diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..0cef2663 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,10 @@ +--- +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v3.2.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-added-large-files diff --git a/infrastructure/charts/mediator/.helmignore b/infrastructure/charts/mediator/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/infrastructure/charts/mediator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/infrastructure/charts/mediator/Chart.yaml b/infrastructure/charts/mediator/Chart.yaml new file mode 100644 index 00000000..7e530287 --- /dev/null +++ b/infrastructure/charts/mediator/Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v2 +name: prism-node +description: A Helm chart for deploying prism-mediator + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.5.0" + +dependencies: [] diff --git a/infrastructure/charts/mediator/templates/_helpers.tpl b/infrastructure/charts/mediator/templates/_helpers.tpl new file mode 100644 index 00000000..2b7a8087 --- /dev/null +++ b/infrastructure/charts/mediator/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{- define "cors" }} + {{- if .Values.ingress.cors.enabled }} + - name: cors + enable: true + {{- if .Values.ingress.cors.allow_origins }} + config: + allow_origins: {{ .Values.ingress.cors.allow_origins | quote }} + {{- end }} + {{- end }} +{{- end -}} +{{- define "consumer-restriction" }} + - name: consumer-restriction + enable: true + config: + whitelist: + {{- range .Values.ingress.consumers }} + - {{ regexReplaceAll "-" $.Release.Name "_" }}_{{ regexReplaceAll "-" . "_" | lower }} + {{- end }} +{{- end -}} +{{- define "labels.common" -}} +app.kubernetes.io/part-of: prism-mediator +{{- end -}} diff --git a/infrastructure/charts/mediator/templates/apisixconsumer.yaml b/infrastructure/charts/mediator/templates/apisixconsumer.yaml new file mode 100644 index 00000000..dbf17985 --- /dev/null +++ b/infrastructure/charts/mediator/templates/apisixconsumer.yaml @@ -0,0 +1,18 @@ +{{- if .Values.ingress.enabled }} +{{- $root := . -}} +{{- range $consumer := .Values.ingress.consumers }} +apiVersion: apisix.apache.org/v2 +kind: ApisixConsumer +metadata: + name: "{{ $consumer | lower }}" + namespace: "{{ $root.Release.Namespace }}" + labels: + {{ template "labels.common" . }} +spec: + authParameter: + keyAuth: + secretRef: + name: "{{ $root.Release.Namespace }}-{{ $consumer | lower }}" +--- +{{- end }} +{{- end }} diff --git a/infrastructure/charts/mediator/templates/apisixroute.yaml b/infrastructure/charts/mediator/templates/apisixroute.yaml new file mode 100644 index 00000000..0985f987 --- /dev/null +++ b/infrastructure/charts/mediator/templates/apisixroute.yaml @@ -0,0 +1,56 @@ +{{- if .Values.ingress.enabled }} +apiVersion: apisix.apache.org/v2 +kind: ApisixRoute +metadata: + name: mediator-route + namespace: "{{ .Release.Namespace }}" + labels: + {{ template "labels.common" . }} +spec: + http: + - name: mediator-rule + match: + hosts: + {{- range .Values.ingress.applicationUrls }} + - {{ . }} + {{- end }} + paths: + - /* + backends: + - serviceName: mediator-service + servicePort: 8080 + plugins: + - name: proxy-rewrite + enable: true + config: + regex_uri: ["^/(.*)","/$1"] + +--- + +apiVersion: apisix.apache.org/v2 +kind: ApisixRoute +metadata: + name: mediator-docs-route + namespace: "{{ .Release.Namespace }}" + labels: + {{ template "labels.common" . }} +spec: + http: + - name: mediator-docs-rule + match: + hosts: + {{- range .Values.ingress.applicationUrls }} + - {{ . }} + {{- end }} + paths: + - /docs/mediator/api/* + backends: + - serviceName: mediator-service + servicePort: 8080 + plugins: + - name: proxy-rewrite + enable: true + config: + regex_uri: ["^/docs/mediator/api/(.