Refactor configuration files to remove unused fields and add AKV secret management for payment service
Signed-off-by: zhenyus <zhenyus@mathmast.com>
This commit is contained in:
zhenyus
parent
3d4c21c0ea
commit
b7908d1692
@ -70,16 +70,12 @@ authentication:
|
||||
devsvcWebapiUrlBase: "http://devsvc.<namespace>.svc.freeleaps.cluster:<service-port>/api/devsvc"
|
||||
# NOTIFICATION_WEBAPI_URL_BASE
|
||||
notificationWebapiUrlBase: "http://notification.svc.<namespace>.freeleaps.cluster:<service-port>/api/notification"
|
||||
# JWT_SECRET_KEY
|
||||
jwtSecretKey: ""
|
||||
# JWT_ALGORITHM
|
||||
jwtAlgorithm: "HS256"
|
||||
# MONGODB_NAME
|
||||
mongodbName: ""
|
||||
# MONGODB_PORT
|
||||
mongodbPort: "27017"
|
||||
# MONGODB_URI
|
||||
mongodbUri: ""
|
||||
# METRICS_ENABLED
|
||||
metricsEnabled: "false"
|
||||
# PROBES_ENABLED
|
||||
|
||||
@ -59,12 +59,6 @@ central-storage:
|
||||
mongodbName: ""
|
||||
# MONGODB_PORT
|
||||
mongodbPort: "27017"
|
||||
# MONGODB_URI
|
||||
mongodbUri: ""
|
||||
# AZURE_STORAGE_DOCUMENT_API_KEY
|
||||
azureStorageDocumentApiKey: ""
|
||||
# AZURE_STORAGE_DOCUMENT_API_ENDPOINT
|
||||
azureStorageDocumentApiEndpoint: ""
|
||||
# METRICS_ENABLED
|
||||
metricsEnabled: "false"
|
||||
# PROBES_ENABLED
|
||||
|
||||
@ -101,7 +101,6 @@ chat:
|
||||
redisIsCluster: 'false'
|
||||
metricsEnabled: 'true'
|
||||
probesEnabled: 'true'
|
||||
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -76,8 +76,6 @@ chat:
|
||||
serviceApiAccessPort: "8012"
|
||||
# MONGODB_NAME
|
||||
mongodbName: ""
|
||||
# MONGODB_URI
|
||||
mongodbUri: ""
|
||||
# MONGODB_PORT
|
||||
mongodbPort: ''
|
||||
# EMAIL_FROM
|
||||
@ -88,20 +86,12 @@ chat:
|
||||
jwtSecretKey: ""
|
||||
# JWT_ALGORITHM
|
||||
jwtAlgorithm: ""
|
||||
# STRIPE_API_KEY
|
||||
stripeApiKey: ""
|
||||
# STRIPE_WEBHOOK_SECRET
|
||||
stripeWebhookSecret: ""
|
||||
# STRIPE_ACCOUNT_WEBHOOK_SECRET
|
||||
stripeAccountWebhookSecret: ""
|
||||
# RABBITMQ_HOST
|
||||
rabbitmqHost: ""
|
||||
# RABBITMQ_PORT
|
||||
rabbitmqPort:
|
||||
# RABBITMQ_USERNAME
|
||||
rabbitmqUsername: ""
|
||||
# RABBITMQ_PASSWORD
|
||||
rabbitmqPassword: ""
|
||||
# FREELEAPS_DEVSVC_ENDPOINT
|
||||
freeleapsDevsvcEndpoint: ""
|
||||
# FREELEAPS_CONTENT_ENDPOINT
|
||||
@ -118,8 +108,6 @@ chat:
|
||||
freeleapsEnv: ""
|
||||
# CERT_PATH
|
||||
certPath: ""
|
||||
# REDIS_URL
|
||||
redisUrl: ""
|
||||
# REDIS_IS_CLUSTER
|
||||
redisIsCluster: "false"
|
||||
# METRICS_ENABLED
|
||||
|
||||
@ -82,11 +82,9 @@ content:
|
||||
serviceApiAccessPort: 8013
|
||||
mongodbName: freeleaps2
|
||||
mongodbPort: 27017
|
||||
|
||||
centralStorageWebapiUrlBase: http://central-storage-service.freeleaps-alpha.svc.freeleaps.cluster:8005/api/central_storage
|
||||
metricsEnabled: 'false'
|
||||
probesEnabled: 'true'
|
||||
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -68,11 +68,9 @@ content:
|
||||
serviceApiAccessPort: 8013
|
||||
mongodbName: freeleaps2
|
||||
mongodbPort: 27017
|
||||
|
||||
centralStorageWebapiUrlBase: http://central-storage-service.freeleaps-prod.svc.freeleaps.cluster:8005/api/central_storage
|
||||
metricsEnabled: 'true'
|
||||
probesEnabled: 'true'
|
||||
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -59,10 +59,6 @@ content:
|
||||
mongodbName: ""
|
||||
# MONGODB_PORT
|
||||
mongodbPort: "27017"
|
||||
# MONGODB_URI
|
||||
mongodbUri: ""
|
||||
# FREELEAPS_WWW_AS_AZURE_CLIENT_SECRET
|
||||
freeleapsWwwAsAzureClientSecret: ""
|
||||
# CENTRAL_STORAGE_WEBAPI_URL_BASE
|
||||
centralStorageWebapiUrlBase: ""
|
||||
# METRICS_ENABLED
|
||||
|
||||
@ -64,7 +64,6 @@ devops:
|
||||
rabbitmqVirtualHost: /
|
||||
rabbitmqOutputQueueName: freeleaps.devops.reconciler.output
|
||||
rabbitmqInputQueueName: freeleaps.devops.reconciler.input
|
||||
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -64,7 +64,6 @@ devops:
|
||||
rabbitmqVirtualHost: /
|
||||
rabbitmqOutputQueueName: freeleaps.devops.reconciler.output
|
||||
rabbitmqInputQueueName: freeleaps.devops.reconciler.input
|
||||
# AKV secrets configuration
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -41,34 +41,25 @@ devops:
|
||||
# Basic configuration
|
||||
tz: "UTC"
|
||||
appName: "devops"
|
||||
|
||||
# JWT configuration
|
||||
jwtSecretKey: ""
|
||||
jwtAlgorithm: "HS256"
|
||||
accessTokenExpireMinutes: "3600"
|
||||
refreshTokenExpireDays: "1"
|
||||
|
||||
# MongoDB configuration
|
||||
appMongodbName: ""
|
||||
appMongodbPort: "27017"
|
||||
appMongodbUri: ""
|
||||
|
||||
# Feature switches
|
||||
metricsEnabled: "false"
|
||||
probesEnabled: "true"
|
||||
|
||||
# External service URLs
|
||||
baseGiteaUrl: "https://gitea.freeleaps.mathmast.com"
|
||||
baseReconcileUrl: "https://reconcile.freeleaps.mathmast.com"
|
||||
baseLokiUrl: "http://loki-gateway.freeleaps-logging-system"
|
||||
|
||||
# Log configuration
|
||||
logBasePath: "/app/log"
|
||||
logRetention: "30 days"
|
||||
logRotation: "00:00"
|
||||
logBackupFiles: "5"
|
||||
logRotationBytes: "10485760"
|
||||
|
||||
# Mock mode configuration
|
||||
mockMode: "false"
|
||||
mockResponseDelay: "1000"
|
||||
|
||||
@ -82,7 +82,6 @@ freeleaps:
|
||||
metricsEnabled: 'false'
|
||||
probesEnabled: 'true'
|
||||
giteaEndpoint: https://alpha.gitea.freeleaps.mathmast.com/
|
||||
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -73,7 +73,6 @@ freeleaps:
|
||||
metricsEnabled: 'true'
|
||||
probesEnabled: 'true'
|
||||
giteaEndpoint: https://gitea.freeleaps.mathmast.com/
|
||||
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -59,32 +59,20 @@ freeleaps:
|
||||
serviceApiAccessPort: "8013"
|
||||
# MONGODB_NAME
|
||||
mongodbName: ""
|
||||
# MONGODB_URI
|
||||
mongodbUri: ""
|
||||
# MONGODB_PORT
|
||||
mongodbPort: ''
|
||||
# EMAIL_FROM
|
||||
emailFrom: ""
|
||||
# SITE_URL_ROOT
|
||||
siteUrlRoot: ""
|
||||
# JWT_SECRET_KEY
|
||||
jwtSecretKey: ""
|
||||
# JWT_ALGORITHM
|
||||
jwtAlgorithm: ""
|
||||
# STRIPE_API_KEY
|
||||
stripeApiKey: ""
|
||||
# STRIPE_WEBHOOK_SECRET
|
||||
stripeWebhookSecret: ""
|
||||
# STRIPE_ACCOUNT_WEBHOOK_SECRET
|
||||
stripeAccountWebhookSecret: ""
|
||||
# RABBITMQ_HOST
|
||||
rabbitmqHost: ""
|
||||
# RABBITMQ_PORT
|
||||
rabbitmqPort:
|
||||
# RABBITMQ_USERNAME
|
||||
rabbitmqUsername: ""
|
||||
# RABBITMQ_PASSWORD
|
||||
rabbitmqPassword: ""
|
||||
# FREELEAPS_DEVSVC_ENDPOINT
|
||||
freeleapsDevsvcEndpoint: ""
|
||||
# FREELEAPS_CONTENT_ENDPOINT
|
||||
@ -105,16 +93,12 @@ freeleaps:
|
||||
freeleapsEnv: ""
|
||||
# CERT_PATH
|
||||
certPath: ""
