kamikazechaser/cic-internal-integration
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: kamikazechaser:bvander/deploy-to-k8s-dev
Branches Tags
kamikazechaser:master kamikazechaser:cic-eth-server kamikazechaser:philip/translations-v1 kamikazechaser:sohail/help-menu-fix kamikazechaser:philip/ussd-poler kamikazechaser:philip/ussd-data-files kamikazechaser:philip/bump-test-coverage kamikazechaser:philip/cleanup-hardening kamikazechaser:lash/improve-cache kamikazechaser:sohail/contrib-docs kamikazechaser:sohail/alt-build kamikazechaser:lash/rules-of-engagement kamikazechaser:lash/bloxberg-seeding kamikazechaser:lash/token-checksum-address-fix kamikazechaser:sohail/nonce-order-fix kamikazechaser:willruddick-master-patch-65982 kamikazechaser:sohail/pip-url-fix kamikazechaser:philip/social-pin-recovery kamikazechaser:philip/multi-token-v1 kamikazechaser:revert-28936a58 kamikazechaser:152-revert-the-changes-to-the-new-code-of-conduct kamikazechaser:philip/token-meta kamikazechaser:lash/verify-cache kamikazechaser:lash/cic-cache-build kamikazechaser:lash/better-meta-logging kamikazechaser:lash/local-dev-improve kamikazechaser:lash/tmp-bloxberg-seeding kamikazechaser:lash/fix-docs kamikazechaser:lash/meta-immutable kamikazechaser:lash/split-migration kamikazechaser:feat/automation/add-semver kamikazechaser:lash/funga kamikazechaser:lash/api-choose-token kamikazechaser:lash/no-none-callbacks kamikazechaser:lash/update-aux-deps kamikazechaser:lash/gas-prefix kamikazechaser:philip/token-addition kamikazechaser:lash/build-migrations-again kamikazechaser:bvander/refactor-monorepo-deployment kamikazechaser:bvander/contract-migration-readyz kamikazechaser:lash/okota kamikazechaser:lash/more-case-case kamikazechaser:willruddick-master-patch-72638 kamikazechaser:sohail/ci-next kamikazechaser:lash/task-graphs kamikazechaser:lash/init-server kamikazechaser:lash/queue-recover kamikazechaser:lash/signer-missing-symbol kamikazechaser:lash/missing-env-vars kamikazechaser:lash/contract-migration-dump kamikazechaser:lash/import-handle-meta-dup kamikazechaser:lash/contract-migration-config kamikazechaser:bvander/one-service-auth kamikazechaser:lash/lockfix kamikazechaser:bvander/deploy-to-k8s-dev kamikazechaser:lash/normalize-backend-tx kamikazechaser:lash/upgrade-outer-tools kamikazechaser:lash/deploy-on-host kamikazechaser:lash/traffic-script-rehab kamikazechaser:lash/cic-eth-seeding-fix kamikazechaser:lash/verify-details kamikazechaser:lash/cic-eth-upgrade-more kamikazechaser:lash/signer-update kamikazechaser:bvander/swarm-traefik-checkpoint kamikazechaser:bvander/add-id-to-buildkit-cache kamikazechaser:bvander/integration-tests-on-docker kamikazechaser:lash/faucet-workaround kamikazechaser:lash/fix-configs kamikazechaser:lash/advanced-cache-queries kamikazechaser:lash/remove-cic-base kamikazechaser:bvander/easy-ussd-data-seeding kamikazechaser:bvander/liveness-probes kamikazechaser:bvander/build-script-changes kamikazechaser:bvander/user-balance-directory-retry kamikazechaser:lash/chainlib-nextgen kamikazechaser:lash/chaintool-alembic kamikazechaser:lash/migration-fix kamikazechaser:lash/fix-ussd-impotrs kamikazechaser:lash/dispatcher-leak kamikazechaser:pypi-deps-build kamikazechaser:lash/expand-tokens-in-list kamikazechaser:lash/eth-abi-exorcism kamikazechaser:lash/account-registry-filter-match kamikazechaser:lash/default-token-context kamikazechaser:bvander/cic-eth-base-image-and-testing kamikazechaser:lash/demurrage-task kamikazechaser:lash/explicit-token-type kamikazechaser:lash/free-api kamikazechaser:lash/new-sarafu-token kamikazechaser:bvander/flat-py-deps kamikazechaser:lash/traffic kamikazechaser:lash/improve-requirements kamikazechaser:philip/sms-cluster-issues kamikazechaser:lash/allowance kamikazechaser:lash/faucet-verif kamikazechaser:lash/fixture-move kamikazechaser:lash/move-to-chainlib-eth kamikazechaser:spencer/meta-multiple-hashes kamikazechaser:lash/downgrade-chainsyncer kamikazechaser:spencer/fix-import-scripts-build kamikazechaser:bvander/example-new-base-image-build kamikazechaser:lash/loglines kamikazechaser:philip/refactor-integration-tests kamikazechaser:lash/check-import-ussd kamikazechaser:lash/simple-compose kamikazechaser:no-host-mount-startup kamikazechaser:lash/tmp-check-chaintool kamikazechaser:lash/stale-import-deps kamikazechaser:lash/horse-cart kamikazechaser:philip/management-integration-tests kamikazechaser:lash/coveralls-that-coverall kamikazechaser:lash/update-imports-readme kamikazechaser:cic-eth-unittest kamikazechaser:lash/rehabilitate-tests-eth kamikazechaser:lash/rehabilitate-traffic-2 kamikazechaser:bvander/move-scripts-to-e2e-folder kamikazechaser:lash/update-contracts-in-migration-2 kamikazechaser:lash/cache-data-api kamikazechaser:philip/transaction-integration-tests kamikazechaser:lash/no-ussd-contamination kamikazechaser:philip/accounts-integration-tests kamikazechaser:lash/descriptive-documentation kamikazechaser:lash/decimals-in-api kamikazechaser:lash/scripts-stale-imports kamikazechaser:lash/custom-offset kamikazechaser:lash/upgrade-contracts-in-migration kamikazechaser:lash/catch-no-contract-crash kamikazechaser:philip/hardening-ussd-accounts kamikazechaser:lash/bump kamikazechaser:lash/cache-faucet kamikazechaser:philip/import-pins-script kamikazechaser:lash/celery-graphs kamikazechaser:lash/ci-for-scripts kamikazechaser:lash/chainlib-erc20-split kamikazechaser:lash/contract-interfaces kamikazechaser:contract-migration-include-data-scripts kamikazechaser:lash/cic-cache-tags kamikazechaser:lash/contracts-kill kamikazechaser:lash/right-token kamikazechaser:lash/rehabilitate-tests kamikazechaser:lash/get-registry-api kamikazechaser:lash/version-conflict kamikazechaser:lash/fix-chainlib-upgrade kamikazechaser:lash/default-token kamikazechaser:lash/emergency-shutdown-II kamikazechaser:lash/custom-meta kamikazechaser:lash/emergency-shutdown kamikazechaser:spencer/refactor-meta-library kamikazechaser:lash/simpler-token-selector kamikazechaser:tmp-simple-token-selector kamikazechaser:lash/ussd-final-steps kamikazechaser:lash/health-util kamikazechaser:philip/expect-scripts kamikazechaser:lash/settable-gas-price kamikazechaser:lash/cic-cache-syncer-backend-mixup kamikazechaser:philip/ussd-db-fixes kamikazechaser:philip/fix-filter-callbacks kamikazechaser:lash/chainlib-regression kamikazechaser:lash/improve-cic-cache-service kamikazechaser:tmp kamikazechaser:lash/update-syncer-imports kamikazechaser:lash/cache-tracker-history kamikazechaser:lash/rehabilitate-traffic kamikazechaser:lash/import-ussd kamikazechaser:lash/sovereign-script-fix kamikazechaser:lash/meta-index-phone kamikazechaser:lash/add-missing-state-file kamikazechaser:lash/external-notify-tasks kamikazechaser:lash/calculate-block-time kamikazechaser:lash/remove-stray-stat kamikazechaser:lash/4k kamikazechaser:lash/external-chain-queue kamikazechaser:lash/rehabilitate-cic-cache kamikazechaser:lash/rehabilitate-retrier kamikazechaser:lash/clean-sovereign-imports kamikazechaser:lash/import-scripts-typo kamikazechaser:lash/sovereign-import kamikazechaser:lash/connect-registry kamikazechaser:lash/migration-verify-faucet kamikazechaser:lash/cic-ussd-cic-eth-upgrade kamikazechaser:lash/add-omitted-tests kamikazechaser:lash/migration-last-gasp kamikazechaser:lash/new-contract-migration kamikazechaser:fix-cache-tasker kamikazechaser:bvander/fixes-to-contract-migration-deps kamikazechaser:spencer/cache-database-configs kamikazechaser:lash/cli-rehabilitations kamikazechaser:lash/browser-emulator-ussd kamikazechaser:lash/retry-on-signer-error kamikazechaser:lash/ussd-cli kamikazechaser:lash/cic-eth-upgrade kamikazechaser:lash/transfer-authorization kamikazechaser:lash/cic-cache-biiig-num kamikazechaser:lash/session-nonce-queue kamikazechaser:lash/fix-tx-list kamikazechaser:lash/refactor-syncer kamikazechaser:lash/fix-imports-again kamikazechaser:lash/import-scripts-refactor kamikazechaser:lash/audit-postgres-sessions kamikazechaser:bvander/cic-cache-build kamikazechaser:lash/new-transfer-request kamikazechaser:lash/admin-api-account-check kamikazechaser:lash/correct-db-names kamikazechaser:lash/rename-chainlib kamikazechaser:lash/schmigration kamikazechaser:lash/port-fixes kamikazechaser:bvander/cic-meta-docker-compose kamikazechaser:lash/cic-eth-create-cli-fixes kamikazechaser:cleanup-cic-eth kamikazechaser:remove-submodule-cic-ussd kamikazechaser:lash/some-vars kamikazechaser:lash/docker-compose
..
compare: kamikazechaser:bvander/one-service-auth
Branches Tags
kamikazechaser:cic-eth-server kamikazechaser:master kamikazechaser:philip/translations-v1 kamikazechaser:sohail/help-menu-fix kamikazechaser:philip/ussd-poler kamikazechaser:philip/ussd-data-files kamikazechaser:philip/bump-test-coverage kamikazechaser:philip/cleanup-hardening kamikazechaser:lash/improve-cache kamikazechaser:sohail/contrib-docs kamikazechaser:sohail/alt-build kamikazechaser:lash/rules-of-engagement kamikazechaser:lash/bloxberg-seeding kamikazechaser:lash/token-checksum-address-fix kamikazechaser:sohail/nonce-order-fix kamikazechaser:willruddick-master-patch-65982 kamikazechaser:sohail/pip-url-fix kamikazechaser:philip/social-pin-recovery kamikazechaser:philip/multi-token-v1 kamikazechaser:revert-28936a58 kamikazechaser:152-revert-the-changes-to-the-new-code-of-conduct kamikazechaser:philip/token-meta kamikazechaser:lash/verify-cache kamikazechaser:lash/cic-cache-build kamikazechaser:lash/better-meta-logging kamikazechaser:lash/local-dev-improve kamikazechaser:lash/tmp-bloxberg-seeding kamikazechaser:lash/fix-docs kamikazechaser:lash/meta-immutable kamikazechaser:lash/split-migration kamikazechaser:feat/automation/add-semver kamikazechaser:lash/funga kamikazechaser:lash/api-choose-token kamikazechaser:lash/no-none-callbacks kamikazechaser:lash/update-aux-deps kamikazechaser:lash/gas-prefix kamikazechaser:philip/token-addition kamikazechaser:lash/build-migrations-again kamikazechaser:bvander/refactor-monorepo-deployment kamikazechaser:bvander/contract-migration-readyz kamikazechaser:lash/okota kamikazechaser:lash/more-case-case kamikazechaser:willruddick-master-patch-72638 kamikazechaser:sohail/ci-next kamikazechaser:lash/task-graphs kamikazechaser:lash/init-server kamikazechaser:lash/queue-recover kamikazechaser:lash/signer-missing-symbol kamikazechaser:lash/missing-env-vars kamikazechaser:lash/contract-migration-dump kamikazechaser:lash/import-handle-meta-dup kamikazechaser:lash/contract-migration-config kamikazechaser:bvander/one-service-auth kamikazechaser:lash/lockfix kamikazechaser:bvander/deploy-to-k8s-dev kamikazechaser:lash/normalize-backend-tx kamikazechaser:lash/upgrade-outer-tools kamikazechaser:lash/deploy-on-host kamikazechaser:lash/traffic-script-rehab kamikazechaser:lash/cic-eth-seeding-fix kamikazechaser:lash/verify-details kamikazechaser:lash/cic-eth-upgrade-more kamikazechaser:lash/signer-update kamikazechaser:bvander/swarm-traefik-checkpoint kamikazechaser:bvander/add-id-to-buildkit-cache kamikazechaser:bvander/integration-tests-on-docker kamikazechaser:lash/faucet-workaround kamikazechaser:lash/fix-configs kamikazechaser:lash/advanced-cache-queries kamikazechaser:lash/remove-cic-base kamikazechaser:bvander/easy-ussd-data-seeding kamikazechaser:bvander/liveness-probes kamikazechaser:bvander/build-script-changes kamikazechaser:bvander/user-balance-directory-retry kamikazechaser:lash/chainlib-nextgen kamikazechaser:lash/chaintool-alembic kamikazechaser:lash/migration-fix kamikazechaser:lash/fix-ussd-impotrs kamikazechaser:lash/dispatcher-leak kamikazechaser:pypi-deps-build kamikazechaser:lash/expand-tokens-in-list kamikazechaser:lash/eth-abi-exorcism kamikazechaser:lash/account-registry-filter-match kamikazechaser:lash/default-token-context kamikazechaser:bvander/cic-eth-base-image-and-testing kamikazechaser:lash/demurrage-task kamikazechaser:lash/explicit-token-type kamikazechaser:lash/free-api kamikazechaser:lash/new-sarafu-token kamikazechaser:bvander/flat-py-deps kamikazechaser:lash/traffic kamikazechaser:lash/improve-requirements kamikazechaser:philip/sms-cluster-issues kamikazechaser:lash/allowance kamikazechaser:lash/faucet-verif kamikazechaser:lash/fixture-move kamikazechaser:lash/move-to-chainlib-eth kamikazechaser:spencer/meta-multiple-hashes kamikazechaser:lash/downgrade-chainsyncer kamikazechaser:spencer/fix-import-scripts-build kamikazechaser:bvander/example-new-base-image-build kamikazechaser:lash/loglines kamikazechaser:philip/refactor-integration-tests kamikazechaser:lash/check-import-ussd kamikazechaser:lash/simple-compose kamikazechaser:no-host-mount-startup kamikazechaser:lash/tmp-check-chaintool kamikazechaser:lash/stale-import-deps kamikazechaser:lash/horse-cart kamikazechaser:philip/management-integration-tests kamikazechaser:lash/coveralls-that-coverall kamikazechaser:lash/update-imports-readme kamikazechaser:cic-eth-unittest kamikazechaser:lash/rehabilitate-tests-eth kamikazechaser:lash/rehabilitate-traffic-2 kamikazechaser:bvander/move-scripts-to-e2e-folder kamikazechaser:lash/update-contracts-in-migration-2 kamikazechaser:lash/cache-data-api kamikazechaser:philip/transaction-integration-tests kamikazechaser:lash/no-ussd-contamination kamikazechaser:philip/accounts-integration-tests kamikazechaser:lash/descriptive-documentation kamikazechaser:lash/decimals-in-api kamikazechaser:lash/scripts-stale-imports kamikazechaser:lash/custom-offset kamikazechaser:lash/upgrade-contracts-in-migration kamikazechaser:lash/catch-no-contract-crash kamikazechaser:philip/hardening-ussd-accounts kamikazechaser:lash/bump kamikazechaser:lash/cache-faucet kamikazechaser:philip/import-pins-script kamikazechaser:lash/celery-graphs kamikazechaser:lash/ci-for-scripts kamikazechaser:lash/chainlib-erc20-split kamikazechaser:lash/contract-interfaces kamikazechaser:contract-migration-include-data-scripts kamikazechaser:lash/cic-cache-tags kamikazechaser:lash/contracts-kill kamikazechaser:lash/right-token kamikazechaser:lash/rehabilitate-tests kamikazechaser:lash/get-registry-api kamikazechaser:lash/version-conflict kamikazechaser:lash/fix-chainlib-upgrade kamikazechaser:lash/default-token kamikazechaser:lash/emergency-shutdown-II kamikazechaser:lash/custom-meta kamikazechaser:lash/emergency-shutdown kamikazechaser:spencer/refactor-meta-library kamikazechaser:lash/simpler-token-selector kamikazechaser:tmp-simple-token-selector kamikazechaser:lash/ussd-final-steps kamikazechaser:lash/health-util kamikazechaser:philip/expect-scripts kamikazechaser:lash/settable-gas-price kamikazechaser:lash/cic-cache-syncer-backend-mixup kamikazechaser:philip/ussd-db-fixes kamikazechaser:philip/fix-filter-callbacks kamikazechaser:lash/chainlib-regression kamikazechaser:lash/improve-cic-cache-service kamikazechaser:tmp kamikazechaser:lash/update-syncer-imports kamikazechaser:lash/cache-tracker-history kamikazechaser:lash/rehabilitate-traffic kamikazechaser:lash/import-ussd kamikazechaser:lash/sovereign-script-fix kamikazechaser:lash/meta-index-phone kamikazechaser:lash/add-missing-state-file kamikazechaser:lash/external-notify-tasks kamikazechaser:lash/calculate-block-time kamikazechaser:lash/remove-stray-stat kamikazechaser:lash/4k kamikazechaser:lash/external-chain-queue kamikazechaser:lash/rehabilitate-cic-cache kamikazechaser:lash/rehabilitate-retrier kamikazechaser:lash/clean-sovereign-imports kamikazechaser:lash/import-scripts-typo kamikazechaser:lash/sovereign-import kamikazechaser:lash/connect-registry kamikazechaser:lash/migration-verify-faucet kamikazechaser:lash/cic-ussd-cic-eth-upgrade kamikazechaser:lash/add-omitted-tests kamikazechaser:lash/migration-last-gasp kamikazechaser:lash/new-contract-migration kamikazechaser:fix-cache-tasker kamikazechaser:bvander/fixes-to-contract-migration-deps kamikazechaser:spencer/cache-database-configs kamikazechaser:lash/cli-rehabilitations kamikazechaser:lash/browser-emulator-ussd kamikazechaser:lash/retry-on-signer-error kamikazechaser:lash/ussd-cli kamikazechaser:lash/cic-eth-upgrade kamikazechaser:lash/transfer-authorization kamikazechaser:lash/cic-cache-biiig-num kamikazechaser:lash/session-nonce-queue kamikazechaser:lash/fix-tx-list kamikazechaser:lash/refactor-syncer kamikazechaser:lash/fix-imports-again kamikazechaser:lash/import-scripts-refactor kamikazechaser:lash/audit-postgres-sessions kamikazechaser:bvander/cic-cache-build kamikazechaser:lash/new-transfer-request kamikazechaser:lash/admin-api-account-check kamikazechaser:lash/correct-db-names kamikazechaser:lash/rename-chainlib kamikazechaser:lash/schmigration kamikazechaser:lash/port-fixes kamikazechaser:bvander/cic-meta-docker-compose kamikazechaser:lash/cic-eth-create-cli-fixes kamikazechaser:cleanup-cic-eth kamikazechaser:remove-submodule-cic-ussd kamikazechaser:lash/some-vars kamikazechaser:lash/docker-compose

9 Commits
bvander/de ... bvander/on

Author SHA1 Message Date
Blair Vanderlugt
a87238010d checkpoint 2021-09-01 17:50:20 -07:00
Blair Vanderlugt
e76fb9fb10 checkpoint 2021-08-31 11:36:22 -07:00
Blair Vanderlugt
da98b22ad1 init 2021-08-30 13:47:25 -07:00
Blair Vanderlugt
eb5e612105 minor update to import_ussd script 2021-08-30 11:09:47 -07:00
Blair Vanderlugt
e017d11770 update readme 2021-08-30 10:14:22 -07:00
Philip Wafula
e327af68e1 Merge branch 'philip/refactor-import-scripts' into 'master' 
Consolidated ussd dataseeding script

See merge request grassrootseconomics/cic-internal-integration!252
 2021-08-29 09:55:47 +00:00
Philip Wafula
92cc6a3f27 Consolidated ussd dataseeding script 2021-08-29 09:55:47 +00:00
Philip Wafula
f42bf7754a Merge branch 'lash/lockfix' into 'master' 
Normalize initial INIT lock address

See merge request grassrootseconomics/cic-internal-integration!260
 2021-08-29 09:07:46 +00:00
nolash
7342927e91 Normalize initial INIT lock address 2021-08-29 10:43:12 +02:00
70 changed files with 615 additions and 4326 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -14,4 +14,3 @@ build/
**/.venv
.idea
**/.vim
**/*secret.yaml

39
.gitlab-ci.yml
View File

@@ -20,48 +20,17 @@ variables:
DOCKER_BUILDKIT: "1"
COMPOSE_DOCKER_CLI_BUILD: "1"
CI_DEBUG_TRACE: "true"
TAG: $CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
# runs on protected branches and pushes to repo
build-push:
stage: build
tags:
- integration
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
script:
- TAG=$TAG sh ./scripts/build-push.sh
- TAG=$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA sh ./scripts/build-push.sh
rules:
- if: $CI_COMMIT_REF_PROTECTED == "true"
when: always
deploy-k8s-dev:
stage: deploy
image: line/kubectl-kustomize
variables:
CI_DEBUG_TRACE: "true"
script:
- kubectl config set-cluster k8s --server="${K8S_DEV_SERVER?dev server missing}"
- kubectl config set clusters.k8s.certificate-authority-data ${K8S_DEV_CERTIFICATE_AUTHORITY_DATA}
- kubectl config set-credentials gitlab --token="${K8S_DEV_USER_TOKEN}"
- kubectl config set-context grassroots --cluster=k8s --user=gitlab --namespace grassroots
- kubectl config use-context grassroots
#- sed -i "s/<VERSION>/${CI_COMMIT_SHORT_SHA}/g" deployment.yaml
#- kubectl apply -f deployment.yaml
- echo "Wiping state..."
- kubectl delete jobs.batch --all
- kubectl delete hr postgresql && kubectl delete pvc -l 'app.kubernetes.io/name=postgresql'
- kubectl delete sts,pvc -l 'app=bloxberg-validator'
- kubectl delete hr redis && kubectl delete pvc -l 'app=redis'
- kubectl apply -f kubernetes/eth-node/ -f kubernetes/postgresql/ -f kubernetes/redis/
- echo "deploy and run database migrations..."
# set image based on deploy tag
- bash ./scripts/set-image.sh
- kubectl apply -f .
- echo "run contract migrations..."
- kubectl apply -f kubernetes/contract-migration/contract-migration-job.yaml
rules:
- if: $CI_COMMIT_REF_PROTECTED == "true"
when: always

25
README.md
View File

@@ -2,25 +2,21 @@
## Getting started
## Make some keys
This repo uses docker-compose and docker buildkit. Set the following environment variables to get started:
```
docker build -t bloxie . && docker run -v "$(pwd)/keys:/root/keys" --rm -it -t bloxie account new --chain /root/bloxberg.json --keys-path /root/keys
export COMPOSE_DOCKER_CLI_BUILD=1
export DOCKER_BUILDKIT=1
```
### Prepare the repo
This is stuff we need to put in makefile but for now...
File mounts and permisssions need to be set
start services, database, redis and local ethereum node
```
chmod -R 755 scripts/initdb apps/cic-meta/scripts/initdb
````
start cluster
docker-compose up -d
```
docker-compose up
Run app/contract-migration to deploy contracts
```
RUN_MASK=3 docker-compose up contract-migration
```
stop cluster
@@ -28,7 +24,7 @@ stop cluster
docker-compose down
```
delete data
stop cluster and delete data
```
docker-compose down -v
```
@@ -38,5 +34,4 @@ rebuild an images
docker-compose up --build <service_name>
```
Deployment variables are writtend to service-configs/.env after everthing is up.

