Helm Chart

helm/didx-cloud/Chart.yaml

@@ -0,0 +1,37 @@
+apiVersion: v2
+name: didx-cloud
+description: |
+  A generic Helm Chart to deploy the DIDx Aries CloudAPI stack.
+  Due to the similarity between the components, and to reduce duplication, this
+  chart can be used to deploy any of the following components:
+    - endorser
+    - governance-agent
+    - governance-web
+    - ledger-browser
+    - ledger-nodes
+    - multitenant-agent
+    - multitenant-web
+    - public-web
+    - tails-server
+    - tenant-web
+    - trust-registry
+    - waypoint
+  By simply modifying the values file accordingly.
+type: application
+
+version: 0.2.0
+
+home: https://github.com/didx-xyz/aries-cloudapi-python
+sources:
+  - https://github.com/didx-xyz/aries-cloudapi-python
+  - https://github.com/didx-xyz/aries-cloudcontroller-python
+  - https://github.com/bcgov/indy-tails-server
+  - https://github.com/bcgov/von-network
+
+keywords:
+  - identity
+  - hyperledger
+  - aries
+  - didx
+  - ssi
+  - self-sovereign

helm/didx-cloud/README.md

@@ -0,0 +1 @@
+# didx:cloud Helm Chart

helm/didx-cloud/conf/.gitignore

@@ -0,0 +1,2 @@
+# We want to keep this local dir
+!local

helm/didx-cloud/conf/local/endorser.yaml

@@ -0,0 +1,149 @@
+fullnameOverride: endorser
+
+replicaCount: 2
+
+podAnnotations:
+  sidecar.istio.io/proxyCPU: 10m
+  ad.datadoghq.com/endorser.logs: '[{"source": "python.uvicorn", "service": "endorser"}]'
+  proxy.istio.io/config: |-
+    proxyMetadata:
+      ISTIO_META_IDLE_TIMEOUT: 0s
+podLabels:
+  admission.datadoghq.com/enabled: "true"
+
+image:
+  name: d-cloud/endorser
+  pullPolicy: Always
+  tag: master
+
+command:
+  - poetry
+  - run
+  - uvicorn
+  - endorser.main:app
+  - --log-config=/tmp/log_conf.yaml
+  - --reload
+  - --host
+  - 0.0.0.0
+  - --port
+  - 3009
+
+service:
+  name: endorser
+  port: 3009
+  containerPort: 3009
+  appProtocol: http
+
+livenessProbe:
+  httpGet:
+    path: /health/live
+    port: endorser
+readinessProbe:
+  httpGet:
+    path: /health/ready
+    port: endorser
+
+autoscaling:
+  enabled: false
+
+# resources:
+#   requests:
+#     cpu: 50m
+#     memory: 128Mi
+#   limits:
+#     cpu: 250m
+#     memory: 256Mi
+
+secretData:
+  ACAPY_GOVERNANCE_AGENT_API_KEY: adminApiKey
+
+env:
+  LOG_LEVEL: info
+  PYTHONPATH: /
+
+  ACAPY_GOVERNANCE_AGENT_URL: http://governance-agent:3021
+
+  # Trust registry
+  TRUST_REGISTRY_URL: http://trust-registry:8000
+
+  GOVERNANCE_ACAPY_LABEL: Governance
+  ENABLE_SERIALIZE_LOGS: "FALSE"
+
+podSecurityContext:
+  fsGroup: 65534
+securityContext:
+  runAsUser: 0
+
+extraVolumes:
+  - name: logs
+    emptyDir: {}
+extraVolumeMounts:
+  - name: logs
+    mountPath: /logs
+
+affinity:
+  nodeAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        preference:
+          matchExpressions:
+            - key: node.kubernetes.io/lifecycle
+              operator: In
+              values:
+                - spot
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+              - key: app.kubernetes.io/instance
+                operator: In
+                values:
+                  - '{{ include "didx-cloud.fullname" . }}'
+          topologyKey: kubernetes.io/hostname
+    # requiredDuringSchedulingIgnoredDuringExecution:
+    #   - labelSelector:
+    #       matchExpressions:
+    #         - key: app.kubernetes.io/instance
+    #           operator: In
+    #           values:
+    #             - '{{ include "didx-cloud.fullname" . }}'
+    #     topologyKey: kubernetes.io/hostname
+
+configFiles:
+  log_conf.yaml:
+    path: /tmp/log_conf.yaml
+    content: |-
+      version: 1
+      disable_existing_loggers: False
+      formatters:
+        default:
+          "()": uvicorn.logging.DefaultFormatter
+          format: '%(asctime)s %(name)s %(levelname)s %(message)s'
+          use_colors: null
+        access:
+          "()": uvicorn.logging.AccessFormatter
+          format: '%(asctime)s %(name)s %(levelname)s %(client_addr)s - "%(request_line)s" %(status_code)s'
+      handlers:
+        default:
+          formatter: default
+          class: logging.StreamHandler
+          stream: ext://sys.stderr
+        access:
+          formatter: access
+          class: logging.StreamHandler
+          stream: ext://sys.stdout
+      loggers:
+        uvicorn:
+          level: INFO
+          handlers:
+            - default
+          propagate: no
+        uvicorn.error:
+          level: INFO
+        uvicorn.access:
+          level: INFO
+          handlers:
+            - access
+          propagate: no