replace deploy image

docker vm builds

See merge request grassrootseconomics/cic-internal-integration!259

.gitignore

@@ -14,3 +14,4 @@ build/
 **/.venv
 .idea
 **/.vim
+**/*secret.yaml

.gitlab-ci.yml

@@ -1,14 +1,67 @@
 include:
-  - local: 'ci_templates/.cic-template.yml'
-  - local: 'apps/contract-migration/.gitlab-ci.yml'
+  #- local: 'ci_templates/.cic-template.yml' #kaniko build templates
+  # these includes are app specific unit tests
   - local: 'apps/cic-eth/.gitlab-ci.yml'
   - local: 'apps/cic-ussd/.gitlab-ci.yml'
   - local: 'apps/cic-notify/.gitlab-ci.yml'
   - local: 'apps/cic-meta/.gitlab-ci.yml'
   - local: 'apps/cic-cache/.gitlab-ci.yml'
-  - local: 'apps/data-seeding/.gitlab-ci.yml'
+    #- local: 'apps/contract-migration/.gitlab-ci.yml'
+    #- local: 'apps/data-seeding/.gitlab-ci.yml'
 
 stages:
   - build
   - test
-  - release
+  - deploy 
+
+image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/docker-with-compose:latest  
+
+variables:
+  DOCKER_BUILDKIT: "1"
+  COMPOSE_DOCKER_CLI_BUILD: "1" 
+  CI_DEBUG_TRACE: "true"
+  TAG: $CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
+
+     
+# runs on protected branches and pushes to repo
+build-push:
+  stage: build
+  tags:
+    - integration
+  before_script:
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+  script:
+    - TAG=$TAG sh ./scripts/build-push.sh
+  rules:
+  - if: $CI_COMMIT_REF_PROTECTED == "true"
+    when: always
+
+deploy-k8s-dev:
+  stage: deploy
+  image: line/kubectl-kustomize
+  variables:
+    CI_DEBUG_TRACE: "true"
+  script:
+    - kubectl config set-cluster k8s --server="${K8S_DEV_SERVER?dev server missing}"
+    - kubectl config set clusters.k8s.certificate-authority-data ${K8S_DEV_CERTIFICATE_AUTHORITY_DATA}
+    - kubectl config set-credentials gitlab --token="${K8S_DEV_USER_TOKEN}"
+    - kubectl config set-context grassroots --cluster=k8s --user=gitlab --namespace grassroots
+    - kubectl config use-context grassroots  
+      #- sed -i "s/<VERSION>/${CI_COMMIT_SHORT_SHA}/g" deployment.yaml
+      #- kubectl apply -f deployment.yaml
+    - echo "Wiping state..."
+    - kubectl delete jobs.batch --all 
+    - kubectl delete hr postgresql && kubectl delete pvc -l 'app.kubernetes.io/name=postgresql'
+    - kubectl delete sts,pvc -l 'app=bloxberg-validator'
+    - kubectl delete hr redis && kubectl delete pvc -l 'app=redis'
+    - kubectl apply -f kubernetes/eth-node/ -f kubernetes/postgresql/ -f kubernetes/redis/
+    - echo "deploy and run database migrations..."
+      # set image based on deploy tag
+    - bash ./scripts/set-image.sh
+    - kubectl apply -f . 
+    - echo "run contract migrations..."
+    - kubectl apply -f kubernetes/contract-migration/contract-migration-job.yaml
+  rules:
+  - if: $CI_COMMIT_REF_PROTECTED == "true"
+    when: always
+

apps/cic-base-os/Dockerfile

@@ -1,34 +0,0 @@
-# The solc image messes up the alpine environment, so we have to go all over again
-FROM python:3.8.6-slim-buster
-
-LABEL authors="Louis Holbrook <dev@holbrook.no> 0826EDA1702D1E87C6E2875121D2E7BB88C2A746"
-LABEL spdx-license-identifier="GPL-3.0-or-later"
-LABEL description="Base layer for buiding development images for the cic component suite"
-
-RUN apt-get update && \
-	apt-get install -y git gcc g++ libpq-dev && \
-	apt-get install -y vim gawk jq telnet openssl iputils-ping curl wget gnupg socat bash procps make python2 postgresql-client
-
-
-RUN echo installing nodejs tooling
-
-COPY ./dev/nvm.sh /root/
-
-# Install nvm with node and npm
-# https://stackoverflow.com/questions/25899912/how-to-install-nvm-in-docker
-ENV NVM_DIR /root/.nvm
-ENV NODE_VERSION 15.3.0
-ENV BANCOR_NODE_VERSION 10.16.0
-
-RUN wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.37.2/install.sh | bash \
-	&& . $NVM_DIR/nvm.sh \
-	&& nvm install $NODE_VERSION \
-	&& nvm alias default $NODE_VERSION \
-	&& nvm use $NODE_VERSION \
-# So many ridiculously stupid issues with node in docker that take oceans of absolutely wasted time to resolve
-# owner of these files is "1001" by default - wtf
-	&& chown -R root:root "$NVM_DIR/versions/node/v$NODE_VERSION"
-
-ENV NODE_PATH $NVM_DIR/versions/node//v$NODE_VERSION/lib/node_modules
-ENV PATH      $NVM_DIR/versions/node//v$NODE_VERSION/bin:$PATH
-

apps/cic-base-os/README.md

@@ -1 +0,0 @@
-## this is an example base image if we wanted one for all the other apps. Its just OS level things

apps/cic-cache/.gitlab-ci.yml

@@ -1,52 +1,17 @@
-.cic_cache_variables:
-    variables:
-        APP_NAME: cic-cache
-        DOCKERFILE_PATH: docker/Dockerfile_ci
-        CONTEXT: apps/$APP_NAME
-
-build-mr-cic-cache:
-    extends:
-        - .py_build_merge_request
-        - .cic_cache_variables
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/cic-cache/**/*
-      when: always
-
-test-mr-cic-cache:
-    stage: test
-    extends:
-        - .cic_cache_variables
-    cache:
-        key:
-            files:
-                - test_requirements.txt
-        paths:
-        - /root/.cache/pip
-    image: $MR_IMAGE_TAG
-    script:
-        - cd apps/$APP_NAME/
-        - >
-          pip install --extra-index-url https://pip.grassrootseconomics.net:8433
-          --extra-index-url https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple
-          -r test_requirements.txt 
-        - export PYTHONPATH=. && pytest -x --cov=cic_cache --cov-fail-under=90 --cov-report term-missing tests
-    needs: ["build-mr-cic-cache"]
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/$APP_NAME/**/*
-      when: always
-
-build-push-cic-cache:
-    extends:
-        - .py_build_push
-        - .cic_cache_variables
-    rules:
-    - if:  $CI_COMMIT_BRANCH == "master"
-      changes:
-          - apps/cic-cache/**/*
-      when: always
-        
-
+build-test-cic-cache:
+  stage: test 
+  tags:
+    - integration
+  variables:
+    APP_NAME: cic-cache
+    MR_IMAGE_TAG: mr-$APP_NAME-$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
+  script:
+    - cd apps/cic-cache
+    - docker build -t $MR_IMAGE_TAG -f docker/Dockerfile . 
+    - docker run $MR_IMAGE_TAG sh docker/run_tests.sh
+  allow_failure: true
+  rules:
+  - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    changes:
+        - apps/$APP_NAME/**/*
+    when: always

apps/cic-cache/README.md

@@ -0,0 +1 @@
+# CIC-CACHE

apps/cic-cache/cic_cache/version.py

@@ -5,7 +5,7 @@ version = (
         0,
         2,
         1,
-        'alpha.1',
+        'alpha.2',
         )
 
 version_object = semver.VersionInfo(

apps/cic-cache/docker/Dockerfile_ci

@@ -1,38 +0,0 @@
-# syntax = docker/dockerfile:1.2
-FROM registry.gitlab.com/grassrootseconomics/cic-base-images:python-3.8.6-dev-55da5f4e as dev
- 
-# RUN pip install $pip_extra_index_url_flag cic-base[full_graph]==0.1.2b9
-
-COPY requirements.txt .
-#RUN pip install $pip_extra_index_url_flag -r test_requirements.txt
-#RUN pip install $pip_extra_index_url_flag .
-#RUN pip install .[server]
-
-ARG EXTRA_INDEX_URL="https://pip.grassrootseconomics.net:8433"
-ARG GITLAB_PYTHON_REGISTRY="https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple"
-ARG EXTRA_PIP_ARGS=""
-RUN pip install --index-url https://pypi.org/simple  \
-	  --extra-index-url $GITLAB_PYTHON_REGISTRY --extra-index-url $EXTRA_INDEX_URL $EXTRA_PIP_ARGS \
-    -r requirements.txt
-
-COPY . . 
-
-RUN python setup.py install
-
-# ini files in config directory defines the configurable parameters for the application
-# they can all be overridden by environment variables
-# to generate a list of environment variables from configuration, use: confini-dump -z <dir> (executable provided by confini package)
-COPY config/ /usr/local/etc/cic-cache/
-
-# for db migrations
-RUN git clone https://github.com/vishnubob/wait-for-it.git /usr/local/bin/wait-for-it/
-COPY cic_cache/db/migrations/ /usr/local/share/cic-cache/alembic/
-
-COPY /docker/start_tracker.sh ./start_tracker.sh
-COPY /docker/db.sh ./db.sh
-RUN chmod 755 ./*.sh
-# Tracker
-# ENTRYPOINT ["/usr/local/bin/cic-cache-tracker", "-vv"]
-# Server
-# ENTRYPOINT [ "/usr/local/bin/uwsgi", "--wsgi-file", "/usr/local/lib/python3.8/site-packages/cic_cache/runnable/server.py", "--http", ":80", "--pyargv", "-vv" ]
-ENTRYPOINT []

apps/cic-cache/docker/run_tests.sh

@@ -0,0 +1,10 @@
+#! /bin/bash
+
+set -e
+
+pip install --extra-index-url https://pip.grassrootseconomics.net:8433 \
+--extra-index-url https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple \
+-r test_requirements.txt 
+
+export PYTHONPATH=. && pytest -x --cov=cic_cache --cov-fail-under=90 --cov-report term-missing tests
+

apps/cic-cache/requirements.txt

@@ -8,8 +8,8 @@ semver==2.13.0
 psycopg2==2.8.6
 celery==4.4.7
 redis==3.5.3
-chainsyncer[sql]>=0.0.6a1,<0.1.0
+chainsyncer[sql]>=0.0.6a3,<0.1.0
 erc20-faucet>=0.3.2a1, <0.4.0
-chainlib-eth>=0.0.9a3,<0.1.0
-chainlib>=0.0.9a2,<0.1.0
+chainlib-eth>=0.0.9a7,<0.1.0
+chainlib>=0.0.9a3,<0.1.0
 eth-address-index>=0.2.3a1,<0.3.0

apps/cic-eth/.gitlab-ci.yml

@@ -1,52 +1,16 @@
-.cic_eth_variables:
-    variables:
-        APP_NAME: cic-eth
-        DOCKERFILE_PATH: docker/Dockerfile_ci
-        CONTEXT: apps/$APP_NAME
-
-build-mr-cic-eth:
-    extends:
-        - .cic_eth_variables
-        - .py_build_target_dev
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/cic-eth/**/*
-      when: always
-
-test-mr-cic-eth:
-    stage: test
-    extends:
-        - .cic_eth_variables
-    cache:
-        key:
-            files:
-                - test_requirements.txt
-        paths:
-        - /root/.cache/pip
-    image: $MR_IMAGE_TAG
-    script:
-        - cd apps/$APP_NAME/
-        - >
-          pip install --extra-index-url https://pip.grassrootseconomics.net:8433
-          --extra-index-url https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple
-          -r admin_requirements.txt
-          -r services_requirements.txt
-          -r test_requirements.txt 
-        - export PYTHONPATH=. && pytest -x --cov=cic_eth --cov-fail-under=90 --cov-report term-missing tests
-    needs: ["build-mr-cic-eth"]
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/cic-eth/**/*
-      when: always
-
-build-push-cic-eth:
-    extends:
-        - .py_build_push
-        - .cic_eth_variables
-    rules:
-    - if:  $CI_COMMIT_BRANCH == "master"
-      changes:
-          - apps/cic-eth/**/*
-      when: always
+build-test-cic-eth:
+  stage: test
+  tags:
+    - integration
+  variables:
+    APP_NAME: cic-eth
+    MR_IMAGE_TAG: mr-$APP_NAME-$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
+  script:
+    - cd apps/cic-eth
+    - docker build -t $MR_IMAGE_TAG -f docker/Dockerfile . 
+    - docker run $MR_IMAGE_TAG sh docker/run_tests.sh
+      #rules:
+      #- if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      #  changes:
+      #      - apps/$APP_NAME/**/*
+      #  when: always

apps/cic-eth/cic_eth/admin/ctrl.py

@@ -4,7 +4,6 @@ import logging
 
 # external imports
 import celery
-from chainlib.eth.constant import ZERO_ADDRESS
 from chainlib.chain import ChainSpec
 from hexathon import (
         add_0x,
@@ -20,18 +19,17 @@ from cic_eth.task import (
         CriticalSQLAlchemyTask,
         )
 from cic_eth.error import LockedError
+from cic_eth.encode import (
+        tx_normalize,
+        ZERO_ADDRESS_NORMAL,
+        )
 
 celery_app = celery.current_app
 logg = logging.getLogger()
 
 
-def normalize_address(a):
-    if a == None:
-        return None
-    return add_0x(hex_uniform(strip_0x(a)))
-
 @celery_app.task(base=CriticalSQLAlchemyTask)
-def lock(chained_input, chain_spec_dict, address=ZERO_ADDRESS, flags=LockEnum.ALL, tx_hash=None):
+def lock(chained_input, chain_spec_dict, address=ZERO_ADDRESS_NORMAL, flags=LockEnum.ALL, tx_hash=None):
     """Task wrapper to set arbitrary locks
 
     :param chain_str: Chain spec string representation
@@ -43,7 +41,7 @@ def lock(chained_input, chain_spec_dict, address=ZERO_ADDRESS, flags=LockEnum.AL
     :returns: New lock state for address
     :rtype: number
     """
-    address = normalize_address(address)
+    address = tx_normalize.wallet_address(address)
     chain_str = '::'
     if chain_spec_dict != None:
         chain_str = str(ChainSpec.from_dict(chain_spec_dict))
@@ -53,7 +51,7 @@ def lock(chained_input, chain_spec_dict, address=ZERO_ADDRESS, flags=LockEnum.AL
 
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
-def unlock(chained_input, chain_spec_dict, address=ZERO_ADDRESS, flags=LockEnum.ALL):
+def unlock(chained_input, chain_spec_dict, address=ZERO_ADDRESS_NORMAL, flags=LockEnum.ALL):
     """Task wrapper to reset arbitrary locks
 
     :param chain_str: Chain spec string representation
@@ -65,7 +63,7 @@ def unlock(chained_input, chain_spec_dict, address=ZERO_ADDRESS, flags=LockEnum.
     :returns: New lock state for address
     :rtype: number
     """
-    address = normalize_address(address)
+    address = tx_normalize.wallet_address(address)
     chain_str = '::'
     if chain_spec_dict != None:
         chain_str = str(ChainSpec.from_dict(chain_spec_dict))
@@ -75,7 +73,7 @@ def unlock(chained_input, chain_spec_dict, address=ZERO_ADDRESS, flags=LockEnum.
 
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
-def lock_send(chained_input, chain_spec_dict, address=ZERO_ADDRESS, tx_hash=None):
+def lock_send(chained_input, chain_spec_dict, address=ZERO_ADDRESS_NORMAL, tx_hash=None):
     """Task wrapper to set send lock
 
     :param chain_str: Chain spec string representation
@@ -85,7 +83,7 @@ def lock_send(chained_input, chain_spec_dict, address=ZERO_ADDRESS, tx_hash=None
     :returns: New lock state for address
     :rtype: number
     """
-    address = normalize_address(address)
+    address = tx_normalize.wallet_address(address)
     chain_str = str(ChainSpec.from_dict(chain_spec_dict))
     r = Lock.set(chain_str, LockEnum.SEND, address=address, tx_hash=tx_hash)
     logg.debug('Send locked for {}, flag now {}'.format(address, r))
@@ -93,7 +91,7 @@ def lock_send(chained_input, chain_spec_dict, address=ZERO_ADDRESS, tx_hash=None
 
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
-def unlock_send(chained_input, chain_spec_dict, address=ZERO_ADDRESS):
+def unlock_send(chained_input, chain_spec_dict, address=ZERO_ADDRESS_NORMAL):
     """Task wrapper to reset send lock
 
     :param chain_str: Chain spec string representation
@@ -103,7 +101,7 @@ def unlock_send(chained_input, chain_spec_dict, address=ZERO_ADDRESS):
     :returns: New lock state for address
     :rtype: number
     """
-    address = normalize_address(address)
+    address = tx_normalize.wallet_address(address)
     chain_str = str(ChainSpec.from_dict(chain_spec_dict))
     r = Lock.reset(chain_str, LockEnum.SEND, address=address)
     logg.debug('Send unlocked for {}, flag now {}'.format(address, r))
@@ -111,7 +109,7 @@ def unlock_send(chained_input, chain_spec_dict, address=ZERO_ADDRESS):
 
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
-def lock_queue(chained_input, chain_spec_dict, address=ZERO_ADDRESS, tx_hash=None):
+def lock_queue(chained_input, chain_spec_dict, address=ZERO_ADDRESS_NORMAL, tx_hash=None):
     """Task wrapper to set queue direct lock
 
     :param chain_str: Chain spec string representation
@@ -121,7 +119,7 @@ def lock_queue(chained_input, chain_spec_dict, address=ZERO_ADDRESS, tx_hash=Non
     :returns: New lock state for address
     :rtype: number
     """
-    address = normalize_address(address)
+    address = tx_normalize.wallet_address(address)
     chain_str = str(ChainSpec.from_dict(chain_spec_dict))
     r = Lock.set(chain_str, LockEnum.QUEUE, address=address, tx_hash=tx_hash)
     logg.debug('Queue direct locked for {}, flag now {}'.format(address, r))
@@ -129,7 +127,7 @@ def lock_queue(chained_input, chain_spec_dict, address=ZERO_ADDRESS, tx_hash=Non
 
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
-def unlock_queue(chained_input, chain_spec_dict, address=ZERO_ADDRESS):
+def unlock_queue(chained_input, chain_spec_dict, address=ZERO_ADDRESS_NORMAL):
     """Task wrapper to reset queue direct lock
 
     :param chain_str: Chain spec string representation
@@ -139,7 +137,7 @@ def unlock_queue(chained_input, chain_spec_dict, address=ZERO_ADDRESS):
     :returns: New lock state for address
     :rtype: number
     """
-    address = normalize_address(address)
+    address = tx_normalize.wallet_address(address)
     chain_str = str(ChainSpec.from_dict(chain_spec_dict))
     r = Lock.reset(chain_str, LockEnum.QUEUE, address=address)
     logg.debug('Queue direct unlocked for {}, flag now {}'.format(address, r))
@@ -148,12 +146,13 @@ def unlock_queue(chained_input, chain_spec_dict, address=ZERO_ADDRESS):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def check_lock(chained_input, chain_spec_dict, lock_flags, address=None):
-    address = normalize_address(address)
+    if address != None:
+        address = tx_normalize.wallet_address(address)
     chain_str = '::'
     if chain_spec_dict != None:
         chain_str = str(ChainSpec.from_dict(chain_spec_dict))
     session = SessionBase.create_session()
-    r = Lock.check(chain_str, lock_flags, address=ZERO_ADDRESS, session=session)
+    r = Lock.check(chain_str, lock_flags, address=ZERO_ADDRESS_NORMAL, session=session)
     if address != None:
         r |= Lock.check(chain_str, lock_flags, address=address, session=session)
     if r > 0:

apps/cic-eth/cic_eth/admin/nonce.py

@@ -33,6 +33,7 @@ from cic_eth.admin.ctrl import (
 from cic_eth.queue.tx import queue_create
 from cic_eth.eth.gas import create_check_gas_task
 from cic_eth.task import BaseTask
+from cic_eth.encode import tx_normalize
 
 celery_app = celery.current_app
 logg = logging.getLogger()
@@ -73,7 +74,7 @@ def shift_nonce(self, chainspec_dict, tx_hash_orig_hex, delta=1):
 
     set_cancel(chain_spec, strip_0x(tx['hash']), manual=True, session=session)
 
-    query_address = add_0x(hex_uniform(strip_0x(address))) # aaaaargh
+    query_address = tx_normalize.wallet_address(address)
     q = session.query(Otx)
     q = q.join(TxCache)
     q = q.filter(TxCache.sender==query_address)

apps/cic-eth/cic_eth/api/admin.py

@@ -32,7 +32,6 @@ from chainqueue.db.enum import (
         status_str,
     )
 from chainqueue.error import TxStateChangeError
-from chainqueue.sql.query import get_tx
 from eth_erc20 import ERC20
 
 # local imports
@@ -40,6 +39,7 @@ from cic_eth.db.models.base import SessionBase
 from cic_eth.db.models.role import AccountRole
 from cic_eth.db.models.nonce import Nonce
 from cic_eth.error import InitializationError
+from cic_eth.queue.query import get_tx_local
 
 app = celery.current_app
 
@@ -284,7 +284,7 @@ class AdminApi:
         tx_hash_hex = None
         session = SessionBase.create_session()
         for k in txs.keys():
-            tx_dict = get_tx(chain_spec, k, session=session)
+            tx_dict = get_tx_local(chain_spec, k, session=session)
             if tx_dict['nonce'] == nonce:
                 tx_hash_hex = k
         session.close()

apps/cic-eth/cic_eth/db/models/lock.py

@@ -4,12 +4,12 @@ import logging
 
 # third-party imports
 from sqlalchemy import Column, String, Integer, DateTime, ForeignKey
-from chainlib.eth.constant import ZERO_ADDRESS
 from chainqueue.db.models.tx import TxCache
 from chainqueue.db.models.otx import Otx
 
 # local imports
 from cic_eth.db.models.base import SessionBase
+from cic_eth.encode  import ZERO_ADDRESS_NORMAL
 
 logg = logging.getLogger()
 
@@ -37,7 +37,7 @@ class Lock(SessionBase):
 
 
     @staticmethod
-    def set(chain_str, flags, address=ZERO_ADDRESS, session=None, tx_hash=None):
+    def set(chain_str, flags, address=ZERO_ADDRESS_NORMAL, session=None, tx_hash=None):
         """Sets flags associated with the given address and chain.
 
         If a flags entry does not exist it is created.
@@ -90,7 +90,7 @@ class Lock(SessionBase):
 
 
     @staticmethod
-    def reset(chain_str, flags, address=ZERO_ADDRESS, session=None):
+    def reset(chain_str, flags, address=ZERO_ADDRESS_NORMAL, session=None):
         """Resets flags associated with the given address and chain.
 
         If the resulting flags entry value is 0, the entry will be deleted.
@@ -134,7 +134,7 @@ class Lock(SessionBase):
 
 
     @staticmethod
-    def check(chain_str, flags, address=ZERO_ADDRESS, session=None):
+    def check(chain_str, flags, address=ZERO_ADDRESS_NORMAL, session=None):
         """Checks whether all given flags are set for given address and chain. 
 
         Does not validate the address against any other tables or components.

apps/cic-eth/cic_eth/encode.py

@@ -0,0 +1,16 @@
+# external imports
+from chainlib.eth.constant import ZERO_ADDRESS
+from chainqueue.encode import TxHexNormalizer
+from chainlib.eth.tx import unpack
+
+tx_normalize = TxHexNormalizer()
+
+ZERO_ADDRESS_NORMAL = tx_normalize.wallet_address(ZERO_ADDRESS)
+
+
+def unpack_normal(signed_tx_bytes, chain_spec):
+    tx = unpack(signed_tx_bytes, chain_spec)
+    tx['hash'] = tx_normalize.tx_hash(tx['hash'])
+    tx['from'] = tx_normalize.wallet_address(tx['from'])
+    tx['to'] = tx_normalize.wallet_address(tx['to'])
+    return tx

apps/cic-eth/cic_eth/eth/account.py

@@ -14,10 +14,7 @@ from chainlib.eth.sign import (
         sign_message,
         )
 from chainlib.eth.address import to_checksum_address
-from chainlib.eth.tx import (
-        TxFormat,
-        unpack,
-        )
+from chainlib.eth.tx import TxFormat
 from chainlib.chain import ChainSpec
 from chainlib.error import JSONRPCException
 from eth_accounts_index.registry import AccountRegistry
@@ -49,6 +46,10 @@ from cic_eth.eth.nonce import (
 from cic_eth.queue.tx import (
         register_tx,
         )
+from cic_eth.encode import (
+        unpack_normal,
+        ZERO_ADDRESS_NORMAL,
+        )
 
 logg = logging.getLogger()
 celery_app = celery.current_app 
@@ -295,17 +296,17 @@ def cache_gift_data(
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
 
     tx_signed_raw_bytes = bytes.fromhex(strip_0x(tx_signed_raw_hex))
-    tx = unpack(tx_signed_raw_bytes, chain_spec)
+    tx = unpack_normal(tx_signed_raw_bytes, chain_spec)
     tx_data = Faucet.parse_give_to_request(tx['data'])
 
     session = self.create_session()
 
     tx_dict = {
-            'hash': tx_hash_hex,
+            'hash': tx['hash'],
             'from': tx['from'],
             'to': tx['to'],
-            'source_token': ZERO_ADDRESS,
-            'destination_token': ZERO_ADDRESS,
+            'source_token': ZERO_ADDRESS_NORMAL,
+            'destination_token': ZERO_ADDRESS_NORMAL,
             'from_value': 0,
             'to_value': 0,
             }
@@ -334,17 +335,17 @@ def cache_account_data(
     :rtype: tuple
     """
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
-    tx_signed_raw_bytes = bytes.fromhex(tx_signed_raw_hex[2:])
-    tx = unpack(tx_signed_raw_bytes, chain_spec)
+    tx_signed_raw_bytes = bytes.fromhex(strip_0x(tx_signed_raw_hex))
+    tx = unpack_normal(tx_signed_raw_bytes, chain_spec)
     tx_data = AccountsIndex.parse_add_request(tx['data'])
 
     session = SessionBase.create_session()
     tx_dict = {
-            'hash': tx_hash_hex,
+            'hash': tx['hash'],
             'from': tx['from'],
             'to': tx['to'],
-            'source_token': ZERO_ADDRESS,
-            'destination_token': ZERO_ADDRESS,
+            'source_token': ZERO_ADDRESS_NORMAL,
+            'destination_token': ZERO_ADDRESS_NORMAL,
             'from_value': 0,
             'to_value': 0,
             }

apps/cic-eth/cic_eth/eth/gas.py

@@ -4,7 +4,7 @@ import logging
 # external imports
 import celery
 from hexathon import strip_0x
-from chainlib.eth.constant import ZERO_ADDRESS
+#from chainlib.eth.constant import ZERO_ADDRESS
 from chainlib.chain import ChainSpec
 from chainlib.eth.address import is_checksum_address
 from chainlib.connection import RPCConnection
@@ -21,7 +21,6 @@ from chainlib.eth.error import (
 from chainlib.eth.tx import (
         TxFactory,
         TxFormat,
-        unpack,
         )
 from chainlib.eth.contract import (
         abi_decode_single,
@@ -45,6 +44,7 @@ from cic_eth.eth.nonce import CustodialTaskNonceOracle
 from cic_eth.queue.tx import (
         queue_create,
         register_tx,
+        unpack,
         )
 from cic_eth.queue.query import get_tx
 from cic_eth.task import (
@@ -53,6 +53,11 @@ from cic_eth.task import (
         CriticalSQLAlchemyAndSignerTask,
         CriticalWeb3AndSignerTask,
         )
+from cic_eth.encode import (
+        tx_normalize,
+        ZERO_ADDRESS_NORMAL,
+        unpack_normal,
+        )
 
 celery_app = celery.current_app
 logg = logging.getLogger()
@@ -66,6 +71,7 @@ class MaxGasOracle:
         return MAXIMUM_FEE_UNITS
 
 
+#def create_check_gas_task(tx_signed_raws_hex, chain_spec, holder_address, gas=None, tx_hashes_hex=None, queue=None):
 def create_check_gas_task(tx_signed_raws_hex, chain_spec, holder_address, gas=None, tx_hashes_hex=None, queue=None):
     """Creates a celery task signature for a check_gas task that adds the task to the outgoing queue to be processed by the dispatcher.
 