4
apps/cic-eth/cic_eth/db/migrations/default/versions/75d4767b3031_lock.py
View File

@@ -8,8 +8,8 @@ Create Date: 2021-04-02 18:41:20.864265
import datetime
from alembic import op
import sqlalchemy as sa
from chainlib.eth.constant import ZERO_ADDRESS
from cic_eth.db.enum import LockEnum
from cic_eth.encode import ZERO_ADDRESS_NORMAL
# revision identifiers, used by Alembic.
@@ -30,7 +30,7 @@ def upgrade():
sa.Column("otx_id", sa.Integer, sa.ForeignKey('otx.id'), nullable=True),
)
op.create_index('idx_chain_address', 'lock', ['blockchain', 'address'], unique=True)
op.execute("INSERT INTO lock (address, date_created, blockchain, flags) VALUES('{}', '{}', '::', {})".format(ZERO_ADDRESS, datetime.datetime.utcnow(), LockEnum.INIT | LockEnum.SEND | LockEnum.QUEUE))
op.execute("INSERT INTO lock (address, date_created, blockchain, flags) VALUES('{}', '{}', '::', {})".format(ZERO_ADDRESS_NORMAL, datetime.datetime.utcnow(), LockEnum.INIT | LockEnum.SEND | LockEnum.QUEUE))
def downgrade():

3
apps/cic-meta/docker/Dockerfile
View File

@@ -29,4 +29,7 @@ RUN chmod 755 ./db.sh
RUN alias tsc=node_modules/typescript/bin/tsc
COPY docker/start_server.sh ./start_server.sh
RUN chmod 755 ./start_server.sh
EXPOSE 8000
ENTRYPOINT ["sh", "./start_server.sh"]

6
apps/cic-notify/cic_notify/tasks/sms/db.py
View File

@@ -11,12 +11,12 @@ celery_app = celery.current_app
@celery_app.task
def persist_notification(recipient, message):
def persist_notification(message, recipient):
"""
:param recipient:
:type recipient:
:param message:
:type message:
:param recipient:
:type recipient:
:return:
:rtype:
"""

7
apps/cic-notify/cic_notify/tasks/sms/log.py
View File

@@ -11,12 +11,13 @@ local_logg = logging.getLogger(__name__)
@celery_app.task
def log(recipient, message):
def log(message, recipient):
"""
:param recipient:
:type recipient:
:param message:
:type message:
:param recipient:
:type recipient:
:return:
:rtype:
"""

11
apps/cic-ussd/cic_ussd/account/transaction.py
View File

@@ -1,5 +1,6 @@
# standard import
import decimal
import json
import logging
from typing import Dict, Tuple
@@ -8,6 +9,8 @@ from cic_eth.api import Api
from sqlalchemy.orm.session import Session
# local import
from cic_ussd.account.chain import Chain
from cic_ussd.account.tokens import get_cached_default_token
from cic_ussd.db.models.account import Account
from cic_ussd.db.models.base import SessionBase
from cic_ussd.error import UnknownUssdRecipient
@@ -59,7 +62,9 @@ def from_wei(value: int) -> float:
:return: SRF equivalent of value in Wei
:rtype: float
"""
value = float(value) / 1e+6
cached_token_data = json.loads(get_cached_default_token(Chain.spec.__str__()))
token_decimals: int = cached_token_data.get('decimals')
value = float(value) / (10**token_decimals)
return truncate(value=value, decimals=2)
@@ -70,7 +75,9 @@ def to_wei(value: int) -> int:
:return: Wei equivalent of value in SRF
:rtype: int
"""
return int(value * 1e+6)
cached_token_data = json.loads(get_cached_default_token(Chain.spec.__str__()))
token_decimals: int = cached_token_data.get('decimals')
return int(value * (10**token_decimals))
def truncate(value: float, decimals: int):

2
apps/cic-ussd/cic_ussd/metadata/base.py
View File

@@ -44,7 +44,7 @@ class MetadataRequestsHandler(Metadata):
def create(self, data: Union[Dict, str]):
""""""
data = json.dumps(data)
data = json.dumps(data).encode('utf-8')
result = make_request(method='POST', url=self.url, data=data, headers=self.headers)
error_handler(result=result)

2
apps/cic-ussd/cic_ussd/session/ussd_session.py
View File

@@ -146,7 +146,7 @@ def create_ussd_session(
)
def update_ussd_session(ussd_session: UssdSession,
def update_ussd_session(ussd_session: DbUssdSession,
user_input: str,
state: str,
data: Optional[dict] = None) -> UssdSession:

14
apps/cic-ussd/cic_ussd/tasks/callback_handler.py
View File

@@ -138,26 +138,14 @@ def transaction_balances_callback(self, result: list, param: dict, status_code:
balances_data = result[0]
available_balance = calculate_available_balance(balances_data)
transaction = param
blockchain_address = transaction.get('blockchain_address')
transaction['available_balance'] = available_balance
queue = self.request.delivery_info.get('routing_key')
s_preferences_metadata = celery.signature(
'cic_ussd.tasks.metadata.query_preferences_metadata', [blockchain_address], queue=queue
)
s_process_account_metadata = celery.signature(
'cic_ussd.tasks.processor.parse_transaction', [transaction], queue=queue
)
s_notify_account = celery.signature('cic_ussd.tasks.notifications.transaction', queue=queue)
if transaction.get('transaction_type') == 'transfer':
celery.chain(s_preferences_metadata, s_process_account_metadata, s_notify_account).apply_async()
if transaction.get('transaction_type') == 'tokengift':
s_process_account_metadata = celery.signature(
'cic_ussd.tasks.processor.parse_transaction', [{}, transaction], queue=queue
)
celery.chain(s_process_account_metadata, s_notify_account).apply_async()
celery.chain(s_process_account_metadata, s_notify_account).apply_async()
@celery_app.task

9
apps/cic-ussd/cic_ussd/tasks/processor.py
View File

@@ -8,6 +8,7 @@ import i18n
from chainlib.hash import strip_0x
# local imports
from cic_ussd.account.metadata import get_cached_preferred_language
from cic_ussd.account.statement import get_cached_statement
from cic_ussd.account.transaction import aux_transaction_data, validate_transaction_account
from cic_ussd.cache import cache_data, cache_data_key
@@ -58,19 +59,17 @@ def cache_statement(parsed_transaction: dict, querying_party: str):
@celery_app.task
def parse_transaction(preferences: dict, transaction: dict) -> dict:
def parse_transaction(transaction: dict) -> dict:
"""This function parses transaction objects and collates all relevant data for system use i.e:
- An account's set preferred language.
- Account identifier that facilitates notification.
- Contextual tags i.e action and direction tags.
:param preferences: An account's set preferences.
:type preferences: dict
:param transaction: Transaction object.
:type transaction: dict
:return: Transaction object with contextual data for use in the system.
:rtype: dict
"""
preferred_language = preferences.get('preferred_language')
preferred_language = get_cached_preferred_language(transaction.get('blockchain_address'))
if not preferred_language:
preferred_language = i18n.config.get('fallback')
transaction['preferred_language'] = preferred_language
@@ -83,6 +82,8 @@ def parse_transaction(preferences: dict, transaction: dict) -> dict:
alt_account = session.query(Account).filter_by(blockchain_address=alt_blockchain_address).first()
if alt_account:
transaction['alt_metadata_id'] = alt_account.standard_metadata_id()
else:
transaction['alt_metadata_id'] = 'GRASSROOTS ECONOMICS'
transaction['metadata_id'] = account.standard_metadata_id()
transaction['phone_number'] = account.phone_number
session.close()

194
apps/data-seeding/cic_ussd/import_balance.py
View File

@@ -1,64 +1,61 @@
# standard imports
import argparse
import logging
import sys
import os
import sys
# external imports
import celery
import confini
import redis
from chainlib.chain import ChainSpec
from chainlib.eth.address import to_checksum_address
from chainlib.eth.connection import EthHTTPConnection
from confini import Config
from crypto_dev_signer.eth.signer import ReferenceSigner as EIP155Signer
from crypto_dev_signer.keystore.dict import DictKeystore
# local imports
from import_task import ImportTask, MetadataTask
from import_util import BalanceProcessor, get_celery_worker_status
from import_task import ImportTask, MetadataTask
logging.basicConfig(level=logging.WARNING)
default_config_dir = './config'
logg = logging.getLogger()
config_dir = './config'
arg_parser = argparse.ArgumentParser(description='Daemon worker that handles data seeding tasks.')
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config root to use.')
arg_parser.add_argument('--env-prefix',
default=os.environ.get('CONFINI_ENV_PREFIX'),
dest='env_prefix',
type=str,
help='environment prefix for variables to overwrite configuration.')
arg_parser.add_argument('--head', action='store_true', help='start at current block height (overrides --offset)')
arg_parser.add_argument('-i', '--chain-spec', type=str, dest='i', help='chain spec')
arg_parser.add_argument('--include-balances', dest='include_balances', help='include opening balance transactions',
action='store_true')
arg_parser.add_argument('--meta-host', dest='meta_host', type=str, help='metadata server host')
arg_parser.add_argument('--meta-port', dest='meta_port', type=int, help='metadata server host')
arg_parser.add_argument('-p', '--provider', dest='p', type=str, help='chain rpc provider address')
arg_parser.add_argument('-q', type=str, default='cic-import-ussd', help='celery queue to submit data seeding tasks to.')
arg_parser.add_argument('-r', '--registry-address', type=str, dest='r', help='CIC Registry address')
arg_parser.add_argument('--redis-db', dest='redis_db', type=int, help='redis db to use for task submission and callback')
arg_parser.add_argument('--redis-host', dest='redis_host', type=str, help='redis host to use for task submission')
arg_parser.add_argument('--redis-port', dest='redis_port', type=int, help='redis host to use for task submission')
arg_parser.add_argument('--token-symbol', default='GFT', type=str, dest='token_symbol',
help='Token symbol to use for transactions')
arg_parser.add_argument('-v', help='be verbose', action='store_true')
arg_parser.add_argument('-vv', help='be more verbose', action='store_true')
arg_parser.add_argument('-y', '--key-file', dest='y', type=str, help='Ethereum keystore file to use for signing')
arg_parser.add_argument('--offset', type=int, default=0, help='block offset to start syncer from')
arg_parser.add_argument('--old-chain-spec', type=str, dest='old_chain_spec', default='evm:oldchain:1',
help='chain spec')
arg_parser.add_argument('import_dir', default='out', type=str, help='user export directory')
args = arg_parser.parse_args()
argparser = argparse.ArgumentParser(description='daemon that monitors transactions in new blocks')
argparser.add_argument('-p', '--provider', dest='p', type=str, help='chain rpc provider address')
argparser.add_argument('-y', '--key-file', dest='y', type=str, help='Ethereum keystore file to use for signing')
argparser.add_argument('-c', type=str, default=config_dir, help='config root to use')
argparser.add_argument('--old-chain-spec', type=str, dest='old_chain_spec', default='evm:oldchain:1', help='chain spec')
argparser.add_argument('-i', '--chain-spec', type=str, dest='i', help='chain spec')
argparser.add_argument('-r', '--registry-address', type=str, dest='r', help='CIC Registry address')
argparser.add_argument('--meta-host', dest='meta_host', type=str, help='metadata server host')
argparser.add_argument('--meta-port', dest='meta_port', type=int, help='metadata server host')
argparser.add_argument('--redis-host', dest='redis_host', type=str, help='redis host to use for task submission')
argparser.add_argument('--redis-port', dest='redis_port', type=int, help='redis host to use for task submission')
argparser.add_argument('--redis-db', dest='redis_db', type=int, help='redis db to use for task submission and callback')
argparser.add_argument('--token-symbol', default='GFT', type=str, dest='token_symbol',
help='Token symbol to use for transactions')
argparser.add_argument('--head', action='store_true', help='start at current block height (overrides --offset)')
argparser.add_argument('--env-prefix', default=os.environ.get('CONFINI_ENV_PREFIX'), dest='env_prefix', type=str,
help='environment prefix for variables to overwrite configuration')
argparser.add_argument('-q', type=str, default='cic-import-ussd', help='celery queue to submit transaction tasks to')
argparser.add_argument('--offset', type=int, default=0, help='block offset to start syncer from')
argparser.add_argument('-v', help='be verbose', action='store_true')
argparser.add_argument('-vv', help='be more verbose', action='store_true')
argparser.add_argument('user_dir', default='out', type=str, help='user export directory')
args = argparser.parse_args(sys.argv[1:])
if args.v:
if args.vv:
logging.getLogger().setLevel(logging.DEBUG)
elif args.v:
logging.getLogger().setLevel(logging.INFO)
elif args.vv:
logging.getLogger().setLevel(logging.DEBUG)
config_dir = os.path.join(args.c)
os.makedirs(config_dir, 0o777, True)
config = confini.Config(config_dir, args.env_prefix)
config = Config(args.c, args.env_prefix)
config.process()
# override args
args_override = {
'CIC_CHAIN_SPEC': getattr(args, 'i'),
'ETH_PROVIDER': getattr(args, 'p'),
@@ -73,88 +70,76 @@ args_override = {
config.dict_override(args_override, 'cli flag')
config.censor('PASSWORD', 'DATABASE')
config.censor('PASSWORD', 'SSL')
logg.debug('config loaded from {}:\n{}'.format(config_dir, config))
logg.debug(f'config loaded from {args.c}:\n{config}')
redis_host = config.get('REDIS_HOST')
redis_port = config.get('REDIS_PORT')
redis_db = config.get('REDIS_DB')
r = redis.Redis(redis_host, redis_port, redis_db)
db_config = {
'database': config.get('DATABASE_NAME'),
'host': config.get('DATABASE_HOST'),
'port': config.get('DATABASE_PORT'),
'user': config.get('DATABASE_USER'),
'password': config.get('DATABASE_PASSWORD')
}
ImportTask.db_config = db_config
# create celery apps
celery_app = celery.Celery(backend=config.get('CELERY_RESULT_URL'), broker=config.get('CELERY_BROKER_URL'))
status = get_celery_worker_status(celery_app=celery_app)
signer_address = None
keystore = DictKeystore()
if args.y is not None:
logg.debug('loading keystore file {}'.format(args.y))
signer_address = keystore.import_keystore_file(args.y)
logg.debug('now have key for signer address {}'.format(signer_address))
# define signer
os.path.isfile(args.y)
logg.debug(f'loading keystore file {args.y}')
signer_address = keystore.import_keystore_file(args.y)
logg.debug(f'now have key for signer address {signer_address}')
signer = EIP155Signer(keystore)
queue = args.q
chain_str = config.get('CIC_CHAIN_SPEC')
block_offset = 0
if args.head:
block_offset = -1
else:
block_offset = args.offset
block_offset = -1 if args.head else args.offset
chain_str = config.get('CIC_CHAIN_SPEC')
chain_spec = ChainSpec.from_chain_str(chain_str)
ImportTask.chain_spec = chain_spec
old_chain_spec_str = args.old_chain_spec
old_chain_spec = ChainSpec.from_chain_str(old_chain_spec_str)
user_dir = args.user_dir # user_out_dir from import_users.py
token_symbol = args.token_symbol
MetadataTask.meta_host = config.get('META_HOST')
MetadataTask.meta_port = config.get('META_PORT')
ImportTask.chain_spec = chain_spec
txs_dir = os.path.join(args.import_dir, 'txs')
os.makedirs(txs_dir, exist_ok=True)
sys.stdout.write(f'created txs dir: {txs_dir}')
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
get_celery_worker_status(celery_app)
def main():
conn = EthHTTPConnection(config.get('ETH_PROVIDER'))
ImportTask.balance_processor = BalanceProcessor(conn, chain_spec, config.get('CIC_REGISTRY_ADDRESS'),
signer_address, signer)
ImportTask.balance_processor.init(token_symbol)
# TODO get decimals from token
ImportTask.balance_processor = BalanceProcessor(conn,
chain_spec,
config.get('CIC_REGISTRY_ADDRESS'),
signer_address,
signer)
ImportTask.balance_processor.init(args.token_symbol)
balances = {}
f = open('{}/balances.csv'.format(user_dir, 'r'))
remove_zeros = 10 ** 6
i = 0
while True:
l = f.readline()
if l is None:
break
r = l.split(',')
try:
address = to_checksum_address(r[0])
sys.stdout.write('loading balance {} {} {}'.format(i, address, r[1]).ljust(200) + "\r")
except ValueError:
break
balance = int(int(r[1].rstrip()) / remove_zeros)
balances[address] = balance
i += 1
f.close()
accuracy = 10 ** 6
count = 0
with open(f'{args.import_dir}/balances.csv', 'r') as balances_file:
while True:
line = balances_file.readline()
if line is None:
break
balance_data = line.split(',')
try:
blockchain_address = to_checksum_address(balance_data[0])
logg.info(
'loading balance: {} {} {}'.format(count, blockchain_address, balance_data[1].ljust(200) + "\r"))
except ValueError:
break
balance = int(int(balance_data[1].rstrip()) / accuracy)
balances[blockchain_address] = balance
count += 1
ImportTask.balances = balances
ImportTask.count = i
ImportTask.import_dir = user_dir
s = celery.signature(
'import_task.send_txs',
[
MetadataTask.balance_processor.nonce_offset,
],
queue=queue,
)
s.apply_async()
ImportTask.count = count
ImportTask.include_balances = args.include_balances is True
ImportTask.import_dir = args.import_dir
s_send_txs = celery.signature(
'import_task.send_txs', [ImportTask.balance_processor.nonce_offset], queue=args.q)
s_send_txs.apply_async()
argv = ['worker']
if args.vv:
@@ -165,6 +150,7 @@ def main():
argv.append(args.q)
argv.append('-n')
argv.append(args.q)
argv.append(f'--pidfile={args.q}.pid')
celery_app.worker_main(argv)

72
apps/data-seeding/cic_ussd/import_pins.py
View File

@@ -1,71 +1,63 @@
# standard import
# standard imports
import argparse
import csv
import logging
import os
import psycopg2
# third-party imports
import celery
import confini
# external imports
from confini import Config
# local imports
from import_util import get_celery_worker_status
default_config_dir = './config'
logging.basicConfig(level=logging.WARNING)
logg = logging.getLogger()
default_config_dir = './config'
arg_parser = argparse.ArgumentParser()
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config root to use')
arg_parser = argparse.ArgumentParser(description='Pins import script.')
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config root to use.')
arg_parser.add_argument('--env-prefix',
default=os.environ.get('CONFINI_ENV_PREFIX'),
dest='env_prefix',
type=str,
help='environment prefix for variables to overwrite configuration')
arg_parser.add_argument('-q', type=str, default='cic-import-ussd', help='celery queue to submit transaction tasks to')
help='environment prefix for variables to overwrite configuration.')
arg_parser.add_argument('import_dir', default='out', type=str, help='user export directory')
arg_parser.add_argument('-v', help='be verbose', action='store_true')
arg_parser.add_argument('-vv', help='be more verbose', action='store_true')
arg_parser.add_argument('pins_dir', default='out', type=str, help='user export directory')
args = arg_parser.parse_args()
# set log levels
if args.v:
logg.setLevel(logging.INFO)
elif args.vv:
logg.setLevel(logging.DEBUG)
if args.vv:
logging.getLogger().setLevel(logging.DEBUG)
elif args.v:
logging.getLogger().setLevel(logging.INFO)
# process configs
config_dir = args.c
config = confini.Config(config_dir, os.environ.get('CONFINI_ENV_PREFIX'))
config = Config(args.c, args.env_prefix)
config.process()
config.censor('PASSWORD', 'DATABASE')
logg.debug('config loaded from {}:\n{}'.format(args.c, config))
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
status = get_celery_worker_status(celery_app=celery_app)
db_configs = {
'database': config.get('DATABASE_NAME'),
'host': config.get('DATABASE_HOST'),
'port': config.get('DATABASE_PORT'),
'user': config.get('DATABASE_USER'),
'password': config.get('DATABASE_PASSWORD')
}
logg.debug(f'config loaded from {args.c}:\n{config}')
def main():
with open(f'{args.pins_dir}/pins.csv') as pins_file:
with open(f'{args.import_dir}/pins.csv') as pins_file:
phone_to_pins = [tuple(row) for row in csv.reader(pins_file)]
s_import_pins = celery.signature(
'import_task.set_pins',
(db_configs, phone_to_pins),
queue=args.q
db_conn = psycopg2.connect(
database=config.get('DATABASE_NAME'),
host=config.get('DATABASE_HOST'),
port=config.get('DATABASE_PORT'),
user=config.get('DATABASE_USER'),
password=config.get('DATABASE_PASSWORD')
)
result = s_import_pins.apply_async()
logg.debug(f'TASK: {result.id}, STATUS: {result.status}')
db_cursor = db_conn.cursor()
sql = 'UPDATE account SET password_hash = %s WHERE phone_number = %s'
for element in phone_to_pins:
db_cursor.execute(sql, (element[1], element[0]))
logg.debug(f'Updating account: {element[0]} with: {element[1]}')
db_conn.commit()
db_cursor.close()
db_conn.close()
if __name__ == '__main__':

335
apps/data-seeding/cic_ussd/import_task.py
View File

@@ -1,38 +1,37 @@
# standard imports
import csv
import json
import logging
import os
import random
import urllib.error
import urllib.parse
import urllib.request
import uuid
from urllib import error, parse, request
# external imports
import celery
import psycopg2
from celery import Task
from chainlib.chain import ChainSpec
from chainlib.eth.address import to_checksum_address
from chainlib.eth.tx import (
unpack,
raw,
)
from cic_types.models.person import Person
from cic_types.processor import generate_metadata_pointer
from hexathon import (
strip_0x,
add_0x,
)
from chainlib.eth.tx import raw, unpack
from cic_types.models.person import Person, generate_metadata_pointer
from hexathon import add_0x, strip_0x
# local imports
logg = logging.getLogger()
celery_app = celery.current_app
logg = logging.getLogger()
class ImportTask(celery.Task):
class ImportTask(Task):
balances = None
import_dir = 'out'
count = 0
chain_spec = None
balance_processor = None
chain_spec: ChainSpec = None
count = 0
db_config: dict = None
import_dir = ''
include_balances = False
max_retries = None
@@ -41,121 +40,70 @@ class MetadataTask(ImportTask):
meta_port = None
meta_path = ''
meta_ssl = False
autoretry_for = (
urllib.error.HTTPError,
OSError,
)
autoretry_for = (error.HTTPError, OSError,)
retry_jitter = True
retry_backoff = True
retry_backoff_max = 60
@classmethod
def meta_url(self):
def meta_url(cls):
scheme = 'http'
if self.meta_ssl:
if cls.meta_ssl:
scheme += 's'
url = urllib.parse.urlparse('{}://{}:{}/{}'.format(scheme, self.meta_host, self.meta_port, self.meta_path))
return urllib.parse.urlunparse(url)
url = parse.urlparse(f'{scheme}://{cls.meta_host}:{cls.meta_port}/{cls.meta_path}')
return parse.urlunparse(url)
def old_address_from_phone(base_path, phone):
pidx = generate_metadata_pointer(phone.encode('utf-8'), ':cic.phone')
phone_idx_path = os.path.join('{}/phone/{}/{}/{}'.format(
base_path,
pidx[:2],
pidx[2:4],
pidx,
)
)
f = open(phone_idx_path, 'r')
old_address = f.read()
f.close()
def old_address_from_phone(base_path: str, phone_number: str):
pid_x = generate_metadata_pointer(phone_number.encode('utf-8'), ':cic.phone')
phone_idx_path = os.path.join(f'{base_path}/phone/{pid_x[:2]}/{pid_x[2:4]}/{pid_x}')
with open(phone_idx_path, 'r') as f:
old_address = f.read()
return old_address
@celery_app.task(bind=True, base=MetadataTask)
def resolve_phone(self, phone):
identifier = generate_metadata_pointer(phone.encode('utf-8'), ':cic.phone')
url = urllib.parse.urljoin(self.meta_url(), identifier)
logg.debug('attempt getting phone pointer at {} for phone {}'.format(url, phone))
r = urllib.request.urlopen(url)
address = json.load(r)
address = address.replace('"', '')
logg.debug('address {} for phone {}'.format(address, phone))
return address
@celery_app.task(bind=True, base=MetadataTask)
def generate_metadata(self, address, phone):
old_address = old_address_from_phone(self.import_dir, phone)
logg.debug('address {}'.format(address))
old_address_upper = strip_0x(old_address).upper()
metadata_path = '{}/old/{}/{}/{}.json'.format(
self.import_dir,
old_address_upper[:2],
old_address_upper[2:4],
old_address_upper,
)
f = open(metadata_path, 'r')
o = json.load(f)
f.close()
u = Person.deserialize(o)
if u.identities.get('evm') == None:
u.identities['evm'] = {}
sub_chain_str = '{}:{}'.format(self.chain_spec.common_name(), self.chain_spec.network_id())
u.identities['evm'][sub_chain_str] = [add_0x(address)]
new_address_clean = strip_0x(address)
filepath = os.path.join(
def generate_person_metadata(self, blockchain_address: str, phone_number: str):
logg.debug(f'blockchain address: {blockchain_address}')
old_blockchain_address = old_address_from_phone(self.import_dir, phone_number)
old_address_upper = strip_0x(old_blockchain_address).upper()
metadata_path = f'{self.import_dir}/old/{old_address_upper[:2]}/{old_address_upper[2:4]}/{old_address_upper}.json'
with open(metadata_path, 'r') as metadata_file:
person_metadata = json.load(metadata_file)
person = Person.deserialize(person_metadata)
if not person.identities.get('evm'):
person.identities['evm'] = {}
sub_chain_str = f'{self.chain_spec.common_name()}:{self.chain_spec.network_id()}'
person.identities['evm'][sub_chain_str] = [add_0x(blockchain_address)]
blockchain_address = strip_0x(blockchain_address)
file_path = os.path.join(
self.import_dir,
'new',
new_address_clean[:2].upper(),
new_address_clean[2:4].upper(),
new_address_clean.upper() + '.json',
blockchain_address[:2].upper(),
blockchain_address[2:4].upper(),
blockchain_address.upper() + '.json'
)
os.makedirs(os.path.dirname(filepath), exist_ok=True)
o = u.serialize()
f = open(filepath, 'w')
f.write(json.dumps(o))
f.close()
meta_key = generate_metadata_pointer(bytes.fromhex(new_address_clean), ':cic.person')
os.makedirs(os.path.dirname(file_path), exist_ok=True)
serialized_person_metadata = person.serialize()
with open(file_path, 'w') as metadata_file:
metadata_file.write(json.dumps(serialized_person_metadata))
logg.debug(f'written person metadata for address: {blockchain_address}')
meta_filepath = os.path.join(
self.import_dir,
'meta',
'{}.json'.format(new_address_clean.upper()),
'{}.json'.format(blockchain_address.upper()),
)
os.symlink(os.path.realpath(filepath), meta_filepath)
os.symlink(os.path.realpath(file_path), meta_filepath)
return blockchain_address
# write ussd data
ussd_data = {
'phone': phone,
'is_activated': 1,
'preferred_language': random.sample(['en', 'sw'], 1)[0],
'is_disabled': False
}
ussd_data_dir = os.path.join(self.import_dir, 'ussd')
ussd_data_file_path = os.path.join(ussd_data_dir, f'{old_address}.json')
f = open(ussd_data_file_path, 'w')
f.write(json.dumps(ussd_data))
f.close()
# write preferences data
@celery_app.task(bind=True, base=MetadataTask)
def generate_preferences_data(self, data: tuple):
blockchain_address: str = data[0]
preferences = data[1]
preferences_dir = os.path.join(self.import_dir, 'preferences')
preferences_data = {
'preferred_language': ussd_data['preferred_language']
}
preferences_key = generate_metadata_pointer(bytes.fromhex(new_address_clean[2:]), ':cic.preferences')
preferences_key = generate_metadata_pointer(bytes.fromhex(strip_0x(blockchain_address)), ':cic.preferences')
preferences_filepath = os.path.join(preferences_dir, 'meta', preferences_key)
filepath = os.path.join(
preferences_dir,
'new',
@@ -164,95 +112,95 @@ def generate_metadata(self, address, phone):
preferences_key.upper() + '.json'
)
os.makedirs(os.path.dirname(filepath), exist_ok=True)
f = open(filepath, 'w')
f.write(json.dumps(preferences_data))
f.close()
with open(filepath, 'w') as preferences_file:
preferences_file.write(json.dumps(preferences))
logg.debug(f'written preferences metadata: {preferences} for address: {blockchain_address}')
os.symlink(os.path.realpath(filepath), preferences_filepath)
logg.debug('found metadata {} for phone {}'.format(o, phone))
return address
return blockchain_address
@celery_app.task(bind=True, base=MetadataTask)
def opening_balance_tx(self, address, phone, serial):
old_address = old_address_from_phone(self.import_dir, phone)
def generate_pins_data(self, blockchain_address: str, phone_number: str):
pins_file = f'{self.import_dir}/pins.csv'
file_op = 'a' if os.path.exists(pins_file) else 'w'
with open(pins_file, file_op) as pins_file:
password_hash = uuid.uuid4().hex
pins_file.write(f'{phone_number},{password_hash}\n')
logg.debug(f'written pin data for address: {blockchain_address}')
return blockchain_address
k = to_checksum_address(strip_0x(old_address))
balance = self.balances[k]
logg.debug('found balance {} for address {} phone {}'.format(balance, old_address, phone))
@celery_app.task(bind=True, base=MetadataTask)
def generate_ussd_data(self, blockchain_address: str, phone_number: str):
ussd_data_file = f'{self.import_dir}/ussd_data.csv'
file_op = 'a' if os.path.exists(ussd_data_file) else 'w'
preferred_language = random.sample(["en", "sw"], 1)[0]
preferences = {'preferred_language': preferred_language}
with open(ussd_data_file, file_op) as ussd_data_file:
ussd_data_file.write(f'{phone_number}, { 1}, {preferred_language}, {False}\n')
logg.debug(f'written ussd data for address: {blockchain_address}')
return blockchain_address, preferences
@celery_app.task(bind=True, base=MetadataTask)
def opening_balance_tx(self, blockchain_address: str, phone_number: str, serial: str):
old_blockchain_address = old_address_from_phone(self.import_dir, phone_number)
address = to_checksum_address(strip_0x(old_blockchain_address))
balance = self.balances[address]
logg.debug(f'found balance: {balance} for address: {address} phone: {phone_number}')
decimal_balance = self.balance_processor.get_decimal_amount(int(balance))
(tx_hash_hex, o) = self.balance_processor.get_rpc_tx(address, decimal_balance, serial)
tx_hash_hex, o = self.balance_processor.get_rpc_tx(blockchain_address, decimal_balance, serial)
tx = unpack(bytes.fromhex(strip_0x(o)), self.chain_spec)
logg.debug('generated tx token value {} to {} tx hash {}'.format(decimal_balance, address, tx_hash_hex))
tx_path = os.path.join(
self.import_dir,
'txs',
strip_0x(tx_hash_hex),
)
f = open(tx_path, 'w')
f.write(strip_0x(o))
f.close()
tx_nonce_path = os.path.join(
self.import_dir,
'txs',
'.' + str(tx['nonce']),
)
logg.debug(f'generated tx token value: {decimal_balance}: {blockchain_address} tx hash {tx_hash_hex}')
tx_path = os.path.join(self.import_dir, 'txs', strip_0x(tx_hash_hex))
with open(tx_path, 'w') as tx_file:
tx_file.write(strip_0x(o))
logg.debug(f'written tx with tx hash: {tx["hash"]} for address: {blockchain_address}')
tx_nonce_path = os.path.join(self.import_dir, 'txs', '.' + str(tx['nonce']))
os.symlink(os.path.realpath(tx_path), tx_nonce_path)
return tx['hash']
@celery_app.task(bind=True, base=ImportTask, autoretry_for=(FileNotFoundError,), max_retries=None,
@celery_app.task(bind=True, base=MetadataTask)
def resolve_phone(self, phone_number: str):
identifier = generate_metadata_pointer(phone_number.encode('utf-8'), ':cic.phone')
url = parse.urljoin(self.meta_url(), identifier)
logg.debug(f'attempt getting phone pointer at: {url} for phone: {phone_number}')
r = request.urlopen(url)
address = json.load(r)
address = address.replace('"', '')
logg.debug(f'address: {address} for phone: {phone_number}')
return address
@celery_app.task(autoretry_for=(FileNotFoundError,),
bind=True,
base=ImportTask,
max_retries=None,
default_retry_delay=0.1)
def send_txs(self, nonce):
if nonce == self.count + self.balance_processor.nonce_offset:
logg.info('reached nonce {} (offset {} + count {}) exiting'.format(nonce, self.balance_processor.nonce_offset,
self.count))
return
logg.debug('attempt to open symlink for nonce {}'.format(nonce))
tx_nonce_path = os.path.join(
self.import_dir,
'txs',
'.' + str(nonce),
)
f = open(tx_nonce_path, 'r')
tx_signed_raw_hex = f.read()
f.close()
os.unlink(tx_nonce_path)
o = raw(add_0x(tx_signed_raw_hex))
tx_hash_hex = self.balance_processor.conn.do(o)
logg.info('sent nonce {} tx hash {}'.format(nonce, tx_hash_hex)) # tx_signed_raw_hex))
nonce += 1
queue = self.request.delivery_info.get('routing_key')
s = celery.signature(
'import_task.send_txs',
[
nonce,
],
queue=queue,
)
s.apply_async()
if nonce == self.count + self.balance_processor.nonce_offset:
logg.info(f'reached nonce {nonce} (offset {self.balance_processor.nonce_offset} + count {self.count}).')
