCC/9xkH8EF1Ka3TUa1kiBdcII4dyoX7gs/dA/os0+
fLb/iZZcG+bJZcKLma7DRiyDGXYc7nG3uPvho7/cOCUUg5P/EG5z0CDXzLbmBrk2
WlRnREmK/5NTcisCyezRMXHOxpya4pmExVMqSPGA0QbKGwdHqfbHQv2OyI3PYBKv
lN+eu6e5SEbT76AQijj5RSPcgbko24/sSqJylD1lnRocQK1p4XelosBraty4wzYS
vQY9dRD4nafxPHI3YjKiAG0I7nJDQ0d1jDaW5FP0BkMvn51SmfGsuSg1s46h9JlG
RZvS0enjBb1Ic9oBmHAWGQhlD1hvILlqIZOCdj8oWVjwmpZ7BK3/82wOdVkUxy09
IdIot+AIH+F/LA3KKgfDmjldyhXjI/HDrpmXwSUkJOBHebNLz5t1EdauF+4DY5BH
MsgtyyiYJBzRGT5pgrXMt4yCqZP+0jZwKt1Ech/Q6djIKjt+9wOGe9UB1VrzRbOS
5ymseDJcjejtMxuCOuSTN9R5KuSZAY0EYK5/MAEMANv5p5ESG5VZ6qhbJ4aixB4P
KkOcUU+W61dS18QEyOnTmC37OGqjRMKZLpTlchFOwqKYRB6m+5noyZbOe/2aFIRg
U0d8mSvOhBKy3Dtg1vMxHyGGOpVP3Fq6ZJs6HEpch2KhmLzGT/Pg8XHEJ3xXXqhL
f6zr+fjR/Vo1rPiicHwBM2hGXeBCf5ufgU06lBYYQjzNerMVB265fAN8Entm5BiW
HSjy8ijCaXfFwmMuVHPTrydhFHnJfUxMImbFMLTbwSn8RwiLmGCydeoAwLB5gKcw
IB+37triVVLOI1Bz7iWEbiFBog7M1RyveI+zIYR3f89mL4B0ZK1fuecevfhv8zn0
sYC+2gwReLjPpSMwShgMp2b0YnzTPkIXASWPbxGBWKVrAO5+W7JyZ+ZFNjkH7U6r
q6A3fTESOA8SgYptkfCb371ZF6TzVhXsaGDA47tRhtIriuyAP8H4Kx7sANcPSj0M
a9QtiO8PkGkwbSN1GQUFMUVndQ2RvhRm0gszI9ADtwARAQABtExRdWVlbiBNYXJs
ZW5hIChTaGUgaXMgdGhlIHF1ZWVuIGFuZCBpcyB0cnVzdGVkKSA8cXVlZW5tYXJs
ZW5hQGdyZXlzY3VsbC5jb20+iQHOBBMBCAA4FiEEzOLh0tDjat4EBeLQmVuyGBYx
O9UFAmCufzACGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQmVuyGBYxO9Uu
pAv+OcbZje5rt30ILzdUV46Qw5WRmzVWXj/aj1+x2jYmLhjFqjMpq1ugm5vCk7c2
MtoVhDHr4L/pu2YhnmQVUEfEMHizDysp+SXnoOpAwpeMDJZgtwL9Q1xl19XjDT5a
iP4qAvW6HVvGmJQzLs02fG8/OjZgYys6DTFuOHC4+5ce/RvLCslLyQWccTPajvlp
8ebAhmabNlyLgXCkUNjE5azMVEXtdxC7S2UmP95HOv9P146WG1M6zn8WO3TTtM06
MEEewX1TfOR/UBfGfeTEVx2Bt1hcQyna5Kv6wxIWpKyeb0oCrAL5FTyIbZK/0V/l
ic6+DsJ+rKYYYWJ4u+mUzGmp2U6nLAyuGlepP9rni+rPF4ndrFMqSD9zdPgZ6TQ/
QgCwzqdNZrjfNWYEqGQU10/dO5O+pAXLhmosUM0cKThJ81JhbUN6L6Ku9zKx0Vvr
5kNcBg12TQ34COWvDFxBJBoDqZq5+Bw7+wD5vt7Qk4yAzYOvkus0PhTPXrMwZiB5
BCn+uQGNBGCufzABDAC3BkqAgN7KUoWjHd53M8FNLlkXlGzjpanp744XV5y99tCY
