alxeg/payouts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix generated helm chart

Browse Source
This commit is contained in:
alxeg
2026-03-25 23:08:37 +03:00
parent 0658854f47
commit ee6b510e41
17 changed files with 458 additions and 472 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
helm-chart/README.md
View File

@@ -1,92 +0,0 @@
# Payouts Helm Chart
This chart deploys the payouts service to a Kubernetes cluster using Helm.
## Introduction
This chart bootstraps a payouts service deployment on a Kubernetes cluster using the Helm package manager.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.0+
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
helm install my-release .
```
The command deploys the payouts service on the Kubernetes cluster in the default configuration. The [Values](#values) section lists the parameters that can be configured during installation.
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```bash
helm delete my-release
```
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| replicaCount | int | `1` | Number of replicas |
| image.repository | string | `"payouts"` | Image repository |
| image.tag | string | `"latest"` | Image tag |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| service.type | string | `"ClusterIP"` | Service type |
| service.port | int | `8080` | Service port |
| ingress.enabled | bool | `false` | Enable ingress |
| ingress.className | string | `""` | Ingress class name |
| ingress.hosts[0].host | string | `"chart-example.local"` | Ingress host |
| ingress.hosts[0].paths[0].path | string | `"/"` | Ingress path |
| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | Ingress path type |
| server.port | string | `":8080"` | Server port |
| server.writeTimeout | string | `"35s"` | Server write timeout |
| server.readTimeout | string | `"35s"` | Server read timeout |
| server.enablePProfEndpoints | bool | `false` | Enable pprof endpoints |
| database.type | string | `""` | Database type |
| database.connection | string | `""` | Database connection string |
| database.logLevel | string | `"Info"` | Database log level |
| database.traceRequests | bool | `false` | Trace database requests |
| cache.ttl | string | `"24h"` | Cache TTL |
| log.level | string | `"DEBUG"` | Log level |
| log.filePath | string | `"./logs/payouts.log"` | Log file path |
| log.textOutput | bool | `false` | Text output format |
| log.stdoutEnabled | bool | `true` | Enable stdout logging |
| log.fileEnabled | bool | `false` | Enable file logging |
| log.fluentEnabled | bool | `false` | Enable fluent logging |
| metrics.endpoint | string | `"/metrics"` | Metrics endpoint |
| metrics.histogramBuckets | string | `"0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"` | Histogram buckets |
| metrics.http.histogramEnabled | bool | `true` | Enable HTTP histogram |
| metrics.http.buckets | string | `"0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"` | HTTP buckets |
| yookassa.baseUrl | string | `"https://api.yookassa.ru/v3"` | YooKassa base URL |
| yookassa.timeout | string | `"2s"` | YooKassa timeout |
| yookassa.retry.enabled | bool | `false` | Enable retry |
| yookassa.retry.count | int | `3` | Retry count |
| yookassa.retry.waitTime | string | `"200ms"` | Retry wait time |
| yookassa.retry.maxWaitTime | string | `"5s"` | Max retry wait time |
| yookassa.test | bool | `false` | Test mode |
| yookassa.checkAllowedCallbackAddress | bool | `true` | Check callback address |
| yookassa.allowedCallbackSubnets | string | `"185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,77.75.156.11/32,77.75.156.35/32,77.75.154.128/25,2a02:5180::/32"` | Allowed callback subnets |
| yookassa.callbackProcessTimeout | string | `"1s"` | Callback process timeout |
## Secrets
The following secrets are used for sensitive configuration and must be provided via Kubernetes secrets:
- `yookassa-base-key`: YooKassa base API key
- `yookassa-base-secret`: YooKassa base API secret
- `yookassa-payment-key`: YooKassa payment API key
- `yookassa-payment-secret`: YooKassa payment API secret
Example to create the secret:
```bash
kubectl create secret generic payouts-secrets \
--from-literal=yookassa-base-key='YOUR_BASE_KEY' \
--from-literal=yookassa-base-secret='YOUR_BASE_SECRET' \
--from-literal=yookassa-payment-key='YOUR_PAYMENT_KEY' \
--from-literal=yookassa-payment-secret='YOUR_PAYMENT_SECRET'

29
helm-chart/templates/NOTES.txt
View File

@@ -1,29 +0,0 @@
Thank you for installing {{ .Chart.Name }}.
Your release is named {{ .Release.Name }}.
