diff --git a/iac/tf-anthos-gke/terraform.tfvars b/iac/tf-anthos-gke/terraform.tfvars index 450f6bd08..9dbbc1b07 100644 --- a/iac/tf-anthos-gke/terraform.tfvars +++ b/iac/tf-anthos-gke/terraform.tfvars @@ -18,6 +18,6 @@ region = "us-central1" zone = "us-central1-b" cluster_name = "anthos-sample-cluster1" sync_repo = "https://github.com/GoogleCloudPlatform/bank-of-anthos" -sync_branch = "release/v0.6.1" +sync_branch = "release/v0.6.2" sync_rev = "" policy_dir = "/kubernetes-manifests" diff --git a/kubernetes-manifests/accounts-db.yaml b/kubernetes-manifests/accounts-db.yaml index 07762ab1e..fbf4ca052 100644 --- a/kubernetes-manifests/accounts-db.yaml +++ b/kubernetes-manifests/accounts-db.yaml @@ -1,17 +1,3 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - apiVersion: v1 data: ACCOUNTS_DB_URI: postgresql://accounts-admin:accounts-pwd@accounts-db:5432/accounts-db @@ -32,62 +18,122 @@ apiVersion: v1 kind: Service metadata: labels: + application: bank-of-anthos environment: development + team: accounts + tier: db name: accounts-db spec: ports: - - name: tcp - port: 5432 - protocol: TCP - targetPort: 5432 + - name: tcp + port: 5432 + protocol: TCP + targetPort: 5432 selector: app: accounts-db + application: bank-of-anthos environment: development + team: accounts + tier: db type: ClusterIP --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: + application: bank-of-anthos environment: development + team: accounts + tier: db name: accounts-db spec: replicas: 1 selector: matchLabels: app: accounts-db + application: bank-of-anthos environment: development + team: accounts + tier: db serviceName: accounts-db template: metadata: labels: app: accounts-db + application: bank-of-anthos environment: development + team: accounts + tier: db spec: containers: - - envFrom: - - configMapRef: - name: environment-config - - configMapRef: - name: accounts-db-config - - configMapRef: - name: demo-data-config - image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/accounts-db:v0.6.1@sha256:7c4cf161904b4ef869cc8796d7b5bcde1dda6f861898c0cfed6afd4e4affe659 - name: accounts-db - ports: - - containerPort: 5432 - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: postgresdb - subPath: postgres + - envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + - configMapRef: + name: demo-data-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/accounts-db:v0.6.2@sha256:c55f28a015c77b6701d9e32c53fb63c11268df0f2eca7a490f0faa6be427bb62 + name: accounts-db + ports: + - containerPort: 5432 + resources: + limits: + cpu: 250m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresdb + subPath: postgres + serviceAccount: bank-of-anthos serviceAccountName: default volumes: - - emptyDir: {} - name: postgresdb + - emptyDir: {} + name: postgresdb +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque diff --git a/kubernetes-manifests/balance-reader.yaml b/kubernetes-manifests/balance-reader.yaml index 269d806df..fd4079856 100644 --- a/kubernetes-manifests/balance-reader.yaml +++ b/kubernetes-manifests/balance-reader.yaml @@ -11,7 +11,147 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +apiVersion: v1 +data: + POSTGRES_DB: postgresdb + POSTGRES_PASSWORD: password + POSTGRES_USER: admin + SPRING_DATASOURCE_PASSWORD: password + SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db:5432/postgresdb + SPRING_DATASOURCE_USERNAME: admin +kind: ConfigMap +metadata: + labels: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + name: ledger-db-config +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application: bank-of-anthos + environment: development + team: ledger + tier: db + name: ledger-db +spec: + ports: + - name: tcp + port: 5432 + targetPort: 5432 + selector: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + type: ClusterIP +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + application: bank-of-anthos + environment: development + team: ledger + tier: db + name: ledger-db +spec: + replicas: 1 + selector: + matchLabels: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + serviceName: ledger-db + template: + metadata: + labels: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + spec: + containers: + - envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + - configMapRef: + name: demo-data-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/ledger-db:v0.6.2@sha256:abf589513b05769093862ed6faf405b0540cc4fb3c89a19e212842cb9acd04e4 + name: postgres + ports: + - containerPort: 5432 + resources: + limits: + cpu: 250m + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresdb + subPath: postgres + serviceAccount: bank-of-anthos + serviceAccountName: default + volumes: + - emptyDir: {} + name: postgresdb +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque +--- apiVersion: v1 kind: Service metadata: @@ -23,9 +163,9 @@ metadata: name: balancereader spec: ports: - - name: http - port: 8080 - targetPort: 8080 + - name: http + port: 8080 + targetPort: 8080 selector: app: balancereader application: bank-of-anthos @@ -63,77 +203,76 @@ spec: tier: backend spec: containers: - - env: - - name: VERSION - value: v0.6.1 - - name: PORT - value: "8080" - - name: ENABLE_TRACING - value: "true" - - name: ENABLE_METRICS - value: "true" - - name: POLL_MS - value: "100" - - name: CACHE_SIZE - value: "1000000" - - name: JVM_OPTS - value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap - -Xms256m -Xmx512m - - name: LOG_LEVEL - value: info - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - envFrom: - - configMapRef: - name: environment-config - - configMapRef: - name: ledger-db-config - image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/balancereader:v0.6.1@sha256:100dabaeec6e8975a3a459b709a316178c3125301d164e1a1c861bd4a217bc8e - livenessProbe: - httpGet: - path: /healthy - port: 8080 - initialDelaySeconds: 120 - periodSeconds: 5 - timeoutSeconds: 10 - name: balancereader - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 5 - timeoutSeconds: 10 - resources: - limits: - cpu: 500m - ephemeral-storage: 0.5Gi - memory: 512Mi - requests: - cpu: 100m - ephemeral-storage: 0.5Gi - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - privileged: false - readOnlyRootFilesystem: true - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthy - port: 8080 - periodSeconds: 10 - volumeMounts: - - mountPath: /tmp - name: tmp - - mountPath: /tmp/.ssh - name: publickey - readOnly: true + - env: + - name: VERSION + value: v0.6.2 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + - name: ENABLE_METRICS + value: "true" + - name: POLL_MS + value: "100" + - name: CACHE_SIZE + value: "1000000" + - name: JVM_OPTS + value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/balancereader:v0.6.2@sha256:1035844c88684b205e55c0038466fb9c015977f606acacb136ecfa2029085fe0 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 5 + timeoutSeconds: 10 + name: balancereader + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + limits: + cpu: 500m + ephemeral-storage: 0.5Gi + memory: 512Mi + requests: + cpu: 100m + ephemeral-storage: 0.5Gi + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 30 + httpGet: + path: /healthy + port: 8080 + periodSeconds: 10 + volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /tmp/.ssh + name: publickey + readOnly: true securityContext: fsGroup: 1000 runAsGroup: 1000 @@ -142,11 +281,55 @@ spec: serviceAccountName: bank-of-anthos terminationGracePeriodSeconds: 5 volumes: - - emptyDir: {} - name: tmp - - name: publickey - secret: - items: - - key: jwtRS256.key.pub - path: publickey - secretName: jwt-key + - emptyDir: {} + name: tmp + - name: publickey + secret: + items: + - key: jwtRS256.key.pub + path: publickey + secretName: jwt-key +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque diff --git a/kubernetes-manifests/config.yaml b/kubernetes-manifests/config.yaml index 78039bbc1..0d0a74254 100644 --- a/kubernetes-manifests/config.yaml +++ b/kubernetes-manifests/config.yaml @@ -40,10 +40,3 @@ data: DEMO_LOGIN_USERNAME: "testuser" # All demo user accounts are hardcoded to use the login password 'bankofanthos' DEMO_LOGIN_PASSWORD: "bankofanthos" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com - name: bank-of-anthos \ No newline at end of file diff --git a/kubernetes-manifests/contacts.yaml b/kubernetes-manifests/contacts.yaml index 4bb5e675e..19403c968 100644 --- a/kubernetes-manifests/contacts.yaml +++ b/kubernetes-manifests/contacts.yaml @@ -11,7 +11,146 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +apiVersion: v1 +data: + ACCOUNTS_DB_URI: postgresql://accounts-admin:accounts-pwd@accounts-db:5432/accounts-db + POSTGRES_DB: accounts-db + POSTGRES_PASSWORD: accounts-pwd + POSTGRES_USER: accounts-admin +kind: ConfigMap +metadata: + labels: + app: accounts-db + application: bank-of-anthos + environment: development + team: accounts + tier: db + name: accounts-db-config +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application: bank-of-anthos + environment: development + team: accounts + tier: db + name: accounts-db +spec: + ports: + - name: tcp + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + app: accounts-db + application: bank-of-anthos + environment: development + team: accounts + tier: db + type: ClusterIP +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + application: bank-of-anthos + environment: development + team: accounts + tier: db + name: accounts-db +spec: + replicas: 1 + selector: + matchLabels: + app: accounts-db + application: bank-of-anthos + environment: development + team: accounts + tier: db + serviceName: accounts-db + template: + metadata: + labels: + app: accounts-db + application: bank-of-anthos + environment: development + team: accounts + tier: db + spec: + containers: + - envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + - configMapRef: + name: demo-data-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/accounts-db:v0.6.2@sha256:c55f28a015c77b6701d9e32c53fb63c11268df0f2eca7a490f0faa6be427bb62 + name: accounts-db + ports: + - containerPort: 5432 + resources: + limits: + cpu: 250m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresdb + subPath: postgres + serviceAccount: bank-of-anthos + serviceAccountName: default + volumes: + - emptyDir: {} + name: postgresdb +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque +--- apiVersion: v1 kind: Service metadata: @@ -23,9 +162,9 @@ metadata: name: contacts spec: ports: - - name: http - port: 8080 - targetPort: 8080 + - name: http + port: 8080 + targetPort: 8080 selector: app: contacts application: bank-of-anthos @@ -63,51 +202,51 @@ spec: tier: backend spec: containers: - - env: - - name: VERSION - value: v0.6.1 - - name: PORT - value: "8080" - - name: ENABLE_TRACING - value: "true" - - name: LOG_LEVEL - value: info - envFrom: - - configMapRef: - name: environment-config - - configMapRef: - name: accounts-db-config - image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/contacts:v0.6.1@sha256:b355abdaf59d23f5ab4ee08226fd1296dce8f764892ae3916a420d9d6bb20db4 - name: contacts - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 10 - resources: - limits: - cpu: 250m - ephemeral-storage: 0.25Gi - memory: 128Mi - requests: - cpu: 100m - ephemeral-storage: 0.25Gi - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - privileged: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: tmp - - mountPath: /tmp/.ssh - name: publickey - readOnly: true + - env: + - name: VERSION + value: v0.6.2 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + - name: LOG_LEVEL + value: info + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/contacts:v0.6.2@sha256:47285118e19bd2b3230ee5da433c9706d97031d4a164a6317af1ed53738cad83 + name: contacts + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + limits: + cpu: 250m + ephemeral-storage: 0.25Gi + memory: 128Mi + requests: + cpu: 100m + ephemeral-storage: 0.25Gi + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /tmp/.ssh + name: publickey + readOnly: true securityContext: fsGroup: 1000 runAsGroup: 1000 @@ -116,11 +255,55 @@ spec: serviceAccountName: bank-of-anthos terminationGracePeriodSeconds: 5 volumes: - - emptyDir: {} - name: tmp - - name: publickey - secret: - items: - - key: jwtRS256.key.pub - path: publickey - secretName: jwt-key + - emptyDir: {} + name: tmp + - name: publickey + secret: + items: + - key: jwtRS256.key.pub + path: publickey + secretName: jwt-key +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque diff --git a/kubernetes-manifests/frontend.yaml b/kubernetes-manifests/frontend.yaml index 4d083e250..c32796df9 100644 --- a/kubernetes-manifests/frontend.yaml +++ b/kubernetes-manifests/frontend.yaml @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: v1 kind: Service metadata: @@ -23,9 +22,9 @@ metadata: name: frontend spec: ports: - - name: http - port: 80 - targetPort: 8080 + - name: http + port: 80 + targetPort: 8080 selector: app: frontend application: bank-of-anthos @@ -63,80 +62,80 @@ spec: tier: web spec: containers: - - env: - - name: VERSION - value: v0.6.1 - - name: PORT - value: "8080" - - name: ENABLE_TRACING - value: "true" - - name: SCHEME - value: http - - name: LOG_LEVEL - value: info - - name: DEFAULT_USERNAME - valueFrom: - configMapKeyRef: - key: DEMO_LOGIN_USERNAME - name: demo-data-config - - name: DEFAULT_PASSWORD - valueFrom: - configMapKeyRef: - key: DEMO_LOGIN_PASSWORD - name: demo-data-config - - name: REGISTERED_OAUTH_CLIENT_ID - valueFrom: - configMapKeyRef: - key: DEMO_OAUTH_CLIENT_ID - name: oauth-config - optional: true - - name: ALLOWED_OAUTH_REDIRECT_URI - valueFrom: - configMapKeyRef: - key: DEMO_OAUTH_REDIRECT_URI - name: oauth-config - optional: true - envFrom: - - configMapRef: - name: environment-config - - configMapRef: - name: service-api-config - image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/frontend:v0.6.1@sha256:07cb2c7f9a08cf820a81d59670a59b53d183717ce998a035625f0441b24e7544 - livenessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 15 - timeoutSeconds: 30 - name: front - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 10 - resources: - limits: - cpu: 250m - memory: 128Mi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - privileged: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: tmp - - mountPath: /tmp/.ssh - name: publickey - readOnly: true + - env: + - name: VERSION + value: v0.6.2 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + - name: SCHEME + value: http + - name: LOG_LEVEL + value: info + - name: DEFAULT_USERNAME + valueFrom: + configMapKeyRef: + key: DEMO_LOGIN_USERNAME + name: demo-data-config + - name: DEFAULT_PASSWORD + valueFrom: + configMapKeyRef: + key: DEMO_LOGIN_PASSWORD + name: demo-data-config + - name: REGISTERED_OAUTH_CLIENT_ID + valueFrom: + configMapKeyRef: + key: DEMO_OAUTH_CLIENT_ID + name: oauth-config + optional: true + - name: ALLOWED_OAUTH_REDIRECT_URI + valueFrom: + configMapKeyRef: + key: DEMO_OAUTH_REDIRECT_URI + name: oauth-config + optional: true + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: service-api-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/frontend:v0.6.2@sha256:d7f4599ebb7ce3d8ac2573dcf6df5fb5e939e4e5d81d5288729dd4b0c242c64d + livenessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 30 + name: front + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + limits: + cpu: 250m + memory: 128Mi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /tmp/.ssh + name: publickey + readOnly: true securityContext: fsGroup: 1000 runAsGroup: 1000 @@ -145,11 +144,55 @@ spec: serviceAccountName: bank-of-anthos terminationGracePeriodSeconds: 5 volumes: - - emptyDir: {} - name: tmp - - name: publickey - secret: - items: - - key: jwtRS256.key.pub - path: publickey - secretName: jwt-key + - emptyDir: {} + name: tmp + - name: publickey + secret: + items: + - key: jwtRS256.key.pub + path: publickey + secretName: jwt-key +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque diff --git a/kubernetes-manifests/ledger-db.yaml b/kubernetes-manifests/ledger-db.yaml index 51c0be2fb..96d9ef121 100644 --- a/kubernetes-manifests/ledger-db.yaml +++ b/kubernetes-manifests/ledger-db.yaml @@ -1,17 +1,3 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - apiVersion: v1 data: POSTGRES_DB: postgresdb @@ -23,7 +9,7 @@ data: kind: ConfigMap metadata: labels: - app: postgres + app: ledger-db application: bank-of-anthos environment: development team: ledger @@ -34,61 +20,121 @@ apiVersion: v1 kind: Service metadata: labels: + application: bank-of-anthos environment: development + team: ledger + tier: db name: ledger-db spec: ports: - - name: tcp - port: 5432 - targetPort: 5432 + - name: tcp + port: 5432 + targetPort: 5432 selector: app: ledger-db + application: bank-of-anthos environment: development + team: ledger + tier: db type: ClusterIP --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: + application: bank-of-anthos environment: development + team: ledger + tier: db name: ledger-db spec: replicas: 1 selector: matchLabels: app: ledger-db + application: bank-of-anthos environment: development + team: ledger + tier: db serviceName: ledger-db template: metadata: labels: app: ledger-db + application: bank-of-anthos environment: development + team: ledger + tier: db spec: containers: - - envFrom: - - configMapRef: - name: environment-config - - configMapRef: - name: ledger-db-config - - configMapRef: - name: demo-data-config - image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/ledger-db:v0.6.1@sha256:2fe07029725a4ae2cf7beaec17dbdd6f8fc11caa8a9725708b42a603532e7b84 - name: postgres - ports: - - containerPort: 5432 - resources: - limits: - cpu: 250m - memory: 1Gi - requests: - cpu: 100m - memory: 512Mi - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: postgresdb - subPath: postgres + - envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + - configMapRef: + name: demo-data-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/ledger-db:v0.6.2@sha256:abf589513b05769093862ed6faf405b0540cc4fb3c89a19e212842cb9acd04e4 + name: postgres + ports: + - containerPort: 5432 + resources: + limits: + cpu: 250m + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresdb + subPath: postgres + serviceAccount: bank-of-anthos serviceAccountName: default volumes: - - emptyDir: {} - name: postgresdb + - emptyDir: {} + name: postgresdb +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque diff --git a/kubernetes-manifests/ledger-writer.yaml b/kubernetes-manifests/ledger-writer.yaml index bf515bb81..f9153ffed 100644 --- a/kubernetes-manifests/ledger-writer.yaml +++ b/kubernetes-manifests/ledger-writer.yaml @@ -11,7 +11,147 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +apiVersion: v1 +data: + POSTGRES_DB: postgresdb + POSTGRES_PASSWORD: password + POSTGRES_USER: admin + SPRING_DATASOURCE_PASSWORD: password + SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db:5432/postgresdb + SPRING_DATASOURCE_USERNAME: admin +kind: ConfigMap +metadata: + labels: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + name: ledger-db-config +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application: bank-of-anthos + environment: development + team: ledger + tier: db + name: ledger-db +spec: + ports: + - name: tcp + port: 5432 + targetPort: 5432 + selector: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + type: ClusterIP +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + application: bank-of-anthos + environment: development + team: ledger + tier: db + name: ledger-db +spec: + replicas: 1 + selector: + matchLabels: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + serviceName: ledger-db + template: + metadata: + labels: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + spec: + containers: + - envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + - configMapRef: + name: demo-data-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/ledger-db:v0.6.2@sha256:abf589513b05769093862ed6faf405b0540cc4fb3c89a19e212842cb9acd04e4 + name: postgres + ports: + - containerPort: 5432 + resources: + limits: + cpu: 250m + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresdb + subPath: postgres + serviceAccount: bank-of-anthos + serviceAccountName: default + volumes: + - emptyDir: {} + name: postgresdb +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque +--- apiVersion: v1 kind: Service metadata: @@ -23,9 +163,9 @@ metadata: name: ledgerwriter spec: ports: - - name: http - port: 8080 - targetPort: 8080 + - name: http + port: 8080 + targetPort: 8080 selector: app: ledgerwriter application: bank-of-anthos @@ -63,68 +203,67 @@ spec: tier: backend spec: containers: - - env: - - name: VERSION - value: v0.6.1 - - name: PORT - value: "8080" - - name: ENABLE_TRACING - value: "true" - - name: ENABLE_METRICS - value: "true" - - name: JVM_OPTS - value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap - -Xms256m -Xmx512m - - name: LOG_LEVEL - value: info - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - envFrom: - - configMapRef: - name: environment-config - - configMapRef: - name: service-api-config - - configMapRef: - name: ledger-db-config - image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/ledgerwriter:v0.6.1@sha256:5087bc9f032dee70fda80063d659c3e1e34c7058c8b650d2128a8bdbbd4e5f4d - name: ledgerwriter - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 5 - timeoutSeconds: 10 - resources: - limits: - cpu: 500m - ephemeral-storage: 0.5Gi - memory: 512Mi - requests: - cpu: 100m - ephemeral-storage: 0.5Gi - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - privileged: false - readOnlyRootFilesystem: true - startupProbe: - failureThreshold: 30 - httpGet: - path: /ready - port: 8080 - periodSeconds: 10 - volumeMounts: - - mountPath: /tmp - name: tmp - - mountPath: /tmp/.ssh - name: publickey - readOnly: true + - env: + - name: VERSION + value: v0.6.2 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + - name: ENABLE_METRICS + value: "true" + - name: JVM_OPTS + value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: service-api-config + - configMapRef: + name: ledger-db-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/ledgerwriter:v0.6.2@sha256:d973448da63ba87b0d826ebb91ceba3f8ff1bd26f46a055f3fa7d7818c342f88 + name: ledgerwriter + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + limits: + cpu: 500m + ephemeral-storage: 0.5Gi + memory: 512Mi + requests: + cpu: 100m + ephemeral-storage: 0.5Gi + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 30 + httpGet: + path: /ready + port: 8080 + periodSeconds: 10 + volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /tmp/.ssh + name: publickey + readOnly: true securityContext: fsGroup: 1000 runAsGroup: 1000 @@ -133,11 +272,55 @@ spec: serviceAccountName: bank-of-anthos terminationGracePeriodSeconds: 5 volumes: - - emptyDir: {} - name: tmp - - name: publickey - secret: - items: - - key: jwtRS256.key.pub - path: publickey - secretName: jwt-key + - emptyDir: {} + name: tmp + - name: publickey + secret: + items: + - key: jwtRS256.key.pub + path: publickey + secretName: jwt-key +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque diff --git a/kubernetes-manifests/loadgenerator.yaml b/kubernetes-manifests/loadgenerator.yaml index 28ad4401c..1771d324d 100644 --- a/kubernetes-manifests/loadgenerator.yaml +++ b/kubernetes-manifests/loadgenerator.yaml @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: apps/v1 kind: Deployment metadata: @@ -39,29 +38,29 @@ spec: tier: test spec: containers: - - env: - - name: FRONTEND_ADDR - value: frontend:80 - - name: USERS - value: "5" - - name: LOG_LEVEL - value: error - image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/loadgenerator:v0.6.1@sha256:3bb01473ed1b71b97e0a9c77f1e16db2f8e281344add5fb53d2bb2d889158f46 - name: loadgenerator - resources: - limits: - cpu: 250m - memory: 1Gi - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - privileged: false - readOnlyRootFilesystem: true + - env: + - name: FRONTEND_ADDR + value: frontend:80 + - name: USERS + value: "5" + - name: LOG_LEVEL + value: error + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/loadgenerator:v0.6.2@sha256:8982f3569bc7d1de97aee3be388b4d7eee076c5c9640c2be6bc3d4a58a9898d4 + name: loadgenerator + resources: + limits: + cpu: 250m + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true restartPolicy: Always securityContext: fsGroup: 1000 diff --git a/kubernetes-manifests/transaction-history.yaml b/kubernetes-manifests/transaction-history.yaml index 29f6781eb..a33866bc4 100644 --- a/kubernetes-manifests/transaction-history.yaml +++ b/kubernetes-manifests/transaction-history.yaml @@ -11,7 +11,147 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +apiVersion: v1 +data: + POSTGRES_DB: postgresdb + POSTGRES_PASSWORD: password + POSTGRES_USER: admin + SPRING_DATASOURCE_PASSWORD: password + SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db:5432/postgresdb + SPRING_DATASOURCE_USERNAME: admin +kind: ConfigMap +metadata: + labels: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + name: ledger-db-config +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application: bank-of-anthos + environment: development + team: ledger + tier: db + name: ledger-db +spec: + ports: + - name: tcp + port: 5432 + targetPort: 5432 + selector: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + type: ClusterIP +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + application: bank-of-anthos + environment: development + team: ledger + tier: db + name: ledger-db +spec: + replicas: 1 + selector: + matchLabels: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + serviceName: ledger-db + template: + metadata: + labels: + app: ledger-db + application: bank-of-anthos + environment: development + team: ledger + tier: db + spec: + containers: + - envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + - configMapRef: + name: demo-data-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/ledger-db:v0.6.2@sha256:abf589513b05769093862ed6faf405b0540cc4fb3c89a19e212842cb9acd04e4 + name: postgres + ports: + - containerPort: 5432 + resources: + limits: + cpu: 250m + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresdb + subPath: postgres + serviceAccount: bank-of-anthos + serviceAccountName: default + volumes: + - emptyDir: {} + name: postgresdb +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque +--- apiVersion: v1 kind: Service metadata: @@ -23,9 +163,9 @@ metadata: name: transactionhistory spec: ports: - - name: http - port: 8080 - targetPort: 8080 + - name: http + port: 8080 + targetPort: 8080 selector: app: transactionhistory application: bank-of-anthos @@ -63,81 +203,80 @@ spec: tier: backend spec: containers: - - env: - - name: VERSION - value: v0.6.1 - - name: PORT - value: "8080" - - name: ENABLE_TRACING - value: "true" - - name: ENABLE_METRICS - value: "true" - - name: POLL_MS - value: "100" - - name: CACHE_SIZE - value: "1000" - - name: CACHE_MINUTES - value: "60" - - name: HISTORY_LIMIT - value: "100" - - name: JVM_OPTS - value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap - -Xms256m -Xmx512m - - name: LOG_LEVEL - value: info - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - envFrom: - - configMapRef: - name: environment-config - - configMapRef: - name: ledger-db-config - image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/transactionhistory:v0.6.1@sha256:bba73286ab53f8adba4381562e1c0b6c9b6a69c331a5acb3133379c356b5672f - livenessProbe: - httpGet: - path: /healthy - port: 8080 - initialDelaySeconds: 120 - periodSeconds: 5 - timeoutSeconds: 10 - name: transactionhistory - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 5 - timeoutSeconds: 10 - resources: - limits: - cpu: 500m - ephemeral-storage: 0.5Gi - memory: 512Mi - requests: - cpu: 100m - ephemeral-storage: 0.5Gi - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - privileged: false - readOnlyRootFilesystem: true - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthy - port: 8080 - periodSeconds: 10 - volumeMounts: - - mountPath: /tmp - name: tmp - - mountPath: /tmp/.ssh - name: publickey - readOnly: true + - env: + - name: VERSION + value: v0.6.2 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + - name: ENABLE_METRICS + value: "true" + - name: POLL_MS + value: "100" + - name: CACHE_SIZE + value: "1000" + - name: CACHE_MINUTES + value: "60" + - name: HISTORY_LIMIT + value: "100" + - name: JVM_OPTS + value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/transactionhistory:v0.6.2@sha256:553869591f27efb035c981175cfd43c6904d0fec6b214080f0f61c65bb621898 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 5 + timeoutSeconds: 10 + name: transactionhistory + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + limits: + cpu: 500m + ephemeral-storage: 0.5Gi + memory: 512Mi + requests: + cpu: 100m + ephemeral-storage: 0.5Gi + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 30 + httpGet: + path: /healthy + port: 8080 + periodSeconds: 10 + volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /tmp/.ssh + name: publickey + readOnly: true securityContext: fsGroup: 1000 runAsGroup: 1000 @@ -146,11 +285,55 @@ spec: serviceAccountName: bank-of-anthos terminationGracePeriodSeconds: 5 volumes: - - emptyDir: {} - name: tmp - - name: publickey - secret: - items: - - key: jwtRS256.key.pub - path: publickey - secretName: jwt-key + - emptyDir: {} + name: tmp + - name: publickey + secret: + items: + - key: jwtRS256.key.pub + path: publickey + secretName: jwt-key +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque diff --git a/kubernetes-manifests/userservice.yaml b/kubernetes-manifests/userservice.yaml index 1acbe6ae9..2a02a2750 100644 --- a/kubernetes-manifests/userservice.yaml +++ b/kubernetes-manifests/userservice.yaml @@ -11,7 +11,146 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +apiVersion: v1 +data: + ACCOUNTS_DB_URI: postgresql://accounts-admin:accounts-pwd@accounts-db:5432/accounts-db + POSTGRES_DB: accounts-db + POSTGRES_PASSWORD: accounts-pwd + POSTGRES_USER: accounts-admin +kind: ConfigMap +metadata: + labels: + app: accounts-db + application: bank-of-anthos + environment: development + team: accounts + tier: db + name: accounts-db-config +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application: bank-of-anthos + environment: development + team: accounts + tier: db + name: accounts-db +spec: + ports: + - name: tcp + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + app: accounts-db + application: bank-of-anthos + environment: development + team: accounts + tier: db + type: ClusterIP +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + application: bank-of-anthos + environment: development + team: accounts + tier: db + name: accounts-db +spec: + replicas: 1 + selector: + matchLabels: + app: accounts-db + application: bank-of-anthos + environment: development + team: accounts + tier: db + serviceName: accounts-db + template: + metadata: + labels: + app: accounts-db + application: bank-of-anthos + environment: development + team: accounts + tier: db + spec: + containers: + - envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + - configMapRef: + name: demo-data-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/accounts-db:v0.6.2@sha256:c55f28a015c77b6701d9e32c53fb63c11268df0f2eca7a490f0faa6be427bb62 + name: accounts-db + ports: + - containerPort: 5432 + resources: + limits: + cpu: 250m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresdb + subPath: postgres + serviceAccount: bank-of-anthos + serviceAccountName: default + volumes: + - emptyDir: {} + name: postgresdb +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque +--- apiVersion: v1 kind: Service metadata: @@ -23,9 +162,9 @@ metadata: name: userservice spec: ports: - - name: http - port: 8080 - targetPort: 8080 + - name: http + port: 8080 + targetPort: 8080 selector: app: userservice application: bank-of-anthos @@ -63,58 +202,58 @@ spec: tier: backend spec: containers: - - env: - - name: VERSION - value: v0.6.1 - - name: PORT - value: "8080" - - name: ENABLE_TRACING - value: "true" - - name: TOKEN_EXPIRY_SECONDS - value: "3600" - - name: PRIV_KEY_PATH - value: /tmp/.ssh/privatekey - - name: LOG_LEVEL - value: info - envFrom: - - configMapRef: - name: environment-config - - configMapRef: - name: accounts-db-config - image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/userservice:v0.6.1@sha256:b73e5b03c077ff1e7214885b986f6e9ecb444f78d206c4d3864265449c71b19b - name: userservice - ports: - - containerPort: 8080 - name: http-server - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 10 - resources: - limits: - cpu: 500m - ephemeral-storage: 0.25Gi - memory: 256Mi - requests: - cpu: 260m - ephemeral-storage: 0.25Gi - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - privileged: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: tmp - - mountPath: /tmp/.ssh - name: keys - readOnly: true + - env: + - name: VERSION + value: v0.6.2 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + - name: TOKEN_EXPIRY_SECONDS + value: "3600" + - name: PRIV_KEY_PATH + value: /tmp/.ssh/privatekey + - name: LOG_LEVEL + value: info + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + image: us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos/userservice:v0.6.2@sha256:b961e044e1897919ec58fa25d067488f54f0d800b53df04ee330906456ab7b57 + name: userservice + ports: + - containerPort: 8080 + name: http-server + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + limits: + cpu: 500m + ephemeral-storage: 0.25Gi + memory: 256Mi + requests: + cpu: 260m + ephemeral-storage: 0.25Gi + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /tmp/.ssh + name: keys + readOnly: true securityContext: fsGroup: 1000 runAsGroup: 1000 @@ -123,13 +262,57 @@ spec: serviceAccountName: bank-of-anthos terminationGracePeriodSeconds: 5 volumes: - - emptyDir: {} - name: tmp - - name: keys - secret: - items: - - key: jwtRS256.key - path: privatekey - - key: jwtRS256.key.pub - path: publickey - secretName: jwt-key + - emptyDir: {} + name: tmp + - name: keys + secret: + items: + - key: jwtRS256.key + path: privatekey + - key: jwtRS256.key.pub + path: publickey + secretName: jwt-key +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: gke-workload-development@bank-of-anthos-ci.iam.gserviceaccount.com + name: bank-of-anthos +--- +apiVersion: v1 +data: + DEMO_LOGIN_PASSWORD: bankofanthos + DEMO_LOGIN_USERNAME: testuser + USE_DEMO_DATA: "True" +kind: ConfigMap +metadata: + name: demo-data-config +--- +apiVersion: v1 +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey +kind: ConfigMap +metadata: + name: environment-config +--- +apiVersion: v1 +data: + BALANCES_API_ADDR: balancereader:8080 + CONTACTS_API_ADDR: contacts:8080 + HISTORY_API_ADDR: transactionhistory:8080 + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + USERSERVICE_API_ADDR: userservice:8080 +kind: ConfigMap +metadata: + name: service-api-config +--- +apiVersion: v1 +data: + jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= +kind: Secret +metadata: + name: jwt-key +type: Opaque