Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update helm charts based on new docker images #2534

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 56 additions & 57 deletions deploy/helm/example.values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,45 +53,14 @@ backoffice:
# - secretName: letsencrypt-staging
# hosts:
# - backoffice.ballerine.io

headlessexample:
enabled: true
replicas: 1
strategyType: RollingUpdate
updateStrategy:
maxSurge: 1
maxUnavailable: '0'
nameOverride: headlessexample
service:
port: 80
type: ClusterIP
protocol: TCP
image:
registry: ghcr.io
repository: 'ballerine-io/headless-example'
pullPolicy: Always
pullSecrets: ""
tag: "dev"
ingress:
enabled: true
className: "nginx"
pathtype: Prefix
annotations:
kubernetes.io/ingress.class: nginx
ingress.annotations.service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "<your aws acm arn>"
# acme.cert-manager.io/http01-edit-in-place: "true"
# cert-manager.io/cluster-issuer: letsencrypt-staging
# cert-manager.io/common-name: headlessexample.ballerine.io
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/limit-rps: "15"
hosts:
- host: headlessexample.dev.eu.ballerine.app
paths:
- path: /
tls: {}
# - secretName: letsencrypt-staging
# hosts:
# - headlessexample.ballerine.io
applicationConfig:
VITE_API_URL: http://localhost:3000/api/v1/internal
VITE_API_KEY: secret
VITE_AUTH_ENABLED: true
VITE_MOCK_SERVER: false
VITE_POLLING_INTERVAL: 10
VITE_ASSIGNMENT_POLLING_INTERVAL: 5
VITE_FETCH_SIGNED_URL: false
Comment on lines +56 to +63
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure sensitive data is securely managed.

The VITE_API_KEY and other sensitive parameters should be securely managed and not hardcoded in the configuration file. Consider using environment variables or a secrets management tool.

-      VITE_API_KEY: secret
+      VITE_API_KEY: ${VITE_API_KEY}
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
applicationConfig:
VITE_API_URL: http://localhost:3000/api/v1/internal
VITE_API_KEY: secret
VITE_AUTH_ENABLED: true
VITE_MOCK_SERVER: false
VITE_POLLING_INTERVAL: 10
VITE_ASSIGNMENT_POLLING_INTERVAL: 5
VITE_FETCH_SIGNED_URL: false
applicationConfig:
VITE_API_URL: http://localhost:3000/api/v1/internal
VITE_API_KEY: ${VITE_API_KEY}
VITE_AUTH_ENABLED: true
VITE_MOCK_SERVER: false
VITE_POLLING_INTERVAL: 10
VITE_ASSIGNMENT_POLLING_INTERVAL: 5
VITE_FETCH_SIGNED_URL: false


kybapp:
enabled: true
Expand Down Expand Up @@ -131,6 +100,14 @@ kybapp:
# - secretName: letsencrypt-staging
# hosts:
# - headlessexample.ballerine.io
applicationConfig:
VITE_API_URL: http://localhost:3000/api/v1/internal
VITE_KYB_DEFINITION_ID: "kyb_parent_kyc_session_example"
VITE_API_KEY: secret
VITE_ENVIRONMENT_NAME: local
VITE_DEFAULT_EXAMPLE_TOKEN: 12345678-1234-1234-1234-123456789012
VITE_SENTRY_AUTH_TOKEN: 5
VITE_SENTRY_DSN: false
Comment on lines +103 to +110
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure sensitive data is securely managed.

The VITE_API_KEY, VITE_SENTRY_AUTH_TOKEN, and other sensitive parameters should be securely managed and not hardcoded in the configuration file. Consider using environment variables or a secrets management tool.

-      VITE_API_KEY: secret
+      VITE_API_KEY: ${VITE_API_KEY}
-      VITE_SENTRY_AUTH_TOKEN: 5
+      VITE_SENTRY_AUTH_TOKEN: ${VITE_SENTRY_AUTH_TOKEN}
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
applicationConfig:
VITE_API_URL: http://localhost:3000/api/v1/internal
VITE_KYB_DEFINITION_ID: "kyb_parent_kyc_session_example"
VITE_API_KEY: secret
VITE_ENVIRONMENT_NAME: local
VITE_DEFAULT_EXAMPLE_TOKEN: 12345678-1234-1234-1234-123456789012
VITE_SENTRY_AUTH_TOKEN: 5
VITE_SENTRY_DSN: false
applicationConfig:
VITE_API_URL: http://localhost:3000/api/v1/internal
VITE_KYB_DEFINITION_ID: "kyb_parent_kyc_session_example"
VITE_API_KEY: ${VITE_API_KEY}
VITE_ENVIRONMENT_NAME: local
VITE_DEFAULT_EXAMPLE_TOKEN: 12345678-1234-1234-1234-123456789012
VITE_SENTRY_AUTH_TOKEN: ${VITE_SENTRY_AUTH_TOKEN}
VITE_SENTRY_DSN: false


workflowsdashboard:
enabled: true
Expand Down Expand Up @@ -170,6 +147,10 @@ workflowsdashboard:
# - secretName: letsencrypt-staging
# hosts:
# - workflowdashboard.ballerine.io
applicationConfig:
VITE_API_URL: http://localhost:3000/api/v1/internal
MODE: development
VITE_IMAGE_LOGO_URL: ""
Comment on lines +150 to +153
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure sensitive data is securely managed.

The VITE_API_URL and other sensitive parameters should be securely managed and not hardcoded in the configuration file. Consider using environment variables or a secrets management tool.

-      VITE_API_URL: http://localhost:3000/api/v1/internal
+      VITE_API_URL: ${VITE_API_URL}

Committable suggestion was skipped due to low confidence.


websocketService:
enabled: true
Expand Down Expand Up @@ -206,6 +187,7 @@ websocketService:
paths:
- path: /
applicationConfig:
VITE_API_URL: http://localhost:3000/api/v1/internal
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure sensitive data is securely managed.

The VITE_API_URL and other sensitive parameters should be securely managed and not hardcoded in the configuration file. Consider using environment variables or a secrets management tool.

-    VITE_API_URL: http://localhost:3000/api/v1/internal
+    VITE_API_URL: ${VITE_API_URL}
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
VITE_API_URL: http://localhost:3000/api/v1/internal
VITE_API_URL: ${VITE_API_URL}

PORT: 3500
NODE_ENV: development
COMPOSE_PROJECT_NAME: ballerine-x
Expand Down Expand Up @@ -250,22 +232,39 @@ workflowService:
# hosts:
# - workflowsvc.ballerine.io
applicationConfig:
BCRYPT_SALT: "10"
DB_URL: ""
DB_USER: ""
DB_PASSWORD: ""
DB_PORT: "5432"
PORT: "3000"
COMPOSE_PROJECT_NAME: "ballerine-x"
SESSION_SECRET: "iGdnj4A0YOhj8dHJK7IWSvQKEZsG7P70FFehuddhFPjtg/bSkzFejYILk4Xue6Ilx9y3IAwzR8pV1gb4"
SESSION_EXPIRATION_IN_MINUTES: '60'
BACKOFFICE_CORS_ORIGIN: "http://localhost:5137"
HEADLESS_EXAMPLE_CORS_ORIGIN: "http://localhost:5173"
API_KEY: "secret"
NODE_ENV: "development"
BCRYPT_SALT: 10
COMPOSE_PROJECT_NAME: ballerine-x
PORT: 3000
DB_USER: admin
DB_PASSWORD: admin
DB_PORT: 5432
DB_URL: postgres://admin:admin@localhost:5432/postgres
SESSION_SECRET: iGdnj4A0YOhj8dHJK7IWSvQKEZsG7P70FFehuddhFPjtg/bSkzFejYILk4Xue6Ilx9y3IAwzR8pV1gb4
SESSION_EXPIRATION_IN_MINUTES: 60
WORKFLOW_DASHBOARD_CORS_ORIGIN: http://localhost:5200
BACKOFFICE_CORS_ORIGIN: http://localhost:5137
KYB_EXAMPLE_CORS_ORIGIN: http://localhost:5201
KYC_EXAMPLE_CORS_ORIGIN: http://localhost:5202
API_KEY: secret
NODE_ENV: development
ENVIRONMENT_NAME: local
SENTRY_DSN: ""
WEBHOOK_URL: ""
WORKFLOW_DASHBOARD_CORS_ORIGIN: "http://localhost:5200"
KYB_EXAMPLE_CORS_ORIGIN: "http://localhost:5201"
APP_API_URL: https://alon.ballerine.dev
UNIFIED_API_URL: "https://unified-api-test.eu.ballerine.app"
EMAIL_API_TOKEN: ""
EMAIL_API_URL: ""
AWS_S3_BUCKET_NAME: ""
AWS_S3_BUCKET_KEY: ""
AWS_S3_BUCKET_SECRET: ""
AWS_REGION: ""
ADMIN_API_KEY: admin_secret
MAIL_ADAPTER: log
UNIFIED_API_URL: http://localhost:3001
UNIFIED_API_TOKEN: secret-key
UNIFIED_API_SHARED_SECRET: shared-secret-key
SALESFORCE_API_VERSION: 58.0
SALESFORCE_CONSUMER_KEY: ""
SALESFORCE_CONSUMER_SECRET: ""
APP_API_URL: http://localhost:3000
COLLECTION_FLOW_URL: http://localhost:5201
WEB_UI_SDK_URL: http://localhost:5202
HASHING_KEY_SECRET_BASE64: JDJiJDEwJDNFeWtwWEs4QkdiczlRaWFwLkM4Vk8=
NOTION_API_KEY: secret
Comment on lines +235 to +270
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure sensitive data is securely managed.

The DB_PASSWORD, SESSION_SECRET, API_KEY, EMAIL_API_TOKEN, AWS_S3_BUCKET_KEY, AWS_S3_BUCKET_SECRET, ADMIN_API_KEY, UNIFIED_API_TOKEN, UNIFIED_API_SHARED_SECRET, SALESFORCE_CONSUMER_KEY, SALESFORCE_CONSUMER_SECRET, and NOTION_API_KEY should be securely managed and not hardcoded in the configuration file. Consider using environment variables or a secrets management tool.

-    DB_PASSWORD: admin
+    DB_PASSWORD: ${DB_PASSWORD}
-    SESSION_SECRET: iGdnj4A0YOhj8dHJK7IWSvQKEZsG7P70FFehuddhFPjtg/bSkzFejYILk4Xue6Ilx9y3IAwzR8pV1gb4
+    SESSION_SECRET: ${SESSION_SECRET}
-    API_KEY: secret
+    API_KEY: ${API_KEY}
-    EMAIL_API_TOKEN: ""
+    EMAIL_API_TOKEN: ${EMAIL_API_TOKEN}
-    AWS_S3_BUCKET_KEY: ""
+    AWS_S3_BUCKET_KEY: ${AWS_S3_BUCKET_KEY}
-    AWS_S3_BUCKET_SECRET: ""
+    AWS_S3_BUCKET_SECRET: ${AWS_S3_BUCKET_SECRET}
-    ADMIN_API_KEY: admin_secret
+    ADMIN_API_KEY: ${ADMIN_API_KEY}
-    UNIFIED_API_TOKEN: secret-key
+    UNIFIED_API_TOKEN: ${UNIFIED_API_TOKEN}
-    UNIFIED_API_SHARED_SECRET: shared-secret-key
+    UNIFIED_API_SHARED_SECRET: ${UNIFIED_API_SHARED_SECRET}
-    SALESFORCE_CONSUMER_KEY: ""
+    SALESFORCE_CONSUMER_KEY: ${SALESFORCE_CONSUMER_KEY}
-    SALESFORCE_CONSUMER_SECRET: ""
+    SALESFORCE_CONSUMER_SECRET: ${SALESFORCE_CONSUMER_SECRET}
-    NOTION_API_KEY: secret
+    NOTION_API_KEY: ${NOTION_API_KEY}
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
BCRYPT_SALT: 10
COMPOSE_PROJECT_NAME: ballerine-x
PORT: 3000
DB_USER: admin
DB_PASSWORD: admin
DB_PORT: 5432
DB_URL: postgres://admin:admin@localhost:5432/postgres
SESSION_SECRET: iGdnj4A0YOhj8dHJK7IWSvQKEZsG7P70FFehuddhFPjtg/bSkzFejYILk4Xue6Ilx9y3IAwzR8pV1gb4
SESSION_EXPIRATION_IN_MINUTES: 60
WORKFLOW_DASHBOARD_CORS_ORIGIN: http://localhost:5200
BACKOFFICE_CORS_ORIGIN: http://localhost:5137
KYB_EXAMPLE_CORS_ORIGIN: http://localhost:5201
KYC_EXAMPLE_CORS_ORIGIN: http://localhost:5202
API_KEY: secret
NODE_ENV: development
ENVIRONMENT_NAME: local
SENTRY_DSN: ""
WEBHOOK_URL: ""
WORKFLOW_DASHBOARD_CORS_ORIGIN: "http://localhost:5200"
KYB_EXAMPLE_CORS_ORIGIN: "http://localhost:5201"
APP_API_URL: https://alon.ballerine.dev
UNIFIED_API_URL: "https://unified-api-test.eu.ballerine.app"
EMAIL_API_TOKEN: ""
EMAIL_API_URL: ""
AWS_S3_BUCKET_NAME: ""
AWS_S3_BUCKET_KEY: ""
AWS_S3_BUCKET_SECRET: ""
AWS_REGION: ""
ADMIN_API_KEY: admin_secret
MAIL_ADAPTER: log
UNIFIED_API_URL: http://localhost:3001
UNIFIED_API_TOKEN: secret-key
UNIFIED_API_SHARED_SECRET: shared-secret-key
SALESFORCE_API_VERSION: 58.0
SALESFORCE_CONSUMER_KEY: ""
SALESFORCE_CONSUMER_SECRET: ""
APP_API_URL: http://localhost:3000
COLLECTION_FLOW_URL: http://localhost:5201
WEB_UI_SDK_URL: http://localhost:5202
HASHING_KEY_SECRET_BASE64: JDJiJDEwJDNFeWtwWEs4QkdiczlRaWFwLkM4Vk8=
NOTION_API_KEY: secret
BCRYPT_SALT: 10
COMPOSE_PROJECT_NAME: ballerine-x
PORT: 3000
DB_USER: admin
DB_PASSWORD: ${DB_PASSWORD}
DB_PORT: 5432
DB_URL: postgres://admin:${DB_PASSWORD}@localhost:5432/postgres
SESSION_SECRET: ${SESSION_SECRET}
SESSION_EXPIRATION_IN_MINUTES: 60
WORKFLOW_DASHBOARD_CORS_ORIGIN: http://localhost:5200
BACKOFFICE_CORS_ORIGIN: http://localhost:5137
KYB_EXAMPLE_CORS_ORIGIN: http://localhost:5201
KYC_EXAMPLE_CORS_ORIGIN: http://localhost:5202
API_KEY: ${API_KEY}
NODE_ENV: development
ENVIRONMENT_NAME: local
SENTRY_DSN: ""
EMAIL_API_TOKEN: ${EMAIL_API_TOKEN}
EMAIL_API_URL: ""
AWS_S3_BUCKET_NAME: ""
AWS_S3_BUCKET_KEY: ${AWS_S3_BUCKET_KEY}
AWS_S3_BUCKET_SECRET: ${AWS_S3_BUCKET_SECRET}
AWS_REGION: ""
ADMIN_API_KEY: ${ADMIN_API_KEY}
MAIL_ADAPTER: log
UNIFIED_API_URL: http://localhost:3001
UNIFIED_API_TOKEN: ${UNIFIED_API_TOKEN}
UNIFIED_API_SHARED_SECRET: ${UNIFIED_API_SHARED_SECRET}
SALESFORCE_API_VERSION: 58.0
SALESFORCE_CONSUMER_KEY: ${SALESFORCE_CONSUMER_KEY}
SALESFORCE_CONSUMER_SECRET: ${SALESFORCE_CONSUMER_SECRET}
APP_API_URL: http://localhost:3000
COLLECTION_FLOW_URL: http://localhost:5201
WEB_UI_SDK_URL: http://localhost:5202
HASHING_KEY_SECRET_BASE64: JDJiJDEwJDNFeWtwWEs4QkdiczlRaWFwLkM4Vk8=
NOTION_API_KEY: ${NOTION_API_KEY}
Tools
Gitleaks

269-270: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

17 changes: 0 additions & 17 deletions deploy/helm/services/headless-example/templates/configmap.yaml

This file was deleted.

48 changes: 0 additions & 48 deletions deploy/helm/services/headless-example/templates/deployment.yaml

This file was deleted.

63 changes: 0 additions & 63 deletions deploy/helm/services/headless-example/templates/ingress.yaml

This file was deleted.

18 changes: 0 additions & 18 deletions deploy/helm/services/headless-example/templates/service.yaml

This file was deleted.