diff --git a/.circleci/config.yml b/.circleci/config.yml index 740040672..639192cc3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -174,7 +174,7 @@ jobs: machine: image: ubuntu-2004:current docker_layer_caching: true - resource_class: xlarge + resource_class: large environment: TERM: dumb parameters: @@ -204,6 +204,8 @@ jobs: default: 0.0.0 type: string steps: + - helm/install-helm-client: + version: "v3.8.2" - run: name: run minikube no_output_timeout: 40m @@ -226,14 +228,14 @@ jobs: curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb sudo dpkg -i minikube_latest_amd64.deb echo minikube waiting - minikube config set cpus 6 - minikube config set memory 25600 - minikube start #--extra-config=kubelet.max-pods=60 + #minikube config set cpus 4 + #minikube config set memory 15721 + minikube start --extra-config=kubelet.max-pods=60 --cpus max --memory max --disk-size 50g echo "Minikube started-----------------------------------------------------" - + minikube addons enable metrics-server # To check the allocated values - minikube config get cpus - minikube config get memory + #minikube config get cpus + #minikube config get memory MINIKUBE_IP=`minikube ip` echo $MINIKUBE_IP @@ -244,64 +246,65 @@ jobs: kubectl get -A namespace # # For remote access to minikube uncomment the following lines. - # #---------------------minikube remote aceess start--------------------- - # sudo apt install nginx - # sudo touch /etc/nginx/conf.d/minikube.conf - # echo "create nginx conf" - # sudo chmod 777 -R /etc/nginx/conf.d/ - # echo "changed access" + #---------------------minikube remote aceess start--------------------- + sudo apt install nginx + sudo touch /etc/nginx/conf.d/minikube.conf + echo "create nginx conf" + sudo chmod 777 -R /etc/nginx/conf.d/ + echo "changed access" - # sudo apt-get install apache2-utils -y - # echo "apache2-utils installed" - # htpasswd -bc /home/circleci/project/.htpasswd minikube minikube + sudo apt-get install apache2-utils -y + echo "apache2-utils installed" + htpasswd -bc /home/circleci/project/.htpasswd minikube minikube - # sudo cat \< /etc/nginx/conf.d/minikube.conf - # server { - # listen 8080; - # listen [::]:8080; - # server_name localhost; - # access_log /home/circleci/project/nginx_access.log; - # auth_basic "Administrators Area"; - # auth_basic_user_file /home/circleci/project/.htpasswd; + sudo cat \< /etc/nginx/conf.d/minikube.conf + server { + listen 8080; + listen [::]:8080; + server_name localhost; + access_log /home/circleci/project/nginx_access.log; + auth_basic "Administrators Area"; + auth_basic_user_file /home/circleci/project/.htpasswd; - # location / { - # proxy_pass https://$MINIKUBE_IP:8443; - # proxy_ssl_certificate /home/circleci/.minikube/profiles/minikube/client.crt; - # proxy_ssl_certificate_key /home/circleci/.minikube/profiles/minikube/client.key; - # } - # } - # EOF - # sudo service nginx restart || echo 'start nginx' - # SYSTEMD_LESS=FRXMK systemctl status nginx.service + location / { + proxy_pass https://$MINIKUBE_IP:8443; + proxy_ssl_certificate /home/circleci/.minikube/profiles/minikube/client.crt; + proxy_ssl_certificate_key /home/circleci/.minikube/profiles/minikube/client.key; + } + } + EOF + sudo service nginx restart || echo 'start nginx' + #SYSTEMD_LESS=FRXMK systemctl status nginx.service - # sleep 10 + sleep 10 - # echo "test-nginx-proxy" - # curl -u minikube:minikube http://localhost:8080 + echo "test-nginx-proxy" + curl -u minikube:minikube http://localhost:8080 - # curl -s https://ngrok-agent.s3.amazonaws.com/ngrok.asc | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" | sudo tee /etc/apt/sources.list.d/ngrok.list && sudo apt update && sudo apt install ngrok - # ngrok config add-authtoken $AUTH_TOKEN - # echo "web_addr: $LOCAL_PORT" >> /home/circleci/.config/ngrok/ngrok.yml - # ngrok http 8080 > /dev/null & + curl -s https://ngrok-agent.s3.amazonaws.com/ngrok.asc | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" | sudo tee /etc/apt/sources.list.d/ngrok.list && sudo apt update && sudo apt install ngrok + ngrok config add-authtoken $AUTH_TOKEN + echo "web_addr: $LOCAL_PORT" >> /home/circleci/.config/ngrok/ngrok.yml + ngrok http 8080 > /dev/null & - # echo -n "Extracting ngrok public url ." - # NGROK_PUBLIC_URL="" - # while [ -z "$NGROK_PUBLIC_URL" ]; do - # # Run 'curl' against ngrok API and extract public (using 'sed' command) - # export NGROK_PUBLIC_URL=$(curl --silent --max-time 10 --connect-timeout 5 \ - # --show-error http://127.0.0.1:$LOCAL_PORT/api/tunnels | \ - # sed -nE 's/.*public_url":"https:..([^"]*).*/\1/p') - # sleep 1 - # echo -n "." - # done - # echo ---------copy the below public_URL for NGrok---------- - # echo "https://$NGROK_PUBLIC_URL" - # echo "https://$NGROK_PUBLIC_URL" + echo -n "Extracting ngrok public url ." + NGROK_PUBLIC_URL="" + while [ -z "$NGROK_PUBLIC_URL" ]; do + # Run 'curl' against ngrok API and extract public (using 'sed' command) + export NGROK_PUBLIC_URL=$(curl --silent --max-time 10 --connect-timeout 5 \ + --show-error http://127.0.0.1:$LOCAL_PORT/api/tunnels | \ + sed -nE 's/.*public_url":"https:..([^"]*).*/\1/p') + sleep 1 + echo -n "." + done + echo ---------copy the below public_URL for NGrok---------- + echo "https://$NGROK_PUBLIC_URL" + echo "https://$NGROK_PUBLIC_URL" - # echo "test ngrok " - # curl -u minikube:minikube https://$NGROK_PUBLIC_URL - # echo "https://$NGROK_PUBLIC_URL" - # # ---------------------minikube remote access end--------------------- + #echo "test ngrok " + #curl -u minikube:minikube https://$NGROK_PUBLIC_URL + echo "https://$NGROK_PUBLIC_URL" + + # ---------------------minikube remote aceess end--------------------- curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null sudo apt-get install apt-transport-https --yes @@ -310,7 +313,25 @@ jobs: sudo apt-get update sudo apt-get install helm kubectl create namespace paymenthub || echo namespace already exists - + + # ----------------------Post-Installation-Steps-starts--------------------------- + #ES and Kibana secret creation + git clone -b 7.17 https://github.com/elastic/helm-charts.git elastic/helm-charts + cd elastic/helm-charts/elasticsearch/examples/security/ + make secrets || echo "elastic-secrets" already exists + git clone -b 7.17 https://github.com/elastic/helm-charts.git elastic/helm-charts + cd elastic/helm-charts/kibana/examples/security/ + make secrets || echo "kibana-secrets" already exists + kubectl get secret elastic-certificate-crt -n default -o yaml | sed 's/namespace: default/namespace: paymenthub/' | kubectl create -f - + kubectl get secret elastic-certificate-pem -n default -o yaml | sed 's/namespace: default/namespace: paymenthub/' | kubectl create -f - + kubectl get secret elastic-certificates -n default -o yaml | sed 's/namespace: default/namespace: paymenthub/' | kubectl create -f - + kubectl get secret elastic-credentials -n default -o yaml | sed 's/namespace: default/namespace: paymenthub/' | kubectl create -f - + kubectl get secret kibana -n default -o yaml | sed 's/namespace: default/namespace: paymenthub/' | kubectl create -f - + kubectl get secrets -n paymenthub + echo ---------secrets created-------- + minikube ssh -- free -m + echo ------------MEMORY CHECK ----------- + - run: name: fetch docker images and helm upgrade environment: @@ -394,54 +415,42 @@ jobs: helm repo update echo "helm upgrade --install ${VALUES_TO_OVERRIDE} ${ORB_PARAM_RELEASE_NAME} ${ORB_PARAM_CHART} ${ORB_PARAM_NAMESPACE}" echo helm chart install starts - helm upgrade --install --timeout=1h --set ph-ee-engine.kafka.global.storageClass=standard --set ph-ee-engine.kafka.provisioning.enabled=false --set ph-ee-engine.elasticsearch.volumeClaimTemplate.storageClassName=standard ${VALUES_TO_OVERRIDE} ${ORB_PARAM_RELEASE_NAME} ${ORB_PARAM_CHART} ${ORB_PARAM_NAMESPACE} --set ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_interop_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_account_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_customer_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_auth_host="https://fynams.sandbox.fynarfin.io/" #--set ph-ee-engine.kafka.provisioning.enabled=false - - echo --------------------helm upgrade is done--------------------- - - # ----------------------Post-Installation-Steps-starts--------------------------- - # #ES and Kibana secret creation - # git clone -b 7.17 https://github.com/elastic/helm-charts.git elastic/helm-charts - # cd elastic/helm-charts/elasticsearch/examples/security/ - # make secrets || echo "elastic-secrets" already exists - # git clone -b 7.17 https://github.com/elastic/helm-charts.git elastic/helm-charts - # cd elastic/helm-charts/kibana/examples/security/ - # make secrets || echo "kibana-secrets" already exists - # kubectl get secret elastic-certificate-crt -n default -o yaml | sed 's/namespace: default/namespace: paymenthub/' | kubectl create -f - - # kubectl get secret elastic-certificate-pem -n default -o yaml | sed 's/namespace: default/namespace: paymenthub/' | kubectl create -f - - # kubectl get secret elastic-certificates -n default -o yaml | sed 's/namespace: default/namespace: paymenthub/' | kubectl create -f - - # kubectl get secret elastic-credentials -n default -o yaml | sed 's/namespace: default/namespace: paymenthub/' | kubectl create -f - - # kubectl get secret kibana -n default -o yaml | sed 's/namespace: default/namespace: paymenthub/' | kubectl create -f - - # kubectl get secrets -n paymenthub - # echo ---------secrets created-------- + helm upgrade --install --timeout=50m --set ph-ee-engine.importer_es.enabled=false --set ph-ee-engine.elasticsearch.enabled=false --set ph-ee-engine.ph_ee_connector_ams_mifos.enabled=false --set ph-ee-engine.crm.enabled=false --set ph-ee-engine.billPay.enabled=false --set ph-ee-engine.connector_bulk.enabled=false --set ph-ee-engine.ph-ee-connector.enabled=false --set ph-ee-engine.ph_ee_connector_gsma.enabled=false --set ph-ee-engine.ph_ee_connector_mojaloop.enabled=false --set ph-ee-engine.vouchers.enabled=false --set ph-ee-engine.vouchers.enabled=false --set ph-ee-engine.importer_rdbms.enabled=false --set ph-ee-engine.importer_es.enabled=false --set ph-ee-engine.mockpayment.enabled=false --set ph-ee-engine.post_installation_job.enabled=false --set ph-ee-engine.kibana.enabled=false --set ph-ee-engine.kafka.global.storageClass=standard --set ph-ee-engine.messagegateway.enabled=false --set ph-ee-engine.notifications.enabled=false --set ph-ee-engine.operations_web.enabled=false --set ph-ee-engine.kafka.provisioning.enabled=false --set ph-ee-engine.elasticsearch.volumeClaimTemplate.storageClassName=standard ${VALUES_TO_OVERRIDE} ${ORB_PARAM_RELEASE_NAME} ${ORB_PARAM_CHART} ${ORB_PARAM_NAMESPACE} --set ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_interop_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_account_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_customer_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_auth_host="https://fynams.sandbox.fynarfin.io/" # --set ph-ee-engine.post_installation_job.enabled=false --set ph-ee-engine.kafka.provisioning.enabled=false + echo --------------------helm upgrade in Phase 1 done--------------------- + sleep 1m 30s; + helm upgrade --install --timeout=50m --set ph-ee-engine.importer_es.enabled=false --set ph-ee-engine.elasticsearch.enabled=false --set ph-ee-engine.ph-ee-connector.enabled=false --set ph-ee-engine.ph_ee_connector_gsma.enabled=false --set ph-ee-engine.ph_ee_connector_mojaloop.enabled=false --set ph-ee-engine.vouchers.enabled=false --set ph-ee-engine.importer_rdbms.enabled=false --set ph-ee-engine.importer_es.enabled=false --set ph-ee-engine.mockpayment.enabled=false --set ph-ee-engine.post_installation_job.enabled=false --set