mojaloop/values.yaml

# Common YAML TEMPLATE Anchors
CONFIG:
  ## ACCOUNT-LOOKUP BACKEND
  als_db_name: &ALS_DB_NAME "account_lookup"
  als_db_password: &ALS_DB_PASSWORD ''
  als_db_secret: &ALS_DB_SECRET
    name: &ALS_DB_SECRET_NAME mysqldb
    key: &ALS_DB_SECRET_KEY mysql-password
  als_db_host: &ALS_DB_HOST 'mysqldb'
  als_db_port: &ALS_DB_PORT 3306
  als_db_user: &ALS_DB_USER "account_lookup"

  ## CENTRAL-LEDGER BACKEND
  cl_db_name: &CL_DB_NAME "central_ledger"
  cl_db_password: &CL_DB_PASSWORD ''
  cl_db_secret: &CL_DB_SECRET
    name: &CL_DB_SECRET_NAME mysqldb
    key: &CL_DB_SECRET_KEY mysql-password
  cl_db_host: &CL_DB_HOST 'mysqldb'
  cl_db_port: &CL_DB_PORT 3306
  cl_db_user: &CL_DB_USER "central_ledger"

  ## KAFKA BACKEND
  kafka_host: &KAFKA_HOST 'kafka'
  kafka_port: &KAFKA_PORT 9092

  ## BULK OBJECT STORE BACKEND
  obj_mongo_host: &OBJSTORE_MONGO_HOST 'cl-mongodb'
  obj_mongo_port: &OBJSTORE_MONGO_PORT 27017
  obj_mongo_user: &OBJSTORE_MONGO_USER mojaloop
  obj_mongo_password: &OBJSTORE_MONGO_PASSWORD ''
  obj_mongo_secret: &OBJSTORE_MONGO_SECRET
    name: &OBJSTORE_MONGO_SECRET_NAME cl-mongodb
    key: &OBJSTORE_MONGO_SECRET_KEY mongodb-passwords
  obj_mongo_database: &OBJSTORE_MONGO_DATABASE mlos

  ## TTK MONGODB BACKEND
  ttk_mongo_host: &TTK_MONGO_HOST "ttk-mongodb"
  ttk_mongo_port: &TTK_MONGO_PORT "27017"
  ttk_mongo_user: &TTK_MONGO_USER "ttk"
  ttk_mongo_password: &TTK_MONGO_PASSWORD ""
  ttk_mongo_secret: &TTK_MONGO_SECRET
    name: &TTK_MONGO_SECRET_NAME ttk-mongodb
    key: &TTK_MONGO_SECRET_KEY mongodb-passwords
  ttk_mongo_database: &TTK_MONGO_DATABASE "ttk"

  ## MOJALOOP-TTK-SIMULATORS BACKEND
  moja_ttk_sim_kafka_host: &MOJA_TTK_SIM_KAFKA_HOST kafka
  moja_ttk_sim_kafka_port: &MOJA_TTK_SIM_KAFKA_PORT 9092
  # The Redis Instance can be installed using the following command: helm -n <NAMESPACE> install backend ./example-mojaloop-backend --set "kafka.enabled=false" --set "centralledger-mysql.enabled=false" --set "account-lookup-mysql.enabled=false" --set "centralledger-obj.enabled=false" --set "cep-mongodb.enabled=false" --set "kafka-console.enabled=false" --set "ttksims-redis.enabled=true"
  moja_ttk_sim_redis_host: &MOJA_TTK_SIM_REDIS_HOST ttksims-redis-master
  moja_ttk_sim_redis_port: &MOJA_TTK_SIM_REDIS_PORT 6379

  ## THIRDPARTY AUTH-SVC BACKEND
  tp_auth_svc_db_name: &TP_AUTH_SVC_DB_NAME "auth_svc"
  tp_auth_svc_db_password: &TP_AUTH_SVC_DB_PASSWORD ""
  tp_auth_svc_db_secret: &TP_AUTH_SVC_DB_SECRET
    name: &TP_AUTH_SVC_DB_SECRET_NAME mysqldb
    key: &TP_AUTH_SVC_DB_SECRET_KEY mysql-password
  tp_auth_svc_db_host: &TP_AUTH_SVC_DB_HOST 'mysqldb'
  tp_auth_svc_db_port: &TP_AUTH_SVC_DB_PORT 3306
  tp_auth_svc_db_user: &TP_AUTH_SVC_DB_USER "auth_svc"
  tp_auth_svc_redis_host: &TP_AUTH_SVC_REDIS_HOST auth-svc-redis-master
  tp_auth_svc_redis_port: &TP_AUTH_SVC_REDIS_PORT 6379

  ## THIRDPARTY ALS_CONSENT-SVC BACKEND
  tp_als_consent_svc_db_name: &TP_ALS_CONSENT_SVC_DB_NAME "consent_oracle"
  tp_als_consent_svc_db_password: &TP_ALS_CONSENT_SVC_DB_PASSWORD ""
  tp_als_consent_svc_db_secret: &TP_ALS_CONSENT_SVC_DB_SECRET
    name: &TP_ALS_CONSENT_SVC_DB_SECRET_NAME mysqldb
    key: &TP_ALS_CONSENT_SVC_DB_SECRET_KEY mysql-password
  tp_als_consent_svc_db_host: &TP_ALS_CONSENT_SVC_DB_HOST 'mysqldb'
  tp_als_consent_svc_db_port: &TP_ALS_CONSENT_SVC_DB_PORT 3306
  tp_als_consent_svc_db_user: &TP_ALS_CONSENT_SVC_DB_USER "consent_oracle"

  ## BATCH_PROCESSING: To enable batch processing set following to true
  batch_processing_enabled: &CL_BATCH_PROCESSING_ENABLED false

# Default values for central.
# This is a YAML-formatted file.
# Declare global configurations
global: {}

# Declare variables to be passed into your templates.

account-lookup-service:
  enabled: true

  account-lookup-service:
    enabled: true
    # Default values for account-lookup-service.
    # This is a YAML-formatted file.
    # Declare variables to be passed into your templates.

    image:
      registry: docker.io
      repository: mojaloop/account-lookup-service
      tag: v15.2.3
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/index.js", "server", "--api"]'

    nameOverride: ""
    fullnameOverride: ""

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
        command: '["npm", "run", "start"]'
      service:
        internalPort: 4001
      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        event_log_grpc_host: localhost
        event_log_grpc_port: 50051
        event_log_filter: 'audit:*, log:info, log:warn, log:error'
        event_log_metadata_only: true
        log_level: info
        log_filter: 'error, warn, info'

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true
      config:
        timeout: 5000
        prefix: moja_
        defaultLabels:
          serviceName: account-lookup-service

    config:
      ## Central-Ledger config
      central_services_host: '$release_name-centralledger-service'
      central_services_port: 80

      # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept),
      # and for generating requests/callbacks from the Switch itself (DEFAULT value)
      protocol_versions: |
        {
          "CONTENT": {
            "DEFAULT": "1.1",
            "VALIDATELIST": [
              "1",
              "1.0",
              "1.1"
            ]
          },
          "ACCEPT": {
            "DEFAULT": "1",
            "VALIDATELIST": [
              "1",
              "1.0",
              "1.1"
            ]
          }
        }

      # Log config
      log_level: info
      log_transport: file

      central_shared_end_point_cache:
        expiresIn: 180000
        generateTimeout: 30000
        getDecoratedValue: true
      central_shared_participant_cache:
        expiresIn: 61000
        generateTimeout: 30000
        getDecoratedValue: true
      general_cache:
        enabled: true
        maxByteSize: 10000000
        expiresIn: 61000

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *ALS_DB_HOST
      db_port: *ALS_DB_PORT
      db_user: *ALS_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *ALS_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *ALS_DB_SECRET_NAME
        key: *ALS_DB_SECRET_KEY
      db_database: *ALS_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false
      display_routes: true
      run_migrations: false

      endpointSecurity:
        jwsSign: true
        fspiopSourceSigningName: switch
        # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key.
        # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored.
        # Expected properties of `jwsSigningKeySecret` are `name` and `key`.
        jwsSigningKeySecret: null
        # jwsSigningKey:
        # To generate this key:
        # Private:
        # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
        # Public:
        # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
        # Should look like:
        # -----BEGIN RSA PRIVATE KEY-----
        # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R
        # ..
        # ..
        # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4
        # -----END RSA PRIVATE KEY-----
        # The following is an example key and shouldn't be used in production
        jwsSigningKey: |-
          -----BEGIN PRIVATE KEY-----
          MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQDuB5HuHRH5BqI/
          VAC/ixm6lz8kJmigIB5jMxLrhB9cgqM+pb0O+is88VRHdxtw8eKG3nvrZYy/4nsJ
          z32qo4sOIMqHWTlZgbURVK4FAUEZ/qn63UnXJ1YVqT4UGg31BBj2c1JdlxG2t4JV
          DvzGrI2/ia/t4gYZCWrQz6a8OClBIaXu2t6EGFnysyS+1YDWtNIHO+z0lvAY9oad
          5MZPHN51o04eIoLO0tPfkz0+NDs4ECwUWuFAg8yo1hxnvSoERiCAwEbFgq2wDe1+
          oBhOpusd4VastD/TEqO8RhrwTodddOMKzapJPrQJuvTkrpkmkPOGE8DgIVHsULLR
          UYEMKvTVAgMBAAECgf94Meq77xrcFg8sSqe5eNHYP39tvaWyqE7mY/slvpNDH5Pl
          D/p21akS156E32BEJuYPk/TLiI2kMWjnvbHvNgr9tq8x3ToyTjtrg5clq8Hr1Ozo
          FnFiqkVHMFPFPQZEVU64CQPA33DixuWjMWS3YINfCAinErBry0PiNZGmuFi1K/wy
          e1z2F9WfG3IEBEe3NaeXwN55ZPJve0LtneJy3YqNwMg2FpPKBRHFV4lKTaU/hqhC
          NK6HQoEXN4Y9AQHn53Fl8n0iNO3qx0Tb7EuGNFmZ2xTlpDKAp8M+BA5Qm5YDkbd6
          OoxbGj2YxZncbG+RsvICtVMLqIytubvYREY9WGkCgYEA+K64xhJzWV3cGc8/90ko
          TryGMBj1ly5TNa1YyOQxl5z4Glc0aI8a+1vJGEAA+c/OEhMR8MRn3+QfV2LJOI5X
          V8Zo2Ger6Ln99LBddTh2HXL3M60cMgs8MYGuJ75g5R/UHnJBLo7NFyVddCOMT3hc
          AYSDN3XCw9ycqTw2/mJHB9kCgYEA9QiaCfTtnXdjMqLeYbp2uQEyyO6IZs956ym7
          sEQMwx/3wnlE9eiJ6iQxZfddkfOCyV/4MMAlYfpTBQFg7Cwb32Xrv3Ezy0HfZrnt
          5Nj4SVQWuOXJhdfC9dmTF+cvBeP+vC6PyDbikxdCo9+05chxS7I3MLxCue4qxy0C
          QfQIE10CgYA+kHacHng2u45sT9/f7t/dL0DzSNRAvL7iekIkCIURh8RDnDzrMVWw
          d18YYsHcF5PYqEOTN1aK1XGtIoVNXUJMKvaluy9c1a42qUhZ/WJ59jqLHbpCPOFf
          8yhFh3gJLQDIyCXt+K9Qa24fkfHy7Gz5VMVOZqohbJddXHDZfxAvwQKBgAdU947+
          tjF1BhHYz8Cq3KySfZuHj6tL4AEKYaRXlO4twbMe/9I/4AiShqvfZ/xbBfnSllGX
          Hkc9P0iyDt1iQH9BxHkZAQy+7tlbDORBHcTL8FYeAhawKxRCK2WWtFB/zvqAhire
          gY8XLhZLNlV91u4F6iLaL0DzAHKvRRcGH0u9AoGATNigZgbRRHJC21JucHeE0tP7
          HjGALvb4qn1o0oDHsxNY8i6vVNw9YeQpZaJhceuRHJTGcsq2dJSXpYwIhIVs/8RK
          bKbkEndra96L6FRZN8LYBl8zbRUPx39ojGeSbFliQv1eaoA/1DDhCiC2NlcSmbJl
          ecaG/Oyo/S+eM8nR7mc=
          -----END PRIVATE KEY-----

      # Thirdparty API Config
      featureEnableExtendedPartyIdType: false

    # @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    # ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    # e.g:
    # initContainers:
    #  - name: your-image-name
    #    image: your-image
    #    imagePullPolicy: Always
    #    command: ['sh', '-c', 'echo "hello world"']
    #
    # initContainers: []
    initContainers: |
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 4002
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
      ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: account-lookup-service.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
      ##
      #  - secretName: chart-example-tls
      #    hosts:
      #      - chart-example.local

    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

    nodeSelector: {}

    tolerations: []

    affinity: {}

  account-lookup-service-admin:
    enabled: true

    # Default values for account-lookup-service.
    # This is a YAML-formatted file.
    # Declare variables to be passed into your templates.

    image:
      registry: docker.io
      repository: mojaloop/account-lookup-service
      tag: v15.2.3
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/index.js", "server", "--admin"]'

    nameOverride: ""
    fullnameOverride: ""

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
        command: '["npm", "run", "start"]'
      service:
        internalPort: 4003
      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        event_log_grpc_host: localhost
        event_log_grpc_port: 50051
        event_log_filter: 'audit:*, log:info, log:warn, log:error'
        event_log_metadata_only: true
        log_level: info
        log_filter: 'error, warn, info'

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true
      config:
        timeout: 5000
        prefix: moja_
        defaultLabels:
          serviceName: account-lookup-service-admin

    config:
      ## Central-Ledger config
      central_services_host: '$release_name-centralledger-service'
      central_services_port: 80

      # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept),
      # and for generating requests/callbacks from the Switch itself (DEFAULT value)
      protocol_versions: |
        {
          "CONTENT": {
            "DEFAULT": "1.1",
            "VALIDATELIST": [
              "1",
              "1.0",
              "1.1"
            ]
          },
          "ACCEPT": {
            "DEFAULT": "1",
            "VALIDATELIST": [
              "1",
              "1.0",
              "1.1"
            ]
          }
        }

      central_shared_end_point_cache:
        expiresIn: 180000
        generateTimeout: 30000
        getDecoratedValue: true
      central_shared_participant_cache:
        expiresIn: 61000
        generateTimeout: 30000
        getDecoratedValue: true
      general_cache:
        enabled: true
        maxByteSize: 10000000
        expiresIn: 61000

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *ALS_DB_HOST
      db_port: *ALS_DB_PORT
      db_user: *ALS_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *ALS_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *ALS_DB_SECRET_NAME
        key: *ALS_DB_SECRET_KEY
      db_database: *ALS_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false

      endpointSecurity:
        jwsSign: false
        fspiopSourceSigningName: switch
        # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key.
        # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored.
        # Expected properties of `jwsSigningKeySecret` are `name` and `key`.
        jwsSigningKeySecret: null
        # jwsSigningKey:
        # To generate this key:
        # Private:
        # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
        # Public:
        # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
        # Should look like:
        # -----BEGIN RSA PRIVATE KEY-----
        # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R
        # ..
        # ..
        # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4
        # -----END RSA PRIVATE KEY-----
        # The following is an example key and shouldn't be used in production
        jwsSigningKey: null
        # To generate this key:
      # Private:
      # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
      # Public:
      # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
      # Should look like:
      # -----BEGIN RSA PRIVATE KEY-----
      # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R
      # ..
      # ..
      # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4
      # -----END RSA PRIVATE KEY-----
      display_routes: true
      run_migrations: false
      # Log config
      log_level: info
      log_transport: file

      # Thirdparty API Config
      featureEnableExtendedPartyIdType: false

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD}  ${DB_DATABASE} -e 'select version()' ;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'
      - name: run-migration
        image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - npm run migrate
        env:
          - name: ALS_MIGRATIONS__RUN_DATA_MIGRATIONS
            value: 'true'
          - name: ALS_DATABASE__PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
        volumeMounts:
          - name: '{{ template "account-lookup-service-admin.fullname" . }}-config-volume'
            mountPath: /opt/app/config

    service:
      internalPort: 4001
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: account-lookup-service-admin.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
      ##
      #  - secretName: chart-example-tls
      #    hosts:
      #      - chart-example.local
    resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    requests: {}
    #  cpu: 100m
    #  memory: 128Mi

    nodeSelector: {}

    tolerations: []

    affinity: {}

  als-oracle-pathfinder:
    enabled: false
    # Declare variables to be passed into your templates.
    # Declare variables to be passed into your templates.
    image:
      repository: mojaloop/als-oracle-pathfinder
      tag: v12.1.0
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "/opt/app/src/index.js"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - /opt/app/src/index.js
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /
      initialDelaySeconds: 45
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /
      initialDelaySeconds: 45
      periodSeconds: 15

    config:
      db:
        type: 'mysql'
        driver: 'mysql'
        central_ledger:
          host: *CL_DB_HOST
          port: *CL_DB_PORT
          database: *CL_DB_NAME
          user: *CL_DB_USER
          ## Secret-Management
          ### Set this if you are using a clear password configured in the config section
          # password: *CL_DB_PASSWORD
          ### Configure this if you want to use a secret. Note, this will override the db_password,
          ### Use the next line if you do wish to use the db_password value instead.
          # secret:
          ### Example config for an existing secret
          secret:
            name: *CL_DB_SECRET_NAME
            key: *CL_DB_SECRET_KEY
        account_lookup:
          host: *ALS_DB_HOST
          port: *ALS_DB_PORT
          database: *ALS_DB_NAME
          user: *ALS_DB_USER
          ## Secret-Management
          ### Set this if you are using a clear password configured in the config section
          # password: *ALS_DB_PASSWORD
          ### Configure this if you want to use a secret. Note, this will override the db_password,
          ### Use the next line if you do wish to use the db_password value instead.
          # secret:
          ### Example config for an existing secret
          secret:
            name: *ALS_DB_SECRET_NAME
            key: *ALS_DB_SECRET_KEY
      log_level: info

      pathfinder:
        # Example host IP to be replaced by valid IP
        host: 'localhost'
        port: 7007
        queryTimeoutMs: 10000
        tls:
          certs:
            # These are example keys, please get valid keys for your deployment
            client_cert: |-
              -----BEGIN CERTIFICATE-----
              MIIDejCCAmICCQClh6JWji+/NjANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJV
              UzEQMA4GA1UECAwHQWxhYmFtYTETMBEGA1UEBwwKTW9udGdvbWVyeTENMAsGA1UE
              CgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDEcMBoGCSqGSIb3
              DQEJARYNdGVzdEB0ZXN0LmNvbTAeFw0xOTEwMjkxNTMwNTFaFw0yOTEwMjYxNTMw
              NTFaMH8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBbGFiYW1hMRMwEQYDVQQHDApN
              b250Z29tZXJ5MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQD
              DARUZXN0MRwwGgYJKoZIhvcNAQkBFg10ZXN0QHRlc3QuY29tMIIBIjANBgkqhkiG
              9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MU4ipis7vrhsJl6Ad0hIF/nEGjTPG/6KliG
              E1eaAVxOc/Pgw43quKjt846Aqwd9YoMp2NAx74xvZ4OnbMwSpjDQGRQbMY7Hiubs
              UiJMqrst6S5AQqPHJoaErknVjRov0NyAUjia3HThtkqrRT52xTnTGYwc49zt+BKo
              G4iurv40hfOTe4b7g3A64CVNEZe7t+qPbAIew9MU1X3OD3D0hzKZ8MstqebLbSPV
              IflnzU+8Acg4mrMvSdf6OOveUUbf7r4QmfC9AerNVia/GcAvbG/GU+WEOnJfp+8X
              Av+gfS0aM2pUbdrXLi/NxWnvw6bh8e+pjbBcli8roWmroRbFPwIDAQABMA0GCSqG
              SIb3DQEBCwUAA4IBAQApH4oz7CWXzor91aU7bcdD5Ec/Z5QNDKXVrBcF5r+g83yz
              bBphZrvDq+wOVigQ/JfmuAzRtK05WIpvxd22kvsKrDoViG9B+x+wDQm0tP0vY1Cp
              EChdJLE1tAktRL49r8pzpOaUU7NrhYLP1tWrDDsCC3fPUwZzx9quem0xSYmC0BpT
              Ug+hxw3uH7bsGhQkQnGrAoEwrsyq8M3lbw0pIUvq2S7t8lpHZvM5Ldkp5DM7SlJg
              gBabAqScAeoqssFv4bsWINawn/7JvmFEb4kwep6pIf9Lh/rkCgsgyq2xEh/9LXNs
              eCgyt9zbdU2HwsWnoOUEJ0Z4157ykgOkECCGErKl
              -----END CERTIFICATE-----
            client_key: |-
              -----BEGIN PRIVATE KEY-----
              MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgxTiKmKzu+uGw
              mXoB3SEgX+cQaNM8b/oqWIYTV5oBXE5z8+DDjeq4qO3zjoCrB31igynY0DHvjG9n
              g6dszBKmMNAZFBsxjseK5uxSIkyquy3pLkBCo8cmhoSuSdWNGi/Q3IBSOJrcdOG2
              SqtFPnbFOdMZjBzj3O34EqgbiK6u/jSF85N7hvuDcDrgJU0Rl7u36o9sAh7D0xTV
              fc4PcPSHMpnwyy2p5sttI9Uh+WfNT7wByDiasy9J1/o4695RRt/uvhCZ8L0B6s1W
              Jr8ZwC9sb8ZT5YQ6cl+n7xcC/6B9LRozalRt2tcuL83Fae/DpuHx76mNsFyWLyuh
              aauhFsU/AgMBAAECggEAWgPhvu+h4hsrI1Rznid2ysZdfR7d6chWgXruRvTAQmc7
              LAixLN+67rUIho+9S8E2H6uzqJbISM0PGH+LH3Eiztehn0mEEnbBxwjv/3ypA37u
              xgG1znpUmUMqA7qiAV5JY/XKliMBMeTFOAHzUUnQuu+LcSHBuCeUTdL66/vzKTT4
              oCKwB1vcnzfL5NS/7ownAgLsjNj3pgORRAY9sTDzUkjwrrN/m5nEfghycAcyXHDJ
              lQprc0xX4TI/Vd9ZkG+khAznkRaXiPJ1P1TwadgK5m53Imt2H3F0lmrhNCrul/l7
              F0Uf2tfNHHgSjyoGQkPryuqyf2NcMiUY1d4uCsnWEQKBgQDziD3gBkjguQZUc3Yb
              DqiCtaLkavndmRTPaAyUk95dUuiVEMhnDm8L7T+03PhVDjtXdy4PQUm61xr/Kw4J
              1VUArbIjzcs+OEGNvq99stThRBvszwNRSWS4kYIur3+ggddrewtL7s+hiAqeK88L
              n6vG4/eSKWJBQwF1001siKf7/QKBgQDsRxXGZkf+yVsuL/hSiadwRdD/OJ1O7gr2
              j8za6izaUX1anXLdPrvtOkdCgEC0Iy6hY0FMi0GWzklpY4SvZuxXlK6QkKB3SCE9
              E8RuOSFLouuaxgiau8MnAEUTkInTC+9foOa8znuOGC0JmzztlFf7P7CF8PoNTb4n
              x4a9dQSE6wKBgAjPfgWT1KEksIDvqG80KY6JCbqf0ChfOGyEhCf/7YSM0lNKRyXL
              VOMmky507BsPp7/zVNxCbWtwCs7+fMSITkn2/sHi2R6IJH7/ThQLGz6HG0eG+cTA
              Ff/Da+VKfiCNcgC2c+MsYaCjblbomNX/0dQhPTyxeJeJ2AyuN1fc3c71AoGBAIA2
              tsc5e3nz9AmlOEA5uGWBTT8hjqNlIwfW0pg8mOhDbh188PbD8yBxDng0tmfJ66Ti
              Am4x5v6ZpFaPDVJNLJT99pg2Ew2HU5ocHuydDcdIekc7jTHCD80bJWDPfyrKADRJ
              UMxF0+AwmEftOGvHotKRJg4YzOfpNvXJHQGz/SbPAoGAALJa010eqPHuZKQxpW4z
              4dpt1Fr16cbLnmIk16zxnvPbPJeCtEx8IkwgLIWP6zPOESIGBTslGMq6xIgYaOXZ
              G8S+fLF3J9sfE2gCJR1JSBXdlyWmcKJdyvhRt168hxVW1N4uHJ2KBA3vUhC/kRvh
              3XDCWsEkXqU0KRzt+TkWVOQ=
              -----END PRIVATE KEY-----
            pathfinder_cert: |-
              -----BEGIN CERTIFICATE-----
              MIIDejCCAmICCQClh6JWji+/NjANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJV
              UzEQMA4GA1UECAwHQWxhYmFtYTETMBEGA1UEBwwKTW9udGdvbWVyeTENMAsGA1UE
              CgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDEcMBoGCSqGSIb3
              DQEJARYNdGVzdEB0ZXN0LmNvbTAeFw0xOTEwMjkxNTMwNTFaFw0yOTEwMjYxNTMw
              NTFaMH8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBbGFiYW1hMRMwEQYDVQQHDApN
              b250Z29tZXJ5MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQD
              DARUZXN0MRwwGgYJKoZIhvcNAQkBFg10ZXN0QHRlc3QuY29tMIIBIjANBgkqhkiG
              9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MU4ipis7vrhsJl6Ad0hIF/nEGjTPG/6KliG
              E1eaAVxOc/Pgw43quKjt846Aqwd9YoMp2NAx74xvZ4OnbMwSpjDQGRQbMY7Hiubs
              UiJMqrst6S5AQqPHJoaErknVjRov0NyAUjia3HThtkqrRT52xTnTGYwc49zt+BKo
              G4iurv40hfOTe4b7g3A64CVNEZe7t+qPbAIew9MU1X3OD3D0hzKZ8MstqebLbSPV
              IflnzU+8Acg4mrMvSdf6OOveUUbf7r4QmfC9AerNVia/GcAvbG/GU+WEOnJfp+8X
              Av+gfS0aM2pUbdrXLi/NxWnvw6bh8e+pjbBcli8roWmroRbFPwIDAQABMA0GCSqG
              SIb3DQEBCwUAA4IBAQApH4oz7CWXzor91aU7bcdD5Ec/Z5QNDKXVrBcF5r+g83yz
              bBphZrvDq+wOVigQ/JfmuAzRtK05WIpvxd22kvsKrDoViG9B+x+wDQm0tP0vY1Cp
              EChdJLE1tAktRL49r8pzpOaUU7NrhYLP1tWrDDsCC3fPUwZzx9quem0xSYmC0BpT
              Ug+hxw3uH7bsGhQkQnGrAoEwrsyq8M3lbw0pIUvq2S7t8lpHZvM5Ldkp5DM7SlJg
              gBabAqScAeoqssFv4bsWINawn/7JvmFEb4kwep6pIf9Lh/rkCgsgyq2xEh/9LXNs
              eCgyt9zbdU2HwsWnoOUEJ0Z4157ykgOkECCGErKl
              -----END CERTIFICATE-----
            pathfinder_intermediate_cert: |-
              -----BEGIN CERTIFICATE-----
              MIIDejCCAmICCQClh6JWji+/NjANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJV
              UzEQMA4GA1UECAwHQWxhYmFtYTETMBEGA1UEBwwKTW9udGdvbWVyeTENMAsGA1UE
              CgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDEcMBoGCSqGSIb3
              DQEJARYNdGVzdEB0ZXN0LmNvbTAeFw0xOTEwMjkxNTMwNTFaFw0yOTEwMjYxNTMw
              NTFaMH8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBbGFiYW1hMRMwEQYDVQQHDApN
              b250Z29tZXJ5MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQD
              DARUZXN0MRwwGgYJKoZIhvcNAQkBFg10ZXN0QHRlc3QuY29tMIIBIjANBgkqhkiG
              9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MU4ipis7vrhsJl6Ad0hIF/nEGjTPG/6KliG
              E1eaAVxOc/Pgw43quKjt846Aqwd9YoMp2NAx74xvZ4OnbMwSpjDQGRQbMY7Hiubs
              UiJMqrst6S5AQqPHJoaErknVjRov0NyAUjia3HThtkqrRT52xTnTGYwc49zt+BKo
              G4iurv40hfOTe4b7g3A64CVNEZe7t+qPbAIew9MU1X3OD3D0hzKZ8MstqebLbSPV
              IflnzU+8Acg4mrMvSdf6OOveUUbf7r4QmfC9AerNVia/GcAvbG/GU+WEOnJfp+8X
              Av+gfS0aM2pUbdrXLi/NxWnvw6bh8e+pjbBcli8roWmroRbFPwIDAQABMA0GCSqG
              SIb3DQEBCwUAA4IBAQApH4oz7CWXzor91aU7bcdD5Ec/Z5QNDKXVrBcF5r+g83yz
              bBphZrvDq+wOVigQ/JfmuAzRtK05WIpvxd22kvsKrDoViG9B+x+wDQm0tP0vY1Cp
              EChdJLE1tAktRL49r8pzpOaUU7NrhYLP1tWrDDsCC3fPUwZzx9quem0xSYmC0BpT
              Ug+hxw3uH7bsGhQkQnGrAoEwrsyq8M3lbw0pIUvq2S7t8lpHZvM5Ldkp5DM7SlJg
              gBabAqScAeoqssFv4bsWINawn/7JvmFEb4kwep6pIf9Lh/rkCgsgyq2xEh/9LXNs
              eCgyt9zbdU2HwsWnoOUEJ0Z4157ykgOkECCGErKl
              -----END CERTIFICATE-----
          # rejectUnauthorized should be true in production
          rejectUnauthorized: false
          # The following paths are all relative to this directory containing the values file
          client_cert_path: '/opt/app/secrets/client_cert.pem'
          client_key_path: '/opt/app/secrets/client_key.pem'
          root_cert_path: '/opt/app/secrets/pathfinder_cert.pem'
          # Intermediate cert is optional, but will likely be required for mutual auth if
          # rejectUnauthorized is true, as Neustar's certificate doesn't seem to have been signed by any
          # certs in the Mozilla bundle, which is used by Node as default.
          intermediate_cert_path: '/opt/app/secrets/pathfinder_intermediate_cert.pem'

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-mysql-central-ledger
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD}  ${DB_DATABASE} -e 'select version()' ;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db.central_ledger.host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db.central_ledger.port }}'
          - name: DB_USER
            value: '{{ .Values.config.db.central_ledger.user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db.central_ledger.secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db.central_ledger.secret.name }}'
                  key: '{{ .Values.config.db.central_ledger.secret.key }}'
            {{- else }}
            value: {{ .Values.config.db.central_ledger.password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db.central_ledger.database }}'
      - name: init-mysql-central-ledger
        image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            echo Running MySQL init scripts;
            mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -e "SET @service_name='${SERVICE_NAME}'; source /opt/app/init-central-ledger.sql;";
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db.central_ledger.host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db.central_ledger.port }}'
          - name: DB_USER
            value: '{{ .Values.config.db.central_ledger.user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db.central_ledger.secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db.central_ledger.secret.name }}'
                  key: '{{ .Values.config.db.central_ledger.secret.key }}'
            {{- else }}
            value: {{ .Values.config.db.central_ledger.password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db.central_ledger.database }}'
          - name: SERVICE_NAME
            value: '{{ include "als-oracle-pathfinder.name" . }}'
      - name: wait-for-mysql-account-lookup
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD}  ${DB_DATABASE} -e 'select version()' ;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db.account_lookup.host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db.account_lookup.port }}'
          - name: DB_USER
            value: '{{ .Values.config.db.account_lookup.user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db.account_lookup.secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db.account_lookup.secret.name }}'
                  key: '{{ .Values.config.db.account_lookup.secret.key }}'
            {{- else }}
            value: {{ .Values.config.db.account_lookup.password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db.account_lookup.database }}'
      - name: init-mysql-account-lookup
        image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            echo Running MySQL init scripts;
            mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -e "SET @service_name='${SERVICE_NAME}'; source /opt/app/init-account-lookup.sql;";
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db.account_lookup.host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db.account_lookup.port }}'
          - name: DB_USER
            value: '{{ .Values.config.db.account_lookup.user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db.account_lookup.secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db.account_lookup.secret.name }}'
                  key: '{{ .Values.config.db.account_lookup.secret.key }}'
            {{- else }}
            value: {{ .Values.config.db.account_lookup.password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db.account_lookup.database }}'
          - name: SERVICE_NAME
            value: '{{ include "als-oracle-pathfinder.name" . }}'

    service:
      type: ClusterIP
      name: http-api
      port: 80

      annotations: {}

      # This allows one to point the service to an external backend.
      # This is useful for local development where one wishes to hijack
      # the communication from the service to the node layer and point
      # to a specific endpoint (IP, Port, etc).
      external:
        enabled: false
        # 10.0.2.2 is the magic IP for the host on virtualbox's network
        ip: 10.0.2.2
        ports:
          provisioning:
            name: http-api
            externalPort: 3000

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: als-oracle-pathfinder.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:

quoting-service:
  quoting-service:
    enabled: true
    image:
      registry: docker.io
      repository: mojaloop/quoting-service
      tag: v15.7.0

    config:
      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false
      simple_routing_mode_enabled: true
      log_level: info
      log_transport: file

      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Kafka Configuration (used for sidecar)
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      kafka_producer_quote_post_topic: 'topic-quotes-post'

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      endpointSecurity:
        jwsSign: false
        fspiopSourceSigningName: 'switch'
        jwsSigningKey: null
      # To generate this key:
      # Private:
      # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
      # Public:
      # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
      # Should look like:
      # -----BEGIN RSA PRIVATE KEY-----
      # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R
      # ..
      # ..
      # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4
      # -----END RSA PRIVATE KEY-----

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true
      config:
        timeout: 5000
        prefix: moja_
        defaultLabels:
          serviceName: quoting-service

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        event_log_grpc_host: localhost
        event_log_grpc_port: 50051
        log_level: info

  quoting-service-handler:
    enabled: true
    image:
      registry: docker.io
      repository: mojaloop/quoting-service
      tag: v15.7.0

    config:
      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false
      simple_routing_mode_enabled: true
      log_level: info
      log_transport: file

      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Kafka Configuration (used for sidecar)
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      endpointSecurity:
        jwsSign: true
        fspiopSourceSigningName: 'switch'
        # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key.
        # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored.
        # Expected properties of `jwsSigningKeySecret` are `name` and `key`.
        jwsSigningKeySecret: null
        # jwsSigningKey:
        # To generate this key:
        # Private:
        # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
        # Public:
        # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
        # Should look like:
        # -----BEGIN RSA PRIVATE KEY-----
        # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R
        # ..
        # ..
        # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4
        # -----END RSA PRIVATE KEY-----
        # The following is an example key and shouldn't be used in production
        jwsSigningKey: |-
          -----BEGIN PRIVATE KEY-----
          MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQDuB5HuHRH5BqI/
            VAC/ixm6lz8kJmigIB5jMxLrhB9cgqM+pb0O+is88VRHdxtw8eKG3nvrZYy/4nsJ
            z32qo4sOIMqHWTlZgbURVK4FAUEZ/qn63UnXJ1YVqT4UGg31BBj2c1JdlxG2t4JV
            DvzGrI2/ia/t4gYZCWrQz6a8OClBIaXu2t6EGFnysyS+1YDWtNIHO+z0lvAY9oad
            5MZPHN51o04eIoLO0tPfkz0+NDs4ECwUWuFAg8yo1hxnvSoERiCAwEbFgq2wDe1+
            oBhOpusd4VastD/TEqO8RhrwTodddOMKzapJPrQJuvTkrpkmkPOGE8DgIVHsULLR
            UYEMKvTVAgMBAAECgf94Meq77xrcFg8sSqe5eNHYP39tvaWyqE7mY/slvpNDH5Pl
            D/p21akS156E32BEJuYPk/TLiI2kMWjnvbHvNgr9tq8x3ToyTjtrg5clq8Hr1Ozo
            FnFiqkVHMFPFPQZEVU64CQPA33DixuWjMWS3YINfCAinErBry0PiNZGmuFi1K/wy
            e1z2F9WfG3IEBEe3NaeXwN55ZPJve0LtneJy3YqNwMg2FpPKBRHFV4lKTaU/hqhC
            NK6HQoEXN4Y9AQHn53Fl8n0iNO3qx0Tb7EuGNFmZ2xTlpDKAp8M+BA5Qm5YDkbd6
            OoxbGj2YxZncbG+RsvICtVMLqIytubvYREY9WGkCgYEA+K64xhJzWV3cGc8/90ko
            TryGMBj1ly5TNa1YyOQxl5z4Glc0aI8a+1vJGEAA+c/OEhMR8MRn3+QfV2LJOI5X
            V8Zo2Ger6Ln99LBddTh2HXL3M60cMgs8MYGuJ75g5R/UHnJBLo7NFyVddCOMT3hc
            AYSDN3XCw9ycqTw2/mJHB9kCgYEA9QiaCfTtnXdjMqLeYbp2uQEyyO6IZs956ym7
            sEQMwx/3wnlE9eiJ6iQxZfddkfOCyV/4MMAlYfpTBQFg7Cwb32Xrv3Ezy0HfZrnt
            5Nj4SVQWuOXJhdfC9dmTF+cvBeP+vC6PyDbikxdCo9+05chxS7I3MLxCue4qxy0C
            QfQIE10CgYA+kHacHng2u45sT9/f7t/dL0DzSNRAvL7iekIkCIURh8RDnDzrMVWw
            d18YYsHcF5PYqEOTN1aK1XGtIoVNXUJMKvaluy9c1a42qUhZ/WJ59jqLHbpCPOFf
            8yhFh3gJLQDIyCXt+K9Qa24fkfHy7Gz5VMVOZqohbJddXHDZfxAvwQKBgAdU947+
            tjF1BhHYz8Cq3KySfZuHj6tL4AEKYaRXlO4twbMe/9I/4AiShqvfZ/xbBfnSllGX
            Hkc9P0iyDt1iQH9BxHkZAQy+7tlbDORBHcTL8FYeAhawKxRCK2WWtFB/zvqAhire
            gY8XLhZLNlV91u4F6iLaL0DzAHKvRRcGH0u9AoGATNigZgbRRHJC21JucHeE0tP7
            HjGALvb4qn1o0oDHsxNY8i6vVNw9YeQpZaJhceuRHJTGcsq2dJSXpYwIhIVs/8RK
            bKbkEndra96L6FRZN8LYBl8zbRUPx39ojGeSbFliQv1eaoA/1DDhCiC2NlcSmbJl
            ecaG/Oyo/S+eM8nR7mc=
          -----END PRIVATE KEY-----

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true
      config:
        timeout: 5000
        prefix: moja_
        defaultLabels:
          serviceName: quoting-service

    # sidecar configuration
    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        event_log_grpc_host: localhost
        event_log_grpc_port: 50051
        log_level: info

ml-api-adapter:
  enabled: true
  ml-api-adapter-service:
    enabled: true
    # Default values for ml-api-adapter.
    # This is a YAML-formatted file.
    # Declare variables to be passed into your templates.
    image:
      registry: docker.io
      repository: mojaloop/ml-api-adapter
      tag: v14.0.5
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/api/index.js"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/api/index.js
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        log_level: info

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true

    config:
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT
      central_services_host: '$release_name-centralledger-service'
      central_services_port: 80
      security:
        callback:
          rejectUnauthorized: true
      max_callback_time_lag_dilation_milliseconds: 100
      max_fulfil_timeout_duration_seconds: 240

      # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept),
      # and for generating requests/callbacks from the Switch itself (DEFAULT value)
      protocol_versions: |
        {
          "CONTENT": {
            "DEFAULT": "1.1",
            "VALIDATELIST": [
              "1",
              "1.0",
              "1.1"
            ]
          },
          "ACCEPT": {
            "DEFAULT": "1",
            "VALIDATELIST": [
              "1",
              "1.0",
              "1.1"
            ]
          }
        }
      ## Log Configuration
      log_level: info
      log_filter: 'error, warn, info'
      log_transport: file

      ## Tracing Configuration
      event_trace_vendor: mojaloop
      event_log_filter: 'audit:*, log:warn, log:error'
      # If set to true, only the metadata object from the event will be printed.
      event_log_metadata_only: false
      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Error handling Configuration
      error_handling:
        include_cause_extension: false
        truncate_extensions: true

    service:
      internalPort: 3000
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: ml-api-adapter.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  ml-api-adapter-handler-notification:
    enabled: true
    # Default values for ml-api-adapter.
    # This is a YAML-formatted file.
    # Declare variables to be passed into your templates.

    image:
      registry: docker.io
      repository: mojaloop/ml-api-adapter
      tag: v14.0.5
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "handler", "--notification"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - handler
        - '--notification'
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        log_level: info

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true

    config:
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT
      central_services_host: '$release_name-centralledger-service'
      central_services_port: 80
      security:
        callback:
          rejectUnauthorized: true
      max_callback_time_lag_dilation_milliseconds: 100
      max_fulfil_timeout_duration_seconds: 240

      # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept),
      # and for generating requests/callbacks from the Switch itself (DEFAULT value)
      protocol_versions: |
        {
          "CONTENT": {
            "DEFAULT": "1.1",
            "VALIDATELIST": [
              "1",
              "1.0",
              "1.1"
            ]
          },
          "ACCEPT": {
            "DEFAULT": "1",
            "VALIDATELIST": [
              "1",
              "1.0",
              "1.1"
            ]
          }
        }
      ## Endpoint Cache Configuration
      endpoint_cache_expiresInMs: 180000
      endpoint_cache_generateTimeoutMs: 30000

      ## Send callback confirmation to PayeeFSP in addition to the Mojaloop v1.0 Spec Callback to PayerFSP
      send_transfer_confirmation_to_payee: false

      ## Log Configuration
      log_level: info
      log_filter: 'error, warn, info'
      log_transport: file

      ## Tracing Configuration
      event_trace_vendor: mojaloop
      event_log_filter: 'audit:*, log:warn, log:error'
      # If set to true, only the metadata object from the event will be printed.
      event_log_metadata_only: false
      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      # Parameters for JWS signing requests generated by ml-api-adapter
      endpointSecurity:
        jwsSign: true
        fspiopSourceSigningName: 'switch'
        # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key.
        # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored.
        # Expected properties of `jwsSigningKeySecret` are `name` and `key`.
        jwsSigningKeySecret: null
        # jwsSigningKey:
        # To generate this key:
        # Private:
        # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
        # Public:
        # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
        # Should look like:
        # -----BEGIN RSA PRIVATE KEY-----
        # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R
        # ..
        # ..
        # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4
        # -----END RSA PRIVATE KEY-----
        # The following is an example key and shouldn't be used in production
        jwsSigningKey: |-
          -----BEGIN PRIVATE KEY-----
          MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQDuB5HuHRH5BqI/
          VAC/ixm6lz8kJmigIB5jMxLrhB9cgqM+pb0O+is88VRHdxtw8eKG3nvrZYy/4nsJ
          z32qo4sOIMqHWTlZgbURVK4FAUEZ/qn63UnXJ1YVqT4UGg31BBj2c1JdlxG2t4JV
          DvzGrI2/ia/t4gYZCWrQz6a8OClBIaXu2t6EGFnysyS+1YDWtNIHO+z0lvAY9oad
          5MZPHN51o04eIoLO0tPfkz0+NDs4ECwUWuFAg8yo1hxnvSoERiCAwEbFgq2wDe1+
          oBhOpusd4VastD/TEqO8RhrwTodddOMKzapJPrQJuvTkrpkmkPOGE8DgIVHsULLR
          UYEMKvTVAgMBAAECgf94Meq77xrcFg8sSqe5eNHYP39tvaWyqE7mY/slvpNDH5Pl
          D/p21akS156E32BEJuYPk/TLiI2kMWjnvbHvNgr9tq8x3ToyTjtrg5clq8Hr1Ozo
          FnFiqkVHMFPFPQZEVU64CQPA33DixuWjMWS3YINfCAinErBry0PiNZGmuFi1K/wy
          e1z2F9WfG3IEBEe3NaeXwN55ZPJve0LtneJy3YqNwMg2FpPKBRHFV4lKTaU/hqhC
          NK6HQoEXN4Y9AQHn53Fl8n0iNO3qx0Tb7EuGNFmZ2xTlpDKAp8M+BA5Qm5YDkbd6
          OoxbGj2YxZncbG+RsvICtVMLqIytubvYREY9WGkCgYEA+K64xhJzWV3cGc8/90ko
          TryGMBj1ly5TNa1YyOQxl5z4Glc0aI8a+1vJGEAA+c/OEhMR8MRn3+QfV2LJOI5X
          V8Zo2Ger6Ln99LBddTh2HXL3M60cMgs8MYGuJ75g5R/UHnJBLo7NFyVddCOMT3hc
          AYSDN3XCw9ycqTw2/mJHB9kCgYEA9QiaCfTtnXdjMqLeYbp2uQEyyO6IZs956ym7
          sEQMwx/3wnlE9eiJ6iQxZfddkfOCyV/4MMAlYfpTBQFg7Cwb32Xrv3Ezy0HfZrnt
          5Nj4SVQWuOXJhdfC9dmTF+cvBeP+vC6PyDbikxdCo9+05chxS7I3MLxCue4qxy0C
          QfQIE10CgYA+kHacHng2u45sT9/f7t/dL0DzSNRAvL7iekIkCIURh8RDnDzrMVWw
          d18YYsHcF5PYqEOTN1aK1XGtIoVNXUJMKvaluy9c1a42qUhZ/WJ59jqLHbpCPOFf
          8yhFh3gJLQDIyCXt+K9Qa24fkfHy7Gz5VMVOZqohbJddXHDZfxAvwQKBgAdU947+
          tjF1BhHYz8Cq3KySfZuHj6tL4AEKYaRXlO4twbMe/9I/4AiShqvfZ/xbBfnSllGX
          Hkc9P0iyDt1iQH9BxHkZAQy+7tlbDORBHcTL8FYeAhawKxRCK2WWtFB/zvqAhire
          gY8XLhZLNlV91u4F6iLaL0DzAHKvRRcGH0u9AoGATNigZgbRRHJC21JucHeE0tP7
          HjGALvb4qn1o0oDHsxNY8i6vVNw9YeQpZaJhceuRHJTGcsq2dJSXpYwIhIVs/8RK
          bKbkEndra96L6FRZN8LYBl8zbRUPx39ojGeSbFliQv1eaoA/1DDhCiC2NlcSmbJl
          ecaG/Oyo/S+eM8nR7mc=
          -----END PRIVATE KEY-----

      ## Error handling Configuration
      error_handling:
        include_cause_extension: false
        truncate_extensions: true

    service:
      internalPort: 3000
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: ml-api-adapter-notification.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

centralledger:
  enabled: true
  nameOverride: centralledger
  # Default values for central-ledger.
  # This is a YAML-formatted file.
  # Declare variables to be passed into your templates.

  centralledger-service:
    enabled: true
    # Default values for central-ledger.
    # This is a YAML-formatted file.