To get started with your service, you can:
1. Check the status of your deployment:
helm status {{ .Release.Name }}
2. Get the service URL:
kubectl get svc {{ include "payouts.fullname" . }}
3. Access your service logs:
kubectl logs -l app={{ include "payouts.fullname" . }}
4. To view the configuration, check the ConfigMap:
kubectl get configmap {{ include "payouts.fullname" . }}-config -o yaml
5. To update your secrets (YooKassa API keys), create a secret with:
kubectl create secret generic {{ include "payouts.fullname" . }}-secrets \\
--from-literal=yookassa-base-key='YOUR_BASE_KEY' \\
--from-literal=yookassa-base-secret='YOUR_BASE_SECRET' \\
--from-literal=yookassa-payment-key='YOUR_PAYMENT_KEY' \\
--from-literal=yookassa-payment-secret='YOUR_PAYMENT_SECRET'
6. To access your service via ingress (if enabled), check the ingress rules:
kubectl get ingress {{ include "payouts.fullname" . }}
For more information, please refer to the documentation.

47
helm-chart/templates/configmap.yaml
View File

@@ -1,47 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "payouts.fullname" . }}-config
labels:
{{- include "payouts.labels" . | nindent 4 }}
data:
# Server configuration
SERVER_PORT: {{ .Values.server.port | quote }}
SERVER_WRITETIMEOUT: {{ .Values.server.writeTimeout | quote }}
SERVER_READTIMEOUT: {{ .Values.server.readTimeout | quote }}
SERVER_ENABLEPPROFENDPOINTS: {{ .Values.server.enablePProfEndpoints | quote }}
# Database configuration
DATABASE_TYPE: {{ .Values.database.type | quote }}
DATABASE_CONNECTION: {{ .Values.database.connection | quote }}
DATABASE_LOGLEVEL: {{ .Values.database.logLevel | quote }}
DATABASE_TRACEREQUESTS: {{ .Values.database.traceRequests | quote }}
# Cache configuration
CACHE_TTL: {{ .Values.cache.ttl | quote }}
# Logging configuration
LOG_LEVEL: {{ .Values.log.level | quote }}
LOG_FILEPATH: {{ .Values.log.filePath | quote }}
LOG_TEXTOUTPUT: {{ .Values.log.textOutput | quote }}
LOG_STDOUTENABLED: {{ .Values.log.stdoutEnabled | quote }}
LOG_FILEENABLED: {{ .Values.log.fileEnabled | quote }}
LOG_FLUENTENABLED: {{ .Values.log.fluentEnabled | quote }}
# Metrics configuration
METRICS_ENDPOINT: {{ .Values.metrics.endpoint | quote }}
METRICS_HISTOGRAMBUCKETS: {{ .Values.metrics.histogramBuckets | quote }}
METRICS_HTTP_HISTOGRAMENABLED: {{ .Values.metrics.http.histogramEnabled | quote }}
METRICS_HTTP_BUCKETS: {{ .Values.metrics.http.buckets | quote }}
# YooKassa configuration
YOOKASSA_BASEURL: {{ .Values.yookassa.baseUrl | quote }}
YOOKASSA_TIMEOUT: {{ .Values.yookassa.timeout | quote }}
YOOKASSA_RETRY_ENABLED: {{ .Values.yookassa.retry.enabled | quote }}
YOOKASSA_RETRY_COUNT: {{ .Values.yookassa.retry.count | quote }}
YOOKASSA_RETRY_WAITTIME: {{ .Values.yookassa.retry.waitTime | quote }}
YOOKASSA_RETRY_MAXWAITTIME: {{ .Values.yookassa.retry.maxWaitTime | quote }}
YOOKASSA_TEST: {{ .Values.yookassa.test | quote }}
YOOKASSA_CHECKALLOWEDCALLBACKADDRESS: {{ .Values.yookassa.checkAllowedCallbackAddress | quote }}
YOOKASSA_ALLOWEDCALLBACKSUBNETS: {{ .Values.yookassa.allowedCallbackSubnets | quote }}
YOOKASSA_CALLBACKPROCESSTIMEOUT: {{ .Values.yookassa.callbackProcessTimeout | quote }}

151
helm-chart/templates/deployment.yaml
View File

@@ -1,151 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "payouts.fullname" . }}
labels:
{{- include "payouts.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "payouts.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "payouts.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "payouts.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.server.port | replace ":" "" }}
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /ready
port: http
env:
# Server configuration
- name: SERVER_PORT
value: {{ .Values.server.port | quote }}
- name: SERVER_WRITETIMEOUT
value: {{ .Values.server.writeTimeout | quote }}
- name: SERVER_READTIMEOUT
