# Default values for midaz components. # This is a YAML-formatted file. # Declare variables to be passed into your templates. nameOverride: "midaz" fullnameOverride: "" namespaceOverride: "midaz" global: # -- Bootstrap job for external RabbitMQ: creates users, vhosts, and permissions externalRabbitmqDefinitions: # -- Enable or disable the RabbitMQ bootstrap job enabled: false # -- RabbitMQ connection settings connection: # -- RabbitMQ protocol (http or https) protocol: "http" # -- RabbitMQ host (management API endpoint) host: "midaz-rabbitmq" # -- RabbitMQ HTTP management port port: "15672" # -- RabbitMQ AMQP port (for connectivity check) portAmqp: "5672" # -- Admin credentials for RabbitMQ management API rabbitmqAdminLogin: useExistingSecret: # -- Name of existing secret containing RABBITMQ_ADMIN_USER and RABBITMQ_ADMIN_PASS keys name: "" # -- Admin username (ignored if useExistingSecret.name is set) username: "midaz" # -- Admin password (ignored if useExistingSecret.name is set) password: "lerian" # -- Credentials for application users created by the job appCredentials: useExistingSecret: # -- Name of existing secret containing RABBITMQ_DEFAULT_PASS and RABBITMQ_CONSUMER_PASS keys name: "" # -- Password for transaction user (ignored if useExistingSecret.name is set) transactionPassword: "lerian" # -- Password for consumer user (ignored if useExistingSecret.name is set) consumerPassword: "lerian" # -- Bootstrap job for external PostgreSQL: creates databases, roles, and grants privileges externalPostgresDefinitions: # -- Enable or disable the PostgreSQL bootstrap job enabled: false # -- PostgreSQL connection settings connection: # -- PostgreSQL host host: "midaz-postgresql-primary" # -- PostgreSQL port port: "5432" # -- Admin credentials for PostgreSQL postgresAdminLogin: useExistingSecret: # -- Name of existing secret containing DB_USER_ADMIN and DB_ADMIN_PASSWORD keys name: "" # -- Admin username (ignored if useExistingSecret.name is set) username: "postgres" # -- Admin password (ignored if useExistingSecret.name is set) password: "lerian" # -- Credentials for midaz role created by the job midazCredentials: useExistingSecret: # -- Name of existing secret containing DB_PASSWORD_MIDAZ key name: "" # -- Password for midaz role (ignored if useExistingSecret.name is set) password: "lerian" onboarding: # -- Service name name: onboarding # -- Enable or disable the onboarding service # -- When ledger.enabled is true, this service will not be deployed unless migration.allowAllServices is true enabled: true # -- Number of replicas for the onboarding service replicaCount: 2 # -- Number of old ReplicaSets to retain for deployment rollback revisionHistoryLimit: 10 image: # -- Repository for the onboarding service container image repository: lerianstudio/midaz-onboarding # -- Image pull policy pullPolicy: IfNotPresent # -- Image tag used for deployment tag: "3.5.3" # -- Secrets for pulling images from a private registry imagePullSecrets: [] # -- Overrides the default generated name by Helm nameOverride: "" # -- Overrides the full name generated by Helm fullnameOverride: "" # -- Pod annotations for additional metadata podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: # -- Defines the group ID for the user running the process inside the container runAsGroup: 1000 # -- Defines the user ID for the process running inside the container runAsUser: 1000 # -- Ensures the process does not run as root runAsNonRoot: true capabilities: drop: - ALL # -- Defines the root filesystem as read-only readOnlyRootFilesystem: true # -- PodDisruptionBudget configuration pdb: # -- Enable or disable PodDisruptionBudget enabled: true # -- Minimum number of available pods minAvailable: 1 # -- Maximum number of unavailable pods maxUnavailable: 1 # -- Annotations for the PodDisruptionBudget annotations: {} # -- Deployment update strategy deploymentUpdate: # -- Type of deployment strategy type: RollingUpdate # -- Maximum