celery_app.control.broadcast('shutdown', destination=[f'celery@{queue}'])
logg.debug(f'attempt to open symlink for nonce {nonce}')
tx_nonce_path = os.path.join(self.import_dir, 'txs', '.' + str(nonce))
with open(tx_nonce_path, 'r') as tx_nonce_file:
tx_signed_raw_hex = tx_nonce_file.read()
os.unlink(tx_nonce_path)
o = raw(add_0x(tx_signed_raw_hex))
if self.include_balances:
tx_hash_hex = self.balance_processor.conn.do(o)
logg.info(f'sent nonce {nonce} tx hash {tx_hash_hex}')
nonce += 1
s = celery.signature('import_task.send_txs', [nonce], queue=queue)
s.apply_async()
return nonce
@celery_app.task
def set_pins(config: dict, phone_to_pins: list):
# define db connection
@celery_app.task()
def set_pin_data(config: dict, phone_to_pins: list):
db_conn = psycopg2.connect(
database=config.get('database'),
host=config.get('host'),
@@ -261,24 +209,17 @@ def set_pins(config: dict, phone_to_pins: list):
password=config.get('password')
)
db_cursor = db_conn.cursor()
# update db
sql = 'UPDATE account SET password_hash = %s WHERE phone_number = %s'
for element in phone_to_pins:
sql = 'UPDATE account SET password_hash = %s WHERE phone_number = %s'
db_cursor.execute(sql, (element[1], element[0]))
logg.debug(f'Updating: {element[0]} with: {element[1]}')
# commit changes
db_conn.commit()
# close connections
db_cursor.close()
db_conn.close()
@celery_app.task
def set_ussd_data(config: dict, ussd_data: dict):
# define db connection
def set_ussd_data(config: dict, ussd_data: list):
db_conn = psycopg2.connect(
database=config.get('database'),
host=config.get('host'),
@@ -287,20 +228,12 @@ def set_ussd_data(config: dict, ussd_data: dict):
password=config.get('password')
)
db_cursor = db_conn.cursor()
# process ussd_data
account_status = 1
if ussd_data['is_activated'] == 1:
account_status = 2
preferred_language = ussd_data['preferred_language']
phone_number = ussd_data['phone']
sql = 'UPDATE account SET status = %s, preferred_language = %s WHERE phone_number = %s'
db_cursor.execute(sql, (account_status, preferred_language, phone_number))
# commit changes
for element in ussd_data:
status = 2 if int(element[1]) == 1 else 1
preferred_language = element[2]
phone_number = element[0]
db_cursor.execute(sql, (status, preferred_language, phone_number))
db_conn.commit()
# close connections
db_cursor.close()
db_conn.close()

250
apps/data-seeding/cic_ussd/import_users.py
View File

@@ -3,56 +3,61 @@ import argparse
import json
import logging
import os
import redis
import sys
import time
import urllib.request
import uuid
from urllib import request
from urllib.parse import urlencode
# external imports
import celery
import confini
import phonenumbers
import redis
from chainlib.chain import ChainSpec
from cic_types.models.person import Person
from confini import Config
# local imports
from import_util import get_celery_worker_status
default_config_dir = './config'
logging.basicConfig(level=logging.WARNING)
logg = logging.getLogger()
default_config_dir = '/usr/local/etc/cic'
arg_parser = argparse.ArgumentParser(description='Daemon worker that handles data seeding tasks.')
# batch size should be slightly below cumulative gas limit worth, eg 80000 gas txs with 8000000 limit is a bit less than 100 batch size
arg_parser.add_argument('--batch-size',
dest='batch_size',
default=100,
type=int,
help='burst size of sending transactions to node')
arg_parser.add_argument('--batch-delay', dest='batch_delay', default=3, type=int, help='seconds delay between batches')
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config root to use.')
arg_parser.add_argument('--env-prefix',
default=os.environ.get('CONFINI_ENV_PREFIX'),
dest='env_prefix',
type=str,
help='environment prefix for variables to overwrite configuration.')
arg_parser.add_argument('-i', '--chain-spec', type=str, dest='i', help='chain spec')
arg_parser.add_argument('-q', type=str, default='cic-import-ussd', help='celery queue to submit data seeding tasks to.')
arg_parser.add_argument('--redis-db', dest='redis_db', type=int, help='redis db to use for task submission and callback')
arg_parser.add_argument('--redis-host', dest='redis_host', type=str, help='redis host to use for task submission')
arg_parser.add_argument('--redis-port', dest='redis_port', type=int, help='redis host to use for task submission')
arg_parser.add_argument('--ussd-host', dest='ussd_host', type=str,
help="host to ussd app responsible for processing ussd requests.")
arg_parser.add_argument('--ussd-no-ssl', dest='ussd_no_ssl', help='do not use ssl (careful)', action='store_true')
arg_parser.add_argument('--ussd-port', dest='ussd_port', type=str,
help="port to ussd app responsible for processing ussd requests.")
arg_parser.add_argument('-v', help='be verbose', action='store_true')
arg_parser.add_argument('-vv', help='be more verbose', action='store_true')
arg_parser.add_argument('import_dir', default='out', type=str, help='user export directory')
args = arg_parser.parse_args()
argparser = argparse.ArgumentParser()
argparser.add_argument('-c', type=str, default=default_config_dir, help='config file')
argparser.add_argument('-i', '--chain-spec', dest='i', type=str, help='Chain specification string')
argparser.add_argument('--redis-host', dest='redis_host', type=str, help='redis host to use for task submission')
argparser.add_argument('--redis-port', dest='redis_port', type=int, help='redis host to use for task submission')
argparser.add_argument('--redis-db', dest='redis_db', type=int, help='redis db to use for task submission and callback')
argparser.add_argument('--batch-size', dest='batch_size', default=100, type=int,
help='burst size of sending transactions to node') # batch size should be slightly below cumulative gas limit worth, eg 80000 gas txs with 8000000 limit is a bit less than 100 batch size
argparser.add_argument('--batch-delay', dest='batch_delay', default=3, type=int, help='seconds delay between batches')
argparser.add_argument('--timeout', default=60.0, type=float, help='Callback timeout')
argparser.add_argument('--ussd-host', dest='ussd_host', type=str,
help="host to ussd app responsible for processing ussd requests.")
argparser.add_argument('--ussd-port', dest='ussd_port', type=str,
help="port to ussd app responsible for processing ussd requests.")
argparser.add_argument('--ussd-no-ssl', dest='ussd_no_ssl', help='do not use ssl (careful)', action='store_true')
argparser.add_argument('-q', type=str, default='cic-eth', help='Task queue')
argparser.add_argument('-v', action='store_true', help='Be verbose')
argparser.add_argument('-vv', action='store_true', help='Be more verbose')
argparser.add_argument('user_dir', type=str, help='path to users export dir tree')
args = argparser.parse_args()
if args.vv:
logging.getLogger().setLevel(logging.DEBUG)
elif args.v:
logging.getLogger().setLevel(logging.INFO)
if args.v:
logg.setLevel(logging.INFO)
elif args.vv:
logg.setLevel(logging.DEBUG)
config_dir = args.c
config = confini.Config(config_dir, os.environ.get('CONFINI_ENV_PREFIX'))
config = Config(args.c, args.env_prefix)
config.process()
args_override = {
'CIC_CHAIN_SPEC': getattr(args, 'i'),
@@ -60,44 +65,29 @@ args_override = {
'REDIS_PORT': getattr(args, 'redis_port'),
'REDIS_DB': getattr(args, 'redis_db'),
}
config.dict_override(args_override, 'cli')
logg.debug('config loaded from {}:\n{}'.format(args.c, config))
config.dict_override(args_override, 'cli flag')
config.censor('PASSWORD', 'DATABASE')
config.censor('PASSWORD', 'SSL')
logg.debug(f'config loaded from {args.c}:\n{config}')
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
get_celery_worker_status(celery_app=celery_app)
old_account_dir = os.path.join(args.import_dir, 'old')
os.stat(old_account_dir)
logg.debug(f'created old system data dir: {old_account_dir}')
redis_host = config.get('REDIS_HOST')
redis_port = config.get('REDIS_PORT')
redis_db = config.get('REDIS_DB')
r = redis.Redis(redis_host, redis_port, redis_db)
new_account_dir = os.path.join(args.import_dir, 'new')
os.makedirs(new_account_dir, exist_ok=True)
logg.debug(f'created new system data dir: {new_account_dir}')
ps = r.pubsub()
person_metadata_dir = os.path.join(args.import_dir, 'meta')
os.makedirs(person_metadata_dir, exist_ok=True)
logg.debug(f'created person metadata dir: {person_metadata_dir}')
user_new_dir = os.path.join(args.user_dir, 'new')
os.makedirs(user_new_dir, exist_ok=True)
ussd_data_dir = os.path.join(args.user_dir, 'ussd')
os.makedirs(ussd_data_dir, exist_ok=True)
preferences_dir = os.path.join(args.user_dir, 'preferences')
preferences_dir = os.path.join(args.import_dir, 'preferences')
os.makedirs(os.path.join(preferences_dir, 'meta'), exist_ok=True)
logg.debug(f'created preferences metadata dir: {preferences_dir}')
meta_dir = os.path.join(args.user_dir, 'meta')
os.makedirs(meta_dir, exist_ok=True)
valid_service_codes = config.get('USSD_SERVICE_CODE').split(",")
user_old_dir = os.path.join(args.user_dir, 'old')
os.stat(user_old_dir)
txs_dir = os.path.join(args.user_dir, 'txs')
os.makedirs(txs_dir, exist_ok=True)
chain_spec = ChainSpec.from_chain_str(config.get('CIC_CHAIN_SPEC'))
chain_str = str(chain_spec)
batch_size = args.batch_size
batch_delay = args.batch_delay
ussd_port = args.ussd_port
ussd_host = args.ussd_host
ussd_no_ssl = args.ussd_no_ssl
if ussd_no_ssl is True:
ussd_ssl = False
@@ -105,7 +95,17 @@ else:
ussd_ssl = True
def build_ussd_request(phone, host, port, service_code, username, password, ssl=False):
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
get_celery_worker_status(celery_app)
def build_ussd_request(host: str,
password: str,
phone_number: str,
port: str,
service_code: str,
username: str,
ssl: bool = False):
url = 'http'
if ssl:
url += 's'
@@ -115,16 +115,16 @@ def build_ussd_request(phone, host, port, service_code, username, password, ssl=
url += '/?username={}&password={}'.format(username, password)
logg.info('ussd service url {}'.format(url))
logg.info('ussd phone {}'.format(phone))
logg.info('ussd phone {}'.format(phone_number))
session = uuid.uuid4().hex
data = {
'sessionId': session,
'serviceCode': service_code,
'phoneNumber': phone,
'phoneNumber': phone_number,
'text': service_code,
}
req = urllib.request.Request(url)
req = request.Request(url)
req.method = 'POST'
data_str = urlencode(data)
data_bytes = data_str.encode('utf-8')
@@ -134,85 +134,77 @@ def build_ussd_request(phone, host, port, service_code, username, password, ssl=
return req
def register_ussd(i, u):
phone_object = phonenumbers.parse(u.tel)
phone = phonenumbers.format_number(phone_object, phonenumbers.PhoneNumberFormat.E164)
logg.debug('tel {} {}'.format(u.tel, phone))
req = build_ussd_request(
phone,
ussd_host,
ussd_port,
config.get('APP_SERVICE_CODE'),
'',
'',
ussd_ssl
)
response = urllib.request.urlopen(req)
def e164_phone_number(phone_number: str):
phone_object = phonenumbers.parse(phone_number)
return phonenumbers.format_number(phone_object, phonenumbers.PhoneNumberFormat.E164)
def register_account(person: Person):
phone_number = e164_phone_number(person.tel)
logg.debug(f'tel: {phone_number}')
req = build_ussd_request(args.ussd_host,
'',
phone_number,
args.ussd_port,
valid_service_codes[0],
'',
ussd_ssl)
response = request.urlopen(req)
response_data = response.read().decode('utf-8')
state = response_data[:3]
out = response_data[4:]
logg.debug('ussd reponse: {}'.format(out))
logg.debug(f'ussd response: {response_data[4:]}')
if __name__ == '__main__':
i = 0
j = 0
for x in os.walk(user_old_dir):
for x in os.walk(old_account_dir):
for y in x[2]:
if y[len(y) - 5:] != '.json':
continue
# handle json containing person object
filepath = os.path.join(x[0], y)
f = open(filepath, 'r')
try:
o = json.load(f)
except json.decoder.JSONDecodeError as e:
f.close()
logg.error('load error for {}: {}'.format(y, e))
continue
f.close()
u = Person.deserialize(o)
register_ussd(i, u)
phone_object = phonenumbers.parse(u.tel)
phone = phonenumbers.format_number(phone_object, phonenumbers.PhoneNumberFormat.E164)
s_phone = celery.signature(
'import_task.resolve_phone',
[
phone,
],
queue='cic-import-ussd',
file_path = os.path.join(x[0], y)
with open(file_path, 'r') as account_file:
try:
account_data = json.load(account_file)
except json.decoder.JSONDecodeError as e:
logg.error('load error for {}: {}'.format(y, e))
continue
person = Person.deserialize(account_data)
register_account(person)
phone_number = e164_phone_number(person.tel)
s_resolve_phone = celery.signature(
'import_task.resolve_phone', [phone_number], queue=args.q
)
s_meta = celery.signature(
'import_task.generate_metadata',
[
phone,
],
queue='cic-import-ussd',
s_person_metadata = celery.signature(
'import_task.generate_person_metadata', [phone_number], queue=args.q
)
s_balance = celery.signature(
'import_task.opening_balance_tx',
[
phone,
i,
],
queue='cic-import-ussd',
s_ussd_data = celery.signature(
'import_task.generate_ussd_data', [phone_number], queue=args.q
)
s_meta.link(s_balance)
s_phone.link(s_meta)
# block time plus a bit of time for ussd processing
s_phone.apply_async(countdown=7)
s_preferences_metadata = celery.signature(
'import_task.generate_preferences_data', [], queue=args.q
)
s_pins_data = celery.signature(
'import_task.generate_pins_data', [phone_number], queue=args.q
)
s_opening_balance = celery.signature(
'import_task.opening_balance_tx', [phone_number, i], queue=args.q
)
celery.chain(s_resolve_phone,
s_person_metadata,
s_ussd_data,
s_preferences_metadata,
s_pins_data,
s_opening_balance).apply_async(countdown=7)
i += 1
sys.stdout.write('imported {} {}'.format(i, u).ljust(200) + "\r")
sys.stdout.write('imported: {} {}'.format(i, person).ljust(200) + "\r\n")
j += 1
if j == batch_size:
time.sleep(batch_delay)
if j == args.batch_size:
time.sleep(args.batch_delay)
j = 0

90
apps/data-seeding/cic_ussd/import_ussd_data.py
View File

@@ -1,67 +1,67 @@
# standard imports
import argparse
import json
import csv
import logging
import os
import psycopg2
# external imports
import celery
from confini import Config
# local imports
default_config_dir = './config'
logging.basicConfig(level=logging.WARNING)
logg = logging.getLogger()
default_config_dir = '/usr/local/etc/cic'
arg_parser = argparse.ArgumentParser(description='Pins import script.')
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config root to use.')
arg_parser.add_argument('--env-prefix',
default=os.environ.get('CONFINI_ENV_PREFIX'),
dest='env_prefix',
type=str,
help='environment prefix for variables to overwrite configuration.')
arg_parser.add_argument('import_dir', default='out', type=str, help='user export directory')
arg_parser.add_argument('-v', help='be verbose', action='store_true')
arg_parser.add_argument('-vv', help='be more verbose', action='store_true')
arg_parser = argparse.ArgumentParser()
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config file')
arg_parser.add_argument('-q', type=str, default='cic-import-ussd', help='Task queue')
arg_parser.add_argument('-v', action='store_true', help='Be verbose')
arg_parser.add_argument('-vv', action='store_true', help='Be more verbose')
arg_parser.add_argument('user_dir', type=str, help='path to users export dir tree')
args = arg_parser.parse_args()
if args.v:
logg.setLevel(logging.INFO)
elif args.vv:
logg.setLevel(logging.DEBUG)
if args.vv:
logging.getLogger().setLevel(logging.DEBUG)
elif args.v:
logging.getLogger().setLevel(logging.INFO)
config_dir = args.c
config = Config(config_dir, os.environ.get('CONFINI_ENV_PREFIX'))
config = Config(args.c, args.env_prefix)
config.process()
logg.debug('config loaded from {}:\n{}'.format(args.c, config))
config.censor('PASSWORD', 'DATABASE')
logg.debug(f'config loaded from {args.c}:\n{config}')
ussd_data_dir = os.path.join(args.user_dir, 'ussd')
db_configs = {
'database': config.get('DATABASE_NAME'),
'host': config.get('DATABASE_HOST'),
'port': config.get('DATABASE_PORT'),
'user': config.get('DATABASE_USER'),
'password': config.get('DATABASE_PASSWORD')
}
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
def main():
with open(f'{args.import_dir}/ussd_data.csv') as ussd_data_file:
ussd_data = [tuple(row) for row in csv.reader(ussd_data_file)]
db_conn = psycopg2.connect(
database=config.get('DATABASE_NAME'),
host=config.get('DATABASE_HOST'),
port=config.get('DATABASE_PORT'),
user=config.get('DATABASE_USER'),
password=config.get('DATABASE_PASSWORD')
)
db_cursor = db_conn.cursor()
sql = 'UPDATE account SET status = %s, preferred_language = %s WHERE phone_number = %s'
for element in ussd_data:
status = 2 if int(element[1]) == 1 else 1
preferred_language = element[2]
phone_number = element[0]
db_cursor.execute(sql, (status, preferred_language, phone_number))
logg.debug(f'Updating account:{phone_number} with: preferred language: {preferred_language} status: {status}.')
