helm

Plugin BR Bank Transfer JD Helm Chart

This Helm chart installs Plugin BR Bank Transfer (JD) for Midaz, a high-performance and open-source ledger.

Install Plugin BR Bank Transfer Helm Chart

To install Plugin BR Bank Transfer using Helm, run the following command:

$ helm install plugin-br-bank-transfer-jd oci://registry-1.docker.io/lerianstudio/plugin-br-bank-transfer-jd-helm --version <version> -n midaz-plugins --create-namespace

This will create a new namespace called midaz-plugins if it doesn’t already exist and deploy the Plugin BR Bank Transfer Helm chart.

After installation, you can verify that the release was successful by listing the Helm releases in the midaz-plugins namespace:

$ helm list -n midaz-plugins

Upgrading

To upgrade the chart to a new version:

$ helm upgrade plugin-br-bank-transfer-jd oci://registry-1.docker.io/lerianstudio/plugin-br-bank-transfer-jd-helm --version <new-version> -n midaz-plugins

Uninstalling

To uninstall the chart:

$ helm uninstall plugin-br-bank-transfer-jd -n midaz-plugins

Configuring Ingress for Different Controllers

The Plugin Bank Transfer Helm Chart optionally supports different Ingress Controllers for exposing services when necessary.

NGINX Ingress Controller

To use the NGINX Ingress Controller, configure the values.yaml as follows:

bankTransfer:
  ingress:
    enabled: true
    className: "nginx"
    annotations: {}
    hosts:
      - host: bank-transfer.example.com
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: bank-transfer-tls
        hosts:
          - bank-transfer.example.com

Parameters

Bank Transfer Service

Parameter	Description	Default
`bankTransfer.enabled`	Enable or disable the bank-transfer service	`true`
`bankTransfer.replicaCount`	Number of replicas for the deployment	`2`
`bankTransfer.image.repository`	Repository for the container image	`ghcr.io/lerianstudio/plugin-br-bank-transfer-jd`
`bankTransfer.image.pullPolicy`	Image pull policy	`IfNotPresent`
`bankTransfer.image.tag`	Image tag used for deployment	`1.0.0-beta.1`
`bankTransfer.imagePullSecrets`	Secrets for pulling images from a private registry	`[]`
`bankTransfer.revisionHistoryLimit`	Old ReplicaSets to retain	`10`
`bankTransfer.nameOverride`	Overrides the default generated name by Helm	`""`
`bankTransfer.fullnameOverride`	Overrides the full name generated by Helm	`""`
`bankTransfer.ingress.enabled`	Enable or disable ingress	`false`
`bankTransfer.ingress.className`	Ingress class name	`""`
`bankTransfer.ingress.annotations`	Additional ingress annotations	`{}`
`bankTransfer.ingress.hosts`	Ingress host configuration	See `values.yaml`
`bankTransfer.ingress.tls`	TLS configuration for ingress	`[]`
`bankTransfer.service.type`	Kubernetes service type	`ClusterIP`
`bankTransfer.service.port`	Service port	`8080`
`bankTransfer.deploymentUpdate.type`	Deployment strategy type	`RollingUpdate`
`bankTransfer.podSecurityContext`	Pod security context	`{}`
`bankTransfer.securityContext`	Security context for the container	See `values.yaml`
`bankTransfer.pdb.enabled`	Enable or disable PodDisruptionBudget	`true`
`bankTransfer.pdb.minAvailable`	Minimum number of available pods	`1`
`bankTransfer.pdb.maxUnavailable`	Maximum number of unavailable pods	`1`
`bankTransfer.resources`	CPU and memory limits for pods	See `values.yaml`
`bankTransfer.autoscaling.enabled`	Enable or disable horizontal pod autoscaling	`true`
`bankTransfer.autoscaling.minReplicas`	Minimum number of replicas	`2`
`bankTransfer.autoscaling.maxReplicas`	Maximum number of replicas	`5`
`bankTransfer.nodeSelector`	Node selector for scheduling pods	`{}`
`bankTransfer.tolerations`	Tolerations for scheduling on tainted nodes	`[]`
`bankTransfer.affinity`	Affinity rules for pod scheduling	`{}`
`bankTransfer.useExistingSecret`	Use an existing secret instead of creating a new one	`false`
`bankTransfer.existingSecretName`	The name of the existing secret to use	`""`