@@ -130,16 +136,16 @@ def cache_gas_data(
     """
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     tx_signed_raw_bytes = bytes.fromhex(strip_0x(tx_signed_raw_hex))
-    tx = unpack(tx_signed_raw_bytes, chain_spec)
+    tx = unpack_normal(tx_signed_raw_bytes, chain_spec)
 
     session = SessionBase.create_session()
 
     tx_dict = {
-            'hash': tx_hash_hex,
+            'hash': tx['hash'],
             'from': tx['from'],
             'to': tx['to'],
-            'source_token': ZERO_ADDRESS,
-            'destination_token': ZERO_ADDRESS,
+            'source_token': ZERO_ADDRESS_NORMAL,
+            'destination_token': ZERO_ADDRESS_NORMAL,
             'from_value': tx['value'],
             'to_value': tx['value'],
             }
@@ -150,7 +156,7 @@ def cache_gas_data(
 
 
 @celery_app.task(bind=True, throws=(OutOfGasError), base=CriticalSQLAlchemyAndWeb3Task)
-def check_gas(self, tx_hashes, chain_spec_dict, txs=[], address=None, gas_required=MAXIMUM_FEE_UNITS):
+def check_gas(self, tx_hashes_hex, chain_spec_dict, txs_hex=[], address=None, gas_required=MAXIMUM_FEE_UNITS):
     """Check the gas level of the sender address of a transaction.
 
     If the account balance is not sufficient for the required gas, gas refill is requested and OutOfGasError raiser.
@@ -170,6 +176,20 @@ def check_gas(self, tx_hashes, chain_spec_dict, txs=[], address=None, gas_requir
     :return: Signed raw transaction data list
     :rtype: param txs, unchanged
     """
+    if address != None:
+        if not is_checksum_address(address):
+            raise ValueError('invalid address {}'.format(address))
+        address = tx_normalize.wallet_address(address)
+
+    tx_hashes = []
+    txs = []
+    for tx_hash in tx_hashes_hex:
+        tx_hash = tx_normalize.tx_hash(tx_hash)
+        tx_hashes.append(tx_hash)
+    for tx in txs_hex:
+        tx = tx_normalize.tx_wire(tx)
+        txs.append(tx)
+
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     logg.debug('txs {} tx_hashes {}'.format(txs, tx_hashes))
 
@@ -187,9 +207,6 @@ def check_gas(self, tx_hashes, chain_spec_dict, txs=[], address=None, gas_requir
                 raise ValueError('txs passed to check gas must all have same sender; had {} got {}'.format(address, tx['from']))
             addresspass.append(address)
 
-    if not is_checksum_address(address):
-        raise ValueError('invalid address {}'.format(address))
-
     queue = self.request.delivery_info.get('routing_key')
 
     conn = RPCConnection.connect(chain_spec)
@@ -304,6 +321,7 @@ def refill_gas(self, recipient_address, chain_spec_dict):
     # Determine value of gas tokens to send
     # if an uncompleted gas refill for the same recipient already exists, we still need to spend the nonce
     # however, we will perform a 0-value transaction instead
+    recipient_address = tx_normalize.wallet_address(recipient_address)
     zero_amount = False
     session = SessionBase.create_session()
     status_filter = StatusBits.FINAL | StatusBits.NODE_ERROR | StatusBits.NETWORK_ERROR | StatusBits.UNKNOWN_ERROR
@@ -378,6 +396,7 @@ def resend_with_higher_gas(self, txold_hash_hex, chain_spec_dict, gas=None, defa
     :returns: Transaction hash
     :rtype: str, 0x-hex
     """
+    txold_hash_hex = tx_normalize.tx_hash(txold_hash_hex)
     session = SessionBase.create_session()
 
     otx = Otx.load(txold_hash_hex, session)

apps/cic-eth/cic_eth/queue/balance.py

@@ -15,6 +15,7 @@ from chainqueue.db.enum import (
 # local imports
 from cic_eth.db import SessionBase
 from cic_eth.task import CriticalSQLAlchemyTask
+from cic_eth.encode import tx_normalize
 
 celery_app = celery.current_app
 
@@ -22,6 +23,9 @@ logg = logging.getLogger()
 
 
 def __balance_outgoing_compatible(token_address, holder_address):
+    token_address = tx_normalize.executable_address(token_address)
+    holder_address = tx_normalize.wallet_address(holder_address)
+
     session = SessionBase.create_session()
     q = session.query(TxCache.from_value)
     q = q.join(Otx)
@@ -58,6 +62,9 @@ def balance_outgoing(tokens, holder_address, chain_spec_dict):
 
 
 def __balance_incoming_compatible(token_address, receiver_address):
+    token_address = tx_normalize.executable_address(token_address)
+    receiver_address = tx_normalize.wallet_address(receiver_address)
+
     session = SessionBase.create_session()
     q = session.query(TxCache.to_value)
     q = q.join(Otx)
@@ -110,7 +117,7 @@ def assemble_balances(balances_collection):
     logg.debug('received collection {}'.format(balances_collection))
     for c in balances_collection:
         for b in c:
-            address = b['address']
+            address = tx_normalize.executable_address(b['address'])
             if tokens.get(address) == None:
                 tokens[address] = {
                     'address': address,

apps/cic-eth/cic_eth/queue/lock.py

@@ -6,6 +6,7 @@ import celery
 from cic_eth.task import CriticalSQLAlchemyTask
 from cic_eth.db import SessionBase
 from cic_eth.db.models.lock import Lock
+from cic_eth.encode import tx_normalize
 
 celery_app = celery.current_app
 
@@ -21,6 +22,9 @@ def get_lock(address=None):
     :returns: List of locks
     :rtype: list of dicts
     """
+    if address != None:
+        address = tx_normalize.wallet_address(address)
+
     session = SessionBase.create_session()
     q = session.query(
             Lock.date_created,

apps/cic-eth/cic_eth/queue/query.py

@@ -4,8 +4,8 @@ import datetime
 # external imports
 import celery
 from chainlib.chain import ChainSpec
-from chainlib.eth.tx import unpack
 import chainqueue.sql.query
+from chainlib.eth.tx import unpack
 from chainqueue.db.enum import (
         StatusEnum,
         is_alive,
@@ -20,6 +20,10 @@ from cic_eth.db.enum import LockEnum
 from cic_eth.task import CriticalSQLAlchemyTask
 from cic_eth.db.models.lock import Lock
 from cic_eth.db.models.base import SessionBase
+from cic_eth.encode import (
+        tx_normalize,
+        unpack_normal,
+        )
 
 celery_app = celery.current_app
 
@@ -27,49 +31,76 @@ celery_app = celery.current_app
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def get_tx_cache(chain_spec_dict, tx_hash):
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
-    session = SessionBase.create_session()
+    return get_tx_cache_local(chain_spec, tx_hash)
+
+
+def get_tx_cache_local(chain_spec, tx_hash, session=None):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
+    session = SessionBase.bind_session(session)
     r = chainqueue.sql.query.get_tx_cache(chain_spec, tx_hash, session=session)
-    session.close()
+    SessionBase.release_session(session)
     return r
 
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def get_tx(chain_spec_dict, tx_hash):
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
-    session = SessionBase.create_session()
+    return get_tx_local(chain_spec, tx_hash)
+
+
+def get_tx_local(chain_spec, tx_hash, session=None):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
+    session = SessionBase.bind_session(session)
     r =  chainqueue.sql.query.get_tx(chain_spec, tx_hash, session=session)
-    session.close()
+    SessionBase.release_session(session)
     return r
 
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def get_account_tx(chain_spec_dict, address, as_sender=True, as_recipient=True, counterpart=None):
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
-    session = SessionBase.create_session()
+    return get_account_tx_local(chain_spec, address, as_sender=as_sender, as_recipient=as_recipient, counterpart=counterpart)
+
+
+def get_account_tx_local(chain_spec, address, as_sender=True, as_recipient=True, counterpart=None, session=None):
+    address = tx_normalize.wallet_address(address)
+    session = SessionBase.bind_session(session)
     r = chainqueue.sql.query.get_account_tx(chain_spec, address, as_sender=True, as_recipient=True, counterpart=None, session=session)
-    session.close()
+    SessionBase.release_session(session)
     return r
 
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
-def get_upcoming_tx_nolock(chain_spec_dict, status=StatusEnum.READYSEND, not_status=None, recipient=None, before=None, limit=0, session=None):
+def get_upcoming_tx_nolock(chain_spec_dict, status=StatusEnum.READYSEND, not_status=None, recipient=None, before=None, limit=0):
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
+    return get_upcoming_tx_nolock_local(chain_spec, status=status, not_status=not_status, recipient=recipient, before=before, limit=limit)
+
+
+def get_upcoming_tx_nolock_local(chain_spec, status=StatusEnum.READYSEND, not_status=None, recipient=None, before=None, limit=0, session=None):
+    recipient = tx_normalize.wallet_address(recipient)
     session = SessionBase.create_session()
-    r = chainqueue.sql.query.get_upcoming_tx(chain_spec, status, not_status=not_status, recipient=recipient, before=before, limit=limit, session=session, decoder=unpack)
+    r = chainqueue.sql.query.get_upcoming_tx(chain_spec, status, not_status=not_status, recipient=recipient, before=before, limit=limit, session=session, decoder=unpack_normal)
     session.close()
     return r
 
 
 def get_status_tx(chain_spec, status, not_status=None, before=None, exact=False, limit=0, session=None):
-    return chainqueue.sql.query.get_status_tx_cache(chain_spec, status, not_status=not_status, before=before, exact=exact, limit=limit, session=session, decoder=unpack)
+    return chainqueue.sql.query.get_status_tx_cache(chain_spec, status, not_status=not_status, before=before, exact=exact, limit=limit, session=session, decoder=unpack_normal)
 
 
 def get_paused_tx(chain_spec, status=None, sender=None, session=None, decoder=None):
-    return chainqueue.sql.query.get_paused_tx_cache(chain_spec, status=status, sender=sender, session=session, decoder=unpack)
+    sender = tx_normalize.wallet_address(sender)
+    return chainqueue.sql.query.get_paused_tx_cache(chain_spec, status=status, sender=sender, session=session, decoder=unpack_normal)
 
 
 def get_nonce_tx(chain_spec, nonce, sender):
-    return get_nonce_tx_cache(chain_spec, nonce, sender, decoder=unpack)
+    sender = tx_normalize.wallet_address(sender)
+    return get_nonce_tx_local(chain_spec, nonce, sender)
+
+
+def get_nonce_tx_local(chain_spec, nonce, sender, session=None):
+    sender = tx_normalize.wallet_address(sender)
+    return chainqueue.sql.query.get_nonce_tx_cache(chain_spec, nonce, sender, decoder=unpack_normal, session=session)
 
 
 def get_upcoming_tx(chain_spec, status=StatusEnum.READYSEND, not_status=None, recipient=None, before=None, limit=0, session=None):
@@ -91,6 +122,8 @@ def get_upcoming_tx(chain_spec, status=StatusEnum.READYSEND, not_status=None, re
     :returns: Transactions
     :rtype: dict, with transaction hash as key, signed raw transaction as value
     """
+    if recipient != None:
+        recipient = tx_normalize.wallet_address(recipient)
     session = SessionBase.bind_session(session)
     q_outer = session.query(
             TxCache.sender,

apps/cic-eth/cic_eth/queue/state.py

@@ -6,12 +6,14 @@ import chainqueue.sql.state
 import celery
 from cic_eth.task import CriticalSQLAlchemyTask
 from cic_eth.db.models.base import SessionBase
+from cic_eth.encode import tx_normalize
 
 celery_app = celery.current_app
 
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def set_sent(chain_spec_dict, tx_hash, fail=False):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.set_sent(chain_spec, tx_hash, fail, session=session)
@@ -21,6 +23,7 @@ def set_sent(chain_spec_dict, tx_hash, fail=False):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def set_final(chain_spec_dict, tx_hash, block=None, tx_index=None, fail=False):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.set_final(chain_spec, tx_hash, block=block, tx_index=tx_index, fail=fail, session=session)
@@ -30,6 +33,7 @@ def set_final(chain_spec_dict, tx_hash, block=None, tx_index=None, fail=False):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def set_cancel(chain_spec_dict, tx_hash, manual=False):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.set_cancel(chain_spec, tx_hash, manual, session=session)
@@ -39,6 +43,7 @@ def set_cancel(chain_spec_dict, tx_hash, manual=False):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def set_rejected(chain_spec_dict, tx_hash):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.set_rejected(chain_spec, tx_hash, session=session)
@@ -48,6 +53,7 @@ def set_rejected(chain_spec_dict, tx_hash):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def set_fubar(chain_spec_dict, tx_hash):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.set_fubar(chain_spec, tx_hash, session=session)
@@ -57,6 +63,7 @@ def set_fubar(chain_spec_dict, tx_hash):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def set_manual(chain_spec_dict, tx_hash):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.set_manual(chain_spec, tx_hash, session=session)
@@ -66,6 +73,7 @@ def set_manual(chain_spec_dict, tx_hash):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def set_ready(chain_spec_dict, tx_hash):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.set_ready(chain_spec, tx_hash, session=session)
@@ -75,6 +83,7 @@ def set_ready(chain_spec_dict, tx_hash):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def set_reserved(chain_spec_dict, tx_hash):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.set_reserved(chain_spec, tx_hash, session=session)
@@ -84,6 +93,7 @@ def set_reserved(chain_spec_dict, tx_hash):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def set_waitforgas(chain_spec_dict, tx_hash):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.set_waitforgas(chain_spec, tx_hash, session=session)
@@ -93,6 +103,7 @@ def set_waitforgas(chain_spec_dict, tx_hash):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def get_state_log(chain_spec_dict, tx_hash):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.get_state_log(chain_spec, tx_hash, session=session)
@@ -102,6 +113,7 @@ def get_state_log(chain_spec_dict, tx_hash):
 
 @celery_app.task(base=CriticalSQLAlchemyTask)
 def obsolete(chain_spec_dict, tx_hash, final):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     session = SessionBase.create_session()
     r = chainqueue.sql.state.obsolete_by_cache(chain_spec, tx_hash, final, session=session)

apps/cic-eth/cic_eth/queue/time.py

@@ -13,6 +13,7 @@ from chainqueue.error import NotLocalTxError
 # local imports
 from cic_eth.task import CriticalSQLAlchemyAndWeb3Task
 from cic_eth.db.models.base import SessionBase
+from cic_eth.encode import tx_normalize
 
 celery_app = celery.current_app
 
@@ -20,6 +21,7 @@ logg = logging.getLogger()
 
 
 def tx_times(tx_hash, chain_spec, session=None):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
 
     session = SessionBase.bind_session(session)
 

apps/cic-eth/cic_eth/queue/tx.py

@@ -32,12 +32,16 @@ from cic_eth.db import SessionBase
 from cic_eth.db.enum import LockEnum
 from cic_eth.task import CriticalSQLAlchemyTask
 from cic_eth.error import LockedError
+from cic_eth.encode import tx_normalize
 
 celery_app = celery.current_app
 logg = logging.getLogger()
 
 
 def queue_create(chain_spec, nonce, holder_address, tx_hash, signed_tx, session=None):
+    tx_hash = tx_normalize.tx_hash(tx_hash)
+    signed_tx = tx_normalize.tx_hash(signed_tx)
+    holder_address = tx_normalize.wallet_address(holder_address)
     session = SessionBase.bind_session(session)
 
     lock = Lock.check_aggregate(str(chain_spec), LockEnum.QUEUE, holder_address, session=session) 
@@ -67,6 +71,8 @@ def register_tx(tx_hash_hex, tx_signed_raw_hex, chain_spec, queue, cache_task=No
     :returns: Tuple; Transaction hash, signed raw transaction data
     :rtype: tuple
     """
+    tx_hash_hex = tx_normalize.tx_hash(tx_hash_hex)
+    tx_signed_raw_hex = tx_normalize.tx_hash(tx_signed_raw_hex)
     logg.debug('adding queue tx {}:{} -> {}'.format(chain_spec, tx_hash_hex, tx_signed_raw_hex))
     tx_signed_raw = bytes.fromhex(strip_0x(tx_signed_raw_hex))
     tx = unpack(tx_signed_raw, chain_spec)

apps/cic-eth/cic_eth/runnable/daemons/filters/gas.py

@@ -10,15 +10,14 @@ from chainlib.eth.tx import unpack
 from chainqueue.db.enum import StatusBits
 from chainqueue.db.models.tx import TxCache
 from chainqueue.db.models.otx import Otx
-from chainqueue.sql.query import get_paused_tx_cache as get_paused_tx
 from chainlib.eth.address import to_checksum_address
 
 # local imports
 from cic_eth.db.models.base import SessionBase
 from cic_eth.eth.gas import create_check_gas_task
+from cic_eth.queue.query import get_paused_tx
 from .base import SyncFilter
 
-#logg = logging.getLogger().getChild(__name__)
 logg = logging.getLogger()
 
 

apps/cic-eth/cic_eth/version.py

@@ -10,7 +10,7 @@ version = (
         0,
         12,
         4,
-        'alpha.6',
+        'alpha.7',
         )
 
 version_object = semver.VersionInfo(

apps/cic-eth/docker/Dockerfile_ci

@@ -1,71 +0,0 @@
-FROM registry.gitlab.com/grassrootseconomics/cic-base-images:python-3.8.6-dev-55da5f4e as dev
-
-WORKDIR /usr/src/cic-eth
-
-# Copy just the requirements and install....this _might_ give docker a hint on caching but we 
-# do load these all into setup.py later
-# TODO can we take all the requirements out of setup.py and just do a pip install -r requirements.txt && python setup.py
-#COPY cic-eth/requirements.txt .
-
-ARG EXTRA_INDEX_URL="https://pip.grassrootseconomics.net:8433"
-ARG GITLAB_PYTHON_REGISTRY="https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple"
-ARG EXTRA_PIP_ARGS=""
-#RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
-#    pip install --index-url https://pypi.org/simple \
-#    --force-reinstall \
-#	--extra-index-url $GITLAB_PYTHON_REGISTRY --extra-index-url $EXTRA_INDEX_URL \
-#    -r requirements.txt 
-COPY *requirements.txt . 
-RUN pip install --index-url https://pypi.org/simple  \
-	  --extra-index-url $GITLAB_PYTHON_REGISTRY \
-    --extra-index-url $EXTRA_INDEX_URL \
-    $EXTRA_PIP_ARGS \
-    -r requirements.txt \
-    -r services_requirements.txt \
-    -r admin_requirements.txt
-    
-COPY . .
-RUN python setup.py install
-
-COPY docker/entrypoints/* ./ 
-RUN chmod 755 *.sh
-
-# # ini files in config directory defines the configurable parameters for the application
-# # they can all be overridden by environment variables
-# # to generate a list of environment variables from configuration, use: confini-dump -z <dir> (executable provided by confini package)
-COPY config/ /usr/local/etc/cic-eth/
-COPY cic_eth/db/migrations/ /usr/local/share/cic-eth/alembic/
-COPY crypto_dev_signer_config/ /usr/local/etc/crypto-dev-signer/
-
-# TODO this kind of code sharing across projects should be discouraged...can we make util a library?
-#COPY util/liveness/health.sh /usr/local/bin/health.sh
-ENTRYPOINT []
-
-# ------------------ PRODUCTION CONTAINER ----------------------
-#FROM python:3.8.6-slim-buster as prod 
-#
-#RUN apt-get update && \
-#	apt install -y gnupg libpq-dev procps
-#
-#WORKDIR /root
-#
-#COPY --from=dev /usr/local/bin/ /usr/local/bin/
-#COPY --from=dev /usr/local/lib/python3.8/site-packages/ \
-#                          /usr/local/lib/python3.8/site-packages/
-#
-#COPY docker/entrypoints/* ./ 
-#RUN chmod 755 *.sh
-#
-## # ini files in config directory defines the configurable parameters for the application
-## # they can all be overridden by environment variables
-## # to generate a list of environment variables from configuration, use: confini-dump -z <dir> (executable provided by confini package)
-#COPY config/ /usr/local/etc/cic-eth/
-#COPY cic_eth/db/migrations/ /usr/local/share/cic-eth/alembic/
-#COPY crypto_dev_signer_config/ /usr/local/etc/crypto-dev-signer/
-#COPY scripts/ scripts/ 
-#
-## TODO this kind of code sharing across projects should be discouraged...can we make util a library?
-##COPY util/liveness/health.sh /usr/local/bin/health.sh
-#
-#ENTRYPOINT []
-#

apps/cic-eth/docker/run_tests.sh

@@ -0,0 +1,11 @@
+#! /bin/bash
+
+set -e
+
+pip install --extra-index-url https://pip.grassrootseconomics.net:8433 --extra-index-url https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple \
+-r admin_requirements.txt \
+-r services_requirements.txt \
+-r test_requirements.txt  
+
+export PYTHONPATH=. && pytest -x --cov=cic_eth --cov-fail-under=90 --cov-report term-missing tests
+

apps/cic-eth/requirements.txt

@@ -1,3 +1,3 @@
 celery==4.4.7
-chainlib-eth>=0.0.9a6,<0.1.0
+chainlib-eth>=0.0.9a7,<0.1.0
 semver==2.13.0

apps/cic-eth/services_requirements.txt

@@ -1,4 +1,4 @@
-chainqueue>=0.0.4a6,<0.1.0
+chainqueue>=0.0.5a1,<0.1.0
 chainsyncer[sql]>=0.0.6a3,<0.1.0
 alembic==1.4.2
 confini>=0.3.6rc4,<0.5.0

apps/cic-eth/tests/filters/test_gas_filter.py

@@ -1,7 +1,6 @@
 # external imports
 from chainlib.connection import RPCConnection
 from chainlib.eth.nonce import OverrideNonceOracle
-from chainqueue.sql.tx import create as queue_create
 from chainlib.eth.tx import (
         TxFormat,
         unpack,
@@ -26,6 +25,8 @@ from chainqueue.db.enum import StatusBits
 # local imports
 from cic_eth.runnable.daemons.filters.gas import GasFilter
 from cic_eth.eth.gas import cache_gas_data
+from cic_eth.encode import tx_normalize
+from cic_eth.queue.tx import queue_create
 
 
 def test_filter_gas(

apps/cic-eth/tests/filters/test_register_filter.py

@@ -22,10 +22,11 @@ from hexathon import (
         strip_0x,
         add_0x,
         )
-from chainqueue.sql.query import get_account_tx
 
 # local imports
 from cic_eth.runnable.daemons.filters.register import RegistrationFilter
+from cic_eth.encode import tx_normalize
+from cic_eth.queue.query import get_account_tx_local
 
 logg = logging.getLogger()
 
@@ -79,7 +80,7 @@ def test_register_filter(
     t.get_leaf()
     assert t.successful()
 
-    gift_txs = get_account_tx(default_chain_spec.asdict(), agent_roles['ALICE'], as_sender=True, session=init_database)
+    gift_txs = get_account_tx_local(default_chain_spec, agent_roles['ALICE'], as_sender=True, session=init_database)
     ks = list(gift_txs.keys())
     assert len(ks) == 1
 

apps/cic-eth/tests/run_tests.sh

@@ -0,0 +1,10 @@
+#! /bin/bash
+
+set -e
+
+pip install --extra-index-url https://pip.grassrootseconomics.net:8433 --extra-index-url https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple
+-r admin_requirements.txt
+-r services_requirements.txt
+-r test_requirements.txt 
+
+export PYTHONPATH=. && pytest -x --cov=cic_eth --cov-fail-under=90 --cov-report term-missing tests

apps/cic-eth/tests/task/api/test_admin.py

@@ -34,10 +34,6 @@ from chainqueue.sql.state import (
         set_ready,
         set_reserved,
         )
-from chainqueue.sql.query import (
-        get_tx,
-        get_nonce_tx_cache,
-        )
 
 # local imports
 from cic_eth.api.admin import AdminApi
@@ -46,6 +42,11 @@ from cic_eth.db.enum import LockEnum
 from cic_eth.error import InitializationError
 from cic_eth.eth.gas import cache_gas_data
 from cic_eth.queue.tx import queue_create
+from cic_eth.queue.query import (
+        get_tx,
+        get_nonce_tx_local,
+        )
+from cic_eth.encode import tx_normalize
 
 logg = logging.getLogger()
 
@@ -286,13 +287,15 @@ def test_fix_nonce(
     assert t.successful()
 
     init_database.commit()
-    
-    txs = get_nonce_tx_cache(default_chain_spec, 3, agent_roles['ALICE'], session=init_database)
+   
+    logg.debug('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!')
+    txs = get_nonce_tx_local(default_chain_spec, 3, agent_roles['ALICE'], session=init_database)
     ks = txs.keys()
     assert len(ks) == 2
 
     for k in ks:
-        hsh = add_0x(k)
+        #hsh = add_0x(k)
+        hsh = tx_normalize.tx_hash(k)
         otx = Otx.load(hsh, session=init_database)
         init_database.refresh(otx)
         logg.debug('checking nonce {} tx {} status {}'.format(3, otx.tx_hash, otx.status))

apps/cic-eth/tests/task/api/test_admin_noncritical.py

@@ -30,7 +30,6 @@ from chainqueue.sql.state import (
         )
 from chainqueue.db.models.otx import Otx
 from chainqueue.db.enum import StatusBits
-from chainqueue.sql.query import get_nonce_tx_cache
 from eth_erc20 import ERC20
 from cic_eth_registry import CICRegistry
 
@@ -38,6 +37,7 @@ from cic_eth_registry import CICRegistry
 from cic_eth.api.admin import AdminApi
 from cic_eth.eth.gas import cache_gas_data
 from cic_eth.eth.erc20 import cache_transfer_data
+from cic_eth.queue.query import get_nonce_tx_local
 
 logg = logging.getLogger()
 
@@ -312,7 +312,7 @@ def test_resend_inplace(
     otx = Otx.load(tx_hash_hex, session=init_database)
     assert otx.status & StatusBits.OBSOLETE == StatusBits.OBSOLETE
 
-    txs = get_nonce_tx_cache(default_chain_spec, otx.nonce, agent_roles['ALICE'], session=init_database)
+    txs = get_nonce_tx_local(default_chain_spec, otx.nonce, agent_roles['ALICE'], session=init_database)
     assert len(txs) == 2
 
 
@@ -363,10 +363,10 @@ def test_resend_clone(
     assert otx.status & StatusBits.IN_NETWORK == StatusBits.IN_NETWORK
     assert otx.status & StatusBits.OBSOLETE == StatusBits.OBSOLETE
 
-    txs = get_nonce_tx_cache(default_chain_spec, otx.nonce, agent_roles['ALICE'], session=init_database)
+    txs = get_nonce_tx_local(default_chain_spec, otx.nonce, agent_roles['ALICE'], session=init_database)
     assert len(txs) == 1
 