db_conn.commit()
db_cursor.close()
db_conn.close()
if __name__ == '__main__':
for x in os.walk(ussd_data_dir):
for y in x[2]:
if y[len(y) - 5:] == '.json':
filepath = os.path.join(x[0], y)
f = open(filepath, 'r')
try:
ussd_data = json.load(f)
logg.debug(f'LOADING USSD DATA: {ussd_data}')
except json.decoder.JSONDecodeError as e:
f.close()
logg.error('load error for {}: {}'.format(y, e))
continue
f.close()
s_set_ussd_data = celery.signature(
'import_task.set_ussd_data',
[db_configs, ussd_data]
)
s_set_ussd_data.apply_async(queue='cic-import-ussd')
main()

29
apps/data-seeding/config/app.ini
View File

@@ -1,27 +1,4 @@
[app]
ALLOWED_IP=0.0.0.0/0
LOCALE_FALLBACK=en
LOCALE_PATH=/usr/src/cic-ussd/var/lib/locale/
MAX_BODY_LENGTH=1024
PASSWORD_PEPPER=QYbzKff6NhiQzY3ygl2BkiKOpER8RE/Upqs/5aZWW+I=
SERVICE_CODE=*483*46#
[phone_number]
REGION=KE
[ussd]
MENU_FILE=/usr/src/data/ussd_menu.json
user =
pass =
[statemachine]
STATES=/usr/src/cic-ussd/states/
TRANSITIONS=/usr/src/cic-ussd/transitions/
[client]
host =
port =
ssl =
[keystore]
file_path = keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
allowed_ip=0.0.0.0/0
max_body_length=1024
password_pepper=

18
apps/data-seeding/config/database.ini
View File

@@ -1,10 +1,10 @@
[database]
NAME=sempo
USER=postgres
PASSWORD=
HOST=localhost
PORT=5432
ENGINE=postgresql
DRIVER=psycopg2
DEBUG=0
POOL_SIZE=1
name=cic_ussd
user=postgres
password=
host=localhost
port=5432
engine=postgresql
driver=psycopg2
debug=0
pool_size=1

5
apps/data-seeding/config/ussd.ini Normal file
View File

@@ -0,0 +1,5 @@
[ussd]
menu_file=data/ussd_menu.json
service_code=*483*46#,*483*061#,*384*96#
user =
pass =

91
apps/data-seeding/create_import_pins.py
View File

@@ -1,91 +0,0 @@
# standard imports
import argparse
import json
import logging
import os
import uuid
# third-party imports
import bcrypt
import celery
import confini
import phonenumbers
import random
from cic_types.models.person import Person
from cryptography.fernet import Fernet
# local imports
logging.basicConfig(level=logging.WARNING)
logg = logging.getLogger()
script_dir = os.path.realpath(os.path.dirname(__file__))
default_config_dir = os.environ.get('CONFINI_DIR', os.path.join(script_dir, 'config'))
arg_parser = argparse.ArgumentParser()
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='Config dir')
arg_parser.add_argument('-v', action='store_true', help='Be verbose')
arg_parser.add_argument('-vv', action='store_true', help='Be more verbose')
arg_parser.add_argument('--userdir', type=str, help='path to users export dir tree')
arg_parser.add_argument('pins_dir', type=str, help='path to pin export dir tree')
args = arg_parser.parse_args()
if args.v:
logg.setLevel(logging.INFO)
elif args.vv:
logg.setLevel(logging.DEBUG)
config = confini.Config(args.c, os.environ.get('CONFINI_ENV_PREFIX'))
config.process()
logg.info('loaded config\n{}'.format(config))
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
user_dir = args.userdir
pins_dir = args.pins_dir
def generate_password_hash():
key = Fernet.generate_key()
fnt = Fernet(key)
pin = str(random.randint(1000, 9999))
return fnt.encrypt(bcrypt.hashpw(pin.encode('utf-8'), bcrypt.gensalt())).decode()
user_old_dir = os.path.join(user_dir, 'old')
logg.debug(f'reading user data from: {user_old_dir}')
pins_file = open(f'{pins_dir}/pins.csv', 'w')
if __name__ == '__main__':
for x in os.walk(user_old_dir):
for y in x[2]:
# skip non-json files
if y[len(y) - 5:] != '.json':
continue
# define file path for
filepath = None
if y[:15] != '_ussd_data.json':
filepath = os.path.join(x[0], y)
f = open(filepath, 'r')
try:
o = json.load(f)
except json.decoder.JSONDecodeError as e:
f.close()
logg.error('load error for {}: {}'.format(y, e))
continue
f.close()
u = Person.deserialize(o)
phone_object = phonenumbers.parse(u.tel)
phone = phonenumbers.format_number(phone_object, phonenumbers.PhoneNumberFormat.E164)
password_hash = uuid.uuid4().hex
pins_file.write(f'{phone},{password_hash}\n')
logg.info(f'Writing phone: {phone}, password_hash: {password_hash}')
pins_file.close()

62
apps/data-seeding/import_ussd.sh Normal file
View File

@@ -0,0 +1,62 @@
#!/usr/bin/env bash
set -e
echo "Creating seed data..."
python create_import_users.py -vv --dir "$IMPORT_DIR" "$ACCOUNT_COUNT"
wait $!
echo "Purge tasks from celery worker"
celery -A cic_ussd.import_task purge -Q "$CELERY_QUEUE" --broker redis://"$REDIS_HOST":"$REDIS_PORT" -f
echo "Start celery work and import balance job"
if [ "$INCLUDE_BALANCES" != "y" ]
then
echo "Running worker without opening balance transactions"
TARGET_TX_COUNT=$ACCOUNT_COUNT
python cic_ussd/import_balance.py -vv -c "$CONFIG" -p "$ETH_PROVIDER" -r "$CIC_REGISTRY_ADDRESS" --token-symbol "$TOKEN_SYMBOL" -y "$KEYSTORE_PATH" "$IMPORT_DIR" &
else
echo "Running worker with opening balance transactions"
TARGET_TX_COUNT=$((ACCOUNT_COUNT*2))
python cic_ussd/import_balance.py -vv -c "$CONFIG" -p "$ETH_PROVIDER" -r "$CIC_REGISTRY_ADDRESS" --include-balances --token-symbol "$TOKEN_SYMBOL" -y "$KEYSTORE_PATH" "$IMPORT_DIR" &
fi
until [ -f ./cic-import-ussd.pid ]
do
echo "Polling for celery worker pid file..."
sleep 1
done
IMPORT_BALANCE_JOB=$(<cic-import-ussd.pid)
echo "Start import users job"
if [ "$USSD_SSL" == "y" ]
then
echo "Targeting secure ussd-user server"
python cic_ussd/import_users.py -vv -c "$CONFIG" --ussd-host "$USSD_HOST" --ussd-port "$USSD_PORT" "$IMPORT_DIR"
else
python cic_ussd/import_users.py -vv -c "$CONFIG" --ussd-host "$USSD_HOST" --ussd-port "$USSD_PORT" --ussd-no-ssl "$IMPORT_DIR"
fi
echo "Waiting for import balance job to complete ..."
tail --pid="$IMPORT_BALANCE_JOB" -f /dev/null
set -e
echo "Importing pins"
python cic_ussd/import_pins.py -c "$CONFIG" -vv "$IMPORT_DIR"
set +e
wait $!
set -e
echo "Importing ussd data"
python cic_ussd/import_ussd_data.py -c "$CONFIG" -vv "$IMPORT_DIR"
set +e
wait $!
echo "Importing person metadata"
node cic_meta/import_meta.js "$IMPORT_DIR" "$ACCOUNT_COUNT"
echo "Import preferences metadata"
node cic_meta/import_meta_preferences.js "$IMPORT_DIR" "$ACCOUNT_COUNT"
CIC_NOTIFY_DATABASE=postgres://$DATABASE_USER:$DATABASE_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$NOTIFY_DATABASE_NAME
NOTIFICATION_COUNT=$(psql -qtA "$CIC_NOTIFY_DATABASE" -c 'SELECT COUNT(message) FROM notification WHERE message IS NOT NULL')
while [[ "$NOTIFICATION_COUNT" < "$TARGET_TX_COUNT" ]]
do
NOTIFICATION_COUNT=$(psql -qtA "$CIC_NOTIFY_DATABASE" -c 'SELECT COUNT(message) FROM notification WHERE message IS NOT NULL')
sleep 5
echo "Notification count is: ${NOTIFICATION_COUNT}. Checking after 5 ..."
done
python verify.py -c "$CONFIG" -v -p "$ETH_PROVIDER" -r "$CIC_REGISTRY_ADDRESS" --exclude "$EXCLUSIONS" --token-symbol "$TOKEN_SYMBOL" "$IMPORT_DIR"

3
apps/data-seeding/verify.py
View File

@@ -187,9 +187,10 @@ def send_ussd_request(address, data_dir):
phone = p.tel
session = uuid.uuid4().hex
valid_service_codes = config.get('USSD_SERVICE_CODE').split(",")
data = {
'sessionId': session,
'serviceCode': config.get('APP_SERVICE_CODE'),
'serviceCode': valid_service_codes[0],
'phoneNumber': phone,
'text': '',
}

12
ci_templates/.cic-template.yml
View File

@@ -1,12 +1,12 @@
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
variables:
KANIKO_CACHE_ARGS: "--cache=true --cache-copy-layers=true --cache-ttl=24h"
MR_IMAGE_TAG: $CI_REGISTRY_IMAGE/mergerequest/$APP_NAME:$CI_COMMIT_SHORT_SHA
.py_build_merge_request:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
stage: build
script:
- mkdir -p /kaniko/.docker
@@ -16,9 +16,6 @@ variables:
--cache-repo $CI_REGISTRY_IMAGE --destination $MR_IMAGE_TAG
.py_build_target_dev:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
stage: build
variables:
IMAGE_TAG_BASE: $CI_REGISTRY_IMAGE/$APP_NAME:mr-unittest-$CI_COMMIT_SHORT_SHA
@@ -31,9 +28,6 @@ variables:
--destination $MR_IMAGE_TAG
.py_build_push:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
stage: build
variables:
IMAGE_TAG_BASE: $CI_REGISTRY_IMAGE/$APP_NAME:$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA

66
docker-compose.auth.yml Normal file
View File

@@ -0,0 +1,66 @@
services:
cic-frontend-auth:
networks:
- traefik
image: localhost:5000/cic-auth-proxy:latest
ports:
- 8080
environment:
GPG_TRUSTED_PUBLICKEY_FINGERPRINT: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
GPG_IMPORT_DIR: /usr/src/cic-auth-proxy/meta/tests/testdata/dev/
GPG_PUBLICKEY_FILENAME: publickeys.asc
GPG_SIGNATURE_FILENAME: signature.asc
PROXY_HOST: cic-meta-server
PROXY_PORT: 80
PROXY_PROTO: http
PROXY_PATH_PREFIX: "/"
HOMEDIR: .gnupg
labels:
- "traefik.enable=true"
cic-meta-server:
networks:
- traefik
- default
labels:
- "traefik.enable=true"
- "traefik.http.routers.cic-meta-server.rule=Path(`/protected`)"
- "traefik.http.routers.cic-meta-server.middlewares=cic-auth"
- "traefik.http.middlewares.cic-auth.forwardauth.address=http://cic-frontend-auth/"
- "traefik.http.middlewares.cic-auth.forwardauth.authRequestHeaders=Authorization"
proxy:
networks:
- traefik
image: traefik:v2.5
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- "80:80"
- "8080:8080"
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# Add a constraint to only use services with the label for this stack
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
- "--providers.docker.network=traefik"
# Disable Docker Swarm mode for local development
# - --providers.docker.swarmmode
# Enable the access log, with HTTP requests
- --accesslog
# - log.level=DEBUG
# Enable the Traefik log, for configurations and errors
- --log
- --log.level=DEBUG
# Enable the Dashboard and API
- --api
# Enable the Dashboard and API in insecure mode for local development
- --api.insecure=true
labels:
- traefik.enable=true
networks:
traefik:
name: "traefik"

10
kubernetes/cic-auth-proxy/cic-auth-creds-configmap.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cic-auth-proxy-credentials-configmap
namespace: grassroots
data:
credentials.yaml: |
level: 9
items:
user: 1

10
kubernetes/cic-auth-proxy/cic-auth-proxy-acl-configMap.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cic-auth-proxy-acl-configmap
namespace: grassroots
data:
F3FAF668E82EF5124D5187BAEF26F4682343F692: |
- "^/user(/.*)?$":
read:
- user

114
kubernetes/cic-auth-proxy/cic-auth-proxy-meta-deployment.yaml
View File

@@ -1,114 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-auth-proxy-meta
namespace: grassroots
labels:
app: cic-auth-proxy-meta
group: cic
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-auth-proxy-meta
replicas: 1
template:
metadata:
labels:
app: cic-auth-proxy-meta
group: cic
spec:
containers:
- name: cic-auth-proxy-meta
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
imagePullPolicy: Always
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: PROXY_HOST
value: cic-meta-server
- name: PROXY_PORT
value: "80"
- name: PROXY_PATH_PREFIX
value: "/"
- name: HTTP_AUTH_ORIGIN
value: https://meta-auth.dev.grassrootseconomics.net:443
- name: HTTP_AUTH_REALM
value: GE
- name: ACL_CREDENTIALS_ENDPOINT
value: http://key-server:8081/
- name: ACL_PATH
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
- name: GPG_PUBLICKEYS_ENDPOINT
value: http://key-server:8080/.well-known/publickeys/
- name: GPG_SIGNATURE_ENDPOINT
value: http://key-server:8080/.well-known/signature/
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
- name: GPG_HOMEDIR
value: /usr/local/etc/cic-auth-proxy/.gnupg/
- name: GPG_IMPORT_DIR
value: /usr/local/etc/cic-auth-proxy/import/
- name: GPG_PUBLICKEY_FILENAME
value: publickeys.asc
- name: GPG_SIGNATURE_FILENAME
value: signature.asc
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: acl-config
mountPath: /data/acls/
readOnly: true
- name: credentials-config
mountPath: /data/noop/
readOnly: true
- name: trusted-publickey
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
- name: gpg-homedir
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
- name: pgp-meta-test
mountPath: /usr/local/etc/cic-auth-proxy/import
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
- name: acl-config
configMap:
name: cic-auth-proxy-acl-configmap
- name: credentials-config
configMap:
name: cic-auth-proxy-credentials-configmap
- name: trusted-publickey
configMap:
name: pgp-trusted-publickey
- name: gpg-homedir
emptyDir: {}
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-auth-proxy-meta
namespace: grassroots
spec:
selector:
app: cic-auth-proxy-meta
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080

114
kubernetes/cic-auth-proxy/cic-auth-proxy-user-deployment.yaml
View File

@@ -1,114 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-auth-proxy-user
namespace: grassroots
labels:
app: cic-auth-proxy-user
group: cic
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-auth-proxy-user
replicas: 1
template:
metadata:
labels:
app: cic-auth-proxy-user
group: cic
spec:
containers:
- name: cic-auth-proxy-user
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
imagePullPolicy: Always
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: PROXY_HOST
value: cic-user-server
- name: PROXY_PORT
value: "80"
- name: PROXY_PATH_PREFIX
value: "/"
- name: HTTP_AUTH_ORIGIN
value: https://meta-auth.dev.grassrootseconomics.net:443
- name: HTTP_AUTH_REALM
value: GE
- name: ACL_CREDENTIALS_ENDPOINT
value: http://key-server:8081/
- name: ACL_PATH
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
- name: GPG_PUBLICKEYS_ENDPOINT
value: http://key-server:8080/.well-known/publickeys/
- name: GPG_SIGNATURE_ENDPOINT
value: http://key-server:8080/.well-known/signature/
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
- name: GPG_HOMEDIR
value: /usr/local/etc/cic-auth-proxy/.gnupg/
- name: GPG_IMPORT_DIR
value: /usr/local/etc/cic-auth-proxy/import/
- name: GPG_PUBLICKEY_FILENAME
value: publickeys.asc
- name: GPG_SIGNATURE_FILENAME
value: signature.asc
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: acl-config
mountPath: /data/acls/
readOnly: true
- name: credentials-config
mountPath: /data/noop/
readOnly: true
- name: trusted-publickey
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
- name: gpg-homedir
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
- name: pgp-meta-test
mountPath: /usr/local/etc/cic-auth-proxy/import
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
- name: acl-config
configMap:
name: cic-auth-proxy-acl-configmap
- name: credentials-config
configMap:
name: cic-auth-proxy-credentials-configmap
- name: trusted-publickey
configMap:
name: pgp-trusted-publickey
- name: gpg-homedir
emptyDir: {}
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-auth-proxy-user
namespace: grassroots
spec:
selector:
app: cic-auth-proxy-user
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080

129
kubernetes/cic-auth-proxy/cic-auth-proxy-ussd-deployment.yaml
View File

@@ -1,129 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-auth-proxy-ussd
namespace: grassroots
labels:
app: cic-auth-proxy-ussd
group: cic
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-auth-proxy-ussd
replicas: 1
template:
metadata:
labels:
app: cic-auth-proxy-ussd
group: cic
spec:
containers:
- name: cic-auth-proxy-ussd
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
imagePullPolicy: Always
command: ["uwsgi", "--wsgi-file", "meta/scripts/proxy-ussd.py", "--http",
":8080"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: PROXY_HOST
value: cic-user-ussd-server
- name: PROXY_PORT
value: "80"
- name: PROXY_PATH_PREFIX
value: "/"
- name: HTTP_AUTH_ORIGIN
value: https://ussd-auth.dev.grassrootseconomics.net:443
- name: HTTP_AUTH_REALM
value: GE
- name: ACL_CREDENTIALS_ENDPOINT
value: http://key-server:8081/
- name: ACL_PATH
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
- name: ACL_QUERYSTRING_USERNAME
valueFrom:
secretKeyRef:
name: cic-ussd-querystring-creds
key: username
- name: ACL_QUERYSTRING_PASSWORD
valueFrom:
secretKeyRef:
name: cic-ussd-querystring-creds
key: password
- name: ACL_WHITELIST
value: "37.188.113.15, 164.177.157.18, 5.79.0.242, 164.177.141.82, 164.177.141.83"
- name: GPG_PUBLICKEYS_ENDPOINT
value: http://key-server:8080/.well-known/publickeys/
- name: GPG_SIGNATURE_ENDPOINT
value: http://key-server:8080/.well-known/signature/
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
- name: GPG_HOMEDIR
value: /usr/local/etc/cic-auth-proxy/.gnupg/
- name: GPG_IMPORT_DIR
value: /usr/local/etc/cic-auth-proxy/import/
- name: GPG_PUBLICKEY_FILENAME
value: publickeys.asc
- name: GPG_SIGNATURE_FILENAME
value: signature.asc
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: acl-config
mountPath: /data/acls/
readOnly: true
- name: credentials-config
mountPath: /data/noop/
readOnly: true
- name: trusted-publickey
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
- name: gpg-homedir
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
- name: pgp-meta-test
mountPath: /usr/local/etc/cic-auth-proxy/import
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
- name: acl-config
configMap:
name: cic-auth-proxy-acl-configmap
- name: credentials-config
configMap:
name: cic-auth-proxy-credentials-configmap
- name: trusted-publickey
configMap:
name: pgp-trusted-publickey
- name: gpg-homedir
emptyDir: {}
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-auth-proxy-ussd
namespace: grassroots
spec:
selector:
app: cic-auth-proxy-ussd
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080

16
kubernetes/cic-auth-proxy/cic-ussd-querystring-creds.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-ussd-querystring-creds
namespace: grassroots
spec:
encryptedData:
password: AgAO18hv8gZZRoySuTqNOg06imdnfES7io54TEGO501cq8usRcj9Bu3us+7V8zD20DQTZ7xCGCV2eyZ1kMsnFNFUBPMG0raAtwe4dAskYeQxKp0VyE1y+d9TbecvlqRXmAD3lF1exMSS3PD68VZcrDpenXE7Ag74uEJM7YmAKnUXIzBhxZlG7bIwLrRuNiTye83e/jijaPD3+66NrExBM2H//b8u1l8QVNd13XwgAWkJEW9QNMP1b2ir9VWKE4P8Da22SQRIed/Nhyc+aR3izqEpCbeRYmQqlo9r66oXK4Yr5v0IkI38gBGORrPv1OZK01plvGgMoxTe3pSiW5cyMtCXx6GgyIFKII1yYvtlI86Sf4J3DRU6kC3NSvF+2B99yFrbUPyoAGQFd6oSWAQLBI2kYqf6NXuaT3kxBNroAICMlAYygPKG0t6jEzTWk+E5l4F/PHWFD5DM+diHRqQAdDStACcMCl2i2133PPjlK1gUhQkCmeRcKeEqMT5ssBx/KM5p+v8syV4/0VlNtJpnP/aWcbwvVsiHhDE9trM/+p5E6gsVymAIiW20nRnuOSjHCnHOtjtfPtEZ3A8eHAqgJjdE6fY7DvZmwKfx2A4tMcrikz208Pa7JIFE6nj9osTz7eMrWXTmquVRotZ9we3WmGBycgVUuv9hfzUC6srkTIyT9UGHH9UNiRba/73ZDF2Zr2XvN0ofkQz8dN0dKLxy/OptCciV3Rdn/4s/IQ0usSwXLEb2tQtHgy5+twj7IQij6amjLbulRm1U2GLatmvgbjqf
username: AgCJQ9JiJErCGfH3pkX3I3696Garu40pGWgvcUOa9wz3r3Q+5SY0IMnroWO3z66L/HG7DW70upgfJBVyhncrUBrC/z73D++nMz43JvFc39MHcUYVmqvjIw1401705+G7UxxgcMOx09++CBZ97wbEfKc251v98s8G/bLtMcqS/12pVNfMGgjpkE6InlS0n9VD26HDs4A3uNtfN2GK2dsazV05UXs8W+6JOZsJ60QfPJylCpKh+sxPLDlYt4lRIM/6pP7kQXLn+VmWtzuo1dZTaUliMYH+DOXO2V9ePnjTUXGrMgRfuZP2PCmG3usdC45mOPpuURPFUmF8SDQ4IXKhBd7N+8pjZDiqQ2RxK61Qz6MXv851u7HABgVMhtjlZfaD4hVY+mr7KYDVQvrhJ971y84KBHuQFOxwZZnXAx5FdBWmkKkz959bjulJaRe1ZWA01k1SQHiVFeIArbbNSlvH45XoNR8rxFiQE+5Olt9UwdpXAH/sAfH7CRY1SnRrAW3LCyCVqAJcXF9kU+bnezVgWoJ/h9ff6VKRFqh3o+wa6V6J8GNbwC0/oeXo0XyUjbwAUjIRKeWbJ1obkvWDfYILpo2CVt34tzYowiVqmYYB8SqKBPgrca+Xmn9GpggOMibJKk0LC6R04iAajMy73cuxkX+PMV1Wz5xOuF60ccCsdiD15deYOlA34UdfeNQgGA7EKPhsl0kD/xm5
template:
metadata:
creationTimestamp: null
name: cic-ussd-querystring-creds
namespace: grassroots

100
kubernetes/cic-cache/cic-cache-server-deployment.yaml
View File

@@ -1,100 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-cache-server
namespace: grassroots
labels:
app: cic-cache-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-cache-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-cache-server
group: cic
teir: backend
spec:
containers:
- name: cic-cache-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
imagePullPolicy: Always
command: ["/usr/local/bin/uwsgi", "--wsgi-file=/root/cic_cache/runnable/daemons/server.py",
"--http=:8000", "--pyargv", "-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_NAME
value: cic_cache
- name: SERVER_PORT
value: "8000"
- name: DATABASE_DEBUG
value: "0"
ports:
- containerPort: 8000
name: server
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-cache-svc
namespace: grassroots
spec:
selector:
app: cic-cache-server
type: ClusterIP
ports:
- name: server
protocol: TCP
port: 80
targetPort: 8000

175
kubernetes/cic-cache/cic-cache-tasker-deployment.yaml
View File

@@ -1,175 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-cache-watchers
namespace: grassroots
labels:
app: cic-cache-watchers
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-cache-watchers
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-cache-watchers
group: cic
tier: queue
spec:
containers:
- name: cic-cache-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
imagePullPolicy: Always
command: ["/usr/local/bin/cic-cache-taskerd", "-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: DATABASE_NAME
value: cic_cache
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: cic-cache-tracker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
# command: ["/usr/local/bin/cic-cache-trackerd", "-vv", "-c", "/usr/local/etc/cic-cache"]
command: ["./start_tracker.sh", "-c", "/usr/local/etc/cic-cache", "-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_cache
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: SERVER_PORT
value: "8000"
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: DATABASE_DEBUG
value: "0"
restartPolicy: Always

221
kubernetes/cic-eth/cic-eth-tasker-deployment.yaml
View File

@@ -1,221 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-eth-tasker
namespace: grassroots
labels:
app: cic-eth-tasker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-eth-tasker
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-eth-tasker
group: cic
tier: queue
spec:
containers:
- name: cic-eth-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
# command: ["./start_tasker.sh", "-q", "cic-eth", "-vv"]
command: ["/usr/local/bin/cic-eth-taskerd"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DB
value: "0"
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_POOL_SIZE
value: "0"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: BANCOR_DIR
value: /usr/local/share/cic/bancor
- name: SIGNER_SOCKET_PATH
value: ipc:///run/crypto-dev-signer/jsonrpc.ipc
- name: SIGNER_SECRET
value: deadbeef
- name: ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
value: "0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
- name: TASKS_TRACE_QUEUE_STATUS
value: "1"
- name: "DATABASE_DEBUG"
value: "false"
volumeMounts:
- name: socket-path
mountPath: /run/crypto-dev-signer/
- name: cic-eth-signer
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
# command: ["./start_tasker.sh", "-q", "cic-eth", "-vv"]
command: ["python", "/usr/local/bin/crypto-dev-daemon", "-c", "/usr/local/etc/crypto-dev-signer",
"-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_POOL_SIZE
value: "0"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: BANCOR_DIR
value: /usr/local/share/cic/bancor
- name: SIGNER_SOCKET_PATH
value: ipc:///run/crypto-dev-signer/jsonrpc.ipc
- name: SIGNER_SECRET
value: deadbeef
- name: ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
value: "0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
- name: TASKS_TRACE_QUEUE_STATUS
value: "1"
- name: "DATABASE_DEBUG"
value: "false"
- name: "CIC_DEFAULT_TOKEN_SYMBOL"
value: GFT
volumeMounts:
- name: socket-path
mountPath: /run/crypto-dev-signer/
volumes:
- name: socket-path
emptyDir: {}
restartPolicy: Always

248
kubernetes/cic-eth/cic-eth-tracker.yaml
View File

@@ -1,248 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
# The guardian is composed of:
# cic-manager-head
# cic-dispatch
# cic-retrier
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-eth-tracker
namespace: grassroots
labels:
app: cic-eth-tracker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-eth-tracker
replicas: 1 # these are all strictly 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-eth-tracker
group: cic
spec:
containers:
- name: cic-eth-tracker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
command: ["./start_tracker.sh", "-v", "-c", "/usr/local/etc/cic-eth"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: TASKS_TRANSFER_CALLBACKS
value: "cic-eth:cic_eth.callbacks.noop.noop,cic-ussd:cic_ussd.tasks.callback_handler.transaction_callback"
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_DEBUG
value: "0"
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: REDIS_HOSTNAME
value: redis-master
- name: cic-eth-dispatcher
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
command: ["./start_dispatcher.sh", "-q", "cic-eth", "-v"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: TASKS_TRANSFER_CALLBACKS
value: "cic-eth:cic_eth.callbacks.noop.noop,cic-ussd:cic_ussd.tasks.callback_handler.transaction_callback"
