-
Notifications
You must be signed in to change notification settings - Fork 189
/
Copy pathledger-browser-deploy.yaml
336 lines (330 loc) · 11.5 KB
/
ledger-browser-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
kind: Template
apiVersion: v1
metadata:
name: ${NAME}-deployment-template
annotations:
description: Deployment template for the von-network ledger browser.
iconClass: icon-python
objects:
- kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: ${NAME}-allow-ingress
labels:
app: ${NAME}
app-group: ${APP_GROUP}
env: ${TAG_NAME}
spec:
description: |
Allow traffic from routes into the ${ROLE} container(s).
ingress:
- from:
- namespaceSelector:
matchLabels:
network.openshift.io/policy-group: ingress
podSelector:
matchLabels:
app: ${NAME}
app-group: ${APP_GROUP}
env: ${TAG_NAME}
policyTypes:
- Ingress
- kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: ${PERSISTENT_VOLUME_NAME}
labels:
app: ${NAME}
app-group: ${APP_GROUP}
env: ${TAG_NAME}
spec:
storageClassName: ${PERSISTENT_VOLUME_CLASS}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: ${PERSISTENT_VOLUME_SIZE}
- kind: Secret
apiVersion: v1
metadata:
name: ${WALLET_CREDENTIAL_STORE_NAME}
labels:
app: ${NAME}
app-group: ${APP_GROUP}
env: ${TAG_NAME}
data:
key: ${WALLET_ENCRYPTION_KEY}
seed: ${INDY_WALLET_SEED}
did: ${INDY_WALLET_DID}
type: Opaque
- kind: Service
apiVersion: v1
metadata:
name: ${NAME}
annotations:
description: Exposes and load balances the application pods
labels:
app: ${NAME}
app-group: ${APP_GROUP}
env: ${TAG_NAME}
spec:
ports:
- name: 8080-tcp
port: 8080
targetPort: ${{PORT}}
selector:
app: ${NAME}
app-group: ${APP_GROUP}
env: ${TAG_NAME}
- kind: Route
apiVersion: v1
metadata:
name: ${NAME}
labels:
app: ${NAME}
app-group: ${APP_GROUP}
env: ${TAG_NAME}
certbot-managed: ${CERTBOT_MANAGED_ROUTE}
spec:
host: ${APPLICATION_DOMAIN}
port:
targetPort: 8080-tcp
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
name: ${NAME}
weight: 100
- kind: Deployment
apiVersion: apps/v1
metadata:
name: ${NAME}
annotations:
description: Defines how to deploy the application server
labels:
app: ${NAME}
app-group: ${APP_GROUP}
env: ${TAG_NAME}
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: ${NAME}
app-group: ${APP_GROUP}
env: ${TAG_NAME}
template:
metadata:
name: ${NAME}
labels:
app: ${NAME}
app-group: ${APP_GROUP}
env: ${TAG_NAME}
spec:
volumes:
- name: ${NAME}
persistentVolumeClaim:
claimName: ${PERSISTENT_VOLUME_NAME}
containers:
- name: ${NAME}
image: image-registry.openshift-image-registry.svc:5000/${IMAGE_NAMESPACE}/${NAME}:${TAG_NAME}
command:
- ./scripts/start_webserver.sh
ports:
- containerPort: ${{PORT}}
protocol: TCP
readinessProbe:
failureThreshold: 5
periodSeconds: 30
initialDelaySeconds: 3
timeoutSeconds: 20
httpGet:
path: /
port: 8080
livenessProbe:
failureThreshold: 5
periodSeconds: 60
initialDelaySeconds: 30
timeoutSeconds: 20
httpGet:
path: /
port: 8080
env:
- name: GENESIS_URL
value: ${GENESIS_URL}
- name: IP
value: ${IP}
- name: PORT
value: ${PORT}
- name: REGISTER_NEW_DIDS
value: ${REGISTER_NEW_DIDS}
- name: LEDGER_INSTANCE_NAME
value: ${LEDGER_INSTANCE_NAME}
- name: INFO_SITE_TEXT
value: ${INFO_SITE_TEXT}
- name: INFO_SITE_URL
value: ${INFO_SITE_URL}
- name: WEB_ANALYTICS_SCRIPT
value: ${WEB_ANALYTICS_SCRIPT}
- name: LEDGER_CACHE_PATH
value: ${LEDGER_CACHE_PATH}
- name: LEDGER_SEED
valueFrom:
secretKeyRef:
name: ${WALLET_CREDENTIAL_STORE_NAME}
key: seed
resources:
requests:
cpu: ${CPU_REQUEST}
memory: ${MEMORY_REQUEST}
limits:
cpu: ${CPU_LIMIT}
memory: ${MEMORY_LIMIT}
volumeMounts:
- name: ${NAME}
mountPath: ${VOLUME_MOUNT_PATH}
parameters:
- name: NAME
displayName: Name
description: The name assigned to all of the OpenShift resources associated to the server instance.
required: true
value: ledger-browser
- name: APP_GROUP
displayName: App Group
description: The name assigned to all of the deployments in this project.
required: true
value: von-network
- name: SOURCE_IMAGE_NAME
displayName: Source Image Name
description: The name of the image to use for this resource.
