diff --git a/helm-chart/README.md b/helm-chart/README.md deleted file mode 100644 index 9c43960..0000000 --- a/helm-chart/README.md +++ /dev/null @@ -1,92 +0,0 @@ -# Payouts Helm Chart - -This chart deploys the payouts service to a Kubernetes cluster using Helm. - -## Introduction - -This chart bootstraps a payouts service deployment on a Kubernetes cluster using the Helm package manager. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.0+ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -helm install my-release . -``` - -The command deploys the payouts service on the Kubernetes cluster in the default configuration. The [Values](#values) section lists the parameters that can be configured during installation. - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -helm delete my-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| replicaCount | int | `1` | Number of replicas | -| image.repository | string | `"payouts"` | Image repository | -| image.tag | string | `"latest"` | Image tag | -| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | -| service.type | string | `"ClusterIP"` | Service type | -| service.port | int | `8080` | Service port | -| ingress.enabled | bool | `false` | Enable ingress | -| ingress.className | string | `""` | Ingress class name | -| ingress.hosts[0].host | string | `"chart-example.local"` | Ingress host | -| ingress.hosts[0].paths[0].path | string | `"/"` | Ingress path | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | Ingress path type | -| server.port | string | `":8080"` | Server port | -| server.writeTimeout | string | `"35s"` | Server write timeout | -| server.readTimeout | string | `"35s"` | Server read timeout | -| server.enablePProfEndpoints | bool | `false` | Enable pprof endpoints | -| database.type | string | `""` | Database type | -| database.connection | string | `""` | Database connection string | -| database.logLevel | string | `"Info"` | Database log level | -| database.traceRequests | bool | `false` | Trace database requests | -| cache.ttl | string | `"24h"` | Cache TTL | -| log.level | string | `"DEBUG"` | Log level | -| log.filePath | string | `"./logs/payouts.log"` | Log file path | -| log.textOutput | bool | `false` | Text output format | -| log.stdoutEnabled | bool | `true` | Enable stdout logging | -| log.fileEnabled | bool | `false` | Enable file logging | -| log.fluentEnabled | bool | `false` | Enable fluent logging | -| metrics.endpoint | string | `"/metrics"` | Metrics endpoint | -| metrics.histogramBuckets | string | `"0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"` | Histogram buckets | -| metrics.http.histogramEnabled | bool | `true` | Enable HTTP histogram | -| metrics.http.buckets | string | `"0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"` | HTTP buckets | -| yookassa.baseUrl | string | `"https://api.yookassa.ru/v3"` | YooKassa base URL | -| yookassa.timeout | string | `"2s"` | YooKassa timeout | -| yookassa.retry.enabled | bool | `false` | Enable retry | -| yookassa.retry.count | int | `3` | Retry count | -| yookassa.retry.waitTime | string | `"200ms"` | Retry wait time | -| yookassa.retry.maxWaitTime | string | `"5s"` | Max retry wait time | -| yookassa.test | bool | `false` | Test mode | -| yookassa.checkAllowedCallbackAddress | bool | `true` | Check callback address | -| yookassa.allowedCallbackSubnets | string | `"185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,77.75.156.11/32,77.75.156.35/32,77.75.154.128/25,2a02:5180::/32"` | Allowed callback subnets | -| yookassa.callbackProcessTimeout | string | `"1s"` | Callback process timeout | - -## Secrets - -The following secrets are used for sensitive configuration and must be provided via Kubernetes secrets: - -- `yookassa-base-key`: YooKassa base API key -- `yookassa-base-secret`: YooKassa base API secret -- `yookassa-payment-key`: YooKassa payment API key -- `yookassa-payment-secret`: YooKassa payment API secret - -Example to create the secret: -```bash -kubectl create secret generic payouts-secrets \ - --from-literal=yookassa-base-key='YOUR_BASE_KEY' \ - --from-literal=yookassa-base-secret='YOUR_BASE_SECRET' \ - --from-literal=yookassa-payment-key='YOUR_PAYMENT_KEY' \ - --from-literal=yookassa-payment-secret='YOUR_PAYMENT_SECRET' \ No newline at end of file diff --git a/helm-chart/templates/NOTES.txt b/helm-chart/templates/NOTES.txt deleted file mode 100644 index bf781f8..0000000 --- a/helm-chart/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }}. - -To get started with your service, you can: - -1. Check the status of your deployment: - helm status {{ .Release.Name }} - -2. Get the service URL: - kubectl get svc {{ include "payouts.fullname" . }} - -3. Access your service logs: - kubectl logs -l app={{ include "payouts.fullname" . }} - -4. To view the configuration, check the ConfigMap: - kubectl get configmap {{ include "payouts.fullname" . }}-config -o yaml - -5. To update your secrets (YooKassa API keys), create a secret with: - kubectl create secret generic {{ include "payouts.fullname" . }}-secrets \\ - --from-literal=yookassa-base-key='YOUR_BASE_KEY' \\ - --from-literal=yookassa-base-secret='YOUR_BASE_SECRET' \\ - --from-literal=yookassa-payment-key='YOUR_PAYMENT_KEY' \\ - --from-literal=yookassa-payment-secret='YOUR_PAYMENT_SECRET' - -6. To access your service via ingress (if enabled), check the ingress rules: - kubectl get ingress {{ include "payouts.fullname" . }} - -For more information, please refer to the documentation. \ No newline at end of file diff --git a/helm-chart/templates/configmap.yaml b/helm-chart/templates/configmap.yaml deleted file mode 100644 index bec9e64..0000000 --- a/helm-chart/templates/configmap.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "payouts.fullname" . }}-config - labels: - {{- include "payouts.labels" . | nindent 4 }} -data: - # Server configuration - SERVER_PORT: {{ .Values.server.port | quote }} - SERVER_WRITETIMEOUT: {{ .Values.server.writeTimeout | quote }} - SERVER_READTIMEOUT: {{ .Values.server.readTimeout | quote }} - SERVER_ENABLEPPROFENDPOINTS: {{ .Values.server.enablePProfEndpoints | quote }} - - # Database configuration - DATABASE_TYPE: {{ .Values.database.type | quote }} - DATABASE_CONNECTION: {{ .Values.database.connection | quote }} - DATABASE_LOGLEVEL: {{ .Values.database.logLevel | quote }} - DATABASE_TRACEREQUESTS: {{ .Values.database.traceRequests | quote }} - - # Cache configuration - CACHE_TTL: {{ .Values.cache.ttl | quote }} - - # Logging configuration - LOG_LEVEL: {{ .Values.log.level | quote }} - LOG_FILEPATH: {{ .Values.log.filePath | quote }} - LOG_TEXTOUTPUT: {{ .Values.log.textOutput | quote }} - LOG_STDOUTENABLED: {{ .Values.log.stdoutEnabled | quote }} - LOG_FILEENABLED: {{ .Values.log.fileEnabled | quote }} - LOG_FLUENTENABLED: {{ .Values.log.fluentEnabled | quote }} - - # Metrics configuration - METRICS_ENDPOINT: {{ .Values.metrics.endpoint | quote }} - METRICS_HISTOGRAMBUCKETS: {{ .Values.metrics.histogramBuckets | quote }} - METRICS_HTTP_HISTOGRAMENABLED: {{ .Values.metrics.http.histogramEnabled | quote }} - METRICS_HTTP_BUCKETS: {{ .Values.metrics.http.buckets | quote }} - - # YooKassa configuration - YOOKASSA_BASEURL: {{ .Values.yookassa.baseUrl | quote }} - YOOKASSA_TIMEOUT: {{ .Values.yookassa.timeout | quote }} - YOOKASSA_RETRY_ENABLED: {{ .Values.yookassa.retry.enabled | quote }} - YOOKASSA_RETRY_COUNT: {{ .Values.yookassa.retry.count | quote }} - YOOKASSA_RETRY_WAITTIME: {{ .Values.yookassa.retry.waitTime | quote }} - YOOKASSA_RETRY_MAXWAITTIME: {{ .Values.yookassa.retry.maxWaitTime | quote }} - YOOKASSA_TEST: {{ .Values.yookassa.test | quote }} - YOOKASSA_CHECKALLOWEDCALLBACKADDRESS: {{ .Values.yookassa.checkAllowedCallbackAddress | quote }} - YOOKASSA_ALLOWEDCALLBACKSUBNETS: {{ .Values.yookassa.allowedCallbackSubnets | quote }} - YOOKASSA_CALLBACKPROCESSTIMEOUT: {{ .Values.yookassa.callbackProcessTimeout | quote }} \ No newline at end of file diff --git a/helm-chart/templates/deployment.yaml b/helm-chart/templates/deployment.yaml deleted file mode 100644 index 195bd86..0000000 --- a/helm-chart/templates/deployment.