-
Notifications
You must be signed in to change notification settings - Fork 60
/
values.yaml
671 lines (599 loc) · 32.4 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
# Default values for mojaloop-simulator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
simulators: {}
# Usage:
# Add simulators to the simulators object. The following example will create two simulators,
# 'payerfsp' and 'payeefsp' that will be created with the default values available lower in this
# file.
#
# simulators:
# payerfsp: {}
# payeefsp: {}
#
# The default values can be overridden for all sims by modifying mojaloop-simulator.defaults in
# your parent chart. They can also be overriden per-simulator. The following example will result in
# a payerfsp without a cache and a payeefsp with a cache.
#
# simulators:
# payerfsp:
# config:
# cache:
# enabled: false
# payeefsp: {}
#
#
# You can also enable the thirdparty-sdk for each simulator you define in order to test
# the Mojaloop Third Party Components:
#
# simulators:
# pispa:
# config:
# thirdpartysdk:
# enabled: true
#
# The above config will create 1 instance of a simulator, with a thirdparty-sdk
# TODO & notes:
# * do the port _numbers_ matter at all? Can we get rid of them?
# * for Mowali, how are JWS and TLS secrets being set up?
# * support arbitrary init containers + config (that might just be config that goes into defaults
# or something?). Supply all config and volumes to the init containers.
# * create some test containers
# * generate JWS private/public keys, so the user does not need to supply keys at all.
# * generate public key from private, so the user only needs to supply private keys for each sim?
# (_might_ be possible with a job or init container or similar).
# * support mTLS auto-cert generation
# * probably eliminate all config that shouldn't actually be changed by a user, e.g.
# JWS_VERIFICATION_KEYS_DIRECTORY. That's a good configuration option to have for other contexts,
# such as running the sim locally or in docker-compose but in this context it's _an
# implementation detail_. The chart user should not have to worry about it, and we should not
# have to test the effect of changing it.
# Also
# INBOUND_LISTEN_PORT
# OUTBOUND_LISTEN_PORT
# * make ingress more generic- do not preconfigure annotations
# * think about labels a little more carefully- the app should probably always be "mojaloop-simulator"
# * add config map and hashes to the deployments so that a configmap change triggers a rolling
# update
# * support JWS public keys for other entities. Add a note in the documentation that they must map
# directly to the value that will be received in the FSPIOP-Source (check this is correct)
# * update labels to be compliant. E.g. app.kubernetes.io/name or whatever
# * rename ".Values.defaults.config" as it's pretty a useless name
# * support arbitrary sidecars?
# * use the redis subchart? https://github.com/bitnami/charts/tree/master/bitnami/redis
# - this would mean a single instance of redis (probably good)
# - might need to have the simulators use separate databases per simulator, or prefix all of
# their keys with their own name, or something
# * allow the user to optionally specify the namespace, with the caveat that that namespace will
# need to be created manually before the release is deployed. There may be a horrible hack (which
# I have not tried) whereby all templates are moved to a different directory, say ./xtemplates,
# then all are imported using {{ .Files.Glob }} and {{ .Files.Get }} then templated into a single
# amazing template with {{ template }}. At the top of this template goes a namespace. The
# consequence of this is that the namespace is created first, enabling this beautiful pattern.
# Remember, with great power comes great responsibility. (In other words, we probably have a
# responsibility to _not_ do this).
# * should redis be a statefulset? optionally? what does the bitnami chart do?
# * move labels into helpers
# * autogenerate ILP stuff?
# * defaults.resources looks like it's used nowhere- check this and remove it as appropriate
# * look for references to replicaCount in the charts/values. Is it set, or whatever?
# * scale Redis
# * changing JWS_SIGNING_KEY_PATH currently breaks the chart because it's nastily hard-coded. It
# should be possible to use the Spring filepath functions to avoid this. Similarly, changing
# RULES_FILE will have a similar effect. Alternatively, make these unconfigured by default. I.e.