ph-ee-engine.kibana.enabled=false --set ph-ee-engine.kafka.global.storageClass=standard --set ph-ee-engine.messagegateway.enabled=false --set ph-ee-engine.notifications.enabled=false --set ph-ee-engine.operations_web.enabled=false --set ph-ee-engine.kafka.provisioning.enabled=false --set ph-ee-engine.elasticsearch.volumeClaimTemplate.storageClassName=standard ${VALUES_TO_OVERRIDE} ${ORB_PARAM_RELEASE_NAME} ${ORB_PARAM_CHART} ${ORB_PARAM_NAMESPACE} --set ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_interop_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_account_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_customer_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_auth_host="https://fynams.sandbox.fynarfin.io/" # --set ph-ee-engine.post_installation_job.enabled=false --set ph-ee-engine.kafka.provisioning.enabled=false + echo --------------------helm upgrade in Phase 2 done--------------------- + sleep 1m 30s; + helm upgrade --install --timeout=50m --set ph-ee-engine.importer_es.enabled=false --set ph-ee-engine.elasticsearch.enabled=false --set ph-ee-engine.post_installation_job.enabled=false --set ph-ee-engine.kibana.enabled=false --set ph-ee-engine.kafka.global.storageClass=standard --set ph-ee-engine.messagegateway.enabled=false --set ph-ee-engine.notifications.enabled=false --set ph-ee-engine.operations_web.enabled=false --set ph-ee-engine.kafka.provisioning.enabled=false --set ph-ee-engine.elasticsearch.volumeClaimTemplate.storageClassName=standard ${VALUES_TO_OVERRIDE} ${ORB_PARAM_RELEASE_NAME} ${ORB_PARAM_CHART} ${ORB_PARAM_NAMESPACE} --set ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_interop_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_account_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_customer_host="https://fynams.sandbox.fynarfin.io/",ph-ee-engine.ph_ee_connector_ams_mifos.ams_local_auth_host="https://fynams.sandbox.fynarfin.io/" # --set ph-ee-engine.post_installation_job.enabled=false --set ph-ee-engine.kafka.provisioning.enabled=false + echo --------------------helm upgrade in Phase 3 done--------------------- + sleep 2m 30s; + #insatll netcat + sudo apt install -y netcat + check_count=0 + until ((check_count==20)) || nc -vz ph-ee-zeebe-ops 80; do + echo "Waiting for zeebe-ops service"; + sleep 1; + check_count=$(($check_count + 1)); + done; + echo ------zeebe-ops service available----------- + # until nc -vz ph-ee-zeebe-ops 80; do echo "Waiting for zeebe-ops service"; sleep 2; done; - # #insatll netcat - # sudo apt install -y netcat - # check_count=0 - # until ((check_count==20)) || nc -vz ph-ee-zeebe-ops 80; do - # echo "Waiting for zeebe-ops service"; - # sleep 5; - # check_count=$(($check_count + 1)); - # done; - # echo ------zeebe-ops service available----------- - # # until nc -vz ph-ee-zeebe-ops 80; do echo "Waiting for zeebe-ops service"; sleep 2; done; - - # #Deploy BPMN - # kubectl port-forward service/ph-ee-zeebe-ops 5000:80 -n paymenthub & #portforward zeebe-ops &' - # git clone https://github.com/openMF/ph-ee-env-labs.git openMF/ph-ee-env-labs - # cd openMF/ph-ee-env-labs/orchestration - # ls - # sed -i "/HOST=/c\HOST=http://localhost:5000/zeebe/upload" deployBpmn.sh - # cat deployBpmn.sh - # cd .. - # sh orchestration/deployBpmn.sh || echo 'deploy Bpmn done' + #Deploy BPMN + kubectl port-forward service/ph-ee-zeebe-ops 5000:80 -n paymenthub & #portforward zeebe-ops &' + git clone https://github.com/openMF/ph-ee-env-labs.git openMF/ph-ee-env-labs + cd openMF/ph-ee-env-labs/orchestration + ls + sed -i "/HOST=/c\HOST=http://localhost:5000/zeebe/upload" deployBpmn.sh + cat deployBpmn.sh + cd .. + sh orchestration/deployBpmn.sh || echo 'deploy Bpmn done' #------------------Post-Installation-Steps-ends------------------------------- - - run: name: Run Helm Tests command: | helm test g2p-sandbox --filter name=g2p-sandbox-test-gov --namespace paymenthub || echo test helm test