number of pods that can be created over the desired number of pods maxSurge: 100% # -- Maximum number of pods that can be unavailable during the update maxUnavailable: 0 service: # -- Kubernetes service type type: ClusterIP # -- Port for the HTTP API port: 3000 annotations: {} ingress: # -- Enable or disable ingress enabled: false # -- Ingress class name className: "" # -- Additional ingress annotations annotations: {} hosts: - host: "" paths: - path: / pathType: Prefix # -- TLS configuration for ingress tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: # -- CPU and memory limits for pods limits: cpu: 1500m memory: 512Mi # -- Minimum CPU and memory requests requests: cpu: 1500m memory: 512Mi autoscaling: # -- Enable or disable horizontal pod autoscaling enabled: true # -- Minimum number of replicas minReplicas: 2 # -- Maximum number of replicas maxReplicas: 5 # -- Target CPU utilization percentage for autoscaling targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 # -- Node selector for scheduling pods on specific nodes nodeSelector: {} # -- Tolerations for scheduling on tainted nodes tolerations: {} # -- Affinity rules for pod scheduling affinity: {} # -- Node affinity rules # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: # - matchExpressions: # - key: midaz.io/owner # operator: In # values: # - midaz # -- ConfigMap for environment variables and configurations # @default -- templates/onboarding/configmap.yaml configmap: # -- Otel default configuration ENABLE_TELEMETRY: "true" # -- MongoDB default configuration MONGO_URI: "mongodb" MONGO_HOST: "midaz-mongodb.midaz.svc.cluster.local." MONGO_NAME: "onboarding" MONGO_USER: "midaz" MONGO_PORT: "27017" # -- Redis default configuration REDIS_HOST: "midaz-valkey-primary.midaz.svc.cluster.local.:6379" # -- PostgreSQL default configuration DB_HOST: "midaz-postgresql-primary.midaz.svc.cluster.local." DB_USER: "midaz" DB_NAME: "onboarding" DB_PORT: "5432" # -- PostgreSQL replication default configuration DB_REPLICA_HOST: "midaz-postgresql-replication.midaz.svc.cluster.local." DB_REPLICA_USER: "midaz" DB_REPLICA_NAME: "onboarding" DB_REPLICA_PORT: "5432" # -- The Auth Plugin is a centralized service that provides authentication and authorization capabilities for Lerian Studio's applications. # -- For more details, refer to the documentation: # -- https://docs.lerian.studio/docs/auth-identity#technical-specs # -- Default configuration for the Auth Plugin # -- This configuration is used to connect the onboarding to the Auth Plugin PLUGIN_AUTH_ENABLED: "false" PLUGIN_AUTH_HOST: "http://plugin-access-manager-auth.midaz-plugins.svc.cluster.local.:4000" # -- This configuration is used to validate the account type # -- List of : separated by comma ACCOUNT_TYPE_VALIDATION: "" # -- Secrets for storing sensitive data # @default -- templates/onboarding/secrets.yaml secrets: # -- MongoDB default password MONGO_PASSWORD: "lerian" # -- PostgreSQL default password DB_PASSWORD: "lerian" # -- PostgreSQL replication default password DB_REPLICA_PASSWORD: "lerian" # -- RabbitMQ default password RABBITMQ_DEFAULT_PASS: "lerian" # -- Redis default password REDIS_PASSWORD: "lerian" # -- Existing secrets name useExistingSecret: false existingSecretName: "" # -- Extra environment variables extraEnvVars: [] serviceAccount: # -- Specifies whether a ServiceAccount should be created create: true # -- Annotations for the ServiceAccount annotations: {} # -- Name of the service account # @default -- `midaz-onboarding.fullname` name: "" transaction: # -- Service name name: transaction # -- Enable or disable the transaction service # -- When ledger.enabled is true, this service will not be deployed unless migration.allowAllServices is true enabled: true # -- Number of old ReplicaSets to retain for deployment rollback revisionHistoryLimit: 10 # -- Number of replicas for the transaction service replicaCount: 1 image: # -- Repository for the transaction service container