Documentation for a newer release is available.
View Latest
Esta página no está disponible actualmente en Español. Si lo necesita, póngase en contacto con el servicio de asistencia de Icon (correo electrónico)
Kubernetes Deployment Guidelines
The following guide will provision the Operational dashboard component with 3 nodes.
Create Operational Dashboard Manifests
Create operational-dashboard.yaml manifests using the following contents:
OperationalDashboard Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: ipf-operational-dashboard
labels:
app: operational-dashboard
product: ipfv2
spec:
replicas: 3
selector:
matchLabels:
app: operational-dashboard
product: ipfv2
template:
metadata:
labels:
app: operational-dashboard
product: ipfv2
spec:
containers:
- name: operational-dashboard
image: CONTAINER_REGISTRY/ipf-operational-dashboard-service:VERSION
imagePullPolicy: Always
ports:
- containerPort: 8080
name: server-port
- containerPort: 55001
name: akka-artery
env:
- name: IPF_PODNAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: "AKKA_CLUSTER_BOOTSTRAP_SERVICE_NAME"
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['app']
- name: IPF_JAVA_ARGS
value: "-XX:+UseContainerSupport -XX:MaxRAMPercentage=60 -XX:InitialRAMPercentage=60 -XX:-PreferContainerQuotaForCPUCount"
resources:
limits:
memory: 3.5Gi
requests:
memory: 2Gi
cpu: 500M
livenessProbe:
httpGet:
path: /actuator/health
port: server-port
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
readinessProbe:
httpGet:
path: /actuator/health
port: server-port
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
startupProbe:
httpGet:
path: /actuator/health
port: server-port
scheme: HTTP
periodSeconds: 10
failureThreshold: 30
volumeMounts:
- name: configuration-dashboard
mountPath: /operational-dashboard-service/conf
volumes:
- name: configuration-dashboard
projected:
defaultMode: 420
sources:
- secret:
name: operational-dashboard
items:
- key: users.conf
mode: 420
path: users.conf
- configMap:
name: operational-dashboard-cm
items:
- key: logback.xml
mode: 420
path: logback.xml
- key: application.conf
mode: 420
path: application.conf
- configMap:
name: operational-dashboard-cm-summary-layout
items:
- key: summary-layout.conf
mode: 420
path: summary-layout.conf
- configMap:
name: ipf-operational-dashboard-cm-reason-codes
items:
- key: reason-codes.conf
mode: 420
path: reason-codes.confOperationalDashboard Configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: ipf-operational-dashboard-cm
data:
application.conf: |
spring.data.mongodb.uri = "${ipf.mongodb.url}"
ipf {
business-operations = {
auth = {
jwt {
secret = ""
roles-claim = "roles"
}
cors {
allowed-origin-patterns = [ "*" ]
}
saml2 {
enabled = true
verification-certificate = "classpath:idp.crt"
registration-id = "sample-client"
single-sign-on-service-location = "https://simplesaml.${environment_name}.ipfdev.co.uk/simplesaml/saml2/idp/SSOService.php"
single-log-out-service-location = "https://simplesaml.${environment_name}.example.org/simplesaml/saml2/idp/SingleLogoutService.php"
identity-provider-entity-id = "https://simplesaml.${environment_name}.example.org/simplesaml/saml2/idp/metadata.php"
service-provider-entity-id = "sample-client"
want-authn-requests-signed = false
uid-attribute = "uid"
roles-attribute = "roles"
roles-separator = ","
return-url = "/"
}
oauth2 {
enabled = true
registrationId = "keycloak"
clientId = "login-app"
clientSecret = "802e7940-648b-4925-8079-24fa6dc47afe"
scopes = "openid, roles"
authorizationUri = "https://keycloak.${environment_name}.example.org/realms/demo/protocol/openid-connect/auth"
tokenUri = "https://keycloak.${environment_name}.example.org/realms/demo/protocol/openid-connect/token"
jwkSetUri = "https://keycloak.${environment_name}.example.org/realms/demo/protocol/openid-connect/certs"
returnUrl = "/"
rolesFromAttributes = true
rolesAttribute = "roles"
username = "preferred_username"
}
}
audit = {
enabled = true
}
cluster-management = {
systems = [
{
name = "Payments Service"
base-urls = [
"http://payment-service:8558"
],
akka-management = true,
actuator = {
protocol = "http",
port = "8080"
}
},
{
name = "Notification Service"
base-urls = [
"http://notification-service:8558"
],
akka-management = true,
actuator = {
protocol = "http",
port = "8080"
}
},
{
name = "ODS Ingestion"
base-urls = [
"http://ods-ingestion:8558"
],
akka-management = true,
actuator = {
protocol = "http",
port = "8080"
}
},
{
name = "ODS Inquiry"
base-urls = [
"http://ods-inquiry:8080"
],
akka-management = false,
actuator = {
protocol = "http",
port = "8080"
}
}
]
}
metrics = {
http = {
client = {
host = "grafana"
port = "3000"
endpoint-url = "/api/health"
}
}
metric-url = "http://grafana:3000",
local-metric-url = "https://grafana.${environment_name}.example.org",
call-timeout = 30s,
dashboards = [
{
title: "Business Metrics",
name: "transactions",
id: "0000000001",
panels: [
{id: "1"},
{id: "2"},
{id: "15"},
{id: "16&var-lookback_period=1y"}
],
columns: "2"
},
{
title: "Debtor Credit Transfer Metrics",
name: "transactions",
id: "0000000001",
panels: [
{id: "4&var-behaviour=DebtorCreditTransferBehaviour&var-latency_type=FULL_FLOW", colspan: "1"},
{id: "4&var-behaviour=DebtorCreditTransferBehaviour&var-latency_type=CSM_STATES_ONLY", colspan: "1"},
{id: "4&var-behaviour=DebtorCreditTransferBehaviour&var-latency_type=NO_CSM_STATES", colspan: "1"},
{id: "8&var-behaviour=DebtorCreditTransferBehaviour", colspan: "2"}
],
columns: "3"
},
{
title: "Creditor Credit Transfer Metrics",
name: "transactions",
id: "0000000001",
panels: [
{id: "4&var-behaviour=CreditorCreditTransferBehaviour&var-latency_type=FULL_FLOW", colspan: "1"},
{id: "4&var-behaviour=CreditorCreditTransferBehaviour&var-latency_type=CSM_STATES_ONLY", colspan: "1"},
{id: "4&var-behaviour=CreditorCreditTransferBehaviour&var-latency_type=NO_CSM_STATES", colspan: "1"},
{id: "8&var-behaviour=CreditorCreditTransferBehaviour", colspan: "2"}
],
columns: "3"
},
{
title: "Connector Metrics",
name: "ipf-connectors",
id: "0000000002",
panels: [
{id: "1"},
{id: "2"},
{id: "4", colspan: "2"},
{id: "5", colspan: "2"}
],
columns: "2"
}
]
}
payment-search = {
ods = {
security = {
enabled = false
grant_type = "password"
client_id = "login-app"
client_secret = "802e7940-648b-4925-8079-24fa6dc47afe"
username = "test"
password = "p4ssw0rd"
jwt-certificate = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXrGmY331co1PX/tDGdMpChoaVfokUMxdrrRul4lLIGSOAEBRegLdmmmY7FgCSTtIhmkkwZWu3gaZLs5+oyld9ncXSL4OpQQvoCOd84RvWiHLhxPBynuYmypTQUP2kLeM3ntCsXI13SwN59tE/y4H/GVGTBDrfN2ELaS43OeZRpQuW1XqLWuyNGDCtC4V7cd+gld5uDBa93PUB40ypWqnYQVrC+PRiiiXcF6uyEgkOgMinR8LerKFi/iFpuMytJa9zW0d/O5aOceulWDjUJeqf+6EbonWjfJv5GMSKdsCjQ6rnq/a1gaxSyYeCctmqtUpu0Ogjjjwfwf3qkj6fWUawIDAQAB"
}
}
ods-inquiry-url = "http://ods-inquiry:8080"
payment-summaries.http.client.endpoint-url = ${ipf.business-operations.payment-search.ods-inquiry-url}"/views/summaries/payments"
payment-details.http.client.endpoint-url = ${ipf.business-operations.payment-search.ods-inquiry-url}"/views/details"
system-events.http.client.endpoint-url = ${ipf.business-operations.payment-search.ods-inquiry-url}"/catalogue/process-objects/system-events"
message-logs.http.client.endpoint-url = ${ipf.business-operations.payment-search.ods-inquiry-url}"/catalogue/process-objects/message-logs"
process-flow-events.http.client.endpoint-url = ${ipf.business-operations.payment-search.ods-inquiry-url}"/catalogue/process-objects/process-flow-events"
payment-objects.http.client.endpoint-url = ${ipf.business-operations.payment-search.ods-inquiry-url}"/all/payment-objects"
custom-objects.http.client.endpoint-url = ${ipf.business-operations.payment-search.ods-inquiry-url}"/all/custom-objects"
auth-server.http.client.endpoint-url = ${ipf.business-operations.payment-search.ods-inquiry-url}"/realms/demo/protocol/openid-connect/token"
}
}
}
logback.xml: |
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
<target>System.out</target>
<encoder>
<pattern>[%date{ISO8601}] [%level] [%logger] [%marker] [%thread] - %msg%n</pattern>
</encoder>
</appender>
<appender name="ASYNC" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>8192</queueSize>
<neverBlock>true</neverBlock>
<appender-ref ref="CONSOLE" />
</appender>
<logger name="com.iconsolutions" level="ERROR"/>
<root level="INFO">
<appender-ref ref="ASYNC"/>
</root>
</configuration>OperationalDashboard Service
apiVersion: v1
kind: Service
metadata:
name: operational-dashboard
labels:
app: operational-dashboard
product: ipfv2
spec:
selector:
app: operational-dashboard
product: ipfv2
ports:
- name: server-port
protocol: TCP
port: 8080
targetPort: 8080OperationalDashboard Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: operational-dashboard-ingress
labels:
app: operational-dashboard
product: ipfv2
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
spec:
rules:
- host: ipf-gui.example.org
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: operational-dashboard
port:
number: 8080