g2p-sandbox --filter name=g2p-sandbox-test-ams --namespace paymenthub || echo test - + - run: name: Fetch Integration Test Report command: | @@ -545,3 +554,4 @@ workflows: requires: - build-host-g2p-fyn-chart + diff --git a/helm/g2p-sandbox/values.yaml b/helm/g2p-sandbox/values.yaml index 96f5fdb00..558d1f9f5 100644 --- a/helm/g2p-sandbox/values.yaml +++ b/helm/g2p-sandbox/values.yaml @@ -66,19 +66,12 @@ ph-ee-engine: # Shrink default JVM heap. esJavaOpts: "-Xmx512m -Xms512m" # Allocate smaller chunks of memory per pod. - resources: - requests: - cpu: "100m" - memory: "1024M" - limits: - cpu: "1000m" - memory: "1024M" volumeClaimTemplate: accessModes: [ "ReadWriteOnce" ] storageClassName: "gp2" resources: requests: - storage: 10Gi + storage: 5Gi kibana: enabled: true @@ -189,8 +182,6 @@ ph-ee-engine: mockpayment: enabled: true - limits: - memory: "768M" ingress: enabled: false hosts: @@ -305,12 +296,6 @@ ph-ee-engine: enabled: true image: docker.io/openmf/ph-ee-connector-gsma:latest SPRING_PROFILES_ACTIVE: "bb" - limits: - cpu: "500m" - memory: "512M" - requests: - cpu: "100m" - memory: "256M" deployment: annotations: deployTime: "{{ .Values.deployTime }}" @@ -578,9 +563,18 @@ ph-ee-engine: region: "ap-south-1" access_key: "aws-access-key" secret_key: "aws-secret-key" - hostname: "connector.sandbox.mifos.io" + hostname: "connector1.sandbox.mifos.io" ingress: enabled: true + hosts: + - host: connector1.sandbox.mifos.io + paths: + - path: "/" + backend: + service: + name: ph-ee-connector + port: + number: 80 annotations: nginx.ingress.kubernetes.io/access-control-allow-origin: 'true' nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS, DELETE @@ -601,12 +595,19 @@ account_mapper: image: docker.io/openmf/ph-ee-identity-account-mapper:latest hostname: "identity-mapper.sandbox.mifos.io" LOGGING_LEVEL_ROOT: INFO + limits: + cpu: "400m" + memory: "512M" + requests: + cpu: "150m" + memory: "256M" livenessProbe: initialDelaySeconds: 20 periodSeconds: 30 readinessProbe: initialDelaySeconds: 180 periodSeconds: 30 + ingress: enabled: false pathtype: Prefix diff --git a/helm/ph-ee-engine/connector-channel/templates/deployment.yaml b/helm/ph-ee-engine/connector-channel/templates/deployment.yaml index dc02b3a98..5b965cbff 100644 --- a/helm/ph-ee-engine/connector-channel/templates/deployment.yaml +++ b/helm/ph-ee-engine/connector-channel/templates/deployment.yaml @@ -29,6 +29,7 @@ spec: - name: check-redis-ready image: busybox:latest command: [ 'sh', '-c','until nc -vz {{ .Release.Name }}-redis-master 6379; do echo "Waiting for redis-master service"; sleep 2; done;' ] + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} containers: - name: ph-ee-connector-channel diff --git a/helm/ph-ee-engine/connector-gsma/values.yaml b/helm/ph-ee-engine/connector-gsma/values.yaml index eaa54656b..b3287f0ab 100644 --- a/helm/ph-ee-engine/connector-gsma/values.yaml +++ b/helm/ph-ee-engine/connector-gsma/values.yaml @@ -26,4 +26,4 @@ requests: deployment: apiVersion: "apps/v1" annotations: - deployTime: "{{ .Values.deployTime }}" \ No newline at end of file + deployTime: "{{ .Values.deployTime }}" diff --git a/helm/ph-ee-engine/connector-mock-payment-schema/values.yaml b/helm/ph-ee-engine/connector-mock-payment-schema/values.yaml index 874e99be5..c03e8f54e 100644 --- a/helm/ph-ee-engine/connector-mock-payment-schema/values.yaml +++ b/helm/ph-ee-engine/connector-mock-payment-schema/values.yaml @@ -44,3 +44,4 @@ livenessProbe: readinessProbe: initialDelaySeconds: 20 periodSeconds: 30 + diff --git a/helm/ph-ee-engine/operations-app/templates/deployment.yaml b/helm/ph-ee-engine/operations-app/templates/deployment.yaml index 609f87995..98ded4ae2 100644 --- a/helm/ph-ee-engine/operations-app/templates/deployment.yaml +++ b/helm/ph-ee-engine/operations-app/templates/deployment.yaml @@ -36,6 +36,7 @@ spec: httpGet: path: /oauth/token_key port: 5000 + timeoutSeconds: 5 