[SDP-1060] publish multi-tenant helm charts for SDP 2.0.0

charts/stellar-disbursement-platform/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
 name: stellar-disbursement-platform
 description: A Helm chart for the Stellar Disbursement Platform Backend (A.K.A. `sdp`)
-version: 0.9.4
-appVersion: "1.1.0"
+version: 2.0.0-rc.1
+appVersion: "2.0.0-rc1"
 type: application
 maintainers:
   - name: Stellar Development Foundation

charts/stellar-disbursement-platform/minimal-values.yaml

@@ -4,23 +4,42 @@
 ##  These are the minimal values required to deploy the SDP helm chart.
 ## @descriptionEnd
 
+global:
+  ## @extra global.eventBroker Configuration related to the event broker used by the application.
+  ## @param global.eventBroker.type The type of event broker to be used. Options: "NONE", "KAFKA". Default: "KAFKA".
+  ## @param global.eventBroker.urls A comma-separated list of broker URLs for the event broker.
+  ## @param global.eventBroker.consumerGroupId The consumer group ID for the event broker.
+  eventBroker:
+    type: "KAFKA"
+    urls: #required
+    consumerGroupId: #required
+
+    ## @extra global.eventBroker.kafka Configuration related to the Kafka event broker.
+    ## @param global.eventBroker.kafka.securityProtocol The security protocol to be used for the Kafka broker. Options: "PLAINTEXT", "SASL_SSL", "SASL_PLAINTEXT", "SSL".
+    kafka:
+      securityProtocol: #required
+
 sdp:
 
   ## @param sdp.route.domain Public domain/address of the SDP service.
+  ## @param sdp.route.mtnDomain Public domain/address of the multi-tenant SDP service. This is a wild-card domain used for multi-tenant setups e.g. "*.sdp.localhost.com".
   route:
     domain: #required
+    mtnDomain: #required
 
   ## @param sdp.configMap.data.EC256_PUBLIC_KEY [string] The EC256 public key used for authentication purposes.
   ## @param sdp.configMap.data.SEP10_SIGNING_PUBLIC_KEY Anchor platform SEP10 signing public key.
   ## @param sdp.configMap.data.DISTRIBUTION_PUBLIC_KEY The public key of the Stellar distribution account that sends the Stellar payments.
   ## @param sdp.configMap.data.RECAPTCHA_SITE_KEY Site key for ReCaptcha. Required if using ReCaptcha.
+  ## @param sdp.configMap.data.INSTANCE_NAME The name of the SDP instance. Example: "SDP Testnet".
   configMap:
     annotations:
     data:
       EC256_PUBLIC_KEY: #required
       SEP10_SIGNING_PUBLIC_KEY: #required
       DISTRIBUTION_PUBLIC_KEY: #required
       RECAPTCHA_SITE_KEY: #required
+      INSTANCE_NAME: #required
 
   ## @param sdp.kubeSecrets.data.EC256_PRIVATE_KEY [string] The EC256 Private Key. This key is used to sign the authentication token.
   ## @param sdp.kubeSecrets.data.SEP10_SIGNING_PRIVATE_KEY The public key of the Stellar account that signs the SEP-10 transactions. It's also used to sign URLs.
@@ -29,6 +48,9 @@ sdp:
   ## @param sdp.kubeSecrets.data.ANCHOR_PLATFORM_OUTGOING_JWT_SECRET The JWT secret used to create a JWT token used to send requests to the anchor platform.
   ## @param sdp.kubeSecrets.data.DATABASE_URL URL of the database used by the SDP.
   ## @param sdp.kubeSecrets.data.DISTRIBUTION_SEED The private key of the Stellar account used to disburse funds. This is needed for the init container
+  ## @param sdp.kubeSecrets.data.CHANNEL_ACCOUNT_ENCRYPTION_PASSPHRASE The private key used to encrypt the channel account secrets in the database.
+  ## @param sdp.kubeSecrets.data.ADMIN_ACCOUNT The ID of the admin account. To use, add to the request header as 'Authorization', formatted as Base64-encoded 'ADMIN_ACCOUNT:ADMIN_API_KEY'.",
+  ## @param sdp.kubeSecrets.data.ADMIN_API_KEY The API key for the admin account. To use, add to the request header as 'Authorization', formatted as Base64-encoded 'ADMIN_ACCOUNT:ADMIN_API_KEY'.",
   kubeSecrets:
     create: true
     data:
@@ -39,6 +61,9 @@ sdp:
       ANCHOR_PLATFORM_OUTGOING_JWT_SECRET: #required for mySdpToAnchorPlatformSecret
       DATABASE_URL: #required
       DISTRIBUTION_SEED: #required
+      CHANNEL_ACCOUNT_ENCRYPTION_PASSPHRASE: #required
+      ADMIN_ACCOUNT: #required
+      ADMIN_API_KEY: #required
 