    # Declare variables to be passed into your templates.
    image:
      registry: docker.io
      repository: mojaloop/central-ledger
      tag: v17.6.1
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/api/index.js"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/api/index.js
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: false
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        log_level: info

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true

    config:
      ## Forensic Logging sidecar
      # this is for Forensic Logging Sidecar
      forensicloggingsidecar_disabled: true
      forensicloggingsidecar_host: forensicloggingsidecar-ledger
      forensicloggingsidecar_port: 5678

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false

      ## Log Configuration
      log_level: info
      log_transport: file

      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      ## Cache configuration
      cache_enabled: false
      cache_max_byte_size: 10000000
      cache_expires_in_ms: 1000

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD}  ${DB_DATABASE} -e 'select version()' ;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'
      - name: run-migration
        image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - npm run migrate
        env:
          - name: CLEDG_MIGRATIONS__RUN_DATA_MIGRATIONS
            value: 'true'
          - name: CLEDG_DATABASE__PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
        volumeMounts:
          - name: '{{ template "account-lookup-service-admin.fullname" . }}-config-volume'
            mountPath: /opt/app/config

    service:
      internalPort: 3001
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-ledger.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  centralledger-handler-transfer-prepare:
    # Default values for central-ledger.
    # This is a YAML-formatted file.

    # Declare variables to be passed into your templates.
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/central-ledger
      tag: v17.6.1
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "handler", "--prepare"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - handler
        - '--prepare'
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        log_level: info

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true

    config:
      ## Forensic Logging sidecar
      # this is for Forensic Logging Sidecar
      forensicloggingsidecar_disabled: true
      forensicloggingsidecar_host: forensicloggingsidecar-ledger
      forensicloggingsidecar_port: 5678

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false

      ## Log Configuration
      log_level: info
      log_transport: file

      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      ## Cache configuration
      cache_enabled: false
      cache_max_byte_size: 10000000
      cache_expires_in_ms: 1000

      ## Enable On-Us transfers
      enable_on_us_transfers: false

      ## BATCH_PROCESSING: Set following to true for enabling batch processing
      batch_processing_enabled: *CL_BATCH_PROCESSING_ENABLED

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3001
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-ledger-transfer-prepare.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  centralledger-handler-transfer-position:
    # Default values for central-ledger.
    # This is a YAML-formatted file.

    # Declare variables to be passed into your templates.
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/central-ledger
      tag: v17.6.1
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "handler", "--position"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - handler
        - '--position'
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        log_level: info

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true

    config:
      ## Forensic Logging sidecar
      # this is for Forensic Logging Sidecar
      forensicloggingsidecar_disabled: true
      forensicloggingsidecar_host: forensicloggingsidecar-ledger
      forensicloggingsidecar_port: 5678

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false

      ## Log Configuration
      log_level: info
      log_transport: file

      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      ## Cache configuration
      cache_enabled: false
      cache_max_byte_size: 10000000
      cache_expires_in_ms: 1000

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3001
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-ledger-transfer-position.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  centralledger-handler-transfer-position-batch:
    # Default values for central-ledger.
    # This is a YAML-formatted file.

    # Declare variables to be passed into your templates.
    ## BATCH_PROCESSING: enabled this to support batch processing
    enabled: *CL_BATCH_PROCESSING_ENABLED

    image:
      registry: docker.io
      repository: mojaloop/central-ledger
      tag: v17.6.1
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "handler", "--positionbatch"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - handler
        - '--positionbatch'
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        log_level: info

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true

    config:
      ## Forensic Logging sidecar
      # this is for Forensic Logging Sidecar
      forensicloggingsidecar_disabled: true
      forensicloggingsidecar_host: forensicloggingsidecar-ledger
      forensicloggingsidecar_port: 5678

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false

      ## Log Configuration
      log_level: info
      log_transport: file

      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      ## Cache configuration
      cache_enabled: false
      cache_max_byte_size: 10000000
      cache_expires_in_ms: 1000

      ## BATCH_PROCESSING: Custom configuration for batch processing
      # The batch size to be requested by the Kafka consumer.
      batch_size: 100
      # Maximum amount of time to wait for a messages to be received by consumer.
      batch_consume_timeout_in_ms: 10

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3001
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-ledger-transfer-position.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  centralledger-handler-transfer-get:
    # Default values for central-ledger.
    # This is a YAML-formatted file.

    # Declare variables to be passed into your templates.
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/central-ledger
      tag: v17.6.1
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "handler", "--get"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - handler
        - '--get'
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: false
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        log_level: info

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: false

    config:
      ## Forensic Logging sidecar
      # this is for Forensic Logging Sidecar
      forensicloggingsidecar_disabled: true
      forensicloggingsidecar_host: forensicloggingsidecar-ledger
      forensicloggingsidecar_port: 5678

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false

      ## Log Configuration
      log_level: info
      log_transport: file

      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      ## Cache configuration
      cache_enabled: false
      cache_max_byte_size: 10000000
      cache_expires_in_ms: 1000

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3001
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-ledger-transfer-get.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  centralledger-handler-transfer-fulfil:
    # Default values for central-ledger.
    # This is a YAML-formatted file.

    # Declare variables to be passed into your templates.
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/central-ledger
      tag: v17.6.1
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "handler", "--fulfil"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - handler
        - '--fulfil'
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        log_level: info

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: true

    config:
      ## Forensic Logging sidecar
      # this is for Forensic Logging Sidecar
      forensicloggingsidecar_disabled: true
      forensicloggingsidecar_host: forensicloggingsidecar-ledger
      forensicloggingsidecar_port: 5678

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false

      ## Log Configuration
      log_level: info
      log_transport: file

      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      ## Cache configuration
      cache_enabled: false
      cache_max_byte_size: 10000000
      cache_expires_in_ms: 1000

      ## BATCH_PROCESSING: Set following to true for enabling batch processing
      batch_processing_enabled: *CL_BATCH_PROCESSING_ENABLED

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3001
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-ledger-transfer-fulfil.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  centralledger-handler-timeout:
    # Default values for central-ledger.
    # This is a YAML-formatted file.

    # Declare variables to be passed into your templates.
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/central-ledger
      tag: v17.6.1
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "handler", "--timeout"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - handler
        - '--timeout'
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        log_level: info

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: false

    config:
      ## Forensic Logging sidecar
      # this is for Forensic Logging Sidecar
      forensicloggingsidecar_disabled: true
      forensicloggingsidecar_host: forensicloggingsidecar-ledger
      forensicloggingsidecar_port: 5678

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false

      ## Timeout Configuration
      timeout:
        expiration: '*/15 * * * * *'
        timezone: UTC

      ## Log Configuration
      log_level: info
      log_transport: file

      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      ## Cache configuration
      cache_enabled: false
      cache_max_byte_size: 10000000
      cache_expires_in_ms: 1000

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3001
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-ledger-timeout.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  centralledger-handler-admin-transfer:
    # Default values for central-ledger.
    # This is a YAML-formatted file.

    # Declare variables to be passed into your templates.
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/central-ledger
      tag: v17.6.1
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "handler", "--admin"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - handler
        - '--admin'
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: false
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
      readinessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        log_level: info

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: false

    config:
      ## Forensic Logging sidecar
      # this is for Forensic Logging Sidecar
      forensicloggingsidecar_disabled: true
      forensicloggingsidecar_host: forensicloggingsidecar-ledger
      forensicloggingsidecar_port: 5678

      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false

      ## Log Configuration
      log_level: info
      log_transport: file

      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'

      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      ## Cache configuration
      cache_enabled: false
      cache_max_byte_size: 10000000
      cache_expires_in_ms: 1000

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3001
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-ledger-admin-transfer.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

centralsettlement:
  enabled: true

  centralsettlement-service:
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/central-settlement
      tag: v16.0.0
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/api/index.js"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/api/index.js
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /v2/health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /v2/health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
        command: '["npm", "run", "start"]'
      service:
        internalPort: 4001
      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        event_log_grpc_host: localhost
        event_log_grpc_port: 50051
        event_log_filter: 'audit:*, log:info, log:warn, log:error'
        event_log_metadata_only: true
        log_level: info
        log_filter: 'error, warn, info'

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: false
      config:
        timeout: 5000
        prefix: moja_
        defaultLabels:
          serviceName: central-settlement-service

    config:
      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      kafka:
        consumer:
          notification:
            close:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
            event:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
          deferredsettlement:
            close:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
        producer:
          notification:
            event:
              config:
                options:
                  messageCharset: 'utf8'
                rdkafkaConf:
                  event_cb: true
                  compression_codec: 'none'
                  retry_backoff_ms: 100
                  message_send_max_retries: 2
                  socket_keepalive_enable: true
                  batch_num_messages: 100
                  dr_cb: false
                  socket_blocking_max_ms: 1
                  queue_buffering_max_ms: 1
                  broker_version_fallback: '0.10.1.0'
                  api_version_request: true
                topicConf:
                  request_required_acks: 'all'
                  partitioner: 'murmur2_random'
          deferredsettlement:
            close:
              config:
                options:
                  messageCharset: 'utf8'
                rdkafkaConf:
                  event_cb: true
                  dr_cb: true
                  socket_keepalive_enable: true
                topicConf:
                  request_required_acks: "all"
                  partitioner: 'murmur2_random'
      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false
      # Api Handler Configuration
      handlers:
        disabled: true
        api:
          disabled: false
      # Settlement Window aggregation Configuration
      window_aggregation:
        retry_count: 3
        retry_interval: 3000
      hub_participant:
        id: 1
        name: Hub

      ## Log config
      log_level: info
      log_transport: file

      ## Tracing Configuration
      event_trace_vendor: mojaloop
      event_log_filter: 'audit:*, log:warn, log:error'
      # If set to true, only the metadata object from the event will be printed.
      event_log_metadata_only: false
      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'
      event_trace_state_enabled: true
      event_traceid_per_vendor: false

      ## Error Handling
      error_handling:
        include_cause_extension: false
        truncate_extensions: true

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3007
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-settlement-service.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  centralsettlement-handler-deferredsettlement:
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/central-settlement
      tag: v16.0.0
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "h", "--deferredSettlement"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - h
        - "--deferredSettlement"
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /v2/health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /v2/health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
        command: '["npm", "run", "start"]'
      service:
        internalPort: 4001
      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        event_log_grpc_host: localhost
        event_log_grpc_port: 50051
        event_log_filter: 'audit:*, log:info, log:warn, log:error'
        event_log_metadata_only: true
        log_level: info
        log_filter: 'error, warn, info'

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: false
      config:
        timeout: 5000
        prefix: moja_
        defaultLabels:
          serviceName: central-settlement-handler-deferredsettlement

    config:
      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      kafka:
        consumer:
          notification:
            close:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
            event:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
          deferredsettlement:
            close:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
        producer:
          notification:
            event:
              config:
                options:
                  messageCharset: 'utf8'
                rdkafkaConf:
                  event_cb: true
                  compression_codec: 'none'
                  retry_backoff_ms: 100
                  message_send_max_retries: 2
                  socket_keepalive_enable: true
                  batch_num_messages: 100
                  dr_cb: false
                  socket_blocking_max_ms: 1
                  queue_buffering_max_ms: 1
                  broker_version_fallback: '0.10.1.0'
                  api_version_request: true
                topicConf:
                  request_required_acks: 'all'
                  partitioner: 'murmur2_random'
          deferredsettlement:
            close:
              config:
                options:
                  messageCharset: 'utf8'
                rdkafkaConf:
                  event_cb: true
                  dr_cb: true
                  socket_keepalive_enable: true
                topicConf:
                  request_required_acks: "all"
                  partitioner: 'murmur2_random'
      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false
      # Api Handler Configuration
      handlers:
        disabled: false
        api:
          disabled: false
      # Settlement Window aggregation Configuration
      window_aggregation:
        retry_count: 3
        retry_interval: 3000
      hub_participant:
        id: 1
        name: Hub

      ## Log config
      log_level: info
      log_transport: file

      ## Tracing Configuration
      event_trace_vendor: mojaloop
      event_log_filter: 'audit:*, log:warn, log:error'
      # If set to true, only the metadata object from the event will be printed.
      event_log_metadata_only: false
      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'
      event_trace_state_enabled: true
      event_traceid_per_vendor: false

      ## Error Handling
      error_handling:
        include_cause_extension: false
        truncate_extensions: true

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3007
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: false
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-settlement-deferredsettlement.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  centralsettlement-handler-grosssettlement:
    ## Enable this handler if you wish to support Continuous Gross Settlement (CGS) and rule processing.
    ## Note: Ensure that you have configured the appropriated settlementModels (refer to the associated tagged release on https://github.com/mojaloop/postman for an example). See below more information on how to configure rule processing for Interchange Fees.
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/central-settlement
      tag: v16.0.0
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "h", "--grossSettlement"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - h
        - "--grossSettlement"
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /v2/health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /v2/health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
        command: '["npm", "run", "start"]'
      service:
        internalPort: 4001
      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        event_log_grpc_host: localhost
        event_log_grpc_port: 50051
        event_log_filter: 'audit:*, log:info, log:warn, log:error'
        event_log_metadata_only: true
        log_level: info
        log_filter: 'error, warn, info'

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: false
      config:
        timeout: 5000
        prefix: moja_
        defaultLabels:
          serviceName: central-settlement-handler-grosssettlement

    config:
      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      kafka:
        consumer:
          notification:
            close:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
            event:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
          deferredsettlement:
            close:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
        producer:
          notification:
            event:
              config:
                options:
                  messageCharset: 'utf8'
                rdkafkaConf:
                  event_cb: true
                  compression_codec: 'none'
                  retry_backoff_ms: 100
                  message_send_max_retries: 2
                  socket_keepalive_enable: true
                  batch_num_messages: 100
                  dr_cb: false
                  socket_blocking_max_ms: 1
                  queue_buffering_max_ms: 1
                  broker_version_fallback: '0.10.1.0'
                  api_version_request: true
                topicConf:
                  request_required_acks: 'all'
                  partitioner: 'murmur2_random'
          deferredsettlement:
            close:
              config:
                options:
                  messageCharset: 'utf8'
                rdkafkaConf:
                  event_cb: true
                  dr_cb: true
                  socket_keepalive_enable: true
                topicConf:
                  request_required_acks: "all"
                  partitioner: 'murmur2_random'
      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false
      # Api Handler Configuration
      handlers:
        disabled: false
        api:
          disabled: false
      # Settlement Window aggregation Configuration
      window_aggregation:
        retry_count: 3
        retry_interval: 3000
      hub_participant:
        id: 1
        name: Hub

      ## Log config
      log_level: info
      log_transport: file

      ## Tracing Configuration
      event_trace_vendor: mojaloop
      event_log_filter: 'audit:*, log:warn, log:error'
      # If set to true, only the metadata object from the event will be printed.
      event_log_metadata_only: false
      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'
      event_trace_state_enabled: true
      event_traceid_per_vendor: false

      ## Error Handling
      error_handling:
        include_cause_extension: false
        truncate_extensions: true

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3007
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: false
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-settlement-rules.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

  centralsettlement-handler-rules:
    ## Enable this handler if you wish to support Continuous Gross Settlement (CGS) and rule processing.
    ## Note: Ensure that you have configured the appropriated settlementModels (refer to the associated tagged release on https://github.com/mojaloop/postman for an example). See below more information on how to configure rule processing for Interchange Fees.
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/central-settlement
      tag: v16.0.0
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "src/handlers/index.js", "h", "--rules"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - src/handlers/index.js
        - h
        - "--rules"
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /v2/health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /v2/health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    sidecar:
      enabled: true
      image:
        repository: mojaloop/event-sidecar
        tag: v14.0.0
        pullPolicy: IfNotPresent
        command: '["npm", "run", "start"]'
      service:
        internalPort: 4001
      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 120
        periodSeconds: 15
      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 90
        periodSeconds: 15
      config:
        event_log_grpc_host: localhost
        event_log_grpc_port: 50051
        event_log_filter: 'audit:*, log:info, log:warn, log:error'
        event_log_metadata_only: true
        log_level: info
        log_filter: 'error, warn, info'

    ## metric configuration for prometheus instrumentation
    metrics:
      ## flag to enable/disable the metrics end-points
      enabled: false
      config:
        timeout: 5000
        prefix: moja_
        defaultLabels:
          serviceName: central-settlement-handler-rules

    config:
      ## Kafka Configuration
      # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
      kafka_host: *KAFKA_HOST
      kafka_port: *KAFKA_PORT

      kafka:
        consumer:
          notification:
            close:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
            event:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
          deferredsettlement:
            close:
              config:
                options:
                  mode: 2
                  batchSize: 1
                  pollFrequency: 10
                  recursiveTimeout: 100
                  messageCharset: 'utf8'
                  messageAsJSON: true
                  sync: true
                  consumeTimeout: 1000
                rdkafkaConf:
                  socket_keepalive_enable: true
        producer:
          notification:
            event:
              config:
                options:
                  messageCharset: 'utf8'
                rdkafkaConf:
                  event_cb: true
                  compression_codec: 'none'
                  retry_backoff_ms: 100
                  message_send_max_retries: 2
                  socket_keepalive_enable: true
                  batch_num_messages: 100
                  dr_cb: false
                  socket_blocking_max_ms: 1
                  queue_buffering_max_ms: 1
                  broker_version_fallback: '0.10.1.0'
                  api_version_request: true
                topicConf:
                  request_required_acks: 'all'
                  partitioner: 'murmur2_random'
          deferredsettlement:
            close:
              config:
                options:
                  messageCharset: 'utf8'
                rdkafkaConf:
                  event_cb: true
                  dr_cb: true
                  socket_keepalive_enable: true
                topicConf:
                  request_required_acks: "all"
                  partitioner: 'murmur2_random'
      ## DB Configuration
      # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
      db_type: 'mysql'
      # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
      db_driver: 'mysql'
      db_host: *CL_DB_HOST
      db_port: *CL_DB_PORT
      db_user: *CL_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *CL_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *CL_DB_SECRET_NAME
        key: *CL_DB_SECRET_KEY
      db_database: *CL_DB_NAME
      db_connection_pool_min: 10
      db_connection_pool_max: 30
      db_acquire_timeout_millis: 30000
      db_create_timeout_millis: 30000
      db_destroy_timeout_millis: 5000
      db_idle_timeout_millis: 30000
      db_reap_interval_millis: 1000
      db_create_retry_interval_millis: 200
      db_debug: false
      # Api Handler Configuration
      handlers:
        disabled: false
        api:
          disabled: false
      # Settlement Window aggregation Configuration
      window_aggregation:
        retry_count: 3
        retry_interval: 3000
      hub_participant:
        id: 1
        name: Hub

      ## Log config
      log_level: info
      log_transport: file

      ## Tracing Configuration
      event_trace_vendor: mojaloop
      event_log_filter: 'audit:*, log:warn, log:error'
      # If set to true, only the metadata object from the event will be printed.
      event_log_metadata_only: false
      # A comma-separated list of events that should return immediately instead of waiting for the event promises to resolve
      # Any combination of: `log,audit,trace`
      event_async_override: 'log,trace'
      event_trace_state_enabled: true
      event_traceid_per_vendor: false

      ## Error Handling
      error_handling:
        include_cause_extension: false
        truncate_extensions: true

      rules:
        ## The rules object defines rules files represented as key-value pairs. These rules will be executed per commited transfer.
        ## Expected key-value format for the rules object:
        ##  nameOfFile.js: fileContents
        ## See below example of interchange fee rule.

        ## Default Empty Script - This is required as the rule engine requires a rule-file to function properly.
        ## Note: Uncomment this and comment-out the interchangeFeeCalculation.js below is you wish to enable CGS processing but do not want Interchange Fee processing.
        # defaultEmptyScript.js: |
        #   // ********************************************************
        #   // Name: Default Empty Rule
        #   // Type: notification
        #   // Action: commit
        #   // Status: success
        #   // Start: 2020-06-01T00:00:00.000Z
        #   // End: 2100-12-31T23:59:59.999Z
        #   // Description: This is empty rules script
        #   // ********************************************************
        ## Globals:
        #   // payload: The contents of the message from the Kafka topic.
        #   // transfer: The transfer object.
        #   // # Functions:
        ## Data retrieval functions:
        #   // getTransfer(transferId): Retrieves a mojaloop transfer from the central-ledger API.
        ## Helper functions:
        #   // getExtensionValue(list, key): Gets a value from an extension list
        #   // log(message): allows the script to log to standard out for debugging purposes
        #   // Math functions:
        #   // multiply(number1, number2, decimalPlaces): Uses ml-number to handle multiplication of money values
        #   // Ledger functions:
        #   // addLedgerEntry: Adds a debit and credit ledger entry to the specified account to the specified DFSPs
        #   log('Running - DEFAULT EMPTY RULES SCRIPT')

        ## Interchange Fee Calculation Script - Ensure that a settlementModel (refer to the associated tagged release on https://github.com/mojaloop/postman for an example) is created for the ledgerAccounType "INTERCHANGE_FEE".
        ## Note: Uncomment this is you wish to enable CGS processing but also want Interchange Fee processing.
        interchangeFeeCalculation.js: |
          /* eslint-disable no-undef */
          // ********************************************************
          // Name: Interchange fee calculation
          // Type: notification
          // Action: commit
          // Status: success
          // Start: 2020-06-01T00:00:00.000Z
          // End: 2100-12-31T23:59:59.999Z
          // Description: This script calculates the interchange fees between DFSPs where the account type is "Wallet"
          // ********************************************************

          // ## Globals:
          // payload: The contents of the message from the Kafka topic.
          // transfer: The transfer object.

          // # Functions:
          // ## Data retrieval functions:
          // getTransfer(transferId): Retrieves a mojaloop transfer from the central-ledger API.

          // ## Helper functions:
          // getExtensionValue(list, key): Gets a value from an extension list
          // log(message): allows the script to log to standard out for debugging purposes

          // Math functions:
          // multiply(number1, number2, decimalPlaces): Uses ml-number to handle multiplication of money values

          // Ledger functions:
          // addLedgerEntry: Adds a debit and credit ledger entry to the specified account to the specified DFSPs

          log('Running - interchangeFeeCalculation')

          log(JSON.stringify(transfer))
          const payerFspId = transfer.payer.partyIdInfo.fspId
          const payeeFspId = transfer.payee.partyIdInfo.fspId

          if ((payeeFspId !== payerFspId) &&
            (transfer.payee.partyIdInfo.extensionList &&                      // WORKAROUND for issue #2149
              transfer.payer.partyIdInfo.extensionList &&                     // WORKAROUND for issue #2149
              transfer.payee.partyIdInfo.extensionList.extension &&           // WORKAROUND for issue #2149
              transfer.payer.partyIdInfo.extensionList.extension) &&          // WORKAROUND for issue #2149
            (getExtensionValue(transfer.payee.partyIdInfo.extensionList.extension, 'accountType') === 'Wallet' &&
            getExtensionValue(transfer.payer.partyIdInfo.extensionList.extension, 'accountType') === 'Wallet') &&
            (transfer.transactionType.scenario === 'TRANSFER' &&
              transfer.transactionType.initiator === 'PAYER' &&
              transfer.transactionType.initiatorType === 'CONSUMER')) {
            log(`Adding an interchange fee for Wallet to Wallet from ${payerFspId} to ${payeeFspId}`)
            addLedgerEntry(payload.id, 'INTERCHANGE_FEE', // Ledger account type Id
              'INTERCHANGE_FEE', // Ledger entry type Id
              multiply(transfer.amount.amount, 0.006, 2),
              transfer.amount.currency,
              payerFspId,
              payeeFspId)
          }

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-kafka
        image: solsson/kafka:2.8.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
            do
              echo --------------------;
              echo Waiting for Kafka...;
              sleep 2;
            done;
            echo ====================;
            echo Kafka ok!;
        env:
          - name: KAFKA_HOST
            value: '{{ .Values.config.kafka_host }}'
          - name: KAFKA_PORT
            value: '{{ .Values.config.kafka_port }}'
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'

    service:
      internalPort: 3007
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      enabled: false
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: central-settlement-grosssettlement.local
      ## @param servicePort : port for the service
      ##
      servicePort: 80
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: null
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: null
      extraPaths: null
      extraTls: null
      secrets: null
      className: "nginx"
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    resources: {}

transaction-requests-service:
  enabled: true
  # Declare variables to be passed into your templates.

  image:
    registry: docker.io
    repository: mojaloop/transaction-requests-service
    tag: v14.1.2
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []

  replicaCount: 1
  command: '["node", "src/index.js", "api"]'

  ## Enable diagnostic mode in the deployment
  ##
  diagnosticMode:
    ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
    ##
    enabled: false
    ## @param diagnosticMode.command Command to override all containers in the deployment
    ##
    command:
      - node
      - src/index.js
      - api
    ## @param diagnosticMode.args Args to override all containers in the deployment
    ##
    args:
      - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

    ## @param diagnosticMode.debug config to override all debug information
    ##
    debug:
      internalPort: 9229
      port: 9229

  readinessProbe:
    enabled: true
    httpGet:
      path: /health
    initialDelaySeconds: 30
    periodSeconds: 15

  livenessProbe:
    enabled: true
    httpGet:
      path: /health
    initialDelaySeconds: 30
    periodSeconds: 15

  ## Pod scheduling preferences.
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  ## Node labels for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector: {}

  ## Set toleration for scheduler
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  sidecar:
    enabled: true
    image:
      repository: mojaloop/event-sidecar
      tag: v14.0.0
      pullPolicy: IfNotPresent
      command: '["npm", "run", "start"]'
    service:
      internalPort: 4001
    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 120
      periodSeconds: 15
    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 90
      periodSeconds: 15
    config:
      event_log_grpc_host: localhost
      event_log_grpc_port: 50051
      event_log_filter: 'audit:*, log:info, log:warn, log:error'
      event_log_metadata_only: true
      log_level: info
      log_filter: 'error, warn, info'

  ## metric configuration for prometheus instrumentation
  ## TODO: Currently not supported
  metrics:
    ## flag to enable/disable the metrics end-points
    enabled: false
    config:
      timeout: 5000
      prefix: moja_
      defaultLabels:
        serviceName: transaction-requests

  config:
    central_services_host: '$release_name-centralledger-service'
    central_services_port: 80

    # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept),
    # and for generating requests/callbacks from the Switch itself (DEFAULT value)
    protocol_versions: |
      {
        "CONTENT": {
          "DEFAULT": "1.1",
          "VALIDATELIST": [
            "1",
            "1.0",
            "1.1"
          ]
        },
        "ACCEPT": {
          "DEFAULT": "1",
          "VALIDATELIST": [
            "1",
            "1.0",
            "1.1"
          ]
        }
      }

    log_level: info
    log_transport: file

    error_handling:
      include_cause_extension: false
      truncate_extensions: true

  ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  # initContainers: []
  initContainers: []

  service:
    internalPort: 4000
    ## @param service.type %%MAIN_CONTAINER_NAME%% service type
    ##
    type: ClusterIP
    ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
    ##
    port: 80
    ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
    ##
    httpsPort: 443
    ## Node ports to expose
    ## @param service.nodePorts.http Node port for HTTP
    ## @param service.nodePorts.https Node port for HTTPS
    ## NOTE: choose port between <30000-32767>
    ##
    nodePorts:
      http: null
      https: null
      ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
    ## e.g.:
    ## clusterIP: None
    ##
    clusterIP: null
    ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
    ##
    loadBalancerIP: null
    ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
    ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ## e.g:
    ## loadBalancerSourceRanges:
    ##   - 10.10.10.0/24
    ##
    loadBalancerSourceRanges: []
    ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
    ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
    ##
    externalTrafficPolicy: Cluster
    ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
    ##
    annotations: {}
    ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
    ## If "ClientIP", consecutive client requests will be directed to the same Pod
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
    ##
    sessionAffinity: None
    ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
    ## sessionAffinityConfig:
    ##   clientIP:
    ##     timeoutSeconds: 300
    ##
    sessionAffinityConfig: {}

  ingress:
    enabled: true
    ## @param ingress.pathType Ingress path type
    ##
    pathType: ImplementationSpecific
    ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
    ##
    apiVersion: null
    ## @param ingress.hostname Default host for the ingress record
    ##
    hostname: transaction-request-service.local
    ## @param servicePort : port for the service
    ##
    servicePort: 80
    ## @param ingress.path Default path for the ingress record
    ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
    path: /
    ## @param ingress.annotations Additional custom annotations for the ingress record
    ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
    ##
    annotations: null
    ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
    ## You can:
    ##   - Use the `ingress.secrets` parameter to create this TLS secret
    ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
    ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
    ##
    tls: false
    ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
    ##
    certManager: false
    ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
    ##
    selfSigned: false
    ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
    ## e.g:
    ## extraHosts:
    ##   - name: transfer-api-svc.local
    ##     path: /
    ##
    extraHosts: null
    extraPaths: null
    extraTls: null
    secrets: null
    className: "nginx"
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #  cpu: 100m
  #  memory: 128Mi
  # requests:
  #  cpu: 100m
  #  memory: 128Mi
  resources: {}

thirdparty:
  enabled: false
  auth-svc:
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/auth-service
      tag: v15.0.0
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "./dist/src/cli.js", "all"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - ./dist/src/cli.js
        - all
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

    # Add extra environment variables here
    env:
      - name: NODE_ENV
        value: production
      # e.g. to change the Log Level:
      # - name: LOG_LEVEL
      #   value: debug

    ## Svc configs
    config:
      ## DB Configuration
      db_host: *TP_AUTH_SVC_DB_HOST
      db_port: *TP_AUTH_SVC_DB_PORT
      db_user: *TP_AUTH_SVC_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      db_password: *TP_AUTH_SVC_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ## Example config for an existing secret
      db_secret:
        name: *TP_AUTH_SVC_DB_SECRET_NAME
        key: *TP_AUTH_SVC_DB_SECRET_KEY
      db_database: *TP_AUTH_SVC_DB_NAME

      ## Redis Configuration
      redis_host: *TP_AUTH_SVC_REDIS_HOST
      redis_port: *TP_AUTH_SVC_REDIS_PORT

    ## Svc config files
    config_files:
      production.json: |
        {
          "PORT": {{ .Values.service.internalPort }},
          "HOST": "0.0.0.0",
          "PARTICIPANT_ID": "centralauth",
          "REDIS": {
              "PORT": {{ .Values.config.redis_port }},
              "HOST": "{{ .Values.config.redis_host }}",
              "TIMEOUT": 100
          },
          "INSPECT": {
              "DEPTH": 4,
              "SHOW_HIDDEN": false,
              "COLOR": true
          },
          "SHARED": {
              "THIRDPARTY_REQUESTS_ENDPOINT": "{{ .Release.Name }}-tp-api-svc",
              "ALS_ENDPOINT": "{{ .Release.Name }}-account-lookup-service",
              "JWS_SIGN": false,
              "JWS_SIGNING_KEY": "/secrets/jwsSigningKey.key",
              "WSO2_AUTH": {
                  "staticToken": "0706c62f-c022-3c42-8d14-8b5df128876d",
                  "tokenEndpoint": "",
                  "clientKey": "test-client-key",
                  "clientSecret": "test-client-secret",
                  "refreshSeconds": 3600
              },
              "TLS": {
                  "mutualTLS": {
                      "enabled": false
                  },
                  "creds": {
                      "ca": "/secrets/client.crt",
                      "cert": "/secrets/client.crt",
                      "key": "/secrets/client.crt"
                  }
              }
          },
          "DATABASE": {
              "client": "mysql",
              "version": "5.5",
              "connection": {
                "host": "{{ .Values.config.db_host }}",
                "port": {{ .Values.config.db_port }},
                "user": "{{ .Values.config.db_user }}",
                "password": "{{ .Values.config.db_password }}",
                "database": "{{ .Values.config.db_database }}",
                "timezone": "UTC"
              },
              "pool": {
                  "min": 10,
                  "max": 10,
                  "acquireTimeoutMillis": 30000,
                  "createTimeoutMillis": 30000,
                  "destroyTimeoutMillis": 5000,
                  "idleTimeoutMillis": 30000,
                  "reapIntervalMillis": 1000,
                  "createRetryIntervalMillis": 200
              },
              "migrations": {
                  "tableName": "migration",
                  "loadExtensions": [
                      ".js"
                  ]
              },
              "seeds": {
                  "loadExtensions": [
                      ".js"
                  ]
              }
          },
          "DEMO_SKIP_VALIDATION_FOR_CREDENTIAL_IDS": [
              "HskU2gw4np09IUtYNHnxMM696jJHqvccUdBmd0xP6XEWwH0xLei1PUzDJCM19SZ3A2Ex0fNLw0nc2hrIlFnAtw"
          ]
        }

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##    env:
    ##      - name: debug
    ##        value: trace
    ##
    # initContainers: []
    initContainers: |
      - name: wait-for-redis
        image: redis:7.0.5
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - until redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT} ping;
            do
              echo --------------------;
              echo Waiting for Redis...;
              sleep 2;
            done;
            echo ====================;
            echo Redis ok!;
        env:
          - name: REDIS_HOST
            value: {{ include "common.tplvalues.render" (dict "value" .Values.config.redis_host "context" $) | quote }}
          - name: REDIS_PORT
            value: {{ .Values.config.redis_port | quote }}
      - name: wait-for-mysql
        image: mysql:5.7
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD}  ${DB_DATABASE} -e 'select version()' ;
            do
              echo --------------------;
              echo Waiting for MySQL...;
              sleep 2;
            done;
            echo ====================;
            echo MySQL ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.db_host }}'
          - name: DB_PORT
            value: '{{ .Values.config.db_port }}'
          - name: DB_USER
            value: '{{ .Values.config.db_user }}'
          - name: DB_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.db_database }}'
      - name: run-migration
        image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - npm run migrate
        env:
          - name: DB_CONNECTION_PASSWORD
            {{- if .Values.config.db_secret }}
            valueFrom:
                secretKeyRef:
                  name: '{{ .Values.config.db_secret.name }}'
                  key: '{{ .Values.config.db_secret.key }}'
            {{- else }}
            value: {{ .Values.config.db_password }}
            {{- end }}
          - name: NODE_ENV
            value: production
        volumeMounts:
          - name: auth-svc-config-volume
            mountPath: /opt/app/dist/config/production.json
            subPath: production.json

    service:
      internalPort: 4004
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      ## @param ingress.enabled Enable ingress record generation for %%MAIN_CONTAINER_NAME%%
      ##
      enabled: false
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: auth-service.local
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      ##
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: {}
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: []
      ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
      ## e.g:
      ## extraPaths:
      ## - path: /*
      ##   backend:
      ##     serviceName: ssl-redirect
      ##     servicePort: use-annotation
      ##
      extraPaths: []
      ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
      ## e.g:
      ## extraTls:
      ## - hosts:
      ##     - transfer-api-svc.local
      ##   secretName: transfer-api-svc.local-tls
      ##
      extraTls: []
      ## @param ingress.secrets Custom TLS certificates as secrets
      ## NOTE: 'key' and 'certificate' are expected in PEM format
      ## NOTE: 'name' should line up with a 'secretName' set further up
      ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
      ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
      ## It is also possible to create and manage the certificates outside of this helm chart
      ## Please see README.md for more information
      ## e.g:
      ## secrets:
      ##   - name: transfer-api-svc.local-tls
      ##     key: |-
      ##       -----BEGIN RSA PRIVATE KEY-----
      ##       ...
      ##       -----END RSA PRIVATE KEY-----
      ##     certificate: |-
      ##       -----BEGIN CERTIFICATE-----
      ##       ...
      ##       -----END CERTIFICATE-----
      ##
      secrets: []
      className: "nginx"

  consent-oracle:
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/als-consent-oracle
      tag: v0.2.2
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "./dist/src/cli.js"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - ./dist/src/cli.js
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []
    # Add exta environment variables here
    env: []
    # e.g.
    # - name: LOG_LEVEL
    #   value: debug
    ## Svc configs
    config:
      ## DB Configuration
      db_host: *TP_ALS_CONSENT_SVC_DB_HOST
      db_port: *TP_ALS_CONSENT_SVC_DB_PORT
      db_user: *TP_ALS_CONSENT_SVC_DB_USER
      ## Secret-Management
      ### Set this if you are using a clear password configured in the config section
      # db_password: *TP_ALS_CONSENT_SVC_DB_PASSWORD
      ### Configure this if you want to use a secret. Note, this will override the db_password,
      ### Use the next line if you do wish to use the db_password value instead.
      # db_secret:
      ### Example config for an existing secret
      db_secret:
        name: *TP_ALS_CONSENT_SVC_DB_SECRET_NAME
        key: *TP_ALS_CONSENT_SVC_DB_SECRET_KEY
      db_database: *TP_ALS_CONSENT_SVC_DB_NAME

    ## Svc config files
    config_files:
      default.json: |
        {
          "PORT": {{ .Values.service.internalPort }},
          "HOST": "0.0.0.0",
          "INSPECT": {
              "DEPTH": 4,
              "SHOW_HIDDEN": false,
              "COLOR": true
          },
          "DATABASE": {
              "DIALECT": "mysql",
              "HOST": "{{ .Values.config.db_host }}",
              "PORT": {{ .Values.config.db_port }},
              "USER": "{{ .Values.config.db_user }}",
              "PASSWORD": "{{ .Values.config.db_password }}",
              "DATABASE": "{{ .Values.config.db_database }}",
              "POOL_MIN_SIZE": 10,
              "POOL_MAX_SIZE": 10,
              "ACQUIRE_TIMEOUT_MILLIS": 30000,
              "CREATE_TIMEOUT_MILLIS": 30000,
              "DESTROY_TIMEOUT_MILLIS": 5000,
              "IDLE_TIMEOUT_MILLIS": 30000,
              "REAP_INTERVAL_MILLIS": 1000,
              "CREATE_RETRY_INTERVAL_MILLIS": 200
          }
        }

    service:
      internalPort: 3000
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      ## @param ingress.enabled Enable ingress record generation for %%MAIN_CONTAINER_NAME%%
      ##
      enabled: false
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: consent-oracle.local
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      ##
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: {}
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: []
      ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
      ## e.g:
      ## extraPaths:
      ## - path: /*
      ##   backend:
      ##     serviceName: ssl-redirect
      ##     servicePort: use-annotation
      ##
      extraPaths: []
      ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
      ## e.g:
      ## extraTls:
      ## - hosts:
      ##     - transfer-api-svc.local
      ##   secretName: transfer-api-svc.local-tls
      ##
      extraTls: []
      ## @param ingress.secrets Custom TLS certificates as secrets
      ## NOTE: 'key' and 'certificate' are expected in PEM format
      ## NOTE: 'name' should line up with a 'secretName' set further up
      ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
      ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
      ## It is also possible to create and manage the certificates outside of this helm chart
      ## Please see README.md for more information
      ## e.g:
      ## secrets:
      ##   - name: transfer-api-svc.local-tls
      ##     key: |-
      ##       -----BEGIN RSA PRIVATE KEY-----
      ##       ...
      ##       -----END RSA PRIVATE KEY-----
      ##     certificate: |-
      ##       -----BEGIN CERTIFICATE-----
      ##       ...
      ##       -----END CERTIFICATE-----
      ##
      secrets: []
      className: "nginx"

  tp-api-svc:
    enabled: true

    image:
      registry: docker.io
      repository: mojaloop/thirdparty-api-svc
      tag: v14.0.0
      ## Specify a imagePullPolicy
      ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
      ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
      ##
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      ##
      pullSecrets: []

    replicaCount: 1
    command: '["node", "./dist/src/cli.js", "all"]'

    ## Enable diagnostic mode in the deployment
    ##
    diagnosticMode:
      ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
      ##
      enabled: false
      ## @param diagnosticMode.command Command to override all containers in the deployment
      ##
      command:
        - node
        - ./dist/src/cli.js
        - all
      ## @param diagnosticMode.args Args to override all containers in the deployment
      ##
      args:
        - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

      ## @param diagnosticMode.debug config to override all debug information
      ##
      debug:
        internalPort: 9229
        port: 9229

    readinessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    livenessProbe:
      enabled: true
      httpGet:
        path: /health
      initialDelaySeconds: 60
      periodSeconds: 15

    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []
    # Add exta environment variables here
    env: []
    # e.g. to change the Log Level:
    # - name: LOG_LEVEL
    #   value: debug
    ## Svc configs
    config: {}
    ## Svc config files
    config_files:
      default.json: |
        {
            "PORT": {{ .Values.service.internalPort }},
            "HOST": "0.0.0.0",
            "INSPECT": {
              "DEPTH": 4,
              "SHOW_HIDDEN": false,
              "COLOR": true
            },
            "ENDPOINT_CACHE_CONFIG": {
              "expiresIn": 180000,
              "generateTimeout": 30000
            },
            "ENDPOINT_SERVICE_URL": "http://{{ .Release.Name }}-centralledger-service",
            "PARTICIPANT_LIST_LOCAL": [
              "dfspa",
              "dfspb"
            ],
            "ERROR_HANDLING": {
              "includeCauseExtension": true,
              "truncateExtensions": true
            },
            "INSTRUMENTATION": {
              "METRICS": {
                "DISABLED": false,
                "labels": {
                  "eventId": "*"
                },
                "config": {
                  "timeout": 5000,
                  "prefix": "moja_3p_api",
                  "defaultLabels": {
                    "serviceName": "thirdparty-api-svc"
                  }
                }
              }
            },
            "MOCK_CALLBACK": {
              "transactionRequestId": "abc-12345",
              "pispId": "pisp"
            }
          }

    ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##    env:
    ##      - name: debug
    ##        value: trace
    ##
    initContainers: []

    service:
      internalPort: 3008
      ## @param service.type %%MAIN_CONTAINER_NAME%% service type
      ##
      type: ClusterIP
      ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
      ##
      port: 80
      ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
      ##
      httpsPort: 443
      ## Node ports to expose
      ## @param service.nodePorts.http Node port for HTTP
      ## @param service.nodePorts.https Node port for HTTPS
      ## NOTE: choose port between <30000-32767>
      ##
      nodePorts:
        http: null
        https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
      ## e.g.:
      ## clusterIP: None
      ##
      clusterIP: null
      ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
      ##
      loadBalancerIP: null
      ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ##   - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
      ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
      ##
      externalTrafficPolicy: Cluster
      ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
      ##
      annotations: {}
      ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
      ## If "ClientIP", consecutive client requests will be directed to the same Pod
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
      ##
      sessionAffinity: None
      ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
      ## sessionAffinityConfig:
      ##   clientIP:
      ##     timeoutSeconds: 300
      ##
      sessionAffinityConfig: {}

    ingress:
      ## @param ingress.enabled Enable ingress record generation for %%MAIN_CONTAINER_NAME%%
      ##
      enabled: true
      ## @param ingress.pathType Ingress path type
      ##
      pathType: ImplementationSpecific
      ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
      ##
      apiVersion: null
      ## @param ingress.hostname Default host for the ingress record
      ##
      hostname: tp-api-svc.local
      ## @param ingress.path Default path for the ingress record
      ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
      ##
      path: /
      ## @param ingress.annotations Additional custom annotations for the ingress record
      ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
      ##
      annotations: {}
      ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
      ## You can:
      ##   - Use the `ingress.secrets` parameter to create this TLS secret
      ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
      ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
      ##
      tls: false
      ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
      ##
      certManager: false
      ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
      ## e.g:
      ## extraHosts:
      ##   - name: transfer-api-svc.local
      ##     path: /
      ##
      extraHosts: []
      ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
      ## e.g:
      ## extraPaths:
      ## - path: /*
      ##   backend:
      ##     serviceName: ssl-redirect
      ##     servicePort: use-annotation
      ##
      extraPaths: []
      ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
      ## e.g:
      ## extraTls:
      ## - hosts:
      ##     - transfer-api-svc.local
      ##   secretName: transfer-api-svc.local-tls
      ##
      extraTls: []
      ## @param ingress.secrets Custom TLS certificates as secrets
      ## NOTE: 'key' and 'certificate' are expected in PEM format
      ## NOTE: 'name' should line up with a 'secretName' set further up
      ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
      ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
      ## It is also possible to create and manage the certificates outside of this helm chart
      ## Please see README.md for more information
      ## e.g:
      ## secrets:
      ##   - name: transfer-api-svc.local-tls
      ##     key: |-
      ##       -----BEGIN RSA PRIVATE KEY-----
      ##       ...
      ##       -----END RSA PRIVATE KEY-----
      ##     certificate: |-
      ##       -----BEGIN CERTIFICATE-----
      ##       ...
      ##       -----END CERTIFICATE-----
      ##
      secrets: []
      className: "nginx"

  thirdparty-simulator:
    enabled: true
    prefix: "{{ $.Release.Name }}-sim-tp-"
    # Default values for mojaloop-simulator.
    # This is a YAML-formatted file.
    # Declare variables to be passed into your templates.