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "payouts.fullname" . }} - labels: - {{- include "payouts.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "payouts.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "payouts.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "payouts.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.server.port | replace ":" "" }} - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: http - readinessProbe: - httpGet: - path: /ready - port: http - env: - # Server configuration - - name: SERVER_PORT - value: {{ .Values.server.port | quote }} - - name: SERVER_WRITETIMEOUT - value: {{ .Values.server.writeTimeout | quote }} - - name: SERVER_READTIMEOUT - value: {{ .Values.server.readTimeout | quote }} - - name: SERVER_ENABLEPPROFENDPOINTS - value: {{ .Values.server.enablePProfEndpoints | quote }} - - # Database configuration - - name: DATABASE_TYPE - value: {{ .Values.database.type | quote }} - - name: DATABASE_CONNECTION - value: {{ .Values.database.connection | quote }} - - name: DATABASE_LOGLEVEL - value: {{ .Values.database.logLevel | quote }} - - name: DATABASE_TRACEREQUESTS - value: {{ .Values.database.traceRequests | quote }} - - # Cache configuration - - name: CACHE_TTL - value: {{ .Values.cache.ttl | quote }} - - # Logging configuration - - name: LOG_LEVEL - value: {{ .Values.log.level | quote }} - - name: LOG_FILEPATH - value: {{ .Values.log.filePath | quote }} - - name: LOG_TEXTOUTPUT - value: {{ .Values.log.textOutput | quote }} - - name: LOG_STDOUTENABLED - value: {{ .Values.log.stdoutEnabled | quote }} - - name: LOG_FILEENABLED - value: {{ .Values.log.fileEnabled | quote }} - - name: LOG_FLUENTENABLED - value: {{ .Values.log.fluentEnabled | quote }} - - # Metrics configuration - - name: METRICS_ENDPOINT - value: {{ .Values.metrics.endpoint | quote }} - - name: METRICS_HISTOGRAMBUCKETS - value: {{ .Values.metrics.histogramBuckets | quote }} - - name: METRICS_HTTP_HISTOGRAMENABLED - value: {{ .Values.metrics.http.histogramEnabled | quote }} - - name: METRICS_HTTP_BUCKETS - value: {{ .Values.metrics.http.buckets | quote }} - - # YooKassa configuration - - name: YOOKASSA_BASEURL - value: {{ .Values.yookassa.baseUrl | quote }} - - name: YOOKASSA_TIMEOUT - value: {{ .Values.yookassa.timeout | quote }} - - name: YOOKASSA_RETRY_ENABLED - value: {{ .Values.yookassa.retry.enabled | quote }} - - name: YOOKASSA_RETRY_COUNT - value: {{ .Values.yookassa.retry.count | quote }} - - name: YOOKASSA_RETRY_WAITTIME - value: {{ .Values.yookassa.retry.waitTime | quote }} - - name: YOOKASSA_RETRY_MAXWAITTIME - value: {{ .Values.yookassa.retry.maxWaitTime | quote }} - - name: YOOKASSA_TEST - value: {{ .Values.yookassa.test | quote }} - - name: YOOKASSA_CHECKALLOWEDCALLBACKADDRESS - value: {{ .Values.yookassa.checkAllowedCallbackAddress | quote }} - - name: YOOKASSA_ALLOWEDCALLBACKSUBNETS - value: {{ .Values.yookassa.allowedCallbackSubnets | quote }} - - name: YOOKASSA_CALLBACKPROCESSTIMEOUT - value: {{ .Values.yookassa.callbackProcessTimeout | quote }} - - # Secrets from Kubernetes secrets - - name: YOOKASSA_APIBASEKEY - valueFrom: - secretKeyRef: - name: {{ include "payouts.fullname" . }}-secrets - key: yookassa-base-key - - name: YOOKASSA_APIBASESECRET - valueFrom: - secretKeyRef: - name: {{ include "payouts.fullname" . }}-secrets - key: yookassa-base-secret - - name: YOOKASSA_APIPAYMENTKEY - valueFrom: - secretKeyRef: - name: {{ include "payouts.fullname" . }}-secrets - key: yookassa-payment-key - - name: YOOKASSA_APIPAYMENTSECRET - valueFrom: - secretKeyRef: - name: {{ include "payouts.fullname" . }}-secrets - key: yookassa-payment-secret - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} \ No newline at end of file diff --git a/helm-chart/templates/secret.yaml b/helm-chart/templates/secret.yaml deleted file mode 100644 index cb534b1..0000000 --- a/helm-chart/templates/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "payouts.fullname" . }}-secrets - labels: - {{- include "payouts.labels" . | nindent 4 }} -type: Opaque -data: - # YooKassa API keys (these will be base64 encoded when applied) - yookassa-base-key: {{ .Values.secrets.yookassa.baseKey | b64enc | quote }} - yookassa-base-secret: {{ .Values.secrets.yookassa.baseSecret | b64enc | quote }} - yookassa-payment-key: {{ .Values.secrets.yookassa.paymentKey | b64enc | quote }} - yookassa-payment-secret: {{ .Values.secrets.yookassa.paymentSecret | b64enc | quote }} \ No newline at end of file diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml deleted file mode 100644 index 18d6dc8..0000000 --- a/helm-chart/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# Default values for payouts chart -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: payouts - tag: latest - pullPolicy: IfNotPresent - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# Server configuration -server: - port: ":8080" - writeTimeout: "35s" - readTimeout: "35s" - enablePProfEndpoints: false - -# Database configuration -database: - type: "" - connection: "" - logLevel: "Info" - traceRequests: false - -# Cache configuration -cache: - ttl: "24h" - -# Logging configuration -log: - level: "DEBUG" - filePath: "./logs/payouts.log" - textOutput: false - stdoutEnabled: true - fileEnabled: false - fluentEnabled: false - -# Metrics configuration -metrics: - endpoint: "/metrics" - histogramBuckets: "0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10" - http: - histogramEnabled: true - buckets: "0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10" - -# YooKassa configuration -yookassa: - baseUrl: "https://api.yookassa.ru/v3" - timeout: "2s" - retry: - enabled: false - count: 3 - waitTime: "200ms" - maxWaitTime: "5s" - test: false - checkAllowedCallbackAddress: true - allowedCallbackSubnets: "185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,77.75.156.11/32,77.75.156.35/32,77.75.154.128/25,2a02:5180::/32" - apiBaseKey: "" - apiBaseSecret: "" - apiPaymentKey: "" - apiPaymentSecret: "" - callbackProcessTimeout: "1s" - -# Secrets that should be stored in Kubernetes secrets -secrets: - # YooKassa API keys (these will be stored in Kubernetes secrets) - yookassa: - baseKey: "" - baseSecret: "" - paymentKey: "" - paymentSecret: "" \ No newline at end of file diff --git a/helm-chart/Chart.yaml b/helm/payouts/Chart.yaml similarity index 61% rename from helm-chart/Chart.yaml rename to helm/payouts/Chart.yaml index 0365cc4..9a3ba7c 100644 --- a/helm-chart/Chart.yaml +++ b/helm/payouts/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: payouts -description: A Helm chart for the payouts service +description: A Helm chart for payouts service type: application version: 0.1.0 appVersion: "1.0.0" \ No newline at end of file diff --git a/helm/payouts/README.md b/helm/payouts/README.md new file mode 100644 index 0000000..f021077 --- /dev/null +++ b/helm/payouts/README.md @@ -0,0 +1,130 @@ +# Payouts Helm Chart + +This chart deploys the payouts service to a Kubernetes cluster. + +## Introduction + +This chart bootstraps a payouts deployment on a Kubernetes cluster using the Helm package manager. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +helm install my-release helm/payouts +``` + +## Uninstalling the Chart + +To uninstall the chart: + +```bash +helm uninstall my-release +``` + +## Configuration + +The following table lists the configurable parameters of the payouts chart and their default values. + +### Global parameters + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `replicaCount` | Number of replicas | `1` | +| `image.repository` | Image repository | `payouts` | +| `image.tag` | Image tag | `latest` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | + +### Service parameters + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `service.type` | Service type | `ClusterIP` | +| `service.port` | Service port | `8080` | + +### Ingress parameters + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `ingress.enabled` | Enable ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.hosts` | Ingress hosts | `[{ host: payouts.local, paths: [] }]` | +| `ingress.tls` | Ingress TLS | `[]` | + +### ConfigMap parameters + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `config.Server.Port` | Server port | `:8080` | +| `config.Server.WriteTimeout` | Write timeout | `35s` | +| `config.Server.ReadTimeout` | Read timeout | `35s` | +| `config.Server.EnablePProfEndpoints` | Enable pprof endpoints | `false` | +| `config.Server.Tls.Enabled` | Enable TLS | `false` | +| `config.Server.Tls.CertFile` | TLS certificate file path | `""` | +| `config.Server.Tls.KeyFile` | TLS key file path | `""` | +| `config.Socket.MaxHttpBufferSize` | Max HTTP buffer size | `2097152` | +| `config.Socket.PingInterval` | Ping interval | `25s` | +| `config.Socket.PingTimeout` | Ping timeout | `20s` | +| `config.Socket.Debug` | Enable debug | `false` | +| `config.Metrics.Endpoint` | Metrics endpoint | `/metrics` | +| `config.Metrics.HistogramBuckets` | Histogram buckets | `0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10` | +| `config.Metrics.Http.HistogramEnabled` | Enable HTTP histogram | `true` | +| `config.Metrics.Http.Buckets` | HTTP buckets | `0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10` | +| `config.Log.Level` | Log level | `DEBUG` | +| `config.Log.FilePath` | Log file path | `./logs/payouts.log` | +| `config.Log.TextOutput` | Enable text output | `false` | +| `config.Log.StdoutEnabled` | Enable stdout logging | `true` | +| `config.Log.FileEnabled` | Enable file logging | `false` | +| `config.Database.Type` | Database type | `""` | +| `config.Database.Connection` | Database connection string | `""` | +| `config.Database.LogLevel` | Database log level | `Info` | +| `config.Database.TraceRequests` | Trace database requests | `false` | +| `config.Cache.TTL` | Cache TTL | `24h` | +| `config.YooKassa.BaseUrl` | YooKassa base URL | `https://api.yookassa.ru/v3` | +| `config.YooKassa.Timeout` | YooKassa timeout | `2s` | +| `config.YooKassa.Retry.Enabled` | Enable YooKassa retry | `false` | +| `config.YooKassa.Retry.Count` | Retry count | `3` | +| `config.YooKassa.Retry.WaitTime` | Wait time between retries | `200ms` | +| `config.YooKassa.Retry.MaxWaitTime` | Max wait time | `5s` | +| `config.YooKassa.Test` | Test mode | `false` | +| `config.YooKassa.CheckAllowedCallbackAddress` | Check allowed callback address | `true` | +| `config.YooKassa.AllowedCallbackSubnets` | Allowed callback subnets | `185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,77.75.156.11/32,77.75.156.35/32,77.75.154.128/25,2a02:5180::/32` | +| `config.YooKassa.ApiBaseKey` | YooKassa base API key | `""` | +| `config.YooKassa.ApiBaseSecret` | YooKassa base API secret | `""` | +| `config.YooKassa.ApiPaymentKey` | YooKassa payment API key | `""` | +| `config.YooKassa.ApiPaymentSecret` | YooKassa payment API secret | `""` | +| `config.YooKassa.CallbackProcessTimeout` | Callback process timeout | `1s` | + +### Secret parameters + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `secrets.yookassa.apiBaseKey` | YooKassa base API key | `""` | +| `secrets.yookassa.apiBaseSecret` | YooKassa base API