9Xy8c9mQus1hO3lQ4Mokksk7mGik2AmKAweYButeoVJkH9euSTB+5nrJjcXLFrup
pJ7IR0NfRIffnfcQ/u8MWvJkS3ls72DVpRs94FhqZIx+uSAZ2Psz5OgRG6+lVXYu
GAEAl4BueT7ZrRL8lzHzveZZrH9OYUvPbI7ZNkVPviIwLYLJAws9uOr+vmBoywzN
GPbSMnj6Zq1PzxcviWvcmTK2RbHkf0b6fSS41earoZOSXAxfJXtci7H2JS+qGvv5
xKokWeJVuIZtZOjN8GT+smsIJwI37NSH6JBS1VvDhaysG+js+j66uXDRtt/8Gm06
aFD5sgIACnFVH8XS1417zYtoUetFdxA6b8Xhwmow+1m8HP+I4k76eoYOBGyBRHyA
DjxFl1GBjFLl49FtYQpSGWa3KO73XrYI/ZzbgWoG5Rv6djPQXe+dGFEL2fkw7tmO
00WRDCXo77AnRQDCep0AEQEAAYkBtgQYAQgAIBYhBMzi4dLQ42reBAXi0JlbshgW
MTvVBQJgrn8wAhsMAAoJEJlbshgWMTvV+Y4L/3OXLfc9LnSBHqRwW03woGB81zB3
9jNnMjwDajmcAWFwfBYf9/bmEZfFuHeEajPw1qIYUWS2J59pD70zZSxvXk5KNN4p
PocqgHFKSfrjV+RXvsR35rSsa06Gt6Uq+KpAm1L/nnT0tsimJg+l9ITDQ7CUd9jt
l4CXc8I5keSLI7BH+GaPaBseltKrFIl1Z+1MsxQNoJPOp9KQiOQHqlOAmQs8zh5S
dMvEU/hVyQOFuePVr3YCMjQGhRVGVBQoPCGq4OU/heM6ZFJFmHhiLxxCHQwM3dJH
vbHA/f3nfFg5hqcAExwA2pXTA9GbW0tc5FP+RAMFWwOxgBNL1rkq3hDIXoWdHXqt
wrmUCpd63X87Wu9W9okPNefOhA5rQ5GB0Vy2L7al0JvA3LctjYu8kOX4jg8MZOqT
fYf8dS4KmtaRxm7Z0sI/RN4RVGD3nDIIVzgLQbV4vrJ4gpwf+XoOnlOgt+qloi3o
tcsel8kPSjR46rjpP4hCU4WyouZ6plMzvBGXAw==
=Mjei
-----END PGP PUBLIC KEY BLOCK-----
signature.asc: |
-----BEGIN PGP SIGNATURE-----
iQGzBAABCAAdFiEEzOLh0tDjat4EBeLQmVuyGBYxO9UFAmC4Be8ACgkQmVuyGBYx
O9W36Qv/amj4XpRAZfa5VAGKWWQq7RKtAsD7cIsygenG1BYUXFWSSQc4wnnbdmZF
vizM7j9ibWwhXIJuslA9oZaH2V+8Lt+69xUhN1EEKbYKZ45Amxm5Hi23Y9myUIFF
+uvgkayLHKIFH8vy5snVsll8QmmZvwPtu/+VuUWMHMeVqSbWQmAwz1+rwTAqGbbO
bVt2cqVYPO1HQWGzc6E2S4TDUR6HZUuSSDUDL17bejMEy0cFgySxBji5p9UQXmfN
7I82QdAB5wEuUE5zFr/GdvzBpbeAiLNz7rn0uhW5zbzZVMnaRfMmVl8fR7vgveXE
ILii5JYjJ0FJbO9xRoDhOlnqvMzfLCrHtwcnUd82b9iFvlt5NiiZQDrleIqvDC9S
ntY3ZrxhhaVh6qa59hJkEASzU06i120w+1hMc+6DU1e2DjwUCbEtWaDDG6iVdD2S
13QIXmo9EgCSVsrYRGv3k8LcdZFQQ2sypP1PvktFoqPz144nw8RIqLBUFS60mj5m
JBGF3FnI
=M69r
-----END PGP SIGNATURE-----
kind: ConfigMap
metadata:
creationTimestamp: null
name: pgp-meta-test
namespace: grassroots