*)","/api/$1"] + {{ template "cors" . }} +{{- end -}} diff --git a/infrastructure/charts/mediator/templates/apisixtls.yaml b/infrastructure/charts/mediator/templates/apisixtls.yaml new file mode 100644 index 00000000..b8286e32 --- /dev/null +++ b/infrastructure/charts/mediator/templates/apisixtls.yaml @@ -0,0 +1,17 @@ +{{- if .Values.ingress.enabled }} +apiVersion: apisix.apache.org/v2 +kind: ApisixTls +metadata: + name: "prism-mediator-base-path-tls" + namespace: "{{ .Release.Namespace }}" + labels: + {{ template "labels.common" . }} +spec: + hosts: + {{- range .Values.ingress.applicationUrls }} + - {{ . }} + {{- end }} + secret: + name: "prism-mediator-base-path-secret" + namespace: "{{ .Release.Namespace }}" +{{- end }} diff --git a/infrastructure/charts/mediator/templates/certificate.yaml b/infrastructure/charts/mediator/templates/certificate.yaml new file mode 100644 index 00000000..3c25e325 --- /dev/null +++ b/infrastructure/charts/mediator/templates/certificate.yaml @@ -0,0 +1,20 @@ +{{- if .Values.ingress.enabled }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "prism-mediator-base-path-cert" + namespace: "{{ .Release.Namespace }}" + labels: + {{ template "labels.common" . }} +spec: + secretName: "prism-mediator-base-path-secret" + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + issuerRef: + name: letsencrypt + kind: ClusterIssuer + dnsNames: + {{- range .Values.ingress.applicationUrls }} + - {{ . }} + {{- end }} +{{- end }} diff --git a/infrastructure/charts/mediator/templates/deployment.yaml b/infrastructure/charts/mediator/templates/deployment.yaml new file mode 100644 index 00000000..c139df3e --- /dev/null +++ b/infrastructure/charts/mediator/templates/deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mediator-server + namespace: "{{ .Release.Namespace }}" + labels: + {{ template "labels.common" . }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: prism-mediator-server + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: prism-mediator-server + {{ template "labels.common" . }} + spec: + imagePullSecrets: + - name: atala-prism-dev-deployments-github-docker-registry-key + containers: + - name: mediator-server + image: "{{ .Values.server.image.repository }}/{{ .Values.server.image.tag }}:{{ .Values.server.image.version | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.server.image.pullPolicy }} + resources: + {{- toYaml .Values.server.resources | nindent 12 }} + ports: + - containerPort: 8080 + env: + - name: MONGODB_USER + value: "admin" + - name: MONGODB_PASSWORD + value: "admin" + - name: MONGODB_PROTOCOL + value: "mongodb" + - name: MONGODB_HOST + value: "mongodb.{{.Release.Namespace}}" + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_DB_NAME + value: "mediator" + - name: SERVICE_ENDPOINT + value: "https://{{ index .Values.ingress.applicationUrls 0 }}/mediator" diff --git a/infrastructure/charts/mediator/templates/externalsecret.yaml b/infrastructure/charts/mediator/templates/externalsecret.yaml new file mode 100644 index 00000000..39ced22b --- /dev/null +++ b/infrastructure/charts/mediator/templates/externalsecret.yaml @@ -0,0 +1,20 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "atala-prism-dev-deployments-github-docker-registry-key" + namespace: {{ .Release.Namespace }} + labels: + {{ template "labels.common" . }} +spec: + refreshInterval: "0" + secretStoreRef: + name: {{ .Values.secrets.secretStore }} + kind: ClusterSecretStore + target: + template: + type: kubernetes.io/dockerconfigjson + data: + .dockerconfigjson: "{{ `{{ .dockerconfigjson | b64dec }}` }}" + dataFrom: + - extract: + key: {{ .Values.secrets.dockerRegistryToken }} diff --git a/infrastructure/charts/mediator/templates/mongodb.yaml b/infrastructure/charts/mediator/templates/mongodb.yaml new file mode 100644 index 00000000..a88d0957 --- /dev/null +++ b/infrastructure/charts/mediator/templates/mongodb.yaml @@ -0,0 +1,77 @@ +{{- if .Values.database.mongodb.