required: true
value: von-network-base
- name: IMAGE_NAMESPACE
displayName: Image Namespace
required: true
description: The namespace of the OpenShift project containing the image stream for the application.
value: ca7f8f
- name: APPLICATION_DOMAIN
displayName: Application Hostname
description: The exposed hostname that will route to the Django service, if left blank a value will be defaulted.
value: sovrin-mainnet-browser.vonx.io
- name: CERTBOT_MANAGED_ROUTE
displayName: Certbot Managed Route
description: Flag indicating whether the routes certificates are managed by CertBot.
required: true
value: 'false'
- name: WALLET_ENCRYPTION_KEY
displayName: Wallet Encryption Key
description: The encryption key to be used for the wallets. Needs to be basee64 encoded.
required: true
generate: expression
from: "[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16}"
- name: INDY_WALLET_SEED
displayName: Indy Wallet Seed
description: The Seed used for the indy wallet. Needs to be basee64 encoded.
required: true
generate: expression
from: "[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16}"
- name: INDY_WALLET_DID
displayName: Indy Wallet DID
description: The DID associated to the indy wallet. Needs to be basee64 encoded.
required: false
generate: expression
from: "[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]{16}"
- name: WALLET_CREDENTIAL_STORE_NAME
displayName: Wallet Credential Store Name
description: The name of the wallet credential store (aka The name of the secret that contains the wallet credentials).
required: true
value: wallet-credentials
- name: TAG_NAME
displayName: Environment TAG name
description: The TAG name for this environment, e.g., dev, test, prod
value: prod
required: true
- name: GENESIS_URL
displayName: Genesis Url
description: URL for downloading a copy of the genesis file defining the ledger connection for the environment.
required: false
value: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_live_genesis
- name: IP
displayName: Host IP
description: The IP on which the server should listen.
required: false
value: 0.0.0.0
- name: PORT
displayName: Host PORT
description: The port on which the server should listen.
required: false
value: "8080"
- name: REGISTER_NEW_DIDS
displayName: Register New Dids
description: If set to `True`, it will enable the user interface allowing new identity owners to write a DID to the ledger. It defaults to `False`.
required: false
value: "False"
- name: LEDGER_INSTANCE_NAME
displayName: Register New Dids
description: The name of the ledger instance the Ledger Brwoser is connected to. Defaults to `Ledger Browser`.
required: false
value: Sovrin Main Net
- name: INFO_SITE_TEXT
displayName: Site Info Text
description: The display text used for the `INFO_SITE_URL`. If not specified, it will default to the value set for `INFO_SITE_URL`.
required: false
value: Verifiable Organizations Network
- name: INFO_SITE_URL
displayName: Site Info URL
description: A URL that will be displayed in the header, and can be used to reference another external website containing details/resources on the current ledger browser instance.
required: false
value: https://vonx.io/
- name: WEB_ANALYTICS_SCRIPT
displayName: Web Analytics Script
description: The JavaScript code used by web analytics servers. Populate this environment variable if you want to track the usage of your site with Matomo, Google Analytics or any other JavaScript based trackers. Include the whole tag, ensuring quotes are escaped properly.
required: false
value: <!-- Matomo --><script type="text/javascript">var _paq = window._paq || [];/* tracker methods like "setCustomDimension" should be called before "trackPageView" */_paq.push(['trackPageView']);_paq.push(['enableLinkTracking']);(function() {var u="//matomo.vonx.io/";_paq.push(['setTrackerUrl', u+'matomo.php']);_paq.push(['setSiteId', '3']);var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);})();</script><!-- End Matomo Code -->
- name: LEDGER_CACHE_PATH
displayName: Ledger Cache Path
description: The path to the ledger cache database.
required: false
value: /home/indy/.indy_client/ledger-cache/ledger-cache-db
- name: VOLUME_MOUNT_PATH
displayName: Volume Mount Path
description: Volume mount path
required: true
value: /home/indy/.indy_client/ledger-cache
- name: PERSISTENT_VOLUME_NAME
displayName: Persistent Volume Name
description: The name of the persistent volume associated with the deployment.
required: true
value: ledger-browser-pvc
- name: PERSISTENT_VOLUME_SIZE
displayName: Persistent Volume Size
description: The size of the persistent volume , e.g. 512Mi, 1Gi, 2Gi.
required: true
value: 5Gi
- name: PERSISTENT_VOLUME_CLASS
displayName: Persistent Volume Class name
description: The class of the volume
required: false
value: netapp-block-standard
- name: CPU_REQUEST
displayName: Resources CPU Request
description: The resources CPU request (in cores) for this build.
required: true
value: 0m
- name: CPU_LIMIT
displayName: Resources CPU Limit
description: The resources CPU limit (in cores) for this build.
required: true
value: 1000m
- name: MEMORY_REQUEST
displayName: Resources Memory Request
description: The resources Memory request (in Mi, Gi, etc) for this build.
required: true
value: 0Mi
- name: MEMORY_LIMIT
displayName: Resources Memory Limit
description: The resources Memory limit (in Mi, Gi, etc) for this build.
required: true
value: 4000Mi