secret | `""` | +| `secrets.yookassa.apiPaymentKey` | YooKassa payment API key | `""` | +| `secrets.yookassa.apiPaymentSecret` | YooKassa payment API secret | `""` | + +## TLS Configuration + +To enable TLS, set `config.Server.Tls.Enabled` to `true` and provide either: + +1. **Create new TLS secret**: Set `tls.createSecret` to `true` and provide certificate and key data +2. **Use existing TLS secret**: Set `tls.existingSecret` to the name of existing secret + +When TLS is enabled, the following environment variables will be set: +- `SERVER_TLS_CERTFILE` - path to certificate file +- `SERVER_TLS_KEYFILE` - path to key file + +## Example usage + +```bash +helm install my-release helm/payouts \ + --set config.Server.Tls.Enabled=true \ + --set tls.createSecret=true \ + --set tls.certData="-----BEGIN CERTIFICATE-----\n..." \ + --set tls.keyData="-----BEGIN PRIVATE KEY-----\n..." \ No newline at end of file diff --git a/helm/payouts/templates/NOTES.txt b/helm/payouts/templates/NOTES.txt new file mode 100644 index 0000000..1f304ea --- /dev/null +++ b/helm/payouts/templates/NOTES.txt @@ -0,0 +1,39 @@ +Payouts service has been installed successfully! + +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} +Visit the following URL to access the service: + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}{{ (index .paths 0).path }} +{{- end }} +{{- else }} +Get the service URL by running these commands: + export SERVICE_PORT=$(kubectl get svc {{ include "payouts.fullname" . }} -o jsonpath='{.spec.ports[0].port}') + export SERVICE_HOST=$(kubectl get svc {{ include "payouts.fullname" . }} -o jsonpath='{.spec.clusterIP}') + echo "Service URL: http://$SERVICE_HOST:$SERVICE_PORT" +{{- end }} + +{{- if .Values.config.Server.Tls.Enabled }} +TLS is enabled for the service. +{{- if .Values.tls.createSecret }} +A new TLS secret "{{ include "payouts.fullname" . }}-tls" has been created. +{{- else if .Values.tls.existingSecret }} +Using existing TLS secret "{{ .Values.tls.existingSecret }}". +{{- end }} +{{- end }} + +{{- if .Values.secrets.yookassa.apiBaseKey }} +YooKassa API base key is configured. +{{- end }} + +{{- if .Values.secrets.yookassa.apiPaymentKey }} +YooKassa API payment key is configured. +{{- end }} + +{{- if .Values.config.Server.Tls.Enabled }} +The service will use the following TLS certificate and key files: +- Certificate file: {{ .Values.config.Server.Tls.CertFile | default "/etc/tls/cert.pem" }} +- Key file: {{ .Values.config.Server.Tls.KeyFile | default "/etc/tls/key.pem" }} +{{- end }} + +To view the logs of the deployed pods, run: + kubectl logs -l app.kubernetes.io/name={{ include "payouts.name" . }} \ No newline at end of file diff --git a/helm-chart/templates/_helpers.tpl b/helm/payouts/templates/_helpers.tpl similarity index 70% rename from helm-chart/templates/_helpers.tpl rename to helm/payouts/templates/_helpers.tpl index 40582f3..c096acc 100644 --- a/helm-chart/templates/_helpers.tpl +++ b/helm/payouts/templates/_helpers.tpl @@ -1,15 +1,7 @@ -{{/* -Expand the name of the chart. -*/}} {{- define "payouts.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} {{- define "payouts.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} @@ -23,39 +15,26 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} -{{/* -Create chart name and version as used by the chart label. -*/}} {{- define "payouts.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} -{{/* -Common labels -*/}} {{- define "payouts.labels" -}} -helm.sh/chart: {{ include "payouts.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} +app.kubernetes.io/name: {{ include "payouts.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: {{ include "payouts.chart" . }} {{- end }} -{{/* -Selector labels -*/}} {{- define "payouts.selectorLabels" -}} app.kubernetes.io/name: {{ include "payouts.