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_DEBUG
value: "0"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: REDIS_HOSTNAME
value: redis-master
# - name: cic-eth-retrier
# image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
# command: [ "./start_retry.sh", "-v" ]
# resources:
# requests:
# cpu: 50m
# memory: 100Mi
# limits:
# cpu: 500m
# memory: 250Mi
# env:
# - name: CIC_REGISTRY_ADDRESS
# valueFrom:
# configMapKeyRef:
# name: contract-migration-output
# key: CIC_REGISTRY_ADDRESS
# - name: CIC_TRUST_ADDRESS
# valueFrom:
# configMapKeyRef:
# name: contract-migration-output
# key: CIC_TRUST_ADDRESS
# - name: CIC_TX_RETRY_DELAY # TODO what is this value?
# value: "15"
# - name: TASKS_TRANSFER_CALLBACKS # TODO what is this value?
# value: "taskcall:cic_eth.callbacks.noop.noop"
# - name: ETH_PROVIDER
# value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
# - name: DATABASE_USER
# value: grassroots
# - name: DATABASE_HOST
# value: postgres-helm-postgresqlsql
# - name: DATABASE_PASSWORD
# value: tralala
# - name: DATABASE_NAME
# value: cic_eth
# - name: DATABASE_PORT
# value: "5432"
# - name: DATABASE_ENGINE
# value: postgres
# - name: DATABASE_DRIVER
# value: psycopg2
# - name: DATABASE_DEBUG
# value: "1"
# - name: REDIS_HOSTNAME
# value: grassroots-redis-master
# - name: CIC_CHAIN_SPEC
# value: "evm:bloxberg:8996"
# - name: CELERY_BROKER_URL
# value: redis://grassroots-redis-master
# - name: CELERY_RESULT_URL
# value: redis://grassroots-redis-master
restartPolicy: Always

122
kubernetes/cic-meta/cic-meta-server-deployment.yaml
View File

@@ -1,122 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-meta-server
namespace: grassroots
labels:
app: cic-meta-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-meta-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-meta-server
group: cic
spec:
containers:
- name: cic-meta-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:master-fe017d2b-1625932004 # {"$imagepolicy": "flux-system:cic-meta"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:latest
imagePullPolicy: Always
resources:
requests:
cpu: 50m
memory: 250Mi
limits:
cpu: 100m
memory: 500Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: SCHEMA_SQL_PATH
value: scripts/initdb/server.postgres.sql
- name: DATABASE_NAME
value: cic_meta
- name: SERVER_HOST
value: localhost
- name: SERVER_PORT
value: "8000"
- name: DATABASE_SCHEMA_SQL_PATH
value: ""
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys
- name: PGP_PRIVATEKEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: PGP_PUBLICKEY_TRUSTED_FILE
value: publickeys.asc
- name: PGP_PUBLICKEY_ACTIVE_FILE # public key here is to know who to trust
value: publickeys.asc
- name: PGP_PUBLICKEY_ENCRYPT_FILE
value: publickeys.asc
ports:
- containerPort: 8000
name: cic-meta-server
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
volumes:
- name: pgp
configMap:
name: pgp-meta-test
items:
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-meta-server
namespace: grassroots
spec:
selector:
app: cic-meta-server
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8000

17
kubernetes/cic-notify/cic-notify-africastalking-sandbox-sealedsecret.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-notify-africastalking-sandbox-secret
namespace: grassroots
spec:
encryptedData:
api_key: AgC1j5LwcOocVchLac0kPmCqyqljV40RzlCXVrtaxFvFvO+s2KcaUNFrIxfirZ8pbSDPKAUAgQam9tJiZFg4Wdu0x6LDDo6x2/0t/HXqb1eeH+OxO045T0AQZPpqFK+5QZ7y+c0tnUJfppCgOd+PhvB0AyHndWoWmTMGy48zpKaeRZriRRM5+rkNgGzazUNdsQoThOhEStIDCa1+zpq++KckU+VS5Qgsj7X1gOth+XFeyVFuXLY/QTTmvflgXj/YA5HMcJVCO3/l4UGaxHaUWps6IlZ5RgALamavAww7HIT7iecjXbAKx4fQt7bKuQY/FHiwDLAJmfdYUv7YK3EVsW4lSWVxgQ4RKM1dru8Kgs4nE+jmlApeuMl2Y3yT0tyCXSNPBzcsAbeumctsWO2gypQbL/0N1a9OZYgJv4/rfbonl8lK8detZDnAOqhOEiJ2fX/H9bkLc7n5hEHxnIt72sgdurD3r7WkxNsD8/laBx7hDtr7+Zv9RZ8MlyyUd+ZBVax6tO7immo8ya+BRsFKcrr3FqSuvwl3q7y/DNLMU6wqEv+/FmfSW7J1HuGlOJApHM96R6Jfqpw+ZNZ/hS6Z0CDNicLRdRfDaKglOu4UvkiWQ2F1JtqtJEtishbk3bNtZSAOO7Uan/V1XfeUvrYBAyXCoLLwK2pm/eWNZ71BW7TghCNgqRpeALPZy2JrDudnmyoXzcidJeBi5lBEnbXzIcOuos/0xgM/DiKQDO8mxh1ycbiu9XSydxdkLrRFXMtO8KK4qhIdgJp8INjZxIzgm5j3
api_sender_id: AgCTvYXxQNTCcRnMrfcc3D+OY+N8/mFtfI+O3xI45qxdC1n7/OE2MI0XIleYSbbAh3R7+5lNjq3pVhdKpRvCYxUGerCdSeYFQZf0RN71sAtDV8NnHCB6pRIsCWlvjDHw7XRH6PiPrr0xj4rwd1Qou8EMybVQXwT6nvV20kdKhAd6dTTgqT8x1AB5N+L0o1H/ThOKNadjN6oqlROz4in0DTTmis+Ebk4pywFroVWa5pMCjy7Ua5omKqB45lAKDp4FwogSnEUVS1b1pQTO/o0mnCQRObPcOzVjze6oqfUaEPkvtrOkmKuAxEXFKdAzG8bzPwx6EuSCbMmcUekeBGKDZBniE1YyOkPyLZelBEtyXFhQBmKbdW4qhlEJwYwflFBll8eNo2ruMVH7HTJvAqW4p2mxTIoM9Nx+UWDJjZ736aYvDfCgZX0MVKvXjrNtWEhuVBYGZxFIWfj/RqNkcJf+ZlNYK8MripzPReNWDlvhH1jzlPGJozUlYfLY8hY/NDGMbdc+EflLy8p4oRLWUo0Z0W3ARwLM1WQMk8FSXAgCjMmL7m3d310lVO5LLVdj3GTpjfCNPm2m7Re0lsOkLDE8x0vhJnlIUJ8WlY1EdezKfPWR0laNSknCCxfPYU88XiO2DVgUdWBH0Hg13yQQ3IXz49Pnf6LrAx46EgKUzoKnCgA5L/hRAIV3u8vav/5kdSF4CxY=
api_username: AgBQZXCDQY5B1RKfwjih04XSvdPJjmlfuA2bL6qiphYDIM223DJ5HEolHIWlCeSAjDC5JjkkesPmVzxybgD7hRwVuyOyWfmiXBG6+552v/DNv17IfSNNtZMCsEj9jyscHfvRI1NCG5pxywhBfRxhOVIYflbFI/H+13ReAs/6J/uhVfWVPMXzdg7Zj7mYsWzj3otv0npzXc+j2G4JZk53h7fDTY/XsXyZCe+Xpn9auf7Y+m+/shOiaM67CuE+eMWYhpTpTDy6oG3rjSrqhjVnE4wu8fP85nTGK2ctrQ9qgyOdcf1vPdlt1CwP5FZ+zxY8GrhUsYnunQ50znPD55e/8m5AqZhIrCjQ0lfzB2iCn0OzwOjnQpfv0W0QXpw6aDH/GYfMbDBLyXnF5yU0J+R7tv2Q45NKyRHbdO2VQXhXak95YGvK0Er3+8b0Jx4k3L+hM3OTFaJgdGOyb4IsUFG6vfQlfG3Bl4ggYqAGCJo041SpT4gc1XgGkar8WD4sOir61qKde8NnIOdRn1bhaZ8qD2eP+4p20hqsgpAA38SN6qZfrZc5sj/Re2mXxYIbmdALlP6yt1exhtU4QRzF23RDHmwiGtzh0YqIUj62+icrLcn+ZXgpufW9BgxKXilczF/bfsN2v4VFKsrkp+wRtAlFj3riDoles/IhItIJ9KpmSHEsRDRrkrUl+sFQ5xqQvfIuEoy/DHKf/Q3L
template:
metadata:
creationTimestamp: null
name: cic-notify-africastalking-sandbox-secret
namespace: grassroots

17
kubernetes/cic-notify/cic-notify-africastalking-sealedsecret.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-notify-africastalking-secret
namespace: grassroots
spec:
encryptedData:
api_key: AgAbH1KDx0kVxtqPBvkb0w1uYJm0Vwd/eHBMhLJRC9Z5zs/YkHkV+Zrz4Pk0loSIdyV3fFdL+zcqnwWmkYjrkBYUXqB+F6HcfYPlND+zAtv8QMbpmHoF6faqx1MY981Sx7qqURlORCZzkwzrDEC4XK2nwut414PFEQ4Rn9SWe2RWXl75G3+TVkj0jd24rYYlGCmD8krjFLY9IMigKZOr0TqoPhHv9xKPg7+Xpwtd86QpiFcTR0fBtN8FLDuKlYGHvTvaUqT2kyBEXeiSn3V+rB7mD72QtNBwS9KJfQla/Gh1z4kps5DkZNoHKRz3O0SnMND1UrID713g7coYI+3q3Xk4/IFiYH4iTQwls/TZWuu/aAc74Ofs6tNwNfUeGGwa0uX/EdMpQ0cWBsGQXi3wG91kvCbnHQ1IERXgCLzGur9yB7YARy6H3tJkQrjzY2ETmMK6wj8yelKC1LLiVk/UVPiRI3O85JPxDDdtcOWkRtGso5Z1Q4D0AFWhbrhBXZc3cS2MmU1bIXoZ+fsYoZ1Mrg+uFQyuf4XwIq+HZuaYksN6xN0olId/H53Bau/z54pteFwT3VOKJNrLHCnAz0YJG2LO08Iu3FcNIUVh1tf39019QOFW2QGemhxznfPH1Mn4l9GwhE2MNfU2JqbFLnCfPZPoFSY+7YZ8I271aY4sM/OlaE2Nrk9RSsSgpS+WUCijSzZ8Crgc8dffVQryDEc/t+JIW7T4BH16lk+fgx2W1JoU/BMMvaRitHX5XsIs5xchwfuvb5+WbNnT8WbYdomGokEg
api_sender_id: AgBt9Sp+yb1Qek38Imhs4zW4pcujj2ExStcfLgWPXgD3WhIOfMS7AFAe5uDTICZqLEoMnluVTJn8Hk02BIU3quXWjOOgLJRmpNlgqAbchR1XA07BwGeYWMZomC4M+8nknMOHeQvo8HGN/Y5HnXw5N2Gw8Utlm/cLVVJOEYCKGiR8vWpzMMGepxIKVeex93Ev09SQsxbOJ3QO3SGdJiKFBvXgSeGnsdg+uAeC0NG1zzVBbiCgiNoIZgv6ZnwzBZSl7BYAazt4xOoHSRoicgmIX3PWdjIz+lzVHIuEuFZK9heq+MODQhZcvf54JRB1qPURGJobu3IVDAckIvnFlSCRaBp2rAqtyzAtngkau3Et/66eI3SChJFDgnbourQ1QRPzqWipzYQ11JpUbc0luXRfA+HvzrlIf5r/rSL93jepWQS0Exk2VuCrBAS+QPJccmncJYRZ98SU0fAu+5ZcHFVkEpc4iatW6j1tXyxn+tO1pl7yB/9GGfNA72XxVHwLZmTE7LN0Y4VyhdIQYtXX5ZX49bD0Lfk/m1pkwkWtj1Cas7YpFvX0JUN0bjn6JQoJAIh7fCW5O2ATp/eqpsCcfyw+Fy8kNPFVXlfvVmD9aqwYojfCE2CV0lXFGwHLkNp0nxxTPoqrx2YAa9R/nILaUawvMdMU+a8n1Ee79al/eVpqr4WdTkQikrxcoud8PDzNOyk2y8eZY+Kb2dU=
api_username: AgBOCaA5MnRsnGSkQw8Md2XIRsb+9Dg3XiM5yagk1GvAcO+eNnL4i2F4pbA0Ctad0LpQVXwVhppJDqxS7ffy3VJwMdEWxChKN3AiE3e8Eqx8LzD1xXU48OxAfksFKQrXNBVjfBcSgyoTwI5ohYSGxuUL3fWo4/Wp0AWdy92bwNZfhOvkLpfn+Q3nblLX9tQeu/ky6+hqkiyZSWjgykJXGnVnpPMoRS8BLbcxRD1kpJfMORfW7q1JyzheBGByStRvr7i6z3m4KVC/a9H3o0OpIQQTNtvvy4zECQ5NnjrxXYdOJfJZNq1enVqqCeA06h2e3DESfxYPPx6tL8+Ugo+4TorFb5Fw8vqFQRd/1SiGQE++W/MRY4P+fj9hQrxyzdnG5oBq1j2JTpx5VMwkOEk1yVLmRS9nYrZOfFE/6EJJSzRZMbh+xVTEvcag9ZzSzkbKoakR+VKjZ2Rpum6rwXPUUhJ5F6ohIZx2x/qE3QJlmxtnJQGfmNwe6HTiLxqjU3o0SkVQgMPN275Uydlm6Omn9eo2jkYnA5hg4TPoFjcqAmbgV5O372U6ShpNtA2hYi6CdF7K/sbKxhFtHTrPAdF5NhMGZ6N81X1AMWq3a1mojMBJbVTPVzSWPovkiqhQ62gKUUbPp191aLuQlX83dqEuRxyYTprId/ODB7RtaAddDcLsF4z/7i7yh8VtKyqHBs7hA52O1b2sQJwxmhw=
template:
metadata:
creationTimestamp: null
name: cic-notify-africastalking-secret
namespace: grassroots

100
kubernetes/cic-notify/cic-notify-deployment.yaml
View File

@@ -1,100 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-notify-tasker
namespace: grassroots
labels:
app: cic-notify-tasker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-notify-tasker
replicas: 1
template:
metadata:
labels:
app: cic-notify-tasker
group: cic
spec:
containers:
- name: cic-notify-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:master-7a3cb7ab-1627053362 # {"$imagepolicy": "flux-system:cic-notify"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:latest
imagePullPolicy: Always
command: ["./start_tasker.sh", "-q", "cic-notify", "-vv"]
resources:
requests:
cpu: 25m
memory: 100Mi
limits:
cpu: 50m
memory: 200Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_POOL_SIZE
value: "0"
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_notify
- name: AFRICASTALKING_API_USERNAME
valueFrom:
secretKeyRef:
name: cic-notify-africastalking-sandbox-secret
key: api_username
- name: AFRICASTALKING_API_KEY
valueFrom:
secretKeyRef:
name: cic-notify-africastalking-sandbox-secret
key: api_key
- name: AFRICASTALKING_API_SENDER_ID
valueFrom:
secretKeyRef:
name: cic-notify-africastalking-sandbox-secret
key: api_sender_id
ports:
- containerPort: 80 # What is this value?
name: cic-eth-manager
restartPolicy: Always

55
kubernetes/cic-staff-client/cic-staff-client-deployment.yaml
View File

@@ -1,55 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-staff-client
namespace: grassroots
labels:
app: cic-staff-client
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-staff-client
replicas: 1
template:
metadata:
labels:
app: cic-staff-client
group: cic
spec:
containers:
- name: cicada
#image: registry.gitlab.com/grassrootseconomics/cic-staff-client:master-858e1e65-1627284988 # {"$imagepolicy": "flux-system:cic-staff-client"}
image: registry.gitlab.com/grassrootseconomics/cic-staff-client:latest
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 80
name: http
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-staff-client
namespace: grassroots
spec:
selector:
app: cic-staff-client
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80

113
kubernetes/cic-ussd/cic-user-server-deployment.yaml
View File

@@ -1,113 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-user-server
namespace: grassroots
labels:
app: cic-user-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-user-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-user-server
group: cic
tier: backend
spec:
containers:
- name: cic-user-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-fad0a4b5-1628267359 # {"$imagepolicy": "flux-system:cic-ussd"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
command: ["/root/start_cic_user_server.sh", "-vv"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_POOL_SIZE
value: "0"
- name: DATABASE_NAME
value: cic_ussd
- name: HTTP_PORT_CIC_USER_SERVER
value: "9500"
- name: PGP_KEYS_PATH
value: /tmp/src/keys/
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys/
ports:
- containerPort: 9500
name: server
volumeMounts:
- mountPath: /tmp/src/keys
name: pgp
readOnly: true
volumes:
#- name: pgp
# secret:
# secretName: pgp
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-user-server-svc
namespace: grassroots
spec:
selector:
app: cic-user-server
type: ClusterIP
ports:
- name: server
protocol: TCP
port: 80
targetPort: 9500

122
kubernetes/cic-ussd/cic-user-tasker-deployment.yaml
View File

@@ -1,122 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-user-tasker
namespace: grassroots
labels:
app: cic-user-tasker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-user-tasker
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-user-tasker
group: cic
task: queue
spec:
containers:
- name: cic-user-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-7a3cb7ab-1627053361 # {"$imagepolicy": "flux-system:cic-ussd"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
imagePullPolicy: Always
command: ["/root/start_cic_user_tasker.sh", "-q", "cic-ussd", "-vv"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: APP_PASSWORD_PEPPER
valueFrom:
secretKeyRef:
name: cic-ussd-secret
key: app_password_pepper
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_NAME
value: cic_ussd
- name: DATABASE_POOL_SIZE
value: "0"
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DATABASE
value: "0"
- name: CIC_META_URL
value: http://cic-meta-server:80
- name: PGP_KEYS_PATH
value: /tmp/src/keys/
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys/
- name: PGP_PRIVATE_KEYS
value: privatekey.asc
- name: PGP_PASSPHRASE
value: queenmarlena
- name: CIC_META_URL
value: http://cic-meta-server:80
volumeMounts:
- mountPath: /tmp/src/keys
name: pgp
readOnly: true
volumes:
#- name: pgp
# secret:
# secretName: pgp
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Always

139
kubernetes/cic-ussd/cic-user-ussd-server-deployment.yaml
View File

@@ -1,139 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-user-ussd-server
namespace: grassroots
labels:
app: cic-user-ussd-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-user-ussd-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-user-ussd-server
group: cic
tier: backend
spec:
containers:
- name: cic-user-ussd-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-7a3cb7ab-1627053361 # {"$imagepolicy": "flux-system:cic-ussd"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
imagePullPolicy: Always
command: ["/root/start_cic_user_ussd_server.sh", "-vv"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: APP_PASSWORD_PEPPER
valueFrom:
secretKeyRef:
name: cic-ussd-secret
key: app_password_pepper
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_POOL_SIZE
value: "0"
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DATABASE
value: "0"
- name: DATABASE_NAME
value: cic_ussd
- name: SERVER_PORT
value: "9000"
- name: APP_ALLOWED_IP
value: "0.0.0.0/0"
- name: CIC_META_URL
value: http://cic-meta-server:80
- name: PGP_KEYS_PATH
value: /tmp/src/keys/
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys/
- name: PGP_PRIVATE_KEYS
value: privatekey.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
volumeMounts:
- mountPath: /tmp/src/keys
name: pgp
ports:
- containerPort: 9000
name: server
volumes:
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-user-ussd-svc
namespace: grassroots
spec:
selector:
app: cic-user-ussd-server
type: ClusterIP
ports:
- name: server
protocol: TCP
port: 80
targetPort: 9000

15
kubernetes/cic-ussd/cic-ussd-sealedsecret.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-ussd-secret
namespace: grassroots
spec:
encryptedData:
app_password_pepper: AgCrkW9x9iLDjcmmNHTopd1CXAdamuqWkiS3Tviev5OtR5d4FBw9L9Qm8P9ZsBiH9ucQSNu4XLxUuIEgyBLEPQDM5DELl+qvCmPboQ73kPxjEH4/ppqE1QnJHBFcTqfkUVDu4dBkmGPCbYAGrWqDa1bZt1Hujl+ZpWuc919nN2yxFEArs8jt8JIP2bbGKwPl21MDNP53ITtpw1euBswxUzLRcfUrw+6ghce8faFjDEnCS9NKftCwBFMQN2ddNn8aY0K1Dl/DJLTJw9c6L+3YAHzaQAkNz2I6W6ERri6Mmkc1bE1cujvftNxrWkPqh9bJD163xhMbA6vQd8rEpQelilBQpT0plcH5dj11mhAX+n3IR4Xp5kD+fwwPPgoQ5P3TJj4nfAccM/ubVVR6vLCXrO2TV56V8YgQ2pd0H3H8IJYRdU6LE9xLWdG5J32EKrhnhTNaGcFpWq3g4UUv6Fy0z7iZ8TkBce13zCiEf7AXeXzdj2KDgVW6/FBLknJoDd2m/j4GA5UC6MiKXc/X9sgHeSIOstR5nGBuYYr/12FbAPdnvV8zQzfHQsSCysciLQBqFhC5Yeepwu+UYsYCDWKGgvmC284zl52VkK2G6cXi77qcKNc6NtViZpKkJ0vRysgLLpBiDERB/NOrXef+kA6hJXsc5hqAPJjceh0XV0iT/4FA/2qq0A7qfm4meSJAxrj2PssoVQSUQmo2jopTCsa7IEq9opqy0yJaXu+dJG32IHimDLcAm1Sp0uumcd9MOg==
template:
metadata:
creationTimestamp: null
name: cic-ussd-secret
namespace: grassroots

68
kubernetes/contract-migration/contract-migration-envlist-configmap.yaml
View File

@@ -1,68 +0,0 @@
# https://kubernetes.io/docs/concepts/configuration/configmap/
kind: ConfigMap
apiVersion: v1
metadata:
name: contract-migration-envlist
namespace: grassroots
data:
envlist: |
SYNCER_LOOP_INTERVAL
SSL_ENABLE_CLIENT
SSL_CERT_FILE
SSL_KEY_FILE
SSL_PASSWORD
SSL_CA_FILE
BANCOR_DIR
REDIS_HOST
REDIS_PORT
REDIS_DB
PGP_PRIVATEKEY_FILE
PGP_PASSPHRASE
DATABASE_USER
DATABASE_PASSWORD
DATABASE_NAME
DATABASE_HOST
DATABASE_PORT
DATABASE_ENGINE
DATABASE_DRIVER
DATABASE_DEBUG
TASKS_AFRICASTALKING
TASKS_SMS_DB
TASKS_LOG
TASKS_TRACE_QUEUE_STATUS
TASKS_TRANSFER_CALLBACKS
DEV_MNEMONIC
DEV_ETH_RESERVE_ADDRESS
DEV_ETH_ACCOUNTS_INDEX_ADDRESS
DEV_ETH_RESERVE_AMOUNT
DEV_ETH_ACCOUNT_BANCOR_DEPLOYER
DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER
DEV_ETH_ACCOUNT_GAS_PROVIDER
DEV_ETH_ACCOUNT_RESERVE_OWNER
DEV_ETH_ACCOUNT_RESERVE_MINTER
DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_OWNER
DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
DEV_ETH_ACCOUNT_SARAFU_OWNER
DEV_ETH_ACCOUNT_SARAFU_GIFTER
DEV_ETH_ACCOUNT_APPROVAL_ESCROW_OWNER
DEV_ETH_ACCOUNT_SINGLE_SHOT_FAUCET_OWNER
DEV_ETH_SARAFU_TOKEN_NAME
DEV_ETH_SARAFU_TOKEN_SYMBOL
DEV_ETH_SARAFU_TOKEN_DECIMALS
DEV_ETH_SARAFU_TOKEN_ADDRESS
DEV_PGP_PUBLICKEYS_ACTIVE_FILE
DEV_PGP_PUBLICKEYS_TRUSTED_FILE
DEV_PGP_PUBLICKEYS_ENCRYPT_FILE
CIC_REGISTRY_ADDRESS
CIC_APPROVAL_ESCROW_ADDRESS
CIC_TOKEN_INDEX_ADDRESS
CIC_ACCOUNTS_INDEX_ADDRESS
CIC_DECLARATOR_ADDRESS
CIC_CHAIN_SPEC
ETH_PROVIDER
ETH_ABI_DIR
SIGNER_SOCKET_PATH
SIGNER_SECRET
CELERY_BROKER_URL
CELERY_RESULT_URL
META_PROVIDER

122
kubernetes/contract-migration/contract-migration-job.yaml
View File

@@ -1,122 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/job/
apiVersion: batch/v1
kind: Job
metadata:
name: contract-migration
namespace: grassroots
labels:
app: contract-migration
spec:
backoffLimit: 6
template:
spec:
imagePullSecrets:
- name: gitlab-internal-integration-registry
# securityContext:
# runAsUser: 1000
# runAsGroup: 1000
restartPolicy: Never
containers:
- name: contract-migration
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:master-621780e9-1618865959 # {"$imagepolicy": "flux-system:cic-contract-migration"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
command: ["./run_job.sh"]
# command: ["sleep", "3600"]
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DB
value: "0"
- name: DEV_PIP_EXTRA_INDEX_URL
value: https://pip.grassrootseconomics.net:8433
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_PROVIDER_HOST
value: bloxberg-validator.grassroots.svc.cluster.local
- name: ETH_PROVIDER_PORT
value: "8547"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: CIC_DATA_DIR
value: /tmp/cic/config
- name: RUN_MASK
value: "3" # bit flags; 1: contract migrations 2: seed data
- name: DEV_FAUCET_AMOUNT
value: "50000000"
- name: CIC_DEFAULT_TOKEN_SYMBOL
value: GFT
- name: DEV_SARAFU_DEMURRAGE_LEVEL
value: "196454828847045000000000000000000"
- name: DEV_ETH_GAS_PRICE
value: "1"
- name: TOKEN_TYPE
value: giftable_erc20_token
- name: WALLET_KEY_FILE
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
volumeMounts:
- mountPath: /tmp/cic/config
name: migration-output
resources:
requests:
memory: "250Mi"
cpu: "100m"
limits:
memory: "500Mi"
cpu: "250m"
volumes:
- name: migration-output
emptyDir: {}

11
kubernetes/contract-migration/contract-migration-output-configMap.yaml
View File

@@ -1,11 +0,0 @@
# https://kubernetes.io/docs/concepts/configuration/configmap/
# PURPOSE: These values are *manually* populated after execution of the contract migration container
# The contract migration pod should output these vars among the STDOUT
kind: ConfigMap
apiVersion: v1
metadata:
name: contract-migration-output
namespace: grassroots
data:
CIC_REGISTRY_ADDRESS: "0xea6225212005e86a4490018ded4bf37f3e772161"
CIC_TRUST_ADDRESS: "0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C"

118
kubernetes/contract-migration/contract-seeding-job.yaml
View File

@@ -1,118 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/job/
apiVersion: batch/v1
kind: Job
metadata:
name: contract-seeding
namespace: grassroots
labels:
app: contract-seeding
spec:
backoffLimit: 0
template:
spec:
imagePullSecrets:
- name: gitlab-internal-integration-registry
# securityContext:
# runAsUser: 1000
# runAsGroup: 1000
restartPolicy: Never
containers:
- name: registry-seeder
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:master-621780e9-1618865959 # {"$imagepolicy": "flux-system:cic-contract-migration"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
command: ["./run_job.sh"]
# command: ["sleep", "3600"]
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DB
value: "0"
- name: DEV_PIP_EXTRA_INDEX_URL
value: https://pip.grassrootseconomics.net:8433
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_PROVIDER_HOST
value: bloxberg-validator.grassroots.svc.cluster.local
- name: ETH_PROVIDER_PORT
value: "8547"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: CIC_DATA_DIR
value: /tmp/cic/config
- name: RUN_MASK
value: "2" # bit flags; 1: contract migrations 2: seed data
- name: DEV_FAUCET_AMOUNT
value: "50000000"
- name: CIC_DEFAULT_TOKEN_SYMBOL
value: GFT
- name: DEV_SARAFU_DEMURRAGE_LEVEL
value: "196454828847045000000000000000000"
- name: DEV_ETH_GAS_PRICE
value: "1"
volumeMounts:
- mountPath: /tmp/cic/config
name: migration-output
resources:
requests:
memory: "250Mi"
cpu: "100m"
limits:
memory: "500Mi"
cpu: "250m"
volumes:
- name: migration-output
emptyDir: {}

229
kubernetes/contract-migration/data-seeding-deployment.yaml
View File

@@ -1,229 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Deployment
metadata:
name: data-seeding
namespace: grassroots
labels:
app: data-seeding
group: cic
spec:
containers:
# This container should stay up for interactive use for now.
- name: data-seeding
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
command: bash -c "while true; do sleep 1; done" # Infinite loop to keep container live doing nothing
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
cpu: 100m
memory: 400Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: META_URL
value: http://cic-meta-server:80
- name: META_HOST
value: cic-meta-server
- name: META_PORT
value: "80"
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PUBLIC_KEY_FILE
value: publickeys.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: TOKEN_SYMBOL
value: "GFT"
- name: USER_USSD_HOST
value: cic-user-ussd-svc
- name: USER_USSD_PORT
value: "80"
- name: KEYSTORE_FILE_PATH
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
- moutPath: /root/out
name: out-dir
- name: data-seeding-tasker
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
command: bash -c "while true; do sleep 1; done" # Infinite loop to keep container live doing nothing
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
cpu: 100m
memory: 400Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: META_URL
value: http://cic-meta-server:80
- name: META_HOST
value: cic-meta-server
- name: META_PORT
value: "80"
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PUBLIC_KEY_FILE
value: publickeys.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: TOKEN_SYMBOL
value: "GFT"
- name: USER_USSD_HOST
value: cic-user-ussd-svc
- name: USER_USSD_PORT
value: "80"
- name: KEYSTORE_FILE_PATH
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
- moutPath: /root/out
name: out-dir
volumes:
- name: out-dir
emptyDir: {}
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Never

127
kubernetes/contract-migration/data-seeding-pod.yaml
View File

@@ -1,127 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Pod
metadata:
name: data-seeding
namespace: grassroots
labels:
app: data-seeding
group: cic
spec:
imagePullSecrets:
- name: gitlab-grassroots-registry
containers:
- name: data-seeding
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
command: ["sleep", "360000"]
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
cpu: 100m
memory: 400Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: META_URL
value: http://cic-meta-server:80
- name: META_HOST
value: cic-meta-server
- name: META_PORT
value: "80"
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PUBLIC_KEY_FILE
value: publickeys.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: TOKEN_SYMBOL
value: "GFT"
- name: USER_USSD_HOST
value: cic-user-ussd-svc
- name: USER_USSD_PORT
value: "80"
- name: KEYSTORE_FILE_PATH
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys
- name: OUT_DIR
value: /root/out
- name: NUMBER_OF_USERS
value: "10"
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
volumes:
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Never

83
kubernetes/eth-node/bloxberg-dev-validator.yaml
View File

@@ -1,83 +0,0 @@
# See https://github.com/openethereum/openethereum/issues/7288#issuecomment-393500569
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: bloxberg-validator
namespace: grassroots
labels:
app: bloxberg-validator
spec:
replicas: 1
selector:
matchLabels:
app: bloxberg-validator
serviceName: bloxberg-validator
template:
metadata:
labels:
app: bloxberg-validator
name: bloxberg-validator
spec:
terminationGracePeriodSeconds: 20
initContainers:
- name: data-permission-fix
image: busybox
command: ["/bin/sh", "-c"]
args: [ "cp -r /keys /keys-cp ; /bin/chown -R 1000:1000 /data /keys-cp" ]
securityContext:
runAsUser: 0
volumeMounts:
- name: bloxberg-keys
mountPath: /keys/Bloxberg
- name: bloxberg-keys-cp
mountPath: /keys-cp
- name: pv
mountPath: /data
containers:
- image: parity/parity:latest
name: parity
imagePullPolicy: IfNotPresent
args: ["--config=/config/config.toml",
"--keys-path=/keys-cp/keys",
"--password=/secret/validator.pwd"]
ports:
- containerPort: 8547
- containerPort: 8548
- containerPort: 30303
resources:
requests:
cpu: "100m"
memory: "120Mi"
volumeMounts:
- name: bloxberg-keys-cp
mountPath: /keys-cp/
- name: bloxberg-keys
mountPath: /keys/Bloxberg
- name: bloxberg-validator-config
mountPath: /config
readOnly: true
- name: bloxberg-validator-secret
mountPath: /secret
readOnly: true
- name: pv
mountPath: /data
volumes:
- name: bloxberg-keys-cp
emptyDir: {}
- name: bloxberg-validator-config
configMap:
name: bloxberg-validator-config
items:
- name: bloxberg-validator-secret
secret:
secretName: bloxberg-validator-secret
- name: bloxberg-keys
secret:
secretName: bloxberg-keys
defaultMode: 0755
- name: pv
persistentVolumeClaim:
claimName: bloxberg-validator
---

15
kubernetes/eth-node/bloxberg-keys-sealedsecret.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: bloxberg-keys
namespace: grassroots
spec:
encryptedData:
UTC--2021-05-06T18-26-15Z--c083b446-591e-6a78-17ac-b8a99d92ad78: AgAOl4s5nOwdCRf46ufW23L0StYcDy+P81PtlIIsTCnpqAph7AHA/8Wa6QI6qwubUbryL9x+sfM09w6ESgdmWOAuqcLYqO8N3L538kpPWwO8I1/VSE3mv9f9SFYvT20XcVt7qWYa/BoQjt9KCQjIst5VB0qp4HjKjxWY5NWwrPv1x9r7rS+4NLWZ2FV4x+BhNB9aq3jYW+uyNoFnruFHBdKDjCSiX7HrBPEH9MNf5r+9+ND5EcMTk2Wc4WQIeDsiNcpetDkDPZx/Mz7OTwLH8EpYou80Mh/b70x5/VJgNzr5LeO5gGWVNwzgOlWVb+SaTuvnnDqzcCjXQpUqIbh7Eqy4g2ItEXvDE58EWmNqXUKPGflOGXuDT6pzwyCQfvjGGbfyQGH3nP1RFHBtm+DqtlqOcMm/qmg2AX2yGnzSJ2c3Qv+2en7Xakh6LUlHhcWxPaq9vGZOuoWKDHQOO+eDGGA6/Rm5yjZGXwTebYzoW1LZcx1ZvZl1d7AO1xt4aoFNP4/rbQPyYmKAFZmuIXz3bUSVQ3IgeKErRK35Gxx13HCb+8hWcKuXFsmEQJpaxUbFG4RWcdczrEjyYeiRs358h+YhZKYyWyeGq1SVPR0GIKCyzBBQ8cgvl4Vm6VtIMhzFWZproLLwNDjFgMoCBxz5k92uQpNlpHHS4PvQsvfSuPd0a6Iiizcm+aAxSp12B3PotAw4qTDDvY5vyfF2px0BG5YUqNNAZRzcRxNMiLqi/VKYuGBtyrCzN1vnE6bRVgFELj+dbESE096ukdPP6PEuCEpCngrdbOJSy4oS6KPmNg6gG0kgMFo8HrG2kdry632TG4vZIV8QHijuhD4CIN3WEoC7fXvn99GjY36uuRTWnseGhUxbOJWqiTgKJlaChikfSjZ/HfNeQ2f/1Pb1k7enoSFIQsiYKdMcEsuVVV6WoM7re/gm8RAXXUrz2s+rnu0VyVRxC2jpWD0r7jfneYWwgMqS8FDrraa1zUsA8wm9rA7O4fuK9ZWMhyO7JkQOzzBpN0lp7pNkyoyqgqLJNIqjH4Nhb9w3Ijx7Ajfzj2tCYxTvlLX4WyiVWUG40nSenrEoIaxYhpwNZ4+wvdCEBX3JmfSNZ6uuCn1rTb5w3Eqo0+ddFo1hbsxKF0DUTTaYZlzR6+yUSv2HpqqP2K9j83bJB+8go0WySiz0+sUdj8YLBdld/MaWocFTuewC52l1joapMsnNcvBouETwe0jHpvTBcve1TymVlzQl7s8/lpLxp8/iphqCwkvykDehV7J18VTH+zvPBL094WTkPJLv0NWsAEeUnHApjXgyzWY5PLZboL0OW4fCfU8NwlU2r8zryd6txQKeAgzyYghKvUuJ5gOs9U+fw5rdLc16xUA3QQ5qO/2zzC+XmvscQ7Fk
template:
metadata:
creationTimestamp: null
name: bloxberg-keys
namespace: grassroots

250
kubernetes/eth-node/bloxberg-validator-miner-configMap.yaml
View File

@@ -1,250 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: bloxberg-validator-config
namespace: grassroots
data:
config.toml: |
[parity]
base_path = "/data"
chain = "/config/bloxberg.json"
[network]
port = 30303
# reserved_peers = "/config/bootnodes.txt"
nat = "none"
discovery = false
[rpc]
port = 8547
apis = ["all"]
interface = "all"
cors = ["*"]
[websockets]
disable = false
port = 8548
apis = ["all"]
interface = "all"
origins = ["*"]
[mining]
#CHANGE ENGINE SIGNER TO VALIDATOR ADDRESS
engine_signer = "0x494cc42e63f076ff7bc81043ff310255a527b377"
reseal_on_txs = "none"
force_sealing = true
min_gas_price = 1000000
gas_floor_target = "10000000"
[footprint]
tracing = "off"
[misc]
# Logging pattern (`<module>=<level>`, e.g. `own_tx=trace`).
logging = "miner=trace,own_tx=trace"
#bootnodes.txt: |
#MPDL Bootnode and Authority
# enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@141.5.98.231:30304
# enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@130.183.206.234:30304
# enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@141.5.98.231:30303
# enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@130.183.206.234:30303
# #GeorgiaTech
# enode://4d9e6925ef3a92315283a655e856aa29dd516172c4f38d2a8fcd58c233a2cd80c57b507fed3bf351b1ac0611e8c7fefd6fb1c49de2d0d15eb1816d43629ac4ba@3.14.148.213:30303
# #CMU
# enode://ce0154eb13c1c038017151dd1ff4d736178ffedc33f5e11fe694c247eb09279886d253c3c775486eb709a65057901e2788098f991c58e6ad26ff957a8f45253e@128.2.25.89:30303
# #UCL
# enode://e41a38d659f13d47f3d88c5178e0cfe97487d3568000b85ae3a4abbcc35404d2628cee8a7e9071b63802542bafd886447ecf1d02fc663be0534779094a3e4fd1@128.16.12.165:30303
# #Sarajevo
# enode://6959137e1c66384e82ce6d9ba7e09bb0e56817f4834416448b98f646a335168c2967760a1daa5e3ec5ac2a3401be1cd05927568cdebf49c25d4770f5bb8fbfd7@195.222.43.21:30303
# #Zurich
# enode://6173beaabd1a82d41e3615da2a755e99f3bd53e04737e2ae2f02a004c42445d8dfd1d87aadfafabc4c45a1df2a80f359ab628c93522d1dac70690a9689912bbc@129.132.178.74:30303
# #Internet Security
# enode://bc50cf41d29f346f43f84ee7d03b21cd2d4176cd759cd0d26ce04c16448d4c8611c4eab4c5543e29075c758c0afc2fd6743fa38f48dc0ed1f016efbb5c5a7654@194.94.127.78:30303
bloxberg.json: |
{
"name": "Bloxberg",
"engine": {
"authorityRound": {
"params": {
"maximumUncleCountTransition": 5006743,
"maximumUncleCount": 0,
"stepDuration": "5",
"validators": {
"list": ["0x494cc42e63f076ff7bc81043ff310255a527b377"]
}
}
}
},
"params": {
"gasLimitBoundDivisor": "0x400",
"maximumExtraDataSize": "0x20",
"minGasLimit": "0x7A1200",
"networkID": "0x2324",
"eip140Transition": "0x0",
"eip211Transition": "0x0",
"eip214Transition": "0x0",
"eip658Transition": "0x0",
"eip145Transition": 5006743,
"eip1014Transition": 5006743,
"eip1052Transition": 5006743,
"eip1283Transition": 5006743,
"eip1344Transition": 5006743,
"eip1706Transition": 5006743,
"eip1884Transition": 5006743,
"eip2028Transition": 5006743
},
"genesis": {
"seal": {
"authorityRound": {
"step": "0x0",
"signature": "0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
}
},
"difficulty": "0x20000",
"gasLimit": "0x7A1200"
},
"accounts": {
"0x0000000000000000000000000000000000000001": {
"balance": "1",
"builtin": {
"name": "ecrecover",
"pricing": {
"linear": {
"base": 3000,
"word": 0
}
}
}
},
"0x0000000000000000000000000000000000000002": {
"balance": "1",
"builtin": {
"name": "sha256",
"pricing": {
"linear": {
"base": 60,
"word": 12
}
}
}
},
"0x0000000000000000000000000000000000000003": {
"balance": "1",
"builtin": {
"name": "ripemd160",
"pricing": {
"linear": {
"base": 600,
"word": 120
}
}
}
},
"0x0000000000000000000000000000000000000004": {
"balance": "1",
"builtin": {
"name": "identity",
"pricing": {
"linear": {
"base": 15,
"word": 3
}
}
}
},
"0x0000000000000000000000000000000000000005": {
"builtin": {
"name": "modexp",
"activate_at": 0,
"pricing": {
"modexp": {
"divisor": 20
}
}
}
},
"0x0000000000000000000000000000000000000006": {
"builtin": {
"name": "alt_bn128_add",
"activate_at": 0,
"pricing": {
"alt_bn128_const_operations": {
"price": 500
}
}
}
},
"0000000000000000000000000000000000000007": {
"builtin": {
"name": "alt_bn128_mul",
"pricing": {
"0": {
"price": {
"alt_bn128_const_operations": {
"price": 40000
}
}
},
"5006743": {
"info": "Istanbul HF",
"price": {
"alt_bn128_const_operations": {
"price": 6000
}
}
}
}
}
},
"0000000000000000000000000000000000000008": {
"builtin": {
"name": "alt_bn128_pairing",
"pricing": {
"0": {
"price": {
"alt_bn128_pairing": {
"base": 100000,
"pair": 80000
}
}
},
"5006743": {
"info": "Istanbul HF",
"price": {
"alt_bn128_pairing": {
"base": 45000,
"pair": 34000
}
}
}
}
}
},
"0x0000000000000000000000000000000000000009": {
"builtin": {
"name": "blake2_f",
"pricing": {
"5006743": {
"info": "Istanbul HF",
"price": {
"blake2_f": {
"gas_per_round": 1
}
}
}
}
}
},
"0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C": {
"balance": "102000000000000000000000000000000"
}
}
}

14
kubernetes/eth-node/bloxberg-validator-pvc.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bloxberg-validator
namespace: grassroots
labels:
app: bloxberg-validator
spec:
storageClassName: do-block-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi

15
kubernetes/eth-node/bloxberg-validator-sealedsecret.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: bloxberg-validator-secret
namespace: grassroots
spec:
encryptedData:
validator.pwd: AgAu6Seh37ELi6AXKetNOGMZpOrzkjukS6FLCGJTzF8jsIlgoCMbZ3krLfDoJqmbidNJRxmGtHbsjHwwfCNdqkOoPDBMKdRGzPD62zro5a8Spw2hr6VtEY/dA/sRswKfwMTCgHxG7eF3SVAOwZ/kqNMSMCJWhxtFDjcwdi2F4S33lR+3Otw7Bbc5dBRSEA7UvC6DRfasx1Tmd4Tcw19W3tRtqG6CM6HgIfmACYLgQucMOZDr5MZK/MzvOngrLc4wLHTO5ilmrdZFWfpX+KhGpYPDS8sUrKjrGTfHpCHpuzdX+Q6wgfVWxK/8X3bCryG+BB4zY4FR+ETpIlaSd4RXCpVVUYdZYXi8OURFAyf/+hCEDucOFpkqSTOATu0bzU5o0Jvpx9XiGOsjYv0GfYpIoc+6Ii9pV9J4EJMxRDKgGJXfFSZPmNJuDU/0Xx+FeKk8/8f7p0C1M12CqBk/XxqveNJTiMC3cfdCULsUKYSmEbxbXjz46RIcTvsu9I3Tc2spgHpagmUnl05MnlWBswV0kQkjy1tfkO3emqzfNWLZeTN5H7B2/vmewdq/3VTROnx9IRG0fRIpkOEPWgzO9MlNfM/ltBRRhyhmbFS1wNWJqxG8IiSVLzegKC33boknmqGP+qI1nQGZ08GFWUNZMhQmRHQCQj/H5rPtzxDzNQtGM0S4ZbZjmuv4M50IM06vJvsVrps1sETbiIt7ojg=
template:
metadata:
creationTimestamp: null
name: bloxberg-validator-secret
namespace: grassroots

18
kubernetes/eth-node/bloxberg-validator-svc.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: bloxberg-validator
namespace: grassroots
spec:
selector:
app: bloxberg-validator
ports:
- name: eth-net
port: 30303
protocol: TCP
- name: rpc #TODO change to rpc
port: 8547
protocol: TCP
- name: websocket # TODO change to websocket
port: 8548
protocol: TCP

16
kubernetes/gitlab-internal-integration-registry-sealedsecret-flux.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: gitlab-internal-integration-registry
namespace: kube-system
spec:
encryptedData:
.dockerconfigjson: AgBBXZyqqPhVZ53L4avFRFQxUmH7pw+fqFQap/4tK+anHhnrbb5sBSPSBJsB4mKzmmdVpaKgrjteFLaDcukWBVLQTB8b3MOKbXB42batIy+7ev0+vpARXUDiBuqw/Suaatqi10D4X6sV+COxXEOgxtZpD9OAiTtUVXWIOHRnenWZztLjtr/LvRJFtBTYuXyj1dFo1HZ8kjDufPjE6K5rVgZNNkudKmk5tAYrIxiE7PTPyRrJ/eO6ybVqtRtahv0sXjTGWTLlUS0OksJbinprCp8mAUFddUxdo+6rX5AIUHqmIupE0KyRyNio4WB/Kkg4zsOPh96C6Gtd1NgjrCwibDxBDUIgKbWVK9b3LQ80FHSmdUC1vQfxplTt+G0zchiaP/HTHjXfrMy5f5w0k6gP5dTLL58/FJtUUF4O1CWqkr9tsPhKtvEAA1t9EIHUYGxsY7fIsUTmZe6vLT5KGD6sbjBFD2I6IHxQsKlzYwO5GBC2OGYQbbmFJZNyVVWShnEMZFRWnx283O9LewM64euJKJ5EVnuLFNOSrrljRS5gJgjS1IwyL3JqG6fzANqBfj+J8Vv3NOEkcNB2j4/1a3DIpqh2gO/ObnQn3TEtbYGCmiLtbv3S8Jx1J/Wvnz3PzwrfxoV6wxPF3qofQkALQWh5jQcj+gG/K30raYOxGFBXCAl7Ms6xmbn6wgsXy8sABXGAQsuvPie8422KeZ1J3nd3DUfzMUeGNy2clDVgDTvfttmPlPeS4RdQCQZ9tbos8TsJIKWlHGRy+77cXmqvA+QYNvmUk5CAPaGL0gWktChvdRz8VHC736OXQzEN6kKFZKNzEo0xYjRUgMCuzy0c10mE4C59FyqQi9wjqmukzaUh2lCMgxXpueGNZQHDBT6pZYlO7gYDtkgq7eyVXhcHW2xVhYh8yaQMDANAhSad6oGEqmf812tgpCq8sM4zWysX6bU+7MPRkWXTcRPJh6EtTrw2wMED8Op0pQ==