-    txs = get_nonce_tx_cache(default_chain_spec, otx.nonce + 1, agent_roles['ALICE'], session=init_database)
+    txs = get_nonce_tx_local(default_chain_spec, otx.nonce + 1, agent_roles['ALICE'], session=init_database)
     assert len(txs) == 1
 
     otx = Otx.load(txs[0], session=init_database)

apps/cic-eth/tests/task/test_task_gas.py

@@ -21,7 +21,6 @@ from chainlib.eth.constant import (
         MINIMUM_FEE_UNITS,
         MINIMUM_FEE_PRICE,
         )
-from chainqueue.sql.tx import create as queue_create
 from chainqueue.sql.query import get_tx
 from chainqueue.db.enum import StatusBits
 from chainqueue.sql.state import (
@@ -35,6 +34,7 @@ from hexathon import strip_0x
 # local imports
 from cic_eth.eth.gas import cache_gas_data
 from cic_eth.error import OutOfGasError
+from cic_eth.queue.tx import queue_create
 
 logg = logging.getLogger()
 

apps/cic-eth/tests/unit/queue/test_balances.py

@@ -13,6 +13,7 @@ from cic_eth.queue.balance import (
         balance_incoming,
         assemble_balances,
         )
+from cic_eth.encode import tx_normalize
 
 logg = logging.getLogger()
 
@@ -51,8 +52,8 @@ def test_assemble():
     r = assemble_balances(b)
     logg.debug('r {}'.format(r))
 
-    assert r[0]['address'] == token_foo
-    assert r[1]['address'] == token_bar
+    assert r[0]['address'] == tx_normalize.executable_address(token_foo)
+    assert r[1]['address'] == tx_normalize.executable_address(token_bar)
     assert r[0].get('balance_foo') != None
     assert r[0].get('balance_bar') != None
     assert r[1].get('balance_baz') != None
@@ -74,11 +75,11 @@ def test_outgoing_balance(
     token_address = '0x' + os.urandom(20).hex()
     sender = '0x' + os.urandom(20).hex()
     txc = TxCache(
-            tx_hash,
-            sender,
-            recipient,
-            token_address,
-            token_address,
+            tx_normalize.tx_hash(tx_hash),
+            tx_normalize.wallet_address(sender),
+            tx_normalize.wallet_address(recipient),
+            tx_normalize.executable_address(token_address),
+            tx_normalize.executable_address(token_address),
             1000,
             1000,
             session=init_database,
@@ -125,11 +126,11 @@ def test_incoming_balance(
     token_address = '0x' + os.urandom(20).hex()
     sender = '0x' + os.urandom(20).hex()
     txc = TxCache(
-            tx_hash,
-            sender,
-            recipient,
-            token_address,
-            token_address,
+            tx_normalize.tx_hash(tx_hash),
+            tx_normalize.wallet_address(sender),
+            tx_normalize.wallet_address(recipient),
+            tx_normalize.executable_address(token_address),
+            tx_normalize.executable_address(token_address),
             1000,
             1000,
             session=init_database,

apps/cic-eth/tests/unit/queue/test_query.py

@@ -21,6 +21,7 @@ from cic_eth.db.models.lock import Lock
 from cic_eth.queue.query import get_upcoming_tx
 from cic_eth.queue.tx import register_tx
 from cic_eth.eth.gas import cache_gas_data
+from cic_eth.encode import tx_normalize
 
 # test imports
 from tests.util.nonce import StaticNonceOracle
@@ -39,8 +40,8 @@ def test_upcoming_with_lock(
     gas_oracle = RPCGasOracle(eth_rpc)
     c = Gas(default_chain_spec, signer=eth_signer, nonce_oracle=nonce_oracle, gas_oracle=gas_oracle)
 
-    alice_normal = add_0x(hex_uniform(strip_0x(agent_roles['ALICE'])))
-    bob_normal = add_0x(hex_uniform(strip_0x(agent_roles['BOB'])))
+    alice_normal = tx_normalize.wallet_address(agent_roles['ALICE'])
+    bob_normal = tx_normalize.wallet_address(agent_roles['BOB'])
 
     (tx_hash_hex, tx_rpc) = c.create(alice_normal, bob_normal, 100 * (10 ** 6))
     tx_signed_raw_hex = tx_rpc['params'][0]

apps/cic-eth/tests/unit/queue/test_queue_lock.py

@@ -9,7 +9,7 @@ from cic_eth.db.models.lock import Lock
 from cic_eth.db.enum import LockEnum
 from cic_eth.error import LockedError
 from cic_eth.queue.tx import queue_create
-
+from cic_eth.encode import tx_normalize
 
 def test_queue_lock(
     init_database,
@@ -21,6 +21,8 @@ def test_queue_lock(
     address = '0x' + os.urandom(20).hex()
     tx_hash = '0x' + os.urandom(32).hex()
     tx_raw = '0x' + os.urandom(128).hex()
+    address_normal = tx_normalize.wallet_address(address)
+    tx_hash_normal = tx_normalize.tx_hash(tx_hash)
 
     Lock.set(chain_str, LockEnum.QUEUE)
     with pytest.raises(LockedError):
@@ -32,7 +34,7 @@ def test_queue_lock(
                 tx_raw,
                 )
 
-    Lock.set(chain_str, LockEnum.QUEUE, address=address)
+    Lock.set(chain_str, LockEnum.QUEUE, address=address_normal)
     with pytest.raises(LockedError):
         queue_create(
                 default_chain_spec,
@@ -52,7 +54,7 @@ def test_queue_lock(
                 tx_raw,
                 )
 
-    Lock.set(chain_str, LockEnum.QUEUE, address=address, tx_hash=tx_hash)
+    Lock.set(chain_str, LockEnum.QUEUE, address=address_normal, tx_hash=tx_hash_normal)
     with pytest.raises(LockedError):
         queue_create(
                 default_chain_spec,
@@ -61,5 +63,3 @@ def test_queue_lock(
                 tx_hash,
                 tx_raw,
                 )
-
-

apps/cic-eth/tools_requirements.txt

@@ -1,5 +1,5 @@
 crypto-dev-signer>=0.4.15a1,<=0.4.15
-chainqueue>=0.0.4a6,<0.1.0
+chainqueue>=0.0.5a1,<0.1.0
 cic-eth-registry>=0.6.1a2,<0.7.0
 redis==3.5.3
 hexathon~=0.0.1a8

apps/cic-meta/.gitlab-ci.yml

@@ -1,43 +1,16 @@
-
-.cic_meta_variables:
-    variables:
-        APP_NAME: cic-meta
-        DOCKERFILE_PATH: docker/Dockerfile_ci
-        CONTEXT: apps/$APP_NAME
-
-build-mr-cic-meta:
-    extends:
-        - .py_build_merge_request
-        - .cic_meta_variables
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/cic-meta/**/*
-      when: always
-
-test-mr-cic-meta:
-    extends:
-        - .cic_meta_variables
-    stage: test
-    image: $MR_IMAGE_TAG 
-    script:
-        - cd /root
-        - npm install --dev 
-        - npm run test
-        - npm run test:coverage
-    needs: ["build-mr-cic-meta"]
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/cic-meta/**/*
-      when: always
-
-build-push-cic-meta:
-    extends:
-        - .py_build_push
-        - .cic_meta_variables
-    rules:
-    - if:  $CI_COMMIT_BRANCH == "master"
-      changes:
-          - apps/cic-meta/**/*
-      when: always
+build-test-cic-meta:
+  stage: test
+  tags:
+   - integration
+  variables:
+    APP_NAME: cic-meta
+    MR_IMAGE_TAG: mr-$APP_NAME-$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
+  script:
+    - cd apps/cic-meta
+    - docker build -t $MR_IMAGE_TAG -f docker/Dockerfile . 
+    - docker run --entrypoint=sh $MR_IMAGE_TAG docker/run_tests.sh
+     #rules:
+     #- if: $CI_PIPELINE_SOURCE == "merge_request_event"
+     #  changes:
+     #      - apps/$APP_NAME/**/*
+     #  when: always

apps/cic-meta/docker/Dockerfile

@@ -15,11 +15,10 @@ RUN --mount=type=cache,mode=0755,target=/root/.npm \
 COPY webpack.config.js .
 COPY tsconfig.json . 
 ## required to build the cic-client-meta module
-COPY src/ src/
-COPY scripts/ scripts/
-COPY tests/ tests/
+COPY . .
 COPY tests/*.asc /root/pgp/
 
+
 ## copy runtime configs
 COPY .config/ /usr/local/etc/cic-meta/
 #

apps/cic-meta/docker/Dockerfile_ci

@@ -1,32 +0,0 @@
-# syntax = docker/dockerfile:1.2
-#FROM node:15.3.0-alpine3.10
-FROM node:lts-alpine3.14
-
-WORKDIR /root
-
-RUN apk add --no-cache postgresql bash
-
-# copy the dependencies
-COPY package.json package-lock.json .
-RUN npm set cache /root/.npm && \
-    npm ci
-
-COPY webpack.config.js .
-COPY tsconfig.json . 
-## required to build the cic-client-meta module
-COPY src/ src/
-COPY scripts/ scripts/
-COPY tests/ tests/
-COPY tests/*.asc /root/pgp/
-
-## copy runtime configs
-COPY .config/ /usr/local/etc/cic-meta/
-#
-## db migrations
-COPY docker/db.sh ./db.sh
-RUN chmod 755 ./db.sh
-#
-RUN alias tsc=node_modules/typescript/bin/tsc 
-COPY docker/start_server.sh ./start_server.sh
-RUN chmod 755 ./start_server.sh
-ENTRYPOINT ["sh", "./start_server.sh"]

apps/cic-meta/docker/run_tests.sh

@@ -0,0 +1,7 @@
+#! /bin/bash
+
+set -e
+
+npm install --dev 
+npm run test
+npm run test:coverage

apps/cic-notify/.gitlab-ci.yml

@@ -1,52 +1,17 @@
-.cic_notify_variables:
-    variables:
-        APP_NAME: cic-notify
-        DOCKERFILE_PATH: docker/Dockerfile_ci
-        CONTEXT: apps/$APP_NAME
-
-build-mr-cic-notify:
-    extends:
-        - .py_build_merge_request
-        - .cic_notify_variables
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/cic-notify/**/*
-      when: always
-
-test-mr-cic-notify:
-    stage: test
-    extends:
-        - .cic_notify_variables
-    cache:
-        key:
-            files:
-                - test_requirements.txt
-        paths:
-        - /root/.cache/pip
-    image: $MR_IMAGE_TAG
-    script:
-        - cd apps/$APP_NAME/
-        - >
-          pip install --extra-index-url https://pip.grassrootseconomics.net:8433
-          --extra-index-url https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple
-          -r test_requirements.txt 
-        - export PYTHONPATH=. && pytest -x --cov=cic_notify --cov-fail-under=90 --cov-report term-missing tests
-    needs: ["build-mr-cic-notify"]
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/$APP_NAME/**/*
-      when: always
-
-build-push-cic-notify:
-    extends:
-        - .py_build_push
-        - .cic_notify_variables
-    rules:
-    - if:  $CI_COMMIT_BRANCH == "master"
-      changes:
-          - apps/cic-notify/**/*
-      when: always
-        
-
+build-test-cic-notify:
+  stage: test
+  tags:
+    - integration
+  variables:
+    APP_NAME: cic-notify
+    MR_IMAGE_TAG: mr-$APP_NAME-$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
+  script:
+    - cd apps/cic-notify
+    - docker build -t $MR_IMAGE_TAG -f docker/Dockerfile . 
+    - docker run $MR_IMAGE_TAG sh docker/run_tests.sh
+  allow_failure: true
+  rules:
+  - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    changes:
+        - apps/$APP_NAME/**/*
+    when: always

apps/cic-notify/docker/Dockerfile_ci

@@ -1,27 +0,0 @@
-# syntax = docker/dockerfile:1.2
-FROM registry.gitlab.com/grassrootseconomics/cic-base-images:python-3.8.6-dev-55da5f4e as dev
-
-#RUN pip install $pip_extra_index_url_flag cic-base[full_graph]==0.1.2a62
-
-ARG EXTRA_INDEX_URL="https://pip.grassrootseconomics.net:8433"
-ARG GITLAB_PYTHON_REGISTRY="https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple"
-COPY requirements.txt .
-
-RUN pip install --index-url https://pypi.org/simple  \
-	  --extra-index-url $GITLAB_PYTHON_REGISTRY --extra-index-url $EXTRA_INDEX_URL \
-    -r requirements.txt
-
-COPY . .
-
-RUN python setup.py install
-
-COPY docker/*.sh .
-RUN chmod +x *.sh 
-
-# ini files in config directory defines the configurable parameters for the application
-# they can all be overridden by environment variables
-# to generate a list of environment variables from configuration, use: confini-dump -z <dir> (executable provided by confini package)
-COPY .config/ /usr/local/etc/cic-notify/
-COPY cic_notify/db/migrations/ /usr/local/share/cic-notify/alembic/
-
-ENTRYPOINT []

apps/cic-notify/docker/run_tests.sh

@@ -0,0 +1,9 @@
+#! /bin/bash
+
+set -e
+
+pip install --extra-index-url https://pip.grassrootseconomics.net:8433 \
+--extra-index-url https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple \
+-r test_requirements.txt 
+
+export PYTHONPATH=. && pytest -x --cov=cic_notify --cov-fail-under=90 --cov-report term-missing tests

apps/cic-ussd/.gitlab-ci.yml

@@ -1,52 +1,16 @@
-.cic_ussd_variables:
-    variables:
-        APP_NAME: cic-ussd
-        DOCKERFILE_PATH: docker/Dockerfile_ci
-        CONTEXT: apps/$APP_NAME
-
-build-mr-cic-ussd:
-    extends:
-        - .py_build_merge_request
-        - .cic_ussd_variables
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/cic-ussd/**/*
-      when: always
-
-test-mr-cic-ussd:
-    stage: test
-    extends:
-        - .cic_ussd_variables
-    cache:
-        key:
-            files:
-                - test_requirements.txt
-        paths:
-        - /root/.cache/pip
-    image: $MR_IMAGE_TAG
-    script:
-        - cd apps/$APP_NAME/
-        - >
-          pip install --extra-index-url https://pip.grassrootseconomics.net:8433
-          --extra-index-url https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple
-          -r test_requirements.txt 
-        - export PYTHONPATH=. && pytest -x --cov=cic_ussd --cov-fail-under=90 --cov-report term-missing tests/cic_ussd
-    needs: ["build-mr-cic-ussd"]
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/$APP_NAME/**/*
-      when: always
-
-build-push-cic-ussd:
-    extends:
-        - .py_build_push
-        - .cic_ussd_variables
-    rules:
-    - if:  $CI_COMMIT_BRANCH == "master"
-      changes:
-          - apps/cic-ussd/**/*
-      when: always
-
-
+build-test-cic-ussd:
+  stage: test
+  tags:
+  - integration
+  variables:
+    APP_NAME: cic-ussd
+    MR_IMAGE_TAG: mr-$APP_NAME-$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
+  script:
+    - cd apps/cic-ussd
+    - docker build -t $MR_IMAGE_TAG -f docker/Dockerfile . 
+    - docker run $MR_IMAGE_TAG sh docker/run_tests.sh
+  rules:
+  - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    changes:
+        - apps/$APP_NAME/**/*
+    when: always

apps/cic-ussd/cic_ussd/version.py

@@ -1,7 +1,7 @@
 # standard imports
 import semver
 
-version = (0, 3, 1, 'alpha.3')
+version = (0, 3, 1, 'alpha.4')
 
 version_object = semver.VersionInfo(
         major=version[0],

apps/cic-ussd/docker/Dockerfile_ci

@@ -1,32 +0,0 @@
-# syntax = docker/dockerfile:1.2
-FROM registry.gitlab.com/grassrootseconomics/cic-base-images:python-3.8.6-dev-55da5f4e as dev
-RUN apt-get install -y redis-server
-
-# create secrets directory
-RUN mkdir -vp pgp/keys
-
-# create application directory
-RUN mkdir -vp cic-ussd
-RUN mkdir -vp data
-
-COPY requirements.txt .
-
-ARG EXTRA_INDEX_URL="https://pip.grassrootseconomics.net:8433"
-ARG GITLAB_PYTHON_REGISTRY="https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple"
-RUN pip install --index-url https://pypi.org/simple  \
-	  --extra-index-url $GITLAB_PYTHON_REGISTRY --extra-index-url $EXTRA_INDEX_URL \
-    -r requirements.txt
-
-COPY . .
-RUN python setup.py install
-
-COPY cic_ussd/db/ussd_menu.json data/
-
-COPY docker/*.sh .
-RUN chmod +x /root/*.sh
-
-# copy config and migration files to definitive file so they can be referenced in path definitions for running scripts
-COPY config/ /usr/local/etc/cic-ussd/
-COPY cic_ussd/db/migrations/ /usr/local/share/cic-ussd/alembic
-
-ENTRYPOINT []

apps/cic-ussd/docker/run_tests.sh

@@ -0,0 +1,10 @@
+#! /bin/bash
+
+set -e
+
+
+pip install --extra-index-url https://pip.grassrootseconomics.net:8433 \
+--extra-index-url https://gitlab.com/api/v4/projects/27624814/packages/pypi/simple \
+-r test_requirements.txt 
+
+export PYTHONPATH=. && pytest -x --cov=cic_ussd --cov-fail-under=90 --cov-report term-missing tests/cic_ussd

apps/cic-ussd/requirements.txt

@@ -1,7 +1,7 @@
 alembic==1.4.2
 bcrypt==3.2.0
 celery==4.4.7
-cic-eth[services]~=0.12.4a6
+cic-eth[services]~=0.12.4a7
 cic-notify~=0.4.0a10
 cic-types~=0.1.0a14
 confini>=0.4.1a1,<0.5.0
@@ -14,4 +14,4 @@ semver==2.13.0
 SQLAlchemy==1.3.20
 tinydb==4.2.0
 transitions==0.8.4
-uWSGI==2.0.19.1
+uWSGI==2.0.19.1

apps/contract-migration/.gitlab-ci.yml

@@ -1,25 +1,25 @@
-.contract_migration_variables:
-    variables:
-        APP_NAME: contract-migration
-        DOCKERFILE_PATH: docker/Dockerfile_ci
-        CONTEXT: apps/$APP_NAME
-
-build-mr-contract-migration:
-    extends:
-        - .py_build_merge_request
-        - .contract_migration_variables
-    rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      changes:
-          - apps/contract-migration/**/*
-      when: always
-
-build-push-contract-migration:
-    extends:
-        - .py_build_push
-        - .contract_migration_variables
-    rules:
-    - if: $CI_COMMIT_BRANCH == "master"
-      changes:
-          - apps/contract-migration/**/*
-      when: always
+#.contract_migration_variables:
+#    variables:
+#        APP_NAME: contract-migration
+#        DOCKERFILE_PATH: docker/Dockerfile_ci
+#        CONTEXT: apps/$APP_NAME
+#
+#build-mr-contract-migration:
+#    extends:
+#        - .py_build_merge_request
+#        - .contract_migration_variables
+#    rules:
+#    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+#      changes:
+#          - apps/contract-migration/**/*
+#      when: always
+#
+#build-push-contract-migration:
+#    extends:
+#        - .py_build_push
+#        - .contract_migration_variables
+#    rules:
+#    - if: $CI_COMMIT_BRANCH == "master"
+#      changes:
+#          - apps/contract-migration/**/*
+#      when: always

apps/contract-migration/requirements.txt

@@ -1,5 +1,5 @@
 cic-eth[tools]==0.12.4a4
-chainlib-eth>=0.0.9a3,<0.1.0
+chainlib-eth>=0.0.9a7,<0.1.0
 eth-erc20>=0.1.2a2,<0.2.0
 erc20-demurrage-token>=0.0.5a2,<0.1.0
 eth-accounts-index>=0.1.2a2,<0.2.0

apps/data-seeding/requirements.txt

@@ -1,10 +1,10 @@
 sarafu-faucet~=0.0.7a1
-cic-eth[tools]~=0.12.4a4
+cic-eth[tools]~=0.12.4a7
 cic-types~=0.1.0a14
 crypto-dev-signer>=0.4.15a1,<=0.4.15
 faker==4.17.1
-chainsyncer~=0.0.6a1
-chainlib-eth~=0.0.9a4
+chainsyncer~=0.0.6a3
+chainlib-eth~=0.0.9a7
 eth-address-index~=0.2.3a4
 eth-contract-registry~=0.6.3a3
 eth-accounts-index~=0.1.2a3

ci_templates/.cic-template.yml

@@ -1,12 +1,12 @@
-image:
-  name: gcr.io/kaniko-project/executor:debug
-  entrypoint: [""]
 
 variables:
   KANIKO_CACHE_ARGS: "--cache=true --cache-copy-layers=true --cache-ttl=24h"
   MR_IMAGE_TAG: $CI_REGISTRY_IMAGE/mergerequest/$APP_NAME:$CI_COMMIT_SHORT_SHA
 
 .py_build_merge_request:
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
   stage: build
   script:
     - mkdir -p /kaniko/.docker
@@ -16,6 +16,9 @@ variables:
       --cache-repo $CI_REGISTRY_IMAGE --destination $MR_IMAGE_TAG 
 
 .py_build_target_dev:
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
   stage: build
   variables:
     IMAGE_TAG_BASE: $CI_REGISTRY_IMAGE/$APP_NAME:mr-unittest-$CI_COMMIT_SHORT_SHA
@@ -28,6 +31,9 @@ variables:
       --destination $MR_IMAGE_TAG
 
 .py_build_push:
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
   stage: build
   variables:
       IMAGE_TAG_BASE: $CI_REGISTRY_IMAGE/$APP_NAME:$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA

docker-compose.yml

@@ -13,20 +13,8 @@ networks:
     name: cic-network
 
 services:
-  # eth:
-  #   image: trufflesuite/ganache-cli
-  #   ports:
-  #     - ${HTTP_PORT_ETH:-8545}
-  #     - ${WS_PORT_ETH:-8546}
-  #   # Note! -e switch doesnt work, whatever you  put there, it will be 100
-  #   command: "-i 8996 -e 1000 -l 90000000 \
-  #           -m '${DEV_MNEMONIC:-\"history stumble mystery avoid embark arrive mom foil pledge keep grain dice\"}' \
-  #           -v --db /tmp/cic/ganache/ganache.db \
-  #           --noVMErrorsOnRPCResponse --allowUnlimitedContractSize"
-  #   volumes:
-  #     - ganache-db:/tmp/cic/ganache
-
   eth:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/bloxberg-node:${TAG:-latest}
     build:
       context: apps/bloxbergValidatorSetup
     restart: unless-stopped
@@ -71,6 +59,7 @@ services:
       - bee-data:/tmp/cic/bee
 
   contract-migration:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:${TAG:-latest}
     profiles:
       - migrations 
     build:
@@ -128,7 +117,9 @@ services:
     volumes:
       - contract-config:/tmp/cic/config
 
+
   cic-cache-tracker:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:${TAG:-latest}
     profiles:
       - cache 
     build:
@@ -170,6 +161,7 @@ services:
       - contract-config:/tmp/cic/config/:ro
 
   cic-cache-tasker:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:${TAG:-latest}
     profiles:
       - cache 
     build:
@@ -210,6 +202,7 @@ services:
       - contract-config:/tmp/cic/config/:ro
 
   cic-cache-server:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:${TAG:-latest}
     profiles:
       - cache 
     build:
@@ -245,6 +238,7 @@ services:
 
 
   cic-eth-tasker:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:${TAG:-latest}
     build: 
         context: apps/cic-eth
         dockerfile: docker/Dockerfile
@@ -298,6 +292,7 @@ services:
     # command: [/bin/sh, "./start_tasker.sh", -q, cic-eth, -vv ]
 
   cic-eth-tracker:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:${TAG:-latest}
     build:
         context: apps/cic-eth
         dockerfile: docker/Dockerfile
@@ -342,6 +337,7 @@ services:
 
 
   cic-eth-dispatcher:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:${TAG:-latest}
     build:
         context: apps/cic-eth
         dockerfile: docker/Dockerfile
@@ -386,6 +382,7 @@ services:
 
 
   cic-eth-retrier:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:${TAG:-latest}
     build:
         context: apps/cic-eth
         dockerfile: docker/Dockerfile
@@ -433,6 +430,7 @@ services:
 
 
   cic-notify-tasker:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:${TAG:-latest}
     build:
       context: apps/cic-notify
       dockerfile: docker/Dockerfile
@@ -461,6 +459,7 @@ services:
 
 
   cic-meta-server:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:${TAG:-latest}
     profiles:
       - custodial-meta
     hostname: meta
@@ -496,6 +495,7 @@ services:
     # command: "/root/start_server.sh -vv"
 
   cic-user-ussd-server:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:${TAG:-latest}
     profiles:
       - custodial-ussd
     build:
@@ -528,6 +528,7 @@ services:
     command: "/root/start_cic_user_ussd_server.sh -vv"
 
   cic-user-server:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:${TAG:-latest}
     profiles:
       - custodial-ussd
     build:
@@ -553,6 +554,7 @@ services:
     command: "/root/start_cic_user_server.sh -vv"
 
   cic-user-tasker:
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:${TAG:-latest}
     profiles:
       - custodial-ussd
     build:

kubernetes/cic-auth-proxy/cic-auth-creds-configmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cic-auth-proxy-credentials-configmap
+  namespace: grassroots
+data:
+    credentials.yaml: | 
+        level: 9
+        items:
+        user: 1

kubernetes/cic-auth-proxy/cic-auth-proxy-acl-configMap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cic-auth-proxy-acl-configmap
+  namespace: grassroots
+data:
+    F3FAF668E82EF5124D5187BAEF26F4682343F692: |
+        - "^/user(/.*)?$":
+            read:
+            - user

kubernetes/cic-auth-proxy/cic-auth-proxy-meta-deployment.yaml

@@ -0,0 +1,114 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-auth-proxy-meta
+  namespace: grassroots
+  labels:
+    app: cic-auth-proxy-meta
+    group: cic
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-auth-proxy-meta
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cic-auth-proxy-meta
+        group: cic
+    spec:
+      containers:
+      - name: cic-auth-proxy-meta
+        #image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"} 
+        image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 50m
+            memory: 100Mi
+          limits:
+            cpu: 100m
+            memory: 200Mi
+        env:
+        - name: PROXY_HOST
+          value: cic-meta-server
+        - name: PROXY_PORT
+          value: "80"
+        - name: PROXY_PATH_PREFIX
+          value: "/"
+        - name: HTTP_AUTH_ORIGIN
+          value: https://meta-auth.dev.grassrootseconomics.net:443
+        - name: HTTP_AUTH_REALM
+          value: GE
+        - name: ACL_CREDENTIALS_ENDPOINT
+          value: http://key-server:8081/
+        - name: ACL_PATH
+          value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
+        - name: GPG_PUBLICKEYS_ENDPOINT
+          value: http://key-server:8080/.well-known/publickeys/
+        - name: GPG_SIGNATURE_ENDPOINT
+          value: http://key-server:8080/.well-known/signature/
+        - name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
+          value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
+        - name: GPG_HOMEDIR
+          value: /usr/local/etc/cic-auth-proxy/.gnupg/
+        - name: GPG_IMPORT_DIR
+          value: /usr/local/etc/cic-auth-proxy/import/
+        - name: GPG_PUBLICKEY_FILENAME
+          value: publickeys.asc
+        - name: GPG_SIGNATURE_FILENAME
+          value: signature.asc
+        - name: GPG_TRUSTED_PUBLICKEY_MATERIAL
+          value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
+        ports:
+        - containerPort: 8080
+          name: http
+        volumeMounts:
+        - name: acl-config
+          mountPath: /data/acls/
+          readOnly: true
+        - name: credentials-config
+          mountPath: /data/noop/
+          readOnly: true
+        - name: trusted-publickey
+          mountPath: /usr/local/etc/cic-auth-proxy/trusted/
+        - name: gpg-homedir
+          mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
+        - name: pgp-meta-test
+          mountPath: /usr/local/etc/cic-auth-proxy/import
+      volumes:
+      - name: pgp-meta-test
+        configMap:
+          name: pgp-meta-test
+      - name: acl-config
+        configMap:
+          name: cic-auth-proxy-acl-configmap
+      - name: credentials-config
+        configMap:
+          name: cic-auth-proxy-credentials-configmap
+      - name: trusted-publickey
+        configMap:
+          name: pgp-trusted-publickey
+      - name: gpg-homedir
+        emptyDir: {}
+---
+# https://kubernetes.io/docs/concepts/services-networking/service/
+apiVersion: v1
+kind: Service
+metadata:
+  name: cic-auth-proxy-meta
+  namespace: grassroots
+spec:
+  selector:
+    app: cic-auth-proxy-meta
+  type: ClusterIP
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: 8080