PostgreSQL Dependency

Parameter	Description	Default
`postgresql.enabled`	Enable the PostgreSQL dependency	`true`
`postgresql.external`	Use an external PostgreSQL instance	`false`
`postgresql.auth.postgresPassword`	PostgreSQL admin password	`lerian`
`postgresql.auth.username`	Application DB user	`bank_transfer`
`postgresql.auth.password`	Application DB password	`lerian`
`postgresql.auth.database`	Application DB name	`bank_transfer`

Valkey (Redis-compatible) Dependency

Parameter	Description	Default
`valkey.enabled`	Enable the Valkey dependency	`true`
`valkey.architecture`	Valkey architecture	`standalone`
`valkey.auth.enabled`	Enable authentication	`true`
`valkey.auth.password`	Valkey password	`lerian`
`valkey.auth.username`	Valkey username	`bank_transfer`

MongoDB Dependency

Parameter	Description	Default
`mongodb.enabled`	Enable the MongoDB dependency	`true`
`mongodb.auth.rootPassword`	MongoDB admin password	`lerian`
`mongodb.auth.usernames`	Application DB users	`["bank_transfer"]`
`mongodb.auth.passwords`	Application DB passwords	`["lerian"]`
`mongodb.auth.databases`	Application databases	`["plugin_br_bank_transfer_jd"]`

RabbitMQ Dependency (Optional)

Parameter	Description	Default
`rabbitmq.enabled`	Enable the RabbitMQ dependency	`false`
`rabbitmq.authentication.user.value`	RabbitMQ username	`bank_transfer`
`rabbitmq.authentication.password.value`	RabbitMQ password	`lerian`

IMPORTANT - Security Warning:

The bundled dependencies (PostgreSQL, Valkey, MongoDB, RabbitMQ) are NOT intended for production

Default passwords (lerian) are for development only - always override with secure credentials

For production, use external/managed services and set <dependency>.enabled=false

Use useExistingSecret options to reference pre-created Kubernetes secrets for sensitive data

ConfigMap Environment Variables

Key environment variables configured via bankTransfer.configmap:

Variable	Description	Default
`ENV_NAME`	Environment name	`production`
`LOG_LEVEL`	Log level	`info`
`SERVER_ADDRESS`	Server listen address	`:8080`
`POSTGRES_HOST`	PostgreSQL host	Dynamic based on release
`REDIS_HOST`	Redis/Valkey host	Dynamic based on release
`AUTH_ENABLED`	Enable authentication	`true`
`JD_SANDBOX_MODE`	Enable JD sandbox mode (fake adapter)	`false`
`MIDAZ_BASE_URL`	Midaz API base URL	Required
`CRM_BASE_URL`	CRM adapter base URL	Required
`FEES_BASE_URL`	Fees adapter base URL	Required
`JD_BASE_URL`	JD SPB SOAP API URL	Required (unless `JD_SANDBOX_MODE=true`)
`JD_ORIGIN_ISPB`	Bank ISPB code for JD	Required (unless `JD_SANDBOX_MODE=true`)
`LICENSE_SERVICE_ADDRESS`	License validation service URL	Optional
`ORGANIZATION_IDS`	Organization IDs for license validation	Optional

For a complete list, see values.yaml.

Secrets

Key secrets configured via bankTransfer.secrets:

Secret	Description
`POSTGRES_PASSWORD`	PostgreSQL password
`REDIS_PASSWORD`	Redis/Valkey password
`MONGO_PASSWORD`	MongoDB password
`MONGO_URI`	MongoDB connection URI (auto-generated if not provided)
`JD_INCOMING_RAW_XML_ENCRYPTION_KEY_BASE64`	Encryption key (32-byte base64)
`RECIPIENT_DETAILS_ENCRYPTION_KEY_BASE64`	Encryption key (32-byte base64)
`JD_WEBHOOK_NOTIFICATION_RAW_XML_DECRYPTION_KEY_BASE64`	Decryption key (32-byte base64)

Development Mode

For local development/testing, you can disable authentication and use sandbox mode:

bankTransfer:
  configmap:
    ENV_NAME: "development"
    AUTH_ENABLED: "false"
    POSTGRES_SSLMODE: "disable"
    JD_SANDBOX_MODE: "true"  # Uses fake JD adapter (no real bank calls)

Note: License validation is controlled via LICENSE_SERVICE_ADDRESS and ORGANIZATION_IDS. When these are not set, license validation is skipped.

Support

For more information, see the Lerian Studio Documentation or contact the maintainers.

This site is open source. Improve this page.