value: {{ .Values.server.readTimeout | quote }}
- name: SERVER_ENABLEPPROFENDPOINTS
value: {{ .Values.server.enablePProfEndpoints | quote }}
# Database configuration
- name: DATABASE_TYPE
value: {{ .Values.database.type | quote }}
- name: DATABASE_CONNECTION
value: {{ .Values.database.connection | quote }}
- name: DATABASE_LOGLEVEL
value: {{ .Values.database.logLevel | quote }}
- name: DATABASE_TRACEREQUESTS
value: {{ .Values.database.traceRequests | quote }}
# Cache configuration
- name: CACHE_TTL
value: {{ .Values.cache.ttl | quote }}
# Logging configuration
- name: LOG_LEVEL
value: {{ .Values.log.level | quote }}
- name: LOG_FILEPATH
value: {{ .Values.log.filePath | quote }}
- name: LOG_TEXTOUTPUT
value: {{ .Values.log.textOutput | quote }}
- name: LOG_STDOUTENABLED
value: {{ .Values.log.stdoutEnabled | quote }}
- name: LOG_FILEENABLED
value: {{ .Values.log.fileEnabled | quote }}
- name: LOG_FLUENTENABLED
value: {{ .Values.log.fluentEnabled | quote }}
# Metrics configuration
- name: METRICS_ENDPOINT
value: {{ .Values.metrics.endpoint | quote }}
- name: METRICS_HISTOGRAMBUCKETS
value: {{ .Values.metrics.histogramBuckets | quote }}
- name: METRICS_HTTP_HISTOGRAMENABLED
value: {{ .Values.metrics.http.histogramEnabled | quote }}
- name: METRICS_HTTP_BUCKETS
value: {{ .Values.metrics.http.buckets | quote }}
# YooKassa configuration
- name: YOOKASSA_BASEURL
value: {{ .Values.yookassa.baseUrl | quote }}
- name: YOOKASSA_TIMEOUT
value: {{ .Values.yookassa.timeout | quote }}
- name: YOOKASSA_RETRY_ENABLED
value: {{ .Values.yookassa.retry.enabled | quote }}
- name: YOOKASSA_RETRY_COUNT
value: {{ .Values.yookassa.retry.count | quote }}
- name: YOOKASSA_RETRY_WAITTIME
value: {{ .Values.yookassa.retry.waitTime | quote }}
- name: YOOKASSA_RETRY_MAXWAITTIME
value: {{ .Values.yookassa.retry.maxWaitTime | quote }}
- name: YOOKASSA_TEST
value: {{ .Values.yookassa.test | quote }}
- name: YOOKASSA_CHECKALLOWEDCALLBACKADDRESS
value: {{ .Values.yookassa.checkAllowedCallbackAddress | quote }}
- name: YOOKASSA_ALLOWEDCALLBACKSUBNETS
value: {{ .Values.yookassa.allowedCallbackSubnets | quote }}
- name: YOOKASSA_CALLBACKPROCESSTIMEOUT
value: {{ .Values.yookassa.callbackProcessTimeout | quote }}
# Secrets from Kubernetes secrets
- name: YOOKASSA_APIBASEKEY
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secrets
key: yookassa-base-key
- name: YOOKASSA_APIBASESECRET
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secrets
key: yookassa-base-secret
- name: YOOKASSA_APIPAYMENTKEY
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secrets
key: yookassa-payment-key
- name: YOOKASSA_APIPAYMENTSECRET
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secrets
key: yookassa-payment-secret
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

13
helm-chart/templates/secret.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "payouts.fullname" . }}-secrets
labels:
{{- include "payouts.labels" . | nindent 4 }}
type: Opaque
data:
# YooKassa API keys (these will be base64 encoded when applied)
yookassa-base-key: {{ .Values.secrets.yookassa.baseKey | b64enc | quote }}
yookassa-base-secret: {{ .Values.secrets.yookassa.baseSecret | b64enc | quote }}
yookassa-payment-key: {{ .Values.secrets.yookassa.paymentKey | b64enc | quote }}
yookassa-payment-secret: {{ .Values.secrets.yookassa.paymentSecret | b64enc | quote }}

110
helm-chart/values.yaml
View File

@@ -1,110 +0,0 @@
# Default values for payouts chart
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: payouts
tag: latest
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 8080
ingress:
enabled: false
className: ""
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
# Server configuration
server:
port: ":8080"
writeTimeout: "35s"
readTimeout: "35s"
enablePProfEndpoints: false
# Database configuration
database:
type: ""
connection: ""
logLevel: "Info"