View File

@ -0,0 +1,50 @@
apiVersion: v1
data:
trustedpublickey.asc: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGCufzABDADb+aeREhuVWeqoWyeGosQeDypDnFFPlutXUtfEBMjp05gt+zhq
o0TCmS6U5XIRTsKimEQepvuZ6MmWznv9mhSEYFNHfJkrzoQSstw7YNbzMR8hhjqV
T9xaumSbOhxKXIdioZi8xk/z4PFxxCd8V16oS3+s6/n40f1aNaz4onB8ATNoRl3g
Qn+bn4FNOpQWGEI8zXqzFQduuXwDfBJ7ZuQYlh0o8vIowml3xcJjLlRz068nYRR5
yX1MTCJmxTC028Ep/EcIi5hgsnXqAMCweYCnMCAft+7a4lVSziNQc+4lhG4hQaIO
zNUcr3iPsyGEd3/PZi+AdGStX7nnHr34b/M59LGAvtoMEXi4z6UjMEoYDKdm9GJ8
0z5CFwElj28RgVilawDufluycmfmRTY5B+1Oq6ugN30xEjgPEoGKbZHwm9+9WRek
81YV7GhgwOO7UYbSK4rsgD/B+Cse7ADXD0o9DGvULYjvD5BpMG0jdRkFBTFFZ3UN
kb4UZtILMyPQA7cAEQEAAbRMUXVlZW4gTWFybGVuYSAoU2hlIGlzIHRoZSBxdWVl
biBhbmQgaXMgdHJ1c3RlZCkgPHF1ZWVubWFybGVuYUBncmV5c2N1bGwuY29tPokB
zgQTAQgAOBYhBMzi4dLQ42reBAXi0JlbshgWMTvVBQJgrn8wAhsDBQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEJlbshgWMTvVLqQL/jnG2Y3ua7d9CC83VFeOkMOV
kZs1Vl4/2o9fsdo2Ji4YxaozKatboJubwpO3NjLaFYQx6+C/6btmIZ5kFVBHxDB4
sw8rKfkl56DqQMKXjAyWYLcC/UNcZdfV4w0+Woj+KgL1uh1bxpiUMy7NNnxvPzo2
YGMrOg0xbjhwuPuXHv0bywrJS8kFnHEz2o75afHmwIZmmzZci4FwpFDYxOWszFRF
7XcQu0tlJj/eRzr/T9eOlhtTOs5/Fjt007TNOjBBHsF9U3zkf1AXxn3kxFcdgbdY
XEMp2uSr+sMSFqSsnm9KAqwC+RU8iG2Sv9Ff5YnOvg7CfqymGGFieLvplMxpqdlO
pywMrhpXqT/a54vqzxeJ3axTKkg/c3T4Gek0P0IAsM6nTWa43zVmBKhkFNdP3TuT
vqQFy4ZqLFDNHCk4SfNSYW1Dei+irvcysdFb6+ZDXAYNdk0N+AjlrwxcQSQaA6ma