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongodb + labels: + app: mongodb +spec: + replicas: 1 + selector: + matchLabels: + app: mongodb + template: + metadata: + labels: + app: mongodb + spec: + containers: + - name: mongodb + image: mongo:6.0.7 + ports: + - containerPort: 27017 + env: + - name: MONGO_INITDB_ROOT_USERNAME + value: "admin" + - name: MONGO_INITDB_ROOT_PASSWORD + value: "admin" + - name: MONGO_INITDB_DATABASE + value: "mediator" + volumeMounts: + - name: mongodb-scripts + mountPath: /docker-entrypoint-initdb.d + readOnly: true + volumes: + - name: mongodb-scripts + configMap: + name: mongodb-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb-cm +data: + initdb.js: | + db.createUser({ + user: "admin", + pwd: "admin", + roles: [ + { role: "readWrite", db: "mediator" } + ] + }); + const database = 'mediator'; + const collectionDidAccount = 'user.account'; + const collectionMessages = 'messages'; + use(database); + db.createCollection(collectionDidAccount); + db.createCollection(collectionMessages); + //create index + db.getCollection(collectionDidAccount).createIndex({ 'did': 1 }, { unique: true }); + // Only enforce uniqueness on non-empty arrays + db.getCollection(collectionDidAccount).createIndex({ 'alias': 1 }, { unique: true , partialFilterExpression: { "alias.0": { $exists: true } }}); + db.getCollection(collectionDidAccount).createIndex({ "messagesRef.hash": 1, "messagesRef.recipient": 1 }); +--- +apiVersion: v1 +kind: Service +metadata: + name: mongodb + namespace: "{{ .Release.Namespace }}" +spec: + selector: + app: mongodb + ports: + - protocol: TCP + port: 27017 + targetPort: 27017 +--- +{{- end }} diff --git a/infrastructure/charts/mediator/templates/service.yaml b/infrastructure/charts/mediator/templates/service.yaml new file mode 100644 index 00000000..1a55de43 --- /dev/null +++ b/infrastructure/charts/mediator/templates/service.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: mediator-service + namespace: "{{ .Release.Namespace }}" + labels: + app.kubernetes.io/name: prism-mediator-server + app.kubernetes.io/service: prism-mediator-server-main + {{ template "labels.common" . }} +spec: + selector: + app.kubernetes.io/name: prism-mediator-server + ports: + - protocol: "TCP" + port: 8080 + targetPort: 8080 + type: ClusterIP + +--- + +{{- if .Values.ingress.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: mediator-domain-name-fake-service + namespace: "{{ .Release.Namespace }}" + annotations: + external-dns.alpha.kubernetes.io/hostname: "{{ join ", " .Values.ingress.applicationUrls }}" + labels: + app.kubernetes.io/name: prism-mediator-server + app.kubernetes.io/service: prism-mediator-server-domain-name-fake-service + {{ template "labels.common" . }} +spec: + type: ExternalName + externalName: {{ .Values.ingress.platformIngressUrl }} +{{- end }} diff --git a/infrastructure/charts/mediator/values.yaml b/infrastructure/charts/mediator/values.yaml new file mode 100644 index 00000000..1cd99ea5 --- /dev/null +++ b/infrastructure/charts/mediator/values.yaml @@ -0,0 +1,30 @@ +ingress: + enabled: true + applicationUrls: + - chart-base-prism-mediator.atalaprism.io + platformIngressUrl: chart-base-platform-ingress.atalaprism.io + cors: + enabled: true + allow_origins: "*" + consumers: [] + +secrets: + secretStore: chart-base-secretstore + dockerRegistryToken: chart-base-docker-registry-token + +server: + image: + repository: ghcr.io + pullPolicy: IfNotPresent + tag: input-output-hk/atala-prism-mediator + resources: + limits: + cpu: 500m + memory: 1024Mi + requests: + cpu: 250m + memory: 512Mi + +database: + mongodb: + enabled: true