traceRequests: false
# Cache configuration
cache:
ttl: "24h"
# Logging configuration
log:
level: "DEBUG"
filePath: "./logs/payouts.log"
textOutput: false
stdoutEnabled: true
fileEnabled: false
fluentEnabled: false
# Metrics configuration
metrics:
endpoint: "/metrics"
histogramBuckets: "0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"
http:
histogramEnabled: true
buckets: "0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"
# YooKassa configuration
yookassa:
baseUrl: "https://api.yookassa.ru/v3"
timeout: "2s"
retry:
enabled: false
count: 3
waitTime: "200ms"
maxWaitTime: "5s"
test: false
checkAllowedCallbackAddress: true
allowedCallbackSubnets: "185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,77.75.156.11/32,77.75.156.35/32,77.75.154.128/25,2a02:5180::/32"
apiBaseKey: ""
apiBaseSecret: ""
apiPaymentKey: ""
apiPaymentSecret: ""
callbackProcessTimeout: "1s"
# Secrets that should be stored in Kubernetes secrets
secrets:
# YooKassa API keys (these will be stored in Kubernetes secrets)
yookassa:
baseKey: ""
baseSecret: ""
paymentKey: ""
paymentSecret: ""

2
helm-chart/Chart.yaml → helm/payouts/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2 apiVersion: v2
name: payouts name: payouts
description: A Helm chart for the payouts service description: A Helm chart for payouts service
type: application type: application
version: 0.1.0 version: 0.1.0
appVersion: "1.0.0" appVersion: "1.0.0"

130
helm/payouts/README.md Normal file
View File

@@ -0,0 +1,130 @@
# Payouts Helm Chart
This chart deploys the payouts service to a Kubernetes cluster.
## Introduction
This chart bootstraps a payouts deployment on a Kubernetes cluster using the Helm package manager.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.0+
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
helm install my-release helm/payouts
```
## Uninstalling the Chart
To uninstall the chart:
```bash
helm uninstall my-release
```
## Configuration
The following table lists the configurable parameters of the payouts chart and their default values.
### Global parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `replicaCount` | Number of replicas | `1` |
| `image.repository` | Image repository | `payouts` |
| `image.tag` | Image tag | `latest` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
### Service parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `service.type` | Service type | `ClusterIP` |
| `service.port` | Service port | `8080` |
### Ingress parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `ingress.enabled` | Enable ingress | `false` |
| `ingress.annotations` | Ingress annotations | `{}` |
| `ingress.hosts` | Ingress hosts | `[{ host: payouts.local, paths: [] }]` |
| `ingress.tls` | Ingress TLS | `[]` |
### ConfigMap parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `config.Server.Port` | Server port | `:8080` |
| `config.Server.WriteTimeout` | Write timeout | `35s` |
| `config.Server.ReadTimeout` | Read timeout | `35s` |
| `config.Server.EnablePProfEndpoints` | Enable pprof endpoints | `false` |
| `config.Server.Tls.Enabled` | Enable TLS | `false` |
| `config.Server.Tls.CertFile` | TLS certificate file path | `""` |
| `config.Server.Tls.KeyFile` | TLS key file path | `""` |
| `config.Socket.MaxHttpBufferSize` | Max HTTP buffer size | `2097152` |
| `config.Socket.PingInterval` | Ping interval | `25s` |
| `config.Socket.PingTimeout` | Ping timeout | `20s` |
| `config.Socket.Debug` | Enable debug | `false` |
| `config.Metrics.Endpoint` | Metrics endpoint | `/metrics` |
| `config.Metrics.HistogramBuckets` | Histogram buckets | `0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10` |
| `config.Metrics.Http.HistogramEnabled` | Enable HTTP histogram | `true` |
| `config.Metrics.Http.Buckets` | HTTP buckets | `0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10` |
| `config.Log.Level` | Log level | `DEBUG` |