ufgcO/sA+b7e0JOMgM2Dr5LrND4Uz16zMGYgeQQp/rkBjQRgrn8wAQwAtwZKgIDe
ylKFox3edzPBTS5ZF5Rs46Wp6e+OF1ecvfbQmPV8vHPZkLrNYTt5UODKJJLJO5ho
pNgJigMHmAbrXqFSZB/XrkkwfuZ6yY3Fyxa7qaSeyEdDX0SH3533EP7vDFryZEt5
bO9g1aUbPeBYamSMfrkgGdj7M+ToERuvpVV2LhgBAJeAbnk+2a0S/Jcx873mWax/
TmFLz2yO2TZFT74iMC2CyQMLPbjq/r5gaMsMzRj20jJ4+matT88XL4lr3JkytkWx
5H9G+n0kuNXmq6GTklwMXyV7XIux9iUvqhr7+cSqJFniVbiGbWTozfBk/rJrCCcC
N+zUh+iQUtVbw4WsrBvo7Po+urlw0bbf/BptOmhQ+bICAApxVR/F0teNe82LaFHr
RXcQOm/F4cJqMPtZvBz/iOJO+nqGDgRsgUR8gA48RZdRgYxS5ePRbWEKUhlmtyju
9162CP2c24FqBuUb+nYz0F3vnRhRC9n5MO7ZjtNFkQwl6O+wJ0UAwnqdABEBAAGJ
AbYEGAEIACAWIQTM4uHS0ONq3gQF4tCZW7IYFjE71QUCYK5/MAIbDAAKCRCZW7IY
FjE71fmOC/9zly33PS50gR6kcFtN8KBgfNcwd/YzZzI8A2o5nAFhcHwWH/f25hGX
xbh3hGoz8NaiGFFktiefaQ+9M2Usb15OSjTeKT6HKoBxSkn641fkV77Ed+a0rGtO
hrelKviqQJtS/5509LbIpiYPpfSEw0OwlHfY7ZeAl3PCOZHkiyOwR/hmj2gbHpbS
qxSJdWftTLMUDaCTzqfSkIjkB6pTgJkLPM4eUnTLxFP4VckDhbnj1a92AjI0BoUV
RlQUKDwhquDlP4XjOmRSRZh4Yi8cQh0MDN3SR72xwP3953xYOYanABMcANqV0wPR
m1tLXORT/kQDBVsDsYATS9a5Kt4QyF6FnR16rcK5lAqXet1/O1rvVvaJDzXnzoQO
a0ORgdFcti+2pdCbwNy3LY2LvJDl+I4PDGTqk32H/HUuCprWkcZu2dLCP0TeEVRg
95wyCFc4C0G1eL6yeIKcH/l6Dp5ToLfqpaIt6LXLHpfJD0o0eOq46T+IQlOFsqLm
eqZTM7wRlwM=
=irpP
-----END PGP PUBLIC KEY BLOCK-----
kind: ConfigMap
metadata:
creationTimestamp: null
name: pgp-trusted-publickey
namespace: grassroots