template:
metadata:
creationTimestamp: null
name: gitlab-internal-integration-registry
namespace: kube-system
type: kubernetes.io/dockerconfigjson

129
kubernetes/grassroots-ingress.yaml
View File

@@ -1,129 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grassroots-ingress
namespace: grassroots
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-headers: "x-cic-automerge, authorization, content-type"
spec:
tls:
- hosts:
- meta-auth.dev.grassrootseconomics.net
- meta.dev.grassrootseconomics.net
- user.dev.grassrootseconomics.net
- ussd.dev.grassrootseconomics.net
- ussd-auth.dev.grassrootseconomics.net
- cache.dev.grassrootseconomics.net
- dev.grassrootseconomics.net
- cicada.dev.grassrootseconomics.net
- bloxberg-rpc.dev.grassrootseconomics.net
- bloxberg-ws.dev.grassrootseconomics.net
secretName: dev-grassrootseconomics-net-tls
rules:
- host: cicada.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-staff-client
port:
name: http
- host: dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: key-server
port:
name: http
- host: meta.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-meta-server
port:
name: http
- host: meta-auth.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-auth-proxy-meta
port:
name: http
- host: user.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-user-server-svc
port:
name: server
- host: ussd.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-user-ussd-svc
port:
name: server
- host: ussd-auth.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-auth-proxy-ussd
port:
name: http
- host: cache.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-cache-svc
port:
name: server
- host: bloxberg-rpc.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bloxberg-validator
port:
name: rpc
- host: bloxberg-ws.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bloxberg-validator
port:
name: websocket

57
kubernetes/key-server/key-server-pod.yaml
View File

@@ -1,57 +0,0 @@
# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Pod
metadata:
name: "key-server"
namespace: grassroots
labels:
app: "key-server"
spec:
imagePullSecrets:
- name: grassroots-registry-dev
containers:
- name: key-server
image: registry.gitlab.com/grassrootseconomics/devops/key-server:latest
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 50m
memory: 100Mi
ports:
- containerPort: 8080
name: http
- containerPort: 8081
name: http-internal
volumeMounts:
- name: pgp-meta-test
mountPath: "/etc/nginx/html/"
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
items:
- key: publickeys.asc
path: publickeys/index.html
- key: signature.asc
path: signature/index.html
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: key-server
namespace: grassroots
spec:
selector:
app: key-server
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
- name: http-internal
port: 8081
targetPort: 8081

2
kubernetes/kustomization.yaml
View File

@@ -1,2 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

260
kubernetes/pgp-meta-test-configmap.yaml
View File

@@ -1,260 +0,0 @@
apiVersion: v1
data:
privatekey.asc: |
-----BEGIN PGP PRIVATE KEY BLOCK-----
lQWGBGCufzABDADb+aeREhuVWeqoWyeGosQeDypDnFFPlutXUtfEBMjp05gt+zhq
o0TCmS6U5XIRTsKimEQepvuZ6MmWznv9mhSEYFNHfJkrzoQSstw7YNbzMR8hhjqV
T9xaumSbOhxKXIdioZi8xk/z4PFxxCd8V16oS3+s6/n40f1aNaz4onB8ATNoRl3g
Qn+bn4FNOpQWGEI8zXqzFQduuXwDfBJ7ZuQYlh0o8vIowml3xcJjLlRz068nYRR5
yX1MTCJmxTC028Ep/EcIi5hgsnXqAMCweYCnMCAft+7a4lVSziNQc+4lhG4hQaIO
zNUcr3iPsyGEd3/PZi+AdGStX7nnHr34b/M59LGAvtoMEXi4z6UjMEoYDKdm9GJ8
0z5CFwElj28RgVilawDufluycmfmRTY5B+1Oq6ugN30xEjgPEoGKbZHwm9+9WRek
81YV7GhgwOO7UYbSK4rsgD/B+Cse7ADXD0o9DGvULYjvD5BpMG0jdRkFBTFFZ3UN
kb4UZtILMyPQA7cAEQEAAf4HAwIUu1QuUtT4sOClIovUmBqdEwQ4uzir883YkCQ+
p2zfZVNWjnMqWv2UnVVelumWlkLXFe5eYbYVfl+VN563xZremkZp1/pxUMeH48FT
M3xb2rTulthQLydwDftq1mTmcMaXKoeoHmbEqM7AtmVTN7NnsGYZ+2bmL6JYo54V
/C9dtc4ZLrVtHkJAI2TqxebpYEzBUFM+l0G6xUo8r5SaDWCU6WEtY5zD1m86b1yT
PZ0IyvfUEOCKE9zs+gG/CjTmYrZPnLIHTeFcLuexB4OJBnJ+n4P92PJlDXNkBmSp
fyGFykRtT6rgiBmW2mu6pA52Yn9sonrYREvxIUsk57ADvTFPWQxEan94QBKVb363
ADzOaluuxlD9y30P5FgJNQGoamPlfN8haMRCjHuWjfb3KVc1E+SaEHubF532/QxN
BtujSE1O4ieymilCBHdcBOazi5+89h1zwcj2QWo9+VKnYXqIWnmH4T94d64wkPht
4rCpyWlTsAWvJTUBpoeIyofTB3uRx+nogvLBJisdaahPOyGHxmj3ARwa43WH4xZj
rkkeCSd6bCtnTIHWrscYeNkmp+yg75uW30Rs5litKYZ/TwsYrHPOVHyDax0f/mOH
4L9Jy2pT68i6AON0H57oET+lNZmfWSi9nCvoJNYkbAYuApnQM75zwgZuvPed3uAN
NxlYaWxPhL7CzyVZYPdX5LdfN1sGK1nHE38G0k82NNkNJH7Bqz55ar2cLPxDWJjD
iso4mBO/9bEOTGrpfI7EhuuQIk6pML20yD1v/Pmrqkys58gxJ8GrLucv7b1J2mB2
b1wVxi8ftcttpSni6uDjUPRoEEAOAojyuwOfNcUhq07mvjPwg2JBCi4LJsRVL7jc
jKJBa73Ez9WvgkwbW1d5w9yDEdos6MBMHZQueKrWKhOiFnToAce3PSwUh4jx3tN6
eVKkBnc/r48Q5ZvJP4JfVqq9tmO55GeXp5UYQtSIHYwAKNpxt9OdGR8qNvgMO3xu
CCibusYv6Jis4QnnFUl+KsZZLk0afq7KvXdfvBs0QNfGzd5IdGFXXa7+hwlHaRG5
j8k3T/5DjzTdE59r7PA5l5aUcN+SamkhGNaJMm4TRSJBGwxUkvX3rSfinA8WCh19
8BSoFMWSYP18CEDsHqZKs9QgKTFx+KiYmh/nAcTZrSrgLWCz0Bzox097zUurwDs9
ZBtcZonVBnUOYX/YT1oqSVXJEpynZ5HfdkZ4l2jfp3ixMeuE4gJvELzOA2Y8FaM/
oDYt+Danj1bcKNcXWKOPyW7qL1LjiD1VC5oVlhUiw32YSLh4blP5SrHQTGyetLVi
TWaTh7z2Rhyf+PGpfnUWu2Hsp1V1WdfzArRMUXVlZW4gTWFybGVuYSAoU2hlIGlz
IHRoZSBxdWVlbiBhbmQgaXMgdHJ1c3RlZCkgPHF1ZWVubWFybGVuYUBncmV5c2N1
bGwuY29tPokBzgQTAQgAOBYhBMzi4dLQ42reBAXi0JlbshgWMTvVBQJgrn8wAhsD
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJlbshgWMTvVLqQL/jnG2Y3ua7d9
CC83VFeOkMOVkZs1Vl4/2o9fsdo2Ji4YxaozKatboJubwpO3NjLaFYQx6+C/6btm
IZ5kFVBHxDB4sw8rKfkl56DqQMKXjAyWYLcC/UNcZdfV4w0+Woj+KgL1uh1bxpiU
My7NNnxvPzo2YGMrOg0xbjhwuPuXHv0bywrJS8kFnHEz2o75afHmwIZmmzZci4Fw
pFDYxOWszFRF7XcQu0tlJj/eRzr/T9eOlhtTOs5/Fjt007TNOjBBHsF9U3zkf1AX
xn3kxFcdgbdYXEMp2uSr+sMSFqSsnm9KAqwC+RU8iG2Sv9Ff5YnOvg7CfqymGGFi
eLvplMxpqdlOpywMrhpXqT/a54vqzxeJ3axTKkg/c3T4Gek0P0IAsM6nTWa43zVm
BKhkFNdP3TuTvqQFy4ZqLFDNHCk4SfNSYW1Dei+irvcysdFb6+ZDXAYNdk0N+Ajl
rwxcQSQaA6maufgcO/sA+b7e0JOMgM2Dr5LrND4Uz16zMGYgeQQp/p0FhgRgrn8w
AQwAtwZKgIDeylKFox3edzPBTS5ZF5Rs46Wp6e+OF1ecvfbQmPV8vHPZkLrNYTt5
UODKJJLJO5hopNgJigMHmAbrXqFSZB/XrkkwfuZ6yY3Fyxa7qaSeyEdDX0SH3533
EP7vDFryZEt5bO9g1aUbPeBYamSMfrkgGdj7M+ToERuvpVV2LhgBAJeAbnk+2a0S
/Jcx873mWax/TmFLz2yO2TZFT74iMC2CyQMLPbjq/r5gaMsMzRj20jJ4+matT88X
L4lr3JkytkWx5H9G+n0kuNXmq6GTklwMXyV7XIux9iUvqhr7+cSqJFniVbiGbWTo
zfBk/rJrCCcCN+zUh+iQUtVbw4WsrBvo7Po+urlw0bbf/BptOmhQ+bICAApxVR/F
0teNe82LaFHrRXcQOm/F4cJqMPtZvBz/iOJO+nqGDgRsgUR8gA48RZdRgYxS5ePR
bWEKUhlmtyju9162CP2c24FqBuUb+nYz0F3vnRhRC9n5MO7ZjtNFkQwl6O+wJ0UA
wnqdABEBAAH+BwMCtM/xijzS4N3gHy+0b+fuxTijqtNa/w4U3efhzEByB43uK465
i/mNLD/JaAcegWEdi1kAhxJchemlxtnNYyXo00KVFoEkU8nMCwfSbuXuVDTcRHUp
7ruHgI0s+71q1M/IfVrr43UxwWNzMAahJT2Nl3NDgRSU4lPRnDAhSEknw93J/6w4
DcvOZZjvmVsxA/95S8JqO4sdPnfv/aod1+UI8s03vN17WKlvMYU4OJnfGhkw3dfI
sC7JYF/l/VrZ+rRSLsMitMRqlNJndIR4h0ph8dg/LfIhOJK8h/41MPliw1w32qyN
m1d/fQgkLBi3dTgZPIxFEjH2povCErYmzOt/axHAp8o3Fhj4leXq8noTuX5aQ7MT
Ccp9xt5bQdpTkb2ZPCS28DrKqKHOFyK9NQJe37qzoDedF5HqDECo/bE7dnYb+xZc
Wa91CTdlzWrlVRPvQ0NhnxWoUuveG5ytVWpMScQIsqt13PL4H1pDaPG6I8kHrWjJ
BW+7iVafvb6rRQCQXs3ZX56X8syDZh+wVzXsiCpojWH8ydgpltr4AjN7iCMcsHqI
Gd+OOB9DOdAbZU2xbBQ74vQZS/hfrswMdSixeOYRFCtfNqCHRrifryPSG2po+OkB
AJ+JJECvIFxLZwgMxT4AH2fDP7ULa8IDj+5oIwziGuqX6qbQQsRiExvWOOP281M7
AaVcOjeEGgc+puNxM9PzwIZWHxETi7ks2QDJQHQqD+MxdkLztqAnR+ln+hZ/WAQD
197wu4WG6OSpjaw+khMSl2tAOKZzeyhZGanC3VhFe1Z9CzWmwSgeO6aOXejFTzeE
A2ZRD9QjvdIIFj0aaLshsFcF/inO9HHRlmJMYmue4PLJYJTBvs/N4/XWdWUhMWxG
YJTBp335WtGsuqCWVZPzJb5lkcdC8yUa4FO3Z/fmHT3tKZSrvwROa7YBqDkUfhuP
64/4n1TVXcgRMA4IgEJNYt5mVVgOb8o/0G13LqoByI9/V8sHrW0TTIZPblyaoFah
BfnWekdgWzeyYJWgm+IzqVAWOgrkQAzalFuZuBF0qoYb2SDdqohNw/erTcd3CM35
dgQozqFpKeT31HRVYOjA0ZyjBllY3EYTCU5mFtfH45Ao7d2C3lbRiHzXOxS0sF0+
fIDKZXHXAnt141Ni1vNrs+WxyfJ5yMZHEQ5R0o749I67rg9x3hXnwDUw+mzibBOx
U/7xxcuRe5PkITjk2EwjkZvrM4KEHsuVvRQF7cJ9AhqYFaVZKOBGAvKJ5OGaijaF
oiKNP1vIpmCvFHS2kD8mi8oMx786f8Tks6r9gCFq+nnSbFV3W2hzzwD6825V3wMB
d28RBBk8wtyD2G5mAWQNHISJAbYEGAEIACAWIQTM4uHS0ONq3gQF4tCZW7IYFjE7
1QUCYK5/MAIbDAAKCRCZW7IYFjE71fmOC/9zly33PS50gR6kcFtN8KBgfNcwd/Yz
ZzI8A2o5nAFhcHwWH/f25hGXxbh3hGoz8NaiGFFktiefaQ+9M2Usb15OSjTeKT6H
KoBxSkn641fkV77Ed+a0rGtOhrelKviqQJtS/5509LbIpiYPpfSEw0OwlHfY7ZeA
l3PCOZHkiyOwR/hmj2gbHpbSqxSJdWftTLMUDaCTzqfSkIjkB6pTgJkLPM4eUnTL
xFP4VckDhbnj1a92AjI0BoUVRlQUKDwhquDlP4XjOmRSRZh4Yi8cQh0MDN3SR72x
wP3953xYOYanABMcANqV0wPRm1tLXORT/kQDBVsDsYATS9a5Kt4QyF6FnR16rcK5
lAqXet1/O1rvVvaJDzXnzoQOa0ORgdFcti+2pdCbwNy3LY2LvJDl+I4PDGTqk32H
/HUuCprWkcZu2dLCP0TeEVRg95wyCFc4C0G1eL6yeIKcH/l6Dp5ToLfqpaIt6LXL
HpfJD0o0eOq46T+IQlOFsqLmeqZTM7wRlwM=
=8eSx
-----END PGP PRIVATE KEY BLOCK-----
publickeys.asc: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF+hSOgBDACpkPQEjADjnQtjmAsdPYpx5N+OMJBYj1DAoIYsDtV6vbcBJQt9
4Om3xl7RBhv9m2oLgzPsiRwjCEFRWyNSu0BUp5CFjcXfm0S4K2egx4erFnTnSSC9
S6tmVNrVNEXvScE6sKAnmJ7JNX1ExJuEiWPbUDRWJ1hoI9+AR+8EONeJRLo/j0Np
+S4IFDn0PsxdT+SB0GY0z2cEgjvjoPr4lW9IAb8Ft9TDYp+mOzejn1Fg7CuIrlBR
SAv+sj7bVQw15dh1SpbwtS5xxubCa8ExEGI4ByXmeXdR0KZJ+EA5ksO0iSsQ/6ip
SOdSg+i0niOClFNm1P/OhbUsYAxCUfiX654FMn2zoxVBEjJ3e7l0pH7ktodaxEct
PofQLBA9LSDUIejqJsU0npw/DHDD2uvxG+/A6lgV9L8ETlvgp8RzeOCf2bHuiKYY
z87txvkFwsXgU1+TZxbk+mtCBbngsVPLNarY/KGkVJL+yhcHRD0Pl4wXUd6auQuY
6vQ9AuKiCT1We2sAEQEAAbQeTWVyIE1hbiA8bWVybWFuQGdyZXlza3VsbC5jb20+
iQHUBBMBCAA+FiEE8/r2aOgu9RJNUYe67yb0aCND9pIFAl+hSOgCGwMFCQPCZwAF
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ7yb0aCND9pLwiwwAhFJbAyUK05TJ
KfDz81757N472STtB8sfr0auwmRr8Zs1utHRVM0b/jkjTuo4uJNr7YVVKTKgE7+r
J+pwhm3wlTQ44LVLjByWAi/7NWg3E9b2elm+qkfgm/RfFt3vkuOxGSyZyIFFh+/t
wv6iABPvr6w7MZwrFaS0UP3g1VGa5TFqg6KNxod9H/gPLxv45lutXf3VvBZTJpr1
pxn7aLHlFzEyIgNZbP/N1QF44GSrN/k0DfL631sZjauUXaZXbi5xGsKKCYwJ1g3q
587pi6mTdTV3n0hKgVuipO8hGy5++YeOv+hXsCxDwyZ+Shv+qavd/SapxYgCdEue
uwONIFfsIsWCd3SCcjKXicTTEFMu8nvBmf7xuo2hv6vEOxoijlXV+4LkGrskdB8Z
Mg8PywEx6DLmDokgnAhTLrTc1ShbkOtQ3yNjjyFK7BDpqobsJal6d8SpbhccUJLe
paSmsk0CgJsTjhAl6EwX0EYgTo3kP5fScqrbD8VwQaT8CcE4rCV4uQGNBF+hSOgB
DADHtpTT1k4x+6FN5OeURpKAaIsoPHghkJ2lb6yWmESCa+DaR6GXAKlbd0L9UMcX
LqnaCn4SpZvbf8hP4fJRgWdRl5uVN/rmyVbZLUVjM8NcVdFRIrTsNyu4mLBmydc3
iA/90sCTEOj9e7DSvxLmmLFjpwM5xXLd6z0l6+9G+woNmARXVS3V/RryFntyKC3A
TCqVlJoQBG45Tj2gMIunpadTJXWmdioooeGW3sLeUv5MM98mSB4SjKRlJqGPNjx5
lO6MmJbZeXZ/L/aO6EsXUQD2h82Wphll4rpGYWPiHTCYqZYiqNYr6E3xUpzcvWVp
3uCYVJWP6Ds117p7BoyKVz00yxC9ledF3eppktZWqFVowCMihQE3676L3DDTZsnJ
f1/8xKUh5U2Mj3lBvjlvCECKi00qo8b1mn/OklQjJ5T4WzTrH6X+/zpez8ZkmtcO
ayHdUKD/64roZ9dXbXG/hp5A+UWj8oSVYKg2QNAwAnZ+aiZ2KVRE/Y61DCgFg6Cc
x/cAEQEAAYkBvAQYAQgAJhYhBPP69mjoLvUSTVGHuu8m9GgjQ/aSBQJfoUjoAhsM
BQkDwmcAAAoJEO8m9GgjQ/aSIPcL/3jqL2A2SmC+s0BO4vMPEfCpa2gZ/vo1azzj
UieZu5WhIxb5ik0V6T75EW5F0OeZj9qXI06gW+IM8+C6ImUgaR3l47UjBiBPq+uK
O9QuT/nOtbSs2dXoTNCLMQN7MlrdUBix+lnqZZGSDgh6n/uVyAYw8Sh4c3/3thHU
iR7xzVKGxAKDT8LoVjhHshTzYuQq8MqlfvwVI4eESLaryQ+Y+j5+VLDzSLgPAnnI
qF/ui2JQjefJxm/VLoYNaPAGdqoz/u/R0Tmz94bZUfLjgQaDoUpnxYywK2JGlf3m
PZ3PNWjxJzuQTF5Ge5bz/TylnRYIyBT7KD7oaKHO62fhDbYPJ4f94iZN4B6nnTAe
P34zFDlkUbX4AHudXU7bvxT5OUk9x9c2tj7xwxQHaEhq2+JsYW0EVw27RLhbymnB
fLjVVUktNF0nQGvU2TEocw4pr2ZkDHQkSnlbNa4kujlL7VzbpnEgyOmi5er9GaIu
VSVADovBu+pz/Ov1y/3jUe8hZ/KleZkBjQRfoUkaAQwA2r2HiLvpnclyZMoeck1L
FoVyEU/CjPcYWF1B76ekO9mrlYvbKsnsyL0WcuEqwCmHdLk70i743Fn21WQK4uvv
lvrEpev9aj9DihyLctv4qrPm6wAU/Xibf75tg1iRL+muMQfv6hQhjdhwkYFx/7XQ
6UWkEibqFS7xJwrhz9lHL4KTA4sO5PeW713+mpz7tM5RmGV6NOQAyEEfAv6OawlW
k0f5o8xngIoyo2BS5qIeEBO+iz45+GG8GQC6XufOIx7VVl++ZpsxZKtDq/AXfAsk
xfLRwZMqH9Db5pPMzrL1bPV16AwoWqhAGd2HIMkODLEC5XTGIKCqO5+n288rHhAJ
TqFmE7TpAo+Eb0Tkk4jfm6LyRonmQGpu/Zxa53n5D6d+AgYWAMeHkEthWJkES4mK
pZu4nV21+n9mynnPg8wzthL705Q6IBjtlxX8EP6eeRFE1BUCNp2RZttTSdI+8iwz
YsGOJdJeeXeLOGhvU9/PLkRj9jgZLgCLAo1QGo2oxetZABEBAAG0IkJlYXN0IE1h
biA8YmVhc3RtYW5AZ3JleXNrdWxsLmNvbT6JAdQEEwEIAD4WIQT2ReBH7lvE4oJM
lNtC3JHPqKugKwUCX6FJGgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gAAKCRBC3JHPqKugK25hC/9VF1fekj0IKnrOJRUcK/Cv4RBowl60V91w27ApsoP2
awEJiFhY7qRijtkA3NKrT3tke7aTnC3yAJ8SFOmvIAC94ijb7Iv97xkG+1IIz8pv
ru9y+dzd2NnvCkts8gFF0CI/xtEME90rU3Pay9B5IyrpP++UdmSmnp3Neuwi94BZ
DfMlqkeiYOzWWSeYbmSSVfKTXeBdUuTyfRI4m/bPbh6gegOB/XdgSIrNY74D0nR3
np0I+s0IGZepK24kgBKfUPwRDk7f98PXCh29iL3xH+TBxu30WHq7xKmPoXxCRyFL
tnKF0MN5Ib276fHnJZM+hXf5i/1EPi4NLnk86e7fNI69hwiUd1msEt3VmZWe7anJ
e/1p3sSXwbQGhhGWM5K41/rQ1CZ9qD95d6wkHRSc0n4z78qxgYV73yJHinN8xIFn
PWbopPPIJbELSoM3IEpHobsj95pH4hzZAPSmDfOfLzV1G2ec1QPfWnTqUriUt7ed
Ds4//7Cczj6sRh2B6ax2diC5AY0EX6FJGgEMAMqxn5io6fWKnMz8h5THqp4gEzDu
oImapfMKbAKcxEtJmcLkvn+4ufEP/hcll66InqJHsqMOrdb+zbduCruYWpizhqCI
GSsuRu7+ZEEkQFmF5juCOV/5qKQJgZZmxSKbRtboapMRR/jmg1pvhnUG7wJOGWi7
qv+iRdsWKskDO7tUQE34+ID7IwfDZe2fbFKxf66nPlUunF8aMglsvGmtCEzm/xwj
unHnmoqZBQIzTdEXIaEwhVosbgY7A1iwOJ/gT2dcF2KJa7tygrtcbgdVzYCibynw
tlvDGXukweuYLQFsObyBG3UHRhJg61p7n344sy1U9uwCP3/pVCr9bNY9mLZpCgHF
kqxErmB8cWouQkbwnqxQFm21KtGFzjUawuKBXVtDEeA8C5Ha0sx7lw5JrX8GD3EL
60qKWjqujJsR1kyijXx1No7Xr9NWWuPoIDYH06ZoYE+j065VTRqZIGr3NjUZnqT7
s9M41roQMnKAzRBXousRXRW9dXfS5YIG4nWTlwARAQABiQG8BBgBCAAmFiEE9kXg
R+5bxOKCTJTbQtyRz6iroCsFAl+hSRoCGwwFCQPCZwAACgkQQtyRz6iroCt8igwA
gopqy+UgxJ7oTL2zvOgL1ez7bv+E/U1/7Rdy5MHwr4WF6oZRpIBlgv3GXXeIFH9b
FdDhgyPKgh+Tz24JBL+7YjUtWGe/G/pmmNK1YazB/OxrwiGFpTCyk1zhxEkhMu7H
u3LgD571K+4TUUpaPCqEeoBBg6O3T29DH1AxpWpEPGXlOrRDHYgVziEpLdUNahAj
F53auNWvya+Vc2qZwM4NFt608LLf7J5yIA2vbsvf6+gVopPE3whXESKXo08B2hC1
f3Pr9/Tgt6oIvy9/dAcTMalxRyyc42E2wX5kyzDlfhY9kqaNNfaGMZJO5g//gB7B
dtrAfo/LhWtary/YfAOtbbnMYkf+HODAPZItaIjMZngBM0c0m78YoCetAQE8uBFK
6aXmht3BZGPOwgyZpK5QT6ClYst2N9ca3tPUEfnddotKySmCEk/JWtu5/0lFl75W
zHulc7iUNGJmnUffVZyH12CjBWsTtqombHDkdEKFocavqpVcCCbKbtW5GZhuZC65
mQGNBF+hSUIBDADStlWquV7SdREZtxXBVVzdCkV1xkeHYfo2Z244W0LTwmvpbO+o
6P5GCAW2c336qWElsMO9ujeV2nuUZy3k3AtJLx19iWC+ywYVzJ8f878XAxq0ya1V
BBnfsBc7iRI3umf2JSi+fHXf9l+rJ8Zr5AkLrUo3tQoxX8xWQIfUVY481nlkOvuM
txEI6h1t+z7PWjAJsdKKdevRPApPIBGXX0iGE/98ATsLYtvh9ln26j1SrSdtKpPk
tuYve3zkphlZAdf5ReViicik6gpEdyEfIxNab6nyV8LTbSeCHe+6/cz+AEqA+cr3
K3MwriaapPzNhRV8izzGnIWChIZptGBKH5nLivfIAB/hbOgU6tM+YgUKrpJCXXA1
My2q68o2kARJxh6s0tuuT6pFEAG9RmzS3ywrPz4PAgkwrJA1uUa9fy9ngkOnQN3C
EeVQTUU55b+6zVhW1Qq8PII6AGqj1lSY9jLpjxEr3q227OlTaxfgg19x5o9rcycc
AZlQqzL2p3Z7HZ0AEQEAAbQcSGUgTWFuIDxoZW1hbkBncmV5c2t1bGwuY29tPokB
1AQTAQgAPhYhBIYPcR68MZb6cOhv9wDz8yhlQWZrBQJfoUlCAhsDBQkDwmcABQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEADz8yhlQWZrD0YMAJp6WkrSzghIgrGm
EquhUPu4n8dnaGraGxu1Om9Z6HrUvphBvm/yZMlZxYbsQRvd8DUCuQD7fScBS12W
X3AYe001REfAbj0kDAdDQ0Z8sFCeCDSBJ9ulX07FzTHH0qROcSv6NONjGYVeTFic