# comment them out, hard-code them and add a warning to the user in the config. (Is there a
# scenario where the user should want to configure them? I don't think so..).
# (https://masterminds.github.io/sprig/paths.html)
# * put sim inbound API on port 80
# * supply more documentation, especially a range of examples, and preferably documentation that is
# executable
# * share configmaps, secrets with init containers
# * share an emptyDir volume between init containers and main containers
# * allow init containers to create secrets and put them on persistent volumes, or emptyDirs, then
# allow main containers to access those
# * do not put environment variables in configmaps, instead put them straight into the deployments.
# This makes the deployment much easier to manage.
# * Remember, labels are _for_ identifying stuff. So labels should probably be like "release"
# (.Release.Name or similar) "chart" (.Chart.Name or similar) "simulator" (e.g. payerfsp,
# payeefsp) "sim-component" (e.g. backend, scheme-adapter, cache)
# * can _probably_ remove port numbers from services to simplify chart (although perhaps not? try
# to port-forward with a named port instead of a numbered port?)
# * It is likely possible to have the user supply a CA cert + key and use those to generate and
# sign automatically generated per-simulator keys.
# Every key added to this `simulators` object will be a simulator that takes on the default
# config below. The default is deliberately left empty so nothing is deployed by default.
# payerfsp: {}
# payeefsp: {}
defaultProbes: &defaultProbes
livenessProbe:
enabled: true
initialDelaySeconds: 3
periodSeconds: 30
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
enabled: true
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
ingress:
enabled: true
# If you're using nginx ingress controller >= v0.22.0 set this to (/|$)(.*). Ensure that you set the `"nginx.ingress.kubernetes.io/rewrite-target": "/$2"`
# If you're using nginx ingress controller < v0.22.0 set this to an empty string or "/". Ensure that you set the `"nginx.ingress.kubernetes.io/rewrite-target": "/"`
# This affects the way your rewrite target will work.
# For more information see "Breaking changes" here:
# https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220
## https://kubernetes.github.io/ingress-nginx/examples/rewrite/
# nginx.ingress.kubernetes.io/rewrite-target: '/'
# nginx.ingress.kubernetes.io/rewrite-target: '/$2'
## https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/
# kubernetes.io/ingress.class: nginx
## https://kubernetes.github.io/ingress-nginx/user-guide/tls/#automated-certificate-management-with-kube-lego
# kubernetes.io/tls-acme: "true""
## nginx ingress controller >= v0.22.0
# annotations:
# nginx.ingress.kubernetes.io/rewrite-target: '/$2'
# ingressPathRewriteRegex: (/|$)(.*)
## nginx ingress controller < v0.22.0
# annotations:
# nginx.ingress.kubernetes.io/rewrite-target: '/'
ingressPathRewriteRegex: "/"
className: "nginx"
pathType: "ImplementationSpecific"
# If you enable JWS validation and intend to communicate via a switch you will almost certainly
# want to put your switch JWS public key in this array. The name of the property in this object
# will correspond directly to the name of the signing key (e.g., in the example below,
# `switch.pem`). Do not include the `.pem` extension, this will be added for you. The scheme
# adapter will use the FSPIOP-Source header content to identify the relevant signing key to use.
# The below example assumes your switch will use `FSPIOP-Source: switch`. If instead, for example,
# your switch is using `FSPIOP-Source: peter` you will need a property `peter` in the following
# object. Do not add the public keys of your simulators to this object. Instead, put them in
# `mojaloop-simulator.simulators.$yourSimName.config.schemeAdapter.secrets.jws.publicKey`.
sharedJWSPubKeys:
# switch: |-
# -----BEGIN PUBLIC KEY-----
# blah blah blah
# -----END PUBLIC KEY-----
defaults:
# Changes to this object in the parent chart, for example 'mojaloop-simulator.defaults' will be
# applied to all simulators deployed by this child chart.
ingress:
enabled: false
config:
# Config for init containers
initContainers:
waitForCache:
enabled: true
## @param master.podLabels Extra labels for pod(s)
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAnnotations Additional custom annotations for pod(s)
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
cache:
# These will be supplied directly to the init containers array in the deployment for the
# scheme adapter. They should look exactly as you'd declare them inside the deployment.
# Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
# This init container will have the same environment variables as the main backend container,
# as specified in .env below.
# Additionally, the following preset environment variables will be set:
# SIM_NAME: the name of the simulator as specified in the `mojaloop-simulator` config
# SIM_SCHEME_ADAPTER_SERVICE_NAME: "sim-$SIM_NAME-scheme-adapter"
# SIM_BACKEND_SERVICE_NAME: "sim-$SIM_NAME-backend"
# SIM_CACHE_SERVICE_NAME: "sim-$SIM_NAME-cache"
initContainers: []
enabled: true
image:
repository: redis
tag: 5.0.4-alpine
pullPolicy: IfNotPresent
<<: *defaultProbes
livenessProbe:
enabled: true
timeoutSeconds: 5
readinessProbe:
enabled: true
timeoutSeconds: 5
schemeAdapter:
secrets:
tls:
# In order to enable TLS with your supplied credentials, you will need to:
# 1. set all three of the `cert`, `key`, `cacert` fields appropriately for each of
# `inbound` and `outbound` as per your preference.
# 2. optionally specify `schemeAdapter.env.INBOUND_MUTUAL_TLS_ENABLED: true`
# 3. optionally specify `schemeAdapter.env.OUTBOUND_MUTUAL_TLS_ENABLED: true`
# It probably makes sense to set your CA cert in defaults. Note that the default is that
# the CA, cert and key will be generated for you by this chart. To use this functionality
# you only need specify the config documented in steps (2, 3, 4) a few lines up.
#
# inbound:
# key: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# cacert: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# cert: |
# -----BEGIN RSA PRIVATE KEY-----
# ...
# -----END RSA PRIVATE KEY-----
#
# To set the same values for each of inbound and outbound, specify the values for
# inbound as above, then the values for outbound using yaml anchors:
#
# inbound: &inbound
# key: |
# ..
# cacert: |
# ..
# cert: |
# ..
# outbound: *inbound
inbound: &inbound
# DO NOT REMOVE COMMENT
outbound: *inbound
jws:
# Use the privateKeySecret field if you would like to supply a JWS private key external
# to this chart.
# For example, if you create a private key called `sim-payerfsp-jws-signing-key` with data property `private.key`
# external to this chart, you would supply
# `privateKeySecret:
# name: sim-payerfsp-jws-signing-key`
# key: private.key
# here.
# These fields will take precedence over `privateKey` and `publicKey` below.
# This field is best supplied per-simulator, however it's here for documentation
# purposes.
privateKeySecret: {}
# The `publicKeyConfigMapName` field allows you to supply a ConfigMap containing JWS public
# keys external to this release, and have this release reference that ConfigMap to
# populate JWS public keys. The format of this ConfigMap must be as described for
# `sharedJWSPubKeys`, a map with one key per FSP/simulator corresponding to the
# FSPIOP-Source header that will be supplied by that FSP/simulator.
publicKeyConfigMapName: {}
# Supply per-simulator private and public keys here:
privateKey: ''
publicKey: ''
image:
repository: mojaloop/sdk-scheme-adapter
tag: v23.4.0
pullPolicy: IfNotPresent
command: '[ "yarn", "start:api-svc" ]'
<<: *defaultProbes
# These will be supplied directly to the init containers array in the deployment for the
# scheme adapter. They should look exactly as you'd declare them inside the deployment.
# Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
# This init container will have the same environment variables as the main scheme adapter
# container, as specified in .env below.
# All init containers will have the same preset environment variables as the backend init
# container as specified above.
initContainers: []
scale:
enabled: false
spec:
minReplicas: 1
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
env:
# Ports the scheme adapter listens on. Shouldn't really matter for a user of this chart.
# You probably shouldn't bother configuring them- it likely won't do you much good. But it
# won't do any harm, either.
INBOUND_LISTEN_PORT: 4000
OUTBOUND_LISTEN_PORT: 4001
TEST_LISTEN_PORT: 4002
# Enable mutual TLS authentication. Useful when not running in a secure
# environment, i.e. when you're running it locally against your own implementation.
INBOUND_MUTUAL_TLS_ENABLED: false
OUTBOUND_MUTUAL_TLS_ENABLED: false
TEST_MUTUAL_TLS_ENABLED: false
# Enable JWS verification and signing
VALIDATE_INBOUND_JWS: false
JWS_SIGN: false
# applicable only if VALIDATE_INBOUND_JWS is `true`
# allows disabling of validation on incoming PUT /parties/{idType}/{idValue} requests
VALIDATE_INBOUND_PUT_PARTIES_JWS: false
# applicable only if JWS_SIGN is `true`
# allows disabling of signing on outgoing PUT /parties/{idType}/{idValue} requests
JWS_SIGN_PUT_PARTIES: false
# Path to JWS signing key (private key of THIS DFSP)
JWS_SIGNING_KEY_PATH: "/jwsSigningKey/private.key" # do not configure- will break the chart
JWS_VERIFICATION_KEYS_DIRECTORY: "/secrets/jwsVerificationKeys"
# Location of certs and key required for TLS. It is possible to configure these- however,
# at the time of writing, it's not supported by this chart and will likely cause breakage.
# You should probably not do it unless you know what you're doing.
IN_CA_CERT_PATH: /secrets/inbound-cacert.pem
IN_SERVER_CERT_PATH: /secrets/inbound-cert.pem
IN_SERVER_KEY_PATH: /secrets/inbound-key.pem
OUT_CA_CERT_PATH: /secrets/outbound-cacert.pem
OUT_CLIENT_CERT_PATH: /secrets/outbound-cert.pem
OUT_CLIENT_KEY_PATH: /secrets/outbound-key.pem
# The number of space characters by which to indent pretty-printed logs. If set to zero, log events
# will each be printed on a single line.
LOG_INDENT: "0"
# REDIS CACHE CONNECTION
# CACHE_HOST: "" # Default is parametrised, but it's possible to override this
CACHE_PORT: 6379
# CACHE_SHOULD_EXPIRE=false
# CACHE_EXPIRY_SECONDS=3600
# Switch or DFSP system under test Mojaloop API endpoint
# The option 'PEER_ENDPOINT' has no effect if the remaining options 'ALS_ENDPOINT', 'QUOTES_ENDPOINT',
# 'BULK_QUOTES_ENDPOINT', 'TRANSFERS_ENDPOINT', 'BULK_TRANSFERS_ENDPOINT', 'TRANSACTION_REQUESTS_ENDPOINT' are specified.
# Do not include the protocol, i.e. http.
PEER_ENDPOINT: "mojaloop-switch"
# ALS_ENDPOINT="mojaloop-switch-als"
# QUOTES_ENDPOINT="mojaloop-switch-quotes"
# TRANSFERS_ENDPOINT="mojaloop-switch-transfers"
# BULK_TRANSFERS_ENDPOINT="mojaloop-switch-bulk-transfers"
# BULK_QUOTES_ENDPOINT="mojaloop-switch-bulk-quotes"
# TRANSACTION_REQUESTS_ENDPOINT=transaction-requests-service
# This value specifies the endpoint the scheme adapter expects to communicate with the
# backend on. Do not include the protocol, i.e. http.
# You're very likely to break the functioning of this chart if you configure the following
# value. This config item has been copied from the service repo for consistency with that,
# so that if you come here and find this variable, with this comment, it's less confusing
# than if you come here and it's missing entirely.
# BACKEND_ENDPOINT: "localhost:3000"
# FSPID of this DFSP
# Commented by default- you're likely to break the chart if you configure this value.
# DFSP_ID: "mojaloop-sdk"
# Secret used for generation and verification of secure ILP
ILP_SECRET: "Quaixohyaesahju3thivuiChai5cahng"
# expiry period in seconds for quote and transfers issued by the SDK
EXPIRY_SECONDS: "60"