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} -{{/* -Service account name -*/}} {{- define "payouts.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} {{- default (include "payouts.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/payouts/templates/configmap.yaml b/helm/payouts/templates/configmap.yaml new file mode 100644 index 0000000..430cc64 --- /dev/null +++ b/helm/payouts/templates/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "payouts.fullname" . }}-config + labels: + {{- include "payouts.labels" . | nindent 4 }} +data: + payouts.yaml: | +{{- range $key, $value := .Values.config }} +{{ $key }}: +{{- if eq (kindOf $value) "map" }} +{{- range $subkey, $subvalue := $value }} + {{ $subkey }}: {{ $subvalue | quote }} +{{- end }} +{{- else }} + {{ $value | quote }} +{{- end }} +{{- end }} diff --git a/helm/payouts/templates/deployment.yaml b/helm/payouts/templates/deployment.yaml new file mode 100644 index 0000000..526416f --- /dev/null +++ b/helm/payouts/templates/deployment.yaml @@ -0,0 +1,121 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "payouts.fullname" . }} + labels: + {{- include "payouts.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "payouts.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "payouts.labels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: http + readinessProbe: + httpGet: + path: /health + port: http + env: + - name: CONFIG_PATH + value: "/app/config/payouts.yaml" + - name: YOOKASSA_APIBASEKEY + valueFrom: + secretKeyRef: + name: {{ include "payouts.fullname" . }}-secret + key: yookassa.apiBaseKey + - name: YOOKASSA_APIBASESECRET + valueFrom: + secretKeyRef: + name: {{ include "payouts.fullname" . }}-secret + key: yookassa.apiBaseSecret + - name: YOOKASSA_APIPAYMENTKEY + valueFrom: + secretKeyRef: + name: {{ include "payouts.fullname" . }}-secret + key: yookassa.apiPaymentKey + - name: YOOKASSA_APIPAYMENTSECRET + valueFrom: + secretKeyRef: + name: {{ include "payouts.fullname" . }}-secret + key: yookassa.apiPaymentSecret + {{- if .Values.config.Server.Tls.Enabled }} + - name: SERVER_TLS_CERTFILE + value: {{ .Values.config.Server.Tls.CertFile | quote }} + - name: SERVER_TLS_KEYFILE + value: {{ .Values.config.Server.Tls.KeyFile | quote }} + {{- end }} + volumeMounts: + - name: config-volume + mountPath: /app/config + {{- if .Values.config.Server.Tls.Enabled }} + {{- if .Values.tls.createSecret }} + - name: tls-certs + mountPath: /etc/tls + readOnly: true + {{- else if .Values.tls.existingSecret }} + - name: tls-certs + mountPath: /etc/tls + readOnly: true + {{- end }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.config.Server.Tls.Enabled }} + volumes: + - name: config-volume + configMap: + name: {{ include "payouts.fullname" . }}-config + {{- if .Values.tls.createSecret }} + - name: tls-certs + secret: + secretName: {{ include "payouts.fullname" . }}-tls + {{- else if .Values.tls.existingSecret }} + - name: tls-certs + secret: + secretName: {{ .Values.tls.existingSecret }} + {{- end }} + {{- else }} + volumes: + - name: config-volume + configMap: + name: {{ include "payouts.fullname" . }}-config + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/helm-chart/templates/ingress.yaml b/helm/payouts/templates/ingress.yaml similarity index 89% rename from helm-chart/templates/ingress.yaml rename to helm/payouts/templates/ingress.yaml index e5a4d8d..cc5857c 100644 --- a/helm-chart/templates/ingress.yaml +++ b/helm/payouts/templates/ingress.yaml @@ -10,9 +10,6 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} {{- if .Values.ingress.tls }} tls: {{- range .Values.ingress.tls }} @@ -38,4 +35,4 @@ spec: number: {{ $.Values.service.port }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end -}} \ No newline at end of file diff --git a/helm/payouts/templates/secret.yaml b/helm/payouts/templates/secret.yaml new file mode 100644 index 0000000..c305b93 --- /dev/null +++ b/helm/payouts/templates/secret.