kubernetes/cic-auth-proxy/cic-auth-proxy-user-deployment.yaml

@@ -0,0 +1,114 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-auth-proxy-user
+  namespace: grassroots
+  labels:
+    app: cic-auth-proxy-user
+    group: cic
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-auth-proxy-user
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cic-auth-proxy-user
+        group: cic
+    spec:
+      containers:
+      - name: cic-auth-proxy-user
+        #image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"} 
+        image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 50m
+            memory: 100Mi
+          limits:
+            cpu: 100m
+            memory: 200Mi
+        env:
+        - name: PROXY_HOST
+          value: cic-user-server
+        - name: PROXY_PORT
+          value: "80"
+        - name: PROXY_PATH_PREFIX
+          value: "/"
+        - name: HTTP_AUTH_ORIGIN
+          value: https://meta-auth.dev.grassrootseconomics.net:443
+        - name: HTTP_AUTH_REALM
+          value: GE
+        - name: ACL_CREDENTIALS_ENDPOINT
+          value: http://key-server:8081/
+        - name: ACL_PATH
+          value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
+        - name: GPG_PUBLICKEYS_ENDPOINT
+          value: http://key-server:8080/.well-known/publickeys/
+        - name: GPG_SIGNATURE_ENDPOINT
+          value: http://key-server:8080/.well-known/signature/
+        - name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
+          value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
+        - name: GPG_HOMEDIR
+          value: /usr/local/etc/cic-auth-proxy/.gnupg/
+        - name: GPG_IMPORT_DIR
+          value: /usr/local/etc/cic-auth-proxy/import/
+        - name: GPG_PUBLICKEY_FILENAME
+          value: publickeys.asc
+        - name: GPG_SIGNATURE_FILENAME
+          value: signature.asc
+        - name: GPG_TRUSTED_PUBLICKEY_MATERIAL
+          value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
+        ports:
+        - containerPort: 8080
+          name: http
+        volumeMounts:
+        - name: acl-config
+          mountPath: /data/acls/
+          readOnly: true
+        - name: credentials-config
+          mountPath: /data/noop/
+          readOnly: true
+        - name: trusted-publickey
+          mountPath: /usr/local/etc/cic-auth-proxy/trusted/
+        - name: gpg-homedir
+          mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
+        - name: pgp-meta-test
+          mountPath: /usr/local/etc/cic-auth-proxy/import
+      volumes:
+      - name: pgp-meta-test
+        configMap:
+          name: pgp-meta-test
+      - name: acl-config
+        configMap:
+          name: cic-auth-proxy-acl-configmap
+      - name: credentials-config
+        configMap:
+          name: cic-auth-proxy-credentials-configmap
+      - name: trusted-publickey
+        configMap:
+          name: pgp-trusted-publickey
+      - name: gpg-homedir
+        emptyDir: {}
+---
+# https://kubernetes.io/docs/concepts/services-networking/service/
+apiVersion: v1
+kind: Service
+metadata:
+  name: cic-auth-proxy-user
+  namespace: grassroots
+spec:
+  selector:
+    app: cic-auth-proxy-user
+  type: ClusterIP
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: 8080

kubernetes/cic-auth-proxy/cic-auth-proxy-ussd-deployment.yaml

@@ -0,0 +1,129 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-auth-proxy-ussd
+  namespace: grassroots
+  labels:
+    app: cic-auth-proxy-ussd
+    group: cic
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-auth-proxy-ussd
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cic-auth-proxy-ussd
+        group: cic
+    spec:
+      containers:
+      - name: cic-auth-proxy-ussd
+        #image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"} 
+        image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
+        imagePullPolicy: Always   
+        command: ["uwsgi", "--wsgi-file", "meta/scripts/proxy-ussd.py", "--http",
+          ":8080"]
+        resources:
+          requests:
+
+            cpu: 50m
+            memory: 100Mi
+          limits:
+            cpu: 100m
+            memory: 200Mi
+        env:
+        - name: PROXY_HOST
+          value: cic-user-ussd-server
+        - name: PROXY_PORT
+          value: "80"
+        - name: PROXY_PATH_PREFIX
+          value: "/"
+        - name: HTTP_AUTH_ORIGIN
+          value: https://ussd-auth.dev.grassrootseconomics.net:443
+        - name: HTTP_AUTH_REALM
+          value: GE
+        - name: ACL_CREDENTIALS_ENDPOINT
+          value: http://key-server:8081/
+        - name: ACL_PATH
+          value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
+        - name: ACL_QUERYSTRING_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: cic-ussd-querystring-creds
+              key: username
+        - name: ACL_QUERYSTRING_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: cic-ussd-querystring-creds
+              key: password
+        - name: ACL_WHITELIST
+          value: "37.188.113.15, 164.177.157.18, 5.79.0.242, 164.177.141.82, 164.177.141.83"
+        - name: GPG_PUBLICKEYS_ENDPOINT
+          value: http://key-server:8080/.well-known/publickeys/
+        - name: GPG_SIGNATURE_ENDPOINT
+          value: http://key-server:8080/.well-known/signature/
+        - name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
+          value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
+        - name: GPG_HOMEDIR
+          value: /usr/local/etc/cic-auth-proxy/.gnupg/
+        - name: GPG_IMPORT_DIR
+          value: /usr/local/etc/cic-auth-proxy/import/
+        - name: GPG_PUBLICKEY_FILENAME
+          value: publickeys.asc
+        - name: GPG_SIGNATURE_FILENAME
+          value: signature.asc
+        - name: GPG_TRUSTED_PUBLICKEY_MATERIAL
+          value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
+        ports:
+        - containerPort: 8080
+          name: http
+        volumeMounts:
+        - name: acl-config
+          mountPath: /data/acls/
+          readOnly: true
+        - name: credentials-config
+          mountPath: /data/noop/
+          readOnly: true
+        - name: trusted-publickey
+          mountPath: /usr/local/etc/cic-auth-proxy/trusted/
+        - name: gpg-homedir
+          mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
+        - name: pgp-meta-test
+          mountPath: /usr/local/etc/cic-auth-proxy/import
+      volumes:
+      - name: pgp-meta-test
+        configMap:
+          name: pgp-meta-test
+      - name: acl-config
+        configMap:
+          name: cic-auth-proxy-acl-configmap
+      - name: credentials-config
+        configMap:
+          name: cic-auth-proxy-credentials-configmap
+      - name: trusted-publickey
+        configMap:
+          name: pgp-trusted-publickey
+      - name: gpg-homedir
+        emptyDir: {}
+---
+# https://kubernetes.io/docs/concepts/services-networking/service/
+apiVersion: v1
+kind: Service
+metadata:
+  name: cic-auth-proxy-ussd
+  namespace: grassroots
+spec:
+  selector:
+    app: cic-auth-proxy-ussd
+  type: ClusterIP
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: 8080

kubernetes/cic-auth-proxy/cic-ussd-querystring-creds.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cic-ussd-querystring-creds
+  namespace: grassroots
+spec:
+  encryptedData:
+    password: AgAO18hv8gZZRoySuTqNOg06imdnfES7io54TEGO501cq8usRcj9Bu3us+7V8zD20DQTZ7xCGCV2eyZ1kMsnFNFUBPMG0raAtwe4dAskYeQxKp0VyE1y+d9TbecvlqRXmAD3lF1exMSS3PD68VZcrDpenXE7Ag74uEJM7YmAKnUXIzBhxZlG7bIwLrRuNiTye83e/jijaPD3+66NrExBM2H//b8u1l8QVNd13XwgAWkJEW9QNMP1b2ir9VWKE4P8Da22SQRIed/Nhyc+aR3izqEpCbeRYmQqlo9r66oXK4Yr5v0IkI38gBGORrPv1OZK01plvGgMoxTe3pSiW5cyMtCXx6GgyIFKII1yYvtlI86Sf4J3DRU6kC3NSvF+2B99yFrbUPyoAGQFd6oSWAQLBI2kYqf6NXuaT3kxBNroAICMlAYygPKG0t6jEzTWk+E5l4F/PHWFD5DM+diHRqQAdDStACcMCl2i2133PPjlK1gUhQkCmeRcKeEqMT5ssBx/KM5p+v8syV4/0VlNtJpnP/aWcbwvVsiHhDE9trM/+p5E6gsVymAIiW20nRnuOSjHCnHOtjtfPtEZ3A8eHAqgJjdE6fY7DvZmwKfx2A4tMcrikz208Pa7JIFE6nj9osTz7eMrWXTmquVRotZ9we3WmGBycgVUuv9hfzUC6srkTIyT9UGHH9UNiRba/73ZDF2Zr2XvN0ofkQz8dN0dKLxy/OptCciV3Rdn/4s/IQ0usSwXLEb2tQtHgy5+twj7IQij6amjLbulRm1U2GLatmvgbjqf
+    username: AgCJQ9JiJErCGfH3pkX3I3696Garu40pGWgvcUOa9wz3r3Q+5SY0IMnroWO3z66L/HG7DW70upgfJBVyhncrUBrC/z73D++nMz43JvFc39MHcUYVmqvjIw1401705+G7UxxgcMOx09++CBZ97wbEfKc251v98s8G/bLtMcqS/12pVNfMGgjpkE6InlS0n9VD26HDs4A3uNtfN2GK2dsazV05UXs8W+6JOZsJ60QfPJylCpKh+sxPLDlYt4lRIM/6pP7kQXLn+VmWtzuo1dZTaUliMYH+DOXO2V9ePnjTUXGrMgRfuZP2PCmG3usdC45mOPpuURPFUmF8SDQ4IXKhBd7N+8pjZDiqQ2RxK61Qz6MXv851u7HABgVMhtjlZfaD4hVY+mr7KYDVQvrhJ971y84KBHuQFOxwZZnXAx5FdBWmkKkz959bjulJaRe1ZWA01k1SQHiVFeIArbbNSlvH45XoNR8rxFiQE+5Olt9UwdpXAH/sAfH7CRY1SnRrAW3LCyCVqAJcXF9kU+bnezVgWoJ/h9ff6VKRFqh3o+wa6V6J8GNbwC0/oeXo0XyUjbwAUjIRKeWbJ1obkvWDfYILpo2CVt34tzYowiVqmYYB8SqKBPgrca+Xmn9GpggOMibJKk0LC6R04iAajMy73cuxkX+PMV1Wz5xOuF60ccCsdiD15deYOlA34UdfeNQgGA7EKPhsl0kD/xm5
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cic-ussd-querystring-creds
+      namespace: grassroots
+

kubernetes/cic-cache/cic-cache-server-deployment.yaml

@@ -0,0 +1,100 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-cache-server
+  namespace: grassroots
+  labels:
+    app: cic-cache-server
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-cache-server
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cic-cache-server
+        group: cic
+        teir: backend
+    spec:
+      containers:
+      - name: cic-cache-server
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
+        imagePullPolicy: Always   
+        command: ["/usr/local/bin/uwsgi", "--wsgi-file=/root/cic_cache/runnable/daemons/server.py",
+          "--http=:8000", "--pyargv", "-vv"]
+        resources:
+          requests:
+            cpu: 50m
+            memory: 100Mi
+          limits:
+            cpu: 100m
+            memory: 100Mi
+        env:
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: DATABASE_NAME
+          value: cic_cache
+        - name: SERVER_PORT
+          value: "8000"
+        - name: DATABASE_DEBUG
+          value: "0"
+        ports:
+        - containerPort: 8000
+          name: server
+      restartPolicy: Always
+---
+# https://kubernetes.io/docs/concepts/services-networking/service/
+apiVersion: v1
+kind: Service
+metadata:
+  name: cic-cache-svc
+  namespace: grassroots
+spec:
+  selector:
+    app: cic-cache-server
+  type: ClusterIP
+  ports:
+  - name: server
+    protocol: TCP
+    port: 80
+    targetPort: 8000

kubernetes/cic-cache/cic-cache-tasker-deployment.yaml

@@ -0,0 +1,175 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-cache-watchers
+  namespace: grassroots
+  labels:
+    app: cic-cache-watchers
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-cache-watchers
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cic-cache-watchers
+        group: cic
+        tier: queue
+    spec:
+      containers:
+      - name: cic-cache-tasker
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
+        imagePullPolicy: Always   
+        command: ["/usr/local/bin/cic-cache-taskerd", "-vv"]
+        resources:
+          requests:
+            cpu: 50m
+            memory: 100Mi
+          limits:
+            cpu: 100m
+            memory: 100Mi
+        env:
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: CIC_CHAIN_SPEC
+          value: "evm:bloxberg:8996"
+        - name: DATABASE_NAME
+          value: cic_cache
+        - name: ETH_PROVIDER
+          value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+        - name: CIC_REGISTRY_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_REGISTRY_ADDRESS
+        - name: CIC_TRUST_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_TRUST_ADDRESS
+      - name: cic-cache-tracker
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
+        # command: ["/usr/local/bin/cic-cache-trackerd", "-vv", "-c", "/usr/local/etc/cic-cache"]
+        command: ["./start_tracker.sh", "-c", "/usr/local/etc/cic-cache", "-vv"]
+        resources:
+          requests:
+            cpu: 50m
+            memory: 100Mi
+          limits:
+            cpu: 100m
+            memory: 100Mi
+        env:
+        - name: CIC_REGISTRY_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_REGISTRY_ADDRESS
+        - name: CIC_TRUST_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_TRUST_ADDRESS
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: DATABASE_NAME
+          value: cic_cache
+        - name: ETH_PROVIDER
+          value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+        - name: CIC_CHAIN_SPEC
+          value: "evm:bloxberg:8996"
+        - name: SERVER_PORT
+          value: "8000"
+        - name: ETH_ABI_DIR
+          value: /usr/local/share/cic/solidity/abi
+        - name: DATABASE_DEBUG
+          value: "0"
+      restartPolicy: Always

kubernetes/cic-eth/cic-eth-tasker-deployment.yaml

@@ -0,0 +1,221 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-eth-tasker
+  namespace: grassroots
+  labels:
+    app: cic-eth-tasker
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-eth-tasker
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cic-eth-tasker
+        group: cic
+        tier: queue
+    spec:
+      containers:
+      - name: cic-eth-tasker
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}       
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
+        imagePullPolicy: Always   
+        # command: ["./start_tasker.sh", "-q", "cic-eth", "-vv"]
+        command: ["/usr/local/bin/cic-eth-taskerd"]
+        resources:
+          requests:
+            cpu: 50m
+            memory: 100Mi
+          limits:
+            cpu: 500m
+            memory: 250Mi
+        env:
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: CIC_REGISTRY_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_REGISTRY_ADDRESS
+        - name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_TRUST_ADDRESS
+        - name: REDIS_HOST
+          value: redis-master
+        - name: REDIS_PORT
+          value: "6379"
+        - name: REDIS_DB
+          value: "0"
+        - name: ETH_PROVIDER
+          value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+        - name: ETH_ABI_DIR
+          value: /usr/local/share/cic/solidity/abi
+        - name: DATABASE_NAME
+          value: cic_eth
+        - name: DATABASE_POOL_SIZE
+          value: "0"
+        - name: CIC_CHAIN_SPEC
+          value: "evm:bloxberg:8996"
+        - name: BANCOR_DIR
+          value: /usr/local/share/cic/bancor
+        - name: SIGNER_SOCKET_PATH
+          value: ipc:///run/crypto-dev-signer/jsonrpc.ipc
+        - name: SIGNER_SECRET
+          value: deadbeef
+        - name: ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
+          value: "0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
+        - name: TASKS_TRACE_QUEUE_STATUS
+          value: "1"
+        - name: "DATABASE_DEBUG"
+          value: "false"
+        volumeMounts:
+        - name: socket-path
+          mountPath: /run/crypto-dev-signer/
+      - name: cic-eth-signer
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}       
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
+        imagePullPolicy: Always   
+        # command: ["./start_tasker.sh", "-q", "cic-eth", "-vv"]
+        command: ["python", "/usr/local/bin/crypto-dev-daemon", "-c", "/usr/local/etc/crypto-dev-signer",
+          "-vv"]
+        resources:
+          requests:
+            cpu: 50m
+            memory: 100Mi
+          limits:
+            cpu: 500m
+            memory: 250Mi
+        env:
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: CIC_REGISTRY_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_REGISTRY_ADDRESS
+        - name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_TRUST_ADDRESS
+        - name: ETH_PROVIDER
+          value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+        - name: ETH_ABI_DIR
+          value: /usr/local/share/cic/solidity/abi
+        - name: DATABASE_NAME
+          value: cic_eth
+        - name: DATABASE_POOL_SIZE
+          value: "0"
+        - name: CIC_CHAIN_SPEC
+          value: "evm:bloxberg:8996"
+        - name: BANCOR_DIR
+          value: /usr/local/share/cic/bancor
+        - name: SIGNER_SOCKET_PATH
+          value: ipc:///run/crypto-dev-signer/jsonrpc.ipc
+        - name: SIGNER_SECRET
+          value: deadbeef
+        - name: ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
+          value: "0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
+        - name: TASKS_TRACE_QUEUE_STATUS
+          value: "1"
+        - name: "DATABASE_DEBUG"
+          value: "false"
+        - name: "CIC_DEFAULT_TOKEN_SYMBOL"
+          value: GFT
+        volumeMounts:
+        - name: socket-path
+          mountPath: /run/crypto-dev-signer/
+      volumes:
+      - name: socket-path
+        emptyDir: {}
+      restartPolicy: Always

kubernetes/cic-eth/cic-eth-tracker.yaml

@@ -0,0 +1,248 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+# The guardian is composed of: 
+# cic-manager-head
+# cic-dispatch
+# cic-retrier
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-eth-tracker
+  namespace: grassroots
+  labels:
+    app: cic-eth-tracker
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-eth-tracker
+  replicas: 1 # these are all strictly 1 
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cic-eth-tracker
+        group: cic
+    spec:
+      containers:
+      - name: cic-eth-tracker
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}       
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
+        imagePullPolicy: Always   
+        command: ["./start_tracker.sh", "-v", "-c", "/usr/local/etc/cic-eth"]
+        resources:
+          requests:
+            cpu: 50m
+            memory: 100Mi
+          limits:
+            cpu: 500m
+            memory: 250Mi
+        env:
+        - name: TASKS_TRANSFER_CALLBACKS
+          value: "cic-eth:cic_eth.callbacks.noop.noop,cic-ussd:cic_ussd.tasks.callback_handler.transaction_callback"
+        - name: CIC_REGISTRY_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_REGISTRY_ADDRESS
+        - name: CIC_TRUST_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_TRUST_ADDRESS
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: ETH_PROVIDER
+          value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+        - name: DATABASE_NAME
+          value: cic_eth
+        - name: DATABASE_DEBUG
+          value: "0"
+        - name: ETH_ABI_DIR
+          value: /usr/local/share/cic/solidity/abi
+        - name: CIC_CHAIN_SPEC
+          value: "evm:bloxberg:8996"
+        - name: REDIS_HOSTNAME
+          value: redis-master
+      - name: cic-eth-dispatcher
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}       
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest      
+        imagePullPolicy: Always   
+        command: ["./start_dispatcher.sh", "-q", "cic-eth", "-v"]
+        resources:
+          requests:
+            cpu: 50m
+            memory: 100Mi
+          limits:
+            cpu: 500m
+            memory: 250Mi
+        env:
+        - name: CIC_REGISTRY_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_REGISTRY_ADDRESS
+        - name: CIC_TRUST_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_TRUST_ADDRESS
+        - name: TASKS_TRANSFER_CALLBACKS
+          value: "cic-eth:cic_eth.callbacks.noop.noop,cic-ussd:cic_ussd.tasks.callback_handler.transaction_callback"
+        - name: CIC_REGISTRY_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_REGISTRY_ADDRESS
+        - name: CIC_TRUST_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_TRUST_ADDRESS
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: ETH_PROVIDER
+          value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+        - name: DATABASE_NAME
+          value: cic_eth
+        - name: DATABASE_DEBUG
+          value: "0"
+        - name: CIC_CHAIN_SPEC
+          value: "evm:bloxberg:8996"
+        - name: REDIS_HOSTNAME
+          value: redis-master
+          # - name:  cic-eth-retrier
+          #   image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
+          #   command: [ "./start_retry.sh", "-v" ]
+          #   resources:
+          #     requests:
+          #       cpu: 50m
+          #       memory: 100Mi
+          #     limits:
+          #       cpu: 500m
+          #       memory: 250Mi
+          #   env:
+          #   - name: CIC_REGISTRY_ADDRESS
+          #     valueFrom:
+          #       configMapKeyRef:
+          #         name: contract-migration-output
+          #         key: CIC_REGISTRY_ADDRESS
+          #   - name: CIC_TRUST_ADDRESS
+          #     valueFrom: 
+          #       configMapKeyRef:
+          #         name: contract-migration-output
+          #         key: CIC_TRUST_ADDRESS
+          #   - name: CIC_TX_RETRY_DELAY # TODO what is this value?
+          #     value: "15"
+          #   - name: TASKS_TRANSFER_CALLBACKS # TODO what is this value?
+          #     value: "taskcall:cic_eth.callbacks.noop.noop"
+          #   - name: ETH_PROVIDER 
+          #     value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+          #   - name: DATABASE_USER
+          #     value: grassroots
+          #   - name: DATABASE_HOST
+          #     value: postgres-helm-postgresqlsql 
+          #   - name: DATABASE_PASSWORD
+          #     value: tralala
+          #   - name: DATABASE_NAME
+          #     value: cic_eth
+          #   - name: DATABASE_PORT
+          #     value: "5432"
+          #   - name: DATABASE_ENGINE
+          #     value: postgres
+          #   - name: DATABASE_DRIVER
+          #     value: psycopg2
+          #   - name: DATABASE_DEBUG
+          #     value: "1"
+        # - name: REDIS_HOSTNAME
+        #   value: grassroots-redis-master
+      #   - name: CIC_CHAIN_SPEC
+      #     value: "evm:bloxberg:8996"
+      #   - name: CELERY_BROKER_URL
+      #     value: redis://grassroots-redis-master
+      #   - name: CELERY_RESULT_URL
+      #     value: redis://grassroots-redis-master
+      restartPolicy: Always

kubernetes/cic-meta/cic-meta-server-deployment.yaml

@@ -0,0 +1,122 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-meta-server
+  namespace: grassroots
+  labels:
+    app: cic-meta-server
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-meta-server
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cic-meta-server
+        group: cic
+    spec:
+      containers:
+      - name: cic-meta-server
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:master-fe017d2b-1625932004 # {"$imagepolicy": "flux-system:cic-meta"} 
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:latest
+        imagePullPolicy: Always   
+        resources:
+          requests:
+            cpu: 50m
+            memory: 250Mi
+          limits:
+            cpu: 100m
+            memory: 500Mi
+        env:
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: SCHEMA_SQL_PATH
+          value: scripts/initdb/server.postgres.sql
+        - name: DATABASE_NAME
+          value: cic_meta
+        - name: SERVER_HOST
+          value: localhost
+        - name: SERVER_PORT
+          value: "8000"
+        - name: DATABASE_SCHEMA_SQL_PATH
+          value: ""
+        - name: PGP_EXPORTS_DIR
+          value: /tmp/src/keys
+        - name: PGP_PRIVATEKEY_FILE # Private key here is for enrypting data
+          value: privatekey.asc
+        - name: PGP_PASSPHRASE
+          value: queenmarlena # TODO move to secret
+        - name: PGP_PUBLICKEY_TRUSTED_FILE
+          value: publickeys.asc
+        - name: PGP_PUBLICKEY_ACTIVE_FILE # public key here is to know who to trust
+          value: publickeys.asc
+        - name: PGP_PUBLICKEY_ENCRYPT_FILE
+          value: publickeys.asc
+        ports:
+        - containerPort: 8000
+          name: cic-meta-server
+        volumeMounts:
+        - mountPath: /tmp/src/keys
+          readOnly: true
+          name: pgp
+      volumes:
+      - name: pgp
+        configMap:
+          name: pgp-meta-test
+          items:
+      restartPolicy: Always
+---
+# https://kubernetes.io/docs/concepts/services-networking/service/
+apiVersion: v1
+kind: Service
+metadata:
+  name: cic-meta-server
+  namespace: grassroots
+spec:
+  selector:
+    app: cic-meta-server
+  type: ClusterIP
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: 8000