L2W0rATygnFzzjjSGboMq1qA8u6/5JNM7MAxJcIS0Dr8Fhdwv8TwTJrVg6ZzJDHN
8OVAUkPaciQI5lDDP5+kOVqbZZ92Ua8byxKtNACCdSsWZr2OvYyjUz4JKMp5X6yH
bDQB3vlwRkRS7Voo3pUGsdLwiBWiryklSa++DIbBemrALFLc5YnLgfCV0frPOEqs
dDwWECRxwN4r+2DjY6TYCEEDfhM2Hm7MoMx/jM4uhI4KwPdOKmHsBPVBeXqBRXz3
2NMMZg6to0HRjDapR8AkbfdC5vjiuwnDA6llmxnVtx2oPX3g8RVOIw65f8KfWzWS
fzEqhoKTccsHMMza8J1ax6T6HXkqa/Tt/B/3d7nUzp53V3luG7kBjQRfoUlCAQwA
4rFxmKwr4RAoVEqhDDWl8ecd/KQXEg0iCpkkmED6mEpPE9qAi8ORNId66E+rveS1
SsbmbqVlrN9iHphtvYqvlwwb2IkgPaFpmVSqWrQ3yzEPrL5CLAWiiEq7M4ux7pue
YKcOmv3wQSta9eMgy9jaGUXrxFl4qotCevcEsLzkKC045OdVxkL++NFsiQUSfMYO
tgGKXuBh0ycI/pOb66lY186zPT0tR+QA18uzeCizEjhCZmPIlPHjN8NOEM7ZLU4U
QrLdSrm1quhO6DvGEoO5FulvGtp5hVHdJL5oB7svzNurXB3WVjdXCnRijoaCR07A
/X9JVZY2+kRxdl6ZkuLZxb5UE6usW7pTA5DKiuFG/w6CSGZA1Dv3+yoZnjN8KhnG
mIWmEJgvddWWoaJ3wFvSAGkYa3qBLX3noV3ZCm0c/r2LBcyFGyuyddEhg9wrqWU9
vM7W/4BkTqSJdeMRlS9FD803V9GqxAJBJ1KOSFt2s6b+ekYCI/d+Buso8GPp8eUH
ABEBAAGJAbwEGAEIACYWIQSGD3EevDGW+nDob/cA8/MoZUFmawUCX6FJQgIbDAUJ
A8JnAAAKCRAA8/MoZUFma/gCC/9xkH8EF1Ka3TUa1kiBdcII4dyoX7gs/dA/os0+
fLb/iZZcG+bJZcKLma7DRiyDGXYc7nG3uPvho7/cOCUUg5P/EG5z0CDXzLbmBrk2
WlRnREmK/5NTcisCyezRMXHOxpya4pmExVMqSPGA0QbKGwdHqfbHQv2OyI3PYBKv
lN+eu6e5SEbT76AQijj5RSPcgbko24/sSqJylD1lnRocQK1p4XelosBraty4wzYS
vQY9dRD4nafxPHI3YjKiAG0I7nJDQ0d1jDaW5FP0BkMvn51SmfGsuSg1s46h9JlG
RZvS0enjBb1Ic9oBmHAWGQhlD1hvILlqIZOCdj8oWVjwmpZ7BK3/82wOdVkUxy09
IdIot+AIH+F/LA3KKgfDmjldyhXjI/HDrpmXwSUkJOBHebNLz5t1EdauF+4DY5BH
MsgtyyiYJBzRGT5pgrXMt4yCqZP+0jZwKt1Ech/Q6djIKjt+9wOGe9UB1VrzRbOS
5ymseDJcjejtMxuCOuSTN9R5KuSZAY0EYK5/MAEMANv5p5ESG5VZ6qhbJ4aixB4P
KkOcUU+W61dS18QEyOnTmC37OGqjRMKZLpTlchFOwqKYRB6m+5noyZbOe/2aFIRg
U0d8mSvOhBKy3Dtg1vMxHyGGOpVP3Fq6ZJs6HEpch2KhmLzGT/Pg8XHEJ3xXXqhL
f6zr+fjR/Vo1rPiicHwBM2hGXeBCf5ufgU06lBYYQjzNerMVB265fAN8Entm5BiW
HSjy8ijCaXfFwmMuVHPTrydhFHnJfUxMImbFMLTbwSn8RwiLmGCydeoAwLB5gKcw
IB+37triVVLOI1Bz7iWEbiFBog7M1RyveI+zIYR3f89mL4B0ZK1fuecevfhv8zn0
sYC+2gwReLjPpSMwShgMp2b0YnzTPkIXASWPbxGBWKVrAO5+W7JyZ+ZFNjkH7U6r
q6A3fTESOA8SgYptkfCb371ZF6TzVhXsaGDA47tRhtIriuyAP8H4Kx7sANcPSj0M
a9QtiO8PkGkwbSN1GQUFMUVndQ2RvhRm0gszI9ADtwARAQABtExRdWVlbiBNYXJs
ZW5hIChTaGUgaXMgdGhlIHF1ZWVuIGFuZCBpcyB0cnVzdGVkKSA8cXVlZW5tYXJs
ZW5hQGdyZXlzY3VsbC5jb20+iQHOBBMBCAA4FiEEzOLh0tDjat4EBeLQmVuyGBYx
O9UFAmCufzACGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQmVuyGBYxO9Uu
pAv+OcbZje5rt30ILzdUV46Qw5WRmzVWXj/aj1+x2jYmLhjFqjMpq1ugm5vCk7c2
MtoVhDHr4L/pu2YhnmQVUEfEMHizDysp+SXnoOpAwpeMDJZgtwL9Q1xl19XjDT5a
iP4qAvW6HVvGmJQzLs02fG8/OjZgYys6DTFuOHC4+5ce/RvLCslLyQWccTPajvlp
8ebAhmabNlyLgXCkUNjE5azMVEXtdxC7S2UmP95HOv9P146WG1M6zn8WO3TTtM06
MEEewX1TfOR/UBfGfeTEVx2Bt1hcQyna5Kv6wxIWpKyeb0oCrAL5FTyIbZK/0V/l
ic6+DsJ+rKYYYWJ4u+mUzGmp2U6nLAyuGlepP9rni+rPF4ndrFMqSD9zdPgZ6TQ/
QgCwzqdNZrjfNWYEqGQU10/dO5O+pAXLhmosUM0cKThJ81JhbUN6L6Ku9zKx0Vvr
5kNcBg12TQ34COWvDFxBJBoDqZq5+Bw7+wD5vt7Qk4yAzYOvkus0PhTPXrMwZiB5
BCn+uQGNBGCufzABDAC3BkqAgN7KUoWjHd53M8FNLlkXlGzjpanp744XV5y99tCY
9Xy8c9mQus1hO3lQ4Mokksk7mGik2AmKAweYButeoVJkH9euSTB+5nrJjcXLFrup
pJ7IR0NfRIffnfcQ/u8MWvJkS3ls72DVpRs94FhqZIx+uSAZ2Psz5OgRG6+lVXYu
GAEAl4BueT7ZrRL8lzHzveZZrH9OYUvPbI7ZNkVPviIwLYLJAws9uOr+vmBoywzN
GPbSMnj6Zq1PzxcviWvcmTK2RbHkf0b6fSS41earoZOSXAxfJXtci7H2JS+qGvv5
xKokWeJVuIZtZOjN8GT+smsIJwI37NSH6JBS1VvDhaysG+js+j66uXDRtt/8Gm06
aFD5sgIACnFVH8XS1417zYtoUetFdxA6b8Xhwmow+1m8HP+I4k76eoYOBGyBRHyA
DjxFl1GBjFLl49FtYQpSGWa3KO73XrYI/ZzbgWoG5Rv6djPQXe+dGFEL2fkw7tmO
00WRDCXo77AnRQDCep0AEQEAAYkBtgQYAQgAIBYhBMzi4dLQ42reBAXi0JlbshgW
MTvVBQJgrn8wAhsMAAoJEJlbshgWMTvV+Y4L/3OXLfc9LnSBHqRwW03woGB81zB3
9jNnMjwDajmcAWFwfBYf9/bmEZfFuHeEajPw1qIYUWS2J59pD70zZSxvXk5KNN4p
PocqgHFKSfrjV+RXvsR35rSsa06Gt6Uq+KpAm1L/nnT0tsimJg+l9ITDQ7CUd9jt
l4CXc8I5keSLI7BH+GaPaBseltKrFIl1Z+1MsxQNoJPOp9KQiOQHqlOAmQs8zh5S
dMvEU/hVyQOFuePVr3YCMjQGhRVGVBQoPCGq4OU/heM6ZFJFmHhiLxxCHQwM3dJH
vbHA/f3nfFg5hqcAExwA2pXTA9GbW0tc5FP+RAMFWwOxgBNL1rkq3hDIXoWdHXqt
wrmUCpd63X87Wu9W9okPNefOhA5rQ5GB0Vy2L7al0JvA3LctjYu8kOX4jg8MZOqT
fYf8dS4KmtaRxm7Z0sI/RN4RVGD3nDIIVzgLQbV4vrJ4gpwf+XoOnlOgt+qloi3o
tcsel8kPSjR46rjpP4hCU4WyouZ6plMzvBGXAw==
=Mjei
-----END PGP PUBLIC KEY BLOCK-----
signature.asc: |
-----BEGIN PGP SIGNATURE-----
iQGzBAABCAAdFiEEzOLh0tDjat4EBeLQmVuyGBYxO9UFAmC4Be8ACgkQmVuyGBYx
O9W36Qv/amj4XpRAZfa5VAGKWWQq7RKtAsD7cIsygenG1BYUXFWSSQc4wnnbdmZF
vizM7j9ibWwhXIJuslA9oZaH2V+8Lt+69xUhN1EEKbYKZ45Amxm5Hi23Y9myUIFF
+uvgkayLHKIFH8vy5snVsll8QmmZvwPtu/+VuUWMHMeVqSbWQmAwz1+rwTAqGbbO
bVt2cqVYPO1HQWGzc6E2S4TDUR6HZUuSSDUDL17bejMEy0cFgySxBji5p9UQXmfN
7I82QdAB5wEuUE5zFr/GdvzBpbeAiLNz7rn0uhW5zbzZVMnaRfMmVl8fR7vgveXE
ILii5JYjJ0FJbO9xRoDhOlnqvMzfLCrHtwcnUd82b9iFvlt5NiiZQDrleIqvDC9S
ntY3ZrxhhaVh6qa59hJkEASzU06i120w+1hMc+6DU1e2DjwUCbEtWaDDG6iVdD2S
13QIXmo9EgCSVsrYRGv3k8LcdZFQQ2sypP1PvktFoqPz144nw8RIqLBUFS60mj5m
JBGF3FnI
=M69r
-----END PGP SIGNATURE-----
kind: ConfigMap
metadata:
creationTimestamp: null
name: pgp-meta-test
namespace: grassroots

50
kubernetes/pgp-trusted-publickey-configmap.yaml
View File

@@ -1,50 +0,0 @@
apiVersion: v1
data:
trustedpublickey.asc: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGCufzABDADb+aeREhuVWeqoWyeGosQeDypDnFFPlutXUtfEBMjp05gt+zhq
o0TCmS6U5XIRTsKimEQepvuZ6MmWznv9mhSEYFNHfJkrzoQSstw7YNbzMR8hhjqV
T9xaumSbOhxKXIdioZi8xk/z4PFxxCd8V16oS3+s6/n40f1aNaz4onB8ATNoRl3g
Qn+bn4FNOpQWGEI8zXqzFQduuXwDfBJ7ZuQYlh0o8vIowml3xcJjLlRz068nYRR5
yX1MTCJmxTC028Ep/EcIi5hgsnXqAMCweYCnMCAft+7a4lVSziNQc+4lhG4hQaIO
zNUcr3iPsyGEd3/PZi+AdGStX7nnHr34b/M59LGAvtoMEXi4z6UjMEoYDKdm9GJ8
0z5CFwElj28RgVilawDufluycmfmRTY5B+1Oq6ugN30xEjgPEoGKbZHwm9+9WRek
81YV7GhgwOO7UYbSK4rsgD/B+Cse7ADXD0o9DGvULYjvD5BpMG0jdRkFBTFFZ3UN
kb4UZtILMyPQA7cAEQEAAbRMUXVlZW4gTWFybGVuYSAoU2hlIGlzIHRoZSBxdWVl
biBhbmQgaXMgdHJ1c3RlZCkgPHF1ZWVubWFybGVuYUBncmV5c2N1bGwuY29tPokB
zgQTAQgAOBYhBMzi4dLQ42reBAXi0JlbshgWMTvVBQJgrn8wAhsDBQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEJlbshgWMTvVLqQL/jnG2Y3ua7d9CC83VFeOkMOV
kZs1Vl4/2o9fsdo2Ji4YxaozKatboJubwpO3NjLaFYQx6+C/6btmIZ5kFVBHxDB4
sw8rKfkl56DqQMKXjAyWYLcC/UNcZdfV4w0+Woj+KgL1uh1bxpiUMy7NNnxvPzo2
YGMrOg0xbjhwuPuXHv0bywrJS8kFnHEz2o75afHmwIZmmzZci4FwpFDYxOWszFRF
7XcQu0tlJj/eRzr/T9eOlhtTOs5/Fjt007TNOjBBHsF9U3zkf1AXxn3kxFcdgbdY
XEMp2uSr+sMSFqSsnm9KAqwC+RU8iG2Sv9Ff5YnOvg7CfqymGGFieLvplMxpqdlO
pywMrhpXqT/a54vqzxeJ3axTKkg/c3T4Gek0P0IAsM6nTWa43zVmBKhkFNdP3TuT
vqQFy4ZqLFDNHCk4SfNSYW1Dei+irvcysdFb6+ZDXAYNdk0N+AjlrwxcQSQaA6ma
ufgcO/sA+b7e0JOMgM2Dr5LrND4Uz16zMGYgeQQp/rkBjQRgrn8wAQwAtwZKgIDe
ylKFox3edzPBTS5ZF5Rs46Wp6e+OF1ecvfbQmPV8vHPZkLrNYTt5UODKJJLJO5ho
pNgJigMHmAbrXqFSZB/XrkkwfuZ6yY3Fyxa7qaSeyEdDX0SH3533EP7vDFryZEt5
bO9g1aUbPeBYamSMfrkgGdj7M+ToERuvpVV2LhgBAJeAbnk+2a0S/Jcx873mWax/
TmFLz2yO2TZFT74iMC2CyQMLPbjq/r5gaMsMzRj20jJ4+matT88XL4lr3JkytkWx
5H9G+n0kuNXmq6GTklwMXyV7XIux9iUvqhr7+cSqJFniVbiGbWTozfBk/rJrCCcC
N+zUh+iQUtVbw4WsrBvo7Po+urlw0bbf/BptOmhQ+bICAApxVR/F0teNe82LaFHr
RXcQOm/F4cJqMPtZvBz/iOJO+nqGDgRsgUR8gA48RZdRgYxS5ePRbWEKUhlmtyju
9162CP2c24FqBuUb+nYz0F3vnRhRC9n5MO7ZjtNFkQwl6O+wJ0UAwnqdABEBAAGJ
AbYEGAEIACAWIQTM4uHS0ONq3gQF4tCZW7IYFjE71QUCYK5/MAIbDAAKCRCZW7IY
FjE71fmOC/9zly33PS50gR6kcFtN8KBgfNcwd/YzZzI8A2o5nAFhcHwWH/f25hGX
xbh3hGoz8NaiGFFktiefaQ+9M2Usb15OSjTeKT6HKoBxSkn641fkV77Ed+a0rGtO
hrelKviqQJtS/5509LbIpiYPpfSEw0OwlHfY7ZeAl3PCOZHkiyOwR/hmj2gbHpbS
qxSJdWftTLMUDaCTzqfSkIjkB6pTgJkLPM4eUnTLxFP4VckDhbnj1a92AjI0BoUV
RlQUKDwhquDlP4XjOmRSRZh4Yi8cQh0MDN3SR72xwP3953xYOYanABMcANqV0wPR
m1tLXORT/kQDBVsDsYATS9a5Kt4QyF6FnR16rcK5lAqXet1/O1rvVvaJDzXnzoQO
a0ORgdFcti+2pdCbwNy3LY2LvJDl+I4PDGTqk32H/HUuCprWkcZu2dLCP0TeEVRg
95wyCFc4C0G1eL6yeIKcH/l6Dp5ToLfqpaIt6LXLHpfJD0o0eOq46T+IQlOFsqLm
eqZTM7wRlwM=
=irpP
-----END PGP PUBLIC KEY BLOCK-----
kind: ConfigMap
metadata:
creationTimestamp: null
name: pgp-trusted-publickey
namespace: grassroots

12
kubernetes/postgresql-conn-configmap.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: postgresql-conn-common
namespace: grassroots
data:
DATABASE_USER: grassroots
DATABASE_HOST: postgresql
DATABASE_PORT: "5432"
DATABASE_ENGINE: postgres
DATABASE_DRIVER: psycopg2
DATABASE_PASSWORD: tralala

16
kubernetes/postgresql/postgres-db-sealedsecrets.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: postgres-db-secrets
namespace: grassroots
spec:
encryptedData:
postgresql-password: AgAE+2sX6nGxEeSDEZ6oOShpGqyEi0p8A1QIUNl99WBU/Dg/djdEF2F36SLcw48c2sO47/1Z4Ry4I0qk12GhVv6MPBpQYm1O8Unj822DpT1PW25G1dyRuZZjIE2zuIRoX/4Xvt+5T3Zfhan5ORFsY2H2tj4+v+I+VKdmOOICeffDCb45NPShfR8yWHTlQyvlvlukQBpyiefBTme6EDWo2658ik8Z/CvwXK49w8y+H02wJ5RMavaAplZTi0K5VibM95AiyLEVgGdrtn+ibXFdeWDaZTOgmL4XHqREbWokLHioRsje0nvp6gYZhTjFr8BAgVudbfkmxHZr4Z0EkJsPibznVbVU/gjbTk2mNvrbzoDYbVONAz5YKdCSPlY3f8+a75GfDts+nLGyiNgq2+6zAMn6FkeIGQtqJCy54vqO24wpwGBVXv+ifdBN7n8ifF7/Erd2G1Zt2zz19AQPwo9rAwdM4d2xgCR4t6lxDax2vWMlNdX9f85W6Yn52x57CxCNjqOzlnB/BUF/MnCKlO1NjZwnlzSV40W68HKNdW4XGZL03HgEeZFsgIb92cSL+blp27fn/DnL1jiSZQiktwfHSwHPJb6lYpMysjB/ST/iRTnzlQ8dQcHl+HC35/dH9YL0hU5ZXx7Qh/cRzJDT9hpPaHFVmmuiKG9ZdBICm4BOavQ+vUyRaJqXkTPDO/7SNVUM6U54H7oy2UXCZCrG
postgresql-replication-password: AgB5QMqB/htvwFHOwONjwE+Iqvu0opAQ/Wa0oKWb1Lt7oXCRF7wJ2n1xmpNIjFib3gVfGUb/hIt0nBS//B8CDYmz/WiJvylSLdStZhC7gMo6OfK7XD1BubwM2oj4/31eepBRfPMD7OkPXtFcBYpcE7nOq3I1bbbYq3uGjO0vaCozawqKG0ytMpNgcRVHLhuKY8rcIrCiqyZ/Z7DUjG4J7+HtvpBAkC9MFL1t03nEABZocwsf5AF9xzqSJsyVfJq0pmwxYPsu/tZdaUhh2dk64YBgap0VL3Xz5EzMVsu+2PKizafwOXlsxEoeEbdaxcqduVwTl9xIr6p/b+MBVMbuzV8VrsBgDStCijrRFB3Yjep5MRZrumISJG/s9/V77A1lQ2zdPk6dWRbdneScuJhYyG85zZr+B0ThwDxO7eOsL70s0fsebeVh+TVWj/rUE1bT5QDw5nXaXxAj/qx+z/c/urh+X8wmR6ztVj2IhGT4rnxtBzdKGDtpnS4Zm0IJbCaz8fI6c0YJW6Sqmvmh7GmA0j6BARugOcpkM5U8GavKBcEDPPJWPvATpZ4NJLG9yL3fddDO1hGGd0rPvxOIG8iF6fVFJlGWES7Zv8VHEDtAcP26QDjrP/mKcaXr9V/RvtSXVcN/pNCxkiWOYicMeeJ1XqWwFHELcZreBCav0aEDO+vqRIsJWewbX/8ESsOO0GaB+werenNwRXHJeCe7
template:
metadata:
creationTimestamp: null
name: postgres-db-secrets
namespace: grassroots

35
kubernetes/postgresql/postgres-helmrelease.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: postgresql
namespace: grassroots
spec:
# The interval at which to reconcile the Helm release
interval: 10m
chart:
spec:
# The name of the chart as made available by the HelmRepository
# (without any aliases)
chart: postgresql
# A fixed SemVer, or any SemVer range
# (i.e. >=4.0.0 <5.0.0)
version: 10.3.17
# The reference to the HelmRepository
sourceRef:
kind: HelmRepository
name: bitnami
# Optional, defaults to the namespace of the HelmRelease
namespace: default
values:
image:
tag: 12.5.0
existingSecret: postgres-db-secrets
postgresqlDatabase: postgres
volumePermissions: # related to permissions error on file postgres/data when pod restart
enabled: true
initdbScriptsConfigMap: postgres-initdb-scipts
initdbUser: postgres
replication:
readReplicas: 0
metrics:
enabled: true

21
kubernetes/postgresql/postgres-initdb-scripts-configMap.yaml
View File

@@ -1,21 +0,0 @@
# https://kubernetes.io/docs/concepts/configuration/configmap/
kind: ConfigMap
apiVersion: v1
metadata:
name: postgres-initdb-scipts
namespace: grassroots
data:
create_db.sql: |
CREATE ROLE common_role;
CREATE USER grassroots WITH PASSWORD 'tralala' CREATEDB;
CREATE DATABASE "cic_cache";
CREATE DATABASE "cic_eth";
CREATE DATABASE "cic_notify";
CREATE DATABASE "cic_meta";
CREATE DATABASE "cic_signer";
CREATE DATABASE "cic_ussd";
CREATE DATABASE "cic_syncer";
GRANT ALL PRIVILEGES
ON DATABASE "cic_cache", "cic_eth", "cic_notify", "cic_meta", "cic_signer", "cic_ussd", "cic_syncer"
TO grassroots;

28
kubernetes/pub-sealed-secrets.pem
View File

@@ -1,28 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIErTCCApWgAwIBAgIQQ/6gWxjyWjlUu/orGmbkkTANBgkqhkiG9w0BAQsFADAA
MB4XDTIxMDQxNjEzMzk1N1oXDTMxMDQxNDEzMzk1N1owADCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBALlHzjP+WopinMhSgNRMywms5IJ4u2UuY8k6YAnZ
dVeA9wBg+dPuhLqrOgfYSCPfwK+18ZaKpNw9qOUZBr/hRyWIQZrMc5rd6IMcm7aM
35Fxs5GPigMvp6GxBd/btfUxept/Ro1egwtl7U+6w4AfHrjOAqwnOgDib8U6wK9w
3+5BlhqPia3HmjE9XzvNp0SKl+C40xv6oGQ2RmU62ESN1uB5FL0+jbmhNZk/chhd
thhNQ9jo/QqROB/VeRh8LaX7MLzC2caI1fICXE4/4Mcr+rRnqr4dljKtQHobW5/4
lgH85XqeioFHpaB1cgKg0tgHAk6/UHNThy9aMaXjn/I1s5E8ZvwshWBWw7r14+Vt
dZaGzhw4RE0RQ8ubYQTiB0b+hXQhY4OdQnAm/yCkf9XODsuxJV9Dr+9coI7ftnyt
uU0JBBi6Jg9eZdkQjO3E7hyhVUyeer0LbE6W3BHTpz5ZZjp7aiCe94Q5BpqXBmU2
3JbYjasrGr/5F9YX7sCVdTkfe9I/NzeigAEgNKf+3nxMJB+bFsJ26kDFxREYOxni
NmDFwczZmUArowDaObh6yXAKz56s2bNJApzkKmKtdq7dpErz0XPOwyPzGoKeMO2p
8MUapopuCUVW20GR7YCmuTu/xBxfT3ocAS3u3kwYvwzYLeagpl+0Sh1q+6CZBAtK
jl6FAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwIAATAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQBYtcMUaxO5yX8fsn1LPm0CAZqTeI3xjkrHGDGXDQqv
9DHElHkjvWKjNem923hKBwbPdzhKbFQg2Dy93b6LeHj0cCOSQ21bvDrfpfBK3yit
AlvtuIIn4ktuIvegCDX/e9rxeIQPz3IhrKAnK36UpnMj8L+g2fz9+HYWowiGjx7n
lCik7ang8rtpbetU1BiXaLo58bJnbjoHxuVryTkSKiPiJ9nK+K2WP7IB+Uunr4c0
MlCoFrXCEfuShzW3lFRStfc4sazv2wv3utozukmrSWr9y5PXVPQxl8CUmTGG8Bnl
51RyaldiKRQ0J7LEMv+2fanDoOAZE8gjUVu0NqNahZwK3ya186AUCyUkoVVD7Wnv
R77SdeuVw0ULn4bpy9n4iXYzRXDha/q3Y2PP5yeBN1NhggxZ6Cyj8s9KeusVw5Oz
CueAczTlU3VUHI1VEtaacIon/5yuJRz4wW7opLbv1G8kh2v1zDtpWbbb2tnj3foq
Yt8UIeAkBIW4GPClM5A/Bzv2Gl3Gijp6dDF1Tim1w/6t4C/OBlEbzWII8wvdUTwn
NBKnmgsnErkSekYuNsGYl4Ua5gu05Bef4dQ7ShAkJcbXTKKPNdTyJmv4I99wRL1l
WaKawKjnMoO71c6lHuxt/D3p0jjdnsH4BAAMlUrIQ+Jlp+JHa/xcVjAMTvij14fT
Eg==
-----END CERTIFICATE-----

8
kubernetes/redis-conn-common-configmap.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: redis-conn-common
namespace: grassroots
data:
CELERY_BROKER_URL: redis://redis-master
CELERY_RESULT_URL: redis://redis-master

29
kubernetes/redis/redis-helmrelease.yaml
View File

@@ -1,29 +0,0 @@
# hhttps://github.com/bitnami/charts/tree/master/bitnami/redis
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: redis
namespace: grassroots
spec:
# The interval at which to reconcile the Helm release
interval: 10m
chart:
spec:
# The name of the chart as made available by the HelmRepository
# (without any aliases)
chart: redis
# A fixed SemVer, or any SemVer range
# (i.e. >=4.0.0 <5.0.0)
version: 12.8.3
# The reference to the HelmRepository
sourceRef:
kind: HelmRepository
name: bitnami
# Optional, defaults to the namespace of the HelmRelease
namespace: default
values:
cluster:
slaveCount: 0
usePassword: false
metrics:
enabled: true

21
scripts/set-image.sh
View File

@@ -1,21 +0,0 @@
#! /bin/bash
set -e
cd kubernetes/
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/bloxberg-node:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:$TAG
echo "kustomize set image to ${TAG? no variable TAG set}"