|
||||
# REDIS_URL
|
||||
redisUrl: ""
|
||||
# REDIS_IS_CLUSTER
|
||||
redisIsCluster: "false"
|
||||
# METRICS_ENABLED
|
||||
metricsEnabled: "false"
|
||||
# PROBES_ENABLED
|
||||
probesEnabled: "false"
|
||||
# GITEA_API_KEY
|
||||
giteaApiKey: ""
|
||||
# GITEA_ENDPOINT
|
||||
giteaEndpoint: ""
|
||||
|
||||
@ -130,7 +114,6 @@ freeleaps:
|
||||
controlledResources:
|
||||
- cpu
|
||||
- memory
|
||||
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -103,7 +103,6 @@ notification:
|
||||
controlledResources:
|
||||
- cpu
|
||||
- memory
|
||||
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -77,7 +77,6 @@ notification:
|
||||
emailFrom: freeleaps@freeleaps.com
|
||||
metricsEnabled: 'true'
|
||||
probesEnabled: 'true'
|
||||
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -59,16 +59,12 @@ notification:
|
||||
mongodbName: ""
|
||||
# MONGODB_PORT
|
||||
mongodbPort: "27017"
|
||||
# MONGODB_URI
|
||||
mongodbUri: ""
|
||||
# RABBITMQ_HOST
|
||||
rabbitmqHost: ""
|
||||
# RABBITMQ_PORT
|
||||
rabbitmqPort: ""
|
||||
# RABBITMQ_USERNAME
|
||||
rabbitmqUsername: ""
|
||||
# RABBITMQ_PASSWORD
|
||||
rabbitmqPassword: ""
|
||||
# RABBITMQ_VRITUAL_HOST
|
||||
rabbitmqVritualHost: ""
|
||||
# SYSTEM_USER_ID
|
||||
@ -77,14 +73,6 @@ notification:
|
||||
smsFrom: ""
|
||||
# EMAIL_FROM
|
||||
emailFrom: ""
|
||||
# SECRET_KEY
|
||||
secretKey: ""
|
||||
# SENDGRID_API_KEY
|
||||
sendgridApiKey: ""
|
||||
# TWILIO_ACCOUNT_SID
|
||||
twilioAccountSid: ""
|
||||
# TWILIO_AUTH_TOKEN
|
||||
twilioAuthToken: ""
|
||||
# METRICS_ENABLED
|
||||
metricsEnabled: "false"
|
||||
# PROBES_ENABLED
|
||||
@ -101,7 +89,6 @@ notification:
|
||||
controlledResources:
|
||||
- cpu
|
||||
- memory
|
||||
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
|
||||
@ -106,6 +106,15 @@ spec:
|
||||
name: payment-config
|
||||
key: {{ $key | snakecase | upper }}
|
||||
{{- end }}
|
||||
# inject from secret created by FreeleapsSecret object
|
||||
{{ $targetSecretName := .Values.payment.secrets.target.name }}
|
||||
{{- range .Values.payment.secrets.data }}
|
||||
- name: {{ .key | snakecase | upper }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $targetSecretName }}
|
||||
key: {{ .key }}
|
||||
{{- end }}
|
||||
{{- if .Values.logIngest.enabled }}
|
||||
volumeMounts:
|
||||
- name: app-logs
|
||||
|
||||
@ -0,0 +1,20 @@
|
||||
apiVersion: freeleaps.com/v1alpha1
|
||||
kind: FreeleapsSecret
|
||||
metadata:
|
||||
name: freeleaps-payment-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: {{ .Values.payment.secrets.secretStoreRef.kind }}
|
||||
name: {{ .Values.payment.secrets.secretStoreRef.name }}
|
||||
target:
|
||||
name: {{ .Values.payment.secrets.target.name }}
|
||||
creationPolicy: {{ .Values.payment.secrets.target.creationPolicy }}
|
||||
refreshInterval: {{ .Values.payment.secrets.refreshInterval }}
|
||||
data:
|
||||
{{- range .Values.payment.secrets.data }}
|
||||
- secretKey: {{ .key }}
|
||||
remoteRef:
|
||||
key: {{ .remoteRef.key }}
|
||||
type: {{ .remoteRef.type }}
|
||||
{{- end }}
|
||||
@ -11,8 +11,6 @@ data:
|
||||
SERVICE_API_ACCESS_PORT: {{ .Values.payment.configs.serviceApiAccessPort | toString | b64enc }}
|
||||
MONGODB_NAME: {{ .Values.payment.configs.mongodbName | b64enc | quote }}
