eric/onix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add AWS CDK project and Helm charts for Beckn-Onix deployment on AWS cloud

Browse Source
This commit is contained in:
Mozammil Khan
2024-09-23 22:57:34 +05:30
parent 5d5e363ccd
commit c683ec3d74
114 changed files with 10018 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
aws-cdk/beckn-cdk/.gitignore vendored Normal file
View File

@@ -0,0 +1,9 @@
*.js
!jest.config.js
*.d.ts
node_modules
# CDK asset staging directory
.cdk.staging
cdk.out
.env

6
aws-cdk/beckn-cdk/.npmignore Normal file
View File

@@ -0,0 +1,6 @@
*.ts
!*.d.ts
# CDK asset staging directory
.cdk.staging
cdk.out

14
aws-cdk/beckn-cdk/README.md Normal file
View File

@@ -0,0 +1,14 @@
# Welcome to your CDK TypeScript project
This is a blank project for CDK development with TypeScript.
The `cdk.json` file tells the CDK Toolkit how to execute your app.
## Useful commands
* `npm run build` compile typescript to js
* `npm run watch` watch for changes and compile
* `npm run test` perform the jest unit tests
* `npx cdk deploy` deploy this stack to your default AWS account/region
* `npx cdk diff` compare deployed stack with current state
* `npx cdk synth` emits the synthesized CloudFormation template

220
aws-cdk/beckn-cdk/bin/beckn-cdk.ts Normal file
View File

@@ -0,0 +1,220 @@
#!/usr/bin/env node
import * as cdk from 'aws-cdk-lib';
import { StackProps } from 'aws-cdk-lib';
import { ConfigProps, getConfig } from '../lib/config';
import { VpcStack } from '../lib/vpc-stack';
import { RdsStack } from '../lib/rds-stack';
import { EksStack } from '../lib/eks-stack';
import { RedisStack } from '../lib/redis-stack';
import { DocumentDbStack } from '../lib/documentdb-stack';
import { RabbitMqStack } from '../lib/rabbitmq-stack';
import { HelmRegistryStack } from '../lib/helm-registry';
import { HelmGatewayStack } from '../lib/helm-gateway';
import { HelmCommonServicesStack } from '../lib/helm-beckn-common-services';
import { HelmBapStack } from '../lib/helm-bap';
import { HelmBppStack } from '../lib/helm-bpp';
const config = getConfig();
const app = new cdk.App();
type AwsEnvStackProps = StackProps & {
config: ConfigProps;
};
// Retrieve AWS Account ID and Region from the environment
const accountId = config.ACCOUNT;
const region = config.REGION;
if (!accountId || !region) {
console.error("AWS_ACCOUNT_ID or AWS_REGION is missing from .env file");
process.exit(1);
}
// Common environment configuration for all stacks
const env = { account: accountId, region: region };
// Function to deploy registry environment
const deployRegistry = () => {
var envC = "registry";
const vpcStack = new VpcStack(app, 'RegistryVpcStack', { config: config, env });
const eksStack = new EksStack(app, 'RegistryEksStack', { config: config, vpc: vpcStack.vpc, env });
const rdsStack = new RdsStack(app, 'RegistryRdsStack', { config: config, vpc: vpcStack.vpc, envC: envC, env });
new HelmRegistryStack(app, 'HelmRegistryStack', {
config: config,
rdsHost: rdsStack.rdsHost,
rdsPassword: rdsStack.rdsPassword,
eksCluster: eksStack.cluster,
env,
});
};
// Function to deploy gateway environment
const deployGateway = () => {
var envC = "gateway";
const vpcStack = new VpcStack(app, 'GatewayVpcStack', { config: config, env });
const eksStack = new EksStack(app, 'GatewayEksStack', { config: config, vpc: vpcStack.vpc, env });
const rdsStack = new RdsStack(app, 'GatewayRdsStack', { config: config, vpc: vpcStack.vpc, envC: envC, env });
new HelmGatewayStack(app, 'HelmGatewayStack', {
config: config,
rdsHost: rdsStack.rdsHost,
rdsPassword: rdsStack.rdsPassword,
eksCluster: eksStack.cluster,
env,
});
};
// Function to deploy BAP environment
const deployBAP = () => {
const vpcStack = new VpcStack(app, 'BapVpcStack', { config: config, env });
const eksStack = new EksStack(app, 'BapEksStack', {config: config, vpc: vpcStack.vpc, env });
// aws common services deployed through aws managed services
// rabbit mq -
// new DocumentDbStack(app, 'BapDocumentDbStack', { config: config, vpc: vpcStack.vpc, env });
// new RedisStack(app, 'BapRedisStack', { vpc: vpcStack.vpc, env });
// new RabbitMqStack(app, 'BapRabbitMqStack', { config: config, vpc: vpcStack.vpc, env });
// bitnami - common services on eks - self hosted
new HelmCommonServicesStack(app, 'HelmBapCommonServicesStack', {
config: config,
eksCluster: eksStack.cluster,
service: 'bap',
env,
});
new HelmBapStack(app, 'HelmBapStack', {
config: config,
eksCluster: eksStack.cluster,
vpc: vpcStack.vpc,
eksSecGrp: eksStack.eksSecGrp,
isSandbox: false,
env,
});
};
// Function to deploy BPP environment
const deployBPP = () => {
const vpcStack = new VpcStack(app, 'BppVpcStack', {config: config, env });
const eksStack = new EksStack(app, 'BppEksStack', {config: config, vpc: vpcStack.vpc, env });
//if aws
// new DocumentDbStack(app, 'BppDocumentDbStack', { config: config, vpc: vpcStack.vpc, env });
// new RedisStack(app, 'BppRedisStack', { vpc: vpcStack.vpc, env });
// new RabbitMqStack(app, 'BppRabbitMqStack', { config: config, vpc: vpcStack.vpc, env });
// if bitnami
new HelmCommonServicesStack(app, 'HelmBapCommonServicesStack', {
config: config,
eksCluster: eksStack.cluster,
service: 'bpp',
env,
});
new HelmBppStack(app, 'HelmBppStack', {
config: config,
eksCluster: eksStack.cluster,
vpc: vpcStack.vpc,
eksSecGrp: eksStack.eksSecGrp,
isSandbox: false,
env,
});
};
// Function to deploy sandbox environment (all stacks)
const deploySandbox = () => {
var envC = "sandbox";
const vpcStack = new VpcStack(app, 'VpcStack', {config: config, env });
const eksStack = new EksStack(app, 'EksStack', {config: config, vpc: vpcStack.vpc, env });
const rdsStack = new RdsStack(app, 'RdsStack', { config: config, vpc: vpcStack.vpc, envC: envC, env });
new HelmRegistryStack(app, 'HelmRegistryStack', {
config: config,
rdsHost: rdsStack.rdsHost,
rdsPassword: rdsStack.rdsPassword,
eksCluster: eksStack.cluster,
env,
});
new HelmGatewayStack(app, 'HelmGatewayStack', {
config: config,
rdsHost: rdsStack.rdsHost,
rdsPassword: rdsStack.rdsPassword,
eksCluster: eksStack.cluster,
env,
});
// aws
// new DocumentDbStack(app, 'DocumentDbStack', { config: config, vpc: vpcStack.vpc, env });
// new RedisStack(app, 'RedisStack', { vpc: vpcStack.vpc, env });
// new RabbitMqStack(app, 'RabbitMqStack', { config: config, vpc: vpcStack.vpc, env });
// default - bitnami
new HelmCommonServicesStack(app, 'BapHelmCommonServicesStack', {
config: config,
eksCluster: eksStack.cluster,
service: 'bap',
env,
});
new HelmCommonServicesStack(app, 'BppHelmCommonServicesStack', {
config: config,
eksCluster: eksStack.cluster,
service: 'bpp',
env,
});
new HelmBapStack(app, 'HelmBapStack', {
config: config,
eksCluster: eksStack.cluster,
vpc: vpcStack.vpc,
eksSecGrp: eksStack.eksSecGrp,
isSandbox: true,
env,
});
new HelmBppStack(app, 'HelmBppStack', {
config: config,
eksCluster: eksStack.cluster,
vpc: vpcStack.vpc,
eksSecGrp: eksStack.eksSecGrp,
isSandbox: true,
env,
});
};
// Retrieve the environment from CDK context
const environment = app.node.tryGetContext('env');
// Deploy based on the selected environment
switch (environment) {
case 'sandbox':
console.log('Deploying sandbox environment...');
deploySandbox();
break;
case 'registry':
console.log('Deploying registry environment...');
deployRegistry();
break;
case 'gateway':
console.log('Deploying gateway environment...');
deployGateway();
break;
case 'bap':
console.log('Deploying BAP environment...');
deployBAP();
break;
case 'bpp':
console.log('Deploying BPP environment...');
deployBPP();
break;
default:
console.error('Unknown environment specified.');
process.exit(1);
}

12
aws-cdk/beckn-cdk/cdk.context.json Normal file
View File

@@ -0,0 +1,12 @@
{
"availability-zones:account=365975017663:region=ap-south-1": [
"ap-south-1a",
"ap-south-1b",
"ap-south-1c"
],
"availability-zones:account=471112672919:region=ap-south-1": [
"ap-south-1a",
"ap-south-1b",
"ap-south-1c"
]
}

72
aws-cdk/beckn-cdk/cdk.json Normal file
View File

@@ -0,0 +1,72 @@
{
"app": "npx ts-node --prefer-ts-exts bin/beckn-cdk.ts",
"watch": {
"include": [
"**"
],
"exclude": [
"README.md",
"cdk*.json",
"**/*.d.ts",
"**/*.js",
"tsconfig.json",
"package*.json",
"yarn.lock",
"node_modules",
"test"
]
},
"context": {
"@aws-cdk/aws-lambda:recognizeLayerVersion": true,
"@aws-cdk/core:checkSecretUsage": true,
"@aws-cdk/core:target-partitions": [
"aws",
"aws-cn"
],
"@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
"@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
"@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
"@aws-cdk/aws-iam:minimizePolicies": true,
"@aws-cdk/core:validateSnapshotRemovalPolicy": true,
"@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
"@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
"@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
"@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
"@aws-cdk/core:enablePartitionLiterals": true,
"@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
"@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
"@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
"@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
"@aws-cdk/aws-route53-patters:useCertificate": true,
"@aws-cdk/customresources:installLatestAwsSdkDefault": false,
"@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
"@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
"@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
"@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
"@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
"@aws-cdk/aws-redshift:columnId": true,
"@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
"@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
"@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
"@aws-cdk/aws-kms:aliasNameRef": true,
"@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
"@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
"@aws-cdk/aws-efs:denyAnonymousAccess": true,
"@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
"@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
"@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
"@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
"@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
"@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
"@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
"@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
"@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
"@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
"@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
"@aws-cdk/aws-eks:nodegroupNameAttribute": true,
"@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
"@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
"@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
"@aws-cdk/aws-s3:keepNotificationInImportedBucket": false
}
}

8
aws-cdk/beckn-cdk/jest.config.js Normal file
View File

@@ -0,0 +1,8 @@
module.exports = {
testEnvironment: 'node',
roots: ['<rootDir>/test'],
testMatch: ['**/*.test.ts'],
transform: {
'^.+\\.tsx?$': 'ts-jest'
}
};

67
aws-cdk/beckn-cdk/lib/config.ts Normal file
View File

@@ -0,0 +1,67 @@
import * as dotenv from "dotenv";
import path = require("path");
dotenv.config({ path: path.resolve(__dirname, "../.env") });
export type ConfigProps = {
REGION: string,
ACCOUNT: string,
REPOSITORY: string,
REGISTRY_RELEASE_NAME: string;
GATEWAY_RELEASE_NAME: string;
BAP_RELEASE_NAME: string;
BPP_RELEASE_NAME: string,
RDS_USER: string,
CERT_ARN: string,
REGISTRY_URL: string,
MAX_AZS: number,
EKS_CLUSTER_NAME: string,
CIDR: string,
EC2_NODES_COUNT: number;
EC2_INSTANCE_TYPE: string;
ROLE_ARN: string;
DOCDB_PASSWORD: string;
RABBITMQ_PASSWORD: string;
NAMESPACE: string;
BAP_PUBLIC_KEY: string;
BAP_PRIVATE_KEY: string;
BPP_PUBLIC_KEY: string;
BPP_PRIVATE_KEY: string;
REGISTRY_EXTERNAL_DOMAIN: string,
GATEWAY_EXTERNAL_DOMAIN: string;
BAP_EXTERNAL_DOMAIN: string;
BPP_EXTERNAL_DOMAIN: string;
};
export const getConfig = (): ConfigProps => ({
REGION: process.env.REGION || "ap-south-1",
ACCOUNT: process.env.ACCOUNT || "",
REPOSITORY: process.env.BECKN_ONIX_HELM_REPOSITORY || "",
MAX_AZS: Number(process.env.MAZ_AZs) || 2,
REGISTRY_RELEASE_NAME: "beckn-onix-registry",
GATEWAY_RELEASE_NAME: "beckn-onix-gateway",
BAP_RELEASE_NAME: "beckn-onix-bap",
BPP_RELEASE_NAME: "beckn-onix-bpp",
RDS_USER: process.env.RDS_USER || "postgres",
CERT_ARN: process.env.CERT_ARN || "", // user must provide it
REGISTRY_URL: process.env.REGISTRY_URL || "", // beckn-onix reg url
EKS_CLUSTER_NAME: process.env.EKS_CLUSTER_NAME || "beckn-onix",
CIDR: process.env.CIDR || "10.20.0.0/16",
EC2_NODES_COUNT: Number(process.env.EC2_NODES_COUNT) || 2,
EC2_INSTANCE_TYPE: process.env.EC2_INSTANCE_TYPE || "t3.large",
ROLE_ARN: process.env.ROLE_ARN || "",
DOCDB_PASSWORD: process.env.DOCDB_PASSWORD || "",
RABBITMQ_PASSWORD: process.env.RABBITMQ_PASSWORD || "",
NAMESPACE: "-common-services",
BAP_PUBLIC_KEY: process.env.BAP_PUBLIC_KEY || "",
BAP_PRIVATE_KEY: process.env.BAP_PRIVATE_KEY || "",
BPP_PUBLIC_KEY: process.env.BPP_PUBLIC_KEY || "",
BPP_PRIVATE_KEY: process.env.BPP_PRIVATE_KEY || "",
REGISTRY_EXTERNAL_DOMAIN: process.env.REGISTRY_EXTERNAL_DOMAIN || "", // user must provide it
GATEWAY_EXTERNAL_DOMAIN: process.env.GATEWAY_EXTERNAL_DOMAIN || "", // user must provide it
BAP_EXTERNAL_DOMAIN: process.env.BAP_EXTERNAL_DOMAIN || "", // user must provide it
BPP_EXTERNAL_DOMAIN: process.env.BPP_EXTERNAL_DOMAIN || "", // user must provide it
});

64
aws-cdk/beckn-cdk/lib/documentdb-stack.ts Normal file
View File

@@ -0,0 +1,64 @@
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as docdb from 'aws-cdk-lib/aws-docdb';
import * as dotenv from 'dotenv';
import { ConfigProps } from './config';
// Load environment variables from .env file
dotenv.config();
interface DocumentDbStackProps extends cdk.StackProps {
config: ConfigProps;
vpc: ec2.Vpc;
}
export class DocumentDbStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: DocumentDbStackProps) {
super(scope, id, props);
// Use environment variable from .env file or fallback to a default value
const docDbPassword = new cdk.CfnParameter(this, 'DocDbPassword', {
type: 'String',
description: 'The password for the DocumentDB cluster admin user',
noEcho: true,
default: props.config.DOCDB_PASSWORD || '', // Use environment variable
});
// Security group for DocumentDB
const docDbSecurityGroup = new ec2.SecurityGroup(this, 'DocDbSecurityGroup', {
vpc: props.vpc,
description: 'Security group for DocumentDB',
allowAllOutbound: true,
});
docDbSecurityGroup.addIngressRule(ec2.Peer.ipv4(props.vpc.vpcCidrBlock), ec2.Port.tcp(27017), 'Allow DocumentDB traffic on port 27017');
// DocumentDB subnet group
const docDbSubnetGroup = new docdb.CfnDBSubnetGroup(this, 'DocDbSubnetGroup', {
dbSubnetGroupDescription: 'Subnet group for DocumentDB',
subnetIds: props.vpc.selectSubnets({ subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }).subnetIds,
});
// DocumentDB cluster
const docDbCluster = new docdb.CfnDBCluster(this, 'DocDbCluster', {
masterUsername: 'beckn',
masterUserPassword: docDbPassword.valueAsString, // Password entered by the user
dbClusterIdentifier: 'MyDocDbCluster',
engineVersion: '4.0.0',
vpcSecurityGroupIds: [docDbSecurityGroup.securityGroupId],
dbSubnetGroupName: docDbSubnetGroup.ref,
});
// Create 2 DocumentDB instances
new docdb.CfnDBInstance(this, 'DocDbInstance1', {
dbClusterIdentifier: docDbCluster.ref,
dbInstanceClass: 'db.r5.large',
});
new docdb.CfnDBInstance(this, 'DocDbInstance2', {
dbClusterIdentifier: docDbCluster.ref,
dbInstanceClass: 'db.r5.large',
});
}
}

