alxeg/payouts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix generated helm chart

Browse Source
This commit is contained in:
alxeg
2026-03-25 23:08:37 +03:00
parent 0658854f47
commit ee6b510e41
17 changed files with 458 additions and 472 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
helm/payouts/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v2
name: payouts
description: A Helm chart for payouts service
type: application
version: 0.1.0
appVersion: "1.0.0"

130
helm/payouts/README.md Normal file
View File

@@ -0,0 +1,130 @@
# Payouts Helm Chart
This chart deploys the payouts service to a Kubernetes cluster.
## Introduction
This chart bootstraps a payouts deployment on a Kubernetes cluster using the Helm package manager.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.0+
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
helm install my-release helm/payouts
```
## Uninstalling the Chart
To uninstall the chart:
```bash
helm uninstall my-release
```
## Configuration
The following table lists the configurable parameters of the payouts chart and their default values.
### Global parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `replicaCount` | Number of replicas | `1` |
| `image.repository` | Image repository | `payouts` |
| `image.tag` | Image tag | `latest` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
### Service parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `service.type` | Service type | `ClusterIP` |
| `service.port` | Service port | `8080` |
### Ingress parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `ingress.enabled` | Enable ingress | `false` |
| `ingress.annotations` | Ingress annotations | `{}` |
| `ingress.hosts` | Ingress hosts | `[{ host: payouts.local, paths: [] }]` |
| `ingress.tls` | Ingress TLS | `[]` |
### ConfigMap parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `config.Server.Port` | Server port | `:8080` |
| `config.Server.WriteTimeout` | Write timeout | `35s` |
| `config.Server.ReadTimeout` | Read timeout | `35s` |
| `config.Server.EnablePProfEndpoints` | Enable pprof endpoints | `false` |
| `config.Server.Tls.Enabled` | Enable TLS | `false` |
| `config.Server.Tls.CertFile` | TLS certificate file path | `""` |
| `config.Server.Tls.KeyFile` | TLS key file path | `""` |
| `config.Socket.MaxHttpBufferSize` | Max HTTP buffer size | `2097152` |
| `config.Socket.PingInterval` | Ping interval | `25s` |
| `config.Socket.PingTimeout` | Ping timeout | `20s` |
| `config.Socket.Debug` | Enable debug | `false` |
| `config.Metrics.Endpoint` | Metrics endpoint | `/metrics` |
| `config.Metrics.HistogramBuckets` | Histogram buckets | `0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10` |
| `config.Metrics.Http.HistogramEnabled` | Enable HTTP histogram | `true` |
| `config.Metrics.Http.Buckets` | HTTP buckets | `0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10` |
| `config.Log.Level` | Log level | `DEBUG` |
| `config.Log.FilePath` | Log file path | `./logs/payouts.log` |
| `config.Log.TextOutput` | Enable text output | `false` |
| `config.Log.StdoutEnabled` | Enable stdout logging | `true` |
| `config.Log.FileEnabled` | Enable file logging | `false` |
| `config.Database.Type` | Database type | `""` |
| `config.Database.Connection` | Database connection string | `""` |
| `config.Database.LogLevel` | Database log level | `Info` |
| `config.Database.TraceRequests` | Trace database requests | `false` |
| `config.Cache.TTL` | Cache TTL | `24h` |
| `config.YooKassa.BaseUrl` | YooKassa base URL | `https://api.yookassa.ru/v3` |
| `config.YooKassa.Timeout` | YooKassa timeout | `2s` |
| `config.YooKassa.Retry.Enabled` | Enable YooKassa retry | `false` |
| `config.YooKassa.Retry.Count` | Retry count | `3` |
| `config.YooKassa.Retry.WaitTime` | Wait time between retries | `200ms` |
| `config.YooKassa.Retry.MaxWaitTime` | Max wait time | `5s` |
| `config.YooKassa.Test` | Test mode | `false` |
| `config.YooKassa.CheckAllowedCallbackAddress` | Check allowed callback address | `true` |
| `config.YooKassa.AllowedCallbackSubnets` | Allowed callback subnets | `185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,77.75.156.11/32,77.75.156.35/32,77.75.154.128/25,2a02:5180::/32` |
| `config.YooKassa.ApiBaseKey` | YooKassa base API key | `""` |
| `config.YooKassa.ApiBaseSecret` | YooKassa base API secret | `""` |
| `config.YooKassa.ApiPaymentKey` | YooKassa payment API key | `""` |
| `config.YooKassa.ApiPaymentSecret` | YooKassa payment API secret | `""` |
| `config.YooKassa.CallbackProcessTimeout` | Callback process timeout | `1s` |
### Secret parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `secrets.yookassa.apiBaseKey` | YooKassa base API key | `""` |
| `secrets.yookassa.apiBaseSecret` | YooKassa base API secret | `""` |
| `secrets.yookassa.apiPaymentKey` | YooKassa payment API key | `""` |
| `secrets.yookassa.apiPaymentSecret` | YooKassa payment API secret | `""` |
## TLS Configuration
To enable TLS, set `config.Server.Tls.Enabled` to `true` and provide either:
1. **Create new TLS secret**: Set `tls.createSecret` to `true` and provide certificate and key data
2. **Use existing TLS secret**: Set `tls.existingSecret` to the name of existing secret
When TLS is enabled, the following environment variables will be set:
- `SERVER_TLS_CERTFILE` - path to certificate file
- `SERVER_TLS_KEYFILE` - path to key file
## Example usage
```bash
helm install my-release helm/payouts \
--set config.Server.Tls.Enabled=true \
--set tls.createSecret=true \
--set tls.certData="-----BEGIN CERTIFICATE-----\n..." \
--set tls.keyData="-----BEGIN PRIVATE KEY-----\n..."