image repository: lerianstudio/midaz-transaction # -- Image pull policy pullPolicy: IfNotPresent # -- Image tag used for deployment tag: "3.5.3" # -- Secrets for pulling images from a private registry imagePullSecrets: [] # -- Overrides the default generated name by Helm nameOverride: "" # -- Overrides the full name generated by Helm fullnameOverride: "" # -- Pod annotations for additional metadata podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: # -- Defines the group ID for the user running the process inside the container runAsGroup: 1000 # -- Defines the user ID for the process running inside the container runAsUser: 1000 # -- Ensures the process does not run as root runAsNonRoot: true capabilities: drop: - ALL # -- Defines the root filesystem as read-only readOnlyRootFilesystem: true # -- PodDisruptionBudget configuration pdb: # -- Enable or disable PodDisruptionBudget enabled: true # -- Minimum number of available pods minAvailable: 2 # -- Maximum number of unavailable pods maxUnavailable: 1 # -- Annotations for the PodDisruptionBudget annotations: {} # -- Deployment update strategy deploymentUpdate: # -- Type of deployment strategy type: RollingUpdate # -- Maximum number of pods that can be created over the desired number of pods maxSurge: 100% # -- Maximum number of pods that can be unavailable during the update maxUnavailable: 0 service: # -- Kubernetes service type type: ClusterIP # -- Port for the HTTP API port: 3001 grpcPort: 3011 annotations: {} ingress: # -- Enable or disable ingress enabled: false # -- Ingress class name className: "" # -- Additional ingress annotations annotations: {} hosts: - host: "" paths: - path: / pathType: Prefix # -- TLS configuration for ingress tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: # -- CPU and memory limits for pods limits: cpu: 2000m memory: 512Mi # -- Minimum CPU and memory requests requests: cpu: 2000m memory: 512Mi autoscaling: # -- Enable or disable horizontal pod autoscaling enabled: true # -- Minimum number of replicas minReplicas: 3 # -- Maximum number of replicas maxReplicas: 9 # -- Target CPU utilization percentage for autoscaling targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 # -- Node selector for scheduling pods on specific nodes nodeSelector: {} # -- Tolerations for scheduling on tainted nodes tolerations: {} # -- Affinity rules for pod scheduling affinity: {} # -- Node affinity rules # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: # - matchExpressions: # - key: midaz.io/owner # operator: In # values: # - midaz # -- ConfigMap for environment variables and configurations # @default -- templates/transaction/configmap.yaml configmap: # -- Otel default configuration ENABLE_TELEMETRY: "true" # -- Rabbitmq default configuration RABBITMQ_PROTOCOL: "http" RABBITMQ_URI: "amqp" RABBITMQ_HOST: "midaz-rabbitmq.midaz.svc.cluster.local." RABBITMQ_PORT_HOST: "5672" RABBITMQ_PORT_AMQP: "15672" RABBITMQ_DEFAULT_USER: "transaction" # -- MongoDB default configuration MONGO_URI: "mongodb" MONGO_HOST: "midaz-mongodb.midaz.svc.cluster.local." MONGO_NAME: "transaction" MONGO_USER: "midaz" MONGO_PORT: "27017" # -- Redis default configuration REDIS_HOST: "midaz-valkey-primary.midaz.svc.cluster.local.:6379" # -- PostgreSQL default configuration DB_HOST: "midaz-postgresql-primary.midaz.svc.cluster.local." DB_USER: "midaz" DB_NAME: "transaction" DB_PORT: "5432" # -- PostgreSQL replication default configuration DB_REPLICA_HOST: "midaz-postgresql-replication.midaz.svc.cluster.local." DB_REPLICA_USER: "midaz" DB_REPLICA_NAME: "transaction" DB_REPLICA_PORT: "5432" # -- The Auth Plugin is a centralized service that provides authentication and authorization capabilities for Lerian Studio's applications. # -- For more details, refer to the documentation: # -- https://docs.lerian.studio/docs/auth-identity#technical-specs # -- Default configuration for the Auth Plugin # -- This configuration is used to connect the transaction