    # Usage:
    # Add simulators to the simulators object. The following example will create two simulators,
    # 'payerfsp' and 'payeefsp' that will be created with the default values available lower in this
    # file.
    #
    # simulators:
    #   payerfsp: {}
    #   payeefsp: {}
    #
    # The default values can be overridden for all sims by modifying mojaloop-simulator.defaults in
    # your parent chart. They can also be overriden per-simulator. The following example will result in
    # a payerfsp without a cache and a payeefsp with a cache.
    #
    # simulators:
    #   payerfsp:
    #     config:
    #       cache:
    #         enabled: false
    #   payeefsp: {}
    #
    # If you want to disable any of the default simulators, you can define the values to null in this file.
    #
    # simlators:
    #   payerfsp: null
    #   payeefsp: null
    #

    # TODO & notes:
    # * do the port _numbers_ matter at all? Can we get rid of them?
    # * for Mowali, how are JWS and TLS secrets being set up?
    # * support arbitrary init containers + config (that might just be config that goes into defaults
    #   or something?). Supply all config and volumes to the init containers.
    # * create some test containers
    # * parametrise imagePullSecretName (global? like https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters)
    # * generate JWS private/public keys, so the user does not need to supply keys at all.
    # * generate public key from private, so the user only needs to supply private keys for each sim?
    #   (_might_ be possible with a job or init container or similar).
    # * support mTLS auto-cert generation
    # * probably eliminate all config that shouldn't actually be changed by a user, e.g.
    #   JWS_VERIFICATION_KEYS_DIRECTORY. That's a good configuration option to have for other contexts,
    #   such as running the sim locally or in docker-compose but in this context it's _an
    #   implementation detail_. The chart user should not have to worry about it, and we should not
    #   have to test the effect of changing it.
    #   Also
    #   INBOUND_LISTEN_PORT
    #   OUTBOUND_LISTEN_PORT
    # * make ingress more generic- do not preconfigure annotations
    # * think about labels a little more carefully- the app should probably always be "mojaloop-simulator"
    # * add config map and hashes to the deployments so that a configmap change triggers a rolling
    #   update
    # * support JWS public keys for other entities. Add a note in the documentation that they must map
    #   directly to the value that will be received in the FSPIOP-Source (check this is correct)
    # * update labels to be compliant. E.g. app.kubernetes.io/name or whatever
    # * rename ".Values.defaults.config" as it's pretty a useless name
    # * support arbitrary sidecars?
    # * use the redis subchart? https://github.com/bitnami/charts/tree/master/bitnami/redis
    #   - this would mean a single instance of redis (probably good)
    #   - might need to have the simulators use separate databases per simulator, or prefix all of
    #     their keys with their own name, or something
    # * allow the user to optionally specify the namespace, with the caveat that that namespace will
    #   need to be created manually before the release is deployed. There may be a horrible hack (which
    #   I have not tried) whereby all templates are moved to a different directory, say ./xtemplates,
    #   then all are imported using {{ .Files.Glob }} and {{ .Files.Get }} then templated into a single
    #   amazing template with {{ template }}. At the top of this template goes a namespace. The
    #   consequence of this is that the namespace is created first, enabling this beautiful pattern.
    #   Remember, with great power comes great responsibility. (In other words, we probably have a
    #   responsibility to _not_ do this).
    # * should redis be a statefulset? optionally? what does the bitnami chart do?
    # * move labels into helpers
    # * autogenerate ILP stuff?
    # * defaults.resources looks like it's used nowhere- check this and remove it as appropriate
    # * look for references to replicaCount in the charts/values. Is it set, or whatever?
    # * scale Redis
    # * changing JWS_SIGNING_KEY_PATH currently breaks the chart because it's nastily hard-coded. It
    #   should be possible to use the Spring filepath functions to avoid this. Similarly, changing
    #   RULES_FILE will have a similar effect. Alternatively, make these unconfigured by default. I.e.
    #   comment them out, hard-code them and add a warning to the user in the config. (Is there a
    #   scenario where the user should want to configure them? I don't think so..).
    #   (https://masterminds.github.io/sprig/paths.html)
    # * put sim inbound API on port 80
    # * supply more documentation, especially a range of examples, and preferably documentation that is
    #   executable
    # * share configmaps, secrets with init containers
    # * share an emptyDir volume between init containers and main containers
    # * allow init containers to create secrets and put them on persistent volumes, or emptyDirs, then
    #   allow main containers to access those
    # * do not put environment variables in configmaps, instead put them straight into the deployments.
    #   This makes the deployment much easier to manage.
    # * Remember, labels are _for_ identifying stuff. So labels should probably be like "release"
    #   (.Release.Name or similar) "chart" (.Chart.Name or similar) "simulator" (e.g. payerfsp,
    #   payeefsp) "sim-component" (e.g. backend, scheme-adapter, cache)
    # * can _probably_ remove port numbers from services to simplify chart (although perhaps not? try
    #   to port-forward with a named port instead of a numbered port?)


    simulators:
      ## Every key added to this `simulators` object will be a simulator that takes on the default
      ## config below. The default is deliberately left empty so nothing is deployed by default.
      # payerfsp: {}
      # payeefsp: {}
      ## Default FSPs for Mojaloop Postman Scripts
      dfspa:
        ingress:
          hosts:
            - sim-dfspa.local
        config:
          thirdpartysdk:
            enabled: true
            config: {production.json: {"control": {"mgmtAPIWsUrl": "127.0.0.1", "mgmtAPIWsPort": 4010}, "inbound": {"port": 4005, "host": "0.0.0.0", "pispTransactionMode": true, "tls": {"mutualTLS": {"enabled": false}, "creds": {"ca": "/secrets/dfsp_or_3ppi_client_cacert.pem", "cert": "/secrets/dfsp_or_3ppi_server_cert.pem", "key": "/secrets/dfsp_or_3ppi_server_key.key"}}}, "outbound": {"port": 4006, "host": "0.0.0.0", "tls": {"mutualTLS": {"enabled": false}, "creds": {"ca": "/secrets/hub_server_cacert.pem", "cert": "/secrets/dfsp_or_3ppi_client_cert.cer", "key": "/secrets/dfsp_or_3ppi_client_key.key"}}}, "requestProcessingTimeoutSeconds": 30, "wso2": {"auth": {"staticToken": "test-static-token", "tokenEndpoint": "", "clientKey": "test-client-key", "clientSecret": "test-client-secret", "refreshSeconds": 3600}}, "redis": {"port": 6379, "timeout": 100}, "inspect": {"depth": 4, "showHidden": false, "color": true}, "shared": {"authServiceParticipantId": "centralauth", "thirdpartyRequestsEndpoint": "$release_name-tp-api-svc", "servicesEndpoint": "$release_name-tp-api-svc", "alsEndpoint": "$release_name-account-lookup-service", "quotesEndpoint": "$release_name-quoting-service", "transfersEndpoint": "$release_name-ml-api-adapter-service", "dfspId": "$name", "dfspBackendUri": "$full_name-backend:3000", "dfspBackendHttpScheme": "http", "dfspBackendVerifyAuthorizationPath": "verify-authorization", "dfspBackendVerifyConsentPath": "verify-consent", "sdkRequestToPayTransferUri": "0.0.0.0:3000/requestToPayTransfer", "sdkOutgoingUri": "$full_name-scheme-adapter:4001", "sdkOutgoingHttpScheme": "http", "sdkOutgoingPartiesInformationPath": "parties/{Type}/{ID}/{SubId}", "sdkNotifyAboutTransferUri": "ml-testing-toolkit:4040/thirdpartyRequests/transactions/{ID}", "tempOverrideQuotesPartyIdType": "MSISDN", "testShouldOverrideConsentId": true, "testConsentRequestToConsentMap": {"76059a0a-684f-4002-a880-b01159afe119": "76059a0a-684f-4002-a880-b01159afe119", "6bf07f98-cfce-45ba-b048-7a86bac45d79": "be433b9e-9473-4b7d-bdd5-ac5b42463afb", "c51ec534-ee48-4575-b6a9-ead2955b8069": "46876aac-5db8-4353-bb3c-a6a905843ce7", "d51ec534-ee48-4575-b6a9-ead2955b8069": "23b07761-6b41-442a-b3d5-d876a6ea9ecc", "b5d6206c-4f06-497d-af15-ed866ea6958f": "2acf1dfa-ce45-486e-b19e-ae4ad9804a63"}, "testOverrideTransactionChallenge": "OWZhYjAxZTcwYjU4YzRhMzRmOWQwNzBmZjllZDFiNjc2NWVhMzA1NGI1MWZjZThjZGFjNDEyZDBmNmM2MWFhMQ"}, "pm4mlEnabled": false, "validateInboundJws": false, "jwsSign": false, "jwsSigningKey": "/jwsSigningKey.key", "jwsVerificationKeysDirectory": null}}
          schemeAdapter:
            secrets:
              jws:
                # `privateKeySecret` is used to specify the secret that contains the JWS signing key.
                # If `privateKeySecret` is not null, then the `privateKey` value will be ignored.
                # Expected properties of `privateKeySecret` are `name` and `key`.
                privateKeySecret: {}
                # The following is an example key and shouldn't be used in production
                privateKey: |-
                  -----BEGIN PRIVATE KEY-----
                  MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCg9eU66hg4ZAE6
                  jM4U8ylXQwUz9cdmzS3JyW+1bbgv77peMKSU/wFsi4QRwmbrYze9baFnGCKnS75E
                  vCchib5vJxp3MDWzi/TGxmzgWdJRzkyCiI5C6dCgVL71MjsFgN3TN63wEf5sEU2I
                  eoJ8yXJM0pUG9f9NO7p/IGliDmt6C7EA7D9kQWigufmX0ZTVNKI07fKwC/AEKLp7
                  kx99pvsCq8m184EEL15Q/NhA7R/5zKoHvmJa6Jd7tM0i0xn8IKOkNVFu3YIafAEC
                  QWQwRbanFEeRc3tH3bEoYM8c74r+W+YxCG7nUf16XCk132XVffbHVl+wFgo18YB/
                  sAJmcbePAgMBAAECggEAGQGKnsf+gkg7DqMQYx3Rxt5BISzmURjAK9CxG6ETk9Lt
                  A7QP5ZvmVzwnhPDMN3Z/Et1EzXTo8U+pnBkVBTdWkAMlr+2b8ixklzr9cC9UJuRj
                  a4YWf9u+TyJLVmF63OSD0cwdKCZLffOENZc+zW8oZDn08BNomdGVLCnXZWXzGY8X
                  KaJTJr29jEgkKOqFXdAHrsmj7TBtqSLZKx2IHdCmi05+5JCxVLPgnDiCicZ9zEii
                  yWw57Q1migFIcw6ZQP4RyjgH1o70B+zo3OL7IQEirE17GUgK16XD8xi8hWCYTj5n
                  xOz9yfVfPuYom/9Xbm5kYJZKE2HOZ3Lg8pUnWncuNQKBgQDbaOoACQPhVxQK1qYR
                  RbW0I5Rn0EDxzsFPEpu3eXHoIYGXi8u/ew9AzFmGu+tKYJV5V4BCXo5x2ddE+B8B
                  dXhyHLGfeV8tWKYKBpatolVxxKDL/9fnxoGIAO9cc91ieOm5JxmKscCVP1UnOXHZ
                  uomSfAbGQwYDtMd2bJKkE1z0qwKBgQC7zacuv1PMaDFksHuNNRG+aZ74pJ77msht
                  vJoKyaQcktD0xmIXhFfJvK4cclzG7s5jxCsu2ejimgmfVzgXlLEMrJFvSdFkD2SS
                  gGqoxq5c9g8ssvt7xwr7aJ+VYYWTWRzJrOUny+99UbwHedu0EHL1BYILwy67Lium
                  sgUeeCEgrQKBgGv+7f7qcRB/jgvvr3oc990dDjUzGmRrQlcrb54Vlu2NYH45fyZW
                  6iEY9JAO+zd25tv9J9KDPFXpxb3a61gKfCie2wcF9MUbN08EAzKgDrKa+BKxcZJR
                  8PwCic7V8QhBP7m09yt/Zq2PqNhPvCxRVtnVVnhMES/N0cgGlP9R0JVVAoGAHU2/
                  kmnEN5bibiWjgasQM7fjWETHkdbbA1R0bM59zv+Rnz/9OlIqKI5KVKH7nAbTKXoI
                  iuzxi7ohWj2PwQ4wehvLLaRFCenk9X8YJXGq71Jtl7ntx6iNLCFtFS/8WbuD5GwX
                  7ZfCrLk+L6RyBayzY0wSuKch+Y8AvKf2aISyFpkCgYEAjSfEjz9Cn+27HdiMoBwa
                  +fyyoosci/6OBxj/WTKvV6KUYLBfFoAYpb9rqrbvnfyyc0UiAYQeMJAOWQ1kkzY4
                  zXs63iPQi2UeGPJZ7RsT+31DSaG9YiQdrInsUrlm8hi1C7Pg/NNt6Y1G0WhWYrvF
                  iNK0yCENMhSoOTtbT9tmGi0=
                  -----END PRIVATE KEY-----
                publicKey: |-
                  -----BEGIN PUBLIC KEY-----
                  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPXlOuoYOGQBOozOFPMp
                  V0MFM/XHZs0tyclvtW24L++6XjCklP8BbIuEEcJm62M3vW2hZxgip0u+RLwnIYm+
                  bycadzA1s4v0xsZs4FnSUc5MgoiOQunQoFS+9TI7BYDd0zet8BH+bBFNiHqCfMly
                  TNKVBvX/TTu6fyBpYg5reguxAOw/ZEFooLn5l9GU1TSiNO3ysAvwBCi6e5Mffab7
                  AqvJtfOBBC9eUPzYQO0f+cyqB75iWuiXe7TNItMZ/CCjpDVRbt2CGnwBAkFkMEW2
                  pxRHkXN7R92xKGDPHO+K/lvmMQhu51H9elwpNd9l1X32x1ZfsBYKNfGAf7ACZnG3
                  jwIDAQAB
                  -----END PUBLIC KEY-----
          backend:
            rules: |-
              [
                {
                  "ruleId": 1,
                  "description": "Returns an Payee rejected transaction error (ML error 5105) from the simulator when transfer value is 5105 in any currency",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/transfers"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      },
                      {
                        "fact": "body",
                        "operator": "equal",
                        "value": "5105",
                        "path": "$.amount"
                      }
                    ]
                  },
                  "event": {
                    "type": "simulateError",
                    "params": {
                      "statusCode": 500,
                      "body": {
                        "statusCode": "5105",
                        "message": "Payee rejected transaction"
                      }
                    }
                  }
                },
                {
                  "ruleId": 2,
                  "description": "makes the validation of authorization",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/verify-authorization"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "isValid": true
                      }
                    }
                  }
                },
                {
                  "ruleId": 3,
                  "description": "Returns list of user Accounts",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/accounts/username1234"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "GET"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "accounts": [
                          {
                            "accountNickname": "dfspa.user.nickname1",
                            "address": "dfspa.username.1234",
                            "currency": "ZAR"
                          },
                          {
                            "accountNickname": "dfspa.user.nickname2",
                            "address": "dfspa.username.5678",
                            "currency": "USD"
                          }
                        ]
                      }
                    }
                  }
                },
                {
                  "ruleId": 4,
                  "description": "validate consentRequests - WEB",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/validateConsentRequests"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      },
                      {
                        "fact": "body",
                        "operator": "equal",
                        "value": "b51ec534-ee48-4575-b6a9-ead2955b8069",
                        "path": "$.consentRequestId"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "isValid": true,
                        "data": {
                          "authChannels": [
                            "WEB"
                          ],
                          "authUri": "http://localhost:6060/admin/dfsp/authorize?consentRequestId=b51ec534-ee48-4575-b6a9-ead2955b8069&callbackUri=http://localhost:42181/flutter-web-auth.html"
                        }
                      }
                    }
                  }
                },
                {
                  "ruleId": 5,
                  "description": "validate consentRequests - OTP",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/validateConsentRequests"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      },
                      {
                        "fact": "body",
                        "operator": "equal",
                        "value": "c51ec534-ee48-4575-b6a9-ead2955b8069",
                        "path": "$.consentRequestId"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "isValid": true,
                        "data": {
                          "authChannels": ["OTP"]
                        }
                      }
                    }
                  }
                },
                {
                  "ruleId": 6,
                  "description": "validate consentRequests - Error:7203",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/validateConsentRequests"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      },
                      {
                        "fact": "body",
                        "operator": "equal",
                        "value": "d51ec534-ee48-4575-b6a9-ead2955b8069",
                        "path": "$.consentRequestId"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "isValid": false,
                        "data": {},
                        "errorInformation": {
                          "errorCode": "7203",
                          "errorDescription": "FSP does not support any requested authentication channels"
                        }
                      }
                    }
                  }
                },
                {
                  "ruleId": 7,
                  "description": "validate consentRequests - Error:7204",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/validateConsentRequests"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      },
                      {
                        "fact": "body",
                        "operator": "equal",
                        "value": "e51ec534-ee48-4575-b6a9-ead2955b8069",
                        "path": "$.consentRequestId"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "isValid": false,
                        "data": {},
                        "errorInformation": {
                          "errorCode": "7204",
                          "errorDescription": "FSP does not support any requested scope actions"
                        }
                      }
                    }
                  }
                },
                {
                  "ruleId": 8,
                  "description": "validate consentRequests - Error:7209",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/validateConsentRequests"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      },
                      {
                        "fact": "body",
                        "operator": "equal",
                        "value": "f51ec534-ee48-4575-b6a9-ead2955b8069",
                        "path": "$.consentRequestId"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "isValid": false,
                        "data": {},
                        "errorInformation": {
                          "errorCode": "7209",
                          "errorDescription": "FSP does not find scopes suitable"
                        }
                      }
                    }
                  }
                },
                {
                  "ruleId": 9,
                  "description": "validate consentRequests - Error:7210",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/validateConsentRequests"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      },
                      {
                        "fact": "body",
                        "operator": "equal",
                        "value": "f61ec534-ee48-4575-b6a9-ead2955b8069",
                        "path": "$.consentRequestId"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "isValid": false,
                        "data": {},
                        "errorInformation": {
                          "errorCode": "7210",
                          "errorDescription": "FSP does not trust PISP callback URI"
                        }
                      }
                    }
                  }
                },
                {
                  "ruleId": 10,
                  "description": "validate consentRequests - Error:7211",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/validateConsentRequests"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      },
                      {
                        "fact": "body",
                        "operator": "equal",
                        "value": "f71ec534-ee48-4575-b6a9-ead2955b8069",
                        "path": "$.consentRequestId"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "isValid": false,
                        "data": {},
                        "errorInformation": {
                          "errorCode": "7211",
                          "errorDescription": "FSP does not allow consent requests for specified username"
                        }
                      }
                    }
                  }
                },
                {
                  "ruleId": 11,
                  "description": "Returns list of user account for username user@example.com",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/accounts/user@example.com"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "GET"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "accounts": [
                          {
                            "accountNickname": "Chequing Account",
                            "id": "dfspa.username.1234",
                            "currency": "TZS"
                          },
                          {
                            "accountNickname": "Everyday Spending",
                            "id": "dfspa.username.5678",
                            "currency": "TZS"
                          }
                        ]
                      }
                    }
                  }
                },
                {
                  "ruleId": 12,
                  "description": "verify received thirdparty transaction request",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/validate-thirdparty-transaction-request"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      },
                      {
                        "fact": "body",
                        "operator": "equal",
                        "value": "c2470148-1be2-4c0b-aece-aa8dcb92a6cc",
                        "path": "$.transactionRequestId"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "isValid": true,
                        "payerPartyIdInfo": {
                          "partyIdType": "MSISDN",
                          "partyIdentifier": "123456789",
                          "fspId": "dfspa"
                        },
                        "consentId": "2acf1dfa-ce45-486e-b19e-ae4ad9804a63"
                      }
                    }
                  }
                },
                {
                  "ruleId": 13,
                  "description": "stores the final consent",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/store/consent"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                      }
                    }
                  }
                },
                {
                  "ruleId": 14,
                  "description": "validate consentRequests - OTP",
                  "conditions": {
                    "all": [
                      {
                        "fact": "path",
                        "operator": "equal",
                        "value": "/validateConsentRequests"
                      },
                      {
                        "fact": "method",
                        "operator": "equal",
                        "value": "POST"
                      },
                      {
                        "fact": "body",
                        "operator": "equal",
                        "value": "b5d6206c-4f06-497d-af15-ed866ea6958f",
                        "path": "$.consentRequestId"
                      }
                    ]
                  },
                  "event": {
                    "type": "FIXED_CALLBACK",
                    "params": {
                      "statusCode": 200,
                      "body": {
                        "isValid": true,
                        "data": {
                          "authChannels": [
                            "OTP"
                          ]
                        }
                      }
                    }
                  }
                }
              ]
      dfspb:
        ingress:
          hosts:
            - sim-dfspb.local
        config:
          thirdpartysdk:
            enabled: true
          schemeAdapter:
            secrets:
              jws:
                # `privateKeySecret` is used to specify the secret that contains the JWS signing key.
                # If `privateKeySecret` is not null, then the `privateKey` value will be ignored.
                # Expected properties of `privateKeySecret` are `name` and `key`.
                privateKeySecret: {}
                # The following is an example key and shouldn't be used in production
                privateKey: |-
                  -----BEGIN PRIVATE KEY-----
                  MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMu126miewCUCT
                  7f49B0SyCPFGzmqGSs9rTPbk1se+BBhqfhsfkZj6cRRfrlg3rme6we0Ib2AF5TQL
                  noSBlDAimQcNOHXrqpAY/B0l/mgyUwmfv0NJ3UjZuCFuw3HRrU/oSUfXoDITC+Bi
                  120w4FY2B/vPn+1iC/tsaCayneoaV/Sedq7H9+smEnQfGl3p5QJp/B2Ws3Bz1HqI
                  IoxLEaO9VMeDHQPvNJn/7g9erqA5vIhmgLS46worOVjdRLH2SECH73qp8Wg0rJ8Y
                  eW2kQ8kuY4uHcG3MO6drYrC011U0ZyM90KV7dv2Y0h2FHlpn9s/pmb630m5ELpnB
                  T/pYTLcXAgMBAAECggEADqk6Qz3SgBeMMYEWYZ4ZdsW6Ktpm+Xqg/kDy4JywOB9z
                  SikBXeeKH3Z6ltwq2BicDV020Wb8Zt+s3vTOmLhDzC544/hPmtKfjWfR2eHX6gaq
                  m+8ml+20pQFmb4Kn2MlC/Xzwm/SOXBvPyUmTua95rQExsK12DT0+F4YhLfhYsTh2
                  HfkEzdFW4rrd+9ddKG1ZANS4ZaiMyzhtvUWeEBypBtVf+kBk+51t9pLCdjuynb8I
                  WylSDhikT3/YQ/3g/Sz3SMp1u4x0GQe9FWYrnPzzp5LnM5fm49v8JWVHUvd0TOi0
                  dQV+LYlgSD38YPpi4iKQSh0Zf0EBfbA83GsX2ArJ7QKBgQDmvcA6PqPo0OV/7RKY
                  JuziA3TpucL8iVM1i7/Lv6+VkX88uDvEjwLoNAiYcgIm/CMK7WAwA+Dzn4r38EHB
                  BKF4KRhP0qQS0KLXsd0tdsmAB0In7+cbKL4ttqNUP98xZAkTLJq9PXqTKN0qtyw4
                  SfIsVMjDGoeSdWHObZYbGKICfQKBgQDjJLwolDrVX29V4zVmxQYH5iN+5kwKXHXj
                  suHBrW02Oj/GQFh3Xj6JQi3mzTWYhHwhA4pdaQtNYqTaz9Ic/O1VNPic2ovtg+cd
                  7sh86qdQ4QZYhN3RT4oX///u6+UK90llh9hEBo3GuZ4X47tuByNtD4SFAlULrkSm
                  fW4XaC3gIwKBgGil6HfCDx65F00UnVlKVicPQEf8ivVz5rwjPIJQ1nZ0PYuxVtIH
                  tl7PspJJKra5pb7/957vM2fqlOFsIrZCvmS75p3VP7qUyzYeIdzLwgmBwTxRrrP/
                  n3kmGx9LtJM29nKuySNIrb3uS5hi6PhCeUYn0cHC13fSKuCvjOOPIXMVAoGBAJg+
                  CPdR0tUs8Byq+yH0sIQe1m+5wAG50zJYtUPxD6AnDpO8kQ8A1f19o/JsXJ3rPp+K
                  FfVh8LdfhIs8e+H+DLztkizftqXtoLzJTQuc46QsDurJszsVisNnTI1BAvWEpWct
                  0+BUXDZ0NuhgNUIb+rygh/v2gjYgCddlfqKlqwntAoGBAM5Kpp5R0G0ioAuqGqfZ
                  sHEdLqJMSepgc6c7RC+3G/svtS2IqCfyNfVMM3qV5MY3J7KnAVjGOw2oJbXcPLXa
                  uutsVVmPx2d/x2LZdc8dYYcdOQZvrUhmALhAPXM4SRujakxh+Uxi1VOiW+fZL8aW
                  uu1pxuWD0gTJxFkp6u4YIAhw
                  -----END PRIVATE KEY-----
                publicKey: |-
                  -----BEGIN PUBLIC KEY-----
                  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLtduponsAlAk+3+PQdE
                  sgjxRs5qhkrPa0z25NbHvgQYan4bH5GY+nEUX65YN65nusHtCG9gBeU0C56EgZQw
                  IpkHDTh166qQGPwdJf5oMlMJn79DSd1I2bghbsNx0a1P6ElH16AyEwvgYtdtMOBW
                  Ngf7z5/tYgv7bGgmsp3qGlf0nnaux/frJhJ0Hxpd6eUCafwdlrNwc9R6iCKMSxGj
                  vVTHgx0D7zSZ/+4PXq6gObyIZoC0uOsKKzlY3USx9khAh+96qfFoNKyfGHltpEPJ
                  LmOLh3BtzDuna2KwtNdVNGcjPdCle3b9mNIdhR5aZ/bP6Zm+t9JuRC6ZwU/6WEy3
                  FwIDAQAB
                  -----END PUBLIC KEY-----
      pisp:
        ingress:
          hosts:
            - sim-pisp.local
        config:
          thirdpartysdk:
            enabled: true
          schemeAdapter:
            secrets:
              jws:
                # `privateKeySecret` is used to specify the secret that contains the JWS signing key.
                # If `privateKeySecret` is not null, then the `privateKey` value will be ignored.
                # Expected properties of `privateKeySecret` are `name` and `key`.
                privateKeySecret: {}
                # The following is an example key and shouldn't be used in production
                privateKey: |-
                  -----BEGIN PRIVATE KEY-----
                  MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDZHci4QOmoO2xL
                  3p6YjS90Iml5v+WcLFHY3DnHpncaML09EUInaCxLZmrvQ1pRDnJauutn0Nnw+OAJ
                  ep+1Qobja4WyJssWk3T0iNC5kIO4CQJ0SMyCb7GJ6zjtqNHOXp685zQKWRAFlUbJ
                  uX1ECvo1FMU5iRiMnTFLQw2R9GQOI4S7kED9cpvmgtvJUyMbK8uDJLWDjXHh8D4J
                  xvk8Q1qH12qQUnePbXxGz5sbK2tWqusIKNXUWIj5j1iMq5NFGjtT+NwYct8RzthF
                  w/ZT2izFDEW+EfFHtbR7vh8BTwHxggnPCNpC+sSH1IlFzYhmyHoR0EBdeZuTiwcr
                  KGhfRvJRAgMBAAECggEAJ1r6QMfncsq+sSv71Iw3D1aThvGtZbc06NnWkWWPzkwK
                  aXDg7HK6ILrCZHdxfiLfwKmENU/KyZ7bQWycWYdjGwMo+2eDxaZZ+193ckOLVMcx
                  TjHJ/FTRuj3MlmvVCBLntDc2nC+Ts2dhKvy4A6b3vrpym6DJtedigZF4er3xiww4
                  a9XV7vr5xDEjf4kFWWGtEDuF+4YAEBbmD76cRyF5Hv8eoU0MELCelHqL1jL7W6/5
                  sTfbTxRIFO3wmJhW2ZRRyD9EN5lmP9dROxIE4H3tRBihUJVDBA0IXGiE2Z+NjOUJ
                  ycbZVT0LMa3XeYKdrhHRGFafWPSPIJCyQOIK33V6BwKBgQD/TjS9sXJ9hXu53bM1
                  8/X780kUp66GQF5V+QhMAVW/6BdQ1Fkhv6AuJZl+FujBRszSdl96thILy87qkP+n
                  dUDxXn5B2B7MQ1K7uwmKrYW087BfDPa+3R7wKJ4fndIhrqANGy1KCfwhe8GJEzpP
                  vlI4JeInrgMXyQgZgj+65zE22wKBgQDZtPu1MD8SJVvUYXgP1u0XqJWZDo5dndI1
                  KA7UlefbBqqtZ87EP7zxcTZHaRLuMBPEppH4+K4NsopnZh4rD+bV/NOJ/rI6PMZe
                  zIkjLYE+KTgvM7pvwDy+q08fDYnucS4xnHOjLzw8/l4ptJ1uigXkx8PSl94118+5
                  h4Ac4ZL1QwKBgQCk/3MggXT/4GvU9I4kuVVpjpLVkYU+aI1PPNH65QX5L9MZvxMX
                  t5ObH1uy3LVybAJlpnEQimjhTMeeWzWOkT32gF5SyY0l8AChKUECaiC2kKOU2nkB
                  Y0Diby26OzIZ6JSxw7WiWw+iyCuNHmsaLGNQvFML1+9RyO++JKpxbYcl7wKBgBbd
                  Vi5CYe1i9REKJ5TqSr5YW1XW3Ibig2hHy77x+4baXWSW6XVdCFgHPt8jHvTbIche
                  gig23fjcToLri7GUGvdQdVsh39AT//WG38RNDCzeIWN7uFHyS67uyQGG53yecG6P
                  cumplVcGlBcnO/2XC2VqwZtFjfXzs4JVw9PEsS2HAoGANdd6dNf7ETpBgAlesWgS
                  73JAElMGkQH42dqejEzMa5CXUCPLQdqHCgxaT4M25c6F8tUhb2qSvV+Cl+zVkqlA
                  CpocM6+FV4oYNLIJUtNJj+XLbDkV2XjXYzuzcGlDd9HAv6hzg0zHOhN6ETsxqIx7
                  dvV4dxN19eDirp9AVl6k3Ew=
                  -----END PRIVATE KEY-----
                publicKey: |-
                  -----BEGIN PUBLIC KEY-----
                  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2R3IuEDpqDtsS96emI0v
                  dCJpeb/lnCxR2Nw5x6Z3GjC9PRFCJ2gsS2Zq70NaUQ5yWrrrZ9DZ8PjgCXqftUKG
                  42uFsibLFpN09IjQuZCDuAkCdEjMgm+xies47ajRzl6evOc0ClkQBZVGybl9RAr6
                  NRTFOYkYjJ0xS0MNkfRkDiOEu5BA/XKb5oLbyVMjGyvLgyS1g41x4fA+Ccb5PENa
                  h9dqkFJ3j218Rs+bGytrVqrrCCjV1FiI+Y9YjKuTRRo7U/jcGHLfEc7YRcP2U9os
                  xQxFvhHxR7W0e74fAU8B8YIJzwjaQvrEh9SJRc2IZsh6EdBAXXmbk4sHKyhoX0by
                  UQIDAQAB
                  -----END PUBLIC KEY-----

    defaultProbes: &defaultProbes
      livenessProbe:
        enabled: true
        initialDelaySeconds: 3
        periodSeconds: 30
        timeoutSeconds: 10
        successThreshold: 1
        failureThreshold: 3
      readinessProbe:
        enabled: true
        initialDelaySeconds: 3
        periodSeconds: 5
        timeoutSeconds: 5
        successThreshold: 1
        failureThreshold: 3

    ingress:
      enabled: false
      # If you're using nginx ingress controller >= v0.22.0 set this to (/|$)(.*). Ensure that you set the `"nginx.ingress.kubernetes.io/rewrite-target": "/$2"`
      # If you're using nginx ingress controller < v0.22.0 set this to an empty string or "/". Ensure that you set the `"nginx.ingress.kubernetes.io/rewrite-target": "/"`
      # This affects the way your rewrite target will work.
      # For more information see "Breaking changes" here:
      # https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220

      ## https://kubernetes.github.io/ingress-nginx/examples/rewrite/
      # nginx.ingress.kubernetes.io/rewrite-target: '/'
      # nginx.ingress.kubernetes.io/rewrite-target: '/$2'
      ## https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/
      # kubernetes.io/ingress.class: nginx
      ## https://kubernetes.github.io/ingress-nginx/user-guide/tls/#automated-certificate-management-with-kube-lego
      # kubernetes.io/tls-acme: "true""

      ## nginx ingress controller >= v0.22.0
      annotations:
        nginx.ingress.kubernetes.io/rewrite-target: '/$2'
      ingressPathRewriteRegex: (/|$)(.*)
      className: "nginx"
      pathType: "ImplementationSpecific"

      ## nginx ingress controller < v0.22.0
      # annotations:
      #   nginx.ingress.kubernetes.io/rewrite-target: '/'
      # ingressPathRewriteRegex: "/"

    # If you enable JWS validation and intend to communicate via a switch you will almost certainly
    # want to put your switch JWS public key in this array. The name of the property in this object
    # will correspond directly to the name of the signing key (e.g., in the example below,
    # `switch.pem`). Do not include the `.pem` extension, this will be added for you. The scheme
    # adapter will use the FSPIOP-Source header content to identify the relevant signing key to use.
    # The below example assumes your switch will use `FSPIOP-Source: switch`. If instead, for example,
    # your switch is using `FSPIOP-Source: peter` you will need a property `peter` in the following
    # object. Do not add the public keys of your simulators to this object. Instead, put them in
    # `mojaloop-simulator.simulators.$yourSimName.config.schemeAdapter.secrets.jws.publicKey`.
    sharedJWSPubKeys: null
    # switch: |-
    #   -----BEGIN PUBLIC KEY-----
    #   blah blah blah
    #   -----END PUBLIC KEY-----
    defaults:
      # Changes to this object in the parent chart, for example 'mojaloop-simulator.defaults' will be
      # applied to all simulators deployed by this child chart.
      config:
        # Config for init containers
        initContainers:
          waitForCache:
            enabled: true
        imagePullSecretName: dock-casa-secret
        cache:
          # These will be supplied directly to the init containers array in the deployment for the
          # scheme adapter. They should look exactly as you'd declare them inside the deployment.
          # Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
          # This init container will have the same environment variables as the main backend container,
          # as specified in .env below.
          # Additionally, the following preset environment variables will be set:
          # SIM_NAME: the name of the simulator as specified in the `mojaloop-simulator` config
          # SIM_SCHEME_ADAPTER_SERVICE_NAME: "sim-$SIM_NAME-scheme-adapter"
          # SIM_BACKEND_SERVICE_NAME: "sim-$SIM_NAME-backend"
          # SIM_CACHE_SERVICE_NAME: "sim-$SIM_NAME-cache"
          initContainers: []
          enabled: true
          image:
            repository: redis
            tag: 5.0.4-alpine
            pullPolicy: IfNotPresent
          <<: *defaultProbes
          livenessProbe:
            enabled: true
            timeoutSeconds: 5
          readinessProbe:
            enabled: true
            timeoutSeconds: 5

        schemeAdapter:
          secrets:
            jws:
              # Use the privateKeySecret field if you would like to supply a JWS private key external
              # to this chart.
              # For example, if you create a private key called `sim-payerfsp-jws-signing-key` with data property `private.key`
              # external to this chart, you would supply
              # `privateKeySecret:
              #   name: sim-payerfsp-jws-signing-key`
              #   key: private.key
              # here.
              # These fields will take precedence over `privateKey` and `publicKey` below.
              # This field is best supplied per-simulator, however it's here for documentation
              # purposes.
              privateKeySecret: {}
              # The `publicKeyConfigMapName` field allows you to supply a ConfigMap containing JWS public
              # keys external to this release, and have this release reference that ConfigMap to
              # populate JWS public keys. The format of this ConfigMap must be as described for
              # `sharedJWSPubKeys`, a map with one key per FSP/simulator corresponding to the
              # FSPIOP-Source header that will be supplied by that FSP/simulator.
              publicKeyConfigMapName: {}
              # Supply per-simulator private and public keys here:
              privateKey: ''
              publicKey: ''
          image:
            repository: mojaloop/sdk-scheme-adapter
            tag: v23.4.0
            pullPolicy: IfNotPresent
            command: '[ "yarn", "start:api-svc" ]'
          <<: *defaultProbes

          # These will be supplied directly to the init containers array in the deployment for the
          # scheme adapter. They should look exactly as you'd declare them inside the deployment.
          # Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
          # This init container will have the same environment variables as the main scheme adapter
          # container, as specified in .env below.
          # All init containers will have the same preset environment variables as the backend init
          # container as specified above.
          initContainers: []

          scale:
            enabled: false
            spec:
              minReplicas: 1
              maxReplicas: 10
              metrics:
              - type: Resource
                resource:
                  name: cpu
                  target:
                    type: Utilization
                    averageUtilization: 80

          env:
            # Ports the scheme adapter listens on. Shouldn't really matter for a user of this chart.
            # You probably shouldn't bother configuring them- it likely won't do you much good. But it
            # won't do any harm, either.
            INBOUND_LISTEN_PORT: 4000
            OUTBOUND_LISTEN_PORT: 4001
            TEST_LISTEN_PORT: 4002

            # Enable mutual TLS authentication. Useful when not running in a secure
            # environment, i.e. when you're running it locally against your own implementation.
            INBOUND_MUTUAL_TLS_ENABLED: false
            OUTBOUND_MUTUAL_TLS_ENABLED: false
            TEST_MUTUAL_TLS_ENABLED: false

            # Enable JWS verification and signing
            VALIDATE_INBOUND_JWS: false
            JWS_SIGN: true

            # applicable only if VALIDATE_INBOUND_JWS is `true`
            # allows disabling of validation on incoming PUT /parties/{idType}/{idValue} requests
            VALIDATE_INBOUND_PUT_PARTIES_JWS: true

            # applicable only if JWS_SIGN is `true`
            # allows disabling of signing on outgoing PUT /parties/{idType}/{idValue} requests
            JWS_SIGN_PUT_PARTIES: true

            # The number of space characters by which to indent pretty-printed logs. If set to zero, log events
            # will each be printed on a single line.
            LOG_INDENT: "0"

            # REDIS CACHE CONNECTION
            # CACHE_HOST: "" # Default is parametrised, but it's possible to override this
            CACHE_PORT: 6379

            # Switch or DFSP system under test Mojaloop API endpoint
            # The option 'PEER_ENDPOINT' has no effect if the remaining options 'ALS_ENDPOINT', 'QUOTES_ENDPOINT',
            # 'BULK_QUOTES_ENDPOINT', 'TRANSFERS_ENDPOINT', 'BULK_TRANSFERS_ENDPOINT', 'TRANSACTION_REQUESTS_ENDPOINT' are specified.          # Do not include the protocol, i.e. http.
            PEER_ENDPOINT: "mojaloop-switch"
            # Common Account Lookup System (ALS)
            ALS_ENDPOINT: $release_name-account-lookup-service
            QUOTES_ENDPOINT: $release_name-quoting-service
            TRANSFERS_ENDPOINT: $release_name-ml-api-adapter-service
            BULK_TRANSFERS_ENDPOINT: $release_name-bulk-api-adapter-service
            BULK_QUOTES_ENDPOINT: $release_name-bulk-quoting-service
            TRANSACTION_REQUESTS_ENDPOINT: $release_name-transaction-requests-service

            # This value specifies the endpoint the scheme adapter expects to communicate with the
            # backend on. Do not include the protocol, i.e. http.
            # You're very likely to break the functioning of this chart if you configure the following
            # value. This config item has been copied from the service repo for consistency with that,
            # so that if you come here and find this variable, with this comment, it's less confusing
            # than if you come here and it's missing entirely.
            # BACKEND_ENDPOINT: "localhost:3000"

            # FSPID of this DFSP
            # Commented by default- you're likely to break the chart if you configure this value.
            # DFSP_ID: "mojaloop-sdk"

            # Secret used for generation and verification of secure ILP
            ILP_SECRET: "Quaixohyaesahju3thivuiChai5cahng"

            # expiry period in seconds for quote and transfers issued by the SDK
            EXPIRY_SECONDS: "60"

            # if set to false the SDK will not automatically accept all returned quotes
            # but will halt the transfer after a quote response is received. A further
            # confirmation call will be required to complete the final transfer stage.
            AUTO_ACCEPT_QUOTES: true

            # if set to false the SDK will not automatically accept a resolved party
            # but will halt the transer after a party lookup response is received. A further
            # confirmation call will be required to progress the transfer to quotes state.
            AUTO_ACCEPT_PARTY: true

            # when set to true, when sending money via the outbound API, the SDK will use the value
            # of FSPIOP-Source header from the received quote response as the payeeFsp value in the
            # transfer prepare request body instead of the value received in the payee party lookup.
            # This behaviour should be enabled when the SDK user DFSP is in a forex enabled switch
            # ecosystem and expects quotes and transfers to be rerouted by the switch to forex
            # entities i.e. forex providing DFSPs. Please see the SDK documentation and switch
            # operator documentation for more information on forex use cases.
            USE_QUOTE_SOURCE_FSP_AS_TRANSFER_PAYEE_FSP: false