kubernetes/cic-notify/cic-notify-africastalking-sandbox-sealedsecret.yaml

@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cic-notify-africastalking-sandbox-secret
+  namespace: grassroots
+spec:
+  encryptedData:
+    api_key: AgC1j5LwcOocVchLac0kPmCqyqljV40RzlCXVrtaxFvFvO+s2KcaUNFrIxfirZ8pbSDPKAUAgQam9tJiZFg4Wdu0x6LDDo6x2/0t/HXqb1eeH+OxO045T0AQZPpqFK+5QZ7y+c0tnUJfppCgOd+PhvB0AyHndWoWmTMGy48zpKaeRZriRRM5+rkNgGzazUNdsQoThOhEStIDCa1+zpq++KckU+VS5Qgsj7X1gOth+XFeyVFuXLY/QTTmvflgXj/YA5HMcJVCO3/l4UGaxHaUWps6IlZ5RgALamavAww7HIT7iecjXbAKx4fQt7bKuQY/FHiwDLAJmfdYUv7YK3EVsW4lSWVxgQ4RKM1dru8Kgs4nE+jmlApeuMl2Y3yT0tyCXSNPBzcsAbeumctsWO2gypQbL/0N1a9OZYgJv4/rfbonl8lK8detZDnAOqhOEiJ2fX/H9bkLc7n5hEHxnIt72sgdurD3r7WkxNsD8/laBx7hDtr7+Zv9RZ8MlyyUd+ZBVax6tO7immo8ya+BRsFKcrr3FqSuvwl3q7y/DNLMU6wqEv+/FmfSW7J1HuGlOJApHM96R6Jfqpw+ZNZ/hS6Z0CDNicLRdRfDaKglOu4UvkiWQ2F1JtqtJEtishbk3bNtZSAOO7Uan/V1XfeUvrYBAyXCoLLwK2pm/eWNZ71BW7TghCNgqRpeALPZy2JrDudnmyoXzcidJeBi5lBEnbXzIcOuos/0xgM/DiKQDO8mxh1ycbiu9XSydxdkLrRFXMtO8KK4qhIdgJp8INjZxIzgm5j3
+    api_sender_id: AgCTvYXxQNTCcRnMrfcc3D+OY+N8/mFtfI+O3xI45qxdC1n7/OE2MI0XIleYSbbAh3R7+5lNjq3pVhdKpRvCYxUGerCdSeYFQZf0RN71sAtDV8NnHCB6pRIsCWlvjDHw7XRH6PiPrr0xj4rwd1Qou8EMybVQXwT6nvV20kdKhAd6dTTgqT8x1AB5N+L0o1H/ThOKNadjN6oqlROz4in0DTTmis+Ebk4pywFroVWa5pMCjy7Ua5omKqB45lAKDp4FwogSnEUVS1b1pQTO/o0mnCQRObPcOzVjze6oqfUaEPkvtrOkmKuAxEXFKdAzG8bzPwx6EuSCbMmcUekeBGKDZBniE1YyOkPyLZelBEtyXFhQBmKbdW4qhlEJwYwflFBll8eNo2ruMVH7HTJvAqW4p2mxTIoM9Nx+UWDJjZ736aYvDfCgZX0MVKvXjrNtWEhuVBYGZxFIWfj/RqNkcJf+ZlNYK8MripzPReNWDlvhH1jzlPGJozUlYfLY8hY/NDGMbdc+EflLy8p4oRLWUo0Z0W3ARwLM1WQMk8FSXAgCjMmL7m3d310lVO5LLVdj3GTpjfCNPm2m7Re0lsOkLDE8x0vhJnlIUJ8WlY1EdezKfPWR0laNSknCCxfPYU88XiO2DVgUdWBH0Hg13yQQ3IXz49Pnf6LrAx46EgKUzoKnCgA5L/hRAIV3u8vav/5kdSF4CxY=
+    api_username: AgBQZXCDQY5B1RKfwjih04XSvdPJjmlfuA2bL6qiphYDIM223DJ5HEolHIWlCeSAjDC5JjkkesPmVzxybgD7hRwVuyOyWfmiXBG6+552v/DNv17IfSNNtZMCsEj9jyscHfvRI1NCG5pxywhBfRxhOVIYflbFI/H+13ReAs/6J/uhVfWVPMXzdg7Zj7mYsWzj3otv0npzXc+j2G4JZk53h7fDTY/XsXyZCe+Xpn9auf7Y+m+/shOiaM67CuE+eMWYhpTpTDy6oG3rjSrqhjVnE4wu8fP85nTGK2ctrQ9qgyOdcf1vPdlt1CwP5FZ+zxY8GrhUsYnunQ50znPD55e/8m5AqZhIrCjQ0lfzB2iCn0OzwOjnQpfv0W0QXpw6aDH/GYfMbDBLyXnF5yU0J+R7tv2Q45NKyRHbdO2VQXhXak95YGvK0Er3+8b0Jx4k3L+hM3OTFaJgdGOyb4IsUFG6vfQlfG3Bl4ggYqAGCJo041SpT4gc1XgGkar8WD4sOir61qKde8NnIOdRn1bhaZ8qD2eP+4p20hqsgpAA38SN6qZfrZc5sj/Re2mXxYIbmdALlP6yt1exhtU4QRzF23RDHmwiGtzh0YqIUj62+icrLcn+ZXgpufW9BgxKXilczF/bfsN2v4VFKsrkp+wRtAlFj3riDoles/IhItIJ9KpmSHEsRDRrkrUl+sFQ5xqQvfIuEoy/DHKf/Q3L
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cic-notify-africastalking-sandbox-secret
+      namespace: grassroots
+

kubernetes/cic-notify/cic-notify-africastalking-sealedsecret.yaml

@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cic-notify-africastalking-secret
+  namespace: grassroots
+spec:
+  encryptedData:
+    api_key: AgAbH1KDx0kVxtqPBvkb0w1uYJm0Vwd/eHBMhLJRC9Z5zs/YkHkV+Zrz4Pk0loSIdyV3fFdL+zcqnwWmkYjrkBYUXqB+F6HcfYPlND+zAtv8QMbpmHoF6faqx1MY981Sx7qqURlORCZzkwzrDEC4XK2nwut414PFEQ4Rn9SWe2RWXl75G3+TVkj0jd24rYYlGCmD8krjFLY9IMigKZOr0TqoPhHv9xKPg7+Xpwtd86QpiFcTR0fBtN8FLDuKlYGHvTvaUqT2kyBEXeiSn3V+rB7mD72QtNBwS9KJfQla/Gh1z4kps5DkZNoHKRz3O0SnMND1UrID713g7coYI+3q3Xk4/IFiYH4iTQwls/TZWuu/aAc74Ofs6tNwNfUeGGwa0uX/EdMpQ0cWBsGQXi3wG91kvCbnHQ1IERXgCLzGur9yB7YARy6H3tJkQrjzY2ETmMK6wj8yelKC1LLiVk/UVPiRI3O85JPxDDdtcOWkRtGso5Z1Q4D0AFWhbrhBXZc3cS2MmU1bIXoZ+fsYoZ1Mrg+uFQyuf4XwIq+HZuaYksN6xN0olId/H53Bau/z54pteFwT3VOKJNrLHCnAz0YJG2LO08Iu3FcNIUVh1tf39019QOFW2QGemhxznfPH1Mn4l9GwhE2MNfU2JqbFLnCfPZPoFSY+7YZ8I271aY4sM/OlaE2Nrk9RSsSgpS+WUCijSzZ8Crgc8dffVQryDEc/t+JIW7T4BH16lk+fgx2W1JoU/BMMvaRitHX5XsIs5xchwfuvb5+WbNnT8WbYdomGokEg
+    api_sender_id: AgBt9Sp+yb1Qek38Imhs4zW4pcujj2ExStcfLgWPXgD3WhIOfMS7AFAe5uDTICZqLEoMnluVTJn8Hk02BIU3quXWjOOgLJRmpNlgqAbchR1XA07BwGeYWMZomC4M+8nknMOHeQvo8HGN/Y5HnXw5N2Gw8Utlm/cLVVJOEYCKGiR8vWpzMMGepxIKVeex93Ev09SQsxbOJ3QO3SGdJiKFBvXgSeGnsdg+uAeC0NG1zzVBbiCgiNoIZgv6ZnwzBZSl7BYAazt4xOoHSRoicgmIX3PWdjIz+lzVHIuEuFZK9heq+MODQhZcvf54JRB1qPURGJobu3IVDAckIvnFlSCRaBp2rAqtyzAtngkau3Et/66eI3SChJFDgnbourQ1QRPzqWipzYQ11JpUbc0luXRfA+HvzrlIf5r/rSL93jepWQS0Exk2VuCrBAS+QPJccmncJYRZ98SU0fAu+5ZcHFVkEpc4iatW6j1tXyxn+tO1pl7yB/9GGfNA72XxVHwLZmTE7LN0Y4VyhdIQYtXX5ZX49bD0Lfk/m1pkwkWtj1Cas7YpFvX0JUN0bjn6JQoJAIh7fCW5O2ATp/eqpsCcfyw+Fy8kNPFVXlfvVmD9aqwYojfCE2CV0lXFGwHLkNp0nxxTPoqrx2YAa9R/nILaUawvMdMU+a8n1Ee79al/eVpqr4WdTkQikrxcoud8PDzNOyk2y8eZY+Kb2dU=
+    api_username: AgBOCaA5MnRsnGSkQw8Md2XIRsb+9Dg3XiM5yagk1GvAcO+eNnL4i2F4pbA0Ctad0LpQVXwVhppJDqxS7ffy3VJwMdEWxChKN3AiE3e8Eqx8LzD1xXU48OxAfksFKQrXNBVjfBcSgyoTwI5ohYSGxuUL3fWo4/Wp0AWdy92bwNZfhOvkLpfn+Q3nblLX9tQeu/ky6+hqkiyZSWjgykJXGnVnpPMoRS8BLbcxRD1kpJfMORfW7q1JyzheBGByStRvr7i6z3m4KVC/a9H3o0OpIQQTNtvvy4zECQ5NnjrxXYdOJfJZNq1enVqqCeA06h2e3DESfxYPPx6tL8+Ugo+4TorFb5Fw8vqFQRd/1SiGQE++W/MRY4P+fj9hQrxyzdnG5oBq1j2JTpx5VMwkOEk1yVLmRS9nYrZOfFE/6EJJSzRZMbh+xVTEvcag9ZzSzkbKoakR+VKjZ2Rpum6rwXPUUhJ5F6ohIZx2x/qE3QJlmxtnJQGfmNwe6HTiLxqjU3o0SkVQgMPN275Uydlm6Omn9eo2jkYnA5hg4TPoFjcqAmbgV5O372U6ShpNtA2hYi6CdF7K/sbKxhFtHTrPAdF5NhMGZ6N81X1AMWq3a1mojMBJbVTPVzSWPovkiqhQ62gKUUbPp191aLuQlX83dqEuRxyYTprId/ODB7RtaAddDcLsF4z/7i7yh8VtKyqHBs7hA52O1b2sQJwxmhw=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cic-notify-africastalking-secret
+      namespace: grassroots
+

kubernetes/cic-notify/cic-notify-deployment.yaml

@@ -0,0 +1,100 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-notify-tasker
+  namespace: grassroots
+  labels:
+    app: cic-notify-tasker
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-notify-tasker
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cic-notify-tasker
+        group: cic
+    spec:
+      containers:
+      - name: cic-notify-tasker
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:master-7a3cb7ab-1627053362 # {"$imagepolicy": "flux-system:cic-notify"}
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:latest
+        imagePullPolicy: Always   
+        command: ["./start_tasker.sh", "-q", "cic-notify", "-vv"]
+        resources:
+          requests:
+            cpu: 25m
+            memory: 100Mi
+          limits:
+            cpu: 50m
+            memory: 200Mi
+        env:
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: DATABASE_POOL_SIZE
+          value: "0"
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: DATABASE_NAME
+          value: cic_notify
+        - name: AFRICASTALKING_API_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: cic-notify-africastalking-sandbox-secret
+              key: api_username
+        - name: AFRICASTALKING_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: cic-notify-africastalking-sandbox-secret
+              key: api_key
+        - name: AFRICASTALKING_API_SENDER_ID
+          valueFrom:
+            secretKeyRef:
+              name: cic-notify-africastalking-sandbox-secret
+              key: api_sender_id
+        ports:
+        - containerPort: 80 # What is this value?
+          name: cic-eth-manager
+      restartPolicy: Always

kubernetes/cic-staff-client/cic-staff-client-deployment.yaml

@@ -0,0 +1,55 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-staff-client
+  namespace: grassroots
+  labels:
+    app: cic-staff-client
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-staff-client
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cic-staff-client
+        group: cic
+    spec:
+      containers:
+      - name: cicada
+        #image: registry.gitlab.com/grassrootseconomics/cic-staff-client:master-858e1e65-1627284988 # {"$imagepolicy": "flux-system:cic-staff-client"} 
+        image: registry.gitlab.com/grassrootseconomics/cic-staff-client:latest
+        imagePullPolicy: Always   
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+          limits:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 80
+          name: http
+      restartPolicy: Always
+---
+# https://kubernetes.io/docs/concepts/services-networking/service/
+apiVersion: v1
+kind: Service
+metadata:
+  name: cic-staff-client
+  namespace: grassroots
+spec:
+  selector:
+    app: cic-staff-client
+  type: ClusterIP
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: 80

kubernetes/cic-ussd/cic-user-server-deployment.yaml

@@ -0,0 +1,113 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-user-server
+  namespace: grassroots
+  labels:
+    app: cic-user-server
+  annotations:
+    keel.sh/policy: "glob:master-*"
+    keel.sh/trigger: poll
+    keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-user-server
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cic-user-server
+        group: cic
+        tier: backend
+    spec:
+      containers:
+      - name: cic-user-server
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-fad0a4b5-1628267359 # {"$imagepolicy": "flux-system:cic-ussd"}       
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
+        command: ["/root/start_cic_user_server.sh", "-vv"]
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+          limits:
+            cpu: 500m
+            memory: 250Mi
+        env:
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: DATABASE_POOL_SIZE
+          value: "0"
+        - name: DATABASE_NAME
+          value: cic_ussd
+        - name: HTTP_PORT_CIC_USER_SERVER
+          value: "9500"
+        - name: PGP_KEYS_PATH
+          value: /tmp/src/keys/
+        - name: PGP_EXPORTS_DIR
+          value: /tmp/src/keys/
+        ports:
+        - containerPort: 9500
+          name: server
+        volumeMounts:
+        - mountPath: /tmp/src/keys
+          name: pgp
+          readOnly: true
+      volumes:
+      #- name: pgp
+      #  secret:
+      #    secretName: pgp
+      - name: pgp
+        configMap:
+          name: pgp-meta-test
+      restartPolicy: Always
+---
+# https://kubernetes.io/docs/concepts/services-networking/service/
+apiVersion: v1
+kind: Service
+metadata:
+  name: cic-user-server-svc
+  namespace: grassroots
+spec:
+  selector:
+    app: cic-user-server
+  type: ClusterIP
+  ports:
+  - name: server
+    protocol: TCP
+    port: 80
+    targetPort: 9500

kubernetes/cic-ussd/cic-user-tasker-deployment.yaml

@@ -0,0 +1,122 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-user-tasker
+  namespace: grassroots
+  labels:
+    app: cic-user-tasker
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-user-tasker
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cic-user-tasker
+        group: cic
+        task: queue
+    spec:
+      containers:
+      - name: cic-user-tasker
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-7a3cb7ab-1627053361 # {"$imagepolicy": "flux-system:cic-ussd"}       
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
+        imagePullPolicy: Always   
+        command: ["/root/start_cic_user_tasker.sh", "-q", "cic-ussd", "-vv"]
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+          limits:
+            cpu: 500m
+            memory: 250Mi
+        env:
+        - name: APP_PASSWORD_PEPPER
+          valueFrom:
+            secretKeyRef:
+              name: cic-ussd-secret
+              key: app_password_pepper
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: DATABASE_NAME
+          value: cic_ussd
+        - name: DATABASE_POOL_SIZE
+          value: "0"
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: REDIS_HOST
+          value: redis-master
+        - name: REDIS_PORT
+          value: "6379"
+        - name: REDIS_DATABASE
+          value: "0"
+        - name: CIC_META_URL
+          value: http://cic-meta-server:80
+        - name: PGP_KEYS_PATH
+          value: /tmp/src/keys/
+        - name: PGP_EXPORTS_DIR
+          value: /tmp/src/keys/
+        - name: PGP_PRIVATE_KEYS
+          value: privatekey.asc
+        - name: PGP_PASSPHRASE
+          value: queenmarlena 
+        - name: CIC_META_URL
+          value: http://cic-meta-server:80
+        volumeMounts:
+        - mountPath: /tmp/src/keys
+          name: pgp
+          readOnly: true
+      volumes:
+      #- name: pgp
+      #  secret:
+      #    secretName: pgp
+      - name: pgp
+        configMap:
+          name: pgp-meta-test
+      restartPolicy: Always

kubernetes/cic-ussd/cic-user-ussd-server-deployment.yaml

@@ -0,0 +1,139 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-user-ussd-server
+  namespace: grassroots
+  labels:
+    app: cic-user-ussd-server
+  annotations:
+      keel.sh/policy: "glob:master-*"
+      keel.sh/trigger: poll
+      keel.sh/pollSchedule: "@every 5m"
+spec:
+  selector:
+    matchLabels:
+      app: cic-user-ussd-server
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cic-user-ussd-server
+        group: cic
+        tier: backend
+    spec:
+      containers:
+      - name: cic-user-ussd-server
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-7a3cb7ab-1627053361 # {"$imagepolicy": "flux-system:cic-ussd"}       
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
+        imagePullPolicy: Always   
+        command: ["/root/start_cic_user_ussd_server.sh", "-vv"]
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+          limits:
+            cpu: 500m
+            memory: 250Mi
+        env:
+        - name: APP_PASSWORD_PEPPER
+          valueFrom:
+            secretKeyRef:
+              name: cic-ussd-secret
+              key: app_password_pepper
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: DATABASE_POOL_SIZE
+          value: "0"
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: REDIS_HOST
+          value: redis-master
+        - name: REDIS_PORT
+          value: "6379"
+        - name: REDIS_DATABASE
+          value: "0"
+        - name: DATABASE_NAME
+          value: cic_ussd
+        - name: SERVER_PORT
+          value: "9000"
+        - name: APP_ALLOWED_IP
+          value: "0.0.0.0/0"
+        - name: CIC_META_URL
+          value: http://cic-meta-server:80
+        - name: PGP_KEYS_PATH
+          value: /tmp/src/keys/
+        - name: PGP_EXPORTS_DIR
+          value: /tmp/src/keys/
+        - name: PGP_PRIVATE_KEYS
+          value: privatekey.asc
+        - name: PGP_PASSPHRASE
+          value: queenmarlena # TODO move to secret
+        volumeMounts:
+        - mountPath: /tmp/src/keys
+          name: pgp
+        ports:
+        - containerPort: 9000
+          name: server
+      volumes:
+      - name: pgp
+        configMap:
+          name: pgp-meta-test
+      restartPolicy: Always
+---
+# https://kubernetes.io/docs/concepts/services-networking/service/
+apiVersion: v1
+kind: Service
+metadata:
+  name: cic-user-ussd-svc
+  namespace: grassroots
+spec:
+  selector:
+    app: cic-user-ussd-server
+  type: ClusterIP
+  ports:
+  - name: server
+    protocol: TCP
+    port: 80
+    targetPort: 9000

kubernetes/cic-ussd/cic-ussd-sealedsecret.yaml

@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cic-ussd-secret
+  namespace: grassroots
+spec:
+  encryptedData:
+    app_password_pepper: AgCrkW9x9iLDjcmmNHTopd1CXAdamuqWkiS3Tviev5OtR5d4FBw9L9Qm8P9ZsBiH9ucQSNu4XLxUuIEgyBLEPQDM5DELl+qvCmPboQ73kPxjEH4/ppqE1QnJHBFcTqfkUVDu4dBkmGPCbYAGrWqDa1bZt1Hujl+ZpWuc919nN2yxFEArs8jt8JIP2bbGKwPl21MDNP53ITtpw1euBswxUzLRcfUrw+6ghce8faFjDEnCS9NKftCwBFMQN2ddNn8aY0K1Dl/DJLTJw9c6L+3YAHzaQAkNz2I6W6ERri6Mmkc1bE1cujvftNxrWkPqh9bJD163xhMbA6vQd8rEpQelilBQpT0plcH5dj11mhAX+n3IR4Xp5kD+fwwPPgoQ5P3TJj4nfAccM/ubVVR6vLCXrO2TV56V8YgQ2pd0H3H8IJYRdU6LE9xLWdG5J32EKrhnhTNaGcFpWq3g4UUv6Fy0z7iZ8TkBce13zCiEf7AXeXzdj2KDgVW6/FBLknJoDd2m/j4GA5UC6MiKXc/X9sgHeSIOstR5nGBuYYr/12FbAPdnvV8zQzfHQsSCysciLQBqFhC5Yeepwu+UYsYCDWKGgvmC284zl52VkK2G6cXi77qcKNc6NtViZpKkJ0vRysgLLpBiDERB/NOrXef+kA6hJXsc5hqAPJjceh0XV0iT/4FA/2qq0A7qfm4meSJAxrj2PssoVQSUQmo2jopTCsa7IEq9opqy0yJaXu+dJG32IHimDLcAm1Sp0uumcd9MOg==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cic-ussd-secret
+      namespace: grassroots
+

kubernetes/contract-migration/contract-migration-envlist-configmap.yaml

@@ -0,0 +1,68 @@
+# https://kubernetes.io/docs/concepts/configuration/configmap/
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: contract-migration-envlist
+  namespace: grassroots
+data:
+  envlist: |
+    SYNCER_LOOP_INTERVAL
+    SSL_ENABLE_CLIENT
+    SSL_CERT_FILE
+    SSL_KEY_FILE
+    SSL_PASSWORD
+    SSL_CA_FILE
+    BANCOR_DIR
+    REDIS_HOST
+    REDIS_PORT
+    REDIS_DB
+    PGP_PRIVATEKEY_FILE
+    PGP_PASSPHRASE
+    DATABASE_USER
+    DATABASE_PASSWORD
+    DATABASE_NAME
+    DATABASE_HOST
+    DATABASE_PORT
+    DATABASE_ENGINE
+    DATABASE_DRIVER
+    DATABASE_DEBUG
+    TASKS_AFRICASTALKING
+    TASKS_SMS_DB
+    TASKS_LOG
+    TASKS_TRACE_QUEUE_STATUS
+    TASKS_TRANSFER_CALLBACKS
+    DEV_MNEMONIC
+    DEV_ETH_RESERVE_ADDRESS
+    DEV_ETH_ACCOUNTS_INDEX_ADDRESS
+    DEV_ETH_RESERVE_AMOUNT
+    DEV_ETH_ACCOUNT_BANCOR_DEPLOYER
+    DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER
+    DEV_ETH_ACCOUNT_GAS_PROVIDER
+    DEV_ETH_ACCOUNT_RESERVE_OWNER
+    DEV_ETH_ACCOUNT_RESERVE_MINTER
+    DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_OWNER
+    DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
+    DEV_ETH_ACCOUNT_SARAFU_OWNER
+    DEV_ETH_ACCOUNT_SARAFU_GIFTER
+    DEV_ETH_ACCOUNT_APPROVAL_ESCROW_OWNER
+    DEV_ETH_ACCOUNT_SINGLE_SHOT_FAUCET_OWNER
+    DEV_ETH_SARAFU_TOKEN_NAME
+    DEV_ETH_SARAFU_TOKEN_SYMBOL
+    DEV_ETH_SARAFU_TOKEN_DECIMALS
+    DEV_ETH_SARAFU_TOKEN_ADDRESS
+    DEV_PGP_PUBLICKEYS_ACTIVE_FILE
+    DEV_PGP_PUBLICKEYS_TRUSTED_FILE
+    DEV_PGP_PUBLICKEYS_ENCRYPT_FILE
+    CIC_REGISTRY_ADDRESS
+    CIC_APPROVAL_ESCROW_ADDRESS
+    CIC_TOKEN_INDEX_ADDRESS
+    CIC_ACCOUNTS_INDEX_ADDRESS
+    CIC_DECLARATOR_ADDRESS
+    CIC_CHAIN_SPEC
+    ETH_PROVIDER
+    ETH_ABI_DIR
+    SIGNER_SOCKET_PATH
+    SIGNER_SECRET
+    CELERY_BROKER_URL
+    CELERY_RESULT_URL
+    META_PROVIDER

kubernetes/contract-migration/contract-migration-job.yaml

@@ -0,0 +1,122 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/job/
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: contract-migration
+  namespace: grassroots
+  labels:
+    app: contract-migration
+spec:
+  backoffLimit: 6
+  template:
+    spec:
+      imagePullSecrets:
+      - name: gitlab-internal-integration-registry
+      # securityContext:
+      #   runAsUser: 1000
+      #   runAsGroup: 1000
+      restartPolicy: Never
+      containers:
+      - name: contract-migration
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:master-621780e9-1618865959 # {"$imagepolicy": "flux-system:cic-contract-migration"}
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
+        command: ["./run_job.sh"]
+        # command: ["sleep", "3600"]
+        env:
+        - name: CIC_REGISTRY_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_REGISTRY_ADDRESS
+        - name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_TRUST_ADDRESS
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: DATABASE_NAME
+          value: cic_eth
+        - name: REDIS_HOST
+          value: redis-master
+        - name: REDIS_PORT
+          value: "6379"
+        - name: REDIS_DB
+          value: "0"
+        - name: DEV_PIP_EXTRA_INDEX_URL
+          value: https://pip.grassrootseconomics.net:8433
+        - name: ETH_PROVIDER
+          value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+        - name: ETH_PROVIDER_HOST
+          value: bloxberg-validator.grassroots.svc.cluster.local
+        - name: ETH_PROVIDER_PORT
+          value: "8547"
+        - name: CIC_CHAIN_SPEC
+          value: "evm:bloxberg:8996"
+        - name: CIC_DATA_DIR
+          value: /tmp/cic/config
+        - name: RUN_MASK
+          value: "3" # bit flags; 1: contract migrations 2: seed data
+        - name: DEV_FAUCET_AMOUNT
+          value: "50000000"
+        - name: CIC_DEFAULT_TOKEN_SYMBOL
+          value: GFT
+        - name: DEV_SARAFU_DEMURRAGE_LEVEL
+          value: "196454828847045000000000000000000"
+        - name: DEV_ETH_GAS_PRICE
+          value: "1"
+        - name: TOKEN_TYPE
+          value: giftable_erc20_token
+        - name: WALLET_KEY_FILE
+          value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
+        volumeMounts:
+        - mountPath: /tmp/cic/config
+          name: migration-output
+        resources:
+          requests:
+            memory: "250Mi"
+            cpu: "100m"
+          limits:
+            memory: "500Mi"
+            cpu: "250m"
+      volumes:
+      - name: migration-output
+        emptyDir: {}

kubernetes/contract-migration/contract-migration-output-configMap.yaml

@@ -0,0 +1,11 @@
+# https://kubernetes.io/docs/concepts/configuration/configmap/
+# PURPOSE: These values are *manually* populated after execution of the contract migration container
+# The contract migration pod should output these vars among the STDOUT
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: contract-migration-output
+  namespace: grassroots
+data:
+  CIC_REGISTRY_ADDRESS: "0xea6225212005e86a4490018ded4bf37f3e772161"
+  CIC_TRUST_ADDRESS: "0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C"

kubernetes/contract-migration/contract-seeding-job.yaml

@@ -0,0 +1,118 @@
+# https://kubernetes.io/docs/concepts/workloads/controllers/job/
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: contract-seeding
+  namespace: grassroots
+  labels:
+    app: contract-seeding
+spec:
+  backoffLimit: 0
+  template:
+    spec:
+      imagePullSecrets:
+      - name: gitlab-internal-integration-registry
+      # securityContext:
+      #   runAsUser: 1000
+      #   runAsGroup: 1000
+      restartPolicy: Never
+      containers:
+      - name: registry-seeder
+        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:master-621780e9-1618865959 # {"$imagepolicy": "flux-system:cic-contract-migration"}
+        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest 
+        command: ["./run_job.sh"]
+        # command: ["sleep", "3600"]
+        env:
+        - name: CIC_REGISTRY_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_REGISTRY_ADDRESS
+        - name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: contract-migration-output
+              key: CIC_TRUST_ADDRESS
+        - name: DATABASE_USER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_USER
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PORT
+        - name: DATABASE_ENGINE
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_ENGINE
+        - name: DATABASE_DRIVER
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_DRIVER
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: postgresql-conn-common
+              key: DATABASE_PASSWORD
+        - name: CELERY_BROKER_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_BROKER_URL
+        - name: CELERY_RESULT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: redis-conn-common
+              key: CELERY_RESULT_URL
+        - name: DATABASE_NAME
+          value: cic_eth
+        - name: REDIS_HOST
+          value: redis-master
+        - name: REDIS_PORT
+          value: "6379"
+        - name: REDIS_DB
+          value: "0"
+        - name: DEV_PIP_EXTRA_INDEX_URL
+          value: https://pip.grassrootseconomics.net:8433
+        - name: ETH_PROVIDER
+          value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+        - name: ETH_PROVIDER_HOST
+          value: bloxberg-validator.grassroots.svc.cluster.local
+        - name: ETH_PROVIDER_PORT
+          value: "8547"
+        - name: CIC_CHAIN_SPEC
+          value: "evm:bloxberg:8996"
+        - name: CIC_DATA_DIR
+          value: /tmp/cic/config
+        - name: RUN_MASK
+          value: "2" # bit flags; 1: contract migrations 2: seed data
+        - name: DEV_FAUCET_AMOUNT
+          value: "50000000"
+        - name: CIC_DEFAULT_TOKEN_SYMBOL
+          value: GFT
+        - name: DEV_SARAFU_DEMURRAGE_LEVEL
+          value: "196454828847045000000000000000000"
+        - name: DEV_ETH_GAS_PRICE
+          value: "1"
+        volumeMounts:
+        - mountPath: /tmp/cic/config
+          name: migration-output
+        resources:
+          requests:
+            memory: "250Mi"
+            cpu: "100m"
+          limits:
+            memory: "500Mi"
+            cpu: "250m"
+      volumes:
+      - name: migration-output
+        emptyDir: {}