|
||||
MONGODB_PORT: {{ .Values.payment.configs.mongodbPort | toString | b64enc }}
|
||||
MONGODB_URI: {{ .Values.payment.configs.mongodbUri | b64enc | quote }}
|
||||
STRIPE_API_KEY: {{ .Values.payment.configs.stripeApiKey | b64enc | quote }}
|
||||
SITE_URL_ROOT: {{ .Values.payment.configs.siteUrlRoot | b64enc | quote }}
|
||||
METRICS_ENABLED: {{ .Values.payment.configs.metricsEnabled | default false | toString | b64enc }}
|
||||
PROBES_ENABLED: {{ .Values.payment.configs.probesEnabled | default false | toString | b64enc }}
|
||||
@ -82,11 +82,26 @@ payment:
|
||||
serviceApiAccessPort: 8006
|
||||
mongodbName: freeleaps2
|
||||
mongodbPort: 27017
|
||||
mongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/
|
||||
stripeApiKey: sk_test_51Ogsw5B0IyqaSJBrwczlr820jnmvA1qQQGoLZ2XxOsIzikpmXo4pRLjw4XVMTEBR8DdVTYySiAv1XX53Zv5xqynF00GfMqttFd
|
||||
siteUrlRoot: https://freeleaps-alpha.com
|
||||
metricsEnabled: 'false'
|
||||
probesEnabled: 'true'
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
name: freeleaps-main-secret-store
|
||||
target:
|
||||
name: freeleaps-payment-secrets
|
||||
creationPolicy: Owner
|
||||
refreshInterval: 30s
|
||||
data:
|
||||
- key: mongodbUri
|
||||
remoteRef:
|
||||
key: "freeleaps-alpha-mongodb-uri"
|
||||
type: Secret
|
||||
- key: stripeApiKey
|
||||
remoteRef:
|
||||
key: "freeleaps-alpha-stripe-api-key"
|
||||
type: Secret
|
||||
vpa:
|
||||
minAllowed:
|
||||
enabled: false
|
||||
|
||||
@ -68,11 +68,26 @@ payment:
|
||||
serviceApiAccessPort: 8006
|
||||
mongodbName: freeleaps2
|
||||
mongodbPort: 27017
|
||||
mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority
|
||||
stripeApiKey: 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
|
||||
siteUrlRoot: https://freeleaps.com
|
||||
metricsEnabled: 'true'
|
||||
probesEnabled: 'true'
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
name: freeleaps-main-secret-store
|
||||
target:
|
||||
name: freeleaps-payment-secrets
|
||||
creationPolicy: Owner
|
||||
refreshInterval: 30s
|
||||
data:
|
||||
- key: mongodbUri
|
||||
remoteRef:
|
||||
key: "freeleaps-prod-mongodb-uri"
|
||||
type: Secret
|
||||
- key: stripeApiKey
|
||||
remoteRef:
|
||||
key: "freeleaps-prod-stripe-api-key"
|
||||
type: Secret
|
||||
vpa:
|
||||
minAllowed:
|
||||
enabled: true
|
||||
|
||||
@ -59,16 +59,29 @@ payment:
|
||||
mongodbName: ""
|
||||
# MONGODB_PORT
|
||||
mongodbPort: "27017"
|
||||
# MONGODB_URI
|
||||
mongodbUri: ""
|
||||
# STRIPE_API_KEY
|
||||
stripeApiKey: ""
|
||||
# SITE_URL_ROOT
|
||||
siteUrlRoot: ""
|
||||
# METRICS_ENABLED
|
||||
metricsEnabled: "false"
|
||||
# PROBES_ENABLED
|
||||
probesEnabled: "false"
|
||||
secrets:
|
||||
secretStoreRef:
|
||||
kind: FreeleapsSecretStore
|
||||
name: freeleaps-main-secret-store
|
||||
target:
|
||||
name: freeleaps-payment-secrets
|
||||
creationPolicy: Owner
|
||||
refreshInterval: 30s
|
||||
data:
|
||||
- key: mongodbUri
|
||||
remoteRef:
|
||||
key: "freeleaps-alpha-mongodb-uri"
|
||||
type: Secret
|
||||
- key: stripeApiKey
|
||||
remoteRef:
|
||||
key: "freeleaps-alpha-stripe-api-key"
|
||||
type: Secret
|
||||
vpa:
|
||||
minAllowed:
|
||||
enabled: false
|
||||
|
||||
Loading…
Reference in New Issue
Block a user