            # set to true to validate ILP, otherwise false to ignore ILP
            CHECK_ILP: true

            # set to true to enable test features such as request cacheing and retrieval endpoints
            ENABLE_TEST_FEATURES: true

            # set to true to mock WSO2 oauth2 token endpoint
            ENABLE_OAUTH_TOKEN_ENDPOINT: false
            OAUTH_TOKEN_ENDPOINT_CLIENT_KEY: "test-client-key"
            OAUTH_TOKEN_ENDPOINT_CLIENT_SECRET: "test-client-secret"
            OAUTH_TOKEN_ENDPOINT_LISTEN_PORT: "6000"

            # WS02 Bearer Token specific to golden-fsp instance and environment
            WS02_BEARER_TOKEN: "7718fa9b-be13-3fe7-87f0-a12cf1628168"

            # OAuth2 data used to obtain WSO2 bearer token
            OAUTH_TOKEN_ENDPOINT: ""
            OAUTH_CLIENT_KEY: ""
            OAUTH_CLIENT_SECRET: ""
            OAUTH_REFRESH_SECONDS: "3600"

            # Set to true to respect expirity timestamps
            REJECT_EXPIRED_QUOTE_RESPONSES: false
            REJECT_TRANSFERS_ON_EXPIRED_QUOTES: false
            REJECT_EXPIRED_TRANSFER_FULFILS: false

            # Timeout for GET/POST/DELETE - PUT flow processing
            REQUEST_PROCESSING_TIMEOUT_SECONDS: "30"

            # To allow transfer without a previous quote request, set this value to true.
            # The incoming transfer request should consist of an ILP packet and a matching condition in this case.
            # The fulfilment will be generated from the provided ILP packet, and must hash to the provided condition.
            ALLOW_TRANSFER_WITHOUT_QUOTE: false
            ALLOW_DIFFERENT_TRANSFER_TRANSACTION_ID: true
            RESERVE_NOTIFICATION: false
            RESOURCE_VERSIONS: transfers=1.1,quotes=1.1,participants=1.1,parties=1.1,transactionRequests=1.1

            ENABLE_FSPIOP_EVENT_HANDLER: false
            ENABLE_BACKEND_EVENT_HANDLER: false
        backend:
          image:
            repository: mojaloop/mojaloop-simulator
            tag: v15.0.0
            pullPolicy: IfNotPresent
          <<: *defaultProbes

          # These will be supplied directly to the init containers array in the deployment for the
          # backend. They should look exactly as you'd declare them inside the deployment.
          # Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
          initContainers: []

          # Supply JSON rules here as a string
          # Example:
          # rules: |-
          #   [
          #     {
          #       "ruleId": 1,
          #       .. etc.
          #     }
          #   ]
          rules: |-
            [ ]

          env:
            ##### Section for simulator backend container #####
            # This is the endpoint the backend expects to communicate with the scheme adapter on.
            # Include the protocol, i.e. http.
            # It's not configured by default in this chart as the default value is calculated in a
            # template and configuring it is likely to break communication between the backend and the
            # scheme adapter.
            # OUTBOUND_ENDPOINT: "http://localhost:4001" # within the pod

            # Enable mutual TLS authentication. Useful when the simulator is not running in a managed
            # environment, i.e. when you're running it locally against your own implementation.
            MUTUAL_TLS_ENABLED: false

            # Enable server-only TLS; i.e. serve on HTTPS instead of HTTP.
            HTTPS_ENABLED: false

            # Location of certs and key required for TLS
            CA_CERT_PATH: /secrets/cacert.pem
            SERVER_CERT_PATH: /secrets/servercert.pem
            SERVER_KEY_PATH: /secrets/serverkey.pem

            # The number of space characters by which to indent pretty-printed logs. If set to zero, log events
            # will each be printed on a single line.
            LOG_INDENT: "0"

            # The name of the sqlite log file. This probably doesn't matter much to the user, except that
            # setting :memory: will use an in-memory sqlite db, which will be faster and not consume disk
            # space. However, it will also mean that the logs will be lost once the container is stopped.
            SQLITE_LOG_FILE: ':memory:'

            # The DFSPID of this simulator. The simulator will accept any requests routed to
            # FSPIOP-Destination: $SCHEME_NAME. Other requests will be rejected.
            # Not set in this chart as these are calculated in templates. Setting this values is likely
            # to break expected functionality.
            # SCHEME_NAME: golden
            # DFSP_ID: golden

            # The name of the sqlite model database. If you would like to start the simulator with preloaded
            # state you can use a preexisting file. If running in a container, you can mount a sqlite file as a
            # volume in the container to preserve state between runs.
            # Use MODEL_DATABASE: :memory: for an ephemeral in-memory database
            MODEL_DATABASE: ':memory:'

            # The simulator can automatically add fees when generating quote responses. Use this
            # variable to control the fee amounts added. e.g. for a transfer of 100 USD a FEE_MULTIPLIER of 0.1
            # reuslts in fees of USD 10 being applied to the quote response
            FEE_MULTIPLIER: "0.05"

            # Specifies the location of a rules file for the simulator backend. Rules can be used to produce
            # specific simulator behaviours in response to incoming requests that match certain conditions.
            # e.g. a rule can be used to trigger NDC errors given transfers between certain limits.
            RULES_FILE: ../rules/rules.json

            # Ports for simulator, report, and test APIs
            SIMULATOR_API_LISTEN_PORT: 3000
            REPORT_API_LISTEN_PORT: 3002
            TEST_API_LISTEN_PORT: 3003

        thirdpartysdk:
          secrets:
            tls:
              # In order to enable TLS with your supplied credentials, you will need to:
              # 1. set all three of the `cert`, `key`, `cacert` fields appropriately for each of
              # `inbound` and `outbound` as per your preference.
              # 2. optionally specify `schemeAdapter.env.INBOUND_MUTUAL_TLS_ENABLED: true`
              # 3. optionally specify `schemeAdapter.env.OUTBOUND_MUTUAL_TLS_ENABLED: true`
              # It probably makes sense to set your CA cert in defaults. Note that the default is that
              # the CA, cert and key will be generated for you by this chart. To use this functionality
              # you only need specify the config documented in steps (2, 3, 4) a few lines up.
              #
              # inbound:
              #   key: |
              #     -----BEGIN CERTIFICATE-----
              #     ...
              #     -----END CERTIFICATE-----
              #   cacert: |
              #     -----BEGIN CERTIFICATE-----
              #     ...
              #     -----END CERTIFICATE-----
              #   cert: |
              #     -----BEGIN RSA PRIVATE KEY-----
              #     ...
              #     -----END RSA PRIVATE KEY-----
              #
              # To set the same values for each of inbound and outbound, specify the values for
              # inbound as above, then the values for outbound using yaml anchors:
              #
              # inbound: &inbound
              #   key: |
              #     ..
              #   cacert: |
              #     ..
              #   cert: |
              #     ..
              # outbound: *inbound
              inbound: &inbound
              # DO NOT REMOVE COMMENT
              outbound: *inbound
            jws:
              # Use the privateKeySecret field if you would like to supply a JWS private key external
              # to this chart.
              # For example, if you create a private key called `sim-payerfsp-jws-signing-key` with data property `private.key`
              # external to this chart, you would supply
              # `privateKeySecret:
              #   name: sim-payerfsp-jws-signing-key`
              #   key: private.key
              # here.
              # These fields will take precedence over `privateKey` and `publicKey` below.
              # This field is best supplied per-simulator, however it's here for documentation
              # purposes.
              privateKeySecret: {}
              # The `publicKeyConfigMapName` field allows you to supply a ConfigMap containing JWS public
              # keys external to this release, and have this release reference that ConfigMap to
              # populate JWS public keys. The format of this ConfigMap must be as described for
              # `sharedJWSPubKeys`, a map with one key per FSP/simulator corresponding to the
              # FSPIOP-Source header that will be supplied by that FSP/simulator.
              publicKeyConfigMapName: {}
              # Supply per-simulator private and public keys here:
              privateKey: ''
              publicKey: ''
          image:
            repository: mojaloop/thirdparty-sdk
            tag: v15.1.1
            pullPolicy: IfNotPresent
            inboundCommand: '[ "npm", "run", "start:inbound" ]'
            outboundCommand: '[ "npm", "run", "start:outbound" ]'
          <<: *defaultProbes

          # These will be supplied directly to the init containers array in the deployment for the
          # scheme adapter. They should look exactly as you'd declare them inside the deployment.
          # Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
          # This init container will have the same environment variables as the main scheme adapter
          # container, as specified in .env below.
          # All init containers will have the same preset environment variables as the backend init
          # container as specified above.
          initContainers: []

          scale:
            enabled: false
            spec:
              minReplicas: 1
              maxReplicas: 10
              metrics:
              - type: Resource
                resource:
                  name: cpu
                  target:
                    type: Utilization
                    averageUtilization: 80
          config: {production.json: {"control": {"mgmtAPIWsUrl": "127.0.0.1", "mgmtAPIWsPort": 4010}, "inbound": {"port": 4005, "host": "0.0.0.0", "pispTransactionMode": true, "tls": {"mutualTLS": {"enabled": false}, "creds": {"ca": "/secrets/dfsp_or_3ppi_client_cacert.pem", "cert": "/secrets/dfsp_or_3ppi_server_cert.pem", "key": "/secrets/dfsp_or_3ppi_server_key.key"}}}, "outbound": {"port": 4006, "host": "0.0.0.0", "tls": {"mutualTLS": {"enabled": false}, "creds": {"ca": "/secrets/hub_server_cacert.pem", "cert": "/secrets/dfsp_or_3ppi_client_cert.cer", "key": "/secrets/dfsp_or_3ppi_client_key.key"}}}, "requestProcessingTimeoutSeconds": 30, "wso2": {"auth": {"staticToken": "test-static-token", "tokenEndpoint": "", "clientKey": "test-client-key", "clientSecret": "test-client-secret", "refreshSeconds": 3600}}, "redis": {"port": 6379, "timeout": 100}, "inspect": {"depth": 4, "showHidden": false, "color": true}, "shared": {"authServiceParticipantId": "centralauth", "thirdpartyRequestsEndpoint": "$release_name-tp-api-svc", "servicesEndpoint": "$release_name-tp-api-svc", "alsEndpoint": "$release_name-account-lookup-service", "quotesEndpoint": "$release_name-quoting-service", "transfersEndpoint": "$release_name-ml-api-adapter-service", "dfspId": "$name", "dfspBackendUri": "$full_name-backend:3000", "dfspBackendHttpScheme": "http", "dfspBackendVerifyAuthorizationPath": "verify-authorization", "dfspBackendVerifyConsentPath": "verify-consent", "sdkRequestToPayTransferUri": "0.0.0.0:3000/requestToPayTransfer", "sdkOutgoingUri": "$full_name-scheme-adapter:4001", "sdkOutgoingHttpScheme": "http", "sdkOutgoingPartiesInformationPath": "parties/{Type}/{ID}/{SubId}", "sdkNotifyAboutTransferUri": "ml-testing-toolkit:4040/thirdpartyRequests/transactions/{ID}"}, "pm4mlEnabled": false, "validateInboundJws": false, "jwsSign": false, "jwsSigningKey": "/jwsSigningKey.key", "jwsVerificationKeysDirectory": null}}
          env:
            NODE_ENV: production
            INBOUND_LISTEN_PORT: 4005
            OUTBOUND_LISTEN_PORT: 4006
            # Path to JWS signing key (private key of THIS DFSP)
            JWS_SIGNING_KEY_PATH: "/jwsSigningKey/private.key" # do not change this unless you know what you are doing - this will break the chart
            JWS_VERIFICATION_KEYS_DIRECTORY: "/jwsVerificationKeys"

      ingress:
        enabled: false
        path: /
        hosts:
          - mojaloop-simulators.local
        tls: []
        #  - secretName: chart-example-tls
        #    hosts:
        #      - chart-example.local
      resources: {}
      # We usually recommend not to specify default resources and to leave this as a conscious
      # choice for the user. This also increases chances charts run on environments with little
      # resources, such as Minikube. If you do want to specify resources, uncomment the following
      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      # limits:
      #  cpu: 100m
      #  memory: 128Mi
      # requests:
      #  cpu: 100m
      #  memory: 128Mi
      ## Pod scheduling preferences.
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
      affinity: {}

      ## Node labels for pod assignment
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
      nodeSelector: {}

      ## Set toleration for scheduler
      ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
      tolerations: []

simulator:
  enabled: true
  # Default values for simulators.
  # This is a YAML-formatted file.
  # Declare variables to be passed into your templates.

  image:
    registry: docker.io
    repository: mojaloop/simulator
    tag: v12.1.0
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []

  replicaCount: 1
  command: '["node", "src/index.js"]'

  ## Enable diagnostic mode in the deployment
  ##
  diagnosticMode:
    ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
    ##
    enabled: false
    ## @param diagnosticMode.command Command to override all containers in the deployment
    ##
    command:
      - node
      - src/index.js
    ## @param diagnosticMode.args Args to override all containers in the deployment
    ##
    args:
      - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

    ## @param diagnosticMode.debug config to override all debug information
    ##
    debug:
      internalPort: 9229
      port: 9229

  readinessProbe:
    enabled: true
    httpGet:
      path: /health
      port: 8444
      scheme: HTTP
    initialDelaySeconds: 5
    periodSeconds: 15

  livenessProbe:
    enabled: true
    httpGet:
      path: /health
      port: 8444
      scheme: HTTP
    initialDelaySeconds: 5
    periodSeconds: 15
    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}
  ## Node labels for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector: {}
  ## Set toleration for scheduler
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []
  metrics:
    enabled: true
    prefix: moja_
    timeout: 5000
    defaultLabels:
      serviceName: simulator

  config:
    ## Set debug level for log output
    LOG_LEVEL: 'info'

    ## Add '$release' into any of the *_SERVICE_ENDPOINT values to include the release name as part of the deployment
    PARTIES_SERVICE_ENDPOINT: 'http://$release_name-account-lookup-service'
    QUOTES_SERVICE_ENDPOINT: 'http://$release_name-quoting-service'
    TRANSFERS_SERVICE_ENDPOINT: 'http://$release_name-ml-api-adapter-service'
    BULK_TRANSFERS_SERVICE_ENDPOINT: 'http://$release_name-bulk-api-adapter-service'
    TRANSACTION_REQUESTS_SERVICE_ENDPOINT: 'http://$release_name-transaction-requests-service'
    ## Disable the fulfil response callback
    TRANSFERS_FULFIL_RESPONSE_DISABLED: false
    ## Set the fulfil response response information
    TRANSFERS_FULFILMENT: 'XoSz1cL0tljJSCp_VtIYmPNw-zFUgGfbUqf69AagUzY'
    TRANSFERS_CONDITION: 'HOr22-H3AfTDHrSkPjJtVPRdKouuMkDXTR4ejlQa8Ks'
    TRANSFERS_ILPPACKET: 'AQAAAAAAAADIEHByaXZhdGUucGF5ZWVmc3CCAiB7InRyYW5zYWN0aW9uSWQiOiIyZGY3NzRlMi1mMWRiLTRmZjctYTQ5NS0yZGRkMzdhZjdjMmMiLCJxdW90ZUlkIjoiMDNhNjA1NTAtNmYyZi00NTU2LThlMDQtMDcwM2UzOWI4N2ZmIiwicGF5ZWUiOnsicGFydHlJZEluZm8iOnsicGFydHlJZFR5cGUiOiJNU0lTRE4iLCJwYXJ0eUlkZW50aWZpZXIiOiIyNzcxMzgwMzkxMyIsImZzcElkIjoicGF5ZWVmc3AifSwicGVyc29uYWxJbmZvIjp7ImNvbXBsZXhOYW1lIjp7fX19LCJwYXllciI6eyJwYXJ0eUlkSW5mbyI6eyJwYXJ0eUlkVHlwZSI6Ik1TSVNETiIsInBhcnR5SWRlbnRpZmllciI6IjI3NzEzODAzOTExIiwiZnNwSWQiOiJwYXllcmZzcCJ9LCJwZXJzb25hbEluZm8iOnsiY29tcGxleE5hbWUiOnt9fX0sImFtb3VudCI6eyJjdXJyZW5jeSI6IlVTRCIsImFtb3VudCI6IjIwMCJ9LCJ0cmFuc2FjdGlvblR5cGUiOnsic2NlbmFyaW8iOiJERVBPU0lUIiwic3ViU2NlbmFyaW8iOiJERVBPU0lUIiwiaW5pdGlhdG9yIjoiUEFZRVIiLCJpbml0aWF0b3JUeXBlIjoiQ09OU1VNRVIiLCJyZWZ1bmRJbmZvIjp7fX19'
    MOCK_JWS_SIGNATURE: 'abcJjvNrkyK2KBieDUbGfhaBUn75aDUATNF4joqA8OLs4QgSD7i6EO8BIdy6Crph3LnXnTM20Ai1Z6nt0zliS_qPPLU9_vi6qLb15FOkl64DQs9hnfoGeo2tcjZJ88gm19uLY_s27AJqC1GH1B8E2emLrwQMDMikwQcYvXoyLrL7LL3CjaLMKdzR7KTcQi1tCK4sNg0noIQLpV3eA61kess'

  service:
    internalPort: 8444
    ## @param service.type %%MAIN_CONTAINER_NAME%% service type
    ##
    type: ClusterIP
    ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
    ##
    port: 80
    ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
    ##
    httpsPort: 443
    ## Node ports to expose
    ## @param service.nodePorts.http Node port for HTTP
    ## @param service.nodePorts.https Node port for HTTPS
    ## NOTE: choose port between <30000-32767>
    ##
    nodePorts:
      http: null
      https: null
      ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
    ## e.g.:
    ## clusterIP: None
    ##
    clusterIP: null
    ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
    ##
    loadBalancerIP: null
    ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
    ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ## e.g:
    ## loadBalancerSourceRanges:
    ##   - 10.10.10.0/24
    ##
    loadBalancerSourceRanges: []
    ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
    ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
    ##
    externalTrafficPolicy: Cluster
    ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
    ##
    annotations: {}
    ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
    ## If "ClientIP", consecutive client requests will be directed to the same Pod
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
    ##
    sessionAffinity: None
    ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
    ## sessionAffinityConfig:
    ##   clientIP:
    ##     timeoutSeconds: 300
    ##
    sessionAffinityConfig: {}

  ingress:
    enabled: true
    ## @param ingress.pathType Ingress path type
    ##
    pathType: ImplementationSpecific
    ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
    ##
    apiVersion: null
    ## @param ingress.hostname Default host for the ingress record
    ##
    hostname: moja-simulator.local
    ## @param servicePort : port for the service
    ##
    servicePort: 80
    ## @param ingress.path Default path for the ingress record
    ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
    path: /
    ## @param ingress.annotations Additional custom annotations for the ingress record
    ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
    ##
    annotations: null
    ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
    ## You can:
    ##   - Use the `ingress.secrets` parameter to create this TLS secret
    ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
    ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
    ##
    tls: false
    ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
    ##
    certManager: false
    ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
    ##
    selfSigned: false
    ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
    ## e.g:
    ## extraHosts:
    ##   - name: transfer-api-svc.local
    ##     path: /
    ##
    extraHosts: null
    extraPaths: null
    extraTls: null
    secrets: null
    className: "nginx"
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #  cpu: 100m
  #  memory: 128Mi
  # requests:
  #  cpu: 100m
  #  memory: 128Mi
  resources: {}

mojaloop-simulator:
  enabled: true
  # Default values for mojaloop-simulator.
  # This is a YAML-formatted file.
  # Declare variables to be passed into your templates.

  # Usage:
  # Add simulators to the simulators object. The following example will create two simulators,
  # 'payerfsp' and 'payeefsp' that will be created with the default values available lower in this
  # file.
  #
  # simulators:
  #   payerfsp: {}
  #   payeefsp: {}
  #
  # The default values can be overridden for all sims by modifying mojaloop-simulator.defaults in
  # your parent chart. They can also be overriden per-simulator. The following example will result in
  # a payerfsp without a cache and a payeefsp with a cache.
  #
  # simulators:
  #   payerfsp:
  #     config:
  #       cache:
  #         enabled: false
  #   payeefsp: {}
  #
  # If you want to disable any of the default simulators, you can define the values to null in this file.
  #
  # simlators:
  #   payerfsp: null
  #   payeefsp: null
  #

  # TODO & notes:
  # * do the port _numbers_ matter at all? Can we get rid of them?
  # * for Mowali, how are JWS and TLS secrets being set up?
  # * support arbitrary init containers + config (that might just be config that goes into defaults
  #   or something?). Supply all config and volumes to the init containers.
  # * create some test containers
  # * parametrise imagePullSecretName (global? like https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters)
  # * generate JWS private/public keys, so the user does not need to supply keys at all.
  # * generate public key from private, so the user only needs to supply private keys for each sim?
  #   (_might_ be possible with a job or init container or similar).
  # * support mTLS auto-cert generation
  # * probably eliminate all config that shouldn't actually be changed by a user, e.g.
  #   JWS_VERIFICATION_KEYS_DIRECTORY. That's a good configuration option to have for other contexts,
  #   such as running the sim locally or in docker-compose but in this context it's _an
  #   implementation detail_. The chart user should not have to worry about it, and we should not
  #   have to test the effect of changing it.
  #   Also
  #   INBOUND_LISTEN_PORT
  #   OUTBOUND_LISTEN_PORT
  # * make ingress more generic- do not preconfigure annotations
  # * think about labels a little more carefully- the app should probably always be "mojaloop-simulator"
  # * add config map and hashes to the deployments so that a configmap change triggers a rolling
  #   update
  # * support JWS public keys for other entities. Add a note in the documentation that they must map
  #   directly to the value that will be received in the FSPIOP-Source (check this is correct)
  # * update labels to be compliant. E.g. app.kubernetes.io/name or whatever
  # * rename ".Values.defaults.config" as it's pretty a useless name
  # * support arbitrary sidecars?
  # * use the redis subchart? https://github.com/bitnami/charts/tree/master/bitnami/redis
  #   - this would mean a single instance of redis (probably good)
  #   - might need to have the simulators use separate databases per simulator, or prefix all of
  #     their keys with their own name, or something
  # * allow the user to optionally specify the namespace, with the caveat that that namespace will
  #   need to be created manually before the release is deployed. There may be a horrible hack (which
  #   I have not tried) whereby all templates are moved to a different directory, say ./xtemplates,
  #   then all are imported using {{ .Files.Glob }} and {{ .Files.Get }} then templated into a single
  #   amazing template with {{ template }}. At the top of this template goes a namespace. The
  #   consequence of this is that the namespace is created first, enabling this beautiful pattern.
  #   Remember, with great power comes great responsibility. (In other words, we probably have a
  #   responsibility to _not_ do this).
  # * should redis be a statefulset? optionally? what does the bitnami chart do?
  # * move labels into helpers
  # * autogenerate ILP stuff?
  # * defaults.resources looks like it's used nowhere- check this and remove it as appropriate
  # * look for references to replicaCount in the charts/values. Is it set, or whatever?
  # * scale Redis
  # * changing JWS_SIGNING_KEY_PATH currently breaks the chart because it's nastily hard-coded. It
  #   should be possible to use the Spring filepath functions to avoid this. Similarly, changing
  #   RULES_FILE will have a similar effect. Alternatively, make these unconfigured by default. I.e.
  #   comment them out, hard-code them and add a warning to the user in the config. (Is there a
  #   scenario where the user should want to configure them? I don't think so..).
  #   (https://masterminds.github.io/sprig/paths.html)
  # * put sim inbound API on port 80
  # * supply more documentation, especially a range of examples, and preferably documentation that is
  #   executable
  # * share configmaps, secrets with init containers
  # * share an emptyDir volume between init containers and main containers
  # * allow init containers to create secrets and put them on persistent volumes, or emptyDirs, then
  #   allow main containers to access those
  # * do not put environment variables in configmaps, instead put them straight into the deployments.
  #   This makes the deployment much easier to manage.
  # * Remember, labels are _for_ identifying stuff. So labels should probably be like "release"
  #   (.Release.Name or similar) "chart" (.Chart.Name or similar) "simulator" (e.g. payerfsp,
  #   payeefsp) "sim-component" (e.g. backend, scheme-adapter, cache)
  # * can _probably_ remove port numbers from services to simplify chart (although perhaps not? try
  #   to port-forward with a named port instead of a numbered port?)


  simulators:
    ## Every key added to this `simulators` object will be a simulator that takes on the default
    ## config below. The default is deliberately left empty so nothing is deployed by default.
    # payerfsp: {}
    # payeefsp: {}
    ## Default FSPs for Mojaloop Postman Scripts
    payerfsp:
      ingress:
        enabled: true
        hosts:
          - sim-payerfsp.local
      config:
        schemeAdapter:
          secrets:
            jws:
              # `privateKeySecret` is used to specify the secret that contains the JWS signing key.
              # If `privateKeySecret` is not null, then the `privateKey` value will be ignored.
              # Expected properties of `privateKeySecret` are `name` and `key`.
              privateKeySecret: {}
              # The following is an example key and shouldn't be used in production
              privateKey: |-
                -----BEGIN PRIVATE KEY-----
                MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCg9eU66hg4ZAE6
                jM4U8ylXQwUz9cdmzS3JyW+1bbgv77peMKSU/wFsi4QRwmbrYze9baFnGCKnS75E
                vCchib5vJxp3MDWzi/TGxmzgWdJRzkyCiI5C6dCgVL71MjsFgN3TN63wEf5sEU2I
                eoJ8yXJM0pUG9f9NO7p/IGliDmt6C7EA7D9kQWigufmX0ZTVNKI07fKwC/AEKLp7
                kx99pvsCq8m184EEL15Q/NhA7R/5zKoHvmJa6Jd7tM0i0xn8IKOkNVFu3YIafAEC
                QWQwRbanFEeRc3tH3bEoYM8c74r+W+YxCG7nUf16XCk132XVffbHVl+wFgo18YB/
                sAJmcbePAgMBAAECggEAGQGKnsf+gkg7DqMQYx3Rxt5BISzmURjAK9CxG6ETk9Lt
                A7QP5ZvmVzwnhPDMN3Z/Et1EzXTo8U+pnBkVBTdWkAMlr+2b8ixklzr9cC9UJuRj
                a4YWf9u+TyJLVmF63OSD0cwdKCZLffOENZc+zW8oZDn08BNomdGVLCnXZWXzGY8X
                KaJTJr29jEgkKOqFXdAHrsmj7TBtqSLZKx2IHdCmi05+5JCxVLPgnDiCicZ9zEii
                yWw57Q1migFIcw6ZQP4RyjgH1o70B+zo3OL7IQEirE17GUgK16XD8xi8hWCYTj5n
                xOz9yfVfPuYom/9Xbm5kYJZKE2HOZ3Lg8pUnWncuNQKBgQDbaOoACQPhVxQK1qYR
                RbW0I5Rn0EDxzsFPEpu3eXHoIYGXi8u/ew9AzFmGu+tKYJV5V4BCXo5x2ddE+B8B
                dXhyHLGfeV8tWKYKBpatolVxxKDL/9fnxoGIAO9cc91ieOm5JxmKscCVP1UnOXHZ
                uomSfAbGQwYDtMd2bJKkE1z0qwKBgQC7zacuv1PMaDFksHuNNRG+aZ74pJ77msht
                vJoKyaQcktD0xmIXhFfJvK4cclzG7s5jxCsu2ejimgmfVzgXlLEMrJFvSdFkD2SS
                gGqoxq5c9g8ssvt7xwr7aJ+VYYWTWRzJrOUny+99UbwHedu0EHL1BYILwy67Lium
                sgUeeCEgrQKBgGv+7f7qcRB/jgvvr3oc990dDjUzGmRrQlcrb54Vlu2NYH45fyZW
                6iEY9JAO+zd25tv9J9KDPFXpxb3a61gKfCie2wcF9MUbN08EAzKgDrKa+BKxcZJR
                8PwCic7V8QhBP7m09yt/Zq2PqNhPvCxRVtnVVnhMES/N0cgGlP9R0JVVAoGAHU2/
                kmnEN5bibiWjgasQM7fjWETHkdbbA1R0bM59zv+Rnz/9OlIqKI5KVKH7nAbTKXoI
                iuzxi7ohWj2PwQ4wehvLLaRFCenk9X8YJXGq71Jtl7ntx6iNLCFtFS/8WbuD5GwX
                7ZfCrLk+L6RyBayzY0wSuKch+Y8AvKf2aISyFpkCgYEAjSfEjz9Cn+27HdiMoBwa
                +fyyoosci/6OBxj/WTKvV6KUYLBfFoAYpb9rqrbvnfyyc0UiAYQeMJAOWQ1kkzY4
                zXs63iPQi2UeGPJZ7RsT+31DSaG9YiQdrInsUrlm8hi1C7Pg/NNt6Y1G0WhWYrvF
                iNK0yCENMhSoOTtbT9tmGi0=
                -----END PRIVATE KEY-----
              publicKey: |-
                -----BEGIN PUBLIC KEY-----
                MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPXlOuoYOGQBOozOFPMp
                V0MFM/XHZs0tyclvtW24L++6XjCklP8BbIuEEcJm62M3vW2hZxgip0u+RLwnIYm+
                bycadzA1s4v0xsZs4FnSUc5MgoiOQunQoFS+9TI7BYDd0zet8BH+bBFNiHqCfMly
                TNKVBvX/TTu6fyBpYg5reguxAOw/ZEFooLn5l9GU1TSiNO3ysAvwBCi6e5Mffab7
                AqvJtfOBBC9eUPzYQO0f+cyqB75iWuiXe7TNItMZ/CCjpDVRbt2CGnwBAkFkMEW2
                pxRHkXN7R92xKGDPHO+K/lvmMQhu51H9elwpNd9l1X32x1ZfsBYKNfGAf7ACZnG3
                jwIDAQAB
                -----END PUBLIC KEY-----
    payeefsp:
      ingress:
        enabled: true
        hosts:
          - sim-payeefsp.local
      config:
        schemeAdapter:
          secrets:
            jws:
              # `privateKeySecret` is used to specify the secret that contains the JWS signing key.
              # If `privateKeySecret` is not null, then the `privateKey` value will be ignored.
              # Expected properties of `privateKeySecret` are `name` and `key`.
              privateKeySecret: {}
              # The following is an example key and shouldn't be used in production
              privateKey: |-
                -----BEGIN PRIVATE KEY-----
                MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMu126miewCUCT
                7f49B0SyCPFGzmqGSs9rTPbk1se+BBhqfhsfkZj6cRRfrlg3rme6we0Ib2AF5TQL
                noSBlDAimQcNOHXrqpAY/B0l/mgyUwmfv0NJ3UjZuCFuw3HRrU/oSUfXoDITC+Bi
                120w4FY2B/vPn+1iC/tsaCayneoaV/Sedq7H9+smEnQfGl3p5QJp/B2Ws3Bz1HqI
                IoxLEaO9VMeDHQPvNJn/7g9erqA5vIhmgLS46worOVjdRLH2SECH73qp8Wg0rJ8Y
                eW2kQ8kuY4uHcG3MO6drYrC011U0ZyM90KV7dv2Y0h2FHlpn9s/pmb630m5ELpnB
                T/pYTLcXAgMBAAECggEADqk6Qz3SgBeMMYEWYZ4ZdsW6Ktpm+Xqg/kDy4JywOB9z
                SikBXeeKH3Z6ltwq2BicDV020Wb8Zt+s3vTOmLhDzC544/hPmtKfjWfR2eHX6gaq
                m+8ml+20pQFmb4Kn2MlC/Xzwm/SOXBvPyUmTua95rQExsK12DT0+F4YhLfhYsTh2
                HfkEzdFW4rrd+9ddKG1ZANS4ZaiMyzhtvUWeEBypBtVf+kBk+51t9pLCdjuynb8I
                WylSDhikT3/YQ/3g/Sz3SMp1u4x0GQe9FWYrnPzzp5LnM5fm49v8JWVHUvd0TOi0
                dQV+LYlgSD38YPpi4iKQSh0Zf0EBfbA83GsX2ArJ7QKBgQDmvcA6PqPo0OV/7RKY
                JuziA3TpucL8iVM1i7/Lv6+VkX88uDvEjwLoNAiYcgIm/CMK7WAwA+Dzn4r38EHB
                BKF4KRhP0qQS0KLXsd0tdsmAB0In7+cbKL4ttqNUP98xZAkTLJq9PXqTKN0qtyw4
                SfIsVMjDGoeSdWHObZYbGKICfQKBgQDjJLwolDrVX29V4zVmxQYH5iN+5kwKXHXj
                suHBrW02Oj/GQFh3Xj6JQi3mzTWYhHwhA4pdaQtNYqTaz9Ic/O1VNPic2ovtg+cd
                7sh86qdQ4QZYhN3RT4oX///u6+UK90llh9hEBo3GuZ4X47tuByNtD4SFAlULrkSm
                fW4XaC3gIwKBgGil6HfCDx65F00UnVlKVicPQEf8ivVz5rwjPIJQ1nZ0PYuxVtIH
                tl7PspJJKra5pb7/957vM2fqlOFsIrZCvmS75p3VP7qUyzYeIdzLwgmBwTxRrrP/
                n3kmGx9LtJM29nKuySNIrb3uS5hi6PhCeUYn0cHC13fSKuCvjOOPIXMVAoGBAJg+
                CPdR0tUs8Byq+yH0sIQe1m+5wAG50zJYtUPxD6AnDpO8kQ8A1f19o/JsXJ3rPp+K
                FfVh8LdfhIs8e+H+DLztkizftqXtoLzJTQuc46QsDurJszsVisNnTI1BAvWEpWct
                0+BUXDZ0NuhgNUIb+rygh/v2gjYgCddlfqKlqwntAoGBAM5Kpp5R0G0ioAuqGqfZ
                sHEdLqJMSepgc6c7RC+3G/svtS2IqCfyNfVMM3qV5MY3J7KnAVjGOw2oJbXcPLXa
                uutsVVmPx2d/x2LZdc8dYYcdOQZvrUhmALhAPXM4SRujakxh+Uxi1VOiW+fZL8aW
                uu1pxuWD0gTJxFkp6u4YIAhw
                -----END PRIVATE KEY-----
              publicKey: |-
                -----BEGIN PUBLIC KEY-----
                MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLtduponsAlAk+3+PQdE
                sgjxRs5qhkrPa0z25NbHvgQYan4bH5GY+nEUX65YN65nusHtCG9gBeU0C56EgZQw
                IpkHDTh166qQGPwdJf5oMlMJn79DSd1I2bghbsNx0a1P6ElH16AyEwvgYtdtMOBW
                Ngf7z5/tYgv7bGgmsp3qGlf0nnaux/frJhJ0Hxpd6eUCafwdlrNwc9R6iCKMSxGj
                vVTHgx0D7zSZ/+4PXq6gObyIZoC0uOsKKzlY3USx9khAh+96qfFoNKyfGHltpEPJ
                LmOLh3BtzDuna2KwtNdVNGcjPdCle3b9mNIdhR5aZ/bP6Zm+t9JuRC6ZwU/6WEy3
                FwIDAQAB
                -----END PUBLIC KEY-----
    testfsp1:
      ingress:
        enabled: true
        hosts:
          - sim-testfsp1.local
      config:
        schemeAdapter:
          secrets:
            jws:
              # `privateKeySecret` is used to specify the secret that contains the JWS signing key.
              # If `privateKeySecret` is not null, then the `privateKey` value will be ignored.
              # Expected properties of `privateKeySecret` are `name` and `key`.
              privateKeySecret: {}
              # The following is an example key and shouldn't be used in production
              privateKey: |-
                -----BEGIN PRIVATE KEY-----
                MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDZHci4QOmoO2xL
                3p6YjS90Iml5v+WcLFHY3DnHpncaML09EUInaCxLZmrvQ1pRDnJauutn0Nnw+OAJ
                ep+1Qobja4WyJssWk3T0iNC5kIO4CQJ0SMyCb7GJ6zjtqNHOXp685zQKWRAFlUbJ
                uX1ECvo1FMU5iRiMnTFLQw2R9GQOI4S7kED9cpvmgtvJUyMbK8uDJLWDjXHh8D4J
                xvk8Q1qH12qQUnePbXxGz5sbK2tWqusIKNXUWIj5j1iMq5NFGjtT+NwYct8RzthF
                w/ZT2izFDEW+EfFHtbR7vh8BTwHxggnPCNpC+sSH1IlFzYhmyHoR0EBdeZuTiwcr
                KGhfRvJRAgMBAAECggEAJ1r6QMfncsq+sSv71Iw3D1aThvGtZbc06NnWkWWPzkwK
                aXDg7HK6ILrCZHdxfiLfwKmENU/KyZ7bQWycWYdjGwMo+2eDxaZZ+193ckOLVMcx
                TjHJ/FTRuj3MlmvVCBLntDc2nC+Ts2dhKvy4A6b3vrpym6DJtedigZF4er3xiww4
                a9XV7vr5xDEjf4kFWWGtEDuF+4YAEBbmD76cRyF5Hv8eoU0MELCelHqL1jL7W6/5
                sTfbTxRIFO3wmJhW2ZRRyD9EN5lmP9dROxIE4H3tRBihUJVDBA0IXGiE2Z+NjOUJ
                ycbZVT0LMa3XeYKdrhHRGFafWPSPIJCyQOIK33V6BwKBgQD/TjS9sXJ9hXu53bM1
                8/X780kUp66GQF5V+QhMAVW/6BdQ1Fkhv6AuJZl+FujBRszSdl96thILy87qkP+n
                dUDxXn5B2B7MQ1K7uwmKrYW087BfDPa+3R7wKJ4fndIhrqANGy1KCfwhe8GJEzpP
                vlI4JeInrgMXyQgZgj+65zE22wKBgQDZtPu1MD8SJVvUYXgP1u0XqJWZDo5dndI1
                KA7UlefbBqqtZ87EP7zxcTZHaRLuMBPEppH4+K4NsopnZh4rD+bV/NOJ/rI6PMZe
                zIkjLYE+KTgvM7pvwDy+q08fDYnucS4xnHOjLzw8/l4ptJ1uigXkx8PSl94118+5
                h4Ac4ZL1QwKBgQCk/3MggXT/4GvU9I4kuVVpjpLVkYU+aI1PPNH65QX5L9MZvxMX
                t5ObH1uy3LVybAJlpnEQimjhTMeeWzWOkT32gF5SyY0l8AChKUECaiC2kKOU2nkB
                Y0Diby26OzIZ6JSxw7WiWw+iyCuNHmsaLGNQvFML1+9RyO++JKpxbYcl7wKBgBbd
                Vi5CYe1i9REKJ5TqSr5YW1XW3Ibig2hHy77x+4baXWSW6XVdCFgHPt8jHvTbIche
                gig23fjcToLri7GUGvdQdVsh39AT//WG38RNDCzeIWN7uFHyS67uyQGG53yecG6P
                cumplVcGlBcnO/2XC2VqwZtFjfXzs4JVw9PEsS2HAoGANdd6dNf7ETpBgAlesWgS
                73JAElMGkQH42dqejEzMa5CXUCPLQdqHCgxaT4M25c6F8tUhb2qSvV+Cl+zVkqlA
                CpocM6+FV4oYNLIJUtNJj+XLbDkV2XjXYzuzcGlDd9HAv6hzg0zHOhN6ETsxqIx7
                dvV4dxN19eDirp9AVl6k3Ew=
                -----END PRIVATE KEY-----
              publicKey: |-
                -----BEGIN PUBLIC KEY-----
                MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2R3IuEDpqDtsS96emI0v
                dCJpeb/lnCxR2Nw5x6Z3GjC9PRFCJ2gsS2Zq70NaUQ5yWrrrZ9DZ8PjgCXqftUKG
                42uFsibLFpN09IjQuZCDuAkCdEjMgm+xies47ajRzl6evOc0ClkQBZVGybl9RAr6
                NRTFOYkYjJ0xS0MNkfRkDiOEu5BA/XKb5oLbyVMjGyvLgyS1g41x4fA+Ccb5PENa
                h9dqkFJ3j218Rs+bGytrVqrrCCjV1FiI+Y9YjKuTRRo7U/jcGHLfEc7YRcP2U9os
                xQxFvhHxR7W0e74fAU8B8YIJzwjaQvrEh9SJRc2IZsh6EdBAXXmbk4sHKyhoX0by
                UQIDAQAB
                -----END PUBLIC KEY-----
    testfsp2:
      ingress:
        enabled: true
        hosts:
          - sim-testfsp2.local
      config:
        schemeAdapter:
          secrets:
            jws:
              # `privateKeySecret` is used to specify the secret that contains the JWS signing key.
              # If `privateKeySecret` is not null, then the `privateKey` value will be ignored.
              # Expected properties of `privateKeySecret` are `name` and `key`.
              privateKeySecret: {}
              # The following is an example key and shouldn't be used in production
              privateKey: |-
                -----BEGIN PRIVATE KEY-----
                MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/uTQyrLSNJcWk
                cP39r5iXl2Nerod3IL4GxID+xEpzMQEpDJbyYQlUgsAqQ6JtbMrt75ImNA9sWOCq
                JRm9Ejn6CAeRIlcRXbwGLawXnwDXmxCPBpKQTa8HAsAvkZ+1KZqjRBKjNJ9D5EXD
                Y36WhEZh51dmlEyxgWvW4DWpq9wGOiPsmo+kgPtRpOBfDAdZtX6Pa6FB+i2pG85D
                kpObHkclr5WM+77EALuaZwv53GZ4GlskkPkuLwHyCAlcYlST4SfpdIiBmRDq8q8L
                0fJqwTpZktdT4kmgKnbCQI81NHHM8TY8aeUjRrhk/b/L/bJpxzgdAYGEQxz5JVP9
                VJloxL4BAgMBAAECggEAGZJlDy5AbcQgOrj0c7IIXw3K6/3I5T+JgQMUNobtbDRY
                1IYQmxcMxMgkw+5d+4zjez11R6GxffDT1HXa20BTWdFY2weSx+bx9XwBhGwJk3hk
                CsOkaFloMz3vbtjUTbhVHxotBzY1WPuZP4CliYNulM/jtTOqEBH0VYZ1ueIJmI3N
                EtSUO1IAYO8SyP4sozLpAIfp4+ftML4HVCiD6aKdVl38S3PX65j1Q3x9Jz3GBSBo
                9UA6cQHRoCMrujeIAeY2uUCevhdm75xoywVFSCpRCguFxIX5GbvISJRL8XFNhDHl
                OY7yHSOJSmnedFh8oRwBDKkoxhwb+nn1wjf4FXdY/QKBgQDgRuqPx2ou25vKOnx1
                G/xvvMLWzB9KF2wqqFP4uNv0dI9qJ7zCf1ifneAv/CEU+JwX5KJknUtanCpWZare
                vlWSH0UItgs0cgEKjKFwYzXIlc06TffkFz+UlGlLXSFD3BR59xmOY/ZwXlgPz4iW
                6TefXvrU+jNGigJVIYEMzBaCLQKBgQDa14VuCOjMa0YtzAd1cQ2jd8dYovnko/J0
                OQtdx9WoEdeKsCJ8cwVJxSOF4739i0h2Bxa/lLI6mn9VuBKddBLThO1+vBCQ1SCi
                rQGYy1JUchy7OTBo1pEMAQ9AsFGXDMg4/uWdM18O9JwDHAIKsj+vGP+NTgVSO5Cq
                lO6QgG+TpQKBgHsKLNDoQ/alAFj3sSPGUL00P2f74AaTxwG4CylesTzxXWSNnF7P
                4lzfDgkFN1j78xaglf7A1IBHQGrZp94/aU6a3RKkXI1PJgcVk9PGedErbcXY1HBL
                2NO4f/Oaig9ig9FNoLWfXanT+FfkMTkphRxnzRBemxbNy+3MTbIpnQeZAoGBAMSF
                yKAAxjZUm2gjEguoI6xJsy3o5WoqxF8Unx1viHHu29YCyGVj0TrnGzhwRTx8KO08
                /nO677bq6TCsJaNaClICzFgEQQgfLLiJjqaM5/lHpH+JIuzyyryx8uWPsSVpaCCu
                3rol2NaQWc39B+RdIA148H0PtH2dWhOlvPrtK8W1AoGBAMza6OkhyCIzSTKVSWuF
                dvIUbj6jjFLuRapusG+JX+B12Upa6Z3lOHe7e0VWq3rgTktnfqf2gO55b+3o30o4
                ww+sGmRdqMTuPCCZx41XT/v0loYm+ik1GAJz1TUFDDtXlouD2QCDJJfZqPIQf29/
                bFt8u+844ddF0+j5r5Q2aXdR
                -----END PRIVATE KEY-----
              publicKey: |-
                -----BEGIN PUBLIC KEY-----
                MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7k0Mqy0jSXFpHD9/a+Y
                l5djXq6HdyC+BsSA/sRKczEBKQyW8mEJVILAKkOibWzK7e+SJjQPbFjgqiUZvRI5
                +ggHkSJXEV28Bi2sF58A15sQjwaSkE2vBwLAL5GftSmao0QSozSfQ+RFw2N+loRG
                YedXZpRMsYFr1uA1qavcBjoj7JqPpID7UaTgXwwHWbV+j2uhQfotqRvOQ5KTmx5H
                Ja+VjPu+xAC7mmcL+dxmeBpbJJD5Li8B8ggJXGJUk+En6XSIgZkQ6vKvC9HyasE6
                WZLXU+JJoCp2wkCPNTRxzPE2PGnlI0a4ZP2/y/2yacc4HQGBhEMc+SVT/VSZaMS+
                AQIDAQAB
                -----END PUBLIC KEY-----
    testfsp3:
      ingress:
        enabled: true
        hosts:
          - sim-testfsp3.local
      config:
        schemeAdapter:
          secrets:
            jws:
              # `privateKeySecret` is used to specify the secret that contains the JWS signing key.
              # If `privateKeySecret` is not null, then the `privateKey` value will be ignored.
              # Expected properties of `privateKeySecret` are `name` and `key`.
              privateKeySecret: {}
              # The following is an example key and shouldn't be used in production
              privateKey: |-
                -----BEGIN PRIVATE KEY-----
                MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCZKXDVFI703fvK
                SdDnFukWC6EbQipNSg+MzzZvt+E/ynkBO35QK4E9Z3RgOWS74GxMI+K+h6k4+3Z0
                XQJjJAj8dPeserCMnTgThQ76fZ5kDi3YtdoFoxvNVQhTVBGe4soocb/H6XKoUXVH
                qDI4J+KiW4t/bz3OnVRhHIzCdnM5kGFQnXchWgL3ymhueU8m2d6532GqsEbhC9dZ
                D3cbo757UZAn4TZUgiTVSlY07e4nUulUvVV0+pQmjZMwBQNxonBVkFQWuitrbMVh
                ZYEYUL5tB07OAfN/p2LcxumCJ49dGqLvC0VyMsGQkZ3dS9kNKx/sP67xlSl9YeCI
                PN95wxcFAgMBAAECggEAB+EQ4h/89O3e+SGpAPiZTxOUFAkEyTIz1CR6kIstNhEB
                4iVYzykBV2D/3YZ9cOxk/r1N3WgGUggCGlYlPEtO1UJk8g//8jaRNEYWZp582nkR
                mEWjjKWUOR8pu0JYdUTM0Va2CYrayUMGoPXZzNtPiCw5q0C3pycRDdngQMaKgra7
                kj0pOITHpgN4bCPeutKAX514aD+nobJ4UOjcWcAemuoM4ZSl/tqZziXAHi3DjuIL
                jTfeBKae7tViUuQPwxcCNffTAsKAlI0BaD10fb1gzwLZkY4E8LThlIR3Pk6BdPlA
                ab0Gu9rtgIbPJnNFp5QWMVelW+2WF2qWfszu2HloFQKBgQDLhLh8xsP2ioGWLyFl
                JKGDzyNYn+MC3ZWaNttsprl+hBXRMGXfMDlGSJ0WAHYDgjMJIcZqUmPGGchQkwC0
                QnTeRbFLSlzVormqYVxJqrlNs3t0KRqarq1S3aFEPQI/aLBjsuXFlHegdpLJHQW6
                exZvU4+ShS+LMZeu/ywqsUIqgwKBgQDAqG3mFmY3NYZLAA2YWsxU2bQyHgqnK7CJ
                XZxZ+FE+2Xo2EqAMM3fJj5IShlCnjE7ciMt1hyigKTZlKIiO7iOCAiZ0P4XOZuOA
                p3wQEFCjfl7mjTXj75LzWTla+92B1t2tHhYXdd1y3M3yci8UK76MxCZrK/ol4oN5
                UhEHQaeh1wJ/XQNLTbuJ1CN5Fip0GMWlC5ifjuGD3stmlBR+NCn+nNPBJNn5tQdV
                JcoKAQQ062WV7ZaCGBWPg/pEko6cw8Wbo/o2DTLvOrQkJrpYc1KTXe+pfG1Mu2UZ
                0cV47rbzUAeIlggs+x/fjHakn0WkWJXoqviFpXE5SWRg7pmwldJtawKBgQCEj9/+
                n475kgSzenfgSympgJqymWUvHaq8+gJpDampmy6yIiKqAof70qPpxy2b+7kPmbiV
                R8i2W2UoObmsz0LzY9NdzY+eM8F6dsOwsekqdfuKm8Nm8SOl+dCzP/ZsLpIdWkRN
                JDaZoEC8/8BRGsBkT1s4Bux6QN/CDKvW2GAlxQKBgDcTDbSxhmyMjDJr5p1oy4re
                Ju0bMtFyf95B2mqMw781JoKxXHfHNBwtHgku1JHSKtTRCH7w4uoLrN+dDXd68Q6b
                qmJ4KNL+8ac2sJWOyjWP2bB62/Yqx/XcFJXHbfnvSEXRGav+D/aq3xkmRDwa8wqM
                zmVQaekRl4XbZA8+Fvgw
                -----END PRIVATE KEY-----
              publicKey: |-
                -----BEGIN PUBLIC KEY-----
                MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSlw1RSO9N37yknQ5xbp
                FguhG0IqTUoPjM82b7fhP8p5ATt+UCuBPWd0YDlku+BsTCPivoepOPt2dF0CYyQI
                /HT3rHqwjJ04E4UO+n2eZA4t2LXaBaMbzVUIU1QRnuLKKHG/x+lyqFF1R6gyOCfi
                oluLf289zp1UYRyMwnZzOZBhUJ13IVoC98pobnlPJtneud9hqrBG4QvXWQ93G6O+
                e1GQJ+E2VIIk1UpWNO3uJ1LpVL1VdPqUJo2TMAUDcaJwVZBUFrora2zFYWWBGFC+
                bQdOzgHzf6di3MbpgiePXRqi7wtFcjLBkJGd3UvZDSsf7D+u8ZUpfWHgiDzfecMX
                BQIDAQAB
                -----END PUBLIC KEY-----
    testfsp4:
      ingress:
        enabled: true
        hosts:
          - sim-testfsp4.local
      config:
        schemeAdapter:
          secrets:
            jws:
              # `privateKeySecret` is used to specify the secret that contains the JWS signing key.
              # If `privateKeySecret` is not null, then the `privateKey` value will be ignored.
              # Expected properties of `privateKeySecret` are `name` and `key`.
              privateKeySecret: {}
              # The following is an example key and shouldn't be used in production
              privateKey: |-
                -----BEGIN PRIVATE KEY-----
                MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDH5Q+uzIdf7yTX
                4A23TTaGSCMU6ieKUmg2qsRJ0/lnk50A0eFQb98ux/XT90oEpqa8dqpla7lic3BK
                XdWoUYI+zmauzepTE3L0IZJB7VzQcPfbZiFG7OrGPAUtxxz4FBbKSA7FJnchIAEs
                blsyu2mQx+zbeajnQS3P+6oqDjdyuT5JyDjna7UFarozx1YXExwyfKsEtIPuMh/U
                L/q80gtWbXA9nA38t7vmdqxhh4PMddHgSEl6KK29yqwHsgpVg/5Yi0ubhbgLQbHm
                6XflBQK05t5AqD2j5h94h/dk9WzoWft8/haxI3OqFoaOOQmHemSs3KJndL+PyzL7
                6JCMlsHBAgMBAAECggEACsA4V3WjG0cEo4KmojLqKY80KdINJdyYQ8Zr76+RpJ81
                DL/8/wNBTOYOw+NzLOxcn9q+/9zrF88vHSTOUrLtjxyxO5oSDf1IC7bJg7e1K/XD
                ct6bkBG6b8Z3HdbtaS9FaYQ2HSbcNeEfhwj5aTFYtGN4SvaQXb2s7dhydrgUhdw1
                1TxXDio728BjRvCOex4H2lmJSflGYwHGJpy1C5Q8upAAMhKMP11598i9Vw7JJI4t
                wZ2vv3w728ApnQzDIiLzKMvNtvoEwQ7PlnSevL6V4sYAnsAmx6ZctEEv632nGPqk
                f5XLlDaczcRDcpAC+nyJKER7T/+emWNFlV0Mj+JMQQKBgQDncR0EzPRWGCDBmH8K
                e2hzzS0RmLb1nouhcFb6EiQR4WTvB8BjAJuf1Brq7gX1b/gGfWkYPS/9AKOI/JzO
                YHACgQmvTaF2WMHcvhb2F/Z96cKIpsD++RIARClv7MSfbTBVcBXbwaboN/B89sGG
                4+07ciy4uCwdK7wJP2gSyy3AsQKBgQDdGwDGppVdcGc4cStlCKoGQnT5owCidqP+
                pLdF5d69pLKaFKFzUh92dUOwLh4qonuOgGGy574JE0oncKn72eie6biEesu+4uuR
                Teu2qrKiHBPDtPlrBZrYnlyE6h9dftAie++bu0UzMSP4WtevxzF0xykELXtlJUx7
                fSjZ7UnWEQKBgQC/qdPPQu/hUG/oAyLKCnLw22xEU0TI2XhmxEKzK0zFpfPRY4j2
                M+2tCZkVDvLOU+CBd2AOG7Xe/qVvb0toOULpP/VGQLLC8DPzW1Rmjmep1Gkug3H2
                dUtr/waV0uzt3h2V05G2gIN5ccHtquePjrfKb/4LJzIZIjvBKMpGLg6AsQKBgAs2
                32cz88d1eAbI1qadNeJzZHN07QdQdSjpOdJ1wkJkJBrkiPvMYoQjlndNH4KSEyo7
                ILluP5k+PTia4kQ/3SiSOiWeBM99uuz3wsjVB5JpUidO+oePFTd/cLndFhIr6GqX
                VqPTb8MU7vodwWrM85k0sMPheqy6o5Jv2q6S9nfBAoGAai34NUJam3rAw+5EF1fI
                9v1AQxFmCX1xPawaFqudGxwod+NtrU5T11O07gDOC9V1ZdDU5btTlEoDgDiy5GNo
                9Bve6yCxr2L7ZaKNccw+yuqTrIzHD4JBpanHjafPCDB+auW0U1lP7Q7TDSzJ42E9
                yq8V8FKKjAQ2hlGoSVfEvG0=
                -----END PRIVATE KEY-----
              publicKey: |-
                -----BEGIN PUBLIC KEY-----
                MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+UPrsyHX+8k1+ANt002
                hkgjFOonilJoNqrESdP5Z5OdANHhUG/fLsf10/dKBKamvHaqZWu5YnNwSl3VqFGC
                Ps5mrs3qUxNy9CGSQe1c0HD322YhRuzqxjwFLccc+BQWykgOxSZ3ISABLG5bMrtp
                kMfs23mo50Etz/uqKg43crk+Scg452u1BWq6M8dWFxMcMnyrBLSD7jIf1C/6vNIL
                Vm1wPZwN/Le75nasYYeDzHXR4EhJeiitvcqsB7IKVYP+WItLm4W4C0Gx5ul35QUC
                tObeQKg9o+YfeIf3ZPVs6Fn7fP4WsSNzqhaGjjkJh3pkrNyiZ3S/j8sy++iQjJbB
                wQIDAQAB
                -----END PUBLIC KEY-----