   ## @extra sdp.ingress Configuration for the ingress controller for the SDP service.
   ingress: #required
@@ -78,29 +103,38 @@ anchorPlatform:
 
 tss:
 
+  ## @extra tss.configMap Configuration settings for the Transaction Submission Service (TSS) ConfigMap.
+  ## @param tss.configMap.data.DISTRIBUTION_PUBLIC_KEY The public key of the HOST's Stellar distribution account, used to create channel accounts.
+  configMap:
+    data:
+      DISTRIBUTION_PUBLIC_KEY: #required
+
   ## @param tss.kubeSecrets.data.DATABASE_URL URL of the database used by the TSS.
   ## @param tss.kubeSecrets.data.DISTRIBUTION_SEED The private key of the Stellar account used to disburse funds.
+  ## @param tss.kubeSecrets.data.CHANNEL_ACCOUNT_ENCRYPTION_PASSPHRASE The private key used to encrypt the channel account secrets in the database.
   kubeSecrets:
     create: true
     data:
       DATABASE_URL: #required
       DISTRIBUTION_SEED: #required
+      CHANNEL_ACCOUNT_ENCRYPTION_PASSPHRASE: #required
 
 dashboard:
 
   ## @param dashboard.enabled If true, the dashboard will be deployed.
   enabled: true
 
+  ## @extra dashboard.route Configuration related to the routing of the Dashboard.
   ## @param dashboard.route.domain Public domain/address of the Dashboard.
+  ## @param dashboard.route.mtnDomain Public domain/address of the multi-tenant Dashboard. This is a wild-card domain used for multi-tenant setups e.g. "*.sdp-dashboard.localhost.com".
   route:
     domain: #required
+    mtnDomain: #required
 
   ## @param dashboard.configMap.data.RECAPTCHA_SITE_KEY The site key for Google reCAPTCHA service.
   configMap:
     data:
       RECAPTCHA_SITE_KEY: #required
 
   ## @extra dashboard.ingress Configuration for the ingress controller for the dashboard.
-  ingress: #required
-
-
+  ingress: #required

charts/stellar-disbursement-platform/templates/01.1-configmap-sdp.yaml

@@ -24,7 +24,14 @@ data:
   BASE_URL: {{ include "sdp.schema" . }}://{{ include "sdp.domain" . }}
   PORT: {{ include "sdp.port" . | quote }}
   METRICS_PORT: {{ include "sdp.metricsPort" . | quote }}
+  ADMIN_PORT: {{ include "sdp.adminPort" . | quote }}
   ANCHOR_PLATFORM_BASE_SEP_URL: {{ include "sdp.ap.schema" . }}://{{ include "sdp.ap.domain" . }}
   ANCHOR_PLATFORM_BASE_PLATFORM_URL: {{ include "sdp.ap.platformServiceAddress" . }}
+  EVENT_BROKER_TYPE: {{ .Values.global.eventBroker.type | quote }}
+  BROKER_URLS: {{ .Values.global.eventBroker.urls | quote }}
+  CONSUMER_GROUP_ID: {{ .Values.global.eventBroker.consumerGroupId | quote }}
+  {{- if eq .Values.global.eventBroker.type "KAFKA" }}
+  KAFKA_SECURITY_PROTOCOL: {{ .Values.global.eventBroker.kafka.securityProtocol | quote }}
+  {{- end }}
   {{- tpl (toYaml .Values.sdp.configMap.data | nindent 2) . }}
 {{- end }}