to the Auth Plugin PLUGIN_AUTH_ENABLED: "false" PLUGIN_AUTH_HOST: "http://plugin-access-manager-auth.midaz-plugins.svc.cluster.local.:4000" # -- Audit AUDIT_LOG_ENABLED: "false" # -- Transaction Route Validation # -- List of : separated by comma TRANSACTION_ROUTE_VALIDATION: "" # -- Existing secrets name useExistingSecret: false existingSecretName: "" # -- Extra environment variables extraEnvVars: [] # -- Secrets for storing sensitive data # @default -- templates/transaction/secrets.yaml secrets: # -- MongoDB default password MONGO_PASSWORD: "lerian" # -- PostgreSQL default password DB_PASSWORD: "lerian" # -- PostgreSQL replication default password DB_REPLICA_PASSWORD: "lerian" # -- RabbitMQ default password RABBITMQ_DEFAULT_PASS: "lerian" # -- Redis default password REDIS_PASSWORD: "lerian" serviceAccount: # -- Specifies whether a ServiceAccount should be created create: true # -- Annotations for the ServiceAccount annotations: {} # -- Name of the service account # @default -- `midaz-transaction.fullname` name: "" ledger: # -- Service name name: ledger # -- Enable or disable the ledger service (unified onboarding + transaction) # -- When enabled, onboarding and transaction services will not be deployed unless migration.allowAllServices is true # -- NOTE: migration.allowAllServices is not in the public values.yaml - set it in your override values for internal testing enabled: false # -- Number of replicas for the ledger service replicaCount: 2 # -- Number of old ReplicaSets to retain for deployment rollback revisionHistoryLimit: 10 image: # -- Repository for the ledger service container image repository: lerianstudio/midaz-ledger # -- Image pull policy pullPolicy: IfNotPresent # -- Image tag used for deployment tag: "3.5.3" # -- Secrets for pulling images from a private registry imagePullSecrets: [] # -- Overrides the default generated name by Helm nameOverride: "" # -- Overrides the full name generated by Helm fullnameOverride: "" # -- Pod annotations for additional metadata podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: # -- Defines the group ID for the user running the process inside the container runAsGroup: 1000 # -- Defines the user ID for the process running inside the container runAsUser: 1000 # -- Ensures the process does not run as root runAsNonRoot: true capabilities: drop: - ALL # -- Defines the root filesystem as read-only readOnlyRootFilesystem: true # -- PodDisruptionBudget configuration pdb: # -- Enable or disable PodDisruptionBudget enabled: true # -- Minimum number of available pods minAvailable: 1 # -- Maximum number of unavailable pods maxUnavailable: 1 # -- Annotations for the PodDisruptionBudget annotations: {} # -- Deployment update strategy deploymentUpdate: # -- Type of deployment strategy type: RollingUpdate # -- Maximum number of pods that can be created over the desired number of pods maxSurge: 100% # -- Maximum number of pods that can be unavailable during the update maxUnavailable: 0 service: # -- Kubernetes service type type: ClusterIP # -- Port for the HTTP API (all APIs on single port) port: 3002 annotations: {} ingress: # -- Enable or disable ingress enabled: false # -- Ingress class name className: "" # -- Additional ingress annotations annotations: {} hosts: - host: "" paths: - path: / pathType: Prefix # -- TLS configuration for ingress tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: # -- CPU and memory limits for pods limits: cpu: 2000m memory: 512Mi # -- Minimum CPU and memory requests requests: cpu: 1500m memory: 256Mi autoscaling: # -- Enable or disable horizontal pod autoscaling enabled: true # -- Minimum number of replicas minReplicas: 2 # -- Maximum number of replicas maxReplicas: 9 # -- Target CPU utilization percentage for autoscaling targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 # -- Node selector for scheduling pods on specific nodes nodeSelector: {} # -- Tolerations for scheduling on tainted nodes tolerations: {} # -- Affinity rules for pod scheduling affinity: {} # -- Node affinity rules # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: # - matchExpressions: # - key: midaz.io/owner # operator: In # values: # - midaz # -- ConfigMap for environment variables and configurations # @default -- templates/ledger/configmap.yaml configmap: # -- Otel default configuration ENABLE_TELEMETRY: "true" # -- Auth Plugin configuration PLUGIN_AUTH_ENABLED: "false" PLUGIN_AUTH_HOST: "" # -- Accounting config ACCOUNT_TYPE_VALIDATION: "" TRANSACTION_ROUTE_VALIDATION: "" # -- PostgreSQL Onboarding module DB_ONBOARDING_HOST: "midaz-postgresql-primary" DB_ONBOARDING_USER: "midaz" DB_ONBOARDING_NAME: "onboarding" DB_ONBOARDING_PORT: "5432" DB_ONBOARDING_REPLICA_HOST: "midaz-postgresql-replication" DB_ONBOARDING_REPLICA_USER: "midaz" DB_ONBOARDING_REPLICA_NAME: "onboarding" DB_ONBOARDING_REPLICA_PORT: "5432" # -- MongoDB Onboarding module MONGO_ONBOARDING_URI: "mongodb" MONGO_ONBOARDING_HOST: "midaz-mongodb" MONGO_ONBOARDING_NAME: "onboarding" MONGO_ONBOARDING_USER: "midaz" MONGO_ONBOARDING_PORT: "27017" # -- PostgreSQL Transaction module DB_TRANSACTION_HOST: "midaz-postgresql-primary" DB_TRANSACTION_USER: "midaz" DB_TRANSACTION_NAME: "transaction" DB_TRANSACTION_PORT: "5432" DB_TRANSACTION_REPLICA_HOST: "midaz-postgresql-replication" DB_TRANSACTION_REPLICA_USER: "midaz" DB_TRANSACTION_REPLICA_NAME: "transaction" DB_TRANSACTION_REPLICA_PORT: "5432" # -- MongoDB Transaction module MONGO_TRANSACTION_URI: "mongodb" MONGO_TRANSACTION_HOST: "midaz-mongodb" MONGO_TRANSACTION_NAME: "transaction" MONGO_TRANSACTION_USER: "midaz" MONGO_TRANSACTION_PORT: "27017" # -- Redis (shared) REDIS_HOST: "midaz-valkey-primary:6379" # -- RabbitMQ configuration RABBITMQ_URI: "amqp" RABBITMQ_HOST: "midaz-rabbitmq" RABBITMQ_PORT_HOST: "5672" RABBITMQ_PORT_AMQP: "15672" RABBITMQ_DEFAULT_USER: "transaction" RABBITMQ_CONSUMER_USER: "consumer" RABBITMQ_TRANSACTION_ASYNC: "false" # -- Audit AUDIT_LOG_ENABLED: "false" # -- Balance Sync Worker BALANCE_SYNC_WORKER_ENABLED: "false" BALANCE_SYNC_MAX_WORKERS: "5" # -- Existing secrets name useExistingSecret: false existingSecretName: "" # -- Extra environment variables extraEnvVars: [] # -- Secrets for storing sensitive data # @default -- templates/ledger/secrets.yaml secrets: # -- Onboarding module passwords DB_ONBOARDING_PASSWORD: "lerian" DB_ONBOARDING_REPLICA_PASSWORD: "lerian" MONGO_ONBOARDING_PASSWORD: "lerian" # -- Transaction module passwords DB_TRANSACTION_PASSWORD: "lerian" DB_TRANSACTION_REPLICA_PASSWORD: "lerian" MONGO_TRANSACTION_PASSWORD: "lerian" # -- Shared passwords REDIS_PASSWORD: "lerian" RABBITMQ_DEFAULT_PASS: "lerian" RABBITMQ_CONSUMER_PASS: "lerian" serviceAccount: # -- Specifies whether a ServiceAccount should be created create: true # -- Annotations for the ServiceAccount annotations: {} # -- Name of the service account # @default -- `midaz-ledger.fullname` name: "" crm: # -- Service name name: crm # -- Enable or disable the CRM service enabled: false # -- Number of replicas for the CRM service replicaCount: 1 # -- Number of old ReplicaSets to retain for deployment rollback revisionHistoryLimit: 10 image: # -- Repository for the CRM service container image repository: lerianstudio/midaz-crm # -- Image pull policy pullPolicy: Always # -- Image tag used for deployment tag: "3.5.3" # -- Secrets for pulling images from a private registry imagePullSecrets: [] # -- Overrides the default generated name by Helm nameOverride: "" # -- Overrides the full name generated by Helm fullnameOverride: "" # -- Pod annotations for additional metadata podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: # -- Defines the group ID for the user running the process inside the container runAsGroup: 1000 # -- Defines the user ID for the process running inside the container runAsUser: 1000 # -- Ensures the process does not run as root runAsNonRoot: true capabilities: drop: - ALL # -- Defines the root filesystem as read-only readOnlyRootFilesystem: true # -- PodDisruptionBudget configuration pdb: # -- Enable or disable PodDisruptionBudget enabled: true # -- Minimum number of available pods minAvailable: 0 # -- Maximum number of unavailable pods maxUnavailable: 1 # -- Annotations for the PodDisruptionBudget annotations: {} # -- Deployment update strategy deploymentUpdate: # -- Type of deployment strategy type: RollingUpdate # -- Maximum number of pods that can be created over the desired number of pods maxSurge: 1 # -- Maximum number of pods that can be unavailable during the update maxUnavailable: 1 service: # -- Kubernetes service type type: ClusterIP # -- Service port port: 4003 ingress: # -- Enable or disable ingress enabled: false # -- Ingress class name className: "" # -- Additional ingress annotations annotations: {} hosts: - host: "" paths: - path: / pathType: Prefix # -- TLS configuration for ingress tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: # -- CPU and memory limits for pods limits: cpu: 200m memory: 256Mi # -- Minimum CPU and memory requests requests: cpu: 100m memory: 128Mi autoscaling: # -- Enable or disable horizontal pod autoscaling enabled: true # -- Minimum number of replicas minReplicas: 1 # -- Maximum number of replicas maxReplicas: 3 # -- Target CPU utilization percentage for autoscaling targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 # -- Node selector for scheduling pods on specific nodes nodeSelector: {} # -- Tolerations for scheduling on tainted nodes tolerations: {} # -- Affinity rules for pod scheduling affinity: {} # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: # - matchExpressions: # - key: midaz.io/owner # operator: In # values: # - midaz # -- ConfigMap for environment variables and configurations # @default -- templates/crm/configmap.yaml configmap: # -- Default Environment ENV_NAME: "development" # -- Auth Plugin configuration PLUGIN_AUTH_ENABLED: "false" PLUGIN_AUTH_ADDRESS: "http://plugin-access-manager-auth:4000" # -- MongoDB configuration MONGO_HOST: "midaz-mongodb" MONGO_NAME: "crm" MONGO_PORT: "27017" MONGO_USER: "midaz" # -- Extra environment variables extraEnvVars: {} # -- Secrets for storing sensitive data # @default -- templates/crm/secrets.yaml secrets: LCRYPTO_HASH_SECRET_KEY: "8e079fde826ead63b72611324f48e4153868ec5400a8937d74567109fc62b7b3" LCRYPTO_ENCRYPT_SECRET_KEY: "f81d58bc177a003126d2e2f733a4ceca9dda0ccc4b122574471c8ae886cbeeda" MONGO_PASSWORD: "lerian" # -- Existing secrets name useExistingSecret: false existingSecretName: "" grafana: # OpenTelemetry (OTel) dependency for observability. # This component is responsible for collecting and exporting telemetry data # such as traces and metrics, enhancing the monitoring of the application. # For more details, refer to the documentation: # https://docs.lerian.studio/docs/observability-in-midaz#midaz-observability-stack enabled: false name: grafana # -- Configure the ingress for Access Grafana Dashboard ingress: enabled: false className: "" annotations: {} hosts: - host: "" paths: - path: / pathType: Prefix tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local valkey: # Valkey is used to handle scenarios where real-time performance and fast data retrieval are essential. # This component is responsible for providing an in-memory data store enabled: true global: security: allowInsecureImages: true image: repository: bitnamisecure/valkey tag: "latest" external: false architecture: standalone auth: enabled: true password: lerian username: midaz primary: kind: Deployment resourcesPreset: "medium" persistence: enabled: false extraFlags: - "--maxmemory 640mb" # Controls the memory usage limit to prevent OOM (never leave this unset). - "--maxmemory-policy allkeys-lru" # Eviction policy when memory limit is reached (LRU works well for caching). Smart eviction strategy for rotating cache. - "--hz 100" # Improves responsiveness of internal events and increases