  defaultProbes: &defaultProbes
    livenessProbe:
      enabled: true
      initialDelaySeconds: 3
      periodSeconds: 30
      timeoutSeconds: 10
      successThreshold: 1
      failureThreshold: 3
    readinessProbe:
      enabled: true
      initialDelaySeconds: 3
      periodSeconds: 5
      timeoutSeconds: 5
      successThreshold: 1
      failureThreshold: 3

  ingress:
    enabled: false
    # If you're using nginx ingress controller >= v0.22.0 set this to (/|$)(.*). Ensure that you set the `"nginx.ingress.kubernetes.io/rewrite-target": "/$2"`
    # If you're using nginx ingress controller < v0.22.0 set this to an empty string or "/". Ensure that you set the `"nginx.ingress.kubernetes.io/rewrite-target": "/"`
    # This affects the way your rewrite target will work.
    # For more information see "Breaking changes" here:
    # https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220

    ## https://kubernetes.github.io/ingress-nginx/examples/rewrite/
    # nginx.ingress.kubernetes.io/rewrite-target: '/'
    # nginx.ingress.kubernetes.io/rewrite-target: '/$2'
    ## https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/
    # kubernetes.io/ingress.class: nginx
    ## https://kubernetes.github.io/ingress-nginx/user-guide/tls/#automated-certificate-management-with-kube-lego
    # kubernetes.io/tls-acme: "true""

    ## nginx ingress controller >= v0.22.0
    annotations:
      nginx.ingress.kubernetes.io/rewrite-target: '/$2'
    ingressPathRewriteRegex: (/|$)(.*)

    ## nginx ingress controller < v0.22.0
    # annotations:
    #   nginx.ingress.kubernetes.io/rewrite-target: '/'
    # ingressPathRewriteRegex: "/"

  # If you enable JWS validation and intend to communicate via a switch you will almost certainly
  # want to put your switch JWS public key in this array. The name of the property in this object
  # will correspond directly to the name of the signing key (e.g., in the example below,
  # `switch.pem`). Do not include the `.pem` extension, this will be added for you. The scheme
  # adapter will use the FSPIOP-Source header content to identify the relevant signing key to use.
  # The below example assumes your switch will use `FSPIOP-Source: switch`. If instead, for example,
  # your switch is using `FSPIOP-Source: peter` you will need a property `peter` in the following
  # object. Do not add the public keys of your simulators to this object. Instead, put them in
  # `mojaloop-simulator.simulators.$yourSimName.config.schemeAdapter.secrets.jws.publicKey`.
  sharedJWSPubKeys: null
  # switch: |-
  #   -----BEGIN PUBLIC KEY-----
  #   blah blah blah
  #   -----END PUBLIC KEY-----
  defaults:
    # Changes to this object in the parent chart, for example 'mojaloop-simulator.defaults' will be
    # applied to all simulators deployed by this child chart.
    config:
      # Config for init containers
      initContainers:
        waitForCache:
          enabled: true
      imagePullSecretName: dock-casa-secret
      cache:
        # These will be supplied directly to the init containers array in the deployment for the
        # scheme adapter. They should look exactly as you'd declare them inside the deployment.
        # Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
        # This init container will have the same environment variables as the main backend container,
        # as specified in .env below.
        # Additionally, the following preset environment variables will be set:
        # SIM_NAME: the name of the simulator as specified in the `mojaloop-simulator` config
        # SIM_SCHEME_ADAPTER_SERVICE_NAME: "sim-$SIM_NAME-scheme-adapter"
        # SIM_BACKEND_SERVICE_NAME: "sim-$SIM_NAME-backend"
        # SIM_CACHE_SERVICE_NAME: "sim-$SIM_NAME-cache"
        enabled: true
        initContainers: []
        image:
          repository: redis
          tag: 5.0.4-alpine
          pullPolicy: IfNotPresent
        <<: *defaultProbes
        livenessProbe:
          enabled: true
          timeoutSeconds: 5
        readinessProbe:
          enabled: true
          timeoutSeconds: 5

      schemeAdapter:
        secrets:
          jws:
            # Use the privateKeySecret field if you would like to supply a JWS private key external
            # to this chart.
            # For example, if you create a private key called `sim-payerfsp-jws-signing-key` with data property `private.key`
            # external to this chart, you would supply
            # `privateKeySecret:
            #   name: sim-payerfsp-jws-signing-key`
            #   key: private.key
            # here.
            # These fields will take precedence over `privateKey` and `publicKey` below.
            # This field is best supplied per-simulator, however it's here for documentation
            # purposes.
            privateKeySecret: {}
            # The `publicKeyConfigMapName` field allows you to supply a ConfigMap containing JWS public
            # keys external to this release, and have this release reference that ConfigMap to
            # populate JWS public keys. The format of this ConfigMap must be as described for
            # `sharedJWSPubKeys`, a map with one key per FSP/simulator corresponding to the
            # FSPIOP-Source header that will be supplied by that FSP/simulator.
            publicKeyConfigMapName: {}
            # Supply per-simulator private and public keys here:
            privateKey: ''
            publicKey: ''
        image:
          repository: mojaloop/sdk-scheme-adapter
          tag: v23.4.0
          pullPolicy: IfNotPresent
          command: '[ "yarn", "start:api-svc" ]'
        <<: *defaultProbes

        # These will be supplied directly to the init containers array in the deployment for the
        # scheme adapter. They should look exactly as you'd declare them inside the deployment.
        # Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
        # This init container will have the same environment variables as the main scheme adapter
        # container, as specified in .env below.
        # All init containers will have the same preset environment variables as the backend init
        # container as specified above.
        initContainers: []

        scale:
          enabled: false
          spec:
            minReplicas: 1
            maxReplicas: 10
            metrics:
              - type: Resource
                resource:
                  name: cpu
                  target:
                    type: Utilization
                    averageUtilization: 80
        env:
          # Ports the scheme adapter listens on. Shouldn't really matter for a user of this chart.
          # You probably shouldn't bother configuring them- it likely won't do you much good. But it
          # won't do any harm, either.
          INBOUND_LISTEN_PORT: 4000
          OUTBOUND_LISTEN_PORT: 4001
          TEST_LISTEN_PORT: 4002

          # Enable mutual TLS authentication. Useful when not running in a secure
          # environment, i.e. when you're running it locally against your own implementation.
          INBOUND_MUTUAL_TLS_ENABLED: false
          OUTBOUND_MUTUAL_TLS_ENABLED: false
          TEST_MUTUAL_TLS_ENABLED: false

          # Enable JWS verification and signing
          VALIDATE_INBOUND_JWS: false
          JWS_SIGN: true

          # applicable only if VALIDATE_INBOUND_JWS is `true`
          # allows disabling of validation on incoming PUT /parties/{idType}/{idValue} requests
          VALIDATE_INBOUND_PUT_PARTIES_JWS: true

          # applicable only if JWS_SIGN is `true`
          # allows disabling of signing on outgoing PUT /parties/{idType}/{idValue} requests
          JWS_SIGN_PUT_PARTIES: true

          # The number of space characters by which to indent pretty-printed logs. If set to zero, log events
          # will each be printed on a single line.
          LOG_INDENT: "0"

          # REDIS CACHE CONNECTION
          # CACHE_HOST: "" # Default is parametrised, but it's possible to override this
          CACHE_PORT: 6379

          # Switch or DFSP system under test Mojaloop API endpoint
          # The option 'PEER_ENDPOINT' has no effect if the remaining options 'ALS_ENDPOINT', 'QUOTES_ENDPOINT',
          # 'BULK_QUOTES_ENDPOINT', 'TRANSFERS_ENDPOINT', 'BULK_TRANSFERS_ENDPOINT', 'TRANSACTION_REQUESTS_ENDPOINT' are specified.          # Do not include the protocol, i.e. http.
          PEER_ENDPOINT: "mojaloop-switch"
          # Common Account Lookup System (ALS)
          ALS_ENDPOINT: $release_name-account-lookup-service
          QUOTES_ENDPOINT: $release_name-quoting-service
          TRANSFERS_ENDPOINT: $release_name-ml-api-adapter-service
          BULK_TRANSFERS_ENDPOINT: $release_name-bulk-api-adapter-service
          BULK_QUOTES_ENDPOINT: $release_name-bulk-quoting-service
          TRANSACTION_REQUESTS_ENDPOINT: $release_name-transaction-requests-service

          # This value specifies the endpoint the scheme adapter expects to communicate with the
          # backend on. Do not include the protocol, i.e. http.
          # You're very likely to break the functioning of this chart if you configure the following
          # value. This config item has been copied from the service repo for consistency with that,
          # so that if you come here and find this variable, with this comment, it's less confusing
          # than if you come here and it's missing entirely.
          # BACKEND_ENDPOINT: "localhost:3000"

          # FSPID of this DFSP
          # Commented by default- you're likely to break the chart if you configure this value.
          # DFSP_ID: "mojaloop-sdk"

          # Secret used for generation and verification of secure ILP
          ILP_SECRET: "Quaixohyaesahju3thivuiChai5cahng"

          # expiry period in seconds for quote and transfers issued by the SDK
          EXPIRY_SECONDS: "60"

          # if set to false the SDK will not automatically accept all returned quotes
          # but will halt the transfer after a quote response is received. A further
          # confirmation call will be required to complete the final transfer stage.
          AUTO_ACCEPT_QUOTES: true

          # if set to false the SDK will not automatically accept a resolved party
          # but will halt the transer after a party lookup response is received. A further
          # confirmation call will be required to progress the transfer to quotes state.
          AUTO_ACCEPT_PARTY: true

          # when set to true, when sending money via the outbound API, the SDK will use the value
          # of FSPIOP-Source header from the received quote response as the payeeFsp value in the
          # transfer prepare request body instead of the value received in the payee party lookup.
          # This behaviour should be enabled when the SDK user DFSP is in a forex enabled switch
          # ecosystem and expects quotes and transfers to be rerouted by the switch to forex
          # entities i.e. forex providing DFSPs. Please see the SDK documentation and switch
          # operator documentation for more information on forex use cases.
          USE_QUOTE_SOURCE_FSP_AS_TRANSFER_PAYEE_FSP: false

          # set to true to validate ILP, otherwise false to ignore ILP
          CHECK_ILP: true

          # set to true to enable test features such as request cacheing and retrieval endpoints
          ENABLE_TEST_FEATURES: true

          # set to true to mock WSO2 oauth2 token endpoint
          ENABLE_OAUTH_TOKEN_ENDPOINT: false
          OAUTH_TOKEN_ENDPOINT_CLIENT_KEY: "test-client-key"
          OAUTH_TOKEN_ENDPOINT_CLIENT_SECRET: "test-client-secret"
          OAUTH_TOKEN_ENDPOINT_LISTEN_PORT: "6000"

          # WS02 Bearer Token specific to golden-fsp instance and environment
          WS02_BEARER_TOKEN: "7718fa9b-be13-3fe7-87f0-a12cf1628168"

          # OAuth2 data used to obtain WSO2 bearer token
          OAUTH_TOKEN_ENDPOINT: ""
          OAUTH_CLIENT_KEY: ""
          OAUTH_CLIENT_SECRET: ""
          OAUTH_REFRESH_SECONDS: "3600"

          # Set to true to respect expirity timestamps
          REJECT_EXPIRED_QUOTE_RESPONSES: false
          REJECT_TRANSFERS_ON_EXPIRED_QUOTES: false
          REJECT_EXPIRED_TRANSFER_FULFILS: false

          # Timeout for GET/POST/DELETE - PUT flow processing
          REQUEST_PROCESSING_TIMEOUT_SECONDS: "30"

          # To allow transfer without a previous quote request, set this value to true.
          # The incoming transfer request should consist of an ILP packet and a matching condition in this case.
          # The fulfilment will be generated from the provided ILP packet, and must hash to the provided condition.
          ALLOW_TRANSFER_WITHOUT_QUOTE: true
          RESERVE_NOTIFICATION: false
          RESOURCE_VERSIONS: transfers=1.1,quotes=1.1,participants=1.1,parties=1.1,transactionRequests=1.1

          ENABLE_FSPIOP_EVENT_HANDLER: false
          ENABLE_BACKEND_EVENT_HANDLER: false

      backend:
        image:
          repository: mojaloop/mojaloop-simulator
          tag: v15.0.0
          pullPolicy: IfNotPresent
        <<: *defaultProbes

        # These will be supplied directly to the init containers array in the deployment for the
        # backend. They should look exactly as you'd declare them inside the deployment.
        # Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
        initContainers: []

        # Supply JSON rules here as a string
        # Example:
        # rules: |-
        #   [
        #     {
        #       "ruleId": 1,
        #       .. etc.
        #     }
        #   ]
        rules: |-
          []

        env:
          ##
          # This is the endpoint the backend expects to communicate with the scheme adapter on.
          # Include the protocol, i.e. http.
          # It's not configured by default in this chart as the default value is calculated in a
          # template and configuring it is likely to break communication between the backend and the
          # scheme adapter.
          # OUTBOUND_ENDPOINT: "http://localhost:4001" # within the pod

          # Enable mutual TLS authentication. Useful when the simulator is not running in a managed
          # environment, i.e. when you're running it locally against your own implementation.
          MUTUAL_TLS_ENABLED: false

          # Enable server-only TLS; i.e. serve on HTTPS instead of HTTP.
          HTTPS_ENABLED: false

          # Location of certs and key required for TLS
          CA_CERT_PATH: /secrets/cacert.pem
          SERVER_CERT_PATH: /secrets/servercert.pem
          SERVER_KEY_PATH: /secrets/serverkey.pem

          # The number of space characters by which to indent pretty-printed logs. If set to zero, log events
          # will each be printed on a single line.
          LOG_INDENT: "0"

          # The name of the sqlite log file. This probably doesn't matter much to the user, except that
          # setting :memory: will use an in-memory sqlite db, which will be faster and not consume disk
          # space. However, it will also mean that the logs will be lost once the container is stopped.
          SQLITE_LOG_FILE: ':memory:'

          # The DFSPID of this simulator. The simulator will accept any requests routed to
          # FSPIOP-Destination: $SCHEME_NAME. Other requests will be rejected.
          # Not set in this chart as these are calculated in templates. Setting this values is likely
          # to break expected functionality.
          # SCHEME_NAME: golden
          # DFSP_ID: golden

          # The name of the sqlite model database. If you would like to start the simulator with preloaded
          # state you can use a preexisting file. If running in a container, you can mount a sqlite file as a
          # volume in the container to preserve state between runs.
          # Use MODEL_DATABASE: :memory: for an ephemeral in-memory database
          MODEL_DATABASE: ':memory:'

          # The simulator can automatically add fees when generating quote responses. Use this
          # variable to control the fee amounts added. e.g. for a transfer of 100 USD a FEE_MULTIPLIER of 0.1
          # reuslts in fees of USD 10 being applied to the quote response
          FEE_MULTIPLIER: "0.05"

          # Specifies the location of a rules file for the simulator backend. Rules can be used to produce
          # specific simulator behaviours in response to incoming requests that match certain conditions.
          # e.g. a rule can be used to trigger NDC errors given transfers between certain limits.
          RULES_FILE: ../rules/rules.json

          # Ports for simulator, report, and test APIs
          SIMULATOR_API_LISTEN_PORT: 3000
          REPORT_API_LISTEN_PORT: 3002
          TEST_API_LISTEN_PORT: 3003

      thirdpartysdk:
        secrets:
          tls:
            # In order to enable TLS with your supplied credentials, you will need to:
            # 1. set all three of the `cert`, `key`, `cacert` fields appropriately for each of
            # `inbound` and `outbound` as per your preference.
            # 2. optionally specify `schemeAdapter.env.INBOUND_MUTUAL_TLS_ENABLED: true`
            # 3. optionally specify `schemeAdapter.env.OUTBOUND_MUTUAL_TLS_ENABLED: true`
            # It probably makes sense to set your CA cert in defaults. Note that the default is that
            # the CA, cert and key will be generated for you by this chart. To use this functionality
            # you only need specify the config documented in steps (2, 3, 4) a few lines up.
            #
            # inbound:
            #   key: |
            #     -----BEGIN CERTIFICATE-----
            #     ...
            #     -----END CERTIFICATE-----
            #   cacert: |
            #     -----BEGIN CERTIFICATE-----
            #     ...
            #     -----END CERTIFICATE-----
            #   cert: |
            #     -----BEGIN RSA PRIVATE KEY-----
            #     ...
            #     -----END RSA PRIVATE KEY-----
            #
            # To set the same values for each of inbound and outbound, specify the values for
            # inbound as above, then the values for outbound using yaml anchors:
            #
            # inbound: &inbound
            #   key: |
            #     ..
            #   cacert: |
            #     ..
            #   cert: |
            #     ..
            # outbound: *inbound
            inbound: null
            outbound: null
          jws:
            # Use the privateKeySecret field if you would like to supply a JWS private key external
            # to this chart.
            # For example, if you create a private key called `sim-payerfsp-jws-signing-key` with data property `private.key`
            # external to this chart, you would supply
            # `privateKeySecret:
            #   name: sim-payerfsp-jws-signing-key`
            #   key: private.key
            # here.
            # These fields will take precedence over `privateKey` and `publicKey` below.
            # This field is best supplied per-simulator, however it's here for documentation
            # purposes.
            privateKeySecret: {}
            # The `publicKeyConfigMapName` field allows you to supply a ConfigMap containing JWS public
            # keys external to this release, and have this release reference that ConfigMap to
            # populate JWS public keys. The format of this ConfigMap must be as described for
            # `sharedJWSPubKeys`, a map with one key per FSP/simulator corresponding to the
            # FSPIOP-Source header that will be supplied by that FSP/simulator.
            publicKeyConfigMapName: {}
            # Supply per-simulator private and public keys here:
            privateKey: ''
            publicKey: ''
        image:
          repository: mojaloop/thirdparty-sdk
          tag: v15.1.1
          pullPolicy: IfNotPresent
          inboundCommand: '[ "npm", "run", "start:inbound" ]'
          outboundCommand: '[ "npm", "run", "start:outbound" ]'
        <<: *defaultProbes

        # These will be supplied directly to the init containers array in the deployment for the
        # scheme adapter. They should look exactly as you'd declare them inside the deployment.
        # Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
        # This init container will have the same environment variables as the main scheme adapter
        # container, as specified in .env below.
        # All init containers will have the same preset environment variables as the backend init
        # container as specified above.
        initContainers: []

        scale:
          enabled: false
          spec:
            minReplicas: 1
            maxReplicas: 10
            metrics:
              - type: Resource
                resource:
                  name: cpu
                  target:
                    type: Utilization
                    averageUtilization: 80
        env:
          NODE_ENV: production
          INBOUND_LISTEN_PORT: 4005
          OUTBOUND_LISTEN_PORT: 4006
          # Path to JWS signing key (private key of THIS DFSP)
          JWS_SIGNING_KEY_PATH: "/jwsSigningKey/private.key" # do not change this unless you know what you are doing - this will break the chart
          JWS_VERIFICATION_KEYS_DIRECTORY: "/jwsVerificationKeys"

    ingress:
      enabled: false
      path: /
      hosts:
        - mojaloop-simulators.local
      tls: []
      #  - secretName: chart-example-tls
      #    hosts:
      #      - chart-example.local
    resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
    ## Pod scheduling preferences.
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    affinity: {}

    ## Node labels for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    nodeSelector: {}

    ## Set toleration for scheduler
    ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
    tolerations: []

mojaloop-ttk-simulators:
  enabled: false

  mojaloop-ttk-sim1-svc:
    enabled: true

    sdk-scheme-adapter:
      sdk-scheme-adapter-api-svc:
        kafka:
          host: *MOJA_TTK_SIM_KAFKA_HOST
          port: *MOJA_TTK_SIM_KAFKA_PORT

        redis:
          host: *MOJA_TTK_SIM_REDIS_HOST
          port: *MOJA_TTK_SIM_REDIS_PORT

        ingress:
          ## @param ingress.enabled Enable ingress record generation for %%MAIN_CONTAINER_NAME%%
          ##
          enabled: true
          ## @param ingress.pathType Ingress path type
          ##
          pathType: ImplementationSpecific
          ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
          ##
          apiVersion: null
          ## @param ingress.hostname Default host for the ingress record
          ##
          hostname: ttksim1-sdk-scheme-adapter.local
          ## @param ingress.path Default path for the ingress record
          ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
          ##
          path: /
          ## @param ingress.annotations Additional custom annotations for the ingress record
          ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
          ##
          annotations: {}
          ## Example annotations for ingress class and rewrite-targets
          ## https://kubernetes.github.io/ingress-nginx/examples/rewrite/
          # nginx.ingress.kubernetes.io/rewrite-target: '/'
          # nginx.ingress.kubernetes.io/rewrite-target: '/$2'
          ## https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/
          # kubernetes.io/ingress.class: nginx
          ## https://kubernetes.github.io/ingress-nginx/user-guide/tls/#automated-certificate-management-with-kube-lego
          # kubernetes.io/tls-acme: "true""

          ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
          ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
          ## You can:
          ##   - Use the `ingress.secrets` parameter to create this TLS secret
          ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
          ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
          ##
          tls: false
          ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
          ##
          certManager: false
          ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
          ##
          selfSigned: false
          ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
          ## e.g:
          ## extraHosts:
          ##   - name: transfer-api-svc.local
          ##     path: /
          ##
          ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
          ## e.g:
          ## extraPaths:
          ## - path: /*
          ##   backend:
          ##     serviceName: ssl-redirect
          ##     servicePort: use-annotation
          ##
          # extraPaths: []
          extraPaths:
          - path: /inbound/
            pathType: ImplementationSpecific
            backend:
              service:
                name: '{{ include "common.names.fullname" . }}'
                port:
                  name: inboundapi
              # serviceName: '{{ include "common.names.fullname" . }}'
              # servicePort: inboundapi
          - path: /outbound/
            pathType: ImplementationSpecific
            backend:
              service:
                name: '{{ include "common.names.fullname" . }}'
                port:
                  name: outboundapi
              # serviceName: '{{ include "common.names.fullname" . }}'
              # servicePort: outboundapi
          - path: /sdktest/
            pathType: ImplementationSpecific
            backend:
              service:
                name: '{{ include "common.names.fullname" . }}'
                port:
                  name: testapi
              ## This is required for
              # serviceName: '{{ include "common.names.fullname" . }}'
              # servicePort: testapi
          ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
          ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
          ## e.g:
          ## extraTls:
          ## - hosts:
          ##     - transfer-api-svc.local
          ##   secretName: transfer-api-svc.local-tls
          ##
          extraTls: []
          ## @param ingress.secrets Custom TLS certificates as secrets
          ## NOTE: 'key' and 'certificate' are expected in PEM format
          ## NOTE: 'name' should line up with a 'secretName' set further up
          ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
          ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
          ## It is also possible to create and manage the certificates outside of this helm chart
          ## Please see README.md for more information
          ## e.g:
          ## secrets:
          ##   - name: transfer-api-svc.local-tls
          ##     key: |-
          ##       -----BEGIN RSA PRIVATE KEY-----
          ##       ...
          ##       -----END RSA PRIVATE KEY-----
          ##     certificate: |-
          ##       -----BEGIN CERTIFICATE-----
          ##       ...
          ##       -----END CERTIFICATE-----
          ##
          secrets: []
          className: "nginx"

      sdk-scheme-adapter-dom-evt-handler:
        kafka:
          host: *MOJA_TTK_SIM_KAFKA_HOST
          port: *MOJA_TTK_SIM_KAFKA_PORT

        redis:
          host: *MOJA_TTK_SIM_REDIS_HOST
          port: *MOJA_TTK_SIM_REDIS_PORT

      sdk-scheme-adapter-cmd-evt-handler:
        kafka:
          host: *MOJA_TTK_SIM_KAFKA_HOST
          port: *MOJA_TTK_SIM_KAFKA_PORT

        redis:
          host: *MOJA_TTK_SIM_REDIS_HOST
          port: *MOJA_TTK_SIM_REDIS_PORT
    ml-testing-toolkit:
      ml-testing-toolkit-backend: ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
        ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
        ## e.g:
        ## initContainers:
        ##  - name: your-image-name
        ##    image: your-image
        ##    imagePullPolicy: Always
        ##    command: ['sh', '-c', 'echo "hello world"']
        ##
        # initContainers: [] # We want to disable init-containers as there is no need
        ## Use the following initContainers if you are using a MongoDB as a dependency
        initContainers: |
          - name: wait-for-mongodb
            image: bitnami/mongodb:6.0.1
            imagePullPolicy: IfNotPresent
            command:
              - sh
              - -c
              - |
                until mongosh mongodb://${DB_HOST}:${DB_PORT} --authenticationDatabase "${DB_DATABASE}" --username "${DB_USER}" --password "${DB_PASS}" --eval "disableTelemetry();db.adminCommand('ping')" ;
                do
                  echo --------------------;
                  echo Waiting for MongoDB...;
                  sleep 2;
                done;
                echo ====================;
                echo MongoDB ok!;
            env:
              - name: DB_HOST
                value: '{{ .Values.config.mongodb.host }}'
              - name: DB_PORT
                value: '{{ .Values.config.mongodb.port }}'
              - name: DB_USER
                value: '{{ .Values.config.mongodb.user }}'
              - name: DB_PASS
              {{- if .Values.config.mongodb.secret }}
                valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.mongodb.secret.name }}'
                    key: '{{ .Values.config.mongodb.secret.key }}'
              {{- else }}
                value: {{ .Values.config.mongodb.password }}
              {{- end }}
              - name: DB_DATABASE
                value: '{{ .Values.config.mongodb.database }}'

        ingress:
          enabled: true
          hosts:
            specApi:
              host: 'ttksim1-specapi.local'
            adminApi:
              host: 'ttksim1.local'

        config:
          mongodb:
            host: *TTK_MONGO_HOST
            port: *TTK_MONGO_PORT
            user: *TTK_MONGO_USER
            ## Secret-Management
            ### Set this if you are using a clear password configured in the config section
            password: *TTK_MONGO_PASSWORD
            ### Configure this if you want to use a secret. Note, this will override the db_password,
            ### Use the next line if you do wish to use the db_password value instead.
            # secret:
            ### Example config for an existing secret
            secret:
              name: *TTK_MONGO_SECRET_NAME
              key: *TTK_MONGO_SECRET_KEY
            database: *TTK_MONGO_DATABASE
        config_files:
          rules_response__default.json: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim1/spec_files/rules_response/default.json'
          api_definitions__mojaloop_simulator_sim_1.4__api_spec.yaml: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim1/spec_files/api_definitions/mojaloop_simulator_sim_1.4/api_spec.yaml'
          api_definitions__mojaloop_simulator_sim_1.4__response_map.json: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim1/spec_files/api_definitions/mojaloop_simulator_sim_1.4/response_map.json'
          api_definitions__mojaloop_sdk_outbound_scheme_adapter_1.0__api_spec.yaml: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim1/spec_files/api_definitions/mojaloop_sdk_outbound_scheme_adapter_1.0/api_spec.yaml'
          api_definitions__mojaloop_sdk_outbound_scheme_adapter_1.0__callback_map.json: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim1/spec_files/api_definitions/mojaloop_sdk_outbound_scheme_adapter_1.0/callback_map.json'
        extraEnvironments:
          hub-k8s-default-environment.json: &ttksim1InputValues {"inputValues": {"TTKSIM1_FSPID": "ttksim1", "TTKSIM1_MSISDN_1": "16135551212", "TTKSIM1_MSISDN_1_FIRST_NAME": "ReceiverFirst", "TTKSIM1_MSISDN_1_LAST_NAME": "ReceiverLast", "TTKSIM1_CURRENCY": "TZS", "TTKSIM2_FSPID": "ttksim2", "TTKSIM2_MSISDN_1": "4561000001", "TTKSIM2_MSISDN_1_FIRST_NAME": "ReceiverFirst", "TTKSIM2_MSISDN_1_LAST_NAME": "ReceiverLast", "TTKSIM2_MSISDN_2": "4561000002", "TTKSIM2_MSISDN_2_FIRST_NAME": "ReceiverFirst", "TTKSIM2_MSISDN_2_LAST_NAME": "ReceiverLast", "TTKSIM2_PARTY_NOT_FOUND": "partynotfound", "TTKSIM2_PARTY_TIMES_OUT": "partytimesout", "TTKSIM2_CURRENCY": "TZS", "TTKSIM3_FSPID": "ttksim3", "TTKSIM3_MSISDN_1": "5671000001", "TTKSIM3_MSISDN_1_FIRST_NAME": "ReceiverFirst", "TTKSIM3_MSISDN_1_LAST_NAME": "ReceiverLast", "TTKSIM3_MSISDN_2": "5671000002", "TTKSIM3_MSISDN_2_FIRST_NAME": "ReceiverFirst", "TTKSIM3_MSISDN_2_LAST_NAME": "ReceiverLast", "TTKSIM3_CURRENCY": "TZS", "TTKSIM2_MSISDN_PREFIX": "4561", "TTKSIM3_MSISDN_PREFIX": "5671", "HOST_CENTRAL_LEDGER": "http://$release_name-centralledger-service", "HOST_CENTRAL_SETTLEMENT": "http://$release_name-centralsettlement-service/v2"}}
      ml-testing-toolkit-frontend:
        ingress:
          enabled: true
          hosts:
            ui:
              host: ttksim1.local
        config:
          API_BASE_URL: 'http://ttksim1.local'

  mojaloop-ttk-sim2-svc:
    enabled: true

    sdk-scheme-adapter:
      sdk-scheme-adapter-api-svc:
        kafka:
          host: *MOJA_TTK_SIM_KAFKA_HOST
          port: *MOJA_TTK_SIM_KAFKA_PORT

        redis:
          host: *MOJA_TTK_SIM_REDIS_HOST
          port: *MOJA_TTK_SIM_REDIS_PORT

        ingress:
          ## @param ingress.enabled Enable ingress record generation for %%MAIN_CONTAINER_NAME%%
          ##
          enabled: true
          ## @param ingress.pathType Ingress path type
          ##
          pathType: ImplementationSpecific
          ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
          ##
          apiVersion: null
          ## @param ingress.hostname Default host for the ingress record
          ##
          hostname: ttksim2-sdk-scheme-adapter.local
          ## @param ingress.path Default path for the ingress record
          ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
          ##
          path: /
          ## @param ingress.annotations Additional custom annotations for the ingress record
          ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
          ##
          annotations: {}
          ## Example annotations for ingress class and rewrite-targets
          ## https://kubernetes.github.io/ingress-nginx/examples/rewrite/
          # nginx.ingress.kubernetes.io/rewrite-target: '/'
          # nginx.ingress.kubernetes.io/rewrite-target: '/$2'
          ## https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/
          # kubernetes.io/ingress.class: nginx
          ## https://kubernetes.github.io/ingress-nginx/user-guide/tls/#automated-certificate-management-with-kube-lego
          # kubernetes.io/tls-acme: "true""

          ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
          ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
          ## You can:
          ##   - Use the `ingress.secrets` parameter to create this TLS secret
          ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
          ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
          ##
          tls: false
          ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
          ##
          certManager: false
          ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
          ##
          selfSigned: false
          ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
          ## e.g:
          ## extraHosts:
          ##   - name: transfer-api-svc.local
          ##     path: /
          ##
          ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
          ## e.g:
          ## extraPaths:
          ## - path: /*
          ##   backend:
          ##     serviceName: ssl-redirect
          ##     servicePort: use-annotation
          ##
          # extraPaths: []
          extraPaths:
          - path: /inbound/
            pathType: ImplementationSpecific
            backend:
              service:
                name: '{{ include "common.names.fullname" . }}'
                port:
                  name: inboundapi
              # serviceName: '{{ include "common.names.fullname" . }}'
              # servicePort: inboundapi
          - path: /outbound/
            pathType: ImplementationSpecific
            backend:
              service:
                name: '{{ include "common.names.fullname" . }}'
                port:
                  name: outboundapi
              # serviceName: '{{ include "common.names.fullname" . }}'
              # servicePort: outboundapi
          - path: /sdktest/
            pathType: ImplementationSpecific
            backend:
              service:
                name: '{{ include "common.names.fullname" . }}'
                port:
                  name: testapi
              ## This is required for
              # serviceName: '{{ include "common.names.fullname" . }}'
              # servicePort: testapi
          ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
          ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
          ## e.g:
          ## extraTls:
          ## - hosts:
          ##     - transfer-api-svc.local
          ##   secretName: transfer-api-svc.local-tls
          ##
          extraTls: []
          ## @param ingress.secrets Custom TLS certificates as secrets
          ## NOTE: 'key' and 'certificate' are expected in PEM format
          ## NOTE: 'name' should line up with a 'secretName' set further up
          ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
          ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
          ## It is also possible to create and manage the certificates outside of this helm chart
          ## Please see README.md for more information
          ## e.g:
          ## secrets:
          ##   - name: transfer-api-svc.local-tls
          ##     key: |-
          ##       -----BEGIN RSA PRIVATE KEY-----
          ##       ...
          ##       -----END RSA PRIVATE KEY-----
          ##     certificate: |-
          ##       -----BEGIN CERTIFICATE-----
          ##       ...
          ##       -----END CERTIFICATE-----
          ##
          secrets: []
          className: "nginx"

      sdk-scheme-adapter-dom-evt-handler:
        kafka:
          host: *MOJA_TTK_SIM_KAFKA_HOST
          port: *MOJA_TTK_SIM_KAFKA_PORT

        redis:
          host: *MOJA_TTK_SIM_REDIS_HOST
          port: *MOJA_TTK_SIM_REDIS_PORT

      sdk-scheme-adapter-cmd-evt-handler:
        kafka:
          host: *MOJA_TTK_SIM_KAFKA_HOST
          port: *MOJA_TTK_SIM_KAFKA_PORT

        redis:
          host: *MOJA_TTK_SIM_REDIS_HOST
          port: *MOJA_TTK_SIM_REDIS_PORT

    ml-testing-toolkit:
      ml-testing-toolkit-backend:
        ingress:
          enabled: true
          hosts:
            specApi:
              host: 'ttksim2-specapi.local'
            adminApi:
              host: 'ttksim2.local'

        config_files:
          rules_response__default.json: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim2/spec_files/rules_response/default.json'
          api_definitions__mojaloop_simulator_sim_1.4__api_spec.yaml: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim2/spec_files/api_definitions/mojaloop_simulator_sim_1.4/api_spec.yaml'
          api_definitions__mojaloop_simulator_sim_1.4__response_map.json: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim2/spec_files/api_definitions/mojaloop_simulator_sim_1.4/response_map.json'
          api_definitions__mojaloop_sdk_outbound_scheme_adapter_1.0__api_spec.yaml: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim2/spec_files/api_definitions/mojaloop_sdk_outbound_scheme_adapter_1.0/api_spec.yaml'
          api_definitions__mojaloop_sdk_outbound_scheme_adapter_1.0__callback_map.json: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim2/spec_files/api_definitions/mojaloop_sdk_outbound_scheme_adapter_1.0/callback_map.json'

      ml-testing-toolkit-frontend:
        ingress:
          enabled: true
          hosts:
            ui:
              host: 'ttksim2.local'

        config:
          API_BASE_URL: 'http://ttksim2.local'

  mojaloop-ttk-sim3-svc:
    enabled: true

    sdk-scheme-adapter:
      sdk-scheme-adapter-api-svc:
        kafka:
          host: *MOJA_TTK_SIM_KAFKA_HOST
          port: *MOJA_TTK_SIM_KAFKA_PORT

        redis:
          host: *MOJA_TTK_SIM_REDIS_HOST
          port: *MOJA_TTK_SIM_REDIS_PORT

        ingress:
          ## @param ingress.enabled Enable ingress record generation for %%MAIN_CONTAINER_NAME%%
          ##
          enabled: true
          ## @param ingress.pathType Ingress path type
          ##
          pathType: ImplementationSpecific
          ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
          ##
          apiVersion: null
          ## @param ingress.hostname Default host for the ingress record
          ##
          hostname: ttksim3-sdk-scheme-adapter.local
          ## @param ingress.path Default path for the ingress record
          ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
          ##
          path: /
          ## @param ingress.annotations Additional custom annotations for the ingress record
          ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
          ##
          annotations: {}
          ## Example annotations for ingress class and rewrite-targets
          ## https://kubernetes.github.io/ingress-nginx/examples/rewrite/
          # nginx.ingress.kubernetes.io/rewrite-target: '/'
          # nginx.ingress.kubernetes.io/rewrite-target: '/$2'
          ## https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/
          # kubernetes.io/ingress.class: nginx
          ## https://kubernetes.github.io/ingress-nginx/user-guide/tls/#automated-certificate-management-with-kube-lego
          # kubernetes.io/tls-acme: "true""

          ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
          ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
          ## You can:
          ##   - Use the `ingress.secrets` parameter to create this TLS secret
          ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
          ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
          ##
          tls: false
          ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
          ##
          certManager: false
          ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
          ##
          selfSigned: false
          ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
          ## e.g:
          ## extraHosts:
          ##   - name: transfer-api-svc.local
          ##     path: /
          ##
          ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
          ## e.g:
          ## extraPaths:
          ## - path: /*
          ##   backend:
          ##     serviceName: ssl-redirect
          ##     servicePort: use-annotation
          ##
          # extraPaths: []
          extraPaths:
          - path: /inbound/
            pathType: ImplementationSpecific
            backend:
              service:
                name: '{{ include "common.names.fullname" . }}'
                port:
                  name: inboundapi
              # serviceName: '{{ include "common.names.fullname" . }}'
              # servicePort: inboundapi
          - path: /outbound/
            pathType: ImplementationSpecific
            backend:
              service:
                name: '{{ include "common.names.fullname" . }}'
                port:
                  name: outboundapi
              # serviceName: '{{ include "common.names.fullname" . }}'
              # servicePort: outboundapi
          - path: /sdktest/
            pathType: ImplementationSpecific
            backend:
              service:
                name: '{{ include "common.names.fullname" . }}'
                port:
                  name: testapi
              ## This is required for
              # serviceName: '{{ include "common.names.fullname" . }}'
              # servicePort: testapi
          ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
          ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
          ## e.g:
          ## extraTls:
          ## - hosts:
          ##     - transfer-api-svc.local
          ##   secretName: transfer-api-svc.local-tls
          ##
          extraTls: []
          ## @param ingress.secrets Custom TLS certificates as secrets
          ## NOTE: 'key' and 'certificate' are expected in PEM format
          ## NOTE: 'name' should line up with a 'secretName' set further up
          ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
          ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
          ## It is also possible to create and manage the certificates outside of this helm chart
          ## Please see README.md for more information
          ## e.g:
          ## secrets:
          ##   - name: transfer-api-svc.local-tls
          ##     key: |-
          ##       -----BEGIN RSA PRIVATE KEY-----
          ##       ...
          ##       -----END RSA PRIVATE KEY-----
          ##     certificate: |-
          ##       -----BEGIN CERTIFICATE-----
          ##       ...
          ##       -----END CERTIFICATE-----
          ##
          secrets: []
          className: "nginx"

      sdk-scheme-adapter-dom-evt-handler:
        kafka:
          host: *MOJA_TTK_SIM_KAFKA_HOST
          port: *MOJA_TTK_SIM_KAFKA_PORT

        redis:
          host: *MOJA_TTK_SIM_REDIS_HOST
          port: *MOJA_TTK_SIM_REDIS_PORT

      sdk-scheme-adapter-cmd-evt-handler:
        kafka:
          host: *MOJA_TTK_SIM_KAFKA_HOST
          port: *MOJA_TTK_SIM_KAFKA_PORT

        redis:
          host: *MOJA_TTK_SIM_REDIS_HOST
          port: *MOJA_TTK_SIM_REDIS_PORT

    ml-testing-toolkit:
      ml-testing-toolkit-backend:
        ingress:
          enabled: true
          hosts:
            specApi:
              host: 'ttksim3-specapi.local'
            adminApi:
              host: 'ttksim3.local'

        config_files:
          rules_response__default.json: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim3/spec_files/rules_response/default.json'
          api_definitions__mojaloop_simulator_sim_1.4__api_spec.yaml: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim3/spec_files/api_definitions/mojaloop_simulator_sim_1.4/api_spec.yaml'
          api_definitions__mojaloop_simulator_sim_1.4__response_map.json: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim3/spec_files/api_definitions/mojaloop_simulator_sim_1.4/response_map.json'
          api_definitions__mojaloop_sdk_outbound_scheme_adapter_1.0__api_spec.yaml: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim3/spec_files/api_definitions/mojaloop_sdk_outbound_scheme_adapter_1.0/api_spec.yaml'
          api_definitions__mojaloop_sdk_outbound_scheme_adapter_1.0__callback_map.json: 'https://github.com/mojaloop/sdk-scheme-adapter/raw/v23.4.0/test/func/config/ttk-ttksim3/spec_files/api_definitions/mojaloop_sdk_outbound_scheme_adapter_1.0/callback_map.json'

      ml-testing-toolkit-frontend:
        ingress:
          enabled: true
          hosts:
            ui:
              host: 'ttksim3.local'
        config:
          API_BASE_URL: 'http://ttksim3.local'

mojaloop-bulk:
  enabled: false

  bulk-api-adapter:
    enabled: true

    bulk-api-adapter-service:
      enabled: true
      # Default values for bulk-api-adapter.
      # This is a YAML-formatted file.
      # Declare variables to be passed into your templates.

      image:
        registry: docker.io
        repository: mojaloop/bulk-api-adapter
        tag: v17.0.0
        ## Specify a imagePullPolicy
        ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
        ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: IfNotPresent
        ## Optionally specify an array of imagePullSecrets.
        ## Secrets must be manually created in the namespace.
        ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
        ## e.g:
        ## pullSecrets:
        ##   - myRegistryKeySecretName
        ##
        pullSecrets: []

      replicaCount: 1
      command: '["node", "src/api/index.js"]'

      ## Enable diagnostic mode in the deployment
      ##
      diagnosticMode:
        ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
        ##
        enabled: false
        ## @param diagnosticMode.command Command to override all containers in the deployment
        ##
        command:
          - node
          - src/api/index.js
        ## @param diagnosticMode.args Args to override all containers in the deployment
        ##
        args:
          - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

        ## @param diagnosticMode.debug config to override all debug information
        ##
        debug:
          internalPort: 9229
          port: 9229

      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      ## Pod scheduling preferences.
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
      affinity: {}

      ## Node labels for pod assignment
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
      nodeSelector: {}

      ## Set toleration for scheduler
      ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
      tolerations: []

      ## metric configuration for prometheus instrumentation
      metrics:
        ## flag to enable/disable the metrics end-points
        enabled: true
        config:
          timeout: 5000
          prefix: moja_
          defaultLabels:
            serviceName: bulk-service

      config:
        # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
        kafka_host: *KAFKA_HOST
        kafka_port: *KAFKA_PORT

        ## MongoDB Configuration for Object Store
        mongo_host: *OBJSTORE_MONGO_HOST
        mongo_port: *OBJSTORE_MONGO_PORT
        mongo_user: *OBJSTORE_MONGO_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        mongo_password: *OBJSTORE_MONGO_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the secret,
        ### Use the next line if you do wish to use the secret value instead.
        # mongo_secret:
        ### Example config for an existing secret
        mongo_secret:
          name: *OBJSTORE_MONGO_SECRET_NAME
          key: *OBJSTORE_MONGO_SECRET_KEY
        mongo_database: mlos

        central_services_host: '$release_name-centralledger-service'
        central_services_port: 80

        security:
          callback:
            rejectUnauthorized: true
        log_level: info

        # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept),
        # and for generating requests/callbacks from the Switch itself (DEFAULT value)
        protocol_versions: |
          {
            "CONTENT": {
              "DEFAULT": "1.1",
              "VALIDATELIST": [
                "1",
                "1.0",
                "1.1"
              ]
            },
            "ACCEPT": {
              "DEFAULT": "1",
              "VALIDATELIST": [
                "1",
                "1.0",
                "1.1"
              ]
            }
          }

      ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
      ## e.g:
      ## initContainers:
      ##  - name: your-image-name
      ##    image: your-image
      ##    imagePullPolicy: Always
      ##    command: ['sh', '-c', 'echo "hello world"']
      ##
      # initContainers: []
      initContainers: |
        - name: wait-for-kafka
          image: solsson/kafka:2.8.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
              do
                echo --------------------;
                echo Waiting for Kafka...;
                sleep 2;
              done;
              echo ====================;
              echo Kafka ok!;
          env:
            - name: KAFKA_HOST
              value: '{{ .Values.config.kafka_host }}'
            - name: KAFKA_PORT
              value: '{{ .Values.config.kafka_port }}'
        - name: wait-for-mongodb
          image: bitnami/mongodb:6.0.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              until mongosh mongodb://${DB_HOST}:${DB_PORT} --authenticationDatabase "${DB_DATABASE}" --username "${DB_USER}" --password "${DB_PASS}" --eval "disableTelemetry();db.adminCommand('ping')" ;
              do
                echo --------------------;
                echo Waiting for MongoDB...;
                sleep 2;
              done;
              echo ====================;
              echo MongoDB ok!;
          env:
            - name: DB_HOST
              value: '{{ .Values.config.mongo_host }}'
            - name: DB_PORT
              value: '{{ .Values.config.mongo_port }}'
            - name: DB_USER
              value: '{{ .Values.config.mongo_user }}'
            - name: DB_PASS
              {{- if .Values.config.mongo_secret }}
              valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.mongo_secret.name }}'
                    key: '{{ .Values.config.mongo_secret.key }}'
              {{- else }}
              value: {{ .Values.config.mongo_password }}
              {{- end }}
            - name: DB_DATABASE
              value: '{{ .Values.config.mongo_database }}'

      ingress:
        enabled: true
        ## @param ingress.pathType Ingress path type
        ##
        pathType: ImplementationSpecific
        ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
        ##
        apiVersion: null
        ## @param ingress.hostname Default host for the ingress record
        ##
        hostname: bulk-api-adapter.local
        ## @param servicePort : port for the service
        ##
        servicePort: 80
        ## @param ingress.path Default path for the ingress record
        ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
        path: /
        ## @param ingress.annotations Additional custom annotations for the ingress record
        ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
        ##
        annotations: null
        ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
        ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
        ## You can:
        ##   - Use the `ingress.secrets` parameter to create this TLS secret
        ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
        ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
        ##
        tls: false
        ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
        ##
        certManager: false
        ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
        ##
        selfSigned: false
        ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
        ## e.g:
        ## extraHosts:
        ##   - name: transfer-api-svc.local
        ##     path: /
        ##
        extraHosts: null
        extraPaths: null
        extraTls: null
        secrets: null
        className: "nginx"
      # We usually recommend not to specify default resources and to leave this as a conscious
      # choice for the user. This also increases chances charts run on environments with little
      # resources, such as Minikube. If you do want to specify resources, uncomment the following
      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      # limits:
      #  cpu: 100m
      #  memory: 128Mi
      # requests:
      #  cpu: 100m
      #  memory: 128Mi
      resources: {}

    bulk-api-adapter-handler-notification:
      enabled: true
      # Default values for bulk-api-adapter-handler-notification.
      # This is a YAML-formatted file.
      # Declare variables to be passed into your templates.

      image:
        registry: docker.io
        repository: mojaloop/bulk-api-adapter
        tag: v17.0.0
        ## Specify a imagePullPolicy
        ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
        ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: IfNotPresent
        ## Optionally specify an array of imagePullSecrets.
        ## Secrets must be manually created in the namespace.
        ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
        ## e.g:
        ## pullSecrets:
        ##   - myRegistryKeySecretName
        ##
        pullSecrets: []

      replicaCount: 1
      command: '["node", "src/handlers/index.js", "handler", "--notification"]'

      ## Enable diagnostic mode in the deployment
      ##
      diagnosticMode:
        ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
        ##
        enabled: false
        ## @param diagnosticMode.command Command to override all containers in the deployment
        ##
        command:
          - node
          - src/handlers/index.js
          - handler
          - '--notification'
        ## @param diagnosticMode.args Args to override all containers in the deployment
        ##
        args:
          - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

        ## @param diagnosticMode.debug config to override all debug information
        ##
        debug:
          internalPort: 9229
          port: 9229

      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      ## metric configuration for prometheus instrumentation
      metrics:
        ## flag to enable/disable the metrics end-points
        enabled: true
        config:
          timeout: 5000
          prefix: moja_
          defaultLabels:
            serviceName: bulk-handler-notification

      config:
        # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
        kafka_host: *KAFKA_HOST
        kafka_port: *KAFKA_PORT

        ## MongoDB Configuration for Object Store
        mongo_host: *OBJSTORE_MONGO_HOST
        mongo_port: *OBJSTORE_MONGO_PORT
        mongo_user: *OBJSTORE_MONGO_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        mongo_password: *OBJSTORE_MONGO_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the secret,
        ### Use the next line if you do wish to use the secret value instead.
        # mongo_secret:
        ### Example config for an existing secret
        mongo_secret:
          name: *OBJSTORE_MONGO_SECRET_NAME
          key: *OBJSTORE_MONGO_SECRET_KEY
        mongo_database: mlos

        central_services_host: '$release_name-centralledger-service'
        central_services_port: 80

        security:
          callback:
            rejectUnauthorized: true
        log_level: info

        # Protocol versions used for validating (VALIDATELIST) incoming FSPIOP API Headers (Content-type, Accept),
        # and for generating requests/callbacks from the Switch itself (DEFAULT value)
        protocol_versions: |
          {
            "CONTENT": {
              "DEFAULT": "1.1",
              "VALIDATELIST": [
                "1",
                "1.0",
                "1.1"
              ]
            },
            "ACCEPT": {
              "DEFAULT": "1",
              "VALIDATELIST": [
                "1",
                "1.0",
                "1.1"
              ]
            }
          }

        # Parameters for JWS signing requests
        endpointSecurity:
          jwsSign: false
          fspiopSourceSigningName: 'switch'
          # `jwsSigningKeySecret` is used to specify the secret that contains the JWS signing key.
          # If `jwsSigningKeySecret` is not null, then the `jwsSigningKey` value will be ignored.
          # Expected properties of `jwsSigningKeySecret` are `name` and `key`.
          jwsSigningKeySecret: null
          jwsSigningKey: null
            # To generate this key:
            # Private:
            # ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
            # Public:
            # openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
            # Should look like:
            # -----BEGIN RSA PRIVATE KEY-----
            # MIIJKQIBAAKCAgEAxfqaZivMPd4MpdBHu0jVMf3MSuSdkSMHn+sNJdDQfl+x4R5R
            # ..
            # ..
            # mBynFpdjO0D3PnLKjnBDn1vFAfANOwVpGXCw5mn+484A/SIXYebWruFd03g4
            # -----END RSA PRIVATE KEY-----


      ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
      ## e.g:
      ## initContainers:
      ##  - name: your-image-name
      ##    image: your-image
      ##    imagePullPolicy: Always
      ##    command: ['sh', '-c', 'echo "hello world"']
      ##
      # initContainers: []
      initContainers: |
        - name: wait-for-kafka
          image: solsson/kafka:2.8.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
              do
                echo --------------------;
                echo Waiting for Kafka...;
                sleep 2;
              done;
              echo ====================;
              echo Kafka ok!;
          env:
            - name: KAFKA_HOST
              value: '{{ .Values.config.kafka_host }}'
            - name: KAFKA_PORT
              value: '{{ .Values.config.kafka_port }}'
        - name: wait-for-mongodb
          image: bitnami/mongodb:6.0.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              until mongosh mongodb://${DB_HOST}:${DB_PORT} --authenticationDatabase "${DB_DATABASE}" --username "${DB_USER}" --password "${DB_PASS}" --eval "disableTelemetry();db.adminCommand('ping')" ;
              do
                echo --------------------;
                echo Waiting for MongoDB...;
                sleep 2;
              done;
              echo ====================;
              echo MongoDB ok!;
          env:
            - name: DB_HOST
              value: '{{ .Values.config.mongo_host }}'
            - name: DB_PORT
              value: '{{ .Values.config.mongo_port }}'
            - name: DB_USER
              value: '{{ .Values.config.mongo_user }}'
            - name: DB_PASS
              {{- if .Values.config.mongo_secret }}
              valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.mongo_secret.name }}'
                    key: '{{ .Values.config.mongo_secret.key }}'
              {{- else }}
              value: {{ .Values.config.mongo_password }}
              {{- end }}
            - name: DB_DATABASE
              value: '{{ .Values.config.mongo_database }}'

      service:
        internalPort: 8088
        ## @param service.type %%MAIN_CONTAINER_NAME%% service type
        ##
        type: ClusterIP
        ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
        ##
        port: 80
        ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
        ##
        httpsPort: 443
        ## Node ports to expose
        ## @param service.nodePorts.http Node port for HTTP
        ## @param service.nodePorts.https Node port for HTTPS
        ## NOTE: choose port between <30000-32767>
        ##
        nodePorts:
          http: null
          https: null
          ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
        ## e.g.:
        ## clusterIP: None
        ##
        clusterIP: null
        ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
        ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
        ##
        loadBalancerIP: null
        ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
        ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
        ## e.g:
        ## loadBalancerSourceRanges:
        ##   - 10.10.10.0/24
        ##
        loadBalancerSourceRanges: []
        ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
        ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
        ##
        externalTrafficPolicy: Cluster
        ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
        ##
        annotations: {}
        ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
        ## If "ClientIP", consecutive client requests will be directed to the same Pod
        ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
        ##
        sessionAffinity: None
        ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
        ## sessionAffinityConfig:
        ##   clientIP:
        ##     timeoutSeconds: 300
        ##
        sessionAffinityConfig: {}

        ingress:
          enabled: false
          ## @param ingress.pathType Ingress path type
          ##
          pathType: ImplementationSpecific
          ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
          ##
          apiVersion: null
          ## @param ingress.hostname Default host for the ingress record
          ##
          hostname: bulk-api-adapter-notification.local
          ## @param servicePort : port for the service
          ##
          servicePort: 80
          ## @param ingress.path Default path for the ingress record
          ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
          path: /
          ## @param ingress.annotations Additional custom annotations for the ingress record
          ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
          ##
          annotations: null
          ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
          ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
          ## You can:
          ##   - Use the `ingress.secrets` parameter to create this TLS secret
          ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
          ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
          ##
          tls: false
          ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
          ##
          certManager: false
          ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
          ##
          selfSigned: false
          ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
          ## e.g:
          ## extraHosts:
          ##   - name: transfer-api-svc.local
          ##     path: /
          ##
          extraHosts: null
          extraPaths: null
          extraTls: null
          secrets: null
          className: "nginx"
      # We usually recommend not to specify default resources and to leave this as a conscious
      # choice for the user. This also increases chances charts run on environments with little
      # resources, such as Minikube. If you do want to specify resources, uncomment the following
      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      # limits:
      #  cpu: 100m
      #  memory: 128Mi
      # requests:
      #  cpu: 100m
      #  memory: 128Mi
      resources: {}

  bulk-centralledger:
    enabled: true

    cl-handler-bulk-transfer-prepare:
      enabled: true
      # Default values for centralledger-handler-bulk-transfer-prepare.
      # This is a YAML-formatted file.
      # Declare variables to be passed into your templates.

      image:
        registry: docker.io
        repository: mojaloop/central-ledger
        tag: v17.6.1
        ## Specify a imagePullPolicy
        ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
        ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: IfNotPresent
        ## Optionally specify an array of imagePullSecrets.
        ## Secrets must be manually created in the namespace.
        ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
        ## e.g:
        ## pullSecrets:
        ##   - myRegistryKeySecretName
        ##
        pullSecrets: []

      replicaCount: 1
      command: '["node", "src/handlers/index.js", "handler", "--bulkprepare"]'

      ## Enable diagnostic mode in the deployment
      ##
      diagnosticMode:
        ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
        ##
        enabled: false
        ## @param diagnosticMode.command Command to override all containers in the deployment
        ##
        command:
          - node
          - src/handlers/index.js
          - handler
          - '--bulkprepare'
        ## @param diagnosticMode.args Args to override all containers in the deployment
        ##
        args:
          - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

        ## @param diagnosticMode.debug config to override all debug information
        ##
        debug:
          internalPort: 9229
          port: 9229

      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      ## Pod scheduling preferences.
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
      affinity: {}

      ## Node labels for pod assignment
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
      nodeSelector: {}

      ## Set toleration for scheduler
      ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
      tolerations: []

      ## metric configuration for prometheus instrumentation
      metrics:
        ## flag to enable/disable the metrics end-points
        enabled: true
        config:
          timeout: 5000
          prefix: moja_
          defaultLabels:
            serviceName: central-handler-bulkprepare

      config:
        ## Forensic Logging sidecar
        # this is for Forensic Logging Sidecar
        forensicloggingsidecar_disabled: true
        forensicloggingsidecar_host: forensicloggingsidecar-ledger
        forensicloggingsidecar_port: 5678

        error_handling:
          include_cause_extension: false
          truncate_extensions: true

        ## DB Configuration
        # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
        db_type: 'mysql'
        # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
        db_driver: 'mysql'
        db_host: *CL_DB_HOST
        db_port: *CL_DB_PORT
        db_user: *CL_DB_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        # db_password: *CL_DB_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the db_password,
        ### Use the next line if you do wish to use the db_password value instead.
        # db_secret:
        ### Example config for an existing secret
        db_secret:
          name: *CL_DB_SECRET_NAME
          key: *CL_DB_SECRET_KEY
        db_database: *CL_DB_NAME
        db_connection_pool_min: 10
        db_connection_pool_max: 30
        db_acquire_timeout_millis: 30000
        db_create_timeout_millis: 30000
        db_destroy_timeout_millis: 5000
        db_idle_timeout_millis: 30000
        db_reap_interval_millis: 1000
        db_create_retry_interval_millis: 200
        db_debug: false

        ## MongoDB Configuration for Object Store
        objstore_disabled: false
        mongo_host: *OBJSTORE_MONGO_HOST
        mongo_port: *OBJSTORE_MONGO_PORT
        mongo_user: *OBJSTORE_MONGO_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        mongo_password: *OBJSTORE_MONGO_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the secret,
        ### Use the next line if you do wish to use the secret value instead.
        # mongo_secret:
        ### Example config for an existing secret
        mongo_secret:
          name: *OBJSTORE_MONGO_SECRET_NAME
          key: *OBJSTORE_MONGO_SECRET_KEY
        mongo_database: mlos

        ## Kafka Configuration
        # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
        kafka_host: *KAFKA_HOST
        kafka_port: *KAFKA_PORT

        ## Node Configuration
        log_level: info

        ## Enable On-Us transfers
        enable_on_us_transfers: false

      ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
      ## e.g:
      ## initContainers:
      ##  - name: your-image-name
      ##    image: your-image
      ##    imagePullPolicy: Always
      ##    command: ['sh', '-c', 'echo "hello world"']
      ##
      # initContainers: []
      initContainers: |
        - name: wait-for-kafka
          image: solsson/kafka:2.8.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
              do
                echo --------------------;
                echo Waiting for Kafka...;
                sleep 2;
              done;
              echo ====================;
              echo Kafka ok!;
          env:
            - name: KAFKA_HOST
              value: '{{ .Values.config.kafka_host }}'
            - name: KAFKA_PORT
              value: '{{ .Values.config.kafka_port }}'
        - name: wait-for-mysql
          image: mysql:5.7
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
              do
                echo --------------------;
                echo Waiting for MySQL...;
                sleep 2;
              done;
              echo ====================;
              echo MySQL ok!;
          env:
            - name: DB_HOST
              value: '{{ .Values.config.db_host }}'
            - name: DB_PORT
              value: '{{ .Values.config.db_port }}'
            - name: DB_USER
              value: '{{ .Values.config.db_user }}'
            - name: DB_PASSWORD
              {{- if .Values.config.db_secret }}
              valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.db_secret.name }}'
                    key: '{{ .Values.config.db_secret.key }}'
              {{- else }}
              value: {{ .Values.config.db_password }}
              {{- end }}
            - name: DB_DATABASE
              value: '{{ .Values.config.db_database }}'
        - name: wait-for-mongodb
          image: bitnami/mongodb:6.0.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              until mongosh mongodb://${DB_HOST}:${DB_PORT} --authenticationDatabase "${DB_DATABASE}" --username "${DB_USER}" --password "${DB_PASS}" --eval "disableTelemetry();db.adminCommand('ping')" ;
              do
                echo --------------------;
                echo Waiting for MongoDB...;
                sleep 2;
              done;
              echo ====================;
              echo MongoDB ok!;
          env:
            - name: DB_HOST
              value: '{{ .Values.config.mongo_host }}'
            - name: DB_PORT
              value: '{{ .Values.config.mongo_port }}'
            - name: DB_USER
              value: '{{ .Values.config.mongo_user }}'
            - name: DB_PASS
              {{- if .Values.config.mongo_secret }}
              valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.mongo_secret.name }}'
                    key: '{{ .Values.config.mongo_secret.key }}'
              {{- else }}
              value: {{ .Values.config.mongo_password }}
              {{- end }}
            - name: DB_DATABASE
              value: '{{ .Values.config.mongo_database }}'

      service:
        internalPort: 3001
        ## @param service.type %%MAIN_CONTAINER_NAME%% service type
        ##
        type: ClusterIP
        ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
        ##
        port: 80
        ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
        ##
        httpsPort: 443
        ## Node ports to expose
        ## @param service.nodePorts.http Node port for HTTP
        ## @param service.nodePorts.https Node port for HTTPS
        ## NOTE: choose port between <30000-32767>
        ##
        nodePorts:
          http: null
          https: null
          ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
        ## e.g.:
        ## clusterIP: None
        ##
        clusterIP: null
        ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
        ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
        ##
        loadBalancerIP: null
        ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
        ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
        ## e.g:
        ## loadBalancerSourceRanges:
        ##   - 10.10.10.0/24
        ##
        loadBalancerSourceRanges: []
        ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
        ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
        ##
        externalTrafficPolicy: Cluster
        ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
        ##
        annotations: {}
        ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
        ## If "ClientIP", consecutive client requests will be directed to the same Pod
        ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
        ##
        sessionAffinity: None
        ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
        ## sessionAffinityConfig:
        ##   clientIP:
        ##     timeoutSeconds: 300
        ##
        sessionAffinityConfig: {}

      ingress:
        enabled: false
        ## @param ingress.pathType Ingress path type
        ##
        pathType: ImplementationSpecific
        ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
        ##
        apiVersion: null
        ## @param ingress.hostname Default host for the ingress record
        ##
        hostname: central-ledger-transfer-bulkprepare.local
        ## @param servicePort : port for the service
        ##
        servicePort: 80
        ## @param ingress.path Default path for the ingress record
        ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
        path: /
        ## @param ingress.annotations Additional custom annotations for the ingress record
        ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
        ##
        annotations: null
        ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
        ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
        ## You can:
        ##   - Use the `ingress.secrets` parameter to create this TLS secret
        ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
        ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
        ##
        tls: false
        ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
        ##
        certManager: false
        ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
        ##
        selfSigned: false
        ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
        ## e.g:
        ## extraHosts:
        ##   - name: transfer-api-svc.local
        ##     path: /
        ##
        extraHosts: null
        extraPaths: null
        extraTls: null
        secrets: null
        className: "nginx"
      # We usually recommend not to specify default resources and to leave this as a conscious
      # choice for the user. This also increases chances charts run on environments with little
      # resources, such as Minikube. If you do want to specify resources, uncomment the following
      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      # limits:
      #  cpu: 100m
      #  memory: 128Mi
      # requests:
      #  cpu: 100m
      #  memory: 128Mi
      resources: {}

    cl-handler-bulk-transfer-fulfil:
      enabled: true
      # Default values for centralledger-handler-bulk-transfer-fulfil.
      # This is a YAML-formatted file.
      # Declare variables to be passed into your templates.

      image:
        registry: docker.io
        repository: mojaloop/central-ledger
        tag: v17.6.1
        ## Specify a imagePullPolicy
        ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
        ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: IfNotPresent
        ## Optionally specify an array of imagePullSecrets.
        ## Secrets must be manually created in the namespace.
        ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
        ## e.g:
        ## pullSecrets:
        ##   - myRegistryKeySecretName
        ##
        pullSecrets: []

      replicaCount: 1
      command: '["node", "src/handlers/index.js", "handler", "--bulkfulfil"]'

      ## Enable diagnostic mode in the deployment
      ##
      diagnosticMode:
        ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
        ##
        enabled: false
        ## @param diagnosticMode.command Command to override all containers in the deployment
        ##
        command:
          - node
          - src/handlers/index.js
          - handler
          - '--bulkfulfil'
        ## @param diagnosticMode.args Args to override all containers in the deployment
        ##
        args:
          - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

        ## @param diagnosticMode.debug config to override all debug information
        ##
        debug:
          internalPort: 9229
          port: 9229

      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      ## Pod scheduling preferences.
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
      affinity: {}

      ## Node labels for pod assignment
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
      nodeSelector: {}

      ## Set toleration for scheduler
      ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
      tolerations: []

      ## metric configuration for prometheus instrumentation
      metrics:
        ## flag to enable/disable the metrics end-points
        enabled: true
        config:
          timeout: 5000
          prefix: moja_
          defaultLabels:
            serviceName: central-handler-bulkfulfil

      config:
        ## Forensic Logging sidecar
        # this is for Forensic Logging Sidecar
        forensicloggingsidecar_disabled: true
        forensicloggingsidecar_host: forensicloggingsidecar-ledger
        forensicloggingsidecar_port: 5678

        error_handling:
          include_cause_extension: false
          truncate_extensions: true

        ## DB Configuration
        # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
        db_type: 'mysql'
        # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
        db_driver: 'mysql'
        db_host: *CL_DB_HOST
        db_port: *CL_DB_PORT
        db_user: *CL_DB_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        # db_password: *CL_DB_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the db_password,
        ### Use the next line if you do wish to use the db_password value instead.
        # db_secret:
        ### Example config for an existing secret
        db_secret:
          name: *CL_DB_SECRET_NAME
          key: *CL_DB_SECRET_KEY
        db_database: *CL_DB_NAME
        db_connection_pool_min: 10
        db_connection_pool_max: 30
        db_acquire_timeout_millis: 30000
        db_create_timeout_millis: 30000
        db_destroy_timeout_millis: 5000
        db_idle_timeout_millis: 30000
        db_reap_interval_millis: 1000
        db_create_retry_interval_millis: 200
        db_debug: false

        ## MongoDB Configuration for Object Store
        objstore_disabled: false
        mongo_host: *OBJSTORE_MONGO_HOST
        mongo_port: *OBJSTORE_MONGO_PORT
        mongo_user: *OBJSTORE_MONGO_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        mongo_password: *OBJSTORE_MONGO_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the secret,
        ### Use the next line if you do wish to use the secret value instead.
        # mongo_secret:
        ### Example config for an existing secret
        mongo_secret:
          name: *OBJSTORE_MONGO_SECRET_NAME
          key: *OBJSTORE_MONGO_SECRET_KEY
        mongo_database: mlos

        ## Kafka Configuration
        # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
        kafka_host: *KAFKA_HOST
        kafka_port: *KAFKA_PORT

        ## Node Configuration
        log_level: info

      ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
      ## e.g:
      ## initContainers:
      ##  - name: your-image-name
      ##    image: your-image
      ##    imagePullPolicy: Always
      ##    command: ['sh', '-c', 'echo "hello world"']
      ##
      # initContainers: []
      initContainers: |
        - name: wait-for-kafka
          image: solsson/kafka:2.8.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
              do
                echo --------------------;
                echo Waiting for Kafka...;
                sleep 2;
              done;
              echo ====================;
              echo Kafka ok!;
          env:
            - name: KAFKA_HOST
              value: '{{ .Values.config.kafka_host }}'
            - name: KAFKA_PORT
              value: '{{ .Values.config.kafka_port }}'
        - name: wait-for-mysql
          image: mysql:5.7
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
              do
                echo --------------------;
                echo Waiting for MySQL...;
                sleep 2;
              done;
              echo ====================;
              echo MySQL ok!;
          env:
            - name: DB_HOST
              value: '{{ .Values.config.db_host }}'
            - name: DB_PORT
              value: '{{ .Values.config.db_port }}'
            - name: DB_USER
              value: '{{ .Values.config.db_user }}'
            - name: DB_PASSWORD
              {{- if .Values.config.db_secret }}
              valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.db_secret.name }}'
                    key: '{{ .Values.config.db_secret.key }}'
              {{- else }}
              value: {{ .Values.config.db_password }}
              {{- end }}
            - name: DB_DATABASE
              value: '{{ .Values.config.db_database }}'
        - name: wait-for-mongodb
          image: bitnami/mongodb:6.0.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              until mongosh mongodb://${DB_HOST}:${DB_PORT} --authenticationDatabase "${DB_DATABASE}" --username "${DB_USER}" --password "${DB_PASS}" --eval "disableTelemetry();db.adminCommand('ping')" ;
              do
                echo --------------------;
                echo Waiting for MongoDB...;
                sleep 2;
              done;
              echo ====================;
              echo MongoDB ok!;
          env:
            - name: DB_HOST
              value: '{{ .Values.config.mongo_host }}'
            - name: DB_PORT
              value: '{{ .Values.config.mongo_port }}'
            - name: DB_USER
              value: '{{ .Values.config.mongo_user }}'
            - name: DB_PASS
              {{- if .Values.config.mongo_secret }}
              valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.mongo_secret.name }}'
                    key: '{{ .Values.config.mongo_secret.key }}'
              {{- else }}
              value: {{ .Values.config.mongo_password }}
              {{- end }}
            - name: DB_DATABASE
              value: '{{ .Values.config.mongo_database }}'

      service:
        internalPort: 3001
        ## @param service.type %%MAIN_CONTAINER_NAME%% service type
        ##
        type: ClusterIP
        ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
        ##
        port: 80
        ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
        ##
        httpsPort: 443
        ## Node ports to expose
        ## @param service.nodePorts.http Node port for HTTP
        ## @param service.nodePorts.https Node port for HTTPS
        ## NOTE: choose port between <30000-32767>
        ##
        nodePorts:
          http: null
          https: null
          ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
        ## e.g.:
        ## clusterIP: None
        ##
        clusterIP: null
        ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
        ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
        ##
        loadBalancerIP: null
        ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
        ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
        ## e.g:
        ## loadBalancerSourceRanges:
        ##   - 10.10.10.0/24
        ##
        loadBalancerSourceRanges: []
        ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
        ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
        ##
        externalTrafficPolicy: Cluster
        ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
        ##
        annotations: {}
        ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
        ## If "ClientIP", consecutive client requests will be directed to the same Pod
        ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
        ##
        sessionAffinity: None
        ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
        ## sessionAffinityConfig:
        ##   clientIP:
        ##     timeoutSeconds: 300
        ##
        sessionAffinityConfig: {}

      ingress:
        enabled: false
        ## @param ingress.pathType Ingress path type
        ##
        pathType: ImplementationSpecific
        ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
        ##
        apiVersion: null
        ## @param ingress.hostname Default host for the ingress record
        ##
        hostname: central-ledger-transfer-bulkfulfil.local
        ## @param servicePort : port for the service
        ##
        servicePort: 80
        ## @param ingress.path Default path for the ingress record
        ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
        path: /
        ## @param ingress.annotations Additional custom annotations for the ingress record
        ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
        ##
        annotations: null
        ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
        ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
        ## You can:
        ##   - Use the `ingress.secrets` parameter to create this TLS secret
        ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
        ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
        ##
        tls: false
        ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
        ##
        certManager: false
        ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
        ##
        selfSigned: false
        ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
        ## e.g:
        ## extraHosts:
        ##   - name: transfer-api-svc.local
        ##     path: /
        ##
        extraHosts: null
        extraPaths: null
        extraTls: null
        secrets: null
        className: "nginx"
      # We usually recommend not to specify default resources and to leave this as a conscious
      # choice for the user. This also increases chances charts run on environments with little
      # resources, such as Minikube. If you do want to specify resources, uncomment the following
      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      # limits:
      #  cpu: 100m
      #  memory: 128Mi
      # requests:
      #  cpu: 100m
      #  memory: 128Mi
      resources: {}

    cl-handler-bulk-transfer-processing:
      enabled: true
      # Default values for centralledger-handler-bulk-transfer-processing.
      # This is a YAML-formatted file.
      # Declare variables to be passed into your templates.

      image:
        registry: docker.io
        repository: mojaloop/central-ledger
        tag: v17.6.1
        ## Specify a imagePullPolicy
        ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
        ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: IfNotPresent
        ## Optionally specify an array of imagePullSecrets.
        ## Secrets must be manually created in the namespace.
        ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
        ## e.g:
        ## pullSecrets:
        ##   - myRegistryKeySecretName
        ##
        pullSecrets: []

      replicaCount: 1
      command: '["node", "src/handlers/index.js", "handler", "--bulkprocessing"]'

      ## Enable diagnostic mode in the deployment
      ##
      diagnosticMode:
        ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
        ##
        enabled: false
        ## @param diagnosticMode.command Command to override all containers in the deployment
        ##
        command:
          - node
          - src/handlers/index.js
          - handler
          - '--bulkprocessing'
        ## @param diagnosticMode.args Args to override all containers in the deployment
        ##
        args:
          - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

        ## @param diagnosticMode.debug config to override all debug information
        ##
        debug:
          internalPort: 9229
          port: 9229

      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      ## Pod scheduling preferences.
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
      affinity: {}

      ## Node labels for pod assignment
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
      nodeSelector: {}

      ## Set toleration for scheduler
      ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
      tolerations: []

      ## metric configuration for prometheus instrumentation
      metrics:
        ## flag to enable/disable the metrics end-points
        enabled: true
        config:
          timeout: 5000
          prefix: moja_
          defaultLabels:
            serviceName: central-handler-bulkprocessing

      config:
        ## Forensic Logging sidecar
        # this is for Forensic Logging Sidecar
        forensicloggingsidecar_disabled: true
        forensicloggingsidecar_host: forensicloggingsidecar-ledger
        forensicloggingsidecar_port: 5678

        error_handling:
          include_cause_extension: false
          truncate_extensions: true

        ## DB Configuration
        # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
        db_type: 'mysql'
        # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
        db_driver: 'mysql'
        db_host: *CL_DB_HOST
        db_port: *CL_DB_PORT
        db_user: *CL_DB_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        # db_password: *CL_DB_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the db_password,
        ### Use the next line if you do wish to use the db_password value instead.
        # db_secret:
        ### Example config for an existing secret
        db_secret:
          name: *CL_DB_SECRET_NAME
          key: *CL_DB_SECRET_KEY
        db_database: *CL_DB_NAME
        db_connection_pool_min: 10
        db_connection_pool_max: 30
        db_acquire_timeout_millis: 30000
        db_create_timeout_millis: 30000
        db_destroy_timeout_millis: 5000
        db_idle_timeout_millis: 30000
        db_reap_interval_millis: 1000
        db_create_retry_interval_millis: 200
        db_debug: false

        ## MongoDB Configuration for Object Store
        objstore_disabled: false
        mongo_host: *OBJSTORE_MONGO_HOST
        mongo_port: *OBJSTORE_MONGO_PORT
        mongo_user: *OBJSTORE_MONGO_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        mongo_password: *OBJSTORE_MONGO_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the secret,
        ### Use the next line if you do wish to use the secret value instead.
        # mongo_secret:
        ### Example config for an existing secret
        mongo_secret:
          name: *OBJSTORE_MONGO_SECRET_NAME
          key: *OBJSTORE_MONGO_SECRET_KEY
        mongo_database: mlos

        ## Kafka Configuration
        # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
        kafka_host: *KAFKA_HOST
        kafka_port: *KAFKA_PORT