| `config.Log.FilePath` | Log file path | `./logs/payouts.log` |
| `config.Log.TextOutput` | Enable text output | `false` |
| `config.Log.StdoutEnabled` | Enable stdout logging | `true` |
| `config.Log.FileEnabled` | Enable file logging | `false` |
| `config.Database.Type` | Database type | `""` |
| `config.Database.Connection` | Database connection string | `""` |
| `config.Database.LogLevel` | Database log level | `Info` |
| `config.Database.TraceRequests` | Trace database requests | `false` |
| `config.Cache.TTL` | Cache TTL | `24h` |
| `config.YooKassa.BaseUrl` | YooKassa base URL | `https://api.yookassa.ru/v3` |
| `config.YooKassa.Timeout` | YooKassa timeout | `2s` |
| `config.YooKassa.Retry.Enabled` | Enable YooKassa retry | `false` |
| `config.YooKassa.Retry.Count` | Retry count | `3` |
| `config.YooKassa.Retry.WaitTime` | Wait time between retries | `200ms` |
| `config.YooKassa.Retry.MaxWaitTime` | Max wait time | `5s` |
| `config.YooKassa.Test` | Test mode | `false` |
| `config.YooKassa.CheckAllowedCallbackAddress` | Check allowed callback address | `true` |
| `config.YooKassa.AllowedCallbackSubnets` | Allowed callback subnets | `185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,77.75.156.11/32,77.75.156.35/32,77.75.154.128/25,2a02:5180::/32` |
| `config.YooKassa.ApiBaseKey` | YooKassa base API key | `""` |
| `config.YooKassa.ApiBaseSecret` | YooKassa base API secret | `""` |
| `config.YooKassa.ApiPaymentKey` | YooKassa payment API key | `""` |
| `config.YooKassa.ApiPaymentSecret` | YooKassa payment API secret | `""` |
| `config.YooKassa.CallbackProcessTimeout` | Callback process timeout | `1s` |
### Secret parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `secrets.yookassa.apiBaseKey` | YooKassa base API key | `""` |
| `secrets.yookassa.apiBaseSecret` | YooKassa base API secret | `""` |
| `secrets.yookassa.apiPaymentKey` | YooKassa payment API key | `""` |
| `secrets.yookassa.apiPaymentSecret` | YooKassa payment API secret | `""` |
## TLS Configuration
To enable TLS, set `config.Server.Tls.Enabled` to `true` and provide either:
1. **Create new TLS secret**: Set `tls.createSecret` to `true` and provide certificate and key data
2. **Use existing TLS secret**: Set `tls.existingSecret` to the name of existing secret
When TLS is enabled, the following environment variables will be set:
- `SERVER_TLS_CERTFILE` - path to certificate file
- `SERVER_TLS_KEYFILE` - path to key file
## Example usage
```bash
helm install my-release helm/payouts \
--set config.Server.Tls.Enabled=true \
--set tls.createSecret=true \
--set tls.certData="-----BEGIN CERTIFICATE-----\n..." \
--set tls.keyData="-----BEGIN PRIVATE KEY-----\n..."

39
helm/payouts/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,39 @@
Payouts service has been installed successfully!
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
Visit the following URL to access the service:
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}{{ (index .paths 0).path }}
{{- end }}
{{- else }}
Get the service URL by running these commands:
export SERVICE_PORT=$(kubectl get svc {{ include "payouts.fullname" . }} -o jsonpath='{.spec.ports[0].port}')
export SERVICE_HOST=$(kubectl get svc {{ include "payouts.fullname" . }} -o jsonpath='{.spec.clusterIP}')
echo "Service URL: http://$SERVICE_HOST:$SERVICE_PORT"
{{- end }}
{{- if .Values.config.Server.Tls.Enabled }}
TLS is enabled for the service.
{{- if .Values.tls.createSecret }}
A new TLS secret "{{ include "payouts.fullname" . }}-tls" has been created.
{{- else if .Values.tls.existingSecret }}
Using existing TLS secret "{{ .Values.tls.existingSecret }}".
{{- end }}
{{- end }}
{{- if .Values.secrets.yookassa.apiBaseKey }}
YooKassa API base key is configured.
{{- end }}
{{- if .Values.secrets.yookassa.apiPaymentKey }}
YooKassa API payment key is configured.