charts/stellar-disbursement-platform/templates/01.2-configmap-ap.yaml

@@ -32,7 +32,9 @@ data:
   SEP1_TOML_TYPE: url
   SEP1_TOML_VALUE: 'http://{{ include "sdp.fullname" . }}.{{ .Release.Namespace }}:{{ include "sdp.port" . }}/.well-known/stellar.toml'
   SEP10_ENABLED: "true"
-  SEP10_HOME_DOMAIN: {{ include "sdp.ap.domain" . }}
+  SEP10_WEB_AUTH_DOMAIN: {{ include "sdp.ap.domain" . | quote }}
+  SEP10_HOME_DOMAIN: ""
+  SEP10_HOME_DOMAINS: {{ include "sdp.mtnDomain" . | quote }}
   SEP24_ENABLED: "true"
   SEP24_INTERACTIVE_URL_JWT_EXPIRATION: "1800"  # 1800 seconds is 30 minutes
   ASSETS_TYPE: json

charts/stellar-disbursement-platform/templates/01.3-configmap-tss.yaml

@@ -1,11 +1,12 @@
+{{- if .Values.tss.enabled -}}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ include "sdp.fullname" . }}-tss
   namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "sdp.labels" . | nindent 4 }}
+    {{- include "sdp.labelsWithSuffix" (list . "-tss") | nindent 4 }}
 
   {{- if .Values.tss.configMap.annotations }}
   annotations:
@@ -21,4 +22,11 @@ data:
   HORIZON_URL: "https://horizon-testnet.stellar.org"
   {{- end }}
   TSS_METRICS_PORT: {{ include "tss.metricsPort" . | quote }}
+  EVENT_BROKER_TYPE: {{ .Values.global.eventBroker.type | quote }}
+  BROKER_URLS: {{ .Values.global.eventBroker.urls | quote }}
+  CONSUMER_GROUP_ID: {{ .Values.global.eventBroker.consumerGroupId | quote }}
+  {{- if eq .Values.global.eventBroker.type "KAFKA" }}
+  KAFKA_SECURITY_PROTOCOL: {{ .Values.global.eventBroker.kafka.securityProtocol | quote }}
+  {{- end }}
   {{- tpl (toYaml .Values.tss.configMap.data | nindent 2) . }}
+{{- end }}

charts/stellar-disbursement-platform/templates/02.1-deployment-sdp.yaml

@@ -59,11 +59,12 @@ spec:
         - sh
         - -c
         - |
-          ./stellar-disbursement-platform db migrate up &&
-          ./stellar-disbursement-platform db auth migrate up &&
-          ./stellar-disbursement-platform db setup-for-network &&
-          ./stellar-disbursement-platform channel-accounts verify --delete-invalid-accounts
-          ./stellar-disbursement-platform channel-accounts ensure --num-channel-accounts-ensure {{ .Values.tss.configMap.data.NUM_CHANNEL_ACCOUNTS | default 1 }}
+          ./stellar-disbursement-platform db admin migrate up
+          ./stellar-disbursement-platform db tss migrate up
+          ./stellar-disbursement-platform db auth migrate up --all
+          ./stellar-disbursement-platform db sdp migrate up --all
+          ./stellar-disbursement-platform db setup-for-network --all
+          ./stellar-disbursement-platform channel-accounts ensure {{ .Values.tss.configMap.data.NUM_CHANNEL_ACCOUNTS | default 1 }}
 
       containers:
       # ============================= Stellar Disbursement Platform: =============================
@@ -86,6 +87,9 @@ spec:
             - name: metrics
               containerPort: {{ include "sdp.metricsPort" . }}
               protocol: TCP
+            - name: admin
+              containerPort: {{ include "sdp.adminPort" . }}
+              protocol: TCP
           livenessProbe:
             httpGet:
               path: /health

charts/stellar-disbursement-platform/templates/02.2-deployment-ap.yaml

@@ -42,7 +42,7 @@ spec:
         - name: {{ .Chart.Name }}-ap
           securityContext:
             {{- tpl (toYaml .Values.anchorPlatform.deployment.securityContext) . | nindent 12 }}
-          image: "stellar/anchor-platform:2.1.3"
+          image: "stellar/anchor-platform:2.6.2"
           imagePullPolicy: "IfNotPresent"
           {{- if .Values.global.ephemeralDatabase }}
           env:

charts/stellar-disbursement-platform/templates/02.3-deployment-tss.yaml

@@ -1,10 +1,12 @@
+{{- if .Values.tss.enabled -}}
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "sdp.fullname" . }}-tss
   namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "sdp.labels" . | nindent 4 }}
+    {{- include "sdp.labelsWithSuffix" (list . "-tss") | nindent 4 }}
   {{- if .Values.tss.deployment.annotations }}
   annotations:
     {{- tpl (toYaml .Values.tss.deployment.annotations) . | nindent 4 }}
@@ -15,7 +17,7 @@ spec:
   {{- end }}
   selector:
     matchLabels:
-      {{- include "sdp.selectorLabels" . | nindent 6 }}
+      {{- include "sdp.selectorLabelsWithSuffix" (list . "-tss") | nindent 6 }}
 
   {{- if .Values.tss.deployment.strategy }}
   strategy:
@@ -29,7 +31,7 @@ spec:
         {{- tpl (toYaml .Values.tss.deployment.podAnnotations) . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "sdp.selectorLabels" . | nindent 8 }}
+        {{- include "sdp.selectorLabelsWithSuffix" (list . "-tss") | nindent 8 }}
     spec:
       {{- if .Values.global.serviceAccount.name }}
       serviceAccountName: {{ tpl .Values.global.serviceAccount.name $ }}
@@ -84,3 +86,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+{{- end }}

charts/stellar-disbursement-platform/templates/03.1-service-sdp.yaml

@@ -12,6 +12,10 @@ spec:
       targetPort: http
       protocol: TCP
       name: http
+    - port: {{ include "sdp.adminPort" . }}
+      targetPort: admin
+      protocol: TCP
+      name: admin
 
   selector:
     {{- include "sdp.selectorLabels" . | nindent 4 }}

charts/stellar-disbursement-platform/templates/04.1-ingress-sdp.yaml

@@ -32,4 +32,17 @@ spec:
                 name: {{ include "sdp.fullname" . }}
                 port:
                   number: {{ include "sdp.port" . }}
+{{- if .Values.sdp.route.mtnDomain }}
+    - host: {{ include "sdp.mtnDomain" . | quote }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "sdp.fullname" . }}
+                port:
+                  number: {{ include "sdp.port" . }}
+{{- end }}
+
 {{- end }}

charts/stellar-disbursement-platform/templates/04.3-ingress-dashboard.yaml

@@ -27,5 +27,17 @@ spec:
                 name: {{ include "sdp.fullname" . }}-dashboard
                 port:
                   number: {{ include "dashboard.port" . }}
+  {{- if .Values.sdp.route.mtnDomain }}
+    - host: {{ include "dashboard.mtnDomain" . | quote }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "sdp.fullname" . }}-dashboard
+                port:
+                  number: {{ include "dashboard.port" . }}
+  {{- end }}
 
 {{- end }}

charts/stellar-disbursement-platform/templates/05.3-secrets-tss.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.tss.kubeSecrets.create -}}
+{{- if and .Values.tss.enabled .Values.tss.kubeSecrets.create -}}
 ---
 apiVersion: v1
 kind: Secret

charts/stellar-disbursement-platform/templates/_helpers.tpl

@@ -74,6 +74,13 @@ SDP domain
 {{- .Values.sdp.route.domain | default "localhost" }}
 {{- end }}
 
+{{/*
+SDP MTN domain
+*/}}
+{{- define "sdp.mtnDomain" -}}
+{{- .Values.sdp.route.mtnDomain | default "localhost" }}
+{{- end }}
+
 {{/*
 SDP domain schema
 */}}
@@ -95,6 +102,13 @@ SDP Metrics port
 {{- .Values.sdp.route.metricsPort | default "8002" }}
 {{- end }}
 
+{{/*
+SDP Admin port
+*/}}
+{{- define "sdp.adminPort" -}}
+{{- .Values.sdp.route.adminPort | default "8003" }}
+{{- end }}
+
 {{/*
 Define the full address to the SDP service.
 */}}
@@ -175,6 +189,13 @@ Dashboard domain
 {{- .Values.dashboard.route.domain | default "localhost" }}
 {{- end }}
 
+{{/*
+Dashboard MTN domain
+*/}}
+{{- define "dashboard.mtnDomain" -}}
+{{- .Values.dashboard.route.mtnDomain | default "localhost" }}
+{{- end }}
+
 {{/*
 Dashboard domain schema
 */}}