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "payouts.fullname" . }}-secret + labels: + {{- include "payouts.labels" . | nindent 4 }} +type: Opaque +data: +{{- if .Values.secrets.yookassa.apiBaseKey }} + yookassa.apiBaseKey: {{ .Values.secrets.yookassa.apiBaseKey | toString | b64enc | quote }} +{{- end }} +{{- if .Values.secrets.yookassa.apiBaseSecret }} + yookassa.apiBaseSecret: {{ .Values.secrets.yookassa.apiBaseSecret | toString | b64enc | quote }} +{{- end }} +{{- if .Values.secrets.yookassa.apiPaymentKey }} + yookassa.apiPaymentKey: {{ .Values.secrets.yookassa.apiPaymentKey | toString | b64enc | quote }} +{{- end }} +{{- if .Values.secrets.yookassa.apiPaymentSecret }} + yookassa.apiPaymentSecret: {{ .Values.secrets.yookassa.apiPaymentSecret | toString | b64enc | quote }} +{{- end }} + +{{- if and .Values.config.Server.Tls.Enabled .Values.tls.createSecret }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "payouts.fullname" . }}-tls + labels: + {{- include "payouts.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.tls.certData | b64enc | quote }} + tls.key: {{ .Values.tls.keyData | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/helm-chart/templates/service.yaml b/helm/payouts/templates/service.yaml similarity index 100% rename from helm-chart/templates/service.yaml rename to helm/payouts/templates/service.yaml diff --git a/helm/payouts/values.yaml b/helm/payouts/values.yaml new file mode 100644 index 0000000..fb18d09 --- /dev/null +++ b/helm/payouts/values.yaml @@ -0,0 +1,107 @@ +# Default values for payouts chart +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: payouts + tag: latest + pullPolicy: IfNotPresent + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + annotations: {} + hosts: + - host: payouts.local + paths: [] + tls: [] + +# TLS configuration +tls: + createSecret: false + existingSecret: "" + certData: "" + keyData: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# ConfigMap values (YAML format) +config: + Server: + Port: ":8080" + WriteTimeout: "35s" + ReadTimeout: "35s" + EnablePProfEndpoints: false + Tls: + Enabled: false + CertFile: "/etc/tls/cert.pem" + KeyFile: "/etc/tls/key.pem" + Socket: + MaxHttpBufferSize: "2097152" + PingInterval: "25s" + PingTimeout: "20s" + Debug: false + Metrics: + Endpoint: "/metrics" + HistogramBuckets: "0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10" + Http: + HistogramEnabled: true + Buckets: "0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10" + Log: + Level: "DEBUG" + FilePath: "./logs/payouts.log" + TextOutput: false + StdoutEnabled: true + FileEnabled: false + Database: + Type: "" + Connection: "" + LogLevel: "Info" + TraceRequests: false + Cache: + TTL: "24h" + YooKassa: + BaseUrl: "https://api.yookassa.ru/v3" + Timeout: "2s" + Retry: + Enabled: false + Count: "3" + WaitTime: "200ms" + MaxWaitTime: "5s" + Test: false + CheckAllowedCallbackAddress: true + AllowedCallbackSubnets: "185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,77.75.156.11/32,77.75.156.35/32,77.75.154.128/25,2a02:5180::/32" + ApiBaseKey: "" + ApiBaseSecret: "" + ApiPaymentKey: "" + ApiPaymentSecret: "" + CallbackProcessTimeout: "1s" + +# Secret values (secrets that should not be in ConfigMap) +secrets: + yookassa: + apiBaseKey: "" + apiBaseSecret: "" + apiPaymentKey: "" + apiPaymentSecret: "" diff --git a/internal/config/module.go b/internal/config/module.go index 0c836ba..b3b8468 100644 --- a/internal/config/module.go +++ b/internal/config/module.go @@ -66,6 +66,9 @@ func NewAppConfig() (*App, error) { tempConf.SetConfigName(confName) tempConf.SetConfigType(confType) + tempConf.AutomaticEnv() + tempConf.SetEnvKeyReplacer(strings.NewReplacer(".", "_")) + err := tempConf.ReadInConfig() if err != nil { // complain on missed non-default config