the frequency of internal tasks such as memory cleanup, key expiration checks, etc. - "--maxclients 10000" # Supports a large number of simultaneous connections postgresql: # PostgreSQL is the backbone of Midaz for managing structured data that demands transactional reliability and consistency. # This component is responsible for providing a robust relational database # For more details, refer to the documentation: # https://docs.lerian.studio/docs/midaz-components#why-postgresql enabled: true global: security: allowInsecureImages: true image: repository: bitnamisecure/postgresql tag: "latest" external: false architecture: replication replication: numSynchronousReplicas: 1 auth: enabled: true enablePostgresUser: true postgresPassword: "lerian" username: "midaz" password: "lerian" database: "onboarding" replicationUsername: "replicator" replicationPassword: "replicator_password" primary: extraVolumes: - name: init-script configMap: name: midaz-init-sql items: - key: init.sql path: init.sql extraVolumeMounts: - name: init-script mountPath: /docker-entrypoint-initdb.d/init.sql subPath: init.sql persistence: size: 8Gi resourcesPreset: large extendedConfiguration: | shared_buffers = 2GB max_wal_senders = 20 wal_keep_size = 512MB max_replication_slots = 20 extraEnvVars: - name: POSTGRESQL_WAL_LEVEL value: "logical" - name: POSTGRESQL_HOST_STANDBY value: "on" - name: POSTGRESQL_MAX_CONNECTIONS value: "500" - name: POSTGRESQL_TCP_KEEPALIVES_IDLE value: "30" - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL value: "10" - name: POSTGRESQL_TCP_KEEPALIVES_COUNT value: "5" readReplicas: name: replication replicaCount: 1 persistence: size: 8Gi resourcesPreset: large extendedConfiguration: | shared_buffers = 2GB max_wal_senders = 20 max_replication_slots = 20 wal_keep_size = 512MB extraEnvVars: - name: POSTGRESQL_WAL_LEVEL value: "logical" - name: POSTGRESQL_HOST_STANDBY value: "on" - name: POSTGRESQL_MAX_CONNECTIONS value: "500" - name: POSTGRESQL_TCP_KEEPALIVES_IDLE value: "40" - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL value: "10" - name: POSTGRESQL_TCP_KEEPALIVES_COUNT value: "5" mongodb: # MongoDB’s flexibility and scalability make it the perfect choice for managing evolving and less structured data. enabled: true global: security: allowInsecureImages: true image: repository: bitnamisecure/mongodb tag: "latest" external: false auth: enabled: true rootUser: midaz rootPassword: "lerian" resourcesPreset: "medium" persistence: size: 8Gi rabbitmq: enabled: true image: tag: "3.13.6" persistence: size: 8Gi resources: requests: cpu: 250m memory: 512Mi limits: cpu: "1" memory: 1Gi podSecurityContext: runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 fsGroupChangePolicy: "OnRootMismatch" seccompProfile: { type: RuntimeDefault } containerSecurityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: { drop: ["ALL"] } authentication: user: value: "midaz" password: value: "lerian" erlangCookie: value: "WCB00CfurKivfNH61hbxPaNg+xtyA/7RI6bEx5RMGvE=" extraSecrets: - name: "midaz-rabbitmq-load-definition" mountPath: /etc/rabbitmq/definitions customConfig: | management.load_definitions = /etc/rabbitmq/definitions/load_definition.json otel-collector-lerian: # -- Enable OTEL collector subchart installation enabled: false # -- Use externally installed OTEL collector (injects HOST_IP env vars without installing subchart) # When true, deployment templates will inject OTEL_EXPORTER_OTLP_ENDPOINT pointing to HOST_IP:4317 # This is useful when you have an existing OTEL collector DaemonSet with hostPort external: false opentelemetry-collector: config: processors: resource/add_client_id: attributes: - key: client.id value: "Lerian" # Add your company name here action: upsert extraEnvs: - name: OTEL_API_KEY valueFrom: secretKeyRef: name: otel-api-key key: api-key exporters: otlphttp/server: endpoint: "https://telemetry.lerian.io:443" # Send traces to Lerian Telemetry headers: x-api-key: "${OTEL_API_KEY}"