39
helm/payouts/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,39 @@
Payouts service has been installed successfully!
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
Visit the following URL to access the service:
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}{{ (index .paths 0).path }}
{{- end }}
{{- else }}
Get the service URL by running these commands:
export SERVICE_PORT=$(kubectl get svc {{ include "payouts.fullname" . }} -o jsonpath='{.spec.ports[0].port}')
export SERVICE_HOST=$(kubectl get svc {{ include "payouts.fullname" . }} -o jsonpath='{.spec.clusterIP}')
echo "Service URL: http://$SERVICE_HOST:$SERVICE_PORT"
{{- end }}
{{- if .Values.config.Server.Tls.Enabled }}
TLS is enabled for the service.
{{- if .Values.tls.createSecret }}
A new TLS secret "{{ include "payouts.fullname" . }}-tls" has been created.
{{- else if .Values.tls.existingSecret }}
Using existing TLS secret "{{ .Values.tls.existingSecret }}".
{{- end }}
{{- end }}
{{- if .Values.secrets.yookassa.apiBaseKey }}
YooKassa API base key is configured.
{{- end }}
{{- if .Values.secrets.yookassa.apiPaymentKey }}
YooKassa API payment key is configured.
{{- end }}
{{- if .Values.config.Server.Tls.Enabled }}
The service will use the following TLS certificate and key files:
- Certificate file: {{ .Values.config.Server.Tls.CertFile | default "/etc/tls/cert.pem" }}
- Key file: {{ .Values.config.Server.Tls.KeyFile | default "/etc/tls/key.pem" }}
{{- end }}
To view the logs of the deployed pods, run:
kubectl logs -l app.kubernetes.io/name={{ include "payouts.name" . }}

40
helm/payouts/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{- define "payouts.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "payouts.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "payouts.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "payouts.labels" -}}
app.kubernetes.io/name: {{ include "payouts.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "payouts.chart" . }}
{{- end }}
{{- define "payouts.selectorLabels" -}}
app.kubernetes.io/name: {{ include "payouts.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- define "payouts.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "payouts.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

18
helm/payouts/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "payouts.fullname" . }}-config
labels:
{{- include "payouts.labels" . | nindent 4 }}
data:
payouts.yaml: |
{{- range $key, $value := .Values.config }}
{{ $key }}:
{{- if eq (kindOf $value) "map" }}
{{- range $subkey, $subvalue := $value }}
{{ $subkey }}: {{ $subvalue | quote }}
{{- end }}
{{- else }}
{{ $value | quote }}
{{- end }}
{{- end }}

121
helm/payouts/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,121 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "payouts.fullname" . }}
labels:
{{- include "payouts.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "payouts.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "payouts.labels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /health
port: http
env:
- name: CONFIG_PATH
value: "/app/config/payouts.yaml"
- name: YOOKASSA_APIBASEKEY
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secret
key: yookassa.apiBaseKey
- name: YOOKASSA_APIBASESECRET
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secret
key: yookassa.apiBaseSecret
- name: YOOKASSA_APIPAYMENTKEY
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secret
key: yookassa.apiPaymentKey
- name: YOOKASSA_APIPAYMENTSECRET
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secret
key: yookassa.apiPaymentSecret
{{- if .Values.config.Server.Tls.Enabled }}
- name: SERVER_TLS_CERTFILE
value: {{ .Values.config.Server.Tls.CertFile | quote }}
- name: SERVER_TLS_KEYFILE
value: {{ .Values.config.Server.Tls.KeyFile | quote }}
{{- end }}
volumeMounts:
- name: config-volume
mountPath: /app/config
{{- if .Values.config.Server.Tls.Enabled }}
{{- if .Values.tls.createSecret }}
- name: tls-certs
mountPath: /etc/tls
readOnly: true
{{- else if .Values.tls.existingSecret }}
- name: tls-certs
mountPath: /etc/tls
readOnly: true
{{- end }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.config.Server.Tls.Enabled }}
volumes:
- name: config-volume
configMap:
name: {{ include "payouts.fullname" . }}-config
{{- if .Values.tls.createSecret }}
- name: tls-certs
secret:
secretName: {{ include "payouts.fullname" . }}-tls
{{- else if .Values.tls.existingSecret }}
- name: tls-certs
secret:
secretName: {{ .Values.tls.existingSecret }}
{{- end }}
{{- else }}
volumes:
- name: config-volume
configMap:
name: {{ include "payouts.fullname" . }}-config
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