        ## Node Configuration
        log_level: info

      ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
      ## e.g:
      ## initContainers:
      ##  - name: your-image-name
      ##    image: your-image
      ##    imagePullPolicy: Always
      ##    command: ['sh', '-c', 'echo "hello world"']
      ##
      # initContainers: []
      initContainers: |
        - name: wait-for-kafka
          image: solsson/kafka:2.8.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
              do
                echo --------------------;
                echo Waiting for Kafka...;
                sleep 2;
              done;
              echo ====================;
              echo Kafka ok!;
          env:
            - name: KAFKA_HOST
              value: '{{ .Values.config.kafka_host }}'
            - name: KAFKA_PORT
              value: '{{ .Values.config.kafka_port }}'
        - name: wait-for-mysql
          image: mysql:5.7
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
              do
                echo --------------------;
                echo Waiting for MySQL...;
                sleep 2;
              done;
              echo ====================;
              echo MySQL ok!;
          env:
            - name: DB_HOST
              value: '{{ .Values.config.db_host }}'
            - name: DB_PORT
              value: '{{ .Values.config.db_port }}'
            - name: DB_USER
              value: '{{ .Values.config.db_user }}'
            - name: DB_PASSWORD
              {{- if .Values.config.db_secret }}
              valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.db_secret.name }}'
                    key: '{{ .Values.config.db_secret.key }}'
              {{- else }}
              value: {{ .Values.config.db_password }}
              {{- end }}
            - name: DB_DATABASE
              value: '{{ .Values.config.db_database }}'
        - name: wait-for-mongodb
          image: bitnami/mongodb:6.0.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              until mongosh mongodb://${DB_HOST}:${DB_PORT} --authenticationDatabase "${DB_DATABASE}" --username "${DB_USER}" --password "${DB_PASS}" --eval "disableTelemetry();db.adminCommand('ping')" ;
              do
                echo --------------------;
                echo Waiting for MongoDB...;
                sleep 2;
              done;
              echo ====================;
              echo MongoDB ok!;
          env:
            - name: DB_HOST
              value: '{{ .Values.config.mongo_host }}'
            - name: DB_PORT
              value: '{{ .Values.config.mongo_port }}'
            - name: DB_USER
              value: '{{ .Values.config.mongo_user }}'
            - name: DB_PASS
              {{- if .Values.config.mongo_secret }}
              valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.mongo_secret.name }}'
                    key: '{{ .Values.config.mongo_secret.key }}'
              {{- else }}
              value: {{ .Values.config.mongo_password }}
              {{- end }}
            - name: DB_DATABASE
              value: '{{ .Values.config.mongo_database }}'

      service:
        internalPort: 3001
        ## @param service.type %%MAIN_CONTAINER_NAME%% service type
        ##
        type: ClusterIP
        ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
        ##
        port: 80
        ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
        ##
        httpsPort: 443
        ## Node ports to expose
        ## @param service.nodePorts.http Node port for HTTP
        ## @param service.nodePorts.https Node port for HTTPS
        ## NOTE: choose port between <30000-32767>
        ##
        nodePorts:
          http: null
          https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
        ## e.g.:
        ## clusterIP: None
        ##
        clusterIP: null
        ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
        ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
        ##
        loadBalancerIP: null
        ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
        ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
        ## e.g:
        ## loadBalancerSourceRanges:
        ##   - 10.10.10.0/24
        ##
        loadBalancerSourceRanges: []
        ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
        ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
        ##
        externalTrafficPolicy: Cluster
        ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
        ##
        annotations: {}
        ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
        ## If "ClientIP", consecutive client requests will be directed to the same Pod
        ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
        ##
        sessionAffinity: None
        ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
        ## sessionAffinityConfig:
        ##   clientIP:
        ##     timeoutSeconds: 300
        ##
        sessionAffinityConfig: {}

      ingress:
        enabled: false
        ## @param ingress.pathType Ingress path type
        ##
        pathType: ImplementationSpecific
        ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
        ##
        apiVersion: null
        ## @param ingress.hostname Default host for the ingress record
        ##
        hostname: central-ledger-transfer-bulkprocessing.local
        ## @param servicePort : port for the service
        ##
        servicePort: 80
        ## @param ingress.path Default path for the ingress record
        ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
        path: /
        ## @param ingress.annotations Additional custom annotations for the ingress record
        ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
        ##
        annotations: null
        ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
        ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
        ## You can:
        ##   - Use the `ingress.secrets` parameter to create this TLS secret
        ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
        ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
        ##
        tls: false
        ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
        ##
        certManager: false
        ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
        ##
        selfSigned: false
        ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
        ## e.g:
        ## extraHosts:
        ##   - name: transfer-api-svc.local
        ##     path: /
        ##
        extraHosts: null
        extraPaths: null
        extraTls: null
        secrets: null
        className: "nginx"
      # We usually recommend not to specify default resources and to leave this as a conscious
      # choice for the user. This also increases chances charts run on environments with little
      # resources, such as Minikube. If you do want to specify resources, uncomment the following
      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      # limits:
      #  cpu: 100m
      #  memory: 128Mi
      # requests:
      #  cpu: 100m
      #  memory: 128Mi
      resources: {}

    cl-handler-bulk-transfer-get:
      enabled: true
      # Default values for centralledger-handler-bulk-transfer-get.
      # This is a YAML-formatted file.
      # Declare variables to be passed into your templates.

      image:
        registry: docker.io
        repository: mojaloop/central-ledger
        tag: v17.6.1
        ## Specify a imagePullPolicy
        ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
        ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: IfNotPresent
        ## Optionally specify an array of imagePullSecrets.
        ## Secrets must be manually created in the namespace.
        ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
        ## e.g:
        ## pullSecrets:
        ##   - myRegistryKeySecretName
        ##
        pullSecrets: []

      replicaCount: 1
      command: '["node", "src/handlers/index.js", "handler", "--bulkget"]'

      ## Enable diagnostic mode in the deployment
      ##
      diagnosticMode:
        ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
        ##
        enabled: false
        ## @param diagnosticMode.command Command to override all containers in the deployment
        ##
        command:
          - node
          - src/handlers/index.js
          - handler
          - '--bulkget'
        ## @param diagnosticMode.args Args to override all containers in the deployment
        ##
        args:
          - --inspect=0.0.0.0:{{ .Values.diagnosticMode.debug.port }}

        ## @param diagnosticMode.debug config to override all debug information
        ##
        debug:
          internalPort: 9229
          port: 9229

      readinessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      livenessProbe:
        enabled: true
        httpGet:
          path: /health
        initialDelaySeconds: 60
        periodSeconds: 15

      ## Pod scheduling preferences.
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
      affinity: {}

      ## Node labels for pod assignment
      ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
      nodeSelector: {}

      ## Set toleration for scheduler
      ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
      tolerations: []

      ## metric configuration for prometheus instrumentation
      metrics:
        ## flag to enable/disable the metrics end-points
        enabled: true
        config:
          timeout: 5000
          prefix: moja_
          defaultLabels:
            serviceName: central-handler-bulkget

      config:
        ## Forensic Logging sidecar
        # this is for Forensic Logging Sidecar
        forensicloggingsidecar_disabled: true
        forensicloggingsidecar_host: forensicloggingsidecar-ledger
        forensicloggingsidecar_port: 5678

        error_handling:
          include_cause_extension: false
          truncate_extensions: true

        ## DB Configuration
        # db_type can either be 'postgres' or 'mysql'. Ensure the correct DB is enabled and configured below: postgresql.enabled or mysql.enabled
        db_type: 'mysql'
        # db_driver can either be 'pg' or 'mysql'. Ensure the correct corresponding db_type above has been set.
        db_driver: 'mysql'
        db_host: *CL_DB_HOST
        db_port: *CL_DB_PORT
        db_user: *CL_DB_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        # db_password: *CL_DB_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the db_password,
        ### Use the next line if you do wish to use the db_password value instead.
        # db_secret:
        ### Example config for an existing secret
        db_secret:
          name: *CL_DB_SECRET_NAME
          key: *CL_DB_SECRET_KEY
        db_database: *CL_DB_NAME
        db_connection_pool_min: 10
        db_connection_pool_max: 30
        db_acquire_timeout_millis: 30000
        db_create_timeout_millis: 30000
        db_destroy_timeout_millis: 5000
        db_idle_timeout_millis: 30000
        db_reap_interval_millis: 1000
        db_create_retry_interval_millis: 200
        db_debug: false

        ## MongoDB Configuration for Object Store
        objstore_disabled: false
        mongo_host: *OBJSTORE_MONGO_HOST
        mongo_port: *OBJSTORE_MONGO_PORT
        mongo_user: *OBJSTORE_MONGO_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        mongo_password: *OBJSTORE_MONGO_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the secret,
        ### Use the next line if you do wish to use the secret value instead.
        # mongo_secret:
        ### Example config for an existing secret
        mongo_secret:
          name: *OBJSTORE_MONGO_SECRET_NAME
          key: *OBJSTORE_MONGO_SECRET_KEY
        mongo_database: mlos

        ## Kafka Configuration
        # this can be set if the dependency chart for kafka is disabled. If 'kafka_host' is commented out, then the name of the dependency chart will be used.
        kafka_host: *KAFKA_HOST
        kafka_port: *KAFKA_PORT

        ## Node Configuration
        log_level: info

      ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
      ## e.g:
      ## initContainers:
      ##  - name: your-image-name
      ##    image: your-image
      ##    imagePullPolicy: Always
      ##    command: ['sh', '-c', 'echo "hello world"']
      ##
      # initContainers: []
      initContainers: |
        - name: wait-for-kafka
          image: solsson/kafka:2.8.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - until ./bin/kafka-broker-api-versions.sh --bootstrap-server ${KAFKA_HOST}:${KAFKA_PORT};
              do
                echo --------------------;
                echo Waiting for Kafka...;
                sleep 2;
              done;
              echo ====================;
              echo Kafka ok!;
          env:
            - name: KAFKA_HOST
              value: '{{ .Values.config.kafka_host }}'
            - name: KAFKA_PORT
              value: '{{ .Values.config.kafka_port }}'
        - name: wait-for-mysql
          image: mysql:5.7
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              until result=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} --password=${DB_PASSWORD} ${DB_DATABASE} -ss -N -e 'select is_locked from migration_lock;') && eval 'echo is_locked=$result' && if [ -z $result ]; then false; fi && if [ $result -ne 0 ]; then false; fi;
              do
                echo --------------------;
                echo Waiting for MySQL...;
                sleep 2;
              done;
              echo ====================;
              echo MySQL ok!;
          env:
            - name: DB_HOST
              value: '{{ .Values.config.db_host }}'
            - name: DB_PORT
              value: '{{ .Values.config.db_port }}'
            - name: DB_USER
              value: '{{ .Values.config.db_user }}'
            - name: DB_PASSWORD
              {{- if .Values.config.db_secret }}
              valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.db_secret.name }}'
                    key: '{{ .Values.config.db_secret.key }}'
              {{- else }}
              value: {{ .Values.config.db_password }}
              {{- end }}
            - name: DB_DATABASE
              value: '{{ .Values.config.db_database }}'
        - name: wait-for-mongodb
          image: bitnami/mongodb:6.0.1
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              until mongosh mongodb://${DB_HOST}:${DB_PORT} --authenticationDatabase "${DB_DATABASE}" --username "${DB_USER}" --password "${DB_PASS}" --eval "disableTelemetry();db.adminCommand('ping')" ;
              do
                echo --------------------;
                echo Waiting for MongoDB...;
                sleep 2;
              done;
              echo ====================;
              echo MongoDB ok!;
          env:
            - name: DB_HOST
              value: '{{ .Values.config.mongo_host }}'
            - name: DB_PORT
              value: '{{ .Values.config.mongo_port }}'
            - name: DB_USER
              value: '{{ .Values.config.mongo_user }}'
            - name: DB_PASS
              {{- if .Values.config.mongo_secret }}
              valueFrom:
                  secretKeyRef:
                    name: '{{ .Values.config.mongo_secret.name }}'
                    key: '{{ .Values.config.mongo_secret.key }}'
              {{- else }}
              value: {{ .Values.config.mongo_password }}
              {{- end }}
            - name: DB_DATABASE
              value: '{{ .Values.config.mongo_database }}'

      service:
        internalPort: 3001
        ## @param service.type %%MAIN_CONTAINER_NAME%% service type
        ##
        type: ClusterIP
        ## @param service.port %%MAIN_CONTAINER_NAME%% service HTTP port
        ##
        port: 80
        ## @param service.httpsPort %%MAIN_CONTAINER_NAME%% service HTTPS port
        ##
        httpsPort: 443
        ## Node ports to expose
        ## @param service.nodePorts.http Node port for HTTP
        ## @param service.nodePorts.https Node port for HTTPS
        ## NOTE: choose port between <30000-32767>
        ##
        nodePorts:
          http: null
          https: null
        ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
        ## e.g.:
        ## clusterIP: None
        ##
        clusterIP: null
        ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP
        ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
        ##
        loadBalancerIP: null
        ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
        ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
        ## e.g:
        ## loadBalancerSourceRanges:
        ##   - 10.10.10.0/24
        ##
        loadBalancerSourceRanges: []
        ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
        ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
        ##
        externalTrafficPolicy: Cluster
        ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
        ##
        annotations: {}
        ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
        ## If "ClientIP", consecutive client requests will be directed to the same Pod
        ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
        ##
        sessionAffinity: None
        ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
        ## sessionAffinityConfig:
        ##   clientIP:
        ##     timeoutSeconds: 300
        ##
        sessionAffinityConfig: {}

      ingress:
        enabled: false
        ## @param ingress.pathType Ingress path type
        ##
        pathType: ImplementationSpecific
        ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
        ##
        apiVersion: null
        ## @param ingress.hostname Default host for the ingress record
        ##
        hostname: central-ledger-transfer-bulkget.local
        ## @param servicePort : port for the service
        ##
        servicePort: 80
        ## @param ingress.path Default path for the ingress record
        ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
        path: /
        ## @param ingress.annotations Additional custom annotations for the ingress record
        ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
        ##
        annotations: null
        ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
        ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
        ## You can:
        ##   - Use the `ingress.secrets` parameter to create this TLS secret
        ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
        ##   - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
        ##
        tls: false
        ## @param ingress.certManager Add the corresponding annotations for cert-manager integration
        ##
        certManager: false
        ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
        ##
        selfSigned: false
        ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
        ## e.g:
        ## extraHosts:
        ##   - name: transfer-api-svc.local
        ##     path: /
        ##
        extraHosts: null
        extraPaths: null
        extraTls: null
        secrets: null
        className: "nginx"
      # We usually recommend not to specify default resources and to leave this as a conscious
      # choice for the user. This also increases chances charts run on environments with little
      # resources, such as Minikube. If you do want to specify resources, uncomment the following
      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      # limits:
      #  cpu: 100m
      #  memory: 128Mi
      # requests:
      #  cpu: 100m
      #  memory: 128Mi
      resources: {}

ml-testing-toolkit:
  enabled: true
  ml-testing-toolkit-backend: ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    ## e.g:
    ## initContainers:
    ##  - name: your-image-name
    ##    image: your-image
    ##    imagePullPolicy: Always
    ##    command: ['sh', '-c', 'echo "hello world"']
    ##
    # initContainers: [] # We want to disable init-containers as there is no need
    ## Use the following initContainers if you are using a MongoDB as a dependency
    initContainers: |
      - name: wait-for-mongodb
        image: bitnami/mongodb:6.0.1
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - -c
          - |
            until mongosh mongodb://${DB_HOST}:${DB_PORT} --authenticationDatabase "${DB_DATABASE}" --username "${DB_USER}" --password "${DB_PASS}" --eval "disableTelemetry();db.adminCommand('ping')" ;
            do
              echo --------------------;
              echo Waiting for MongoDB...;
              sleep 2;
            done;
            echo ====================;
            echo MongoDB ok!;
        env:
          - name: DB_HOST
            value: '{{ .Values.config.mongodb.host }}'
          - name: DB_PORT
            value: '{{ .Values.config.mongodb.port }}'
          - name: DB_USER
            value: '{{ .Values.config.mongodb.user }}'
          - name: DB_PASS
          {{- if .Values.config.mongodb.secret }}
            valueFrom:
              secretKeyRef:
                name: '{{ .Values.config.mongodb.secret.name }}'
                key: '{{ .Values.config.mongodb.secret.key }}'
          {{- else }}
            value: {{ .Values.config.mongodb.password }}
          {{- end }}
          - name: DB_DATABASE
            value: '{{ .Values.config.mongodb.database }}'

    config:
      mongodb:
        host: *TTK_MONGO_HOST
        port: *TTK_MONGO_PORT
        user: *TTK_MONGO_USER
        ## Secret-Management
        ### Set this if you are using a clear password configured in the config section
        password: *TTK_MONGO_PASSWORD
        ### Configure this if you want to use a secret. Note, this will override the db_password,
        ### Use the next line if you do wish to use the db_password value instead.
        # secret:
        ### Example config for an existing secret
        secret:
          name: *TTK_MONGO_SECRET_NAME
          key: *TTK_MONGO_SECRET_KEY
        database: *TTK_MONGO_DATABASE