View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: postgresql-conn-common
namespace: grassroots
data:
DATABASE_USER: grassroots
DATABASE_HOST: postgresql
DATABASE_PORT: "5432"
DATABASE_ENGINE: postgres
DATABASE_DRIVER: psycopg2
DATABASE_PASSWORD: tralala

View File

@ -0,0 +1,16 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: postgres-db-secrets
namespace: grassroots
spec:
encryptedData:
postgresql-password: AgAE+2sX6nGxEeSDEZ6oOShpGqyEi0p8A1QIUNl99WBU/Dg/djdEF2F36SLcw48c2sO47/1Z4Ry4I0qk12GhVv6MPBpQYm1O8Unj822DpT1PW25G1dyRuZZjIE2zuIRoX/4Xvt+5T3Zfhan5ORFsY2H2tj4+v+I+VKdmOOICeffDCb45NPShfR8yWHTlQyvlvlukQBpyiefBTme6EDWo2658ik8Z/CvwXK49w8y+H02wJ5RMavaAplZTi0K5VibM95AiyLEVgGdrtn+ibXFdeWDaZTOgmL4XHqREbWokLHioRsje0nvp6gYZhTjFr8BAgVudbfkmxHZr4Z0EkJsPibznVbVU/gjbTk2mNvrbzoDYbVONAz5YKdCSPlY3f8+a75GfDts+nLGyiNgq2+6zAMn6FkeIGQtqJCy54vqO24wpwGBVXv+ifdBN7n8ifF7/Erd2G1Zt2zz19AQPwo9rAwdM4d2xgCR4t6lxDax2vWMlNdX9f85W6Yn52x57CxCNjqOzlnB/BUF/MnCKlO1NjZwnlzSV40W68HKNdW4XGZL03HgEeZFsgIb92cSL+blp27fn/DnL1jiSZQiktwfHSwHPJb6lYpMysjB/ST/iRTnzlQ8dQcHl+HC35/dH9YL0hU5ZXx7Qh/cRzJDT9hpPaHFVmmuiKG9ZdBICm4BOavQ+vUyRaJqXkTPDO/7SNVUM6U54H7oy2UXCZCrG
postgresql-replication-password: AgB5QMqB/htvwFHOwONjwE+Iqvu0opAQ/Wa0oKWb1Lt7oXCRF7wJ2n1xmpNIjFib3gVfGUb/hIt0nBS//B8CDYmz/WiJvylSLdStZhC7gMo6OfK7XD1BubwM2oj4/31eepBRfPMD7OkPXtFcBYpcE7nOq3I1bbbYq3uGjO0vaCozawqKG0ytMpNgcRVHLhuKY8rcIrCiqyZ/Z7DUjG4J7+HtvpBAkC9MFL1t03nEABZocwsf5AF9xzqSJsyVfJq0pmwxYPsu/tZdaUhh2dk64YBgap0VL3Xz5EzMVsu+2PKizafwOXlsxEoeEbdaxcqduVwTl9xIr6p/b+MBVMbuzV8VrsBgDStCijrRFB3Yjep5MRZrumISJG/s9/V77A1lQ2zdPk6dWRbdneScuJhYyG85zZr+B0ThwDxO7eOsL70s0fsebeVh+TVWj/rUE1bT5QDw5nXaXxAj/qx+z/c/urh+X8wmR6ztVj2IhGT4rnxtBzdKGDtpnS4Zm0IJbCaz8fI6c0YJW6Sqmvmh7GmA0j6BARugOcpkM5U8GavKBcEDPPJWPvATpZ4NJLG9yL3fddDO1hGGd0rPvxOIG8iF6fVFJlGWES7Zv8VHEDtAcP26QDjrP/mKcaXr9V/RvtSXVcN/pNCxkiWOYicMeeJ1XqWwFHELcZreBCav0aEDO+vqRIsJWewbX/8ESsOO0GaB+werenNwRXHJeCe7
template:
metadata:
creationTimestamp: null
name: postgres-db-secrets
namespace: grassroots

View File

@ -0,0 +1,35 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: postgresql
namespace: grassroots
spec:
# The interval at which to reconcile the Helm release
interval: 10m
chart:
spec:
# The name of the chart as made available by the HelmRepository
# (without any aliases)
chart: postgresql
# A fixed SemVer, or any SemVer range
# (i.e. >=4.0.0 <5.0.0)
version: 10.3.17
# The reference to the HelmRepository
sourceRef:
kind: HelmRepository
name: bitnami
# Optional, defaults to the namespace of the HelmRelease
namespace: default
values:
image:
tag: 12.5.0
existingSecret: postgres-db-secrets
postgresqlDatabase: postgres
volumePermissions: # related to permissions error on file postgres/data when pod restart
enabled: true
initdbScriptsConfigMap: postgres-initdb-scipts
initdbUser: postgres
replication:
readReplicas: 0
metrics:
enabled: true

View File

@ -0,0 +1,21 @@
# https://kubernetes.io/docs/concepts/configuration/configmap/
kind: ConfigMap
apiVersion: v1
metadata:
name: postgres-initdb-scipts
namespace: grassroots
data:
create_db.sql: |
CREATE ROLE common_role;
CREATE USER grassroots WITH PASSWORD 'tralala' CREATEDB;
CREATE DATABASE "cic_cache";
CREATE DATABASE "cic_eth";
CREATE DATABASE "cic_notify";
CREATE DATABASE "cic_meta";
CREATE DATABASE "cic_signer";
CREATE DATABASE "cic_ussd";
CREATE DATABASE "cic_syncer";
GRANT ALL PRIVILEGES
ON DATABASE "cic_cache", "cic_eth", "cic_notify", "cic_meta", "cic_signer", "cic_ussd", "cic_syncer"
TO grassroots;

View File

@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIErTCCApWgAwIBAgIQQ/6gWxjyWjlUu/orGmbkkTANBgkqhkiG9w0BAQsFADAA
MB4XDTIxMDQxNjEzMzk1N1oXDTMxMDQxNDEzMzk1N1owADCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBALlHzjP+WopinMhSgNRMywms5IJ4u2UuY8k6YAnZ
dVeA9wBg+dPuhLqrOgfYSCPfwK+18ZaKpNw9qOUZBr/hRyWIQZrMc5rd6IMcm7aM
35Fxs5GPigMvp6GxBd/btfUxept/Ro1egwtl7U+6w4AfHrjOAqwnOgDib8U6wK9w
3+5BlhqPia3HmjE9XzvNp0SKl+C40xv6oGQ2RmU62ESN1uB5FL0+jbmhNZk/chhd
thhNQ9jo/QqROB/VeRh8LaX7MLzC2caI1fICXE4/4Mcr+rRnqr4dljKtQHobW5/4
lgH85XqeioFHpaB1cgKg0tgHAk6/UHNThy9aMaXjn/I1s5E8ZvwshWBWw7r14+Vt
dZaGzhw4RE0RQ8ubYQTiB0b+hXQhY4OdQnAm/yCkf9XODsuxJV9Dr+9coI7ftnyt
uU0JBBi6Jg9eZdkQjO3E7hyhVUyeer0LbE6W3BHTpz5ZZjp7aiCe94Q5BpqXBmU2
3JbYjasrGr/5F9YX7sCVdTkfe9I/NzeigAEgNKf+3nxMJB+bFsJ26kDFxREYOxni
NmDFwczZmUArowDaObh6yXAKz56s2bNJApzkKmKtdq7dpErz0XPOwyPzGoKeMO2p
8MUapopuCUVW20GR7YCmuTu/xBxfT3ocAS3u3kwYvwzYLeagpl+0Sh1q+6CZBAtK
jl6FAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwIAATAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQBYtcMUaxO5yX8fsn1LPm0CAZqTeI3xjkrHGDGXDQqv
9DHElHkjvWKjNem923hKBwbPdzhKbFQg2Dy93b6LeHj0cCOSQ21bvDrfpfBK3yit
AlvtuIIn4ktuIvegCDX/e9rxeIQPz3IhrKAnK36UpnMj8L+g2fz9+HYWowiGjx7n
lCik7ang8rtpbetU1BiXaLo58bJnbjoHxuVryTkSKiPiJ9nK+K2WP7IB+Uunr4c0
MlCoFrXCEfuShzW3lFRStfc4sazv2wv3utozukmrSWr9y5PXVPQxl8CUmTGG8Bnl
51RyaldiKRQ0J7LEMv+2fanDoOAZE8gjUVu0NqNahZwK3ya186AUCyUkoVVD7Wnv
R77SdeuVw0ULn4bpy9n4iXYzRXDha/q3Y2PP5yeBN1NhggxZ6Cyj8s9KeusVw5Oz
CueAczTlU3VUHI1VEtaacIon/5yuJRz4wW7opLbv1G8kh2v1zDtpWbbb2tnj3foq
Yt8UIeAkBIW4GPClM5A/Bzv2Gl3Gijp6dDF1Tim1w/6t4C/OBlEbzWII8wvdUTwn
NBKnmgsnErkSekYuNsGYl4Ua5gu05Bef4dQ7ShAkJcbXTKKPNdTyJmv4I99wRL1l
WaKawKjnMoO71c6lHuxt/D3p0jjdnsH4BAAMlUrIQ+Jlp+JHa/xcVjAMTvij14fT
Eg==
-----END CERTIFICATE-----

View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: redis-conn-common
namespace: grassroots
data:
CELERY_BROKER_URL: redis://redis-master
CELERY_RESULT_URL: redis://redis-master

View File

@ -0,0 +1,29 @@
# hhttps://github.com/bitnami/charts/tree/master/bitnami/redis
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: redis
namespace: grassroots
spec:
# The interval at which to reconcile the Helm release
interval: 10m
chart:
spec:
# The name of the chart as made available by the HelmRepository
# (without any aliases)
chart: redis
# A fixed SemVer, or any SemVer range
# (i.e. >=4.0.0 <5.0.0)
version: 12.8.3
# The reference to the HelmRepository
sourceRef:
kind: HelmRepository
name: bitnami
# Optional, defaults to the namespace of the HelmRelease
namespace: default
values:
cluster:
slaveCount: 0
usePassword: false
metrics:
enabled: true