38
helm/payouts/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "payouts.fullname" . }}
labels:
{{- include "payouts.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ include "payouts.fullname" $ }}
port:
number: {{ $.Values.service.port }}
{{- end }}
{{- end }}
{{- end -}}

34
helm/payouts/templates/secret.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "payouts.fullname" . }}-secret
labels:
{{- include "payouts.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Values.secrets.yookassa.apiBaseKey }}
yookassa.apiBaseKey: {{ .Values.secrets.yookassa.apiBaseKey | toString | b64enc | quote }}
{{- end }}
{{- if .Values.secrets.yookassa.apiBaseSecret }}
yookassa.apiBaseSecret: {{ .Values.secrets.yookassa.apiBaseSecret | toString | b64enc | quote }}
{{- end }}
{{- if .Values.secrets.yookassa.apiPaymentKey }}
yookassa.apiPaymentKey: {{ .Values.secrets.yookassa.apiPaymentKey | toString | b64enc | quote }}
{{- end }}
{{- if .Values.secrets.yookassa.apiPaymentSecret }}
yookassa.apiPaymentSecret: {{ .Values.secrets.yookassa.apiPaymentSecret | toString | b64enc | quote }}
{{- end }}
{{- if and .Values.config.Server.Tls.Enabled .Values.tls.createSecret }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "payouts.fullname" . }}-tls
labels:
{{- include "payouts.labels" . | nindent 4 }}
type: kubernetes.io/tls
data:
tls.crt: {{ .Values.tls.certData | b64enc | quote }}
tls.key: {{ .Values.tls.keyData | b64enc | quote }}
{{- end }}

15
helm/payouts/templates/service.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "payouts.fullname" . }}
labels:
{{- include "payouts.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "payouts.selectorLabels" . | nindent 4 }}

107
helm/payouts/values.yaml Normal file
View File

@@ -0,0 +1,107 @@
# Default values for payouts chart
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: payouts
tag: latest
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 8080
ingress:
enabled: false
annotations: {}
hosts:
- host: payouts.local
paths: []
tls: []
# TLS configuration
tls:
createSecret: false
existingSecret: ""
certData: ""
keyData: ""
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# ConfigMap values (YAML format)
config:
Server:
Port: ":8080"
WriteTimeout: "35s"
ReadTimeout: "35s"
EnablePProfEndpoints: false
Tls:
Enabled: false
CertFile: "/etc/tls/cert.pem"
KeyFile: "/etc/tls/key.pem"
Socket:
MaxHttpBufferSize: "2097152"
PingInterval: "25s"
PingTimeout: "20s"
Debug: false
Metrics:
Endpoint: "/metrics"
HistogramBuckets: "0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"
Http:
HistogramEnabled: true
Buckets: "0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"
Log:
Level: "DEBUG"
FilePath: "./logs/payouts.log"
TextOutput: false
StdoutEnabled: true
FileEnabled: false
Database:
Type: ""
Connection: ""
LogLevel: "Info"
TraceRequests: false
Cache:
TTL: "24h"
YooKassa:
BaseUrl: "https://api.yookassa.ru/v3"
Timeout: "2s"
Retry:
Enabled: false
Count: "3"
WaitTime: "200ms"
MaxWaitTime: "5s"
Test: false
CheckAllowedCallbackAddress: true
AllowedCallbackSubnets: "185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,77.75.156.11/32,77.75.156.35/32,77.75.154.128/25,2a02:5180::/32"
ApiBaseKey: ""
ApiBaseSecret: ""
ApiPaymentKey: ""
ApiPaymentSecret: ""
CallbackProcessTimeout: "1s"
# Secret values (secrets that should not be in ConfigMap)
secrets:
yookassa:
apiBaseKey: ""
apiBaseSecret: ""
apiPaymentKey: ""
apiPaymentSecret: ""