kubernetes/contract-migration/data-seeding-deployment.yaml

@@ -0,0 +1,229 @@
+# https://kubernetes.io/docs/concepts/workloads/pods/
+apiVersion: v1
+kind: Deployment 
+metadata:
+  name: data-seeding 
+  namespace: grassroots
+  labels:
+    app: data-seeding 
+    group: cic
+spec:
+  containers:
+    # This container should stay up for interactive use for now.
+  - name: data-seeding 
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
+    command: bash -c "while true; do sleep 1; done"  # Infinite loop to keep container live doing nothing
+    resources:
+      requests:
+        cpu: 50m
+        memory: 200Mi
+      limits:
+        cpu: 100m
+        memory: 400Mi
+    env:
+      - name: DATABASE_USER
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_USER
+      - name: DATABASE_HOST
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_HOST
+      - name: DATABASE_PORT
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_PORT
+      - name: DATABASE_ENGINE
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_ENGINE
+      - name: DATABASE_DRIVER
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_DRIVER
+      - name: DATABASE_PASSWORD
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_PASSWORD
+      - name: CELERY_BROKER_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_BROKER_URL
+      - name: CELERY_RESULT_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_RESULT_URL
+      - name: ETH_PROVIDER
+        value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+      - name: CIC_REGISTRY_ADDRESS
+        valueFrom:
+          configMapKeyRef:
+            name: contract-migration-output
+            key: CIC_REGISTRY_ADDRESS
+      - name: CIC_TRUST_ADDRESS
+        valueFrom:
+          configMapKeyRef:
+            name: contract-migration-output
+            key: CIC_TRUST_ADDRESS
+      - name: CELERY_BROKER_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_BROKER_URL
+      - name: CELERY_RESULT_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_RESULT_URL
+      - name: DATABASE_NAME
+        value: cic_eth
+      - name: META_URL
+        value: http://cic-meta-server:80
+      - name: META_HOST
+        value: cic-meta-server
+      - name: META_PORT
+        value: "80"
+      - name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
+        value: privatekey.asc
+      - name: PGP_PUBLIC_KEY_FILE
+        value: publickeys.asc
+      - name: PGP_PASSPHRASE
+        value: queenmarlena # TODO move to secret
+      - name: REDIS_HOST
+        value: redis-master
+      - name: REDIS_PORT
+        value: "6379"
+      - name: TOKEN_SYMBOL
+        value: "GFT"
+      - name: USER_USSD_HOST
+        value: cic-user-ussd-svc 
+      - name: USER_USSD_PORT
+        value: "80"
+      - name: KEYSTORE_FILE_PATH
+        value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
+    volumeMounts:
+    - mountPath: /tmp/src/keys
+      readOnly: true
+      name: pgp
+    - moutPath: /root/out
+      name: out-dir
+  - name: data-seeding-tasker 
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
+    command: bash -c "while true; do sleep 1; done"  # Infinite loop to keep container live doing nothing
+    resources:
+      requests:
+        cpu: 50m
+        memory: 200Mi
+      limits:
+        cpu: 100m
+        memory: 400Mi
+    env:
+      - name: DATABASE_USER
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_USER
+      - name: DATABASE_HOST
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_HOST
+      - name: DATABASE_PORT
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_PORT
+      - name: DATABASE_ENGINE
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_ENGINE
+      - name: DATABASE_DRIVER
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_DRIVER
+      - name: DATABASE_PASSWORD
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_PASSWORD
+      - name: CELERY_BROKER_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_BROKER_URL
+      - name: CELERY_RESULT_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_RESULT_URL
+      - name: ETH_PROVIDER
+        value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+      - name: CIC_REGISTRY_ADDRESS
+        valueFrom:
+          configMapKeyRef:
+            name: contract-migration-output
+            key: CIC_REGISTRY_ADDRESS
+      - name: CIC_TRUST_ADDRESS
+        valueFrom:
+          configMapKeyRef:
+            name: contract-migration-output
+            key: CIC_TRUST_ADDRESS
+      - name: CELERY_BROKER_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_BROKER_URL
+      - name: CELERY_RESULT_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_RESULT_URL
+      - name: DATABASE_NAME
+        value: cic_eth
+      - name: META_URL
+        value: http://cic-meta-server:80
+      - name: META_HOST
+        value: cic-meta-server
+      - name: META_PORT
+        value: "80"
+      - name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
+        value: privatekey.asc
+      - name: PGP_PUBLIC_KEY_FILE
+        value: publickeys.asc
+      - name: PGP_PASSPHRASE
+        value: queenmarlena # TODO move to secret
+      - name: REDIS_HOST
+        value: redis-master
+      - name: REDIS_PORT
+        value: "6379"
+      - name: TOKEN_SYMBOL
+        value: "GFT"
+      - name: USER_USSD_HOST
+        value: cic-user-ussd-svc 
+      - name: USER_USSD_PORT
+        value: "80"
+      - name: KEYSTORE_FILE_PATH
+        value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
+    volumeMounts:
+    - mountPath: /tmp/src/keys
+      readOnly: true
+      name: pgp
+    - moutPath: /root/out
+      name: out-dir
+  volumes:
+  - name: out-dir
+    emptyDir: {}
+  - name: pgp
+    configMap:
+      name: pgp-meta-test
+  restartPolicy: Never 

kubernetes/contract-migration/data-seeding-pod.yaml

@@ -0,0 +1,127 @@
+# https://kubernetes.io/docs/concepts/workloads/pods/
+apiVersion: v1
+kind: Pod
+metadata:
+  name: data-seeding 
+  namespace: grassroots
+  labels:
+    app: data-seeding 
+    group: cic
+spec:
+  imagePullSecrets: 
+  - name: gitlab-grassroots-registry
+  containers:
+  - name: data-seeding 
+    image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
+    command: ["sleep", "360000"]
+    resources:
+      requests:
+        cpu: 50m
+        memory: 200Mi
+      limits:
+        cpu: 100m
+        memory: 400Mi
+    env:
+      - name: DATABASE_USER
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_USER
+      - name: DATABASE_HOST
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_HOST
+      - name: DATABASE_PORT
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_PORT
+      - name: DATABASE_ENGINE
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_ENGINE
+      - name: DATABASE_DRIVER
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_DRIVER
+      - name: DATABASE_PASSWORD
+        valueFrom:
+          configMapKeyRef:
+            name: postgresql-conn-common
+            key: DATABASE_PASSWORD
+      - name: CELERY_BROKER_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_BROKER_URL
+      - name: CELERY_RESULT_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_RESULT_URL
+      - name: ETH_PROVIDER
+        value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
+      - name: CIC_REGISTRY_ADDRESS
+        valueFrom:
+          configMapKeyRef:
+            name: contract-migration-output
+            key: CIC_REGISTRY_ADDRESS
+      - name: CIC_TRUST_ADDRESS
+        valueFrom:
+          configMapKeyRef:
+            name: contract-migration-output
+            key: CIC_TRUST_ADDRESS
+      - name: CELERY_BROKER_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_BROKER_URL
+      - name: CELERY_RESULT_URL
+        valueFrom:
+          configMapKeyRef:
+            name: redis-conn-common
+            key: CELERY_RESULT_URL
+      - name: DATABASE_NAME
+        value: cic_eth
+      - name: META_URL
+        value: http://cic-meta-server:80
+      - name: META_HOST
+        value: cic-meta-server
+      - name: META_PORT
+        value: "80"
+      - name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
+        value: privatekey.asc
+      - name: PGP_PUBLIC_KEY_FILE
+        value: publickeys.asc
+      - name: PGP_PASSPHRASE
+        value: queenmarlena # TODO move to secret
+      - name: REDIS_HOST
+        value: redis-master
+      - name: REDIS_PORT
+        value: "6379"
+      - name: TOKEN_SYMBOL
+        value: "GFT"
+      - name: USER_USSD_HOST
+        value: cic-user-ussd-svc 
+      - name: USER_USSD_PORT
+        value: "80"
+      - name: KEYSTORE_FILE_PATH
+        value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
+      - name: PGP_EXPORTS_DIR
+        value: /tmp/src/keys
+      - name: OUT_DIR
+        value: /root/out
+      - name: NUMBER_OF_USERS
+        value: "10"
+    volumeMounts:
+    - mountPath: /tmp/src/keys
+      readOnly: true
+      name: pgp
+  volumes:
+  - name: pgp
+    configMap:
+      name: pgp-meta-test
+  restartPolicy: Never 

kubernetes/eth-node/bloxberg-dev-validator.yaml

@@ -0,0 +1,83 @@
+# See https://github.com/openethereum/openethereum/issues/7288#issuecomment-393500569
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: bloxberg-validator
+  namespace: grassroots
+  labels:
+    app: bloxberg-validator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bloxberg-validator
+  serviceName: bloxberg-validator
+  template:
+    metadata:
+      labels:
+        app: bloxberg-validator
+        name: bloxberg-validator
+    spec:
+      terminationGracePeriodSeconds: 20
+      initContainers:
+      - name: data-permission-fix
+        image: busybox
+        command: ["/bin/sh", "-c"]
+        args: [ "cp -r /keys /keys-cp ; /bin/chown -R 1000:1000 /data /keys-cp" ]
+        securityContext:
+          runAsUser: 0
+        volumeMounts:
+        - name: bloxberg-keys
+          mountPath: /keys/Bloxberg
+        - name: bloxberg-keys-cp
+          mountPath: /keys-cp
+        - name: pv
+          mountPath: /data
+      containers:
+        - image: parity/parity:latest
+          name: parity
+          imagePullPolicy: IfNotPresent
+          args: ["--config=/config/config.toml",
+                "--keys-path=/keys-cp/keys", 
+                "--password=/secret/validator.pwd"]
+          ports:
+            - containerPort: 8547
+            - containerPort: 8548
+            - containerPort: 30303
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "120Mi"
+          volumeMounts:
+            - name: bloxberg-keys-cp
+              mountPath: /keys-cp/
+            - name: bloxberg-keys
+              mountPath: /keys/Bloxberg
+            - name: bloxberg-validator-config
+              mountPath: /config
+              readOnly: true
+            - name: bloxberg-validator-secret
+              mountPath: /secret
+              readOnly: true
+            - name: pv
+              mountPath: /data
+      volumes:
+        - name: bloxberg-keys-cp
+          emptyDir: {}
+        - name: bloxberg-validator-config
+          configMap:
+            name: bloxberg-validator-config
+            items:
+
+        - name: bloxberg-validator-secret
+          secret:
+            secretName: bloxberg-validator-secret
+        - name: bloxberg-keys
+          secret:
+            secretName: bloxberg-keys
+            defaultMode: 0755
+        - name: pv
+          persistentVolumeClaim:
+            claimName: bloxberg-validator
+---

kubernetes/eth-node/bloxberg-keys-sealedsecret.yaml

@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: bloxberg-keys
+  namespace: grassroots
+spec:
+  encryptedData:
+    UTC--2021-05-06T18-26-15Z--c083b446-591e-6a78-17ac-b8a99d92ad78: AgAOl4s5nOwdCRf46ufW23L0StYcDy+P81PtlIIsTCnpqAph7AHA/8Wa6QI6qwubUbryL9x+sfM09w6ESgdmWOAuqcLYqO8N3L538kpPWwO8I1/VSE3mv9f9SFYvT20XcVt7qWYa/BoQjt9KCQjIst5VB0qp4HjKjxWY5NWwrPv1x9r7rS+4NLWZ2FV4x+BhNB9aq3jYW+uyNoFnruFHBdKDjCSiX7HrBPEH9MNf5r+9+ND5EcMTk2Wc4WQIeDsiNcpetDkDPZx/Mz7OTwLH8EpYou80Mh/b70x5/VJgNzr5LeO5gGWVNwzgOlWVb+SaTuvnnDqzcCjXQpUqIbh7Eqy4g2ItEXvDE58EWmNqXUKPGflOGXuDT6pzwyCQfvjGGbfyQGH3nP1RFHBtm+DqtlqOcMm/qmg2AX2yGnzSJ2c3Qv+2en7Xakh6LUlHhcWxPaq9vGZOuoWKDHQOO+eDGGA6/Rm5yjZGXwTebYzoW1LZcx1ZvZl1d7AO1xt4aoFNP4/rbQPyYmKAFZmuIXz3bUSVQ3IgeKErRK35Gxx13HCb+8hWcKuXFsmEQJpaxUbFG4RWcdczrEjyYeiRs358h+YhZKYyWyeGq1SVPR0GIKCyzBBQ8cgvl4Vm6VtIMhzFWZproLLwNDjFgMoCBxz5k92uQpNlpHHS4PvQsvfSuPd0a6Iiizcm+aAxSp12B3PotAw4qTDDvY5vyfF2px0BG5YUqNNAZRzcRxNMiLqi/VKYuGBtyrCzN1vnE6bRVgFELj+dbESE096ukdPP6PEuCEpCngrdbOJSy4oS6KPmNg6gG0kgMFo8HrG2kdry632TG4vZIV8QHijuhD4CIN3WEoC7fXvn99GjY36uuRTWnseGhUxbOJWqiTgKJlaChikfSjZ/HfNeQ2f/1Pb1k7enoSFIQsiYKdMcEsuVVV6WoM7re/gm8RAXXUrz2s+rnu0VyVRxC2jpWD0r7jfneYWwgMqS8FDrraa1zUsA8wm9rA7O4fuK9ZWMhyO7JkQOzzBpN0lp7pNkyoyqgqLJNIqjH4Nhb9w3Ijx7Ajfzj2tCYxTvlLX4WyiVWUG40nSenrEoIaxYhpwNZ4+wvdCEBX3JmfSNZ6uuCn1rTb5w3Eqo0+ddFo1hbsxKF0DUTTaYZlzR6+yUSv2HpqqP2K9j83bJB+8go0WySiz0+sUdj8YLBdld/MaWocFTuewC52l1joapMsnNcvBouETwe0jHpvTBcve1TymVlzQl7s8/lpLxp8/iphqCwkvykDehV7J18VTH+zvPBL094WTkPJLv0NWsAEeUnHApjXgyzWY5PLZboL0OW4fCfU8NwlU2r8zryd6txQKeAgzyYghKvUuJ5gOs9U+fw5rdLc16xUA3QQ5qO/2zzC+XmvscQ7Fk
+  template:
+    metadata:
+      creationTimestamp: null
+      name: bloxberg-keys
+      namespace: grassroots
+

kubernetes/eth-node/bloxberg-validator-miner-configMap.yaml

@@ -0,0 +1,250 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bloxberg-validator-config
+  namespace: grassroots
+data:
+  config.toml: |
+    [parity]
+    base_path = "/data"
+    chain = "/config/bloxberg.json"
+
+    [network]
+    port = 30303
+    # reserved_peers = "/config/bootnodes.txt"
+    nat = "none"
+    discovery = false
+
+    [rpc]
+    port = 8547
+    apis = ["all"]
+    interface = "all"
+    cors = ["*"]
+
+    [websockets]
+    disable = false
+    port = 8548
+    apis = ["all"]
+    interface = "all"
+    origins = ["*"]
+    
+    [mining]
+    #CHANGE ENGINE SIGNER TO VALIDATOR ADDRESS
+    engine_signer = "0x494cc42e63f076ff7bc81043ff310255a527b377"
+    reseal_on_txs = "none"
+    force_sealing = true
+    min_gas_price = 1000000
+    gas_floor_target = "10000000"
+
+    [footprint]
+    tracing = "off"
+
+    [misc]
+    # Logging pattern (`<module>=<level>`, e.g. `own_tx=trace`).
+    logging = "miner=trace,own_tx=trace"
+
+    #bootnodes.txt: |
+    #MPDL Bootnode and Authority
+    # enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@141.5.98.231:30304
+    # enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@130.183.206.234:30304
+    # enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@141.5.98.231:30303
+    # enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@130.183.206.234:30303
+    # #GeorgiaTech
+    # enode://4d9e6925ef3a92315283a655e856aa29dd516172c4f38d2a8fcd58c233a2cd80c57b507fed3bf351b1ac0611e8c7fefd6fb1c49de2d0d15eb1816d43629ac4ba@3.14.148.213:30303
+    # #CMU
+    # enode://ce0154eb13c1c038017151dd1ff4d736178ffedc33f5e11fe694c247eb09279886d253c3c775486eb709a65057901e2788098f991c58e6ad26ff957a8f45253e@128.2.25.89:30303
+    # #UCL
+    # enode://e41a38d659f13d47f3d88c5178e0cfe97487d3568000b85ae3a4abbcc35404d2628cee8a7e9071b63802542bafd886447ecf1d02fc663be0534779094a3e4fd1@128.16.12.165:30303
+    # #Sarajevo
+    # enode://6959137e1c66384e82ce6d9ba7e09bb0e56817f4834416448b98f646a335168c2967760a1daa5e3ec5ac2a3401be1cd05927568cdebf49c25d4770f5bb8fbfd7@195.222.43.21:30303
+    # #Zurich
+    # enode://6173beaabd1a82d41e3615da2a755e99f3bd53e04737e2ae2f02a004c42445d8dfd1d87aadfafabc4c45a1df2a80f359ab628c93522d1dac70690a9689912bbc@129.132.178.74:30303
+    # #Internet Security
+    # enode://bc50cf41d29f346f43f84ee7d03b21cd2d4176cd759cd0d26ce04c16448d4c8611c4eab4c5543e29075c758c0afc2fd6743fa38f48dc0ed1f016efbb5c5a7654@194.94.127.78:30303
+  
+  bloxberg.json: |
+    {
+      "name": "Bloxberg",
+      "engine": {
+        "authorityRound": {
+          "params": {
+            "maximumUncleCountTransition": 5006743,
+            "maximumUncleCount": 0,
+            "stepDuration": "5",
+            "validators": {
+              "list": ["0x494cc42e63f076ff7bc81043ff310255a527b377"]
+            }
+          }
+        }
+      },
+      "params": {
+        "gasLimitBoundDivisor": "0x400",
+        "maximumExtraDataSize": "0x20",
+        "minGasLimit": "0x7A1200",
+        "networkID": "0x2324",
+
+        "eip140Transition": "0x0",
+        "eip211Transition": "0x0",
+        "eip214Transition": "0x0",
+        "eip658Transition": "0x0",
+
+        "eip145Transition": 5006743,
+        "eip1014Transition": 5006743,
+        "eip1052Transition": 5006743,
+
+        "eip1283Transition": 5006743,
+        "eip1344Transition": 5006743,
+        "eip1706Transition": 5006743,
+        "eip1884Transition": 5006743,
+        "eip2028Transition": 5006743
+      },
+      "genesis": {
+        "seal": {
+          "authorityRound": {
+            "step": "0x0",
+            "signature": "0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+          }
+        },
+        "difficulty": "0x20000",
+        "gasLimit": "0x7A1200"
+      },
+      "accounts": {
+        "0x0000000000000000000000000000000000000001": {
+          "balance": "1",
+          "builtin": {
+            "name": "ecrecover",
+            "pricing": {
+              "linear": {
+                "base": 3000,
+                "word": 0
+              }
+            }
+          }
+        },
+        "0x0000000000000000000000000000000000000002": {
+          "balance": "1",
+          "builtin": {
+            "name": "sha256",
+            "pricing": {
+              "linear": {
+                "base": 60,
+                "word": 12
+              }
+            }
+          }
+        },
+        "0x0000000000000000000000000000000000000003": {
+          "balance": "1",
+          "builtin": {
+            "name": "ripemd160",
+            "pricing": {
+              "linear": {
+                "base": 600,
+                "word": 120
+              }
+            }
+          }
+        },
+        "0x0000000000000000000000000000000000000004": {
+          "balance": "1",
+          "builtin": {
+            "name": "identity",
+            "pricing": {
+              "linear": {
+                "base": 15,
+                "word": 3
+              }
+            }
+          }
+        },
+        "0x0000000000000000000000000000000000000005": {
+          "builtin": {
+            "name": "modexp",
+            "activate_at": 0,
+            "pricing": {
+              "modexp": {
+                "divisor": 20
+              }
+            }
+          }
+        },
+        "0x0000000000000000000000000000000000000006": {
+          "builtin": {
+            "name": "alt_bn128_add",
+            "activate_at": 0,
+            "pricing": {
+              "alt_bn128_const_operations": {
+                "price": 500
+              }
+            }
+          }
+        },
+        "0000000000000000000000000000000000000007": {
+          "builtin": {
+            "name": "alt_bn128_mul",
+            "pricing": {
+              "0": {
+                "price": {
+                  "alt_bn128_const_operations": {
+                    "price": 40000
+                  }
+                }
+              },
+              "5006743": {
+                "info": "Istanbul HF",
+                "price": {
+                  "alt_bn128_const_operations": {
+                    "price": 6000
+                  }
+                }
+              }
+            }
+          }
+        },
+        "0000000000000000000000000000000000000008": {
+          "builtin": {
+            "name": "alt_bn128_pairing",
+            "pricing": {
+              "0": {
+                "price": {
+                  "alt_bn128_pairing": {
+                    "base": 100000,
+                    "pair": 80000
+                  }
+                }
+              },
+              "5006743": {
+                "info": "Istanbul HF",
+                "price": {
+                  "alt_bn128_pairing": {
+                    "base": 45000,
+                    "pair": 34000
+                  }
+                }
+              }
+            }
+          }
+        },
+        "0x0000000000000000000000000000000000000009": {
+          "builtin": {
+            "name": "blake2_f",
+            "pricing": {
+              "5006743": {
+                "info": "Istanbul HF",
+                "price": {
+                  "blake2_f": {
+                    "gas_per_round": 1
+                  }
+                }
+              }
+            }
+          }
+        },
+        "0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C": {
+          "balance": "102000000000000000000000000000000"
+        }
+      }
+    }
+
+

kubernetes/eth-node/bloxberg-validator-pvc.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: bloxberg-validator
+  namespace: grassroots
+  labels:
+    app: bloxberg-validator
+spec:
+  storageClassName: do-block-storage
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi

kubernetes/eth-node/bloxberg-validator-sealedsecret.yaml

@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: bloxberg-validator-secret
+  namespace: grassroots
+spec:
+  encryptedData:
+    validator.pwd: AgAu6Seh37ELi6AXKetNOGMZpOrzkjukS6FLCGJTzF8jsIlgoCMbZ3krLfDoJqmbidNJRxmGtHbsjHwwfCNdqkOoPDBMKdRGzPD62zro5a8Spw2hr6VtEY/dA/sRswKfwMTCgHxG7eF3SVAOwZ/kqNMSMCJWhxtFDjcwdi2F4S33lR+3Otw7Bbc5dBRSEA7UvC6DRfasx1Tmd4Tcw19W3tRtqG6CM6HgIfmACYLgQucMOZDr5MZK/MzvOngrLc4wLHTO5ilmrdZFWfpX+KhGpYPDS8sUrKjrGTfHpCHpuzdX+Q6wgfVWxK/8X3bCryG+BB4zY4FR+ETpIlaSd4RXCpVVUYdZYXi8OURFAyf/+hCEDucOFpkqSTOATu0bzU5o0Jvpx9XiGOsjYv0GfYpIoc+6Ii9pV9J4EJMxRDKgGJXfFSZPmNJuDU/0Xx+FeKk8/8f7p0C1M12CqBk/XxqveNJTiMC3cfdCULsUKYSmEbxbXjz46RIcTvsu9I3Tc2spgHpagmUnl05MnlWBswV0kQkjy1tfkO3emqzfNWLZeTN5H7B2/vmewdq/3VTROnx9IRG0fRIpkOEPWgzO9MlNfM/ltBRRhyhmbFS1wNWJqxG8IiSVLzegKC33boknmqGP+qI1nQGZ08GFWUNZMhQmRHQCQj/H5rPtzxDzNQtGM0S4ZbZjmuv4M50IM06vJvsVrps1sETbiIt7ojg=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: bloxberg-validator-secret
+      namespace: grassroots
+

kubernetes/eth-node/bloxberg-validator-svc.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: bloxberg-validator
+  namespace: grassroots
+spec:
+  selector:
+    app: bloxberg-validator
+  ports:
+    - name: eth-net
+      port: 30303
+      protocol: TCP
+    - name: rpc #TODO change to rpc
+      port: 8547
+      protocol: TCP
+    - name: websocket # TODO change to websocket
+      port: 8548
+      protocol: TCP

kubernetes/gitlab-internal-integration-registry-sealedsecret-flux.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: gitlab-internal-integration-registry
+  namespace: kube-system
+spec:
+  encryptedData:
+    .dockerconfigjson: AgBBXZyqqPhVZ53L4avFRFQxUmH7pw+fqFQap/4tK+anHhnrbb5sBSPSBJsB4mKzmmdVpaKgrjteFLaDcukWBVLQTB8b3MOKbXB42batIy+7ev0+vpARXUDiBuqw/Suaatqi10D4X6sV+COxXEOgxtZpD9OAiTtUVXWIOHRnenWZztLjtr/LvRJFtBTYuXyj1dFo1HZ8kjDufPjE6K5rVgZNNkudKmk5tAYrIxiE7PTPyRrJ/eO6ybVqtRtahv0sXjTGWTLlUS0OksJbinprCp8mAUFddUxdo+6rX5AIUHqmIupE0KyRyNio4WB/Kkg4zsOPh96C6Gtd1NgjrCwibDxBDUIgKbWVK9b3LQ80FHSmdUC1vQfxplTt+G0zchiaP/HTHjXfrMy5f5w0k6gP5dTLL58/FJtUUF4O1CWqkr9tsPhKtvEAA1t9EIHUYGxsY7fIsUTmZe6vLT5KGD6sbjBFD2I6IHxQsKlzYwO5GBC2OGYQbbmFJZNyVVWShnEMZFRWnx283O9LewM64euJKJ5EVnuLFNOSrrljRS5gJgjS1IwyL3JqG6fzANqBfj+J8Vv3NOEkcNB2j4/1a3DIpqh2gO/ObnQn3TEtbYGCmiLtbv3S8Jx1J/Wvnz3PzwrfxoV6wxPF3qofQkALQWh5jQcj+gG/K30raYOxGFBXCAl7Ms6xmbn6wgsXy8sABXGAQsuvPie8422KeZ1J3nd3DUfzMUeGNy2clDVgDTvfttmPlPeS4RdQCQZ9tbos8TsJIKWlHGRy+77cXmqvA+QYNvmUk5CAPaGL0gWktChvdRz8VHC736OXQzEN6kKFZKNzEo0xYjRUgMCuzy0c10mE4C59FyqQi9wjqmukzaUh2lCMgxXpueGNZQHDBT6pZYlO7gYDtkgq7eyVXhcHW2xVhYh8yaQMDANAhSad6oGEqmf812tgpCq8sM4zWysX6bU+7MPRkWXTcRPJh6EtTrw2wMED8Op0pQ==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: gitlab-internal-integration-registry
+      namespace: kube-system
+    type: kubernetes.io/dockerconfigjson
+

kubernetes/grassroots-ingress.yaml

@@ -0,0 +1,129 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grassroots-ingress
+  namespace: grassroots
+  annotations:  
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
+    nginx.ingress.kubernetes.io/cors-allow-origin: "*"
+    nginx.ingress.kubernetes.io/cors-allow-headers: "x-cic-automerge, authorization, content-type"
+spec:
+  tls:
+  - hosts:
+    - meta-auth.dev.grassrootseconomics.net
+    - meta.dev.grassrootseconomics.net
+    - user.dev.grassrootseconomics.net
+    - ussd.dev.grassrootseconomics.net
+    - ussd-auth.dev.grassrootseconomics.net
+    - cache.dev.grassrootseconomics.net
+    - dev.grassrootseconomics.net
+    - cicada.dev.grassrootseconomics.net
+    - bloxberg-rpc.dev.grassrootseconomics.net
+    - bloxberg-ws.dev.grassrootseconomics.net
+    secretName: dev-grassrootseconomics-net-tls
+  rules:
+  - host: cicada.dev.grassrootseconomics.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: cic-staff-client 
+            port: 
+              name: http 
+  - host: dev.grassrootseconomics.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: key-server 
+            port: 
+              name: http 
+  - host: meta.dev.grassrootseconomics.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: cic-meta-server 
+            port:
+              name: http 
+  - host: meta-auth.dev.grassrootseconomics.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: cic-auth-proxy-meta
+            port: 
+              name: http
+  - host: user.dev.grassrootseconomics.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: cic-user-server-svc
+            port: 
+              name: server
+  - host: ussd.dev.grassrootseconomics.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: cic-user-ussd-svc
+            port: 
+              name: server
+  - host: ussd-auth.dev.grassrootseconomics.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: cic-auth-proxy-ussd
+            port: 
+              name: http 
+  - host: cache.dev.grassrootseconomics.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: cic-cache-svc
+            port: 
+              name: server
+  - host: bloxberg-rpc.dev.grassrootseconomics.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: bloxberg-validator
+            port: 
+              name: rpc
+  - host: bloxberg-ws.dev.grassrootseconomics.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: bloxberg-validator
+            port: 
+              name: websocket

kubernetes/key-server/key-server-pod.yaml

@@ -0,0 +1,57 @@
+# https://kubernetes.io/docs/concepts/workloads/pods/
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "key-server"
+  namespace: grassroots 
+  labels:
+    app: "key-server"
+spec:
+  imagePullSecrets:
+    - name: grassroots-registry-dev
+  containers:
+  - name: key-server 
+    image: registry.gitlab.com/grassrootseconomics/devops/key-server:latest
+    resources:
+      limits:
+        cpu: 100m
+        memory: 200Mi
+      requests:
+        cpu: 50m
+        memory: 100Mi
+    ports:
+    - containerPort: 8080
+      name:  http
+    - containerPort: 8081
+      name: http-internal
+    volumeMounts:
+    - name: pgp-meta-test
+      mountPath: "/etc/nginx/html/"
+  volumes:
+  - name: pgp-meta-test 
+    configMap:
+      name: pgp-meta-test
+      items:
+      - key: publickeys.asc
+        path: publickeys/index.html
+      - key: signature.asc
+        path: signature/index.html
+---
+# https://kubernetes.io/docs/concepts/services-networking/service/
+apiVersion: v1
+kind: Service
+metadata:
+  name: key-server 
+  namespace: grassroots 
+spec:
+  selector:
+    app: key-server 
+  type: ClusterIP
+  ports:
+  - name: http 
+    protocol: TCP
+    port: 8080
+    targetPort: 8080 
+  - name: http-internal
+    port: 8081
+    targetPort: 8081

kubernetes/kustomization.yaml

@@ -0,0 +1,2 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization

kubernetes/pgp-meta-test-configmap.yaml

@@ -0,0 +1,260 @@
+apiVersion: v1
+data:
+  privatekey.asc: |
+    -----BEGIN PGP PRIVATE KEY BLOCK-----
+
+    lQWGBGCufzABDADb+aeREhuVWeqoWyeGosQeDypDnFFPlutXUtfEBMjp05gt+zhq
+    o0TCmS6U5XIRTsKimEQepvuZ6MmWznv9mhSEYFNHfJkrzoQSstw7YNbzMR8hhjqV
+    T9xaumSbOhxKXIdioZi8xk/z4PFxxCd8V16oS3+s6/n40f1aNaz4onB8ATNoRl3g
+    Qn+bn4FNOpQWGEI8zXqzFQduuXwDfBJ7ZuQYlh0o8vIowml3xcJjLlRz068nYRR5
+    yX1MTCJmxTC028Ep/EcIi5hgsnXqAMCweYCnMCAft+7a4lVSziNQc+4lhG4hQaIO
+    zNUcr3iPsyGEd3/PZi+AdGStX7nnHr34b/M59LGAvtoMEXi4z6UjMEoYDKdm9GJ8
+    0z5CFwElj28RgVilawDufluycmfmRTY5B+1Oq6ugN30xEjgPEoGKbZHwm9+9WRek
+    81YV7GhgwOO7UYbSK4rsgD/B+Cse7ADXD0o9DGvULYjvD5BpMG0jdRkFBTFFZ3UN
+    kb4UZtILMyPQA7cAEQEAAf4HAwIUu1QuUtT4sOClIovUmBqdEwQ4uzir883YkCQ+
+    p2zfZVNWjnMqWv2UnVVelumWlkLXFe5eYbYVfl+VN563xZremkZp1/pxUMeH48FT
+    M3xb2rTulthQLydwDftq1mTmcMaXKoeoHmbEqM7AtmVTN7NnsGYZ+2bmL6JYo54V
+    /C9dtc4ZLrVtHkJAI2TqxebpYEzBUFM+l0G6xUo8r5SaDWCU6WEtY5zD1m86b1yT
+    PZ0IyvfUEOCKE9zs+gG/CjTmYrZPnLIHTeFcLuexB4OJBnJ+n4P92PJlDXNkBmSp
+    fyGFykRtT6rgiBmW2mu6pA52Yn9sonrYREvxIUsk57ADvTFPWQxEan94QBKVb363
+    ADzOaluuxlD9y30P5FgJNQGoamPlfN8haMRCjHuWjfb3KVc1E+SaEHubF532/QxN
+    BtujSE1O4ieymilCBHdcBOazi5+89h1zwcj2QWo9+VKnYXqIWnmH4T94d64wkPht
+    4rCpyWlTsAWvJTUBpoeIyofTB3uRx+nogvLBJisdaahPOyGHxmj3ARwa43WH4xZj
+    rkkeCSd6bCtnTIHWrscYeNkmp+yg75uW30Rs5litKYZ/TwsYrHPOVHyDax0f/mOH
+    4L9Jy2pT68i6AON0H57oET+lNZmfWSi9nCvoJNYkbAYuApnQM75zwgZuvPed3uAN
+    NxlYaWxPhL7CzyVZYPdX5LdfN1sGK1nHE38G0k82NNkNJH7Bqz55ar2cLPxDWJjD
+    iso4mBO/9bEOTGrpfI7EhuuQIk6pML20yD1v/Pmrqkys58gxJ8GrLucv7b1J2mB2
+    b1wVxi8ftcttpSni6uDjUPRoEEAOAojyuwOfNcUhq07mvjPwg2JBCi4LJsRVL7jc
+    jKJBa73Ez9WvgkwbW1d5w9yDEdos6MBMHZQueKrWKhOiFnToAce3PSwUh4jx3tN6
+    eVKkBnc/r48Q5ZvJP4JfVqq9tmO55GeXp5UYQtSIHYwAKNpxt9OdGR8qNvgMO3xu
+    CCibusYv6Jis4QnnFUl+KsZZLk0afq7KvXdfvBs0QNfGzd5IdGFXXa7+hwlHaRG5
+    j8k3T/5DjzTdE59r7PA5l5aUcN+SamkhGNaJMm4TRSJBGwxUkvX3rSfinA8WCh19
+    8BSoFMWSYP18CEDsHqZKs9QgKTFx+KiYmh/nAcTZrSrgLWCz0Bzox097zUurwDs9
+    ZBtcZonVBnUOYX/YT1oqSVXJEpynZ5HfdkZ4l2jfp3ixMeuE4gJvELzOA2Y8FaM/
+    oDYt+Danj1bcKNcXWKOPyW7qL1LjiD1VC5oVlhUiw32YSLh4blP5SrHQTGyetLVi
+    TWaTh7z2Rhyf+PGpfnUWu2Hsp1V1WdfzArRMUXVlZW4gTWFybGVuYSAoU2hlIGlz
+    IHRoZSBxdWVlbiBhbmQgaXMgdHJ1c3RlZCkgPHF1ZWVubWFybGVuYUBncmV5c2N1
+    bGwuY29tPokBzgQTAQgAOBYhBMzi4dLQ42reBAXi0JlbshgWMTvVBQJgrn8wAhsD
+    BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJlbshgWMTvVLqQL/jnG2Y3ua7d9
+    CC83VFeOkMOVkZs1Vl4/2o9fsdo2Ji4YxaozKatboJubwpO3NjLaFYQx6+C/6btm
+    IZ5kFVBHxDB4sw8rKfkl56DqQMKXjAyWYLcC/UNcZdfV4w0+Woj+KgL1uh1bxpiU
+    My7NNnxvPzo2YGMrOg0xbjhwuPuXHv0bywrJS8kFnHEz2o75afHmwIZmmzZci4Fw
+    pFDYxOWszFRF7XcQu0tlJj/eRzr/T9eOlhtTOs5/Fjt007TNOjBBHsF9U3zkf1AX
+    xn3kxFcdgbdYXEMp2uSr+sMSFqSsnm9KAqwC+RU8iG2Sv9Ff5YnOvg7CfqymGGFi
+    eLvplMxpqdlOpywMrhpXqT/a54vqzxeJ3axTKkg/c3T4Gek0P0IAsM6nTWa43zVm
+    BKhkFNdP3TuTvqQFy4ZqLFDNHCk4SfNSYW1Dei+irvcysdFb6+ZDXAYNdk0N+Ajl
+    rwxcQSQaA6maufgcO/sA+b7e0JOMgM2Dr5LrND4Uz16zMGYgeQQp/p0FhgRgrn8w
+    AQwAtwZKgIDeylKFox3edzPBTS5ZF5Rs46Wp6e+OF1ecvfbQmPV8vHPZkLrNYTt5
+    UODKJJLJO5hopNgJigMHmAbrXqFSZB/XrkkwfuZ6yY3Fyxa7qaSeyEdDX0SH3533
+    EP7vDFryZEt5bO9g1aUbPeBYamSMfrkgGdj7M+ToERuvpVV2LhgBAJeAbnk+2a0S
+    /Jcx873mWax/TmFLz2yO2TZFT74iMC2CyQMLPbjq/r5gaMsMzRj20jJ4+matT88X
+    L4lr3JkytkWx5H9G+n0kuNXmq6GTklwMXyV7XIux9iUvqhr7+cSqJFniVbiGbWTo
+    zfBk/rJrCCcCN+zUh+iQUtVbw4WsrBvo7Po+urlw0bbf/BptOmhQ+bICAApxVR/F
+    0teNe82LaFHrRXcQOm/F4cJqMPtZvBz/iOJO+nqGDgRsgUR8gA48RZdRgYxS5ePR
+    bWEKUhlmtyju9162CP2c24FqBuUb+nYz0F3vnRhRC9n5MO7ZjtNFkQwl6O+wJ0UA
+    wnqdABEBAAH+BwMCtM/xijzS4N3gHy+0b+fuxTijqtNa/w4U3efhzEByB43uK465
+    i/mNLD/JaAcegWEdi1kAhxJchemlxtnNYyXo00KVFoEkU8nMCwfSbuXuVDTcRHUp
+    7ruHgI0s+71q1M/IfVrr43UxwWNzMAahJT2Nl3NDgRSU4lPRnDAhSEknw93J/6w4
+    DcvOZZjvmVsxA/95S8JqO4sdPnfv/aod1+UI8s03vN17WKlvMYU4OJnfGhkw3dfI
+    sC7JYF/l/VrZ+rRSLsMitMRqlNJndIR4h0ph8dg/LfIhOJK8h/41MPliw1w32qyN
+    m1d/fQgkLBi3dTgZPIxFEjH2povCErYmzOt/axHAp8o3Fhj4leXq8noTuX5aQ7MT
+    Ccp9xt5bQdpTkb2ZPCS28DrKqKHOFyK9NQJe37qzoDedF5HqDECo/bE7dnYb+xZc
+    Wa91CTdlzWrlVRPvQ0NhnxWoUuveG5ytVWpMScQIsqt13PL4H1pDaPG6I8kHrWjJ
+    BW+7iVafvb6rRQCQXs3ZX56X8syDZh+wVzXsiCpojWH8ydgpltr4AjN7iCMcsHqI
+    Gd+OOB9DOdAbZU2xbBQ74vQZS/hfrswMdSixeOYRFCtfNqCHRrifryPSG2po+OkB
+    AJ+JJECvIFxLZwgMxT4AH2fDP7ULa8IDj+5oIwziGuqX6qbQQsRiExvWOOP281M7
+    AaVcOjeEGgc+puNxM9PzwIZWHxETi7ks2QDJQHQqD+MxdkLztqAnR+ln+hZ/WAQD
+    197wu4WG6OSpjaw+khMSl2tAOKZzeyhZGanC3VhFe1Z9CzWmwSgeO6aOXejFTzeE
+    A2ZRD9QjvdIIFj0aaLshsFcF/inO9HHRlmJMYmue4PLJYJTBvs/N4/XWdWUhMWxG
+    YJTBp335WtGsuqCWVZPzJb5lkcdC8yUa4FO3Z/fmHT3tKZSrvwROa7YBqDkUfhuP
+    64/4n1TVXcgRMA4IgEJNYt5mVVgOb8o/0G13LqoByI9/V8sHrW0TTIZPblyaoFah
+    BfnWekdgWzeyYJWgm+IzqVAWOgrkQAzalFuZuBF0qoYb2SDdqohNw/erTcd3CM35
+    dgQozqFpKeT31HRVYOjA0ZyjBllY3EYTCU5mFtfH45Ao7d2C3lbRiHzXOxS0sF0+
+    fIDKZXHXAnt141Ni1vNrs+WxyfJ5yMZHEQ5R0o749I67rg9x3hXnwDUw+mzibBOx
+    U/7xxcuRe5PkITjk2EwjkZvrM4KEHsuVvRQF7cJ9AhqYFaVZKOBGAvKJ5OGaijaF
+    oiKNP1vIpmCvFHS2kD8mi8oMx786f8Tks6r9gCFq+nnSbFV3W2hzzwD6825V3wMB
+    d28RBBk8wtyD2G5mAWQNHISJAbYEGAEIACAWIQTM4uHS0ONq3gQF4tCZW7IYFjE7
+    1QUCYK5/MAIbDAAKCRCZW7IYFjE71fmOC/9zly33PS50gR6kcFtN8KBgfNcwd/Yz
+    ZzI8A2o5nAFhcHwWH/f25hGXxbh3hGoz8NaiGFFktiefaQ+9M2Usb15OSjTeKT6H
+    KoBxSkn641fkV77Ed+a0rGtOhrelKviqQJtS/5509LbIpiYPpfSEw0OwlHfY7ZeA
+    l3PCOZHkiyOwR/hmj2gbHpbSqxSJdWftTLMUDaCTzqfSkIjkB6pTgJkLPM4eUnTL
+    xFP4VckDhbnj1a92AjI0BoUVRlQUKDwhquDlP4XjOmRSRZh4Yi8cQh0MDN3SR72x
+    wP3953xYOYanABMcANqV0wPRm1tLXORT/kQDBVsDsYATS9a5Kt4QyF6FnR16rcK5
+    lAqXet1/O1rvVvaJDzXnzoQOa0ORgdFcti+2pdCbwNy3LY2LvJDl+I4PDGTqk32H
+    /HUuCprWkcZu2dLCP0TeEVRg95wyCFc4C0G1eL6yeIKcH/l6Dp5ToLfqpaIt6LXL
+    HpfJD0o0eOq46T+IQlOFsqLmeqZTM7wRlwM=
+    =8eSx
+    -----END PGP PRIVATE KEY BLOCK-----
+  publickeys.asc: |
+    -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+    mQGNBF+hSOgBDACpkPQEjADjnQtjmAsdPYpx5N+OMJBYj1DAoIYsDtV6vbcBJQt9
+    4Om3xl7RBhv9m2oLgzPsiRwjCEFRWyNSu0BUp5CFjcXfm0S4K2egx4erFnTnSSC9
+    S6tmVNrVNEXvScE6sKAnmJ7JNX1ExJuEiWPbUDRWJ1hoI9+AR+8EONeJRLo/j0Np
+    +S4IFDn0PsxdT+SB0GY0z2cEgjvjoPr4lW9IAb8Ft9TDYp+mOzejn1Fg7CuIrlBR
+    SAv+sj7bVQw15dh1SpbwtS5xxubCa8ExEGI4ByXmeXdR0KZJ+EA5ksO0iSsQ/6ip
+    SOdSg+i0niOClFNm1P/OhbUsYAxCUfiX654FMn2zoxVBEjJ3e7l0pH7ktodaxEct
+    PofQLBA9LSDUIejqJsU0npw/DHDD2uvxG+/A6lgV9L8ETlvgp8RzeOCf2bHuiKYY
+    z87txvkFwsXgU1+TZxbk+mtCBbngsVPLNarY/KGkVJL+yhcHRD0Pl4wXUd6auQuY
+    6vQ9AuKiCT1We2sAEQEAAbQeTWVyIE1hbiA8bWVybWFuQGdyZXlza3VsbC5jb20+
+    iQHUBBMBCAA+FiEE8/r2aOgu9RJNUYe67yb0aCND9pIFAl+hSOgCGwMFCQPCZwAF
+    CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ7yb0aCND9pLwiwwAhFJbAyUK05TJ
+    KfDz81757N472STtB8sfr0auwmRr8Zs1utHRVM0b/jkjTuo4uJNr7YVVKTKgE7+r
+    J+pwhm3wlTQ44LVLjByWAi/7NWg3E9b2elm+qkfgm/RfFt3vkuOxGSyZyIFFh+/t
+    wv6iABPvr6w7MZwrFaS0UP3g1VGa5TFqg6KNxod9H/gPLxv45lutXf3VvBZTJpr1
+    pxn7aLHlFzEyIgNZbP/N1QF44GSrN/k0DfL631sZjauUXaZXbi5xGsKKCYwJ1g3q
+    587pi6mTdTV3n0hKgVuipO8hGy5++YeOv+hXsCxDwyZ+Shv+qavd/SapxYgCdEue
+    uwONIFfsIsWCd3SCcjKXicTTEFMu8nvBmf7xuo2hv6vEOxoijlXV+4LkGrskdB8Z
+    Mg8PywEx6DLmDokgnAhTLrTc1ShbkOtQ3yNjjyFK7BDpqobsJal6d8SpbhccUJLe
+    paSmsk0CgJsTjhAl6EwX0EYgTo3kP5fScqrbD8VwQaT8CcE4rCV4uQGNBF+hSOgB
+    DADHtpTT1k4x+6FN5OeURpKAaIsoPHghkJ2lb6yWmESCa+DaR6GXAKlbd0L9UMcX
+    LqnaCn4SpZvbf8hP4fJRgWdRl5uVN/rmyVbZLUVjM8NcVdFRIrTsNyu4mLBmydc3
+    iA/90sCTEOj9e7DSvxLmmLFjpwM5xXLd6z0l6+9G+woNmARXVS3V/RryFntyKC3A
+    TCqVlJoQBG45Tj2gMIunpadTJXWmdioooeGW3sLeUv5MM98mSB4SjKRlJqGPNjx5
+    lO6MmJbZeXZ/L/aO6EsXUQD2h82Wphll4rpGYWPiHTCYqZYiqNYr6E3xUpzcvWVp
+    3uCYVJWP6Ds117p7BoyKVz00yxC9ledF3eppktZWqFVowCMihQE3676L3DDTZsnJ
+    f1/8xKUh5U2Mj3lBvjlvCECKi00qo8b1mn/OklQjJ5T4WzTrH6X+/zpez8ZkmtcO
+    ayHdUKD/64roZ9dXbXG/hp5A+UWj8oSVYKg2QNAwAnZ+aiZ2KVRE/Y61DCgFg6Cc
+    x/cAEQEAAYkBvAQYAQgAJhYhBPP69mjoLvUSTVGHuu8m9GgjQ/aSBQJfoUjoAhsM
+    BQkDwmcAAAoJEO8m9GgjQ/aSIPcL/3jqL2A2SmC+s0BO4vMPEfCpa2gZ/vo1azzj
+    UieZu5WhIxb5ik0V6T75EW5F0OeZj9qXI06gW+IM8+C6ImUgaR3l47UjBiBPq+uK
+    O9QuT/nOtbSs2dXoTNCLMQN7MlrdUBix+lnqZZGSDgh6n/uVyAYw8Sh4c3/3thHU
+    iR7xzVKGxAKDT8LoVjhHshTzYuQq8MqlfvwVI4eESLaryQ+Y+j5+VLDzSLgPAnnI
+    qF/ui2JQjefJxm/VLoYNaPAGdqoz/u/R0Tmz94bZUfLjgQaDoUpnxYywK2JGlf3m
+    PZ3PNWjxJzuQTF5Ge5bz/TylnRYIyBT7KD7oaKHO62fhDbYPJ4f94iZN4B6nnTAe
+    P34zFDlkUbX4AHudXU7bvxT5OUk9x9c2tj7xwxQHaEhq2+JsYW0EVw27RLhbymnB
+    fLjVVUktNF0nQGvU2TEocw4pr2ZkDHQkSnlbNa4kujlL7VzbpnEgyOmi5er9GaIu
+    VSVADovBu+pz/Ov1y/3jUe8hZ/KleZkBjQRfoUkaAQwA2r2HiLvpnclyZMoeck1L
+    FoVyEU/CjPcYWF1B76ekO9mrlYvbKsnsyL0WcuEqwCmHdLk70i743Fn21WQK4uvv
+    lvrEpev9aj9DihyLctv4qrPm6wAU/Xibf75tg1iRL+muMQfv6hQhjdhwkYFx/7XQ
+    6UWkEibqFS7xJwrhz9lHL4KTA4sO5PeW713+mpz7tM5RmGV6NOQAyEEfAv6OawlW
+    k0f5o8xngIoyo2BS5qIeEBO+iz45+GG8GQC6XufOIx7VVl++ZpsxZKtDq/AXfAsk
+    xfLRwZMqH9Db5pPMzrL1bPV16AwoWqhAGd2HIMkODLEC5XTGIKCqO5+n288rHhAJ
+    TqFmE7TpAo+Eb0Tkk4jfm6LyRonmQGpu/Zxa53n5D6d+AgYWAMeHkEthWJkES4mK
+    pZu4nV21+n9mynnPg8wzthL705Q6IBjtlxX8EP6eeRFE1BUCNp2RZttTSdI+8iwz
+    YsGOJdJeeXeLOGhvU9/PLkRj9jgZLgCLAo1QGo2oxetZABEBAAG0IkJlYXN0IE1h
+    biA8YmVhc3RtYW5AZ3JleXNrdWxsLmNvbT6JAdQEEwEIAD4WIQT2ReBH7lvE4oJM
+    lNtC3JHPqKugKwUCX6FJGgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
+    gAAKCRBC3JHPqKugK25hC/9VF1fekj0IKnrOJRUcK/Cv4RBowl60V91w27ApsoP2
+    awEJiFhY7qRijtkA3NKrT3tke7aTnC3yAJ8SFOmvIAC94ijb7Iv97xkG+1IIz8pv
+    ru9y+dzd2NnvCkts8gFF0CI/xtEME90rU3Pay9B5IyrpP++UdmSmnp3Neuwi94BZ
+    DfMlqkeiYOzWWSeYbmSSVfKTXeBdUuTyfRI4m/bPbh6gegOB/XdgSIrNY74D0nR3
+    np0I+s0IGZepK24kgBKfUPwRDk7f98PXCh29iL3xH+TBxu30WHq7xKmPoXxCRyFL
+    tnKF0MN5Ib276fHnJZM+hXf5i/1EPi4NLnk86e7fNI69hwiUd1msEt3VmZWe7anJ
+    e/1p3sSXwbQGhhGWM5K41/rQ1CZ9qD95d6wkHRSc0n4z78qxgYV73yJHinN8xIFn
+    PWbopPPIJbELSoM3IEpHobsj95pH4hzZAPSmDfOfLzV1G2ec1QPfWnTqUriUt7ed
+    Ds4//7Cczj6sRh2B6ax2diC5AY0EX6FJGgEMAMqxn5io6fWKnMz8h5THqp4gEzDu
+    oImapfMKbAKcxEtJmcLkvn+4ufEP/hcll66InqJHsqMOrdb+zbduCruYWpizhqCI
+    GSsuRu7+ZEEkQFmF5juCOV/5qKQJgZZmxSKbRtboapMRR/jmg1pvhnUG7wJOGWi7
+    qv+iRdsWKskDO7tUQE34+ID7IwfDZe2fbFKxf66nPlUunF8aMglsvGmtCEzm/xwj
+    unHnmoqZBQIzTdEXIaEwhVosbgY7A1iwOJ/gT2dcF2KJa7tygrtcbgdVzYCibynw
+    tlvDGXukweuYLQFsObyBG3UHRhJg61p7n344sy1U9uwCP3/pVCr9bNY9mLZpCgHF
+    kqxErmB8cWouQkbwnqxQFm21KtGFzjUawuKBXVtDEeA8C5Ha0sx7lw5JrX8GD3EL
+    60qKWjqujJsR1kyijXx1No7Xr9NWWuPoIDYH06ZoYE+j065VTRqZIGr3NjUZnqT7
+    s9M41roQMnKAzRBXousRXRW9dXfS5YIG4nWTlwARAQABiQG8BBgBCAAmFiEE9kXg
+    R+5bxOKCTJTbQtyRz6iroCsFAl+hSRoCGwwFCQPCZwAACgkQQtyRz6iroCt8igwA
+    gopqy+UgxJ7oTL2zvOgL1ez7bv+E/U1/7Rdy5MHwr4WF6oZRpIBlgv3GXXeIFH9b
+    FdDhgyPKgh+Tz24JBL+7YjUtWGe/G/pmmNK1YazB/OxrwiGFpTCyk1zhxEkhMu7H
+    u3LgD571K+4TUUpaPCqEeoBBg6O3T29DH1AxpWpEPGXlOrRDHYgVziEpLdUNahAj
+    F53auNWvya+Vc2qZwM4NFt608LLf7J5yIA2vbsvf6+gVopPE3whXESKXo08B2hC1
+    f3Pr9/Tgt6oIvy9/dAcTMalxRyyc42E2wX5kyzDlfhY9kqaNNfaGMZJO5g//gB7B
+    dtrAfo/LhWtary/YfAOtbbnMYkf+HODAPZItaIjMZngBM0c0m78YoCetAQE8uBFK
+    6aXmht3BZGPOwgyZpK5QT6ClYst2N9ca3tPUEfnddotKySmCEk/JWtu5/0lFl75W
+    zHulc7iUNGJmnUffVZyH12CjBWsTtqombHDkdEKFocavqpVcCCbKbtW5GZhuZC65
+    mQGNBF+hSUIBDADStlWquV7SdREZtxXBVVzdCkV1xkeHYfo2Z244W0LTwmvpbO+o
+    6P5GCAW2c336qWElsMO9ujeV2nuUZy3k3AtJLx19iWC+ywYVzJ8f878XAxq0ya1V
+    BBnfsBc7iRI3umf2JSi+fHXf9l+rJ8Zr5AkLrUo3tQoxX8xWQIfUVY481nlkOvuM
+    txEI6h1t+z7PWjAJsdKKdevRPApPIBGXX0iGE/98ATsLYtvh9ln26j1SrSdtKpPk
+    tuYve3zkphlZAdf5ReViicik6gpEdyEfIxNab6nyV8LTbSeCHe+6/cz+AEqA+cr3
+    K3MwriaapPzNhRV8izzGnIWChIZptGBKH5nLivfIAB/hbOgU6tM+YgUKrpJCXXA1
+    My2q68o2kARJxh6s0tuuT6pFEAG9RmzS3ywrPz4PAgkwrJA1uUa9fy9ngkOnQN3C
+    EeVQTUU55b+6zVhW1Qq8PII6AGqj1lSY9jLpjxEr3q227OlTaxfgg19x5o9rcycc
+    AZlQqzL2p3Z7HZ0AEQEAAbQcSGUgTWFuIDxoZW1hbkBncmV5c2t1bGwuY29tPokB
+    1AQTAQgAPhYhBIYPcR68MZb6cOhv9wDz8yhlQWZrBQJfoUlCAhsDBQkDwmcABQsJ
+    CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEADz8yhlQWZrD0YMAJp6WkrSzghIgrGm
+    EquhUPu4n8dnaGraGxu1Om9Z6HrUvphBvm/yZMlZxYbsQRvd8DUCuQD7fScBS12W
+    X3AYe001REfAbj0kDAdDQ0Z8sFCeCDSBJ9ulX07FzTHH0qROcSv6NONjGYVeTFic
+    L2W0rATygnFzzjjSGboMq1qA8u6/5JNM7MAxJcIS0Dr8Fhdwv8TwTJrVg6ZzJDHN
+    8OVAUkPaciQI5lDDP5+kOVqbZZ92Ua8byxKtNACCdSsWZr2OvYyjUz4JKMp5X6yH
+    bDQB3vlwRkRS7Voo3pUGsdLwiBWiryklSa++DIbBemrALFLc5YnLgfCV0frPOEqs
+    dDwWECRxwN4r+2DjY6TYCEEDfhM2Hm7MoMx/jM4uhI4KwPdOKmHsBPVBeXqBRXz3
+    2NMMZg6to0HRjDapR8AkbfdC5vjiuwnDA6llmxnVtx2oPX3g8RVOIw65f8KfWzWS
+    fzEqhoKTccsHMMza8J1ax6T6HXkqa/Tt/B/3d7nUzp53V3luG7kBjQRfoUlCAQwA
+    4rFxmKwr4RAoVEqhDDWl8ecd/KQXEg0iCpkkmED6mEpPE9qAi8ORNId66E+rveS1
+    SsbmbqVlrN9iHphtvYqvlwwb2IkgPaFpmVSqWrQ3yzEPrL5CLAWiiEq7M4ux7pue
+    YKcOmv3wQSta9eMgy9jaGUXrxFl4qotCevcEsLzkKC045OdVxkL++NFsiQUSfMYO
+    tgGKXuBh0ycI/pOb66lY186zPT0tR+QA18uzeCizEjhCZmPIlPHjN8NOEM7ZLU4U
+    QrLdSrm1quhO6DvGEoO5FulvGtp5hVHdJL5oB7svzNurXB3WVjdXCnRijoaCR07A
+    /X9JVZY2+kRxdl6ZkuLZxb5UE6usW7pTA5DKiuFG/w6CSGZA1Dv3+yoZnjN8KhnG
+    mIWmEJgvddWWoaJ3wFvSAGkYa3qBLX3noV3ZCm0c/r2LBcyFGyuyddEhg9wrqWU9
+    vM7W/4BkTqSJdeMRlS9FD803V9GqxAJBJ1KOSFt2s6b+ekYCI/d+Buso8GPp8eUH
+    ABEBAAGJAbwEGAEIACYWIQSGD3EevDGW+nDob/cA8/MoZUFmawUCX6FJQgIbDAUJ
+    A8JnAAAKCRAA8/MoZUFma/gCC/9xkH8EF1Ka3TUa1kiBdcII4dyoX7gs/dA/os0+
+    fLb/iZZcG+bJZcKLma7DRiyDGXYc7nG3uPvho7/cOCUUg5P/EG5z0CDXzLbmBrk2
+    WlRnREmK/5NTcisCyezRMXHOxpya4pmExVMqSPGA0QbKGwdHqfbHQv2OyI3PYBKv
+    lN+eu6e5SEbT76AQijj5RSPcgbko24/sSqJylD1lnRocQK1p4XelosBraty4wzYS
+    vQY9dRD4nafxPHI3YjKiAG0I7nJDQ0d1jDaW5FP0BkMvn51SmfGsuSg1s46h9JlG
+    RZvS0enjBb1Ic9oBmHAWGQhlD1hvILlqIZOCdj8oWVjwmpZ7BK3/82wOdVkUxy09
+    IdIot+AIH+F/LA3KKgfDmjldyhXjI/HDrpmXwSUkJOBHebNLz5t1EdauF+4DY5BH
+    MsgtyyiYJBzRGT5pgrXMt4yCqZP+0jZwKt1Ech/Q6djIKjt+9wOGe9UB1VrzRbOS
+    5ymseDJcjejtMxuCOuSTN9R5KuSZAY0EYK5/MAEMANv5p5ESG5VZ6qhbJ4aixB4P
+    KkOcUU+W61dS18QEyOnTmC37OGqjRMKZLpTlchFOwqKYRB6m+5noyZbOe/2aFIRg
+    U0d8mSvOhBKy3Dtg1vMxHyGGOpVP3Fq6ZJs6HEpch2KhmLzGT/Pg8XHEJ3xXXqhL
+    f6zr+fjR/Vo1rPiicHwBM2hGXeBCf5ufgU06lBYYQjzNerMVB265fAN8Entm5BiW
+    HSjy8ijCaXfFwmMuVHPTrydhFHnJfUxMImbFMLTbwSn8RwiLmGCydeoAwLB5gKcw
+    IB+37triVVLOI1Bz7iWEbiFBog7M1RyveI+zIYR3f89mL4B0ZK1fuecevfhv8zn0
+    sYC+2gwReLjPpSMwShgMp2b0YnzTPkIXASWPbxGBWKVrAO5+W7JyZ+ZFNjkH7U6r
+    q6A3fTESOA8SgYptkfCb371ZF6TzVhXsaGDA47tRhtIriuyAP8H4Kx7sANcPSj0M
+    a9QtiO8PkGkwbSN1GQUFMUVndQ2RvhRm0gszI9ADtwARAQABtExRdWVlbiBNYXJs
+    ZW5hIChTaGUgaXMgdGhlIHF1ZWVuIGFuZCBpcyB0cnVzdGVkKSA8cXVlZW5tYXJs
+    ZW5hQGdyZXlzY3VsbC5jb20+iQHOBBMBCAA4FiEEzOLh0tDjat4EBeLQmVuyGBYx
+    O9UFAmCufzACGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQmVuyGBYxO9Uu
+    pAv+OcbZje5rt30ILzdUV46Qw5WRmzVWXj/aj1+x2jYmLhjFqjMpq1ugm5vCk7c2
+    MtoVhDHr4L/pu2YhnmQVUEfEMHizDysp+SXnoOpAwpeMDJZgtwL9Q1xl19XjDT5a
+    iP4qAvW6HVvGmJQzLs02fG8/OjZgYys6DTFuOHC4+5ce/RvLCslLyQWccTPajvlp
+    8ebAhmabNlyLgXCkUNjE5azMVEXtdxC7S2UmP95HOv9P146WG1M6zn8WO3TTtM06
+    MEEewX1TfOR/UBfGfeTEVx2Bt1hcQyna5Kv6wxIWpKyeb0oCrAL5FTyIbZK/0V/l
+    ic6+DsJ+rKYYYWJ4u+mUzGmp2U6nLAyuGlepP9rni+rPF4ndrFMqSD9zdPgZ6TQ/
+    QgCwzqdNZrjfNWYEqGQU10/dO5O+pAXLhmosUM0cKThJ81JhbUN6L6Ku9zKx0Vvr
+    5kNcBg12TQ34COWvDFxBJBoDqZq5+Bw7+wD5vt7Qk4yAzYOvkus0PhTPXrMwZiB5
+    BCn+uQGNBGCufzABDAC3BkqAgN7KUoWjHd53M8FNLlkXlGzjpanp744XV5y99tCY
+    9Xy8c9mQus1hO3lQ4Mokksk7mGik2AmKAweYButeoVJkH9euSTB+5nrJjcXLFrup
+    pJ7IR0NfRIffnfcQ/u8MWvJkS3ls72DVpRs94FhqZIx+uSAZ2Psz5OgRG6+lVXYu
+    GAEAl4BueT7ZrRL8lzHzveZZrH9OYUvPbI7ZNkVPviIwLYLJAws9uOr+vmBoywzN
+    GPbSMnj6Zq1PzxcviWvcmTK2RbHkf0b6fSS41earoZOSXAxfJXtci7H2JS+qGvv5
+    xKokWeJVuIZtZOjN8GT+smsIJwI37NSH6JBS1VvDhaysG+js+j66uXDRtt/8Gm06
+    aFD5sgIACnFVH8XS1417zYtoUetFdxA6b8Xhwmow+1m8HP+I4k76eoYOBGyBRHyA
+    DjxFl1GBjFLl49FtYQpSGWa3KO73XrYI/ZzbgWoG5Rv6djPQXe+dGFEL2fkw7tmO
+    00WRDCXo77AnRQDCep0AEQEAAYkBtgQYAQgAIBYhBMzi4dLQ42reBAXi0JlbshgW
+    MTvVBQJgrn8wAhsMAAoJEJlbshgWMTvV+Y4L/3OXLfc9LnSBHqRwW03woGB81zB3
+    9jNnMjwDajmcAWFwfBYf9/bmEZfFuHeEajPw1qIYUWS2J59pD70zZSxvXk5KNN4p
+    PocqgHFKSfrjV+RXvsR35rSsa06Gt6Uq+KpAm1L/nnT0tsimJg+l9ITDQ7CUd9jt
+    l4CXc8I5keSLI7BH+GaPaBseltKrFIl1Z+1MsxQNoJPOp9KQiOQHqlOAmQs8zh5S
+    dMvEU/hVyQOFuePVr3YCMjQGhRVGVBQoPCGq4OU/heM6ZFJFmHhiLxxCHQwM3dJH
+    vbHA/f3nfFg5hqcAExwA2pXTA9GbW0tc5FP+RAMFWwOxgBNL1rkq3hDIXoWdHXqt
+    wrmUCpd63X87Wu9W9okPNefOhA5rQ5GB0Vy2L7al0JvA3LctjYu8kOX4jg8MZOqT
+    fYf8dS4KmtaRxm7Z0sI/RN4RVGD3nDIIVzgLQbV4vrJ4gpwf+XoOnlOgt+qloi3o
+    tcsel8kPSjR46rjpP4hCU4WyouZ6plMzvBGXAw==
+    =Mjei
+    -----END PGP PUBLIC KEY BLOCK-----
+  signature.asc: |
+    -----BEGIN PGP SIGNATURE-----
+
+    iQGzBAABCAAdFiEEzOLh0tDjat4EBeLQmVuyGBYxO9UFAmC4Be8ACgkQmVuyGBYx
+    O9W36Qv/amj4XpRAZfa5VAGKWWQq7RKtAsD7cIsygenG1BYUXFWSSQc4wnnbdmZF
+    vizM7j9ibWwhXIJuslA9oZaH2V+8Lt+69xUhN1EEKbYKZ45Amxm5Hi23Y9myUIFF
+    +uvgkayLHKIFH8vy5snVsll8QmmZvwPtu/+VuUWMHMeVqSbWQmAwz1+rwTAqGbbO
+    bVt2cqVYPO1HQWGzc6E2S4TDUR6HZUuSSDUDL17bejMEy0cFgySxBji5p9UQXmfN
+    7I82QdAB5wEuUE5zFr/GdvzBpbeAiLNz7rn0uhW5zbzZVMnaRfMmVl8fR7vgveXE
+    ILii5JYjJ0FJbO9xRoDhOlnqvMzfLCrHtwcnUd82b9iFvlt5NiiZQDrleIqvDC9S
+    ntY3ZrxhhaVh6qa59hJkEASzU06i120w+1hMc+6DU1e2DjwUCbEtWaDDG6iVdD2S
+    13QIXmo9EgCSVsrYRGv3k8LcdZFQQ2sypP1PvktFoqPz144nw8RIqLBUFS60mj5m
+    JBGF3FnI
+    =M69r
+    -----END PGP SIGNATURE-----
+
+kind: ConfigMap
+metadata:
+  creationTimestamp: null
+  name: pgp-meta-test
+  namespace: grassroots