# if set to false the SDK will not automatically accept all returned quotes
# but will halt the transfer after a quote response is received. A further
# confirmation call will be required to complete the final transfer stage.
AUTO_ACCEPT_QUOTES: false
# if set to false the SDK will not automatically accept a resolved party
# but will halt the transer after a party lookup response is received. A further
# confirmation call will be required to progress the transfer to quotes state.
AUTO_ACCEPT_PARTY: false
# when set to true, when sending money via the outbound API, the SDK will use the value
# of FSPIOP-Source header from the received quote response as the payeeFsp value in the
# transfer prepare request body instead of the value received in the payee party lookup.
# This behaviour should be enabled when the SDK user DFSP is in a forex enabled switch
# ecosystem and expects quotes and transfers to be rerouted by the switch to forex
# entities i.e. forex providing DFSPs. Please see the SDK documentation and switch
# operator documentation for more information on forex use cases.
USE_QUOTE_SOURCE_FSP_AS_TRANSFER_PAYEE_FSP: false
# set to true to validate ILP, otherwise false to ignore ILP
CHECK_ILP: true
# set to true to enable test features such as request cacheing and retrieval endpoints
ENABLE_TEST_FEATURES: true
# set to true to mock WSO2 oauth2 token endpoint
ENABLE_OAUTH_TOKEN_ENDPOINT: false
OAUTH_TOKEN_ENDPOINT_CLIENT_KEY: "test-client-key"
OAUTH_TOKEN_ENDPOINT_CLIENT_SECRET: "test-client-secret"
OAUTH_TOKEN_ENDPOINT_LISTEN_PORT: "6000"
# WS02 Bearer Token specific to golden-fsp instance and environment
WS02_BEARER_TOKEN: "7718fa9b-be13-3fe7-87f0-a12cf1628168"
# OAuth2 data used to obtain WSO2 bearer token
OAUTH_TOKEN_ENDPOINT: ""
OAUTH_CLIENT_KEY: ""
OAUTH_CLIENT_SECRET: ""
OAUTH_REFRESH_SECONDS: "3600"
# When WSO2 auth is enabled and a request fails with a 401, the SDK can attempt to retrieve
# a new auth token and retry the request
WSO2_AUTH_FAILURE_REQUEST_RETRIES: "0"
# Set to true to respect expirity timestamps
REJECT_EXPIRED_QUOTE_RESPONSES: false
REJECT_TRANSFERS_ON_EXPIRED_QUOTES: false
REJECT_EXPIRED_TRANSFER_FULFILS: false
# Timeout for GET/POST/DELETE - PUT flow processing
REQUEST_PROCESSING_TIMEOUT_SECONDS: "30"
# To allow transfer without a previous quote request, set this value to true.
# The incoming transfer request should consist of an ILP packet and a matching condition in this case.
# The fulfilment will be generated from the provided ILP packet, and must hash to the provided condition.
ALLOW_TRANSFER_WITHOUT_QUOTE: false
RESOURCE_VERSIONS: transfers=1.1,quotes=1.0
ENABLE_FSPIOP_EVENT_HANDLER: false
ENABLE_BACKEND_EVENT_HANDLER: false
backend:
image:
repository: mojaloop/mojaloop-simulator
tag: v15.0.0
pullPolicy: IfNotPresent
<<: *defaultProbes
# These will be supplied directly to the init containers array in the deployment for the
# backend. They should look exactly as you'd declare them inside the deployment.
# Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
initContainers: []
# Supply JSON rules here as a string
# Example:
# rules: |-
# [
# {
# "ruleId": 1,
# .. etc.
# }
# ]
rules: |-
[]
env:
##### Section for simulator backend container #####
# This is the endpoint the backend expects to communicate with the scheme adapter on.
# Include the protocol, i.e. http.
# It's not configured by default in this chart as the default value is calculated in a
# template and configuring it is likely to break communication between the backend and the
# scheme adapter.
# OUTBOUND_ENDPOINT: "http://localhost:4001" # within the pod
# Enable mutual TLS authentication. Useful when the simulator is not running in a managed
# environment, i.e. when you're running it locally against your own implementation.
MUTUAL_TLS_ENABLED: false
# Enable server-only TLS; i.e. serve on HTTPS instead of HTTP.
HTTPS_ENABLED: false
# Location of certs and key required for TLS
CA_CERT_PATH: /secrets/cacert.pem
SERVER_CERT_PATH: /secrets/servercert.pem
SERVER_KEY_PATH: /secrets/serverkey.pem
# The number of space characters by which to indent pretty-printed logs. If set to zero, log events
# will each be printed on a single line.
LOG_INDENT: "0"
# The name of the sqlite log file. This probably doesn't matter much to the user, except that
# setting :memory: will use an in-memory sqlite db, which will be faster and not consume disk
# space. However, it will also mean that the logs will be lost once the container is stopped.
SQLITE_LOG_FILE: ':memory:'
# The DFSPID of this simulator. The simulator will accept any requests routed to
# FSPIOP-Destination: $SCHEME_NAME. Other requests will be rejected.
# Not set in this chart as these are calculated in templates. Setting this values is likely
# to break expected functionality.
# SCHEME_NAME: golden
# DFSP_ID: golden
# The name of the sqlite model database. If you would like to start the simulator with preloaded
# state you can use a preexisting file. If running in a container, you can mount a sqlite file as a
# volume in the container to preserve state between runs.
# Use MODEL_DATABASE: :memory: for an ephemeral in-memory database
MODEL_DATABASE: ':memory:'
# The simulator can automatically add fees when generating quote responses. Use this
# variable to control the fee amounts added. e.g. for a transfer of 100 USD a FEE_MULTIPLIER of 0.1
# reuslts in fees of USD 10 being applied to the quote response
FEE_MULTIPLIER: "0.05"
# Specifies the location of a rules file for the simulator backend. Rules can be used to produce
# specific simulator behaviours in response to incoming requests that match certain conditions.
# e.g. a rule can be used to trigger NDC errors given transfers between certain limits.
RULES_FILE: ../rules/rules.json
# Ports for simulator, report, and test APIs
SIMULATOR_API_LISTEN_PORT: 3000
REPORT_API_LISTEN_PORT: 3002
TEST_API_LISTEN_PORT: 3003
thirdpartysdk:
secrets:
tls:
# In order to enable TLS with your supplied credentials, you will need to:
# 1. set all three of the `cert`, `key`, `cacert` fields appropriately for each of
# `inbound` and `outbound` as per your preference.
# 2. optionally specify `schemeAdapter.env.INBOUND_MUTUAL_TLS_ENABLED: true`
# 3. optionally specify `schemeAdapter.env.OUTBOUND_MUTUAL_TLS_ENABLED: true`
# It probably makes sense to set your CA cert in defaults. Note that the default is that
# the CA, cert and key will be generated for you by this chart. To use this functionality
# you only need specify the config documented in steps (2, 3, 4) a few lines up.
#
# inbound:
# key: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# cacert: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# cert: |
# -----BEGIN RSA PRIVATE KEY-----
# ...
# -----END RSA PRIVATE KEY-----
#
# To set the same values for each of inbound and outbound, specify the values for
# inbound as above, then the values for outbound using yaml anchors:
#
# inbound: &inbound
# key: |
# ..
# cacert: |
# ..
# cert: |
# ..
# outbound: *inbound
inbound: &inbound
# DO NOT REMOVE COMMENT
outbound: *inbound
jws:
# Use the privateKeySecret field if you would like to supply a JWS private key external
# to this chart.
# For example, if you create a private key called `sim-payerfsp-jws-signing-key` with data property `private.key`
# external to this chart, you would supply
# `privateKeySecret:
# name: sim-payerfsp-jws-signing-key`
# key: private.key
# here.
# These fields will take precedence over `privateKey` and `publicKey` below.
# This field is best supplied per-simulator, however it's here for documentation
# purposes.
privateKeySecret: {}
#
# The `publicKeyConfigMapName` field allows you to supply a ConfigMap containing JWS public
# keys external to this release, and have this release reference that ConfigMap to
# populate JWS public keys. The format of this ConfigMap must be as described for
# `sharedJWSPubKeys`, a map with one key per FSP/simulator corresponding to the
# FSPIOP-Source header that will be supplied by that FSP/simulator.
publicKeyConfigMapName: {}
# Supply per-simulator private and public keys here:
privateKey: ''
publicKey: ''
image:
repository: mojaloop/thirdparty-sdk
tag: v15.1.1
pullPolicy: IfNotPresent
# inboundCommand: '[ "npm", "run", "start:inbound" ]' ## TODO: Remove
# outboundCommand: '[ "npm", "run", "start:outbound" ]' ## TODO: Remove
command: '[ "npm", "run", "start" ]'
<<: *defaultProbes
# These will be supplied directly to the init containers array in the deployment for the
# scheme adapter. They should look exactly as you'd declare them inside the deployment.
# Example: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
# This init container will have the same environment variables as the main scheme adapter
# container, as specified in .env below.
# All init containers will have the same preset environment variables as the backend init
# container as specified above.
initContainers: []
scale:
enabled: false
spec:
minReplicas: 1
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
## Config files
config: {production.json: {"control": {"mgmtAPIWsUrl": "127.0.0.1", "mgmtAPIWsPort": 4010}, "inbound": {"port": 4005, "host": "0.0.0.0", "pispTransactionMode": true, "tls": {"mutualTLS": {"enabled": false}, "creds": {"ca": "/secrets/dfsp_or_3ppi_client_cacert.pem", "cert": "/secrets/dfsp_or_3ppi_server_cert.pem", "key": "/secrets/dfsp_or_3ppi_server_key.key"}}}, "outbound": {"port": 4006, "host": "0.0.0.0", "tls": {"mutualTLS": {"enabled": false}, "creds": {"ca": "/secrets/hub_server_cacert.pem", "cert": "/secrets/dfsp_or_3ppi_client_cert.cer", "key": "/secrets/dfsp_or_3ppi_client_key.key"}}}, "requestProcessingTimeoutSeconds": 30, "wso2": {"auth": {"staticToken": "test-static-token", "tokenEndpoint": "", "clientKey": "test-client-key", "clientSecret": "test-client-secret", "refreshSeconds": 3600}}, "redis": {"port": 6379, "timeout": 100}, "inspect": {"depth": 4, "showHidden": false, "color": true}, "shared": {"authServiceParticipantId": "centralauth", "thirdpartyRequestsEndpoint": "tp-api-svc", "servicesEndpoint": "tp-api-svc", "alsEndpoint": "$release_name-account-lookup-service", "quotesEndpoint": "$release_name-quoting-service", "transfersEndpoint": "$release_name-ml-api-adapter-service", "dfspId": "$name", "dfspBackendUri": "$full_name-backend:3000", "dfspBackendHttpScheme": "http", "dfspBackendVerifyAuthorizationPath": "verify-authorization", "dfspBackendVerifyConsentPath": "verify-consent", "sdkRequestToPayTransferUri": "0.0.0.0:3000/requestToPayTransfer", "sdkOutgoingUri": "$full_name-scheme-adapter:4001", "sdkOutgoingHttpScheme": "http", "sdkOutgoingPartiesInformationPath": "parties/{Type}/{ID}/{SubId}", "sdkNotifyAboutTransferUri": "ml-testing-toolkit:4040/thirdpartyRequests/transactions/{ID}"}, "pm4mlEnabled": false, "validateInboundJws": false, "jwsSign": false, "jwsSigningKey": "/jwsSigningKey.key", "jwsVerificationKeysDirectory": null}}
env:
NODE_ENV: production
INBOUND_LISTEN_PORT: 4005
OUTBOUND_LISTEN_PORT: 4006
# Path to JWS signing key (private key of THIS DFSP)
JWS_SIGNING_KEY_PATH: "/jwsSigningKey/private.key" # do not change this unless you know what you are doing - this will break the chart
JWS_VERIFICATION_KEYS_DIRECTORY: "/jwsVerificationKeys"
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Pod scheduling preferences.
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
## Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
nodeSelector: {}
## Set toleration for scheduler
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []