{{- if .Values.global.mgr.key.enabled }}
---
apiVersion: v1
data:
key-service.yaml: |-
Name: {{ .Values.global.key.name }}.rpc
ListenOn: {{ .Values.cnf.listen.host }}:{{ .Values.global.key.port }}
Gateway:
Name: gateway
Host: localhost
Port: 8085
Upstreams:
- Name: rpc-server
Grpc:
Endpoints:
- localhost:8083
ProtoSets:
- pb/key.pb
# 当前服务请求超时时间是 30s
Timeout: 30000
# 环境:dev、test、pre、prod
Mode: prod
Log:
# 服务名称
ServiceName: {{ .Values.global.key.name }}-service
# 日志输出到文件
Mode: file
# 日志输出文件路径
Path: logs
# 日志级别
Level: info
# 是否压缩日志
Compress: true
# 日志保留天数,只有在文件模式才会生效
KeepDays: 30
# 按天切割日志
Rotation: daily
# 基于 OpenTelemetry 的日志收集链路追踪
Telemetry:
# 链路追踪开关,不配置默认是开启
Disabled: true
# 链路追踪服务名称,跟服务名称保持一致即可
Name: chain.rpc
# 链路追踪服务端地址
Endpoint: http://jaeger:14268/api/traces
# 采样率,不配置默认是 1.0
Sampler: 1.0
# 支持 jaeger|zipkin|otlpgrpc|otlphttp 这些链路追踪工具,不配置默认 jaeger
Batcher: jaeger
# 监控,默认都是开启,主要调整端口和监控访问路由
DevServer:
# 监控指标和健康检查的总开关,不配置是默认开启
Enable: true
# 监控指标和健康检查的端口
Port: {{ .Values.cnf.devServer.port }}
# 健康检查路由,不配置是默认 /healthz
HealthPath: "/healthz"
# 健康检查返回,不配置默认是 OK
HealthResponse: "OK"
# 监控指标路由,不配置是默认 /metrics
MetricsPath: "/metrics"
# grpc 通信服务端证书私钥
GrpcConf:
#CaCertFile: ./cert/ca/ca.pem
#ServerCertFile: ./cert/key-service/server.pem
#ServerKeyFile: ./cert/key-service/server.key
CaCertFile: {{ include "ifEmpty" .Values.cnf.grpcConf.caCertFile | trimAll "\n" | trimAll " " | trimAll "\n" }}
ServerCertFile: {{ include "ifEmpty" .Values.cnf.grpcConf.serverCertFile | trimAll "\n" | trimAll " " | trimAll "\n" }}
ServerKeyFile: {{ include "ifEmpty" .Values.cnf.grpcConf.serverKeyFile | trimAll "\n" | trimAll " " | trimAll "\n" }}
# 接收、发送消息大小设置为 20 mb,根据服务实际场景调整
MaxRecvMsgSize: 20971520
MaxSendMsgSize: 20971520
# 数据库配置
DBConf:
# 数据库类型,支持:mysql、kingbase_mysql、kingbase_pgsql、postgres
Type: "kingbase_pgsql"
# 数据库连接字符串
DNS: host=kingbase.{{ .Release.Namespace }}.svc.cluster.local port={{ .Values.global.kingbase.port }} user={{ .Values.global.kingbase.user }} password={{ .Values.global.kingbase.password }} dbname={{ .Values.cnf.dbname }} sslmode=disable client_encoding=UTF8 TimeZone=Asia/Shanghai
# 私钥证书等加密配置
SymmetricEncryptConf:
# 1.0.0 版本使用的 AES 算法,2.0.0 改为使用 SM4
Algo: SM4
Key: GVQDSaJW5YKJHGDF
# 地址格式
AddressType: {{ .Values.cnf.addressType }}
# chain-service 服务通信配置
ChainServiceConf:
#ClientCertFile: ./cert/chain-service/client.pem
#ClientKeyFile: ./cert/chain-service/client.key
#CaCertFile: ./cert/ca/ca.pem
ClientCertFile: {{ include "ifEmpty" .Values.global.key.clientCertFile | trimAll "\n" | trimAll " " | trimAll "\n" }}
ClientKeyFile: {{ include "ifEmpty" .Values.global.key.clientKeyFile | trimAll "\n" | trimAll " " | trimAll "\n" }}
CaCertFile: {{ include "ifEmpty" .Values.global.key.caCertFile | trimAll "\n" | trimAll " " | trimAll "\n" }}
DNS: localhost
Endpoint: {{.Values.global.chain.name}}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.chain.port }}
# CryptoConfig 配置硬件或软件算法
CryptoConfig:
Soft: true
HSM: "" # 支持 sdf 或者 pkcs11
SDFConf:
LibPath: "/lib/libswsds.so" # SDF Lib Path
SessionCacheSize: 10 # size of HSM session cache, default to 10
Pkcs11Conf:
Enabled: false # pkcs11 is not used by default
Type: pkcs11 # only support pkcs11 or sdf
Label: HSM # label for the slot to be used
Library: /usr/lib/softhsm/libsofthsm2.so # path to the .so file of pkcs11 interface
Password: "11111111" # password to logon the HSM(Hardware security module)
SessionCacheSize: 10 # size of HSM session cache, default to 10
Hash: "SHA256" # hash algorithm used to compute SKI
KmsConf:
Enabled: {{ .Values.cnf.kms.enabled }} # kms is not used by default
DefaultUrl: {{ .Values.cnf.kms.defaultUrl }} # default kms adapter url
kind: ConfigMap
metadata:
name: {{ .Release.Namespace }}-{{ .Values.global.key.name }}-cnf
namespace: {{ .Release.Namespace }}
{{- end }}