{{- end }}
{{- if .Values.config.Server.Tls.Enabled }}
The service will use the following TLS certificate and key files:
- Certificate file: {{ .Values.config.Server.Tls.CertFile | default "/etc/tls/cert.pem" }}
- Key file: {{ .Values.config.Server.Tls.KeyFile | default "/etc/tls/key.pem" }}
{{- end }}
To view the logs of the deployed pods, run:
kubectl logs -l app.kubernetes.io/name={{ include "payouts.name" . }}

29
helm-chart/templates/_helpers.tpl → helm/payouts/templates/_helpers.tpl
View File

@@ -1,15 +1,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "payouts.name" -}} {{- define "payouts.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }} {{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "payouts.fullname" -}} {{- define "payouts.fullname" -}}
{{- if .Values.fullnameOverride }} {{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
@@ -23,39 +15,26 @@ If release name contains chart name it will be used as a full name.
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "payouts.chart" -}} {{- define "payouts.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }} {{- end }}
{{/*
Common labels
*/}}
{{- define "payouts.labels" -}} {{- define "payouts.labels" -}}
helm.sh/chart: {{ include "payouts.chart" . }} app.kubernetes.io/name: {{ include "payouts.name" . }}
{{- if .Chart.AppVersion }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "payouts.chart" . }}
{{- end }} {{- end }}
{{/*
Selector labels
*/}}
{{- define "payouts.selectorLabels" -}} {{- define "payouts.selectorLabels" -}}
app.kubernetes.io/name: {{ include "payouts.name" . }} app.kubernetes.io/name: {{ include "payouts.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }} {{- end }}
{{/*
Service account name
*/}}
{{- define "payouts.serviceAccountName" -}} {{- define "payouts.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }} {{- if .Values.serviceAccount.create }}
{{- default (include "payouts.fullname" .) .Values.serviceAccount.name }} {{- default (include "payouts.fullname" .) .Values.serviceAccount.name }}
{{- else }} {{- else }}
{{- default "default" .Values.serviceAccount.name }} {{- default "default" .Values.serviceAccount.name }}
{{- end }} {{- end }}
{{- end }} {{- end }}

18
helm/payouts/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "payouts.fullname" . }}-config
labels:
{{- include "payouts.labels" . | nindent 4 }}
data:
payouts.yaml: |
{{- range $key, $value := .Values.config }}
{{ $key }}:
{{- if eq (kindOf $value) "map" }}
{{- range $subkey, $subvalue := $value }}
{{ $subkey }}: {{ $subvalue | quote }}
{{- end }}
{{- else }}
{{ $value | quote }}
{{- end }}
{{- end }}

121
helm/payouts/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,121 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "payouts.fullname" . }}
labels:
{{- include "payouts.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "payouts.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "payouts.labels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /health
port: http
env:
- name: CONFIG_PATH
value: "/app/config/payouts.yaml"
- name: YOOKASSA_APIBASEKEY
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secret
key: yookassa.apiBaseKey
- name: YOOKASSA_APIBASESECRET
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secret
key: yookassa.apiBaseSecret
- name: YOOKASSA_APIPAYMENTKEY
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secret
key: yookassa.apiPaymentKey
- name: YOOKASSA_APIPAYMENTSECRET
valueFrom:
secretKeyRef:
name: {{ include "payouts.fullname" . }}-secret
key: yookassa.apiPaymentSecret
{{- if .Values.config.Server.Tls.Enabled }}
- name: SERVER_TLS_CERTFILE
value: {{ .Values.config.Server.Tls.CertFile | quote }}
- name: SERVER_TLS_KEYFILE
value: {{ .Values.config.Server.Tls.KeyFile | quote }}
{{- end }}
volumeMounts:
- name: config-volume
mountPath: /app/config
{{- if .Values.config.Server.Tls.Enabled }}
{{- if .Values.tls.createSecret }}
- name: tls-certs
mountPath: /etc/tls
readOnly: true
{{- else if .Values.tls.existingSecret }}
- name: tls-certs
mountPath: /etc/tls
readOnly: true
{{- end }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.config.Server.Tls.Enabled }}
volumes:
- name: config-volume
configMap:
name: {{ include "payouts.fullname" . }}-config
{{- if .Values.tls.createSecret }}
- name: tls-certs
secret:
secretName: {{ include "payouts.fullname" . }}-tls
{{- else if .Values.tls.existingSecret }}
- name: tls-certs
secret:
secretName: {{ .Values.tls.existingSecret }}
{{- end }}
{{- else }}
volumes:
- name: config-volume
configMap:
name: {{ include "payouts.fullname" . }}-config
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

5
helm-chart/templates/ingress.yaml → helm/payouts/templates/ingress.yaml
View File

@@ -10,9 +10,6 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if .Values.ingress.className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }} {{- if .Values.ingress.tls }}
tls: tls:
{{- range .Values.ingress.tls }} {{- range .Values.ingress.tls }}
@@ -38,4 +35,4 @@ spec:
number: {{ $.Values.service.port }} number: {{ $.Values.service.port }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end -}}

34
helm/payouts/templates/secret.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "payouts.fullname" . }}-secret
labels:
{{- include "payouts.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Values.secrets.yookassa.apiBaseKey }}
yookassa.apiBaseKey: {{ .Values.secrets.yookassa.apiBaseKey | toString | b64enc | quote }}
{{- end }}
{{- if .Values.secrets.yookassa.apiBaseSecret }}
yookassa.apiBaseSecret: {{ .Values.secrets.yookassa.apiBaseSecret | toString | b64enc | quote }}
{{- end }}
{{- if .Values.secrets.yookassa.apiPaymentKey }}
yookassa.apiPaymentKey: {{ .Values.secrets.yookassa.apiPaymentKey | toString | b64enc | quote }}
{{- end }}
{{- if .Values.secrets.yookassa.apiPaymentSecret }}
yookassa.apiPaymentSecret: {{ .Values.secrets.yookassa.apiPaymentSecret | toString | b64enc | quote }}
{{- end }}
{{- if and .Values.config.Server.Tls.Enabled .Values.tls.createSecret }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "payouts.fullname" . }}-tls
labels:
{{- include "payouts.labels" . | nindent 4 }}
type: kubernetes.io/tls
data:
tls.crt: {{ .Values.tls.certData | b64enc | quote }}
tls.key: {{ .Values.tls.keyData | b64enc | quote }}
{{- end }}

0
helm-chart/templates/service.yaml → helm/payouts/templates/service.yaml
View File

107
helm/payouts/values.yaml Normal file
View File

@@ -0,0 +1,107 @@
# Default values for payouts chart
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: payouts
tag: latest
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 8080
ingress:
enabled: false
annotations: {}
hosts:
- host: payouts.local
paths: []
tls: []
# TLS configuration
tls:
createSecret: false
existingSecret: ""
certData: ""
keyData: ""
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# ConfigMap values (YAML format)
config:
Server:
Port: ":8080"
WriteTimeout: "35s"
ReadTimeout: "35s"
EnablePProfEndpoints: false
Tls:
Enabled: false
CertFile: "/etc/tls/cert.pem"
KeyFile: "/etc/tls/key.pem"
Socket:
MaxHttpBufferSize: "2097152"
PingInterval: "25s"
PingTimeout: "20s"
Debug: false
Metrics:
Endpoint: "/metrics"
HistogramBuckets: "0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"
Http:
HistogramEnabled: true
Buckets: "0.001,0.002,0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10"
Log:
Level: "DEBUG"
FilePath: "./logs/payouts.log"
TextOutput: false
StdoutEnabled: true
FileEnabled: false
Database:
Type: ""
Connection: ""
LogLevel: "Info"
TraceRequests: false
Cache:
TTL: "24h"
YooKassa:
BaseUrl: "https://api.yookassa.ru/v3"
Timeout: "2s"
Retry:
Enabled: false
Count: "3"
WaitTime: "200ms"
MaxWaitTime: "5s"
Test: false
CheckAllowedCallbackAddress: true
AllowedCallbackSubnets: "185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,77.75.156.11/32,77.75.156.35/32,77.75.154.128/25,2a02:5180::/32"
ApiBaseKey: ""
ApiBaseSecret: ""
ApiPaymentKey: ""
ApiPaymentSecret: ""
CallbackProcessTimeout: "1s"
# Secret values (secrets that should not be in ConfigMap)
secrets:
yookassa:
apiBaseKey: ""
apiBaseSecret: ""
apiPaymentKey: ""
apiPaymentSecret: ""

3
internal/config/module.go
View File

@@ -66,6 +66,9 @@ func NewAppConfig() (*App, error) {
tempConf.SetConfigName(confName) tempConf.SetConfigName(confName)
tempConf.SetConfigType(confType) tempConf.SetConfigType(confType)
tempConf.AutomaticEnv()
tempConf.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
err := tempConf.ReadInConfig() err := tempConf.ReadInConfig()
if err != nil { if err != nil {
// complain on missed non-default config // complain on missed non-default config