    ingress:
      enabled: true
      hosts:
        specApi:
          host: testing-toolkit-specapi.local
        adminApi:
          host: testing-toolkit.local
    config_files:
      user_config.json: {"DEFAULT_ENVIRONMENT_FILE_NAME": "hub-k8s-default-environment.json"}
      # system_config.json: {
      #   ## Uncomment for Socket IO configs for UI to Backend interactions. This may help if long running Test-Collections time-out.
      #   #  "SOCKET_IO_ENGINE_OPTIONS": {
      #   #     "pingInterval": 25000,
      #   #     "pingTimeout": 300000
      #   # }
      # }
      system_config.json: {}
      ## We can specify the files and folders here those we want to override in the TTK `spec_files` directory.
      ## For example, you can specify user_config.json, system_config.json ...etc
      ## Files inside the folders can be defined with full path of the files with slashes replaced by two underscores `__`.
      ## For example, `rules_response__default.json`, `rules_callback__default.json`, `rules_validation__default.json` ...etc
      ## We can pass the JSON content as the value for the parameters
      ## Or we can pass a http/https URL for the JSON file as the value for the parameters. Then the file will be downloaded and replaced in the corresponding location.
      ## Ex: rules_callback__default.json: "https://raw.githubusercontent.com/mojaloop/ml-testing-toolkit/master/spec_files/rules_callback/default.json"
      rules_callback__default.json: "https://github.com/mojaloop/testing-toolkit-test-cases/raw/v16.0.0/rules/mojaloop/ml-testing-toolkit/spec_files/rules_callback/default.json"
      rules_response__default.json: "https://github.com/mojaloop/testing-toolkit-test-cases/raw/v16.0.0/rules/mojaloop/ml-testing-toolkit/spec_files/rules_response/default.json"
      rules_validation__default.json: "https://github.com/mojaloop/testing-toolkit-test-cases/raw/v16.0.0/rules/mojaloop/ml-testing-toolkit/spec_files/rules_validation/default.json"
    # We can change the names of the simulators to configure the environment files for the testing toolkit.
    # If you change these values, you need to change the simulator names in the mojaloop-simulats->simulators section
    parameters: &simNames
      simNamePayerfsp: 'payerfsp'
      simNamePayeefsp: 'payeefsp'
      simNameTestfsp1: 'testfsp1'
      simNameTestfsp2: 'testfsp2'
      simNameTestfsp3: 'testfsp3'
      simNameTestfsp4: 'testfsp4'
      simNameNoResponsePayeefsp: 'noresponsepayeefsp'
      simNameTTKSim1: 'ttksim1'
      simNameTTKSim2: 'ttksim2'
      simNameTTKSim3: 'ttksim3'
    extraEnvironments:
      hub-k8s-default-environment.json: &ttkInputValues {"inputValues": {"BASE_CENTRAL_LEDGER_ADMIN": "", "CALLBACK_ENDPOINT_BASE_URL": "http://$release_name-ml-testing-toolkit-backend:4040", "ENABLE_JWS_SIGNING": true, "ENABLE_JWS_VALIDATION": false, "ENABLE_PROTECTED_HEADERS_VALIDATION": true, "ENABLE_WS_ASSERTIONS": true, "HOST_ACCOUNT_LOOKUP_ADMIN": "http://$release_name-account-lookup-service-admin", "HOST_ACCOUNT_LOOKUP_SERVICE": "http://$release_name-account-lookup-service", "HOST_ACCOUNT_LOOKUP_SERVICE_ADMIN": "http://$release_name-account-lookup-service-admin", "HOST_BULK_ADAPTER": "http://$release_name-bulk-api-adapter-service", "HOST_CENTRAL_LEDGER": "http://$release_name-centralledger-service", "HOST_CENTRAL_SETTLEMENT": "http://$release_name-centralsettlement-service/v2", "HOST_LEGACY_SIMULATOR": "http://$release_name-simulator", "HOST_ML_API_ADAPTER": "http://$release_name-ml-api-adapter-service", "HOST_QUOTING_SERVICE": "http://$release_name-quoting-service", "HOST_SIMULATOR": "http://$release_name-simulator", "HOST_TRANSACTION_REQUESTS_SERVICE": "http://$release_name-transaction-requests-service", "HUB_OPERATOR_BEARER_TOKEN": "NOT_APPLICABLE", "PAYEEFSP_BACKEND_TESTAPI_URL": "http://$release_name-sim-$param_simNamePayeefsp-backend:3003", "PAYEEFSP_CALLBACK_URL": "http://$release_name-sim-$param_simNamePayeefsp-scheme-adapter:4000", "PAYEEFSP_SDK_TESTAPI_URL": "http://$release_name-sim-$param_simNamePayeefsp-scheme-adapter:4002", "PAYEEFSP_SDK_TESTAPI_WS_URL": "ws://$release_name-sim-$param_simNamePayeefsp-scheme-adapter:4002", "PAYERFSP_BACKEND_TESTAPI_URL": "http://$release_name-sim-$param_simNamePayerfsp-backend:3003", "PAYERFSP_CALLBACK_URL": "http://$release_name-sim-$param_simNamePayerfsp-scheme-adapter:4000", "PAYERFSP_SDK_TESTAPI_URL": "http://$release_name-sim-$param_simNamePayerfsp-scheme-adapter:4002", "PAYERFSP_SDK_TESTAPI_WS_URL": "ws://$release_name-sim-$param_simNamePayerfsp-scheme-adapter:4002", "SIMPAYEE_CURRENCY": "USD", "SIMPAYEE_JWS_PUB_KEY": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLtduponsAlAk+3+PQdE\nsgjxRs5qhkrPa0z25NbHvgQYan4bH5GY+nEUX65YN65nusHtCG9gBeU0C56EgZQw\nIpkHDTh166qQGPwdJf5oMlMJn79DSd1I2bghbsNx0a1P6ElH16AyEwvgYtdtMOBW\nNgf7z5/tYgv7bGgmsp3qGlf0nnaux/frJhJ0Hxpd6eUCafwdlrNwc9R6iCKMSxGj\nvVTHgx0D7zSZ/+4PXq6gObyIZoC0uOsKKzlY3USx9khAh+96qfFoNKyfGHltpEPJ\nLmOLh3BtzDuna2KwtNdVNGcjPdCle3b9mNIdhR5aZ/bP6Zm+t9JuRC6ZwU/6WEy3\nFwIDAQAB\n-----END PUBLIC KEY-----\n", "SIMPAYEE_MSISDN": "17039811902", "SIMPAYEE_NAME": "$param_simNamePayeefsp", "SIMPAYER_CURRENCY": "USD", "SIMPAYER_MSISDN": "17039811901", "SIMPAYER_NAME": "$param_simNamePayerfsp", "TESTFSP1_BACKEND_TESTAPI_URL": "http://$release_name-sim-$param_simNameTestfsp1-backend:3003", "TESTFSP1_CALLBACK_URL": "http://$release_name-sim-$param_simNameTestfsp1-scheme-adapter:4000", "TESTFSP1_SDK_TESTAPI_URL": "http://$release_name-sim-$param_simNameTestfsp1-scheme-adapter:4002", "TESTFSP1_SDK_TESTAPI_WS_URL": "ws://$release_name-sim-$param_simNameTestfsp1-scheme-adapter:4002", "TESTFSP2_BACKEND_TESTAPI_URL": "http://$release_name-sim-$param_simNameTestfsp2-backend:3003", "TESTFSP2_CALLBACK_URL": "http://$release_name-sim-$param_simNameTestfsp2-scheme-adapter:4000", "TESTFSP2_SDK_TESTAPI_URL": "http://$release_name-sim-$param_simNameTestfsp2-scheme-adapter:4002", "TESTFSP2_SDK_TESTAPI_WS_URL": "ws://$release_name-sim-$param_simNameTestfsp2-scheme-adapter:4002", "TESTFSP3_BACKEND_TESTAPI_URL": "http://$release_name-sim-$param_simNameTestfsp3-backend:3003", "TESTFSP3_CALLBACK_URL": "http://$release_name-sim-$param_simNameTestfsp3-scheme-adapter:4000", "TESTFSP3_SDK_TESTAPI_URL": "http://$release_name-sim-$param_simNameTestfsp3-scheme-adapter:4002", "TESTFSP3_SDK_TESTAPI_WS_URL": "ws://$release_name-sim-$param_simNameTestfsp3-scheme-adapter:4002", "TESTFSP4_BACKEND_TESTAPI_URL": "http://$release_name-sim-$param_simNameTestfsp4-backend:3003", "TESTFSP4_CALLBACK_URL": "http://$release_name-sim-$param_simNameTestfsp4-scheme-adapter:4000", "TESTFSP4_SDK_TESTAPI_URL": "http://$release_name-sim-$param_simNameTestfsp4-scheme-adapter:4002", "TESTFSP4_SDK_TESTAPI_WS_URL": "ws://$release_name-sim-$param_simNameTestfsp4-scheme-adapter:4002", "TEST_NOTIFICATIONS": true, "TTKFSP_JWS_KEY": "-----BEGIN PRIVATE KEY-----\nMIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDPnscTEMZGXrO7\nH7nna4qgQPfODs2aV6A39ww4B2T2qeEncKk0xGTPUYAmjDO3TL4sG7Xl1Jiye9XL\nMaJxrMB4rh6Ndik8t+GiXIBOjeLVeg/uCBddTZfB/4yHpyfETbDM5QqQLsiWLyz9\nn6/O/bH8sgaygLMaTpYazaoI522bTTGBtgXf6nGNcjgypMPanbvFmE5lOls2Adjq\nQDbmC8FgnubSD5R//EULNSRnt+dxyExb7+vDcVqC0npxSxgBGHnkRIlbU6AszBpK\n2tMVGV84Qw8ibr1NSD/5n1fg/jfZfICVOcJRgw11v4+OAT3YqL7kKCUo2ChyYVWp\nH1aJ+luGs4N2KcgMsmEnA8eZmFMgXk2jJktt/kSXcJjzVg/0CAjK2c/oaPufVg+y\nKLRdBkS8FR3deCPH2xRl41f5NSB7/C2kCMcep8EZSlhJ6ZeS3A09HSJPNaA4//hN\n0o+DpqUQ2v9rwUH5OJ1YDk6xSFNDSmx/I2UEi/7JXZ5+zd0npfu5kZUQY00X7QrA\nhoxLc9zzJbYy3eSHaDsgJ4tRm68a2PpxbmwfvTF51iQwU2F30pE9Xuapbk6Hhwtk\naQwlWohv+ZnNaJp6hsDFe+ELixdXlwi7UMvowXoD4+7AcfBe2QXLllYsZYYLaMj1\nYrKpNfThQoOYNo7UByPJOKLL9Err8QIDAQABAoICAFX3AKeAwQ//Az0eCEvtR8NN\n0y0DDRd0Y7b4eBs02JWXRk4dxDnAfZsnvD95uqoRQQajXJ/ydF0mkCGnhgK6TCFL\nuwPIoo9s9aRT155u+jZ46WKeAAqWZ5kgVhAO4pTRtDxKM6L6c/xXQTIsbc9vVMRz\n8/jx9/aTBmzHrjkslcIBZte1xd3uRSETY3h4p018FPTeOMuKK50Di8yGVRTQVjvK\n33inkc2iZvYahV3alB6VGCTTBNPyOc9EFgWV2bUObN3akOL7D62svtAypcatMDNr\n9LbFkmUO3spdMzZKHFbVSao/9Zjpgee4rthV5EUyrYNrqeMtCSY+7ghuHNdZjY5M\nE9IntIqtZTHnTXJuHR5aZhQUuRBBO8ymhzSRYLPCWTrIb2FdRVj2u2h8YOhVgo13\n3/b55Q1vJxWbUdqgxn087PvvNoznIqTphsKGivyPZ45scnwVMhVd8Pgm6V0nuoCV\nYj32CSXFFTavZTP6c7CN3jzjSXyHlJrC4vhVD30tqV9iDeZtYE3AGuP3E3xGE7oU\nvqBzkUOk5gnYxbKpFA2kW8uY0XWmbrWR3sz+1Xw7IrQuyqMFvjnhRdpJaodkAlDa\nroefxFliyek4/SRyPcWiM0yaP6Mz6ssGg018b/fM+HemE/wtd3I6qDS9PZl3LBdv\n9aLz9XTh948/kIASRjLHAoIBAQDpqwuM1UlcQTuUmuoF0hADmBzi8eIR2JcnVVdE\nUHfu8jJ3LMzNNf5VAcjbBwTb3/gdVhD71dm9GdGGmX4bLBogGqRuEYZtDKOoHu0w\nRKUGSATob2qkLC6bI+Xg1q6XMTNxrBqqjTMCbHKuvwuwF8qTYTuP4GTaDEBpOdme\nVfWoLu9JAbQz/9NxUYqmj2FckA/v1LQ9apBu+Cnwk9/U/Yi/kGz8EuX8apfgou1b\n6fi0m/TkkbXuVEKP9CwUuWcX5TGQ5LFSqfK40eIT5AIKPhTWAwZV1iRhNh2J9kNH\ngC2yOqFswSRVJ6KsYMs7pMv2g2cwjBP8M1BudKRIxkFJbcmLAoIBAQDjdnDVq09b\nxHsv29evhx70GDl+oyNEkbhKjGqr4V7yL8wcchSdyfT8bZhSo/cBE/BRhfgBreLo\nTGUHBDWEySGfmWwMQQjorLawnAiJGerm7N497R67jmdZIgd7NwcA+XQ7N784Xbox\n9IngEvAt8hyUqJXQOSNnigLOWQoJSdyYzpsXBSjXcu/TsgozLu+FD9Gii8T+hyuo\nNhAgmj/9Vr8GhKVIkaWRPouTGA2pm2b6iJgaHWLICbUK8VFdc9XTkBuhTc7IyGHP\n1gd87cOM4AkgNp6+XMAmJqePRnBAvbDxNIdaNr/Bp2YxRw+uTa8qCpi3bAsG1qjJ\nWJHlNT/jz3fzAoIBAQDYu3jMGOyhcDQGIyYbXfrSip2Idlh8uwuARSzbRVPowqbC\nWUBgusr7J9uYJEuCcZveAf1gyLrcJf1sviP0qhRVYMDRAtpPfWCyyHSxx4nVaKl8\nuhMM0Zos9b/7qsRnohAYSEy3kp4UimhY4wTBQV/5ET/AtJ52jNSVhT3vGcXwSBBU\nBAuUC56gRcS3ttfUlh7iEcVYDeaHtxCXf2EmWj8jh58+s3y0gl360sQb88lmJB2i\nf/Biba8LfKwCUPFpfYFa5nP+u3lRqgLq9hpaS7jhxA51QVme/SWq2EsRH7fCz5T4\nnbDIdynwfxsiaDlynfDxW4wR6bqZqQDUK2dU50r/AoIBAQCvNsY2IS8RPmmx9QPR\nByG1348yWJJLOICglEd7PTC5GE5/PvVYkoAvjnB+gCU95FEDS1I+YObgEDDmVbyw\nG4rV+QW87r/hE2Hq61a73YYP+jg7tZMt4MUFaOwgYsP3YTDCiO+4iKJr5rXqMExo\n6A5SCQbWDZ2THUGKGBZeD1JpNwVKl0PdqoDJLmUjBi2k7wmJz2agthjQC00jAA74\npECj0bvMCb1jA63aUfX8R2Ps6xlXTHmSI8AcvMTzWs5EmMZf26LFEW4e/fxopHI0\n60K8WLaxZprxCGecOyMvC6/oLZFx0aimkL9siBOxLdAXb3AyInzf+Kyt5JcF253q\nax83AoIBAGSoxz91Oc+NPP3NNYlPuhXErqC+R/EEO6Z6ZalKsJtfgL1Ss6Fq30ot\niKhEfFYm1gmZDTrMbI6dceGkNg4l8okXz9U6lfUQH0muk8ZRl8LaSm7cQwzcAI1S\nm7XPnrwLtX81SihtxZnrvLTre8aM9ykKWCXiLY19LXDuJZQdwbzSgX1ie2Q2ZRcz\nRbxm20mgybQ0Jmmw1tY58d5GH5Y/A9NE+D0scobljMH5q/uHeg2bDx1piSw1lsx1\nzuoFe7sNa+zDFiYxXlyOhqDxenNRv4oDupGRefTaoJofGBDre5H2nDeWC2ZzYFEB\nDktFAP1w3ruycnE/t+/H8rDVJGPTHc8=\n-----END PRIVATE KEY-----\n", "WS_ASSERTION_TIMEOUT": 5000, "accept": "application/vnd.interoperability.parties+json;version=1.1", "acceptParties": "application/vnd.interoperability.parties+json;version=1.1", "acceptPartiesOld": "application/vnd.interoperability.parties+json;version=1.0", "acceptPartiesNotSupported": "application/vnd.interoperability.parties+json;version=2.0", "acceptParticipants": "application/vnd.interoperability.participants+json;version=1.1", "acceptParticipantsOld": "application/vnd.interoperability.participants+json;version=1.0", "acceptParticipantsNotSupported": "application/vnd.interoperability.participants+json;version=2.0", "acceptQuotes": "application/vnd.interoperability.quotes+json;version=1.1", "acceptQuotesOld": "application/vnd.interoperability.quotes+json;version=1.0", "acceptQuotesNotSupported": "application/vnd.interoperability.quotes+json;version=2.0", "acceptTransfers": "application/vnd.interoperability.transfers+json;version=1.1", "acceptTransfersOld": "application/vnd.interoperability.transfers+json;version=1.0", "acceptTransfersNotSupported": "application/vnd.interoperability.transfers+json;version=2.0", "acceptTransactionRequests": "application/vnd.interoperability.transactionRequests+json;version=1.1", "acceptTransactionRequestsOld": "application/vnd.interoperability.transactionRequests+json;version=1.0", "acceptTransactionRequestsNotSupported": "application/vnd.interoperability.transactionRequests+json;version=2.0", "acceptAuthorizations": "application/vnd.interoperability.authorizations+json;version=1.1", "acceptAuthorizationsOld": "application/vnd.interoperability.authorizations+json;version=1.0", "acceptAuthorizationsNotSupported": "application/vnd.interoperability.authorizations+json;version=2.0", "acceptBulkTransfers": "application/vnd.interoperability.bulkTransfers+json;version=1.1", "acceptBulkTransfersOld": "application/vnd.interoperability.bulkTransfers+json;version=1.0", "acceptBulkTransfersNotSupported": "application/vnd.interoperability.bulkTransfers+json;version=2.0", "accountId": "6", "amount": "100", "batchToIdValue1": "27713803066", "batchToIdValue2": "27713803067", "condition": "n2cwS3w4ekGlvNYoXg2uBAqssu3FCoXjADE2mziU5jU", "contentType": "application/vnd.interoperability.parties+json;version=1.1", "contentTypeTransfers": "application/vnd.interoperability.transfers+json;version=1.1", "contentTypeTransfersOld": "application/vnd.interoperability.transfers+json;version=1.0", "contentTypeTransfersNotSupported": "application/vnd.interoperability.transfers+json;version=2.0", "contentTypeParties": "application/vnd.interoperability.parties+json;version=1.1", "contentTypePartiesOld": "application/vnd.interoperability.parties+json;version=1.0", "contentTypePartiesNotSupported": "application/vnd.interoperability.parties+json;version=2.0", "contentTypeParticipants": "application/vnd.interoperability.participants+json;version=1.1", "contentTypeParticipantsOld": "application/vnd.interoperability.participants+json;version=1.0", "contentTypeParticipantsNotSupported": "application/vnd.interoperability.participants+json;version=2.0", "contentTypeQuotes": "application/vnd.interoperability.quotes+json;version=1.1", "contentTypeQuotesOld": "application/vnd.interoperability.quotes+json;version=1.0", "contentTypeQuotesNotSupported": "application/vnd.interoperability.quotes+json;version=2.0", "contentTypeTransactionRequests": "application/vnd.interoperability.transactionRequests+json;version=1.1", "contentTypeTransactionRequestsOld": "application/vnd.interoperability.transactionRequests+json;version=1.0", "contentTypeTransactionRequestsNotSupported": "application/vnd.interoperability.transactionRequests+json;version=2.0", "contentTypeAuthorizations": "application/vnd.interoperability.authorizations+json;version=1.1", "contentTypeAuthorizationsOld": "application/vnd.interoperability.authorizations+json;version=1.0", "contentTypeAuthorizationsNotSupported": "application/vnd.interoperability.authorizations+json;version=2.0", "contentBulkTransfers": "application/vnd.interoperability.bulkTransfers+json;version=1.1", "contentBulkTransfersOld": "application/vnd.interoperability.bulkTransfers+json;version=1.0", "contentBulkTransfersNotSupported": "application/vnd.interoperability.bulkTransfers+json;version=2.0", "currency": "USD", "currency2": "TZS", "fromDOB": "1984-01-01", "fromFirstName": "Firstname-Test", "fromFspId": "testingtoolkitdfsp", "fromIdType": "MSISDN", "fromIdValue": "44123456789", "fromLastName": "Lastname-Test", "fspiopSignature": "{\"signature\":\"iU4GBXSfY8twZMj1zXX1CTe3LDO8Zvgui53icrriBxCUF_wltQmnjgWLWI4ZUEueVeOeTbDPBZazpBWYvBYpl5WJSUoXi14nVlangcsmu2vYkQUPmHtjOW-yb2ng6_aPfwd7oHLWrWzcsjTF-S4dW7GZRPHEbY_qCOhEwmmMOnE1FWF1OLvP0dM0r4y7FlnrZNhmuVIFhk_pMbEC44rtQmMFv4pm4EVGqmIm3eyXz0GkX8q_O1kGBoyIeV_P6RRcZ0nL6YUVMhPFSLJo6CIhL2zPm54Qdl2nVzDFWn_shVyV0Cl5vpcMJxJ--O_Zcbmpv6lxqDdygTC782Ob3CNMvg\\\",\\\"protectedHeader\\\":\\\"eyJhbGciOiJSUzI1NiIsIkZTUElPUC1VUkkiOiIvdHJhbnNmZXJzIiwiRlNQSU9QLUhUVFAtTWV0aG9kIjoiUE9TVCIsIkZTUElPUC1Tb3VyY2UiOiJPTUwiLCJGU1BJT1AtRGVzdGluYXRpb24iOiJNVE5Nb2JpbGVNb25leSIsIkRhdGUiOiIifQ\"}", "homeTransactionId": "123ABC", "hubEmail": "some.email@gmail.com", "hub_operator": "NOT_APPLICABLE", "ilpPacket": "AYIDBQAAAAAAACcQJGcucGF5ZWVmc3AubXNpc2RuLnt7cmVjZWl2ZXJtc2lzZG59fYIC1GV5SjBjbUZ1YzJGamRHbHZia2xrSWpvaVptVXhNREU0Wm1NdE1EaGxZeTAwWWpJM0xUbGpZalF0TnpjMk9URTFNR00zT1dKaklpd2ljWFZ2ZEdWSlpDSTZJbVpsTVRBeE9HWmpMVEE0WldNdE5HSXlOeTA1WTJJMExUYzNOamt4TlRCak56bGlZeUlzSW5CaGVXVmxJanA3SW5CaGNuUjVTV1JKYm1adklqcDdJbkJoY25SNVNXUlVlWEJsSWpvaVRWTkpVMFJPSWl3aWNHRnlkSGxKWkdWdWRHbG1hV1Z5SWpvaWUzdHlaV05sYVhabGNrMVRTVk5FVG4xOUlpd2labk53U1dRaU9pSndZWGxsWldaemNDSjlmU3dpY0dGNVpYSWlPbnNpY0dGeWRIbEpaRWx1Wm04aU9uc2ljR0Z5ZEhsSlpGUjVjR1VpT2lKTlUwbFRSRTRpTENKd1lYSjBlVWxrWlc1MGFXWnBaWElpT2lJeU56Y3hNemd3TXprd05TSXNJbVp6Y0Vsa0lqb2ljR0Y1WlhKbWMzQWlmU3dpY0dWeWMyOXVZV3hKYm1adklqcDdJbU52YlhCc1pYaE9ZVzFsSWpwN0ltWnBjbk4wVG1GdFpTSTZJazFoZEhNaUxDSnNZWE4wVG1GdFpTSTZJa2hoWjIxaGJpSjlMQ0prWVhSbFQyWkNhWEowYUNJNklqRTVPRE10TVRBdE1qVWlmWDBzSW1GdGIzVnVkQ0k2ZXlKaGJXOTFiblFpT2lJeE1EQWlMQ0pqZFhKeVpXNWplU0k2SWxWVFJDSjlMQ0owY21GdWMyRmpkR2x2YmxSNWNHVWlPbnNpYzJObGJtRnlhVzhpT2lKVVVrRk9VMFpGVWlJc0ltbHVhWFJwWVhSdmNpSTZJbEJCV1VWU0lpd2lhVzVwZEdsaGRHOXlWSGx3WlNJNklrTlBUbE5WVFVWU0luMTkA", "invalidFulfillment": "_3cco-YN5OGpRKVWV3n6x6uNpBTH9tYUdOYmHA-----", "invalidToIdType": "ACCOUNT_ID", "invalidToIdValue": "27713803099", "note": "test", "payeeIdType": "MSISDN", "payeeIdentifier": "17039811902", "payeefsp": "$param_simNamePayeefsp", "payeefspEmail": "some.email@gmail.com", "payerIdType": "MSISDN", "payerIdentifier": "17039811901", "payerfsp": "testingtoolkitdfsp", "payerfspEmail": "some.email@gmail.com", "receiverMSISDN": "27713803912", "testfsp1Email": "some.email@gmail.com", "testfsp1IdType": "MSISDN", "testfsp1Identifier": "17039811903", "testfsp1MSISDN": "17039811903", "testfsp2Email": "some.email@gmail.com", "testfsp2IdType": "MSISDN", "testfsp2Identifier": "17039811904", "testfsp2MSISDN": "17039811904", "noresponsepayeefspEmail": "some.email@gmail.com", "toFspId": "$param_simNamePayeefsp", "toIdType": "MSISDN", "toIdValue": "27713803912", "toIdValueDelete": "27713803913", "toAccentIdType": "MSISDN", "toAccentIdValue": "97039819999", "toAccentIdDOB": "2000-01-01", "toAccentIdFirstName": "Seán", "toAccentIdMiddleName": "François", "toAccentIdLastName": "Nuñez", "toAccentIdFspId": "$param_simNamePayeefsp", "toBurmeseIdType": "MSISDN", "toBurmeseIdValue": "2224448888", "toBurmeseIdDOB": "1990-01-01", "toBurmeseIdFirstName": "ကောင်းထက်စံ", "toBurmeseIdMiddleName": "အောင်", "toBurmeseIdLastName": "ဒေါ်သန္တာထွန်", "toBurmeseIdFspId": "$param_simNamePayeefsp", "validCondition": "GRzLaTP7DJ9t4P-a_BA0WA9wzzlsugf00-Tn6kESAfM", "validCondition2": "kPLCKM62VY2jbekuw3apCTBg5zk_mVs9DD8-XpljQms", "validFulfillment": "UNlJ98hZTY_dsw0cAqw4i_UN3v4utt7CZFB4yfLbVFA", "validIlpPacket2": "AYIC9AAAAAAAABdwHWcucGF5ZWVmc3AubXNpc2RuLjIyNTU2OTk5MTI1ggLKZXlKMGNtRnVjMkZqZEdsdmJrbGtJam9pWmpRMFltUmtOV010WXpreE1DMDBZVGt3TFRoa05qa3RaR0ppWVRaaVl6aGxZVFpqSWl3aWNYVnZkR1ZKWkNJNklqVTBaRFZtTURsaUxXRTBOMlF0TkRCa05pMWhZVEEzTFdFNVkyWXpZbUl5TkRsaFpDSXNJbkJoZVdWbElqcDdJbkJoY25SNVNXUkpibVp2SWpwN0luQmhjblI1U1dSVWVYQmxJam9pVFZOSlUwUk9JaXdpY0dGeWRIbEpaR1Z1ZEdsbWFXVnlJam9pTWpJMU5UWTVPVGt4TWpVaUxDSm1jM0JKWkNJNkluQmhlV1ZsWm5Od0luMTlMQ0p3WVhsbGNpSTZleUp3WVhKMGVVbGtTVzVtYnlJNmV5SndZWEowZVVsa1ZIbHdaU0k2SWsxVFNWTkVUaUlzSW5CaGNuUjVTV1JsYm5ScFptbGxjaUk2SWpJeU5UQTNNREE0TVRneElpd2labk53U1dRaU9pSndZWGxsY21aemNDSjlMQ0p3WlhKemIyNWhiRWx1Wm04aU9uc2lZMjl0Y0d4bGVFNWhiV1VpT25zaVptbHljM1JPWVcxbElqb2lUV0YwY3lJc0lteGhjM1JPWVcxbElqb2lTR0ZuYldGdUluMHNJbVJoZEdWUFprSnBjblJvSWpvaU1UazRNeTB4TUMweU5TSjlmU3dpWVcxdmRXNTBJanA3SW1GdGIzVnVkQ0k2SWpZd0lpd2lZM1Z5Y21WdVkza2lPaUpWVTBRaWZTd2lkSEpoYm5OaFkzUnBiMjVVZVhCbElqcDdJbk5qWlc1aGNtbHZJam9pVkZKQlRsTkdSVklpTENKcGJtbDBhV0YwYjNJaU9pSlFRVmxGVWlJc0ltbHVhWFJwWVhSdmNsUjVjR1VpT2lKRFQwNVRWVTFGVWlKOWZRAA", "NORESPONSE_SIMPAYEE_NAME": "$param_simNameNoResponsePayeefsp", "SIM1_NAME": "$param_simNameTestfsp1", "SIM2_NAME": "$param_simNameTestfsp2", "SIM3_NAME": "$param_simNameTestfsp3", "SIM4_NAME": "$param_simNameTestfsp4", "SIM1_MSISDN": "17039811903", "SIM2_MSISDN": "17039811904", "SIM3_MSISDN": "17891239873", "SIM4_MSISDN": "17891239872", "SIM1_JWS_KEY": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDF7BOa5uMtMcyk\nhEuHXNw1/q7YTaRwyyJZLXAOl3lHnSJKPp7+USY7mSkSuyNwf6lpKaZZ6q0AnuLY\nNarkr376osEE1KNjKWUFMSPeJKqrYx7bgZOnbqvnO/XRPBnA7N8WG0JIis+N4MGt\n4YVXzojDMxU3Ghpj0Li6U8dJ6uuXYELpeiX0DV+/LcRtyb9QJr69Ezpa5x1ROly1\nmqJlfMth82NXKpQWGpRlmsBsMpxJJANL7K9672zWgmXWvClrCy4hRy7wBOLSevOI\np3shfDXYBC0Kxay/EX4SY4geHOqyAxlEQp2zbAMo/IKtDwMfepm92dtA12vo/bfc\nyjoqM62ssrSSElQpXH3yKBYAA3lg4NAXkOWhetk6siEtYAMM+kWMqzNC9rZj0Trj\ngsxir7tHPyTxRfQxXCRSDQWCSKmFnXixWN1dj/b0CGIavG74NkSD3rh3JwPmRG1C\n5DFrFq9Oh+SlGNDdQMAYG+UWJyYIJq2e9RaXOipNIAliD7YHofWpqMnjsldPz4v2\nYsYNFL1FUd9XwpnMx+PS1Vn57QGbiJZgbp75xhkfA01mgc7MINWI/ZCmqcpu0RQJ\nqsY2JSL0Iyt7cprwok4rLp8z0GO18kpa3HwyQFhCJoUQ895egPajEfxfvY+mp9im\nH88Dn/837leIsnKL9qx8JpPv8dUqwwIDAQABAoICAAOA3KK27VS5TuMgTCcCqK0c\noXJNkHore8wcn1BDpnK2ilUbQvlQtyVt+TBpN0hgV5dIXsRxbEuwCwjXIYJ5nFs1\nzz/mRY5SQ7rs5vYaxq4vHGW33TClDGJzLgvw4YHs/OuaJiGG6B6QNx8eIMR6cNfs\niWXcxJSbM64YO4s0M0Y2oHbl17eCdU3+OVjHhXt1Pw+adhsuw12c+nvd66Quqmxt\nYhs/W4l6hS0yZcpLPVxvi9w77N/jGIfwxZU7iCatzqr3Ls8k7pNS5Aj81sl9vTRb\nZpDqgruz7THw+ZvIh/0V7bFbC+Fbh9Ua5T13tEveS9k4FZ6Orj9PLExcJiEAXsF9\n/WGN9pAXmjbULu0Usxe/0KaG3BTfzmQPH8n6Y6yNZgnhStQOdZn5dIFiIT/nfscw\nS3IDCwZZktptWG6pBgGtoTUSiWZfSDbR0mj57+VDeG3Dg+5k016KCwR4H1y3q6NV\nJKaOJlKadWgh7wCaH8Dg8Y+lHEV5TOAIPdg7nx1D/U+cNbXKbjZZ84D8CSi2Afk0\nCuR3WTXPncpsugvehyfiOBy26kmcxBz6fyi2QAKxFfZBeO9Wao1VcWnd8G9mZs6K\nVZ3qjzRODMZ8pEk8/13U3G5TqKNpFgdOzb64dMoFmTMc2fxPM9WFX+iy9n5irSdA\nbdW0sugAMrRF7Tmor1apAoIBAQDwU1I/xJWR4J/+7Z174HfrmusIFg5wu+4souVO\nFWQE903KDHbrX8DnEf4GdElDJ3qwZq1e27hSVhpwqlSMkBS0frBvyQfX3tAeevmE\nnNKFpLQiBQwQWeWV9bbXKUDEvSwxGBHEKKhAAgKRM9EJgWAkWOfMBfj/98Qo390p\nske4ZR28w2XDrW7Ycqdo6NDjte+ziDmeMNCU7Wv5StlAt0eRJ7fXOi9lN4BSw649\n0YTNwq+3G5yHpWkdG6e4EWKuCjXz8/4vW+pPatlWXEtrZgSJwAYe3HSZw3ds/Tcw\nYHdPULoWpOHkdUOqXZ9abWPQ4bI9v1EmtRy2z6/G+tYhwud3AoIBAQDS1MDy29PM\nbbLG9oLU3dZTL+UnZ0Bp+GTSao92EOCHvco6w+/Y1+rAN7e2F5tbMMWkc1ozIQn/\nTrXvX9W75+CPsj5umj/ZXmv2o9UHurj3ENQ+jRA15uBNNdKOYyrHCWLZWi3TyKqm\nco0KSQOjk0qrn3c2asU1OwiHA7CYP0baO9X6h/kBcaRYxpdPP0XUbKlAqHiaQTdM\nVex9J+LuIO9qnchRFuD1DYKcKJwLYeXs6tSRfh4mO+9qWpYaA3nKBsyjBvo1szak\nmmCA4DiFGZgta+2+rVCUY3tXHn52X64+JKHgd4NA/QEf/GXsgO4rvW0is6T3bKCo\nn2dKa0GOEMIVAoIBABmS5EfA5aG2Y5A/POj3xAsgWy5rGnJIrVm2o+whPpmAr5h2\npxj5AZAVTBDnwvwQcW/gHUbg3sZ0PzAKECE9G9bxPFlI7Tq9jSwRLgg8n/J0ym5s\nVxJOXq4Mjb5rt2a4MsGurAVRxkW5cQh+mRoH2HFFvLTrVcn3Vbp7yA8t14/5wqZZ\nrLSb+hWybbouPDxfGfji4C7DRw7yDPFkU6YdWtJJhbizimOc+lzUUfBmIVm8A/La\nT1fn9D2SudBOmU+n6oHhTwU/JLn6xtH31FbDbmwyMPSLxSSvtj+02nCdc1TPZF4Q\ngbFMAT1Z5SE8Tsjlm5ASkdIqp7mUdEIaYzsIgJUCggEAKn/ewVYU9OGsJzVsHDL3\n0F8YR4Al2PbMhCoc70TprhNRH9V9lO25kbPpoZhSpehH/yWNqj7fwAqC3FUqRa2x\nc+YPdcY8VroU82wFNoCqZouK7W0MNoFq98WAw1k0N1kqBvyJvmZ2GAWBbvBW/nNj\nmwMTSfHt/RQAXQ8eWyJuSvHC6bTdOjBJW+f0enIbxn19BN6xKQ86cXXkrToMIcqb\n2Jcj2UzOXjex+36oLhc2/TI9VXLh6v0r/vlxxp6qv1HtkHOInqiYvEeuamxImHQX\nXBiknUpcsvz20RIBliUlf7tssk4FNGWMA4GinjFDUafmxxcFiybnn/Y6ISNL3LJ+\nHQKCAQEA2q493viIsIujsyDVUeW5CB94Zox30nINvOGxQ+Zt67ltyLYOLaQCp4Di\nP1GBmB5Pc78Bd7uIPzmZFvp6M1XPpA8HL2BbHaehEiRojBP8ytafMFbOAFfK7r7R\nbBHGBV2TLcuucQb5iMWCg/l5GTfX5PYUBq1nj/8QFYeflcSs8G4ndxGtl8qN2j8o\nsqBrbDbBJFidLxou0bwD7twX1fY3bOdTFxpO0cSMCxZ3wFeVoUR8mBeP87Jkno7x\nYBhb5j1KM+MPkast7nE2dczxfvzjDhr1rnsY9Yq8UHCIsFOf5krsNac1+k9zipR8\nDgoQeSng2kt5Z6mkoDIQTs7nEflb4w==\n-----END PRIVATE KEY-----\n", "SIM2_JWS_KEY": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDO+faoQhcwWr3Z\nppD60DkXg5ganK1Le14Z/IBx+GGQqdYVUa6hIGR0HV3HchIkUf60+ei9WyYer8ze\n7bJklfo2TiMAdWXb9+eHJ0+Vuvsb/tH5yRjbxgTpZRgygJWiKDGXrYkGKAfSagJ+\nWDd2vL9cG9W5+OyXNiitK5pHa0dj3QwS+9C/yxzqgGLlkIplEcLqdYFknoVK+mas\nYBG65B0+5NHy4soEIdGr7Nd2xINqq+2/qyghwxcBQrxktbHC+/R+odkvTLrHWuBr\nx5NnL+LAbfmfDntsUfo2nZb667IdcRFoLWlsU9jK+RaaxNFcbe+j1PY+oJQdXF52\n9JNQR6efBOtuZXD9hjV/N1zmRFCY/o8nKc05Po2RZuLS8xKv90I4uZNF78X1ZiLz\n5veBjZF+Xa6kB5ABPENVA7xuCepfPoUUIQweatF4BwjnBYmGA6WVVckD/VO6AvpU\nvFuy+BQpEQFcfoX7OrqkY2MMITotMcflVjboGdwdtvJWEhBApGp70KrDXoYIh0q4\nopt/z1jv5MveyNfhq8qPca0fovcHST1tsAS0cSaro622fILTddaeCbLt8fBLH1Dz\nwzM4TDWb0i8EgXhGnRdqz9KNukPB6YuAEaaCKoRxsxzx41HYFLtES8XhNuV2Umxl\nNboBHjKy1wycZfRvrriph/dmwNSpjQIDAQABAoICAAcxIdxCYaZlPMwTkN2aPyWd\nRbuE/rOM/53VC4yKRi+d6ym1+ySvqLXtME1GHjHDZJ+awHbV9DrkPnDvnv+GQ5m/\n+NDjA21TjajBWa9Y/jFAl0C/91xpotGOWPsmQyzNiz2bQtPjL7RkyR3lSFYYpGiZ\nsgFCkEwHzn2H8pYxONuUOn9tXxlPADv4xpb2AQ0Wgyic+ShLJtQOY+Nw+iS9mPOO\nxWnUbhMbLrsz4V/H384k17/NfXlA22uIi13Pf3QIR7xfuNl/J81WD87G8k0HWbB4\nkdAwU2MV7SUZMD4bUwbZXzK4wz1Ho5SX96xcku7MhiNx+rV95G+pvkGRaY4EU2Nv\n6g8cN/TliZKcTV445wZg6SWcgOC1Q8TlosVpP9SsbeuG9NIC8DMfLdy6qJ0tASuP\nb4z1k0jiAyb5mA5EvVyK0WjZDBNM4KwW9CU9XC7NHw5zEHJbeKmLmWiz1pNxVPu3\ngaN0iC54LjTbtTCl+m63aedwldAcjjrBclKJYGlGpbHl8MJ+fUFtPoeX8IlXwxAu\n0p0RYRjMxsNlJkS2EU/5CDC6VnFgNPNYxUfEYH89qlbH+nBgU+gmMUkxApSkvNYG\nIW4QPcbyjzVY4WiMG5JFYJ8nR6NypUSnyCNXBxNHfRyT9Ay7qNdCU7XmuXZVK6+Z\nli9YtfoJbnbUAHcxRAEJAoIBAQDtCMjG7qAfP2zAxtpZQFyte2SXfPcoVei4P+SW\ntHVTDE7IGl/RYlFAOj8oyulvOsaH+RtsiLzaKEY3jjeN8FJl3d1F1fwQN+JuGxIr\nr7P/fEmE69MHYlSou8z81DuS3ICavu8nC5q2nLJhXV9W1QY5gLMERUac1M2jiEJf\naE0nWI59CagjtF8Xaq1uL6cv0Tyr7ORd5gt6LYL0zVChIrQaVx+LQhcy49Z6AQDw\nb4pVdSY7jrn0Q4SjvgMPTtHxvY1jN5hAvyOZGi1SUzpow7RNnYzGANd9aQNaKjJN\nqU7cBrJuLPyINMzUrdLC35yRebl/b975N5wBECA3htqbkljpAoIBAQDfiX+Bx4Qa\nJ/8V4eWNyUwlg1Sq7xQe4EPiMELeEb0LD5zlUgGo4/UoWxmT84/CHlWDzScgYgUW\nat/y0fZuFCe/9IKLoR2Nqwppb1Ay+kMvbfJKdDQIhH2iFVobgracnm3duhIKX4mX\ndf21dhROnZ6ZGqsHPjE6NwbRG6sg26U9gHu+LqVVUjgmRoeKZ7YT62tmpbbibLc1\nkazqZ9HkZtrjHNqpKts5VZJya/szEXIVfte+tzQoXHwNTQfFXtT9z+iNjIVxY6as\nZj9c+vahGw+N1VPmd79FzOcMgBHwY0f8GN2gfBDPc30Ykrtugya74QxPWILBUpf+\n4QZEzLT7nWUFAoIBABeQPv1frXVNxc7oNb6Xol7wnFBe8OcGm0rttxiwOdWWrKJB\n1PKotnEPGUZB3bDcA+5yeiJw+W0qgch2D9nBYT+VLbEKk7M9CvptIIJNRjSIs3pO\nQz1Bri7T9I3Rv1ZbK0G252lXQvsSWr1JHfgw1xySSbmL9XgTw5mVKxv272yQ5iFR\n+3AJN0bJqRICFLmxMDnbI9ydyNhNe+5AFtrd60+PB6i9WjcJ5UFdpi1AuVzDd5iG\nGMBKkf4BHqa/7Cj+8fZCCZWuKqjGrGi5s13EzsDEf8ETRljGProQ5c1InnlLBSPk\nvvn/Xblqyj/rINJpamJbyau2toB4jOtYMZUzmDkCggEAfmjeH0D5lmUJ3pEJZF3y\nXsBe7+8VXMSL/uw11CkJ06h3nEL8x0pqB/FEjKNOp4LJ7yfjuW9U2zGDBWjwx51E\nQUv/SwDImqWf1LHrE3js53RwcOQ3zJ1IApG6jBYmOHlrPdkMfKs8PtetqqFkqHSA\nDKrFDup/oiEeDMBtzL4JOrdewtTUEGTXdeWqnn05vRgDe1+5BWBfVr7Tnxco3dXA\ncHCPwtyGbmzSzTv9KQrzje5WCPbHWw+54zetblLLdeDN7MYLbGzjA1kq+eS99as8\n54M81/bdxpYyDqKaAmvSeGCDbE7cnsP7eRr5PWyTSenhMTmnb7XKWIteJSfyLNv8\nFQKCAQEAh9FvoIxoz4KvmVp+qyoXIXbq4egx4RdvNVBTWDnoQnVsnaetbzSkYPJX\nObR7waDJd/eu8b+VnwhTiIIwzMA3ZYmV/ZNUh5YKtYXzNqphdyPpJHxN+lwSBeV0\nmbyQ+W4UzhG2t9vaFbV0UElsNFclKNzWzrTKRKAQjteFMItEKewN1Mjsb8Ckb1UV\nnQRBmAAt3prGgv27+vjGVjH39CymNhrBt8DSk/DWqmPeEYewwkiMkOUADHrPbIPi\nGWJYfY1jvUJsp75usbzG7VZ8SxDD8APOhJHIDVm4HiTsS0YcOY53i/7WirChSNne\nTv4G862WYeqD1fdyZaKQ3b9fAQEq1g==\n-----END PRIVATE KEY-----\n", "SIMPAYEE_JWS_PRIVATE_KEY": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMu126miewCUCT\n7f49B0SyCPFGzmqGSs9rTPbk1se+BBhqfhsfkZj6cRRfrlg3rme6we0Ib2AF5TQL\nnoSBlDAimQcNOHXrqpAY/B0l/mgyUwmfv0NJ3UjZuCFuw3HRrU/oSUfXoDITC+Bi\n120w4FY2B/vPn+1iC/tsaCayneoaV/Sedq7H9+smEnQfGl3p5QJp/B2Ws3Bz1HqI\nIoxLEaO9VMeDHQPvNJn/7g9erqA5vIhmgLS46worOVjdRLH2SECH73qp8Wg0rJ8Y\neW2kQ8kuY4uHcG3MO6drYrC011U0ZyM90KV7dv2Y0h2FHlpn9s/pmb630m5ELpnB\nT/pYTLcXAgMBAAECggEADqk6Qz3SgBeMMYEWYZ4ZdsW6Ktpm+Xqg/kDy4JywOB9z\nSikBXeeKH3Z6ltwq2BicDV020Wb8Zt+s3vTOmLhDzC544/hPmtKfjWfR2eHX6gaq\nm+8ml+20pQFmb4Kn2MlC/Xzwm/SOXBvPyUmTua95rQExsK12DT0+F4YhLfhYsTh2\nHfkEzdFW4rrd+9ddKG1ZANS4ZaiMyzhtvUWeEBypBtVf+kBk+51t9pLCdjuynb8I\nWylSDhikT3/YQ/3g/Sz3SMp1u4x0GQe9FWYrnPzzp5LnM5fm49v8JWVHUvd0TOi0\ndQV+LYlgSD38YPpi4iKQSh0Zf0EBfbA83GsX2ArJ7QKBgQDmvcA6PqPo0OV/7RKY\nJuziA3TpucL8iVM1i7/Lv6+VkX88uDvEjwLoNAiYcgIm/CMK7WAwA+Dzn4r38EHB\nBKF4KRhP0qQS0KLXsd0tdsmAB0In7+cbKL4ttqNUP98xZAkTLJq9PXqTKN0qtyw4\nSfIsVMjDGoeSdWHObZYbGKICfQKBgQDjJLwolDrVX29V4zVmxQYH5iN+5kwKXHXj\nsuHBrW02Oj/GQFh3Xj6JQi3mzTWYhHwhA4pdaQtNYqTaz9Ic/O1VNPic2ovtg+cd\n7sh86qdQ4QZYhN3RT4oX///u6+UK90llh9hEBo3GuZ4X47tuByNtD4SFAlULrkSm\nfW4XaC3gIwKBgGil6HfCDx65F00UnVlKVicPQEf8ivVz5rwjPIJQ1nZ0PYuxVtIH\ntl7PspJJKra5pb7/957vM2fqlOFsIrZCvmS75p3VP7qUyzYeIdzLwgmBwTxRrrP/\nn3kmGx9LtJM29nKuySNIrb3uS5hi6PhCeUYn0cHC13fSKuCvjOOPIXMVAoGBAJg+\nCPdR0tUs8Byq+yH0sIQe1m+5wAG50zJYtUPxD6AnDpO8kQ8A1f19o/JsXJ3rPp+K\nFfVh8LdfhIs8e+H+DLztkizftqXtoLzJTQuc46QsDurJszsVisNnTI1BAvWEpWct\n0+BUXDZ0NuhgNUIb+rygh/v2gjYgCddlfqKlqwntAoGBAM5Kpp5R0G0ioAuqGqfZ\nsHEdLqJMSepgc6c7RC+3G/svtS2IqCfyNfVMM3qV5MY3J7KnAVjGOw2oJbXcPLXa\nuutsVVmPx2d/x2LZdc8dYYcdOQZvrUhmALhAPXM4SRujakxh+Uxi1VOiW+fZL8aW\nuu1pxuWD0gTJxFkp6u4YIAhw\n-----END PRIVATE KEY-----\n", "SIMPAYER_JWS_PRIVATE_KEY": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCg9eU66hg4ZAE6\njM4U8ylXQwUz9cdmzS3JyW+1bbgv77peMKSU/wFsi4QRwmbrYze9baFnGCKnS75E\nvCchib5vJxp3MDWzi/TGxmzgWdJRzkyCiI5C6dCgVL71MjsFgN3TN63wEf5sEU2I\neoJ8yXJM0pUG9f9NO7p/IGliDmt6C7EA7D9kQWigufmX0ZTVNKI07fKwC/AEKLp7\nkx99pvsCq8m184EEL15Q/NhA7R/5zKoHvmJa6Jd7tM0i0xn8IKOkNVFu3YIafAEC\nQWQwRbanFEeRc3tH3bEoYM8c74r+W+YxCG7nUf16XCk132XVffbHVl+wFgo18YB/\nsAJmcbePAgMBAAECggEAGQGKnsf+gkg7DqMQYx3Rxt5BISzmURjAK9CxG6ETk9Lt\nA7QP5ZvmVzwnhPDMN3Z/Et1EzXTo8U+pnBkVBTdWkAMlr+2b8ixklzr9cC9UJuRj\na4YWf9u+TyJLVmF63OSD0cwdKCZLffOENZc+zW8oZDn08BNomdGVLCnXZWXzGY8X\nKaJTJr29jEgkKOqFXdAHrsmj7TBtqSLZKx2IHdCmi05+5JCxVLPgnDiCicZ9zEii\nyWw57Q1migFIcw6ZQP4RyjgH1o70B+zo3OL7IQEirE17GUgK16XD8xi8hWCYTj5n\nxOz9yfVfPuYom/9Xbm5kYJZKE2HOZ3Lg8pUnWncuNQKBgQDbaOoACQPhVxQK1qYR\nRbW0I5Rn0EDxzsFPEpu3eXHoIYGXi8u/ew9AzFmGu+tKYJV5V4BCXo5x2ddE+B8B\ndXhyHLGfeV8tWKYKBpatolVxxKDL/9fnxoGIAO9cc91ieOm5JxmKscCVP1UnOXHZ\nuomSfAbGQwYDtMd2bJKkE1z0qwKBgQC7zacuv1PMaDFksHuNNRG+aZ74pJ77msht\nvJoKyaQcktD0xmIXhFfJvK4cclzG7s5jxCsu2ejimgmfVzgXlLEMrJFvSdFkD2SS\ngGqoxq5c9g8ssvt7xwr7aJ+VYYWTWRzJrOUny+99UbwHedu0EHL1BYILwy67Lium\nsgUeeCEgrQKBgGv+7f7qcRB/jgvvr3oc990dDjUzGmRrQlcrb54Vlu2NYH45fyZW\n6iEY9JAO+zd25tv9J9KDPFXpxb3a61gKfCie2wcF9MUbN08EAzKgDrKa+BKxcZJR\n8PwCic7V8QhBP7m09yt/Zq2PqNhPvCxRVtnVVnhMES/N0cgGlP9R0JVVAoGAHU2/\nkmnEN5bibiWjgasQM7fjWETHkdbbA1R0bM59zv+Rnz/9OlIqKI5KVKH7nAbTKXoI\niuzxi7ohWj2PwQ4wehvLLaRFCenk9X8YJXGq71Jtl7ntx6iNLCFtFS/8WbuD5GwX\n7ZfCrLk+L6RyBayzY0wSuKch+Y8AvKf2aISyFpkCgYEAjSfEjz9Cn+27HdiMoBwa\n+fyyoosci/6OBxj/WTKvV6KUYLBfFoAYpb9rqrbvnfyyc0UiAYQeMJAOWQ1kkzY4\nzXs63iPQi2UeGPJZ7RsT+31DSaG9YiQdrInsUrlm8hi1C7Pg/NNt6Y1G0WhWYrvF\niNK0yCENMhSoOTtbT9tmGi0=\n-----END PRIVATE KEY-----\n", "TESTFSP1_JWS_PUB_KEY": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2R3IuEDpqDtsS96emI0v\ndCJpeb/lnCxR2Nw5x6Z3GjC9PRFCJ2gsS2Zq70NaUQ5yWrrrZ9DZ8PjgCXqftUKG\n42uFsibLFpN09IjQuZCDuAkCdEjMgm+xies47ajRzl6evOc0ClkQBZVGybl9RAr6\nNRTFOYkYjJ0xS0MNkfRkDiOEu5BA/XKb5oLbyVMjGyvLgyS1g41x4fA+Ccb5PENa\nh9dqkFJ3j218Rs+bGytrVqrrCCjV1FiI+Y9YjKuTRRo7U/jcGHLfEc7YRcP2U9os\nxQxFvhHxR7W0e74fAU8B8YIJzwjaQvrEh9SJRc2IZsh6EdBAXXmbk4sHKyhoX0by\nUQIDAQAB\n-----END PUBLIC KEY-----\n", "TESTFSP2_JWS_PUB_KEY": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7k0Mqy0jSXFpHD9/a+Y\nl5djXq6HdyC+BsSA/sRKczEBKQyW8mEJVILAKkOibWzK7e+SJjQPbFjgqiUZvRI5\n+ggHkSJXEV28Bi2sF58A15sQjwaSkE2vBwLAL5GftSmao0QSozSfQ+RFw2N+loRG\nYedXZpRMsYFr1uA1qavcBjoj7JqPpID7UaTgXwwHWbV+j2uhQfotqRvOQ5KTmx5H\nJa+VjPu+xAC7mmcL+dxmeBpbJJD5Li8B8ggJXGJUk+En6XSIgZkQ6vKvC9HyasE6\nWZLXU+JJoCp2wkCPNTRxzPE2PGnlI0a4ZP2/y/2yacc4HQGBhEMc+SVT/VSZaMS+\nAQIDAQAB\n-----END PUBLIC KEY-----", "payerfspSettlementAccountId": "", "payerfspSettlementAccountBalanceBeforeFundsIn": "", "payerfspSettlementAccountBalanceAfterFundsIn": "", "fundsInPrepareTransferId": "", "fundsInPrepareAmount": "", "SIMPLE_ROUTING_MODE_ENABLED": true, "mobileSimPayerFsp": "pinkbankfsp", "mobileSimPayeeFsp": "greenbankfsp", "ON_US_TRANSFERS_ENABLED": false, "expectedPartiesVersion": "1.1", "expectedParticipantsVersion": "1.1", "expectedQuotesVersion": "1.1", "expectedTransfersVersion": "1.1", "expectedAuthorizationsVersion": "1.1", "expectedTransactionRequestsVersion": "1.1", "toSubIdValue": "30", "fromSubIdValue": "30", "cgscurrency": "INR", "settlementtestfsp2bankMSISDN": "27713813915", "settlementtestfsp1bankMSISDN": "27713813914", "settlementtestfsp4bankMSISDN": "27713813917", "settlementtestfsp3bankMSISDN": "27713813916", "DELAY_CGS": 5000, "DELAY_FUNDS_IN": 5000, "DELAY_CL": 250, "RETRY_MAX_ATTEMPTS": 100, "settlementpayeefspNoExtensionMSISDN": "27714923918", "NORESPONSE_NAME": "$param_simNameNoResponsePayeefsp", "payeefspMSISDN": "17039811907", "payerfspMSISDN": "17891239876", "settlementtestNonExistingMSISDN": "22244803917", "NET_DEBIT_CAP": "50000", "HOST_ORACLE_CONSENT": "http://$release_name-consent-oracle", "DFSPA_NAME": "dfspa", "DFSPA_CB_FSPIOP": "http://$release_name-sim-tp-dfspa-scheme-adapter:4000", "DFSPA_CB_THIRDPARTY": "http://$release_name-sim-tp-dfspa-thirdparty-sdk:4005", "DFSPB_NAME": "dfspb", "DFSPB_CB_FSPIOP": "http://$release_name-sim-tp-dfspb-scheme-adapter:4000", "DFSPB_CB_THIRDPARTY": "http://$release_name-sim-tp-dfspb-thirdparty-sdk:4005", "PISP_NAME": "pisp", "PISP_CB_FSPIOP": "http://$release_name-sim-tp-pisp-scheme-adapter:4000", "PISP_CB_THIRDPARTY": "http://$release_name-sim-tp-pisp-thirdparty-sdk:4005", "CENTRALAUTH_NAME": "centralauth", "CENTRALAUTH_CB_FSPIOP": "http://$release_name-auth-svc", "PISP_THIRDPARTY_SDK_OUTBOUND_URL": "http://$release_name-sim-tp-pisp-thirdparty-sdk:4006", "PISP_BACKEND_TESTAPI_URL": "http://$release_name-sim-tp-pisp-backend:3003", "PISP_CALLBACK_URL": "http://$release_name-sim-tp-pisp-scheme-adapter:4000", "PISP_SDK_TESTAPI_URL": "http://$release_name-sim-tp-pisp-scheme-adapter:4002", "PISP_SDK_TESTAPI_WS_URL": "ws://$release_name-sim-tp-pisp-scheme-adapter:4002", "DFSPA_BACKEND_TESTAPI_URL": "http://$release_name-sim-tp-dfspa-backend:3003", "DFSPA_CALLBACK_URL": "http://$release_name-sim-tp-dfspa-scheme-adapter:4000", "DFSPA_SDK_TESTAPI_URL": "http://$release_name-sim-tp-dfspa-scheme-adapter:4002", "DFSPA_SDK_TESTAPI_WS_URL": "ws://$release_name-sim-tp-dfspa-scheme-adapter:4002", "DFSPB_BACKEND_TESTAPI_URL": "http://$release_name-sim-tp-dfspb-backend:3003", "DFSPB_CALLBACK_URL": "http://$release_name-sim-tp-dfspb-scheme-adapter:4000", "DFSPB_SDK_TESTAPI_URL": "http://$release_name-sim-tp-dfspb-scheme-adapter:4002", "DFSPB_SDK_TESTAPI_WS_URL": "ws://$release_name-sim-tp-dfspb-scheme-adapter:4002", "TTKSIM1_NAME": "$param_simNameTTKSim1", "TTKSIM2_NAME": "$param_simNameTTKSim2", "TTKSIM3_NAME": "$param_simNameTTKSim3", "TTKSIM1_MSISDN": "16135551212", "TTKSIM2_MSISDN_PREFIX": "4561", "TTKSIM3_MSISDN_PREFIX": "5671", "TTKSIM1_CALLBACK_URL": "http://$release_name-$param_simNameTTKSim1-sdk-api-svc:4000", "TTKSIM1_SDK_TESTAPI_URL": "http://$release_name-$param_simNameTTKSim1-sdk-api-svc:4002", "TTKSIM1_SDK_TESTAPI_WS_URL": "ws://$release_name-$param_simNameTTKSim1-sdk-api-svc:4002", "TTKSIM2_CALLBACK_URL": "http://$release_name-$param_simNameTTKSim2-sdk-api-svc:4000", "TTKSIM2_SDK_TESTAPI_URL": "http://$release_name-$param_simNameTTKSim2-sdk-api-svc:4002", "TTKSIM2_SDK_TESTAPI_WS_URL": "ws://$release_name-$param_simNameTTKSim2-sdk-api-svc:4002", "TTKSIM3_CALLBACK_URL": "http://$release_name-$param_simNameTTKSim3-sdk-api-svc:4000", "TTKSIM3_SDK_TESTAPI_URL": "http://$release_name-$param_simNameTTKSim3-sdk-api-svc:4002", "TTKSIM3_SDK_TESTAPI_WS_URL": "ws://$release_name-$param_simNameTTKSim3-sdk-api-svc:4002", "TTKSIM2_PARTY_NOT_FOUND": "partynotfound", "TTKSIM2_PARTY_TIMES_OUT": "partytimesout"}}
  ml-testing-toolkit-frontend:
    ingress:
      enabled: true
      hosts:
        ui:
          host: testing-toolkit.local
    config:
      API_BASE_URL: http://testing-toolkit.local

ml-ttk-posthook-setup:
  postInstallHook:
    enabled: false
    weight: -5
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: &ttkGitUrl https://github.com/mojaloop/testing-toolkit-test-cases/archive/v16.0.0.zip
    testCasesPathInZip: &ttkGitPathSetup testing-toolkit-test-cases-16.0.0/collections/hub/provisioning
    ttkBackendURL: http://$release_name-ml-testing-toolkit-backend:5050
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues

ml-ttk-posthook-tests:
  postInstallHook:
    enabled: false
    weight: -4
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: &ttkGitPathGP testing-toolkit-test-cases-16.0.0/collections/hub/golden_path
    # awsS3BucketName: aws-s3-bucket-name
    # awsS3FilePath: ttk-tests/reports
    ttkBackendURL: http://$release_name-ml-testing-toolkit-backend:5050
    testSuiteName: GP Tests
    environmentName: Development

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": ""
  # }
  configFileDefaults: {"mode": "outbound"}
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues

ml-ttk-cronjob-tests:
  scheduling:
    enabled: false
    ## Note: First Cronjob may fail as the Hub setup & Sim onboarding may not be completed. These must be run either via Post-hooks or via running `Helm test`.
    ## cronSchedule format as follows:
    ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#example
    ## ┌───────────── minute (0 - 59)
    ## │ ┌───────────── hour (0 - 23)
    ## │ │ ┌───────────── day of the month (1 - 31)
    ## │ │ │ ┌───────────── month (1 - 12)
    ## │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday;
    ## │ │ │ │ │                                   7 is also Sunday on some systems)
    ## │ │ │ │ │
    ## │ │ │ │ │
    ## * * * * *
    cronSchedule: '0 8 * * *'
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: *ttkGitPathGP
    # awsS3BucketName: aws-s3-bucket-name
    # awsS3FilePath: ttk-tests/reports
    ttkBackendURL: http://$release_name-ml-testing-toolkit-backend:5050
    testSuiteName: GP Tests
    environmentName: Development
    saveReport: true
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: cronjob_tests

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": ""
  # }
  configFileDefaults: {"mode": "outbound"}
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues

ml-ttk-cronjob-cleanup:
  scheduling:
    enabled: false
    ## Note: First Cronjob may fail as the Hub setup & Sim onboarding may not be completed. These must be run either via Post-hooks or via running `Helm test`.
    ## cronSchedule format as follows:
    ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#example
    ## ┌───────────── minute (0 - 59)
    ## │ ┌───────────── hour (0 - 23)
    ## │ │ ┌───────────── day of the month (1 - 31)
    ## │ │ │ ┌───────────── month (1 - 12)
    ## │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday;
    ## │ │ │ │ │                                   7 is also Sunday on some systems)
    ## │ │ │ │ │
    ## │ │ │ │ │
    ## * * * * *
    cronSchedule: '15 8 * * *'
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: &ttkGitPathCleanup testing-toolkit-test-cases-16.0.0/collections/hub/cleanup
    # testCasesPathInZip: *ttkGitPathGP
    # awsS3BucketName: aws-s3-bucket-name
    # awsS3FilePath: ttk-tests/reports
    ttkBackendURL: http://$release_name-ml-testing-toolkit-backend:5050
    testSuiteName: GP Cleanup
    environmentName: Development
    saveReport: true
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: cronjob_cleanup

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": ""
  # }
  configFileDefaults: {"mode": "outbound"}
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues

ml-ttk-test-setup:
  tests:
    enabled: true
    weight: -9
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: *ttkGitPathSetup
    ttkBackendURL: http://$release_name-ml-testing-toolkit-backend:5050
    testSuiteName: Standard Provisioning Collection
    environmentName: Development
    saveReport: true
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: standard_provisioning_collection
    ## `allowFailures` configures this TTK CLI Test Runner to return failure exit-codes to the terminal,
    ## by default this is `false` - which means that any consecutive Helm tests will not be executed by Helm.
    ## If this is set to `true` - it will allow all Helm tests to be executed regardless of any failures.
    allowFailures: false

  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues

ml-ttk-test-val-gp:
  tests:
    enabled: true
    weight: -8
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: *ttkGitPathGP
    ## Optional config for uploading reports to S3 Buckets. If enabled: WS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION under the 'configCreds' is required.
    # awsS3BucketName: aws-s3-bucket-name
    # awsS3FilePath: ttk-tests/reports
    ttkBackendURL: http://$release_name-ml-testing-toolkit-backend:5050
    testSuiteName: GP Tests
    environmentName: Development
    saveReport: true
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: gp_tests
    ## `allowFailures` configures this TTK CLI Test Runner to return failure exit-codes to the terminal,
    ## By default this is `false` - which means that any consecutive Helm tests will not be executed by Helm.
    ## If this is set to `true` - it will allow the next consecutive Helm test to be executed regardless of any failures.
    allowFailures: false

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": "",
  #   "logLevel": "2"
  # }
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues

ml-ttk-test-val-bulk:
  tests:
    enabled: false
    weight: -7
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: testing-toolkit-test-cases-16.0.0/collections/hub/other_tests/bulk_transfers
    ## Optional config for uploading reports to S3 Buckets. If enabled: WS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION under the 'configCreds' is required.
    # awsS3BucketName: aws-s3-bucket-name
    # awsS3FilePath: ttk-tests/reports
    ttkBackendURL: http://$release_name-ml-testing-toolkit-backend:5050
    testSuiteName: Bulk Tests
    environmentName: Development
    saveReport: true
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: bulk_tests
    ## `allowFailures` configures this TTK CLI Test Runner to return failure exit-codes to the terminal,
    ## by default this is `false` - which means that any consecutive Helm tests will not be executed by Helm.
    ## If this is set to `true` - it will allow all Helm tests to be executed regardless of any failures.
    allowFailures: false

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": "",
  #   "logLevel": "2"
  # }
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues

ml-ttk-test-setup-tp:
  tests:
    enabled: false
    weight: -6
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: testing-toolkit-test-cases-16.0.0/collections/hub/provisioning_thirdparty
    ## Optional config for uploading reports to S3 Buckets. If enabled: WS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION under the 'configCreds' is required.
    # awsS3BucketName: aws-s3-bucket-name
    # awsS3FilePath: ttk-tests/reports
    ttkBackendURL: http://$release_name-ml-testing-toolkit-backend:5050
    testSuiteName: Thirdparty Provisioning Collection
    environmentName: Development
    saveReport: true
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: thirdparty_provisioning_collection
    ## `allowFailures` configures this TTK CLI Test Runner to return failure exit-codes to the terminal,
    ## by default this is `false` - which means that any consecutive Helm tests will not be executed by Helm.
    ## If this is set to `true` - it will allow all Helm tests to be executed regardless of any failures.
    allowFailures: false

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": "",
  #   "logLevel": "2"
  # }
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues

ml-ttk-test-val-tp:
  tests:
    enabled: false
    weight: -5
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: testing-toolkit-test-cases-16.0.0/collections/hub/thirdparty
    # awsS3FilePath: ttk-tests/reports
    testSuiteName: Thirdparty Tests
    environmentName: Development
    saveReport: true
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: thirdparty_tests
    ## `allowFailures` configures this TTK CLI Test Runner to return failure exit-codes to the terminal,
    ## by default this is `false` - which means that any consecutive Helm tests will not be executed by Helm.
    ## If this is set to `true` - it will allow all Helm tests to be executed regardless of any failures.
    allowFailures: false

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": "",
  #   "logLevel": "2"
  # }
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues

ml-ttk-test-setup-sdk-bulk:
  tests:
    enabled: false
    weight: -4
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: testing-toolkit-test-cases-16.0.0/collections/hub/provisioning_sdkbulk
    ## Optional config for uploading reports to S3 Buckets. If enabled: WS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION under the 'configCreds' is required.
    # awsS3BucketName: aws-s3-bucket-name
    # awsS3FilePath: ttk-tests/reports
    ttkBackendURL: http://$release_name-ml-testing-toolkit-backend:5050
    testSuiteName: SDK Bulk Provisioning Collection
    environmentName: Development
    saveReport: true
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: sdk_bulk_provisioning_collection
    ## `allowFailures` configures this TTK CLI Test Runner to return failure exit-codes to the terminal,
    ## by default this is `false` - which means that any consecutive Helm tests will not be executed by Helm.
    ## If this is set to `true` - it will allow all Helm tests to be executed regardless of any failures.
    allowFailures: false

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": "",
  #   "logLevel": "2"
  # }
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues

ml-ttk-test-val-sdk-bulk:
  tests:
    enabled: false
    weight: -3
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: testing-toolkit-test-cases-16.0.0/collections/hub/sdk_scheme_adapter/bulk/basic
    ## Optional config for uploading reports to S3 Buckets. If enabled: WS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION under the 'configCreds' is required.
    # awsS3BucketName: aws-s3-bucket-name
    # awsS3FilePath: ttk-tests/reports
    ttkBackendURL: http://$release_name-ttksim1-ttk-backend:5050
    testSuiteName: SDK Bulk Tests
    environmentName: Development
    saveReport: true
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: sdk_bulk_tests
    ## `allowFailures` configures this TTK CLI Test Runner to return failure exit-codes to the terminal,
    ## by default this is `false` - which means that any consecutive Helm tests will not be executed by Helm.
    ## If this is set to `true` - it will allow all Helm tests to be executed regardless of any failures.
    allowFailures: false

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": "",
  #   "logLevel": "2"
  # }
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttksim1InputValues

ml-ttk-test-val-sdk-r2p:
  tests:
    enabled: false
    weight: -2
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: testing-toolkit-test-cases-16.0.0/collections/hub/sdk_scheme_adapter/request-to-pay/basic
    ## Optional config for uploading reports to S3 Buckets. If enabled: WS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION under the 'configCreds' is required.
    # awsS3BucketName: aws-s3-bucket-name
    # awsS3FilePath: ttk-tests/reports
    ttkBackendURL: http://$release_name-ttksim1-ttk-backend:5050
    testSuiteName: SDK Request To Pay Tests
    environmentName: Development
    saveReport: true
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: sdk_r2p_tests
    ## `allowFailures` configures this TTK CLI Test Runner to return failure exit-codes to the terminal,
    ## by default this is `false` - which means that any consecutive Helm tests will not be executed by Helm.
    ## If this is set to `true` - it will allow all Helm tests to be executed regardless of any failures.
    allowFailures: false

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": "",
  #   "logLevel": "2"
  # }
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttksim1InputValues

ml-ttk-test-cleanup:
  tests:
    enabled: true
    weight: -1
  config:
    ## Test-case archive zip for test-cases: https://github.com/mojaloop/testing-toolkit-test-cases
    testCasesZipUrl: *ttkGitUrl
    testCasesPathInZip: *ttkGitPathCleanup
    ## Optional config for uploading reports to S3 Buckets. If enabled: WS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION under the 'configCreds' is required.
    # awsS3BucketName: aws-s3-bucket-name
    # awsS3FilePath: ttk-tests/reports
    ttkBackendURL: http://$release_name-ml-testing-toolkit-backend:5050
    testSuiteName: Post Cleanup
    environmentName: Development
    saveReport: false
    saveReportBaseUrl: "testing-toolkit.local"
    reportName: post_cleanup
    ## `allowFailures` configures this TTK CLI Test Runner to return failure exit-codes to the terminal,
    ## by default this is `false` - which means that any consecutive Helm tests will not be executed by Helm.
    ## If this is set to `true` - it will allow all Helm tests to be executed regardless of any failures.
    allowFailures: false

  # configCreds:
  #   AWS_ACCESS_KEY_ID: 'some_aws_access_key'
  #   AWS_SECRET_ACCESS_KEY: 'some_aws_secret_key'
  #   AWS_REGION: 'us-west-2'
  #   SLACK_WEBHOOK_URL: 'slack_inbound_webhook'

  ## Optionally specify the config file defaults for TTK CLI
  ## You should specify at least mode here
  # configFileDefaults: {
  #   "mode": "outbound",
  #   "reportFormat": "html",
  #   "baseURL": "",
  #   "reportTarget": "",
  #   "reportAutoFilenameEnable": true,
  #   "slackWebhookUrl": "",
  #   "slackPassedImage": "",
  #   "slackFailedImage": "",
  #   "logLevel": "2"
  # }
  parameters:
    <<: *simNames
  testCaseEnvironmentFile: *ttkInputValues