kubernetes/pgp-trusted-publickey-configmap.yaml

@@ -0,0 +1,50 @@
+apiVersion: v1
+data:
+  trustedpublickey.asc: |
+    -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+    mQGNBGCufzABDADb+aeREhuVWeqoWyeGosQeDypDnFFPlutXUtfEBMjp05gt+zhq
+    o0TCmS6U5XIRTsKimEQepvuZ6MmWznv9mhSEYFNHfJkrzoQSstw7YNbzMR8hhjqV
+    T9xaumSbOhxKXIdioZi8xk/z4PFxxCd8V16oS3+s6/n40f1aNaz4onB8ATNoRl3g
+    Qn+bn4FNOpQWGEI8zXqzFQduuXwDfBJ7ZuQYlh0o8vIowml3xcJjLlRz068nYRR5
+    yX1MTCJmxTC028Ep/EcIi5hgsnXqAMCweYCnMCAft+7a4lVSziNQc+4lhG4hQaIO
+    zNUcr3iPsyGEd3/PZi+AdGStX7nnHr34b/M59LGAvtoMEXi4z6UjMEoYDKdm9GJ8
+    0z5CFwElj28RgVilawDufluycmfmRTY5B+1Oq6ugN30xEjgPEoGKbZHwm9+9WRek
+    81YV7GhgwOO7UYbSK4rsgD/B+Cse7ADXD0o9DGvULYjvD5BpMG0jdRkFBTFFZ3UN
+    kb4UZtILMyPQA7cAEQEAAbRMUXVlZW4gTWFybGVuYSAoU2hlIGlzIHRoZSBxdWVl
+    biBhbmQgaXMgdHJ1c3RlZCkgPHF1ZWVubWFybGVuYUBncmV5c2N1bGwuY29tPokB
+    zgQTAQgAOBYhBMzi4dLQ42reBAXi0JlbshgWMTvVBQJgrn8wAhsDBQsJCAcCBhUK
+    CQgLAgQWAgMBAh4BAheAAAoJEJlbshgWMTvVLqQL/jnG2Y3ua7d9CC83VFeOkMOV
+    kZs1Vl4/2o9fsdo2Ji4YxaozKatboJubwpO3NjLaFYQx6+C/6btmIZ5kFVBHxDB4
+    sw8rKfkl56DqQMKXjAyWYLcC/UNcZdfV4w0+Woj+KgL1uh1bxpiUMy7NNnxvPzo2
+    YGMrOg0xbjhwuPuXHv0bywrJS8kFnHEz2o75afHmwIZmmzZci4FwpFDYxOWszFRF
+    7XcQu0tlJj/eRzr/T9eOlhtTOs5/Fjt007TNOjBBHsF9U3zkf1AXxn3kxFcdgbdY
+    XEMp2uSr+sMSFqSsnm9KAqwC+RU8iG2Sv9Ff5YnOvg7CfqymGGFieLvplMxpqdlO
+    pywMrhpXqT/a54vqzxeJ3axTKkg/c3T4Gek0P0IAsM6nTWa43zVmBKhkFNdP3TuT
+    vqQFy4ZqLFDNHCk4SfNSYW1Dei+irvcysdFb6+ZDXAYNdk0N+AjlrwxcQSQaA6ma
+    ufgcO/sA+b7e0JOMgM2Dr5LrND4Uz16zMGYgeQQp/rkBjQRgrn8wAQwAtwZKgIDe
+    ylKFox3edzPBTS5ZF5Rs46Wp6e+OF1ecvfbQmPV8vHPZkLrNYTt5UODKJJLJO5ho
+    pNgJigMHmAbrXqFSZB/XrkkwfuZ6yY3Fyxa7qaSeyEdDX0SH3533EP7vDFryZEt5
+    bO9g1aUbPeBYamSMfrkgGdj7M+ToERuvpVV2LhgBAJeAbnk+2a0S/Jcx873mWax/
+    TmFLz2yO2TZFT74iMC2CyQMLPbjq/r5gaMsMzRj20jJ4+matT88XL4lr3JkytkWx
+    5H9G+n0kuNXmq6GTklwMXyV7XIux9iUvqhr7+cSqJFniVbiGbWTozfBk/rJrCCcC
+    N+zUh+iQUtVbw4WsrBvo7Po+urlw0bbf/BptOmhQ+bICAApxVR/F0teNe82LaFHr
+    RXcQOm/F4cJqMPtZvBz/iOJO+nqGDgRsgUR8gA48RZdRgYxS5ePRbWEKUhlmtyju
+    9162CP2c24FqBuUb+nYz0F3vnRhRC9n5MO7ZjtNFkQwl6O+wJ0UAwnqdABEBAAGJ
+    AbYEGAEIACAWIQTM4uHS0ONq3gQF4tCZW7IYFjE71QUCYK5/MAIbDAAKCRCZW7IY
+    FjE71fmOC/9zly33PS50gR6kcFtN8KBgfNcwd/YzZzI8A2o5nAFhcHwWH/f25hGX
+    xbh3hGoz8NaiGFFktiefaQ+9M2Usb15OSjTeKT6HKoBxSkn641fkV77Ed+a0rGtO
+    hrelKviqQJtS/5509LbIpiYPpfSEw0OwlHfY7ZeAl3PCOZHkiyOwR/hmj2gbHpbS
+    qxSJdWftTLMUDaCTzqfSkIjkB6pTgJkLPM4eUnTLxFP4VckDhbnj1a92AjI0BoUV
+    RlQUKDwhquDlP4XjOmRSRZh4Yi8cQh0MDN3SR72xwP3953xYOYanABMcANqV0wPR
+    m1tLXORT/kQDBVsDsYATS9a5Kt4QyF6FnR16rcK5lAqXet1/O1rvVvaJDzXnzoQO
+    a0ORgdFcti+2pdCbwNy3LY2LvJDl+I4PDGTqk32H/HUuCprWkcZu2dLCP0TeEVRg
+    95wyCFc4C0G1eL6yeIKcH/l6Dp5ToLfqpaIt6LXLHpfJD0o0eOq46T+IQlOFsqLm
+    eqZTM7wRlwM=
+    =irpP
+    -----END PGP PUBLIC KEY BLOCK-----
+kind: ConfigMap
+metadata:
+  creationTimestamp: null
+  name: pgp-trusted-publickey
+  namespace: grassroots

kubernetes/postgresql-conn-configmap.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgresql-conn-common 
+  namespace: grassroots
+data:
+  DATABASE_USER: grassroots
+  DATABASE_HOST: postgresql
+  DATABASE_PORT: "5432"
+  DATABASE_ENGINE: postgres
+  DATABASE_DRIVER: psycopg2
+  DATABASE_PASSWORD: tralala

kubernetes/postgresql/postgres-db-sealedsecrets.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: postgres-db-secrets
+  namespace: grassroots
+spec:
+  encryptedData:
+    postgresql-password: AgAE+2sX6nGxEeSDEZ6oOShpGqyEi0p8A1QIUNl99WBU/Dg/djdEF2F36SLcw48c2sO47/1Z4Ry4I0qk12GhVv6MPBpQYm1O8Unj822DpT1PW25G1dyRuZZjIE2zuIRoX/4Xvt+5T3Zfhan5ORFsY2H2tj4+v+I+VKdmOOICeffDCb45NPShfR8yWHTlQyvlvlukQBpyiefBTme6EDWo2658ik8Z/CvwXK49w8y+H02wJ5RMavaAplZTi0K5VibM95AiyLEVgGdrtn+ibXFdeWDaZTOgmL4XHqREbWokLHioRsje0nvp6gYZhTjFr8BAgVudbfkmxHZr4Z0EkJsPibznVbVU/gjbTk2mNvrbzoDYbVONAz5YKdCSPlY3f8+a75GfDts+nLGyiNgq2+6zAMn6FkeIGQtqJCy54vqO24wpwGBVXv+ifdBN7n8ifF7/Erd2G1Zt2zz19AQPwo9rAwdM4d2xgCR4t6lxDax2vWMlNdX9f85W6Yn52x57CxCNjqOzlnB/BUF/MnCKlO1NjZwnlzSV40W68HKNdW4XGZL03HgEeZFsgIb92cSL+blp27fn/DnL1jiSZQiktwfHSwHPJb6lYpMysjB/ST/iRTnzlQ8dQcHl+HC35/dH9YL0hU5ZXx7Qh/cRzJDT9hpPaHFVmmuiKG9ZdBICm4BOavQ+vUyRaJqXkTPDO/7SNVUM6U54H7oy2UXCZCrG
+    postgresql-replication-password: AgB5QMqB/htvwFHOwONjwE+Iqvu0opAQ/Wa0oKWb1Lt7oXCRF7wJ2n1xmpNIjFib3gVfGUb/hIt0nBS//B8CDYmz/WiJvylSLdStZhC7gMo6OfK7XD1BubwM2oj4/31eepBRfPMD7OkPXtFcBYpcE7nOq3I1bbbYq3uGjO0vaCozawqKG0ytMpNgcRVHLhuKY8rcIrCiqyZ/Z7DUjG4J7+HtvpBAkC9MFL1t03nEABZocwsf5AF9xzqSJsyVfJq0pmwxYPsu/tZdaUhh2dk64YBgap0VL3Xz5EzMVsu+2PKizafwOXlsxEoeEbdaxcqduVwTl9xIr6p/b+MBVMbuzV8VrsBgDStCijrRFB3Yjep5MRZrumISJG/s9/V77A1lQ2zdPk6dWRbdneScuJhYyG85zZr+B0ThwDxO7eOsL70s0fsebeVh+TVWj/rUE1bT5QDw5nXaXxAj/qx+z/c/urh+X8wmR6ztVj2IhGT4rnxtBzdKGDtpnS4Zm0IJbCaz8fI6c0YJW6Sqmvmh7GmA0j6BARugOcpkM5U8GavKBcEDPPJWPvATpZ4NJLG9yL3fddDO1hGGd0rPvxOIG8iF6fVFJlGWES7Zv8VHEDtAcP26QDjrP/mKcaXr9V/RvtSXVcN/pNCxkiWOYicMeeJ1XqWwFHELcZreBCav0aEDO+vqRIsJWewbX/8ESsOO0GaB+werenNwRXHJeCe7
+  template:
+    metadata:
+      creationTimestamp: null
+      name: postgres-db-secrets
+      namespace: grassroots
+

kubernetes/postgresql/postgres-helmrelease.yaml

@@ -0,0 +1,35 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: postgresql 
+  namespace: grassroots 
+spec:
+  # The interval at which to reconcile the Helm release
+  interval: 10m
+  chart:
+    spec:
+      # The name of the chart as made available by the HelmRepository
+      # (without any aliases)
+      chart: postgresql
+      # A fixed SemVer, or any SemVer range
+      # (i.e. >=4.0.0 <5.0.0)
+      version: 10.3.17 
+      # The reference to the HelmRepository
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami 
+        # Optional, defaults to the namespace of the HelmRelease
+        namespace: default
+  values:
+    image:
+      tag: 12.5.0 
+    existingSecret: postgres-db-secrets
+    postgresqlDatabase: postgres
+    volumePermissions: # related to permissions error on file postgres/data when pod restart
+      enabled: true
+    initdbScriptsConfigMap: postgres-initdb-scipts
+    initdbUser: postgres
+    replication:
+      readReplicas: 0
+    metrics:
+      enabled: true 

kubernetes/postgresql/postgres-initdb-scripts-configMap.yaml

@@ -0,0 +1,21 @@
+# https://kubernetes.io/docs/concepts/configuration/configmap/
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: postgres-initdb-scipts
+  namespace: grassroots
+data:
+  create_db.sql: |
+    CREATE ROLE common_role;
+    CREATE USER grassroots WITH PASSWORD 'tralala' CREATEDB;
+    CREATE DATABASE "cic_cache";
+    CREATE DATABASE "cic_eth";
+    CREATE DATABASE "cic_notify";
+    CREATE DATABASE "cic_meta";
+    CREATE DATABASE "cic_signer";
+    CREATE DATABASE "cic_ussd";
+    CREATE DATABASE "cic_syncer";
+    GRANT ALL PRIVILEGES 
+    ON DATABASE "cic_cache", "cic_eth", "cic_notify", "cic_meta", "cic_signer", "cic_ussd", "cic_syncer"
+    TO grassroots;
+

kubernetes/pub-sealed-secrets.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIErTCCApWgAwIBAgIQQ/6gWxjyWjlUu/orGmbkkTANBgkqhkiG9w0BAQsFADAA
+MB4XDTIxMDQxNjEzMzk1N1oXDTMxMDQxNDEzMzk1N1owADCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBALlHzjP+WopinMhSgNRMywms5IJ4u2UuY8k6YAnZ
+dVeA9wBg+dPuhLqrOgfYSCPfwK+18ZaKpNw9qOUZBr/hRyWIQZrMc5rd6IMcm7aM
+35Fxs5GPigMvp6GxBd/btfUxept/Ro1egwtl7U+6w4AfHrjOAqwnOgDib8U6wK9w
+3+5BlhqPia3HmjE9XzvNp0SKl+C40xv6oGQ2RmU62ESN1uB5FL0+jbmhNZk/chhd
+thhNQ9jo/QqROB/VeRh8LaX7MLzC2caI1fICXE4/4Mcr+rRnqr4dljKtQHobW5/4
+lgH85XqeioFHpaB1cgKg0tgHAk6/UHNThy9aMaXjn/I1s5E8ZvwshWBWw7r14+Vt
+dZaGzhw4RE0RQ8ubYQTiB0b+hXQhY4OdQnAm/yCkf9XODsuxJV9Dr+9coI7ftnyt
+uU0JBBi6Jg9eZdkQjO3E7hyhVUyeer0LbE6W3BHTpz5ZZjp7aiCe94Q5BpqXBmU2
+3JbYjasrGr/5F9YX7sCVdTkfe9I/NzeigAEgNKf+3nxMJB+bFsJ26kDFxREYOxni
+NmDFwczZmUArowDaObh6yXAKz56s2bNJApzkKmKtdq7dpErz0XPOwyPzGoKeMO2p
+8MUapopuCUVW20GR7YCmuTu/xBxfT3ocAS3u3kwYvwzYLeagpl+0Sh1q+6CZBAtK
+jl6FAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwIAATAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4ICAQBYtcMUaxO5yX8fsn1LPm0CAZqTeI3xjkrHGDGXDQqv
+9DHElHkjvWKjNem923hKBwbPdzhKbFQg2Dy93b6LeHj0cCOSQ21bvDrfpfBK3yit
+AlvtuIIn4ktuIvegCDX/e9rxeIQPz3IhrKAnK36UpnMj8L+g2fz9+HYWowiGjx7n
+lCik7ang8rtpbetU1BiXaLo58bJnbjoHxuVryTkSKiPiJ9nK+K2WP7IB+Uunr4c0
+MlCoFrXCEfuShzW3lFRStfc4sazv2wv3utozukmrSWr9y5PXVPQxl8CUmTGG8Bnl
+51RyaldiKRQ0J7LEMv+2fanDoOAZE8gjUVu0NqNahZwK3ya186AUCyUkoVVD7Wnv
+R77SdeuVw0ULn4bpy9n4iXYzRXDha/q3Y2PP5yeBN1NhggxZ6Cyj8s9KeusVw5Oz
+CueAczTlU3VUHI1VEtaacIon/5yuJRz4wW7opLbv1G8kh2v1zDtpWbbb2tnj3foq
+Yt8UIeAkBIW4GPClM5A/Bzv2Gl3Gijp6dDF1Tim1w/6t4C/OBlEbzWII8wvdUTwn
+NBKnmgsnErkSekYuNsGYl4Ua5gu05Bef4dQ7ShAkJcbXTKKPNdTyJmv4I99wRL1l
+WaKawKjnMoO71c6lHuxt/D3p0jjdnsH4BAAMlUrIQ+Jlp+JHa/xcVjAMTvij14fT
+Eg==
+-----END CERTIFICATE-----

kubernetes/redis-conn-common-configmap.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: redis-conn-common 
+  namespace: grassroots
+data:
+  CELERY_BROKER_URL: redis://redis-master
+  CELERY_RESULT_URL: redis://redis-master