initialDelaySeconds: {{.Values.readinessProbe.initialDelaySeconds}} periodSeconds: {{.Values.readinessProbe.periodSeconds}} resources: diff --git a/helm/ph-ee-engine/values.yaml b/helm/ph-ee-engine/values.yaml index e72735f10..1b2aca122 100644 --- a/helm/ph-ee-engine/values.yaml +++ b/helm/ph-ee-engine/values.yaml @@ -89,6 +89,8 @@ camunda-platform: volumeMounts: - name: exporters mountPath: /exporters/ + readinessProbe: + initialDelaySeconds: 60 volumeClaimTemplate: storageClassName: "gp2" @@ -100,15 +102,22 @@ camunda-platform: replicationFactor: "1" cpuThreadCount: "2" ioThreadCount: "2" - pvcSize: "10Gi" + pvcSize: "5Gi" resources: + limits: + cpu: "250m" + memory: "768Mi" requests: - cpu: 100m + cpu: "150m" + memory: "500Mi" + zeebe-gateway: replicas: 1 logLevel: warn + readinessProbe: + initialDelaySeconds: 180 env: - name: ZEEBE_GATEWAY_THREADS_MANAGEMENTTHREADS value: "4" @@ -160,6 +169,15 @@ elasticsearch: secretKeyRef: name: elastic-credentials key: password + readinessProbe: + initialDelaySeconds: 180 + resources: + limits: + cpu: "1000m" + memory: "1024M" + requests: + cpu: "100m" + memory: "786M" kibana: @@ -242,7 +260,7 @@ channel: path: /actuator/health/readiness port: 8443 scheme: HTTPS - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -270,13 +288,12 @@ channel: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" + limits: + memory: "512M" + cpu: "300m" + requests: + memory: "256M" + cpu: "150m" service: annotations: {} # Enabling this will publicly expose your channel instance. @@ -305,7 +322,7 @@ channel: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -329,6 +346,11 @@ operationsmysql: username: "mifos" password: "password" rootPassword: "4ET6ywqlGt" + primary: + persistence: + size: 3Gi + readinessProbe: + initialDelaySeconds: 180 initdbScripts: setup.sql: |- CREATE DATABASE IF NOT EXISTS phdefault; @@ -377,13 +399,12 @@ ph_ee_connector_ams_mifos: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "384M" - cpu: "500m" - requests: - memory: "256M" - cpu: "300m" + limits: + memory: "384M" + cpu: "150m" + requests: + memory: "256M" + cpu: "100m" # Enabling this will publicly expose your ams-mifos instance. # Only enable this if you have security enabled on your cluster ingress: @@ -405,13 +426,13 @@ ph_ee_connector_ams_mifos: securityContext: runAsUser: 0 privileged: false - resources: + resources: limits: - memory: "512M" - cpu: "500m" + memory: "384M" + cpu: "150m" requests: - memory: "512M" - cpu: "100m" + memory: "256M" + cpu: "100m" # Allows you to add any config files in /usr/share/ # such as ph-ee-connector-ams-mifos.yml for deployment # ph-ee-connector-ams-mifosConfig: {} @@ -450,7 +471,7 @@ ph_ee_connector_mojaloop: httpGet: path: /actuator/health/readiness port: 9191 - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -478,13 +499,12 @@ ph_ee_connector_mojaloop: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" + limits: + memory: "384M" + cpu: "150m" + requests: + memory: "256M" + cpu: "100m" # Enabling this will publicly expose your mojaloop instance. # Only enable this if you have security enabled on your cluster ingress: @@ -510,7 +530,7 @@ ph_ee_connector_mojaloop: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -544,7 +564,7 @@ operations_app: httpGet: path: /actuator/health/readiness port: 9191 - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -572,13 +592,12 @@ operations_app: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" + limits: + memory: "384M" + cpu: "350m" + requests: + memory: "256M" + cpu: "200m" # Enabling this will publicly expose your operations_app instance. # Only enable this if you have security enabled on your cluster ingress: @@ -604,10 +623,10 @@ operations_app: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" - cpu: "100m" + cpu: "100m" # Allows you to add any config files in /usr/share/ # such as operations_app.yml for deployment @@ -661,7 +680,7 @@ operations_web: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -694,7 +713,7 @@ operations_web: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -769,7 +788,7 @@ mpesa: httpGet: path: /actuator/health/readiness port: 9191 - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -797,13 +816,13 @@ mpesa: securityContext: runAsUser: 0 privileged: false - resources: + resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" - cpu: "100m" + cpu: "100m" # Enabling this will publicly expose your mpesa instance. # Only enable this if you have security enabled on your cluster ingress: @@ -829,7 +848,7 @@ mpesa: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -889,13 +908,13 @@ roster_connector: securityContext: runAsUser: 0 privileged: false - resources: + resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" - cpu: "100m" + cpu: "100m" deployment: annotations: {} affinity: {} @@ -914,7 +933,7 @@ roster_connector: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -946,7 +965,7 @@ paygops_connector: httpGet: path: /actuator/health/readiness port: 9191 - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -977,7 +996,7 @@ paygops_connector: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -999,7 +1018,7 @@ paygops_connector: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -1063,7 +1082,7 @@ messagegateway: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -1099,7 +1118,7 @@ messagegateway: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -1163,7 +1182,7 @@ notifications: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -1192,7 +1211,7 @@ notifications: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512" cpu: "100m" @@ -1223,7 +1242,7 @@ zeebe_ops: httpGet: path: /actuator/health/readiness port: 9191 - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -1251,13 +1270,12 @@ zeebe_ops: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" + limits: + memory: "384M" + cpu: "300m" + requests: + memory: "256M" + cpu: "150m" # Enabling this will publicly expose your zeebe_ops instance. # Only enable this if you have security enabled on your cluster ingress: @@ -1282,11 +1300,11 @@ zeebe_ops: privileged: false resources: limits: - memory: "512M" - cpu: "500m" + memory: "384M" + cpu: "100m" requests: - memory: "512M" - cpu: "100m" + memory: "384M" + cpu: "100m" # Allows you to add any config files in /usr/share/ # such as zeebeops.yml for deployment # ph-ee-zeebe-opsConfig: {} @@ -1352,7 +1370,7 @@ importer_es: httpGet: path: /actuator/health/readiness port: 9191 - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -1380,13 +1398,12 @@ importer_es: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" + limits: + memory: "512M" + cpu: "400m" + requests: + memory: "512M" + cpu: "100m" javaToolOptions: "-Xmx256M" deployment: annotations: {} @@ -1400,11 +1417,15 @@ mockpayment: mockFailure: percentage: "0" limits: - memory: "512M" - cpu: "500m" + memory: "384M" + cpu: "250m" requests: memory: "256M" - cpu: "100m" + cpu: "150m" + livenessProbe: + initialDelaySeconds: 180 + readinessProbe: + initialDelaySeconds: 180 deployment: annotations: {} @@ -1412,7 +1433,6 @@ mockpayment: kafka: enabled: true fullnameOverride: kafka - provisioning: enabled: true topics: @@ -1422,7 +1442,10 @@ kafka: controller: replicaCount: 1 - + persistence: + size: "4Gi" + readinessProbe: + initialDelaySeconds: 5 listeners: client: protocol: PLAINTEXT @@ -1475,7 +1498,7 @@ importer_rdbms: httpGet: path: /actuator/health/readiness port: 9191 - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -1503,13 +1526,12 @@ importer_rdbms: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" + limits: + memory: "384M" + cpu: "250m" + requests: + memory: "256M" + cpu: "150m" deployment: annotations: {} affinity: {} @@ -1528,7 +1550,7 @@ importer_rdbms: resources: limits: memory: "512M" - cpu: "500m" + cpu: "200m" requests: memory: "512M" cpu: "100m" @@ -1593,7 +1615,7 @@ connector_bulk: httpGet: path: /actuator/health/readiness port: 9191 - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -1621,13 +1643,12 @@ connector_bulk: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" + limits: + memory: "384M" + cpu: "150m" + requests: + memory: "256M" + cpu: "100m" service: annotations: {} # Enabling this will publicly expose your connector_bulk instance. @@ -1653,7 +1674,7 @@ connector_bulk: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -1691,13 +1712,12 @@ ph_ee_connector_gsma: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" + limits: + memory: "256M" + cpu: "150m" + requests: + memory: "256M" + cpu: "100m" deployment: annotations: {} affinity: {} @@ -1713,13 +1733,6 @@ ph_ee_connector_gsma: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" # Allows you to add any config files in /usr/share/ # such as ph_ee_connector_gsma.yml for deployment # ph_ee_connector_gsmaConfig: {} @@ -1790,7 +1803,7 @@ ph-ee-connector_slcb: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -1812,7 +1825,7 @@ ph-ee-connector_slcb: resources: limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -1825,6 +1838,12 @@ ph-ee-connector: enabled: false replicas: 1 image: docker.io/openmf/ph-ee-connector-bulk:v1.1.0 + limits: + cpu: "250m" + memory: "384M" + requests: + cpu: "150m" + memory: "256M" operations_app: contactpoint: "http://ph-ee-operations-app:5000" ingress: @@ -1854,7 +1873,7 @@ mock_oracle: targetport: 4100 limits: memory: "512M" - cpu: "500m" + cpu: "150m" requests: memory: "512M" cpu: "100m" @@ -1904,11 +1923,11 @@ integration_test: imageTag: v1.4.0-rc.1 imagePullPolicy: "Never" limits: - cpu: "500m" - memory: "3Gi" + cpu: "800m" + memory: "1.2Gi" requests: - cpu: "100m" - memory: "2Gi" + cpu: "250m" + memory: "256Mi" operations_app: contactpoint: "http://ph-ee-operations-app:80" bulk_processor: @@ -1939,8 +1958,20 @@ integration_test: redis: enabled: true + master: + resources: + limits: + cpu: "200m" + memory: "256M" + requests: + cpu: "100m" + memory: "100M" + persistence: + size: "3Gi" + readinessProbe: + initialDelaySeconds: 180 replica: - replicaCount: 1 + replicaCount: 0 volumeClaimTemplate: storageClassName: "gp2" @@ -2030,6 +2061,12 @@ vouchers: paymentadvice: false replicas: 1 image: docker.io/openmf/ph-ee-vouchers:v1.1.0 + limits: + cpu: "250m" + memory: "512M" + requests: + cpu: "150m" + memory: "256M" ingress: enabled: true annotations: @@ -2070,6 +2107,10 @@ vouchers: hostname: "http://ph-ee-operations-app:80" endpoints: transfers: "/api/v1/transfers?size=1&page=0" + readinessProbe: + initialDelaySeconds: 180 + livenessProbe: + initialDelaySeconds: 180 billPay: enabled: false @@ -2094,7 +2135,7 @@ billPay: path: /actuator/health/readiness port: 8080 scheme: HTTPS - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -2117,13 +2158,12 @@ billPay: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" + limits: + memory: "384M" + cpu: "250m" + requests: + memory: "256M" + cpu: "100m" service: annotations: {} # Only enable this if you have security enabled on your cluster @@ -2164,7 +2204,7 @@ crm: path: /actuator/health/readiness port: 8080 scheme: HTTPS - initialDelaySeconds: 120 + initialDelaySeconds: 180 periodSeconds: 30 failureThreshold: 3 timeoutSeconds: 5 @@ -2187,13 +2227,13 @@ crm: securityContext: runAsUser: 0 privileged: false - resources: - limits: - memory: "512M" - cpu: "500m" - requests: - memory: "512M" - cpu: "100m" + + limits: + memory: "384M" + cpu: "150m" + requests: + memory: "256M" + cpu: "100m" service: annotations: {} # Only enable this if you have security enabled on your cluster @@ -2219,11 +2259,11 @@ minio: fullnameOverride: "minio" resources: requests: - memory: 256Mi + memory: 150Mi replicas: 1 persistence: enabled: true - size: 10Gi + size: 512Mi mode: standalone rootUser: root rootPassword: password @@ -2233,3 +2273,5 @@ minio: post_installation_job: enabled: false + +