149
aws-cdk/beckn-cdk/lib/eks-stack.ts Normal file
View File

@@ -0,0 +1,149 @@
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as eks from 'aws-cdk-lib/aws-eks';
import * as iam from 'aws-cdk-lib/aws-iam';
import * as cdk from 'aws-cdk-lib';
import { KubectlV30Layer } from '@aws-cdk/lambda-layer-kubectl-v30';
// import { CfnAutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
import { Construct } from 'constructs';
import { ConfigProps } from './config';
export interface EksStackProps extends cdk.StackProps {
config: ConfigProps;
vpc: ec2.Vpc;
}
export class EksStack extends cdk.Stack {
public readonly cluster: eks.Cluster;
public readonly eksSecGrp: ec2.SecurityGroup;
constructor(scope: Construct, id: string, props: EksStackProps) {
super(scope, id, props);
const config = props.config;
const vpc = props.vpc;
const cidr = config.CIDR; // from config file
const EKS_CLUSTER_NAME = config.EKS_CLUSTER_NAME; // take it from config file
// const ROLE_ARN = 'ROLE_ARN'; // take form config file
const ROLE_ARN = config.ROLE_ARN;
const securityGroupEKS = new ec2.SecurityGroup(this, "EKSSecurityGroup", {
vpc: vpc,
allowAllOutbound: true,
description: "Security group for EKS",
});
securityGroupEKS.addIngressRule(
ec2.Peer.ipv4(cidr),
ec2.Port.allTraffic(),
"Allow EKS traffic"
);
// securityGroupEKS.addIngressRule(
// ec2.Peer.securityGroupId(securityGroupEKS.securityGroupId),
// ec2.Port.allTraffic(),
// "Allow EKS traffic"
// );
const iamRole = iam.Role.fromRoleArn(this, "MyIAMRole", ROLE_ARN);
// Create the EKS cluster
this.cluster = new eks.Cluster(this, 'EksCluster', {
vpc: vpc,
vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }],
defaultCapacity: 0,
// defaultCapacityInstance: new ec2.InstanceType(config.EC2_INSTANCE_TYPE),
kubectlLayer: new KubectlV30Layer(this, 'KubectlLayer'),
version: eks.KubernetesVersion.V1_30,
securityGroup: securityGroupEKS,
endpointAccess: eks.EndpointAccess.PUBLIC_AND_PRIVATE,
ipFamily: eks.IpFamily.IP_V4,
clusterName: EKS_CLUSTER_NAME,
mastersRole: iamRole, // Assign the admin role to the cluster
outputClusterName: true,
outputConfigCommand: true,
authenticationMode: eks.AuthenticationMode.API_AND_CONFIG_MAP,
bootstrapClusterCreatorAdminPermissions: true,
albController: {
version: eks.AlbControllerVersion.V2_8_1,
repository: "public.ecr.aws/eks/aws-load-balancer-controller",
},
});
const key1 = this.cluster.openIdConnectProvider.openIdConnectProviderIssuer;
const stringEquals = new cdk.CfnJson(this, 'ConditionJson', {
value: {
[`${key1}:sub`]: ['system:serviceaccount:kube-system:ebs-csi-controller-sa', 'system:serviceaccount:kube-system:efs-csi-controller-sa'],
[`${key1}:aud`]: 'sts.amazonaws.com'
},
})
const oidcEKSCSIRole = new iam.Role(this, "OIDCRole", {
assumedBy: new iam.FederatedPrincipal(
`arn:aws:iam::${this.account}:oidc-provider/${this.cluster.clusterOpenIdConnectIssuer}`,
{
StringEquals: stringEquals,
},
"sts:AssumeRoleWithWebIdentity"
),
});
// Attach a managed policy to the role
oidcEKSCSIRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AmazonEBSCSIDriverPolicy"))
oidcEKSCSIRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AmazonEFSCSIDriverPolicy"))
const ebscsi = new eks.CfnAddon(this, "addonEbsCsi",
{
addonName: "aws-ebs-csi-driver",
clusterName: this.cluster.clusterName,
serviceAccountRoleArn: oidcEKSCSIRole.roleArn
}
);
const efscsi = new eks.CfnAddon(this, "addonEfsCsi",
{
addonName: "aws-efs-csi-driver",
clusterName: this.cluster.clusterName,
serviceAccountRoleArn: oidcEKSCSIRole.roleArn
}
);
new cdk.CfnOutput(this, String("OIDC-issuer"), {
value: this.cluster.clusterOpenIdConnectIssuer,
});
new cdk.CfnOutput(this, String("OIDC-issuerURL"), {
value: this.cluster.clusterOpenIdConnectIssuerUrl,
});
new cdk.CfnOutput(this, "EKS Cluster Name", {
value: this.cluster.clusterName,
});
new cdk.CfnOutput(this, "EKS Cluster Arn", {
value: this.cluster.clusterArn,
});
const launchTemplate = new ec2.CfnLaunchTemplate(this, 'MyLaunchTemplate', {
launchTemplateData: {
instanceType: config.EC2_INSTANCE_TYPE,
securityGroupIds: [this.cluster.clusterSecurityGroupId, securityGroupEKS.securityGroupId],
}
});
// Create node group using the launch template
this.cluster.addNodegroupCapacity('CustomNodeGroup', {
amiType: eks.NodegroupAmiType.AL2_X86_64,
desiredSize: config.EC2_NODES_COUNT,
launchTemplateSpec: {
id: launchTemplate.ref,
version: launchTemplate.attrLatestVersionNumber,
},
subnets: { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS },
});
this.eksSecGrp = securityGroupEKS;
}
}

113
aws-cdk/beckn-cdk/lib/helm-bap.ts Normal file
View File

@@ -0,0 +1,113 @@
import * as cdk from 'aws-cdk-lib';
import * as eks from 'aws-cdk-lib/aws-eks';
import * as helm from 'aws-cdk-lib/aws-eks';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { ConfigProps } from './config';
import * as efs from 'aws-cdk-lib/aws-efs';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as iam from 'aws-cdk-lib/aws-iam';
interface HelmBapStackProps extends StackProps {
config: ConfigProps;
eksCluster: eks.Cluster;
isSandbox: boolean;
eksSecGrp: ec2.SecurityGroup;
vpc: ec2.Vpc;
}
export class HelmBapStack extends Stack {
constructor(scope: Construct, id: string, props: HelmBapStackProps) {
super(scope, id, props);
const eksCluster = props.eksCluster;
const externalDomain = props.config.BAP_EXTERNAL_DOMAIN;
const certArn = props.config.CERT_ARN;
const releaseName = props.config.BAP_RELEASE_NAME;
const repository = props.config.REPOSITORY;
const registryUrl = props.config.REGISTRY_URL;
const bapPrivateKey = props.config.BAP_PRIVATE_KEY;
const bapPublicKey = props.config.BAP_PUBLIC_KEY;
const isSandbox = props.isSandbox;
const myFileSystemPolicy = new iam.PolicyDocument({
statements: [new iam.PolicyStatement({
actions: [
'elasticfilesystem:ClientRootAccess',
'elasticfilesystem:ClientWrite',
'elasticfilesystem:ClientMount',
],
principals: [new iam.ArnPrincipal('*')],
resources: ['*'],
conditions: {
Bool: {
'elasticfilesystem:AccessedViaMountTarget': 'true',
},
},
})],
});
const efsBapFileSystemId = new efs.FileSystem(this, 'Beckn-Onix-Bap', {
vpc: props.vpc,
securityGroup: props.eksSecGrp,
fileSystemPolicy: myFileSystemPolicy,
});
// let efsBapFileSystemId: string | undefined;
// const existingFileSystemId = cdk.Fn.importValue('EfsBapFileSystemId');
// if(existingFileSystemId){
// efsBapFileSystemId = existingFileSystemId;
// } else{
// const efsBapFileSystem = new efs.FileSystem(this, 'Beckn-Onix-Bap', {
// vpc: props.vpc,
// securityGroup: props.eksSecGrp,
// });
// efsBapFileSystemId = efsBapFileSystem.fileSystemId;
// new cdk.CfnOutput(this, 'EfsBapFileSystemId', {
// value: efsBapFileSystemId,
// exportName: 'EfsBapFileSystemId',
// })
// }
// const efsBapFileSystemId = new efs.FileSystem(this, 'Beckn-Onix-Bap', {
// vpc: props.vpc,
// });
new helm.HelmChart(this, 'baphelm', {
cluster: eksCluster,
chart: 'beckn-onix-bap',
release: releaseName,
wait: false,
repository: repository,
values: {
global: {
isSandbox: isSandbox,
externalDomain: externalDomain,
registry_url: registryUrl,
bap: {
privateKey: bapPrivateKey,
publicKey: bapPublicKey,
},
efs: {
fileSystemId: efsBapFileSystemId.fileSystemId,
},
ingress: {
tls: {
certificateArn: certArn,
},
},
},
},
}
);
new cdk.CfnOutput(this, String("EksFileSystemId"), {
value: efsBapFileSystemId.fileSystemId,
});
}
}

90
aws-cdk/beckn-cdk/lib/helm-beckn-common-services.ts Normal file
View File

@@ -0,0 +1,90 @@
import * as cdk from 'aws-cdk-lib';
import * as eks from 'aws-cdk-lib/aws-eks';
import * as helm from 'aws-cdk-lib/aws-eks';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { ConfigProps } from './config';
import * as crypto from 'crypto';
interface HelmCommonServicesStackProps extends StackProps {
config: ConfigProps;
eksCluster: eks.Cluster;
service: string,
}
export class HelmCommonServicesStack extends Stack {
constructor(scope: Construct, id: string, props: HelmCommonServicesStackProps) {
super(scope, id, props);
const eksCluster = props.eksCluster;
const service = props.service;
const repository = "https://charts.bitnami.com/bitnami";
const namespace = props.config.NAMESPACE;
const generateRandomPassword = (length: number) => {
return crypto.randomBytes(length).toString('hex').slice(0, length);
};
const rabbitMQPassword = generateRandomPassword(12);
new helm.HelmChart(this, "RedisHelmChart", {
cluster: eksCluster,
chart: "redis",
namespace: service + namespace,
release: "redis",
wait: false,
repository: repository,
values: {
auth: {
enabled: false
},
replica: {
replicaCount: 0
},
master: {
persistence: {
storageClass: "gp2"
}
}
}
});
new helm.HelmChart(this, "MongoDBHelmChart", {
cluster: eksCluster,
chart: "mongodb",
namespace: service + namespace,
release: "mongodb",
wait: false,
repository: repository,
values: {
persistence: {
storageClass: "gp2"
}
}
});
new helm.HelmChart(this, "RabbitMQHelmChart", {
cluster: eksCluster,
chart: "rabbitmq",
namespace: service + namespace,
release: "rabbitmq",
wait: false,
repository: repository,
values: {
persistence: {
enabled: true,
storageClass: "gp2"
},
auth: {
username: "beckn",
password: "beckn1234"
}
}
});
// new cdk.CfnOutput(this, String("RabbimqPassword"), {
// value: rabbitMQPassword,
// });
}
}

89
aws-cdk/beckn-cdk/lib/helm-bpp.ts Normal file
View File

@@ -0,0 +1,89 @@
import * as cdk from 'aws-cdk-lib';
import * as eks from 'aws-cdk-lib/aws-eks';
import * as helm from 'aws-cdk-lib/aws-eks';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { ConfigProps } from './config';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as efs from 'aws-cdk-lib/aws-efs';
import * as iam from 'aws-cdk-lib/aws-iam';
interface HelmBppStackProps extends StackProps {
config: ConfigProps;
vpc: ec2.Vpc;
isSandbox: boolean;
eksSecGrp: ec2.SecurityGroup;
eksCluster: eks.Cluster;
}
export class HelmBppStack extends Stack {
constructor(scope: Construct, id: string, props: HelmBppStackProps) {
super(scope, id, props);
const eksCluster = props.eksCluster;
const externalDomain = props.config.BPP_EXTERNAL_DOMAIN;
const certArn = props.config.CERT_ARN;
const releaseName = props.config.BPP_RELEASE_NAME;
const repository = props.config.REPOSITORY;
const registryUrl = props.config.REGISTRY_URL;
const bppPrivateKey = props.config.BPP_PRIVATE_KEY;
const bppPublicKey = props.config.BPP_PUBLIC_KEY;
const isSandbox = props.isSandbox;
const myFileSystemPolicy = new iam.PolicyDocument({
statements: [new iam.PolicyStatement({
actions: [
'elasticfilesystem:ClientRootAccess',
'elasticfilesystem:ClientWrite',
'elasticfilesystem:ClientMount',
],
principals: [new iam.ArnPrincipal('*')],
resources: ['*'],
conditions: {
Bool: {
'elasticfilesystem:AccessedViaMountTarget': 'true',
},
},
})],
});
const efsBppFileSystemId = new efs.FileSystem(this, 'Beckn-Onix-Bpp', {
vpc: props.vpc,
securityGroup: props.eksSecGrp,
fileSystemPolicy: myFileSystemPolicy,
});
new helm.HelmChart(this, 'Bpphelm', {
cluster: eksCluster,
chart: 'beckn-onix-bpp',
release: releaseName,
wait: false,
repository: repository,
values: {
global: {
isSandbox: isSandbox,
externalDomain: externalDomain,
registry_url: registryUrl,
bpp: {
privateKey: bppPrivateKey,
publicKey: bppPublicKey,
},
efs: {
fileSystemId: efsBppFileSystemId.fileSystemId,
},
ingress: {
tls: {
certificateArn: certArn,
},
},
},
},
}
);
new cdk.CfnOutput(this, String("EksFileSystemId"), {
value: efsBppFileSystemId.fileSystemId,
});
}
}

54
aws-cdk/beckn-cdk/lib/helm-gateway.ts Normal file
View File

@@ -0,0 +1,54 @@
import * as cdk from 'aws-cdk-lib';
import * as eks from 'aws-cdk-lib/aws-eks';
import * as helm from 'aws-cdk-lib/aws-eks';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { ConfigProps } from './config';
interface HelmGAtewayStackProps extends cdk.StackProps {
config: ConfigProps;
eksCluster: eks.Cluster;
rdsHost: string;
rdsPassword: string;
}
export class HelmGatewayStack extends Stack {
constructor(scope: Construct, id: string, props: HelmGAtewayStackProps) {
super(scope, id, props);
const eksCluster = props.eksCluster;
const externalDomain = props.config.GATEWAY_EXTERNAL_DOMAIN;
const certArn = props.config.CERT_ARN;
const registryUrl = props.config.REGISTRY_URL;
const releaseName = props.config.GATEWAY_RELEASE_NAME;
const repository = props.config.REPOSITORY;
const rdsHost = props.rdsHost;
const rdsPassword = props.rdsPassword;
new helm.HelmChart(this, "gatewayhelm", {
cluster: eksCluster,
chart: "beckn-onix-gateway",
release: releaseName,
wait: false,
repository: repository,
values: {
externalDomain: externalDomain,
registry_url: registryUrl,
database: {
host: rdsHost,
password: rdsPassword,
},
ingress: {
tls:
{
certificateArn: certArn,
},
},
}
});
}
}

50
aws-cdk/beckn-cdk/lib/helm-registry.ts Normal file
View File

@@ -0,0 +1,50 @@
import * as cdk from 'aws-cdk-lib';
import * as eks from 'aws-cdk-lib/aws-eks';
import * as helm from 'aws-cdk-lib/aws-eks';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { ConfigProps } from './config';
interface HelmRegistryStackProps extends StackProps {
config: ConfigProps;
eksCluster: eks.Cluster;
rdsHost: string;
rdsPassword: string;
}
export class HelmRegistryStack extends Stack {
constructor(scope: Construct, id: string, props: HelmRegistryStackProps) {
super(scope, id, props);
const eksCluster = props.eksCluster;
const externalDomain = props.config.REGISTRY_EXTERNAL_DOMAIN;
const certArn = props.config.CERT_ARN;
const releaseName = props.config.REGISTRY_RELEASE_NAME;
const repository = props.config.REPOSITORY;
const rdsHost = props.rdsHost;
const rdsPassword = props.rdsPassword;
new helm.HelmChart(this, "registryhelm", {
cluster: eksCluster,
chart: "beckn-onix-registry",
release: releaseName,
wait: false,
repository: repository,
values: {
externalDomain: externalDomain,
database: {
host: rdsHost,
password: rdsPassword
},
ingress: {
tls:
{
certificateArn: certArn,
},
},
}
});
}
}

66
aws-cdk/beckn-cdk/lib/rabbitmq-stack.ts Normal file
View File

@@ -0,0 +1,66 @@
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as amazonmq from 'aws-cdk-lib/aws-amazonmq';
import * as dotenv from 'dotenv';
import { ConfigProps } from './config';
// Load environment variables from .env file
dotenv.config();
interface RabbitMqStackProps extends cdk.StackProps {
config: ConfigProps;
vpc: ec2.Vpc;
}
export class RabbitMqStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: RabbitMqStackProps) {
super(scope, id, props);
// Prompt for the RabbitMQ admin password using environment variable
const rabbitMqPassword = new cdk.CfnParameter(this, 'RabbitMqPassword', {
type: 'String',
description: 'The password for the RabbitMQ broker admin user',
noEcho: true, // Ensure the password is hidden from the console
default: props.config.RABBITMQ_PASSWORD || '', // Use the password from .env or set a fallback
});
// Security group for RabbitMQ
const rabbitMqSecurityGroup = new ec2.SecurityGroup(this, 'RabbitMqSecurityGroup', {
vpc: props.vpc,
description: 'Security group for RabbitMQ broker',
allowAllOutbound: true,
});
rabbitMqSecurityGroup.addIngressRule(ec2.Peer.ipv4(props.vpc.vpcCidrBlock), ec2.Port.tcp(5672), 'Allow RabbitMQ traffic on port 5672');
rabbitMqSecurityGroup.addIngressRule(ec2.Peer.ipv4(props.vpc.vpcCidrBlock), ec2.Port.tcp(15672), 'Allow RabbitMQ management traffic');
// Select a single private subnet for the RabbitMQ Broker
const privateSubnets = props.vpc.selectSubnets({ subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }).subnets;
// Ensure there's at least one subnet, and use the first one
if (privateSubnets.length === 0) {
throw new Error('No private subnets found in the VPC');
}
const selectedSubnet = privateSubnets[0]; // Use the first subnet
// RabbitMQ Broker
new amazonmq.CfnBroker(this, 'RabbitMqBroker', {
brokerName: 'MyRabbitMqBroker',
engineType: 'RABBITMQ',
engineVersion: '3.10.25',
deploymentMode: 'SINGLE_INSTANCE',
publiclyAccessible: false,
hostInstanceType: 'mq.m5.large', // Adjust the instance type as needed
subnetIds: [selectedSubnet.subnetId], // Pass a single subnet
securityGroups: [rabbitMqSecurityGroup.securityGroupId],
users: [
{
username: 'becknadmin', // Fixed username
password: rabbitMqPassword.valueAsString, // Password entered by the user or set from the .env file
},
],
});
}
}

50
aws-cdk/beckn-cdk/lib/rds-stack-dummy.ts Normal file
View File

@@ -0,0 +1,50 @@
import * as cdk from 'aws-cdk-lib';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as rds from 'aws-cdk-lib/aws-rds';
import { Construct } from 'constructs';
import { ConfigProps } from './config';
import cluster from 'cluster';
export interface RdsStackProps extends cdk.StackProps {
config: ConfigProps;
vpc: ec2.Vpc;
}
export class RdsStack extends cdk.Stack {
public readonly rdsSecret: string;
public readonly rdsHost: string;
constructor(scope: Construct, id: string, props: RdsStackProps) {
super(scope, id, props);
// Security group for RDS
const dbSecurityGroup = new ec2.SecurityGroup(this, 'DatabaseSecurityGroup', {
vpc: props.vpc,
description: 'Security group for Aurora PostgreSQL database',
allowAllOutbound: true,
});
dbSecurityGroup.addIngressRule(ec2.Peer.ipv4(props.vpc.vpcCidrBlock), ec2.Port.tcp(5432), 'Allow Postgres access');
// Create Aurora PostgreSQL database cluster
const cluster = new rds.DatabaseCluster(this, 'AuroraCluster', {
engine: rds.DatabaseClusterEngine.auroraPostgres({
version: rds.AuroraPostgresEngineVersion.VER_13_15,
}),
instances: 2,
instanceProps: {
vpc: props.vpc,
vpcSubnets: {
subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
},
securityGroups: [dbSecurityGroup],
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM),
},
credentials: rds.Credentials.fromGeneratedSecret('dbadmin'),
defaultDatabaseName: 'MyDatabase',
removalPolicy: cdk.RemovalPolicy.DESTROY, // Destroy cluster when stack is deleted (useful for development)
});
this.rdsHost = cluster.clusterEndpoint.hostname;
}
}

84
aws-cdk/beckn-cdk/lib/rds-stack.ts Normal file
View File

@@ -0,0 +1,84 @@
import * as cdk from 'aws-cdk-lib';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as rds from 'aws-cdk-lib/aws-rds';
import { Construct } from 'constructs';
import { ConfigProps } from './config';
import cluster from 'cluster';
import { Secret } from 'aws-cdk-lib/aws-secretsmanager';
export interface RdsStackProps extends cdk.StackProps {
config: ConfigProps;
envC: string;
vpc: ec2.Vpc;
}
export class RdsStack extends cdk.Stack {
public readonly rdsSecret: string;
public readonly rdsHost: string;
public readonly rdsPassword: string;
constructor(scope: Construct, id: string, props: RdsStackProps) {
super(scope, id, props);
const vpc = props.vpc;
const dbName = props.envC;
const rdsUser = props.config.RDS_USER; // take input from user / make it
const rdsPassword = this.createPassword();
const rdsSecGrpIngress = props.config.CIDR;
const securityGroupRDS = new ec2.SecurityGroup(this, 'RdsSecurityGroup', {
vpc: vpc,
allowAllOutbound: true,
description: 'Security group for Aurora PostgreSQL database',
});
securityGroupRDS.addIngressRule(
ec2.Peer.ipv4(rdsSecGrpIngress),
ec2.Port.tcp(5432),
"Allow Postgress Access"
);
const creds = new Secret(this, "rdsSecret", {
secretObjectValue: {
username: cdk.SecretValue.unsafePlainText(rdsUser.toString()),
password: cdk.SecretValue.unsafePlainText(rdsPassword.toString()),
},
});
const cluster = new rds.DatabaseCluster(this, 'AuroraCluster', {
engine: rds.DatabaseClusterEngine.auroraPostgres({
version: rds.AuroraPostgresEngineVersion.VER_14_6,
}),
credentials: rds.Credentials.fromSecret(creds),
instances: 1,
instanceProps: {
vpc: props.vpc,
vpcSubnets: {
subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
},
securityGroups: [securityGroupRDS],
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM),
},
defaultDatabaseName: dbName,
});
this.rdsSecret = creds.secretArn;
this.rdsHost = cluster.clusterEndpoint.hostname;
this.rdsPassword = rdsPassword;
new cdk.CfnOutput(this, 'RDSPasswordOutput', {
value: rdsPassword,
exportName: `RDSPassword-${dbName}`,
})
}
//generate password function
private createPassword(length: number = 12): string {
const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!#$%&()*+,-.:;<=>?[]^_`{|}~';
let password = '';
for (let i = 0; i < length; i++) {
password += characters.charAt(Math.floor(Math.random() * characters.length));
}
return password;
}
}

38
aws-cdk/beckn-cdk/lib/redis-stack.ts Normal file
View File

@@ -0,0 +1,38 @@
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as elasticache from 'aws-cdk-lib/aws-elasticache';
interface RedisStackProps extends cdk.StackProps {
vpc: ec2.Vpc;
}
export class RedisStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: RedisStackProps) {
super(scope, id, props);
// Security group for ElastiCache
const elasticacheSecurityGroup = new ec2.SecurityGroup(this, 'ElastiCacheSecurityGroup', {
vpc: props.vpc,
description: 'Security group for Redis',
allowAllOutbound: true,
});
elasticacheSecurityGroup.addIngressRule(ec2.Peer.ipv4(props.vpc.vpcCidrBlock), ec2.Port.tcp(6379), 'Allow Redis traffic');
// Redis subnet group
const redisSubnetGroup = new elasticache.CfnSubnetGroup(this, 'RedisSubnetGroup', {
description: 'Subnet group for Redis cluster',
subnetIds: props.vpc.selectSubnets({ subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }).subnetIds,
});
// Redis Cluster
new elasticache.CfnCacheCluster(this, 'RedisCluster', {
cacheNodeType: 'cache.t3.medium', // Adjust the node type based on your needs
engine: 'redis',
numCacheNodes: 1,
vpcSecurityGroupIds: [elasticacheSecurityGroup.securityGroupId],
cacheSubnetGroupName: redisSubnetGroup.ref,
});
}
}

76
aws-cdk/beckn-cdk/lib/vpc-stack.ts Normal file
View File

@@ -0,0 +1,76 @@
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as elb from 'aws-cdk-lib/aws-elasticloadbalancingv2';
import { ConfigProps } from './config';
export interface VpcStackProps extends cdk.StackProps {
config: ConfigProps;
}
export class VpcStack extends cdk.Stack {
public readonly vpc: ec2.Vpc;
// public readonly alb: elb.ApplicationLoadBalancer;
constructor(scope: Construct, id: string, props: VpcStackProps) {
super(scope, id, props);
const config = props.config;
// Create a new VPC
this.vpc = new ec2.Vpc(this, 'beckn-onix-vpc', {
maxAzs: config.MAX_AZS, // Maximum number of availability zones
cidr: config.CIDR,
natGateways: 1, // Single NAT Gateway in the public subnet
subnetConfiguration: [
{
cidrMask: 24,
name: 'Public',
subnetType: ec2.SubnetType.PUBLIC,
},
{
cidrMask: 24,
name: 'AppLayer',
subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS, // Use the newer "PRIVATE_WITH_EGRESS" instead of PRIVATE_WITH_NAT
},
{
cidrMask: 24,
name: 'DatabaseLayer',
subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
}
]
});
// Output the VPC CIDR block for other stacks to reference
new cdk.CfnOutput(this, 'VpcCidrBlock', {
value: this.vpc.vpcCidrBlock,
exportName: 'VpcCidrBlock-env', // Export name to reference in other stacks
});
// Output the VPC ID for other stacks
new cdk.CfnOutput(this, 'VpcId', {
value: this.vpc.vpcId,
exportName: 'VpcId', // Export name to reference in other stacks
});
// Output the Public Subnet IDs
new cdk.CfnOutput(this, 'PublicSubnetIds', {
value: this.vpc.publicSubnets.map(subnet => subnet.subnetId).join(','),
exportName: 'PublicSubnetIds', // Export name to reference in other stacks
});
// Output the App Layer Subnet IDs (for application instances or services)
new cdk.CfnOutput(this, 'AppLayerSubnetIds', {
value: this.vpc.selectSubnets({ subnetGroupName: 'AppLayer' }).subnetIds.join(','),
exportName: 'AppLayerSubnetIds', // Export name to reference in other stacks
});
// Output the Database Layer Subnet IDs (for database instances)
new cdk.CfnOutput(this, 'DatabaseSubnetIds', {
value: this.vpc.selectSubnets({ subnetGroupName: 'DatabaseLayer' }).subnetIds.join(','),
exportName: 'DatabaseSubnetIds', // Export name to reference in other stacks
});
}
}

4587
aws-cdk/beckn-cdk/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

29
aws-cdk/beckn-cdk/package.json Normal file
View File

@@ -0,0 +1,29 @@
{
"name": "beckn-cdk",
"version": "0.1.0",
"bin": {
"beckn-cdk": "bin/beckn-cdk.js"
},
"scripts": {
"build": "tsc",
"watch": "tsc -w",
"test": "jest",
"cdk": "cdk"
},
"devDependencies": {
"@types/jest": "^29.5.12",
"@types/node": "^22.5.4",
"aws-cdk": "2.158.0",
"jest": "^29.7.0",
"ts-jest": "^29.2.5",
"ts-node": "^10.9.2",
"typescript": "~5.6.2"
},
"dependencies": {
"@aws-cdk/lambda-layer-kubectl-v30": "^2.0.1",
"aws-cdk-lib": "2.158.0",
"constructs": "^10.0.0",
"dotenv": "^16.4.5",
"source-map-support": "^0.5.21"
}
}

17
aws-cdk/beckn-cdk/test/beckn-cdk.test.ts Normal file
View File

@@ -0,0 +1,17 @@
// import * as cdk from 'aws-cdk-lib';
// import { Template } from 'aws-cdk-lib/assertions';
// import * as BecknCdkNew from '../lib/beckn-cdk-stack';
// example test. To run these tests, uncomment this file along with the
// example resource in lib/beckn-cdk-stack.ts
test('SQS Queue Created', () => {
// const app = new cdk.App();
// // WHEN
// const stack = new BecknCdkNew.BecknCdkNewStack(app, 'MyTestStack');
// // THEN
// const template = Template.fromStack(stack);
// template.hasResourceProperties('AWS::SQS::Queue', {
// VisibilityTimeout: 300
// });
});

31
aws-cdk/beckn-cdk/tsconfig.json Normal file
View File

@@ -0,0 +1,31 @@
{
"compilerOptions": {
"target": "ES2020",
"module": "commonjs",
"lib": [
"es2020",
"dom"
],
"declaration": true,
"strict": true,
"noImplicitAny": true,
"strictNullChecks": true,
"noImplicitThis": true,
"alwaysStrict": true,
"noUnusedLocals": false,
"noUnusedParameters": false,
"noImplicitReturns": true,
"noFallthroughCasesInSwitch": false,
"inlineSourceMap": true,
"inlineSources": true,
"experimentalDecorators": true,
"strictPropertyInitialization": false,
"typeRoots": [
"./node_modules/@types"
]
},
"exclude": [
"node_modules",
"cdk.out"
]
}

215
aws-cdk/documentations/01-Deployment-CDK-Beckn-ONIX.md Normal file
View File

@@ -0,0 +1,215 @@
# Beckn-ONIX AWS CDK
This repository contains AWS CDK stacks for deploying the Beckn-ONIX services on AWS using the open-source AWS CDK IaC. The AWS CDK stacks are designed to deploy the following services:
- **Registry**: Manages Beckn service providers and categories, and provides an additional layer of trust on the network by listing platforms that are compliant to a networks rules and policies.
- **Gateway**: Central point for routing Beckn messages between providers and participants.
- **BAP (Beckn Application Platform)**: A consumer-facing infrastructure which captures consumers requests via its UI applications, converts them into beckn-compliant schemas and APIs at the server side, and fires them at the network.
- **BPP (Beckn Provider Platform)**: Other side of the network is the supply side which consists of Beckn Provider Platforms (BPPs) that maintain an active inventory, one or more catalogs of products and services, implement the supply logic and enable fulfillment of orders.
![AWS CDK FLow](images/AWS-CDK-Flow.png)
## Prerequisites
- **AWS Account**: An AWS account to deploy AWS CDK stacks
- **AWS CLI**: Configured with AWS account
- **Kubectl Client**: Configured with the Amazon EKS cluster.
- **Public Domain/Sub-Domain**: Along with SSL certificates for HTTPS.
### Domain and Subdomains
Beckn-ONIX requires a public domain to be associated with the following services:
- Registry
- Gateway
- BAP Network
- BPP Network
Users must obtain a public domain and create subdomains for each service. Additionally, an SSL certificate must be issued for each subdomain to enable HTTPS. You can use [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/pricing/), which provides public SSL/TLS certificates at no cost.
## Requesting a Public SSL Certificate through AWS Certificate Manager
Gather the list of subdomains you intend to use for Beckn-ONIX services (as outlined in the pre-requisite).
To obtain an SSL certificate through AWS Certificate Manager, follow the easy steps provided in the official [AWS ACM Documentation](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html).
Once a certificate is issued, copy the certificate ARN to be used in the Helm charts later. The certificate ARN follows this format:
`arn:aws:acm:ap-south-1:<aws-account-id>:certificate/<identifier>`
## Configuring AWS CLI
Crucial step in working with AWS CDK. You can do it in your local environment.If you prefer to configure AWS CLI on a remote server, you can SSH-ing into the server and running aws configure to set up the CLI credentials and configuration. Just ensure that the server has network connectivity to AWS services and that you have the necessary permissions to configure AWS CLI and access AWS resources from that server.
## Beckn-ONIX CDK Project Overview
The AWS CDK project follows a specific folder structure for better organization:
- **lib/**: This folder contains all the CDK stacks. Each stack represents a set of AWS resources that are deployed together.
- **bin/**: This folder contains the `beckn-cdk.ts` file, which serves as the entry point to the CDK application.
- **config.ts**: Located in the `lib/` folder, this file holds all the necessary environment variables for your stacks.
- **.env**: This file is located in the root of the AWS CDK project and contains user-specific environment variables.
### CDK Stacks Overview
| CDK Stack Name | Description |
|----------------------|---------------------------------------------------------------------------------------------------|
| VpcStack | This stack creates the VPC in which your resources will be deployed, along with one public subnet and two private subnets. |
| EksStack | This stack creates an Amazon EKS (Elastic Kubernetes Service) cluster for deploying Kubernetes applications. |
| RdsStack | This stack creates a PostgreSQL Aurora database cluster for your application's data storage needs. |
| HelmRegistryStack | This stack deploys Beckn-Onix Registry helm charts. |
| HelmGatewayStack | This stack deploys Beckn-Onix Gateway helm charts. |
| HelmBapStack | This stack deploys Beckn-Onix BAP helm charts. |
| HelmBppStack | This stack deploys Beckn-Onix BPP helm charts. |
| HelmCommonServicesStack | This stack deploys common services (Redis, Mongo, and RabbitMQ) from the open-source Bitnami repository into the Amazon EKS cluster required for BAP and BPP services. |
### Optional Stacks
| CDK Stack Name | Description |
|----------------------|---------------------------------------------------------------------------------------------------|
| RedisStack | This stack creates a Redis cluster for caching and data storage needs. |
| DocumentDbStack | This stack creates a DocumentDB cluster for document storage and retrieval. |
| RabbitMqStack | This stack creates a RabbitMQ broker for managing message queues and pub/sub messaging. |
## AWS CDK Environment Variables
**Note:** Depending on the Beckn-ONIX component you wish to install, please update the `.env` file with the respective environment variables.
#### AWS SPECIFIC MANDATORY VARIABLES ####
| Environment Variables | Example value | Description |
| --------------------- | -------------- | ---------- |
| `REGION` | `ap-south-1` | The AWS region in which to deploy all the resources |
| `ACCOUNT` | `123456789123` | Your AWS 12 digit account number |
#### BECKN-ONIX SPECIFIC MANDATORY VARIABLES ####
**Note:** Depending on the Beckn-ONIX component you wish to install, please update the `.env` file with the respective environment variables.
### Registry
| Variable | Description | Example Value |
|-------------------------------|--------------------------------------------------------|-------------------------------------------------------------|
| `REGISTRY_EXTERNAL_DOMAIN` | External domain for the registry | `registry-cdk.beckn-onix-aws-cdk.becknprotocol.io` |
| `CERT_ARN` | SSL certificate ARN (AWS Certificate Manager) | `arn:aws:acm:ap-south-1:365975017663:certificate/04d1ef71-8407-495b-82f0-4eded8694189` |
### Gateway
| Variable | Description | Example Value |
|-------------------------------|--------------------------------------------------------|-------------------------------------------------------------|
| `GATEWAY_EXTERNAL_DOMAIN` | External domain for the gateway | `gateway-cdk.beckn-onix-aws-cdk.becknprotocol.io` |
| `REGISTRY_URL` | Registry URL | `gateway-cdk.beckn-onix-aws-cdk.becknprotocol.io` |
| `CERT_ARN` | SSL certificate ARN (AWS Certificate Manager) | `arn:aws:acm:ap-south-1:365975017663:certificate/04d1ef71-8407-495b-82f0-4eded8694189` |
### BAP (Beckn Application Platform)
| Variable | Description | Example Value |
|-------------------------------|--------------------------------------------------------|-------------------------------------------------------------|
| `BAP_EXTERNAL_DOMAIN` | External domain for the BAP | `bap-cdk.beckn-onix-aws-cdk.becknprotocol.io` |
| `BAP_PRIVATE_KEY` | Private key for the BAP | `pivurna3jQBmZGZeeOssgvD0NqMUuWedGjnM9U+hf8i5GXy3eoHVP7ZNs0CL+m7WB/Lq7L2/NvdPdiJWt9kjOQ==` |
| `BAP_PUBLIC_KEY` | Public key for the BAP | `uRl8t3qB1T+2TbNAi/pu1gfy6uy9vzb3T3YiVrfZIzk=` |
| `CERT_ARN` | SSL certificate ARN (AWS Certificate Manager) | `arn:aws:acm:ap-south-1:365975017663:certificate/04d1ef71-8407-495b-82f0-4eded8694189` |
### BPP (Beckn Provider Platform)
| Variable | Description | Example Value |
|-------------------------------|--------------------------------------------------------|-------------------------------------------------------------|
| `BPP_EXTERNAL_DOMAIN` | External domain for the BPP | `bpp-cdk.beckn-onix-aws-cdk.becknprotocol.io` |
| `BPP_PRIVATE_KEY` | Private key for the BPP | `pivurna3jQBmZGZeeOssgvD0NqMUuWedGjnM9U+hf8i5GXy3eoHVP7ZNs0CL+m7WB/Lq7L2/NvdPdiJWt9kjOQ==` |
| `BPP_PUBLIC_KEY` | Public key for the BPP | `uRl8t3qB1T+2TbNAi/pu1gfy6uy9vzb3T3YiVrfZIzk=` |
| `CERT_ARN` | SSL certificate ARN (AWS Certificate Manager) | `arn:aws:acm:ap-south-1:365975017663:certificate/04d1ef71-8407-495b-82f0-4eded8694189` |
## Deploy CDK
After you have made the relevant updates to the `.env` file, run the following commands to begin the deployment process.
### Deployment by Environment
You can now choose to deploy one of the following environments:
1. **Registry Environment**
This will deploy the following stacks: VPC, Amazon EKS, and Amazon RDS Aurora Postgres and Registry:
```bash
cdk deploy --context env=registry --all
```
2. **Gateway Environment**
This will deploy the following stacks: VPC, Amazon EKS, Amazon RDS Aurora Postgres and Gateway:
```bash
cdk deploy --context env=gateway --all
```
### Generate SSL Key Pair required for BAP and BPP
The Protocol Server (BAP/BPP) provides a key generation script.
**Note:** Ensure Node.js is installed on your system.
```bash
curl https://raw.githubusercontent.com/beckn/protocol-server/master/scripts/generate-keys.js > generate-keys.js
npm install libsodium-wrappers
node generate-keys.js
```
**Note:** Copy the `publicKey` and `privateKey` from the output. You need to add keys to .env file before running CDK deploy.
3. **BAP (Buyer Application Provider) Environment**
This will deploy the following stacks: VPC, Amazon EKS, BAP, and common services in Amazon EKS - Redis, DocumentDB, and RabbitMQ:
```bash
cdk deploy --context env=bap --all
```
4. **BPP (Buyer Platform Provider) Environment**
This will deploy the following stacks: VPC, Amazon EKS, BAP, and common services in Amazon EKS - Redis, DocumentDB, and RabbitMQ:
```bash
cdk deploy --context env=bpp -all
```
5. **Sandbox Environment**
This environment is suitable for non-prod setup and will deploy all the stacks including - VPC, Amazon EKS, Amazon RDS Aurora Postgres, all Beckn-Onix services including common services:
```bash
cdk deploy --context env=sandbox --all
```
## Next Steps
After installing all Beckn-Onix services, proceed with the next steps to verify and complete the setup:
1. **[Verify Deployments](documentations/verify-deployments.md)**
To ensure that your Beckn-Onix services are running correctly, follow the instructions in the [Verify Deployments](documentations/verify-deployments.md) document. This will help you confirm that the services are operational and identify any issues that need to be addressed.
2. **[Update DNS Records](documentations/post-deployment-dns-config.md)**
To configure DNS settings for your services, follow the instructions provided in the [Post-Deployment DNS Configuration](documentations/post-deployment-dns-config.md) document. This will guide you through retrieving the necessary Load Balancer addresses and updating your DNS records.
3. **[Register BAP and BPP with Registry](documentations/post-deployment-bap-bpp-register.md)**
After updating your DNS records, you need to register your participants BAP and BPP network with the registry service. Follow the steps in the [BAP and BPP Registration](documentations/post-deployment-bap-bpp-register.md) document to complete this process.

255
aws-cdk/documentations/02-Deployment-Helm-Beckn-ONIX.md Normal file
View File

@@ -0,0 +1,255 @@
# Beckn-ONIX AWS CDK Helm Charts
This repository contains Helm charts for deploying the Beckn-ONIX services on AWS using the AWS CDK framework. The charts are designed to deploy the following applications:
- **Registry**: Manages Beckn service providers and categories, and provides an additional layer of trust on the network by listing platforms that are compliant to a networks rules and policies.
- **Gateway**: Central point for routing Beckn messages between providers and participants.
- **BAP (Beckn Application Platform)**: A consumer-facing infrastructure which captures consumers requests via its UI applications, converts them into beckn-compliant schemas and APIs at the server side, and fires them at the network.
- **BPP (Beckn Provider Platform)**: Other side of the network is the supply side which consists of Beckn Provider Platforms (BPPs) that maintain an active inventory, one or more catalogs of products and services, implement the supply logic and enable fulfillment of orders.
## Prerequisites
- **Amazon EKS Requirements**:
- [**Load Balancer Controller**](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html): Required for **Registry** and **Gateway**.
- [**EBS CSI Driver**](https://docs.aws.amazon.com/eks/latest/userguide/pv-csi.html) and [**EFS CSI Driver**](https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html): Required for **BAP** and **BPP**.
If deploying all Beckn-ONIX components on the same EKS cluster, all three add-ons are necessary.
- **Kubectl Client**: Configured with the Amazon EKS cluster.
- **Helm 3 Client**: For managing Helm charts.
- **A PostgreSQL Database Instance**: Managed by AWS RDS Aurora in this case.
- **Public Domain/Sub-Domain**: Along with SSL certificates for HTTPS.
### Domain and Subdomains
Beckn-ONIX requires a public domain to be associated with the following services:
- Registry
- Gateway
- BAP Network
- BPP Network
Users must obtain a public domain and create subdomains for each service. Additionally, an SSL certificate must be issued for each subdomain to enable HTTPS. You can use [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/pricing/), which provides public SSL/TLS certificates at no cost.
## Requesting a Public SSL Certificate through AWS Certificate Manager
Gather the list of subdomains you intend to use for Beckn-ONIX services (as outlined in the pre-requisite).
To obtain an SSL certificate through AWS Certificate Manager, follow the easy steps provided in the official [AWS ACM Documentation](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html).
Once a certificate is issued, copy the certificate ARN to be used in the Helm charts later. The certificate ARN follows this format:
`arn:aws:acm:ap-south-1:<aws-account-id>:certificate/<identifier>`
## Helm Parameters
Before installing the Helm chart, its important to familiarize yourself with all the available parameters. Each parameter allows you to customize the Helm chart according to your deployment needs. Review the descriptions and default values to understand how they will impact your setup.
**Note:** If a parameter does not have a default value listed, you are expected to provide a value for it during Helm installation.
### Registry Parameters
**Note:** Default values that are empty must be provided during chart execution.
| Name | Description | Default Value |
| ----------------------------- | --------------------------------------- | ---------------------------------------------------- |
| `externalDomain` | External domain for the Registry service, e.g. <br> `registry.beckn-onix-aws-cdk.becknprotocol.io`| |
| `database.host` | PostgreSQL database host, e.g. <br> `beckn-onix-registry.ap-south-1.rds.amazonaws.com`| |
| `database.dbname` | PostgreSQL database name | `registry` |
| `database.username` | PostgreSQL database username | `postgres` |
| `database.password` | PostgreSQL database password | |
| `ingress.tls.certificateArn` | ARN for the TLS certificate, e.g. <br> `arn:aws:acm:region:account-id:certificate/certificate-id`| |
---
### Gateway Parameters
**Note:** Default values that are empty must be provided during chart execution.
| Name | Description | Default Value |
| ----------------------------- | --------------------------------------- | ---------------------------------------------------- |
| `externalDomain` | External domain for the Gateway service, e.g. <br> `gateway.beckn-onix-aws-cdk.becknprotocol.io`| |
| `registry_url` | Registry URL for Beckn services, e.g. <br> `https://registry.beckn-onix-aws-cdk.becknprotocol.io`| |
| `database.host` | PostgreSQL database host, e.g. <br> `beckn-onix-registry.ap-south-1.rds.amazonaws.com`| |
| `database.dbname` | PostgreSQL database name | `gateway` |
| `database.username` | PostgreSQL database username | `postgres` |
| `database.password` | PostgreSQL database password | |
| `ingress.tls.certificateArn` | ARN for the TLS certificate, e.g. <br> `arn:aws:acm:region:account-id:certificate/certificate-id`| |
---
### BAP/BPP Parameters
**Note:** Default values that are empty must be provided during chart execution.
| Name | Description | Default Value |
| ----------------------------------------- | -------------------------------------------------- | --------------------------------------------------- |
| `global.externalDomain` | External domain for the BAP/BPP network service, e.g. `bap-network.beckn-onix-aws-cdk.becknprotocol.io` (BAP), `bpp-network.beckn-onix-aws-cdk.becknprotocol.io` (BPP)| |
| `global.registry_url` | Registry URL for Beckn services, e.g. `https://registry.beckn-onix-aws-cdk.becknprotocol.io`| |
| `global.responseCacheMongo.username` | MongoDB username for response caching | `root` |
| `global.responseCacheMongo.password` | MongoDB password for response caching |
| `global.responseCacheMongo.host` | MongoDB host for response caching | `mongodb.bap-common-services.svc.cluster.local` |
| `global.rabbitMQamqp.password` | RabbitMQ AMQP password for message processing | |
| `global.rabbitMQamqp.host` | RebbitMQ host | `rabbitmq.bap-common-services.svc.cluster.local` |
| `global.redisCache.host` | Redis host | `redis-master.bap-common-services.svc.cluster.local ` |
| `global.ingress.tls.certificateArn` | ARN for the TLS certificate, e.g. `arn:aws:acm:region:account-id:certificate/certificate-id`| |
| `global.bap.privateKey` or `global.bpp.privateKey` | Private key for BAP/BPP, used during registration | |
| `global.bap.publicKey` or `global.bpp.publicKey` | Public key for BAP/BPP, used during registration | |
## Installing the Charts
Before installing the charts, ensure AWS RDS Aurora PostgreSQL database is running and accessible from your EKS cluster.
### Beckn-ONIX Registry
```bash
helm install registry . \
--set externalDomain=<registry_external_domain> \
--set database.host=<rds_postgres_database_hostname> \
--set database.password=<db_password> \
--set ingress.tls.certificateArn="aws_certificate_manager_arm"
```
### Beckn-ONIX Gateway
```bash
helm install gateway . \
--set externalDomain=<gateway_external_domain> \
--set registry_url=https://<registry_domain> \
--set database.host=<rds_postgres_database_hostname> \
--set database.password=<rds_postgres_db_password> \
--set ingress.tls.certificateArn="aws_certificate_manager_arm"
```
### Common Services Charts for BAP & BPP
BAP and BPP services require Redis, MongoDB, and RabbitMQ. These services must be installed before deploying Beckn-ONIX. You can use Bitnami Helm charts for installation: [Bitnami Helm Charts](https://github.com/bitnami/charts/tree/main/bitnami/).
#### Install Common Services for BAP
#### Create Namespace and Add Bitnami Helm Repository
```bash
kubectl create namespace bap-common-services
helm repo add bitnami https://charts.bitnami.com/bitnami
```
#### Install Redis
```bash
helm install -n bap-common-services redis bitnami/redis \
--set auth.enabled=false \
--set replica.replicaCount=0 \
--set master.persistence.storageClass="gp2"
```
#### Install MongoDB
```bash
helm install -n bap-common-services mongodb bitnami/mongodb \
--set persistence.storageClass="gp2"
# To get the Mongodb root password run:
kubectl get secret --namespace bap-common-services mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 -d)
```
#### Install RabbitMQ
```
helm install -n bap-common-services rabbitmq bitnami/rabbitmq \
--set persistence.enabled=true \
--set persistence.storageClass="gp2" \
--set auth.username=beckn \
--set auth.password=$(openssl rand -base64 12)
```
#### Install Common Services for BPP
For BPP, follow the same installation steps as for BAP, but with modifications specific to the BPP K8s namespace:
1. **Create Namespace for BPP and Add Bitnami Helm Repository**
```bash
kubectl create namespace bpp-common-services
helm repo add bitnami https://charts.bitnami.com/bitnami
```
#### Install Redis
```bash
helm install -n bpp-common-services redis bitnami/redis \
--set auth.enabled=false \
--set replica.replicaCount=0 \
--set master.persistence.storageClass="gp2"
```
#### Install MongoDB
```bash
helm install -n bpp-common-services mongodb bitnami/mongodb \
--set persistence.storageClass="gp2"
# To get the Mongodb root password run:
kubectl get secret --namespace bap-common-services mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 -d)
```
#### Install RabbitMQ
```
helm install -n bpp-common-services rabbitmq bitnami/rabbitmq \
--set persistence.enabled=true \
--set persistence.storageClass="gp2" \
--set auth.username=beckn \
--set auth.password=$(openssl rand -base64 12)
```
### Proceed to Install Beckn-ONIX BAP & BPP
#### Generate SSL Key Pair
The Protocol Server (BAP/BPP) provides a key generation script.
**Note:** Ensure Node.js is installed on your system.
```bash
curl https://raw.githubusercontent.com/beckn/protocol-server/master/scripts/generate-keys.js > generate-keys.js
npm install libsodium-wrappers
node generate-keys.js
```
Copy the `publicKey` and `privateKey` from the output. You need to pass keys to following Helm install command. These keys are also added into the K8s secrets via Helm chart.
> **Info:** AWS CDK automates this process by using the same key generation script and passing the keys directly to the Helm chart.
#### Beck-ONIX BAP
```bash
helm install beckn-onix-bap . \
--set global.externalDomain=<bap_network_external_domain> \
--set global.registry_url=https://<registry_domain> \
--set global.ingress.tls.certificateArn="aws_certificate_manager_arm" \
--set global.bap.privateKey="private-key" \
--set global.bap.publicKey="public-key" \
--set global.efs.fileSystemId="efs-systemId"
```
#### Beckn-ONIX BPP
```bash
helm install beckn-onix-bpp . \
--set global.externalDomain=<bpp_network_external_domain> \
--set global.registry_url=https://<registry_domain> \
--set global.ingress.tls.certificateArn="aws_certificate_manager_arm"
--set global.bpp.privateKey="private-key" \
--set global.bpp.publicKey="public-key" \
--set global.efs.fileSystemId="efs-systemId"
```
## Next Steps
After installing all Beckn-Onix services, proceed with the next steps to complete the setup:
1. **[Verify Deployments](documentations/verify-deployments.md)**
To ensure that your Beckn-Onix services are running correctly, follow the instructions in the [Verify Deployments](documentations/verify-deployments.md) document. This will help you confirm that the services are operational and identify any issues that need to be addressed.
2. **[Update DNS Records](documentations/post-deployment-dns-config.md)**
To configure DNS settings for your services, follow the instructions provided in the [Post-Deployment DNS Configuration](documentations/post-deployment-dns-config.md) document. This will guide you through retrieving the necessary Load Balancer addresses and updating your DNS records.
3. **[Register BAP and BPP with Registry](documentations/post-deployment-bap-bpp-register.md)**
After updating your DNS records, you need to register your participants BAP and BPP network with the registry service. Follow the steps in the [BAP and BPP Registration](documentations/post-deployment-bap-bpp-register.md) document to complete this process.
Make sure to follow the detailed steps in the linked documents to complete the setup and ensure your services are correctly configured and registered.

49
aws-cdk/documentations/helm-updates-release-process.md Normal file
View File

@@ -0,0 +1,49 @@
# Updating Helm Charts and Creating Releases
## Overview
This guide provides instructions on how to update Helm charts and create a new release. Follow these steps to ensure your updates are applied and released correctly.
## Prerequisites
- Helm installed and configured on your local machine.
- Access to the Helm chart repository and necessary permissions.
## Steps to Update Helm Charts
1. **Clone the Repository**
```bash
git clone https://github.com/beckn/beckn-onix.git
cd aws-cdk/helm
```
2. **Create a New Branch for Updates**
```bash
git checkout -b <update-branch-name>
```
3. Update Helm Chart
* Navigate to the Helm chart directory: helm/registry
* Modify the necessary files (e.g., values.yaml, templates/, Chart.yaml)
Example change in values.yaml: `replicaCount: 3`
4. Test Your Changes Locally
**Note: *** Make sure to supply necessary inputs to Helm charts with `--set`
```bash
cd registry
helm lint registry .
helm --dry-run install registry .
helm --dry-run upgrade registry .
```
5. Update Chart Version
* Check the current version and increment the version in Chart.yaml
```bash
version: 1.1.0
```
6. Create a Pull Request to push your changes
## Creating a Release

BIN
aws-cdk/documentations/images/AWS-CDK-Flow.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 246 KiB

BIN
aws-cdk/documentations/images/Beckn-ONIX-AWS-reference-arch-master.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
aws-cdk/documentations/images/participant-network-role.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 177 KiB

BIN
aws-cdk/documentations/images/participant-status-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 231 KiB

BIN
aws-cdk/documentations/images/registry-network-participants.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 168 KiB

100
aws-cdk/documentations/post-deployment-bap-bpp-register.md Normal file
View File

@@ -0,0 +1,100 @@
# BAP and BPP registration with Registry
After updating your DNS records, you need to register the `bap-network` and `bpp-network` services with the registry service. Follow these instructions to complete the registration process:
## 1. Register BAP or BPP Network
### Formulate the Registration Payload
Use the table below to create the JSON payload for registering the `bap-network` or `bpp-network`:
| Field | Description | Example Value |
|----------------------|---------------------------------------------------------------|-------------------------------------------------------------|
| `subscriber_id` | Set this to the DNS name of the `bap-network` or `bpp-network`. | `bap-network.beckn-onix-aws-cdk.becknprotocol.io` or `bpp-network.beckn-onix-aws-cdk.becknprotocol.io` |
| `pub_key_id` | Public key that the BAP/BPP service started with. | |
| `unique_key_id` | Unique key identifier, usually in the format `subscriber_id.k1`. | `bap-network.beckn-onix-aws-cdk.becknprotocol.io.k1` or `bpp-network.beckn-onix-aws-cdk.becknprotocol.io.k1` |
| `subscriber_url` | URL of the `bap-network` or `bpp-network`. | `https://bap-network.beckn-onix-aws-cdk.becknprotocol.io` or `https://bpp-network.beckn-onix-aws-cdk.becknprotocol.io` |
| `domain` | Leave this as an empty string if not used. Or check if a domain has been configured on Registry. | ` ` |
| `extended_attributes`| Additional attributes if any. | `{"domains": []}` |
| `encr_public_key` | Encryption public key that the BAP/BPP service uses. This is same as `pub_key_id` | |
| `signing_public_key` | Signing public key that the BAP/BPP service uses. This is same as `pub_key_id` | |
| `valid_from` | Start date and time in ISO 8601 format. | `2024-09-05T09:27:57.630Z` |
| `valid_until` | Expiration date and time in ISO 8601 format. | `2027-09-06T09:28:40.494Z` |
| `type` | Set to `BAP` or `BPP` based on the service. | `BAP` or `BPP` |
| `country` | Country code. | `IND` |
| `status` | Use `SUBSCRIBED` to indicate that the registration is complete. | `SUBSCRIBED` |
**Example `curl` Command for BAP Network:**
```bash
curl --location --request POST 'https://registry.beckn-onix-aws-cdk.becknprotocol.io/subscribers/register' \
--header "Content-Type: application/json" \
--data-raw '{
"subscriber_id": "subscriber_id",
"pub_key_id": "public_key",
"unique_key_id": "subscriber_id.k1",
"subscriber_url": "https://url_bap_network",
"domain": " ",
"extended_attributes": {"domains": []},
"encr_public_key": "public_key",
"signing_public_key": "public_key",
"valid_from": "2024-09-05T09:27:57.630Z",
"valid_until": "2027-09-06T09:28:40.494Z",
"type": "BAP",
"country": "IND",
"status": "SUBSCRIBED"
}'
```
**Example `curl` Command for BPP Network:**
```bash
curl --location --request POST 'https://registry.beckn-onix-aws-cdk.becknprotocol.io/subscribers/register' \
--header "Content-Type: application/json" \
--data-raw '{
"subscriber_id": "subscriber_id",
"pub_key_id": "public_key",
"unique_key_id": "subscriber_id.k1",
"subscriber_url": "https://url-bpp-network",
"domain": " ",
"extended_attributes": {"domains": []},
"encr_public_key": "public_key",
"signing_public_key": "public_key",
"valid_from": "2024-09-05T09:27:57.630Z",
"valid_until": "2027-09-06T09:28:40.494Z",
"type": "BPP",
"country": "IND",
"status": "SUBSCRIBED"
}'
```
### Update Status in Registry UI
After sending the registration request, you need to manually update the status in the registry service UI. The auto-registration feature of BAP and BPP with Registry is in the backlog. Follow these steps:
1. **Login into the Registry**
Navigate to the **Admin** section, and click on **Network Participant**.
<img src="images/registry-network-participants.png" alt="Admin - Network Participant" width="600" style="border: 2px solid #000000;">
2. **Open BAP or BPP Participant**
Find and select the **BAP** or **BPP** participant you registered earlier.
<img src="images/participant-network-role.png" alt="Open BAP or BPP Participant" width="600" style="border: 2px solid #000000;">
3. **Navigate to Network Role Tab and Edit**
Go to the **Network Role** tab and click **Edit**.
<img src="images/participant-network-role.png" alt="Network Role Tab" width="600" style="border: 2px solid #000000;">
4. **Edit Status and Select SUBSCRIBE**
Update the status from `INITIATED` to `SUBSCRIBED`, then save your changes.
<img src="images/participant-status-update.png" alt="Edit Status" width="600" style="border: 2px solid #000000;">

50
aws-cdk/documentations/post-deployment-dns-config.md Normal file
View File

@@ -0,0 +1,50 @@
# Beckn-ONIX DNS Configuration
After verifying that the Beckn-Onix services (`registry`, `gateway`, `bap-network`, and `bap-client`) are successfully deployed, you need to update your DNS settings to ensure proper routing of traffic. Follow these steps to configure your DNS records.
### Retrieve the Amazon ALB's DNS Addresses
Run following commands to extract the external DNS name of the Amazon ALB attached with Ingress across all Beckn-ONIX services.
Alternatively, you can retrieve the DNS names of the Amazon ALBs associated with the Ingress resources from the AWS Management Console or using the AWS CLI.
#### Registry
```bash
kubectl -n beckn-onix-registry get ingress -o jsonpath='{.items[*].status.loadBalancer.ingress[*].hostname}'
```
#### Gateway
```bash
kubectl -n beckn-onix-registry get ingress -o jsonpath='{.items[*].status.loadBalancer.ingress[*].hostname}'
```
#### BAP Network
```bash
kubectl -n beckn-onix-bap get ingress -o jsonpath='{.items[*].status.loadBalancer.ingress[*].hostname}'
```
#### BPP Network
```bash
kubectl -n beckn-onix-bpp get ingress -o jsonpath='{.items[*].status.loadBalancer.ingress[*].hostname}'
```
### Update DNS Records
#### 1. Log in to Your DNS Provider
Access the management console of your domain registrar or DNS hosting provider. For instance, if using Amazon Route 53, go to the Route 53 dashboard in the AWS Management Console.
#### 2. Add DNS Records
Create or update DNS records for each service. You need to set up the following DNS records for your services:
- **Type:** CNAME (or Alias record if using Route 53)
- **Name:** The subdomain you want to use (e.g., `registry.beckn-onix-aws-cdk.becknprotocol.io`, `gateway.beckn-onix-aws-cdk.becknprotocol.io`, etc.)
- **Value:** The respective DNS name of the Amazon ALB retrieved in the previous step.
## Next Steps
After updating your DNS records, you need to register your participants BAP and BPP network with the registry service. Follow the steps in the [BAP and BPP Registration](documentations/post-deployment-bap-bpp-register.md) document to complete this process.
**[Register BAP and BPP with Registry](documentations/post-deployment-bap-bpp-register.md)**

112
aws-cdk/documentations/verify-deployments.md Normal file
View File

@@ -0,0 +1,112 @@
### Verifying Deployed Beckn-ONIX Services in Amazon EKS
Once the Helm charts are successfully deployed, you can verify that the services (Registry, Gateway, Redis, MongoDB, RabbitMQ, BAP and BPP) are running correctly in your Amazon EKS cluster by using the following commands.
#### 1. Verify Namespaces
Run the following command to check `namespaces`
```bash
$ kubectl get namespaces
NAME STATUS AGE
bap-common-services Active 5d21h
beckn-onix-bap Active 5d21h
beckn-onix-bpp Active 4d20h
beckn-onix-gateway Active 6d19h
beckn-onix-registry Active 6d20h
bpp-common-services Active 4d21h
```
#### 2. Verify Pods Status
Run the following command to check the status of all pods in the `namespace` where the services are deployed:
```bash
$ kubectl -n beckn-onix-registry get pod
NAME READY STATUS RESTARTS AGE
beckn-onix-registry-5f96f7b755-49nz6 1/1 Running 0 2d1h
```
```bash
$ kubectl -n beckn-onix-gateway get pod
NAME READY STATUS RESTARTS AGE
beckn-onix-gateway-574d67df98-qbvtb 1/1 Running 0 2d1h
```
```bash
$ kubectl -n bap-common-services get pod
NAME READY STATUS RESTARTS AGE
mongodb-597955cb85-kctrd 1/1 Running 0 5d21h
rabbitmq-0 1/1 Running 0 2d1h
redis-master-0 1/1 Running 0 5d21h
```
```bash
$ kubectl -n bpp-common-services get pod
NAME READY STATUS RESTARTS AGE
mongodb-597955cb85-nqs4r 1/1 Running 0 4d21h
rabbitmq-0 1/1 Running 0 2d1h
redis-master-0 1/1 Running 0 2d1h
```
```bash
$ kubectl -n beckn-onix-bap get pod
NAME READY STATUS RESTARTS AGE
bap-client-84c5d6b6fd-cb9qr 1/1 Running 0 2d1h
bap-network-d875cdb9c-btjcl 1/1 Running 0 2d1h
```
```bash
$ kubectl -n beckn-onix-bpp get pod
NAME READY STATUS RESTARTS AGE
bpp-client-59f976cb94-4cmwh 1/1 Running 0 2d1h
bpp-network-5f88bb75d9-jc7g4 1/1 Running 0 2d1h
```
#### 3. Verify Ingress and Kubernetes Service
The Ingress resource provisions an Amazon Application Load Balancer (ALB) that routes external traffic to the appropriate Kubernetes service, which then directs the traffic to the underlying service pods.
```bash
$ kubectl -n beckn-onix-registry get ingress,svc
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/beckn-onix-registry-ingress alb * beckn-onix-registry-1902090994.ap-south-1.elb.amazonaws.com 80 6d20h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/beckn-onix-registry-svc ClusterIP 10.100.55.190 <none> 3030/TCP 6d20h
```
```bash
$ kubectl -n beckn-onix-gateway get ingress,svc
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/beckn-onix-gateway-ingress alb * beckn-onix-gateway-1452877031.ap-south-1.elb.amazonaws.com 80 6d19h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/beckn-onix-gateway-svc ClusterIP 10.100.44.118 <none> 4030/TCP 6d19h
```
```bash
$ kubectl -n beckn-onix-bap get ingress,svc
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/bap-network-ingress alb * beckn-onix-bap-network-1610405288.ap-south-1.elb.amazonaws.com 80 5d20h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/bap-network-svc ClusterIP 10.100.36.244 <none> 5001/TCP 5d21h
```
```bash
$ kubectl -n beckn-onix-bpp get ingress,svc
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/bpp-network-ingress alb * beckn-onix-bpp-network-736891093.ap-south-1.elb.amazonaws.com 80 4d21h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/bpp-network-svc ClusterIP 10.100.130.43 <none> 6001/TCP 4d21h
```
## Next Steps
After verifying that all Beckn-Onix services have been deployed successfully, proceed with the next steps to complete the setup:
1. **[Update DNS Records](post-deployment-dns-config.md)**
To configure DNS settings for your services, follow the instructions provided in the [Post-Deployment DNS Configuration](post-deployment-dns-config.md) document. This will guide you through retrieving the necessary Load Balancer addresses and updating your DNS records.
Make sure to follow the detailed steps in the linked document to ensure that your DNS records are correctly configured for proper service routing.

24
aws-cdk/helm/beckn-onix-bap/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: beckn-onix-bap
description: Beckn ONIX BAP Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0.0"

24
aws-cdk/helm/beckn-onix-bap/charts/bap-client/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: bap-client
description: BAP Client Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0.0"

31
aws-cdk/helm/beckn-onix-bap/charts/bap-client/ingress.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.global.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "common.name" . }}-ingress
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
alb.ingress.kubernetes.io/certificate-arn: {{ .Values.global.ingress.tls.certificateArn | quote }}
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/load-balancer-name: beckn-onix-bap-client
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=300
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/success-codes: 200,302
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "common.name" . }}-svc
port:
number: {{ .Values.service.port }}
{{- end }}

11
aws-cdk/helm/beckn-onix-bap/charts/bap-client/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,11 @@
{{ "\n" }}
Get the Beckn-ONIX BAP Client (Protocol Server) URL by running these commands:
{{ "\n" }}
{{- if .Values.global.ingress.enabled }}
export INGRESS_HOST=$(kubectl get ingress {{ include "common.name" . }}-ingress -n {{ .Values.namespace }} -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
{{- if .Values.global.ingress.tls.enabled }}
echo "https://$INGRESS_HOST"
{{- else }}
echo "http://$INGRESS_HOST"
{{- end }}
{{- end }}

93
aws-cdk/helm/beckn-onix-bap/charts/bap-client/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,93 @@
{{/*
Expand the name of the chart or use a provided override.
*/}}
{{- define "common.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name, with truncation to 63 characters.
*/}}
{{- define "common.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Generate a chart name and version label.
*/}}
{{- define "common.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels to be used in all charts.
*/}}
{{- define "common.labels" -}}
helm.sh/chart: {{ include "common.chart" . }}
{{ include "common.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/release: {{ .Release.Revision | quote }}
{{- end }}
{{/*
Common selector labels.
*/}}
{{- define "common.selectorLabels" -}}
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Helper for creating service account names.
*/}}
{{- define "common.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "common.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Helper for image names and tags.
*/}}
{{- define "common.image" -}}
{{ printf "%s:%s" .Values.image.repository .Values.image.tag }}
{{- end }}
{{/*
Helper for constructing resource names with prefixes or suffixes.
*/}}
{{- define "common.resourceName" -}}
{{- printf "%s-%s" (include "common.fullname" .) .Values.suffix | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "getSecretValue" -}}
{{- $secretName := .secretName -}}
{{- $namespace := .namespace -}}
{{- $key := .key -}}
{{- $secret := (lookup "v1" "Secret" $namespace $secretName) -}}
{{- if $secret -}}
{{- $data := $secret.data -}}
{{- if $data -}}
{{- $value := index $data $key | b64dec -}}
{{- $value -}}
{{- else -}}
{{- printf "Error: Secret data for %s not found" $key -}}
{{- end -}}
{{- else -}}
{{- printf "Error: Secret %s not found in namespace %s" $secretName $namespace -}}
{{- end -}}
{{- end -}}

144
aws-cdk/helm/beckn-onix-bap/charts/bap-client/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,144 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.name" . }}-config
namespace: {{ .Values.global.namespace }}
data:
default.yaml: |
# Mandatory
server:
port: {{ .Values.service.port }}
# Redis connection details
cache:
host: {{ .Values.global.redisCache.host }}
port: {{ .Values.global.redisCache.port }}
ttl: "PT10M"
# Optional. Default is 0.
db: 1
# Mongodb connection details
responseCache:
# By default password is picked from MongoDB POD if not supplied through Helm values.
mongoURL: "mongodb://{{ .Values.global.responseCacheMongo.username }}:{{ if .Values.global.responseCacheMongo.password }}{{ .Values.global.responseCacheMongo.password }}{{ else }}{{ include "getSecretValue" (dict "secretName" "mongodb" "namespace" "bap-common-services" "key" "mongodb-root-password") }}{{ end }}@{{ .Values.global.responseCacheMongo.host }}:{{ .Values.global.responseCacheMongo.port }}/{{ .Values.global.responseCacheMongo.dbname }}?authSource=admin"
ttl: "PT10M"
# Priority order will be
# 1. Synchronous
# 2. webhook
# 3. pubSub
client:
synchronous:
# By default password is picked from MongoDB POD if not supplied through Helm values.
mongoURL: "mongodb://{{ .Values.global.responseCacheMongo.username }}:{{ if .Values.global.responseCacheMongo.password }}{{ .Values.global.responseCacheMongo.password }}{{ else }}{{ include "getSecretValue" (dict "secretName" "mongodb" "namespace" "bap-common-services" "key" "mongodb-root-password") }}{{ end }}@{{ .Values.global.responseCacheMongo.host }}:{{ .Values.global.responseCacheMongo.port }}/{{ .Values.global.responseCacheMongo.dbname }}?authSource=admin"
ttl: "PT10M"
# Only required for BPP
# webhook:
# url: "https://beckn.free.beeceptor.com/clientURL"
app:
# Supported mode - bap and bpp
mode: {{ .Values.app.mode }}
# Two types of gateway mode present - client and network
gateway:
mode: {{ .Values.app.gateway.mode }}
inboxQueue: "inbox"
outboxQueue: "outbox"
# RabbitMQ connection details
# By default password is picked from RabbitMQ POD if not supplied through Helm values.
amqpURL: "amqp://{{ .Values.global.rabbitMQamqp.username }}:{{ if .Values.global.rabbitMQamqp.password }}{{ .Values.global.rabbitMQamqp.password }}{{ else }}{{ include "getSecretValue" (dict "secretName" "rabbitmq" "namespace" "bap-common-services" "key" "rabbitmq-password") }}{{ end }}@{{ .Values.global.rabbitMQamqp.host }}:{{ .Values.global.rabbitMQamqp.port }}"
# Mandatory.
actions:
requests:
search:
ttl : "PT15S"
init:
ttl : "PT10S"
select:
ttl : "PT10S"
confirm:
ttl : "PT10S"
status:
ttl : "PT10S"
track:
ttl : "PT10S"
cancel:
ttl : "PT10S"
update:
ttl : "PT10S"
rating:
ttl : "PT10S"
support:
ttl : "PT10S"
get_cancellation_reasons:
ttl : "PT10S"
get_rating_categories:
ttl : "PT10S"
cancellation:
ttl : "PT10S"
responses:
on_search:
ttl: "PT15S"
on_init:
ttl: "PT10S"
on_select:
ttl: "PT10S"
on_confirm:
ttl: "PT10S"
on_status:
ttl: "PT10S"
on_track:
ttl: "PT10S"
on_cancel:
ttl: "PT10S"
on_update:
ttl: "PT10S"
on_rating:
ttl: "PT10S"
on_support:
ttl: "PT10S"
cancellation_reasons:
ttl: "PT10S"
rating_categories:
ttl: "PT10S"
# Mandatory keys
privateKey: {{ .Values.global.bap.privateKey }}
publicKey: {{ .Values.global.bap.publicKey }}
# Subscriber details
subscriberId: "{{ .Values.global.subscriber_id | default .Values.global.externalDomain }}"
subscriberUri: "https://{{ .Values.global.externalDomain }}"
# Registry
registryUrl: "{{ .Values.global.registry_url }}/subscribers"
auth: false
# BAP client key ID
uniqueKey: "{{ .Values.global.externalDomain }}.k1"
# Mandatory
city: "std:080"
country: "IND"
# Mandatory
ttl: "PT10M"
# Mandatory
httpTimeout: "PT3S"
httpRetryCount: 2
telemetry:
enabled: false
url: ""
batchSize: 100
# In minutes
syncInterval: 30
redis_db: 3
useLayer2Config: true
mandateLayer2Config: true

72
aws-cdk/helm/beckn-onix-bap/charts/bap-client/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.name" . }}
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.global.image.repository }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
- name: bap-client-port
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- if .Values.livenessProbe }}
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: bap-client-config
mountPath: "/usr/src/app/config/default.yaml"
subPath: default.yaml
readOnly: true
# EFS volumes for L2 schemas
- name: bap-schemas-efs-volume
mountPath: /usr/src/app/schemas
# EBS volumes for logs
- name: bap-client-logs-ebs-volume
mountPath: /usr/src/app/logs
volumes:
- name: bap-client-config
configMap:
name: {{ include "common.name" . }}-config
- name: bap-schemas-efs-volume
persistentVolumeClaim:
claimName: beckn-onix-bap-efs-pvc
- name: bap-client-logs-ebs-volume
persistentVolumeClaim:
claimName: {{ include "common.name" . }}-logs-pvc

31
aws-cdk/helm/beckn-onix-bap/charts/bap-client/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.global.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "common.name" . }}-ingress
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
alb.ingress.kubernetes.io/certificate-arn: {{ .Values.global.ingress.tls.certificateArn | quote }}
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/load-balancer-name: beckn-onix-bap-client
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=300
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/success-codes: 200,302
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "common.name" . }}-svc
port:
number: {{ .Values.service.port }}
{{- end }}

12
aws-cdk/helm/beckn-onix-bap/charts/bap-client/templates/logs-pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "common.name" . }}-logs-pvc
namespace: {{ .Values.global.namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: gp2

16
aws-cdk/helm/beckn-onix-bap/charts/bap-client/templates/service.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.name" . }}-svc
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: bap-client-port
protocol: TCP
name: http
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

74
aws-cdk/helm/beckn-onix-bap/charts/bap-client/values.yaml Normal file
View File

@@ -0,0 +1,74 @@
# Default values for registry.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
service:
type: ClusterIP
port: 5002
# Supported app mode - bap or bpp. Gateway mode to be either client or network.
app:
mode: bap
gateway:
mode: client
resources:
# Adjust it as per desired POD resource demand
requests:
cpu: "0.5"
memory: "1Gi"
limits:
cpu: "0.5"
memory: "1Gi"
livenessProbe: {}
# httpGet:
# path: /
# port: http
readinessProbe: {}
# httpGet:
# path: /
# port: http
# To configure HPA
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
serviceAccount:
# Specifies whether a service account should be created
create: false
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
nodeSelector: {}
tolerations: []
affinity: {}

24
aws-cdk/helm/beckn-onix-bap/charts/bap-network/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: bap-network
description: BAP Network Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0.0"

11
aws-cdk/helm/beckn-onix-bap/charts/bap-network/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,11 @@
{{ "\n" }}
Get the Beckn-ONIX BAP Network (Protocol Server) URL by running these commands:
{{ "\n" }}
{{- if .Values.global.ingress.enabled }}
export INGRESS_HOST=$(kubectl get ingress {{ include "common.name" . }}-ingress -n {{ .Values.namespace }} -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
{{- if .Values.global.ingress.tls.enabled }}
echo "https://$INGRESS_HOST"
{{- else }}
echo "http://$INGRESS_HOST"
{{- end }}
{{- end }}

94
aws-cdk/helm/beckn-onix-bap/charts/bap-network/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,94 @@
{{/*
Expand the name of the chart or use a provided override.
*/}}
{{- define "common.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name, with truncation to 63 characters.
*/}}
{{- define "common.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Generate a chart name and version label.
*/}}
{{- define "common.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels to be used in all charts.
*/}}
{{- define "common.labels" -}}
helm.sh/chart: {{ include "common.chart" . }}
{{ include "common.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/release: {{ .Release.Revision | quote }}
{{- end }}
{{/*
Common selector labels.
*/}}
{{- define "common.selectorLabels" -}}
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Helper for creating service account names.
*/}}
{{- define "common.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "common.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Helper for image names and tags.
*/}}
{{- define "common.image" -}}
{{ printf "%s:%s" .Values.image.repository .Values.image.tag }}
{{- end }}
{{/*
Helper for constructing resource names with prefixes or suffixes.
*/}}
{{- define "common.resourceName" -}}
{{- printf "%s-%s" (include "common.fullname" .) .Values.suffix | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "getSecretValue" -}}
{{- $secretName := .secretName -}}
{{- $namespace := .namespace -}}
{{- $key := .key -}}
{{- $secret := (lookup "v1" "Secret" $namespace $secretName) -}}
{{- if $secret -}}
{{- $data := $secret.data -}}
{{- if $data -}}
{{- $value := index $data $key | b64dec -}}
{{- $value -}}
{{- else -}}
{{- printf "Error: Secret data for %s not found" $key -}}
{{- end -}}
{{- else -}}
{{- printf "Error: Secret %s not found in namespace %s" $secretName $namespace -}}
{{- end -}}
{{- end -}}

144
aws-cdk/helm/beckn-onix-bap/charts/bap-network/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,144 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.name" . }}-config
namespace: {{ .Values.global.namespace }}
data:
default.yaml: |
# Mandatory
server:
port: {{ .Values.service.port }}
# Redis connection details
cache:
host: {{ .Values.global.redisCache.host }}
port: {{ .Values.global.redisCache.port }}
ttl: "PT10M"
# Optional. Default is 0.
db: 1
# Mongodb connection details
responseCache:
# By default password is picked from MongoDB POD if not supplied through Helm values.
mongoURL: "mongodb://{{ .Values.global.responseCacheMongo.username }}:{{ if .Values.global.responseCacheMongo.password }}{{ .Values.global.responseCacheMongo.password }}{{ else }}{{ include "getSecretValue" (dict "secretName" "mongodb" "namespace" "bap-common-services" "key" "mongodb-root-password") }}{{ end }}@{{ .Values.global.responseCacheMongo.host }}:{{ .Values.global.responseCacheMongo.port }}/{{ .Values.global.responseCacheMongo.dbname }}?authSource=admin"
ttl: "PT10M"
# Priority order will be
# 1. Synchronous
# 2. webhook
# 3. pubSub
client:
synchronous:
# By default password is picked from MongoDB POD if not supplied through Helm values.
mongoURL: "mongodb://{{ .Values.global.responseCacheMongo.username }}:{{ if .Values.global.responseCacheMongo.password }}{{ .Values.global.responseCacheMongo.password }}{{ else }}{{ include "getSecretValue" (dict "secretName" "mongodb" "namespace" "bap-common-services" "key" "mongodb-root-password") }}{{ end }}@{{ .Values.global.responseCacheMongo.host }}:{{ .Values.global.responseCacheMongo.port }}/{{ .Values.global.responseCacheMongo.dbname }}?authSource=admin"
# Only required for BPP
# webhook:
# url: "https://beckn.free.beeceptor.com/clientURL"
app:
# Supported mode - bap and bpp
mode: {{ .Values.app.mode }}
# Two types of gateway mode present - client and network
gateway:
mode: {{ .Values.app.gateway.mode }}
inboxQueue: "inbox"
outboxQueue: "outbox"
# RabbitMQ connection details
# By default password is picked from RabbitMQ POD if not supplied through Helm values.
amqpURL: "amqp://{{ .Values.global.rabbitMQamqp.username }}:{{ if .Values.global.rabbitMQamqp.password }}{{ .Values.global.rabbitMQamqp.password }}{{ else }}{{ include "getSecretValue" (dict "secretName" "rabbitmq" "namespace" "bap-common-services" "key" "rabbitmq-password") }}{{ end }}@{{ .Values.global.rabbitMQamqp.host }}:{{ .Values.global.rabbitMQamqp.port }}"
# Mandatory.
actions:
requests:
search:
ttl : "PT15S"
init:
ttl : "PT10S"
select:
ttl : "PT10S"
confirm:
ttl : "PT10S"
status:
ttl : "PT10S"
track:
ttl : "PT10S"
cancel:
ttl : "PT10S"
update:
ttl : "PT10S"
rating:
ttl : "PT10S"
support:
ttl : "PT10S"
get_cancellation_reasons:
ttl : "PT10S"
get_rating_categories:
ttl : "PT10S"
cancellation:
ttl : "PT10S"
responses:
on_search:
ttl: "PT15S"
on_init:
ttl: "PT10S"
on_select:
ttl: "PT10S"
on_confirm:
ttl: "PT10S"
on_status:
ttl: "PT10S"
on_track:
ttl: "PT10S"
on_cancel:
ttl: "PT10S"
on_update:
ttl: "PT10S"
on_rating:
ttl: "PT10S"
on_support:
ttl: "PT10S"
cancellation_reasons:
ttl: "PT10S"
rating_categories:
ttl: "PT10S"
# Mandatory keys
privateKey: {{ .Values.global.bap.privateKey }}
publicKey: {{ .Values.global.bap.publicKey }}
# Subscriber details
subscriberId: "{{ .Values.global.subscriber_id | default .Values.global.externalDomain }}"
subscriberUri: "https://{{ .Values.global.externalDomain }}"
# Registry
registryUrl: "{{ .Values.global.registry_url }}/subscribers"
auth: false
# BAP client key ID
uniqueKey: "{{ .Values.global.externalDomain }}.k1"
# Mandatory
city: "std:080"
country: "IND"
# Mandatory
ttl: "PT10M"
# Mandatory
httpTimeout: "PT3S"
httpRetryCount: 2
telemetry:
enabled: false
url: ""
batchSize: 100
# In minutes
syncInterval: 30
redis_db: 3
useLayer2Config: true
mandateLayer2Config: true

80
aws-cdk/helm/beckn-onix-bap/charts/bap-network/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,80 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.name" . }}
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: retain-schemas-content-ebs-volume
image: {{ .Values.global.image.repository }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
command: ['sh', '-c', 'cp -r /usr/src/app/schemas/* /mnt/schemas/']
volumeMounts:
- name: bap-schemas-efs-volume
mountPath: /mnt/schemas
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.global.image.repository }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
- name: bap-net-port
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- if .Values.livenessProbe }}
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: bap-network-config
mountPath: "/usr/src/app/config/default.yaml"
subPath: default.yaml
readOnly: true
# EFS volumes for L2 schemas
- name: bap-schemas-efs-volume
mountPath: /usr/src/app/schemas
# EBS volumes for logs
- name: bap-network-logs-ebs-volume
mountPath: /usr/src/app/logs
volumes:
- name: bap-network-config
configMap:
name: {{ include "common.name" . }}-config
- name: bap-schemas-efs-volume
persistentVolumeClaim:
claimName: beckn-onix-bap-efs-pvc
- name: bap-network-logs-ebs-volume
persistentVolumeClaim:
claimName: {{ include "common.name" . }}-logs-pvc

31
aws-cdk/helm/beckn-onix-bap/charts/bap-network/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.global.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "common.name" . }}-ingress
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
alb.ingress.kubernetes.io/certificate-arn: {{ .Values.global.ingress.tls.certificateArn | quote }}
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/load-balancer-name: beckn-onix-bap-network
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=300
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/success-codes: 200,302
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "common.name" . }}-svc
port:
number: {{ .Values.service.port }}
{{- end }}

12
aws-cdk/helm/beckn-onix-bap/charts/bap-network/templates/logs-pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "common.name" . }}-logs-pvc
namespace: {{ .Values.global.namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: gp2

16
aws-cdk/helm/beckn-onix-bap/charts/bap-network/templates/service.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.name" . }}-svc
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: bap-net-port
protocol: TCP
name: http
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

64
aws-cdk/helm/beckn-onix-bap/charts/bap-network/values.yaml Normal file
View File

@@ -0,0 +1,64 @@
replicaCount: 1
service:
type: ClusterIP
port: 5001
# Supported app mode - bap or bpp. Gateway mode to be either client or network.
app:
mode: bap
gateway:
mode: network
resources:
# Adjust it as per desired POD resource demand
requests:
cpu: "0.5"
memory: "1Gi"
limits:
cpu: "0.5"
memory: "1Gi"
livenessProbe: {}
# httpGet:
# path: /
# port: http
readinessProbe: {}
# httpGet:
# path: /
# port: http
# To configure HPA
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
serviceAccount:
# Specifies whether a service account should be created
create: false
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000

6
aws-cdk/helm/beckn-onix-bap/package-lock.json generated Normal file
View File

@@ -0,0 +1,6 @@
{
"name": "beckn-onix-bap",
"lockfileVersion": 3,
"requires": true,
"packages": {}
}

12
aws-cdk/helm/beckn-onix-bap/templates/efs-pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: beckn-onix-bap-efs-pvc
namespace: {{ .Values.global.namespace }}
spec:
accessModes:
- ReadWriteMany
storageClassName: {{ include "common.name" . }}-efs-storageclass
resources:
requests:
storage: 5Gi

9
aws-cdk/helm/beckn-onix-bap/templates/efs-storage-class.yaml Normal file
View File

@@ -0,0 +1,9 @@
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ include "common.name" . }}-efs-storageclass
provisioner: efs.csi.aws.com
parameters:
provisioningMode: efs-ap
fileSystemId: {{ .Values.global.efs.fileSystemId }}
directoryPerms: "755"

6
aws-cdk/helm/beckn-onix-bap/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}

9
aws-cdk/helm/beckn-onix-bap/templates/secret.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: beckn-onix-bap-secret
namespace: {{ .Values.global.namespace }}
type: Opaque
data:
privateKey: {{ .Values.global.bap.publicKey | b64enc | quote }}
publicKey: {{ .Values.global.bap.privateKey | b64enc | quote }}

70
aws-cdk/helm/beckn-onix-bap/values.schema.json Normal file
View File

@@ -0,0 +1,70 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"global": {
"type": "object",
"properties": {
"externalDomain": {
"type": "string",
"description": "The external domain for the BAP network."
},
"registry_url": {
"type": "string",
"description": "The URL for the registry."
},
"ingress": {
"type": "object",
"properties": {
"tls": {
"type": "object",
"properties": {
"certificateArn": {
"type": "string",
"description": "The ARN of the TLS certificate for ingress."
}
},
"required": ["certificateArn"],
"description": "TLS configuration for ingress."
}
},
"required": ["tls"],
"description": "Ingress-related configuration."
},
"efs": {
"type": "object",
"properties": {
"fileSystemId": {
"type": "string",
"description": "The EFS FileSystem ID."
}
},
"required": ["fileSystemId"],
"description": "EFS-related configuration."
},
"bap": {
"type": "object",
"properties": {
"privateKey": {
"type": "string",
"description": "The private key for BAP."
},
"publicKey": {
"type": "string",
"description": "The public key for BAP."
}
},
"required": ["privateKey", "publicKey"],
"description": "Keys for BAP, including both private and public keys."
}
},
"required": [
"externalDomain",
"registry_url",
"ingress",
"efs",
"bap"
]
}
}
}

63
aws-cdk/helm/beckn-onix-bap/values.yaml Normal file
View File

@@ -0,0 +1,63 @@
# Default values for registry.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
namespace: beckn-onix-bap
image:
repository: fidedocker/protocol-server
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
# tag: ""
# Redis connection details
redisCache:
host: redis-master.bap-common-services.svc.cluster.local
port: 6379
# Mongodb connection details
responseCacheMongo:
host: mongodb.bap-common-services.svc.cluster.local
port: 27017
dbname: protocol_server
username: root
password:
# RabbitMQ connection details
rabbitMQamqp:
host: rabbitmq.bap-common-services.svc.cluster.local
port: 5672
username: beckn
password:
# Ingress definition for AWS Application Loadbalancer.
# This is required for each component available over the public network.
ingress:
enabled: true # If enabled, ALB will be provisioned as per ingress.yaml. Without ingress service will be scoped to K8s cluster.
tls:
# SSL certificate location from AWS Certificate Manager - https://aws.amazon.com/certificate-manager/
certificateArn:
sslRedirect: true # Set to true to enable SSL redirection, useful for UI redirection.
# Must be set while installing Helm chart
externalDomain:
registry_url:
bpp:
privateKey:
publicKey:
efs:
fileSystemId:
# BPP subscribe_id. Default to externalDomain value.
subscriber_id:
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
nodeSelector: {}
tolerations: []
affinity: {}

24
aws-cdk/helm/beckn-onix-bpp/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: beckn-onix-bpp
description: Beckn ONIX BPP Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0.0"

24
aws-cdk/helm/beckn-onix-bpp/charts/bpp-client/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: bpp-client
description: BPP Client Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0.0"

11
aws-cdk/helm/beckn-onix-bpp/charts/bpp-client/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,11 @@
{{ "\n" }}
Get the Beckn-ONIX BPP Client (Protocol Server) URL by running these commands:
{{ "\n" }}
{{- if .Values.global.ingress.enabled }}
export INGRESS_HOST=$(kubectl get ingress {{ include "common.name" . }}-ingress -n {{ .Values.namespace }} -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
{{- if .Values.global.ingress.tls.enabled }}
echo "https://$INGRESS_HOST"
{{- else }}
echo "http://$INGRESS_HOST"
{{- end }}
{{- end }}

75
aws-cdk/helm/beckn-onix-bpp/charts/bpp-client/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,75 @@
{{/*
Expand the name of the chart or use a provided override.
*/}}
{{- define "common.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name, with truncation to 63 characters.
*/}}
{{- define "common.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Generate a chart name and version label.
*/}}
{{- define "common.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels to be used in all charts.
*/}}
{{- define "common.labels" -}}
helm.sh/chart: {{ include "common.chart" . }}
{{ include "common.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/release: {{ .Release.Revision | quote }}
{{- end }}
{{/*
Common selector labels.
*/}}
{{- define "common.selectorLabels" -}}
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Helper for creating service account names.
*/}}
{{- define "common.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "common.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Helper for image names and tags.
*/}}
{{- define "common.image" -}}
{{ printf "%s:%s" .Values.image.repository .Values.image.tag }}
{{- end }}
{{/*
Helper for constructing resource names with prefixes or suffixes.
*/}}
{{- define "common.resourceName" -}}
{{- printf "%s-%s" (include "common.fullname" .) .Values.suffix | trunc 63 | trimSuffix "-" }}
{{- end }}

135
aws-cdk/helm/beckn-onix-bpp/charts/bpp-client/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,135 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.name" . }}-config
namespace: {{ .Values.global.namespace }}
data:
default.yaml: |
# Mandatory
server:
port: {{ .Values.service.port }}
# Redis connection details
cache:
host: {{ .Values.global.redisCache.host }}
port: {{ .Values.global.redisCache.port }}
ttl: "PT10M"
# Optional. Default is 0.
db: 1
# Mongodb connection details
responseCache:
# By default password is picked from MongoDB POD if not supplied through Helm values.
mongoURL: "mongodb://{{ .Values.global.responseCacheMongo.username }}:{{ if .Values.global.responseCacheMongo.password }}{{ .Values.global.responseCacheMongo.password }}{{ else }}{{ include "getSecretValue" (dict "secretName" "mongodb" "namespace" "bpp-common-services" "key" "mongodb-root-password") }}{{ end }}@{{ .Values.global.responseCacheMongo.host }}:{{ .Values.global.responseCacheMongo.port }}/{{ .Values.global.responseCacheMongo.dbname }}?authSource=admin"
ttl: "PT10M"
# synchronous only required for BPP
client:
# Only required for BPP
webhook:
url: "http://sandbox.beckn-onix-aws-cdk.becknprotocol.io"
# Supported mode - bap and bpp
app:
mode: {{ .Values.app.mode }}
# Two types of gateway mode present - client and network
gateway:
mode: {{ .Values.app.gateway.mode }}
inboxQueue: "inbox-bpp"
outboxQueue: "outbox-bpp"
# RabbitMQ connection details
# By default password is picked from RabbitMQ POD if not supplied through Helm values.
amqpURL: "amqp://{{ .Values.global.rabbitMQamqp.username }}:{{ if .Values.global.rabbitMQamqp.password }}{{ .Values.global.rabbitMQamqp.password }}{{ else }}{{ include "getSecretValue" (dict "secretName" "rabbitmq" "namespace" "bpp-common-services" "key" "rabbitmq-password") }}{{ end }}@{{ .Values.global.rabbitMQamqp.host }}:{{ .Values.global.rabbitMQamqp.port }}"
# Mandatory.
actions:
requests:
search:
ttl : "PT15S"
init:
ttl : "PT10S"
select:
ttl : "PT10S"
confirm:
ttl : "PT10S"
status:
ttl : "PT10S"
track:
ttl : "PT10S"
cancel:
ttl : "PT10S"
update:
ttl : "PT10S"
rating:
ttl : "PT10S"
support:
ttl : "PT10S"
get_cancellation_reasons:
ttl : "PT10S"
get_rating_categories:
ttl : "PT10S"
cancellation:
ttl : "PT10S"
responses:
on_search:
ttl: "PT15S"
on_init:
ttl: "PT10S"
on_select:
ttl: "PT10S"
on_confirm:
ttl: "PT10S"
on_status:
ttl: "PT10S"
on_track:
ttl: "PT10S"
on_cancel:
ttl: "PT10S"
on_update:
ttl: "PT10S"
on_rating:
ttl: "PT10S"
on_support:
ttl: "PT10S"
cancellation_reasons:
ttl: "PT10S"
rating_categories:
ttl: "PT10S"
# Mandatory keys
privateKey: {{ .Values.global.bpp.privateKey }}
publicKey: {{ .Values.global.bpp.publicKey }}
# Subscriber details
subscriberId: "{{ .Values.global.subscriber_id | default .Values.global.externalDomain }}"
subscriberUri: "https://{{ .Values.global.externalDomain }}"
# Registry
registryUrl: "{{ .Values.global.registry_url }}/subscribers"
auth: false
# BPP client key ID
uniqueKey: "{{ .Values.global.externalDomain }}.k1"
# Mandatory
city: "std:080"
country: "IND"
# Mandatory
ttl: "PT10M"
# Mandatory
httpTimeout: "PT3S"
httpRetryCount: 2
telemetry:
enabled: false
url: ""
batchSize: 100
# In minutes
syncInterval: 30
redis_db: 3
useLayer2Config: true
mandateLayer2Config: true

74
aws-cdk/helm/beckn-onix-bpp/charts/bpp-client/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,74 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.name" . }}
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.global.image.repository }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
- name: bpp-client-port
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- if .Values.livenessProbe }}
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: bpp-client-config
mountPath: "/usr/src/app/config/default.yaml"
subPath: default.yaml
readOnly: true
# EFS volumes for L2 schemas
- name: bpp-schemas-efs-volume
mountPath: /usr/src/app/schemas
# EBS volumes for logs
- name: bpp-client-logs-ebs-volume
mountPath: /usr/src/app/logs
volumes:
- name: bpp-client-config
configMap:
name: {{ include "common.name" . }}-config
- name: bpp-schemas-efs-volume
persistentVolumeClaim:
claimName: beckn-onix-bpp-efs-pvc
- name: bpp-client-logs-ebs-volume
persistentVolumeClaim:
claimName: {{ include "common.name" . }}-logs-pvc

31
aws-cdk/helm/beckn-onix-bpp/charts/bpp-client/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.global.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "common.name" . }}-ingress
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
alb.ingress.kubernetes.io/certificate-arn: {{ .Values.global.ingress.tls.certificateArn | quote }}
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/load-balancer-name: beckn-onix-bpp-client
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=300
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/success-codes: 200,302
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "common.name" . }}-svc
port:
number: {{ .Values.service.port }}
{{- end }}

12
aws-cdk/helm/beckn-onix-bpp/charts/bpp-client/templates/logs-pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "common.name" . }}-logs-pvc
namespace: {{ .Values.global.namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: gp2

16
aws-cdk/helm/beckn-onix-bpp/charts/bpp-client/templates/service.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.name" . }}-svc
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: bpp-client-port
protocol: TCP
name: http
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

14
aws-cdk/helm/beckn-onix-bpp/charts/bpp-client/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.serviceAccountName" . }}
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

72
aws-cdk/helm/beckn-onix-bpp/charts/bpp-client/values.yaml Normal file
View File

@@ -0,0 +1,72 @@
# Default values for registry.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
service:
type: ClusterIP
port: 6002
# Supported app mode - bap or bpp. Gateway mode to be either client or network.
app:
mode: bpp
gateway:
mode: client
resources:
# Adjust it as per desired POD resource demand
requests:
cpu: "0.5"
memory: "1Gi"
limits:
cpu: "0.5"
memory: "1Gi"
livenessProbe: {}
# httpGet:
# path: /
# port: http
readinessProbe: {}
# httpGet:
# path: /
# port: http
# To configure HPA
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
serviceAccount:
# Specifies whether a service account should be created
create: false
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
nodeSelector: {}
tolerations: []
affinity: {}

24
aws-cdk/helm/beckn-onix-bpp/charts/bpp-network/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: bpp-network
description: BPP Network Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0.0"

11
aws-cdk/helm/beckn-onix-bpp/charts/bpp-network/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,11 @@
{{ "\n" }}
Get the Beckn-ONIX BPP Network (Protocol Server) URL by running these commands:
{{ "\n" }}
{{- if .Values.global.ingress.enabled }}
export INGRESS_HOST=$(kubectl get ingress {{ include "common.name" . }}-ingress -n {{ .Values.namespace }} -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
{{- if .Values.global.ingress.tls.enabled }}
echo "https://$INGRESS_HOST"
{{- else }}
echo "http://$INGRESS_HOST"
{{- end }}
{{- end }}

95
aws-cdk/helm/beckn-onix-bpp/charts/bpp-network/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,95 @@
{{/*
Expand the name of the chart or use a provided override.
*/}}
{{- define "common.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name, with truncation to 63 characters.
*/}}
{{- define "common.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Generate a chart name and version label.
*/}}
{{- define "common.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels to be used in all charts.
*/}}
{{- define "common.labels" -}}
helm.sh/chart: {{ include "common.chart" . }}
{{ include "common.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/release: {{ .Release.Revision | quote }}
{{- end }}
{{/*
Common selector labels.
*/}}
{{- define "common.selectorLabels" -}}
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Helper for creating service account names.
*/}}
{{- define "common.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "common.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Helper for image names and tags.
*/}}
{{- define "common.image" -}}
{{ printf "%s:%s" .Values.image.repository .Values.image.tag }}
{{- end }}
{{/*
Helper for constructing resource names with prefixes or suffixes.
*/}}
{{- define "common.resourceName" -}}
{{- printf "%s-%s" (include "common.fullname" .) .Values.suffix | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "getSecretValue" -}}
{{- $secretName := .secretName -}}
{{- $namespace := .namespace -}}
{{- $key := .key -}}
{{- $secret := (lookup "v1" "Secret" $namespace $secretName) -}}
{{- if $secret -}}
{{- $data := $secret.data -}}
{{- if $data -}}
{{- $value := index $data $key | b64dec -}}
{{- $value -}}
{{- else -}}
{{- printf "Error: Secret data for %s not found" $key -}}
{{- end -}}
{{- else -}}
{{- printf "Error: Secret %s not found in namespace %s" $secretName $namespace -}}
{{- end -}}
{{- end -}}

135
aws-cdk/helm/beckn-onix-bpp/charts/bpp-network/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,135 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.name" . }}-config
namespace: {{ .Values.global.namespace }}
data:
default.yaml: |
# Mandatory
server:
port: {{ .Values.service.port }}
# Redis connection details
cache:
host: {{ .Values.global.redisCache.host }}
port: {{ .Values.global.redisCache.port }}
ttl: "PT10M"
# Optional. Default is 0.
db: 1
# Mongodb connection details
responseCache:
# By default password is picked from MongoDB POD if not supplied through Helm values.
mongoURL: "mongodb://{{ .Values.global.responseCacheMongo.username }}:{{ if .Values.global.responseCacheMongo.password }}{{ .Values.global.responseCacheMongo.password }}{{ else }}{{ include "getSecretValue" (dict "secretName" "mongodb" "namespace" "bpp-common-services" "key" "mongodb-root-password") }}{{ end }}@{{ .Values.global.responseCacheMongo.host }}:{{ .Values.global.responseCacheMongo.port }}/{{ .Values.global.responseCacheMongo.dbname }}?authSource=admin"
ttl: "PT10M"
client:
# Only required for BPP
webhook:
url: "http://sandbox.beckn-onix-aws-cdk.becknprotocol.io"
# Supported mode - bap and bpp
app:
mode: {{ .Values.app.mode }}
# Two types of gateway mode present - client and network
gateway:
mode: {{ .Values.app.gateway.mode }}
inboxQueue: "inbox-bpp"
outboxQueue: "outbox-bpp"
# RabbitMQ connection details
# By default password is picked from RabbitMQ POD if not supplied through Helm values.
amqpURL: "amqp://{{ .Values.global.rabbitMQamqp.username }}:{{ if .Values.global.rabbitMQamqp.password }}{{ .Values.global.rabbitMQamqp.password }}{{ else }}{{ include "getSecretValue" (dict "secretName" "rabbitmq" "namespace" "bpp-common-services" "key" "rabbitmq-password") }}{{ end }}@{{ .Values.global.rabbitMQamqp.host }}:{{ .Values.global.rabbitMQamqp.port }}"
# Mandatory.
actions:
requests:
search:
ttl : "PT15S"
init:
ttl : "PT10S"
select:
ttl : "PT10S"
confirm:
ttl : "PT10S"
status:
ttl : "PT10S"
track:
ttl : "PT10S"
cancel:
ttl : "PT10S"
update:
ttl : "PT10S"
rating:
ttl : "PT10S"
support:
ttl : "PT10S"
get_cancellation_reasons:
ttl : "PT10S"
get_rating_categories:
ttl : "PT10S"
cancellation:
ttl : "PT10S"
responses:
on_search:
ttl: "PT15S"
on_init:
ttl: "PT10S"
on_select:
ttl: "PT10S"
on_confirm:
ttl: "PT10S"
on_status:
ttl: "PT10S"
on_track:
ttl: "PT10S"
on_cancel:
ttl: "PT10S"
on_update:
ttl: "PT10S"
on_rating:
ttl: "PT10S"
on_support:
ttl: "PT10S"
cancellation_reasons:
ttl: "PT10S"
rating_categories:
ttl: "PT10S"
# Mandatory keys
privateKey: {{ .Values.global.bpp.privateKey }}
publicKey: {{ .Values.global.bpp.publicKey }}
# Subscriber details
subscriberId: "{{ .Values.global.subscriber_id | default .Values.global.externalDomain }}"
subscriberUri: "https://{{ .Values.global.externalDomain }}"
# Registry
registryUrl: "{{ .Values.global.registry_url }}/subscribers"
auth: false
# BPP client key ID
uniqueKey: "{{ .Values.global.externalDomain }}.k1"
# Mandatory
city: "std:080"
country: "IND"
# Mandatory
ttl: "PT10M"
# Mandatory
httpTimeout: "PT3S"
httpRetryCount: 2
telemetry:
enabled: false
url: ""
batchSize: 100
# In minutes
syncInterval: 30
redis_db: 3
useLayer2Config: true
mandateLayer2Config: true

82
aws-cdk/helm/beckn-onix-bpp/charts/bpp-network/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,82 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.name" . }}
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
strategy:
type: Recreate
{{- end }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: retain-schemas-content-ebs-volume
image: {{ .Values.global.image.repository }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
command: ['sh', '-c', 'cp -r /usr/src/app/schemas/* /mnt/schemas/']
volumeMounts:
- name: bpp-schemas-efs-volume
mountPath: /mnt/schemas
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.global.image.repository }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
- name: bpp-net-port
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- if .Values.livenessProbe }}
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: bpp-network-config
mountPath: "/usr/src/app/config/default.yaml"
subPath: default.yaml
readOnly: true
# EFS volumes for L2 schemas
- name: bpp-schemas-efs-volume
mountPath: /usr/src/app/schemas
# EBS volumes for logs
- name: bpp-network-logs-ebs-volume
mountPath: /usr/src/app/logs
volumes:
- name: bpp-network-config
configMap:
name: {{ include "common.name" . }}-config
- name: bpp-schemas-efs-volume
persistentVolumeClaim:
claimName: beckn-onix-bpp-efs-pvc
- name: bpp-network-logs-ebs-volume
persistentVolumeClaim:
claimName: {{ include "common.name" . }}-logs-pvc

31
aws-cdk/helm/beckn-onix-bpp/charts/bpp-network/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.global.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "common.name" . }}-ingress
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
alb.ingress.kubernetes.io/certificate-arn: {{ .Values.global.ingress.tls.certificateArn | quote }}
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/load-balancer-name: beckn-onix-bpp-network
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=300
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/success-codes: 200,302
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "common.name" . }}-svc
port:
number: {{ .Values.service.port }}
{{- end }}

12
aws-cdk/helm/beckn-onix-bpp/charts/bpp-network/templates/logs-pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "common.name" . }}-logs-pvc
namespace: {{ .Values.global.namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: gp2

16
aws-cdk/helm/beckn-onix-bpp/charts/bpp-network/templates/service.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.name" . }}-svc
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: bpp-net-port
protocol: TCP
name: http
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

14
aws-cdk/helm/beckn-onix-bpp/charts/bpp-network/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.serviceAccountName" . }}
namespace: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

65
aws-cdk/helm/beckn-onix-bpp/charts/bpp-network/values.yaml Normal file
View File

@@ -0,0 +1,65 @@
replicaCount: 1
service:
type: ClusterIP
port: 6001
# Supported app mode - bap or bpp. Gateway mode to be either client or network.
app:
mode: bpp
gateway:
mode: network
resources:
# Adjust it as per desired POD resource demand
requests:
cpu: "0.5"
memory: "1Gi"
limits:
cpu: "0.5"
memory: "1Gi"
livenessProbe: {}
# httpGet:
# path: /
# port: http
readinessProbe: {}
# httpGet:
# path: /
# port: http
# To configure HPA
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
serviceAccount:
# Specifies whether a service account should be created
create: false
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# Default to externalDomain value
subscriber_id:

12
aws-cdk/helm/beckn-onix-bpp/templates/efs-pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: beckn-onix-bpp-efs-pvc
namespace: {{ .Values.global.namespace }}
spec:
accessModes:
- ReadWriteMany
storageClassName: {{ include "common.name" . }}-efs-storageclass
resources:
requests:
storage: 5Gi

9
aws-cdk/helm/beckn-onix-bpp/templates/efs-storage-class.yaml Normal file
View File

@@ -0,0 +1,9 @@
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ include "common.name" . }}-efs-storageclass
provisioner: efs.csi.aws.com
parameters:
provisioningMode: efs-ap
fileSystemId: {{ .Values.global.efs.fileSystemId }}
directoryPerms: "755"

6
aws-cdk/helm/beckn-onix-bpp/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.global.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}

9
aws-cdk/helm/beckn-onix-bpp/templates/secret.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: beckn-onix-bpp-secret
namespace: {{ .Values.global.namespace }}
type: Opaque
data:
privateKey: {{ .Values.global.bpp.publicKey | b64enc | quote }}
publicKey: {{ .Values.global.bpp.privateKey | b64enc | quote }}

70
aws-cdk/helm/beckn-onix-bpp/values.schema.json Normal file
View File

@@ -0,0 +1,70 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"global": {
"type": "object",
"properties": {
"externalDomain": {
"type": "string",
"description": "The external domain for the BPP network."
},
"registry_url": {
"type": "string",
"description": "The URL for the registry."
},
"ingress": {
"type": "object",
"properties": {
"tls": {
"type": "object",
"properties": {
"certificateArn": {
"type": "string",
"description": "The ARN of the TLS certificate for ingress."
}
},
"required": ["certificateArn"],
"description": "TLS configuration for ingress."
}
},
"required": ["tls"],
"description": "Ingress-related configuration."
},
"efs": {
"type": "object",
"properties": {
"fileSystemId": {
"type": "string",
"description": "The EFS FileSystem ID."
}
},
"required": ["fileSystemId"],
"description": "EFS-related configuration."
},
"bpp": {
"type": "object",
"properties": {
"privateKey": {
"type": "string",
"description": "The private key for BPP."
},
"publicKey": {
"type": "string",
"description": "The public key for BPP."
}
},
"required": ["privateKey", "publicKey"],
"description": "Keys for BPP, including both private and public keys."
}
},
"required": [
"externalDomain",
"registry_url",
"ingress",
"efs",
"bpp"
]
}
}
}

63
aws-cdk/helm/beckn-onix-bpp/values.yaml Normal file
View File

@@ -0,0 +1,63 @@
# Default values for registry.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
namespace: beckn-onix-bpp
image:
repository: fidedocker/protocol-server
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
# tag: ""
# Redis connection details
redisCache:
host: redis-master.bpp-common-services.svc.cluster.local
port: 6379
# Mongodb connection details
responseCacheMongo:
host: mongodb.bpp-common-services.svc.cluster.local
port: 27017
dbname: protocol_server
username: root
password:
# RabbitMQ connection details
rabbitMQamqp:
host: rabbitmq.bpp-common-services.svc.cluster.local
port: 5672
username: beckn
password:
# Ingress definition for AWS Application Loadbalancer.
# This is required for each component available over the public network.
ingress:
enabled: true # If enabled, ALB will be provisioned as per ingress.yaml. Without ingress service will be scoped to K8s cluster.
tls:
# Must be set while installing Helm chart. SSL certificate ARN (e.g. arn:aws:acm:region:account-id:certificate/certificate-id) from AWS Certificate Manager - https://aws.amazon.com/certificate-manager/
certificateArn:
sslRedirect: true # Set to true to enable SSL redirection, useful for UI redirection.
# Must be set while installing Helm chart
externalDomain:
registry_url:
bpp:
privateKey:
publicKey:
efs:
fileSystemId:
# BPP subscribe_id. Default to externalDomain value.
subscriber_id:
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
nodeSelector: {}
tolerations: []
affinity: {}

24
aws-cdk/helm/gateway/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: beckn-onix-gateway
description: Beckn ONIX Gateway Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0.0"

9
aws-cdk/helm/gateway/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,9 @@
Get the Beckn-ONIX Gateway URL by running these commands:
{{- if .Values.ingress.enabled }}
export INGRESS_HOST=$(kubectl get ingress {{ include "common.name" . }}-ingress -n {{ .Values.namespace }} -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"){{ "\n" }}
{{- if .Values.ingress.tls.enabled }}
echo "https://$INGRESS_HOST"{{ "\n" }}
{{- else }}
echo "http://$INGRESS_HOST"{{ "\n" }}
{{- end }}
{{- end }}

75
aws-cdk/helm/gateway/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,75 @@
{{/*
Expand the name of the chart or use a provided override.
*/}}
{{- define "common.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name, with truncation to 63 characters.
*/}}
{{- define "common.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Generate a chart name and version label.
*/}}
{{- define "common.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels to be used in all charts.
*/}}
{{- define "common.labels" -}}
helm.sh/chart: {{ include "common.chart" . }}
{{ include "common.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/release: {{ .Release.Revision | quote }}
{{- end }}
{{/*
Common selector labels.
*/}}
{{- define "common.selectorLabels" -}}
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Helper for creating service account names.
*/}}
{{- define "common.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "common.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Helper for image names and tags.
*/}}
{{- define "common.image" -}}
{{ printf "%s:%s" .Values.image.repository .Values.image.tag }}
{{- end }}
{{/*
Helper for constructing resource names with prefixes or suffixes.
*/}}
{{- define "common.resourceName" -}}
{{- printf "%s-%s" (include "common.fullname" .) .Values.suffix | trunc 63 | trimSuffix "-" }}
{{- end }}

18
aws-cdk/helm/gateway/templates/configmap-gtw-onixjson.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.name" . }}-onixjson-config
namespace: {{ .Values.namespace }}
data:
onix.json: |
{
"core_version": "1.1.0",
"registry_id": "{{ .Values.registry_url | default "localhost" | replace "http://" "" | replace "https://" "" }}..LREG",
"search_provider_id": "{{ .Values.externalDomain }}",
"self_registration_supported": true,
"subscription_needed_post_registration": true,
"base_url": "{{ .Values.registry_url | default "localhost" }}",
"registry_url": "{{ .Values.registry_url | default "localhost" }}/subscribers",
"extension_package": "in.succinct.beckn.boc",
"wild_card": ""
}

34
aws-cdk/helm/gateway/templates/configmap-swf-properties.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.name" . }}-config
namespace: {{ .Values.namespace }}
data:
swf.properties: |
swf.load.complete.config.tables.if.count.less.than=500
swf.user.password.encrypted=false
swf.plugins.background.core.workers.numThreads=3
swf.application.authentication.required=false
swf.application.requires.registration=true
swf.host={{ .Values.externalDomain }}
swf.external.port=443
swf.external.scheme=https
swf.jdbc.dbschema=public
swf.jdbc.dbschema.setonconnection=true
swf.jdbc.set.dbschema.command=set search_path to 'public'
swf.jdbc.url=jdbc:postgresql://{{ .Values.database.host }}/{{ .Values.database.dbname }}
swf.jdbc.driver=org.postgresql.Driver
swf.jdbc.userid={{ .Values.database.username }}
swf.jdbc.password={{ .Values.database.password }}
swf.jdbc.readOnly=false
swf.api.keys.case=SNAKE
swf.api.root.required=false
swf.encryption.support=false
swf.ftl.dir=src/main/resources/templates
beckn.auth.enabled=true
in.succinct.beckn.gateway.subscriber_id={{ .Values.externalDomain }}
in.succinct.beckn.gateway.public_key_id={{ .Values.externalDomain }}.k1
in.succinct.onet.country.iso.3=IND
in.succinct.onet.country.iso.2=IN
in.succinct.onet.name=onix

70
aws-cdk/helm/gateway/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,70 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.name" . }}
namespace: {{ .Values.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.image.repository }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: gateway-port
containerPort: {{ .Values.service.port }}
protocol: TCP
- name: sec-gtw-port
containerPort: {{ .Values.service.secondaryPort }}
protocol: TCP
{{- if .Values.livenessProbe }}
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: gateway-config
mountPath: "/gateway/overrideProperties/config/swf.properties"
subPath: swf.properties
readOnly: true
- name: onixjson-config
mountPath: "/gateway/overrideProperties/config/networks/onix.json"
subPath: onix.json
readOnly: true
volumes:
- name: gateway-config
configMap:
name: {{ include "common.name" . }}-config
- name: onixjson-config
configMap:
name: {{ include "common.name" . }}-onixjson-config

32
aws-cdk/helm/gateway/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "common.name" . }}-ingress
namespace: {{ .Values.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
alb.ingress.kubernetes.io/certificate-arn: {{ .Values.ingress.tls.certificateArn | quote }}
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/group.name: beckn-onix-gateway
alb.ingress.kubernetes.io/load-balancer-name: beckn-onix-gateway
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=300
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/success-codes: 200,302
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "common.name" . }}-svc
port:
number: {{ .Values.service.port }}
{{- end }}

6
aws-cdk/helm/gateway/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}

16
aws-cdk/helm/gateway/templates/service.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.name" . }}-svc
namespace: {{ .Values.namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: gateway-port
protocol: TCP
name: http
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

14
aws-cdk/helm/gateway/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "registry.serviceAccountName" . }}
namespace: {{- toYaml .Values.namespace | nindent 2 }}
labels:
{{- include "registry.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

53
aws-cdk/helm/gateway/values.schema.json Normal file
View File

@@ -0,0 +1,53 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"externalDomain": {
"type": "string",
"description": "The external domain for the gateway."
},
"registry_url": {
"type": "string",
"description": "The URL of the registry."
},
"database": {
"type": "object",
"properties": {
"host": {
"type": "string",
"description": "The hostname of the RDS PostgreSQL database."
},
"password": {
"type": "string",
"description": "The password for the RDS PostgreSQL database."
}
},
"required": ["host", "password"],
"description": "Database configuration for the gateway."
},
"ingress": {
"type": "object",
"properties": {
"tls": {
"type": "object",
"properties": {
"certificateArn": {
"type": "string",
"description": "The ARN of the TLS certificate for ingress."
}
},
"required": ["certificateArn"],
"description": "TLS configuration for ingress."
}
},
"required": ["tls"],
"description": "Ingress-related configuration."
}
},
"required": [
"externalDomain",
"registry_url",
"database",
"ingress"
]
}

Some files were not shown because too many files have changed in this diff Show More