Source code can be found here:
This helm chart installs the Plugin BR PIX Indirect BTG for Midaz, enabling PIX instant payment integration with BTG Pactual.
To install the Plugin BR PIX Indirect BTG using Helm, run the following command:
$ helm install plugin-br-pix-indirect-btg oci://registry-1.docker.io/lerianstudio/plugin-br-pix-indirect-btg-helm --version 1.1.0-beta.2 -n midaz-plugins --create-namespace
This will create a new namespace called midaz-plugins if it doesn’t already exist and deploy the Plugin BR PIX Indirect BTG Helm chart.
After installation, you can verify that the release was successful by listing the Helm releases in the midaz-plugins namespace:
$ helm list -n midaz-plugins
Before deploying, you must configure the following required fields. The chart will fail validation if these are not set
Create a custom values file (e.g., values-custom.yaml) with the required configuration:
pix:
configmap:
BTG_BASE_URL: "https://api.btgpactual.com" # or sandbox URL
PIX_ISPB: "12345678" # Your bank's ISPB (8 digits)
MIDAZ_ORGANIZATION_ID: "your-organization-id"
MIDAZ_LEDGER_ID: "your-ledger-id"
secrets:
BTG_CLIENT_ID: "your-btg-client-id"
BTG_CLIENT_SECRET: "your-btg-client-secret"
MIDAZ_CLIENT_ID: "your-midaz-client-id"
MIDAZ_CLIENT_SECRET: "your-midaz-client-secret"
LICENSE_KEY: "your-license-key"
DB_PASSWORD: "strong-database-password"
DB_REPLICA_PASSWORD: "strong-replica-password"
MONGO_PASSWORD: "strong-mongo-password"
outbound:
configmap:
WEBHOOK_CLIENT_URL: "https://your-api.com/webhook"
postgresql:
auth:
password: "strong-postgresql-password"
mongodb:
auth:
rootPassword: "strong-mongodb-password"
Then install with your custom values:
$ helm install plugin-br-pix-indirect-btg oci://registry-1.docker.io/lerianstudio/plugin-br-pix-indirect-btg-helm --version 1.1.0-beta.2 -f values-custom.yaml -n midaz-plugins --create-namespace
The Plugin BR PIX Indirect BTG system consists of three main components:
| Parameter | Description | Default Value |
|---|---|---|
pix.name |
Service name. | "plugin-br-pix-indirect-btg" |
pix.replicaCount |
Number of replicas for the deployment. | 1 |
pix.image.repository |
Repository for the container image. | "ghcr.io/lerianstudio/plugin-br-pix-indirect-btg" |
pix.image.pullPolicy |
Image pull policy. | "Always" |
pix.image.tag |
Image tag used for deployment. | "1.0.0-rc.11" |
pix.imagePullSecrets |
Secrets for pulling images from a private registry. | [] |
pix.nameOverride |
Overrides the default generated name by Helm. | "" |
pix.fullnameOverride |
Overrides the full name generated by Helm. | "" |
pix.podAnnotations |
Pod annotations for additional metadata. | {} |
pix.podSecurityContext |
Security context applied at the pod level. | {} |
pix.securityContext.* |
Defines security context settings for the container. | See values.yaml |
pix.pdb.enabled |
Specifies whether PodDisruptionBudget is enabled. | true |
pix.pdb.minAvailable |
Minimum number of available pods. | 1 |
pix.pdb.maxUnavailable |
Maximum number of unavailable pods. | 1 |
pix.pdb.annotations |
Annotations for the PodDisruptionBudget. | {} |
pix.service.type |
Kubernetes service type. | "ClusterIP" |
pix.service.port |
Port for the HTTP API. | 4014 |
pix.service.annotations |
Annotations for the service. | {} |
pix.ingress.enabled |
Specifies whether Ingress is enabled. | false |
pix.ingress.className |
Ingress class name. | "" |
pix.ingress.annotations |
Additional ingress annotations. | {} |
pix.ingress.hosts |
Configured hosts for Ingress and associated paths. | [] |
pix.ingress.tls |
TLS configurations for Ingress. | [] |
pix.resources.* |
CPU/Memory resource requests/limits. | See values.yaml |
pix.autoscaling.enabled |
Specifies whether autoscaling is enabled. | true |
pix.autoscaling.minReplicas |
Minimum number of replicas for autoscaling. | 1 |
pix.autoscaling.maxReplicas |
Maximum number of replicas for autoscaling. | 3 |
pix.autoscaling.targetCPUUtilizationPercentage |
Target CPU utilization percentage for autoscaling. | 80 |
pix.autoscaling.targetMemoryUtilizationPercentage |
Target memory utilization percentage for autoscaling. | 80 |
pix.nodeSelector |
Node selectors for pod scheduling. | {} |
pix.tolerations |
Tolerations for pod scheduling. | {} |
pix.affinity |
Affinity rules for pod scheduling. | {} |
pix.configmap.* |
Environment variables for the service. | See values.yaml |
pix.secrets.* |
Secrets for the service. | See values.yaml |
pix.useExistingSecrets |
Use an existing secret instead of creating a new one. | false |
pix.existingSecretName |
The name of the existing secret to use. | "" |
pix.extraEnvVars |
A list of extra environment variables. | [] |
If you want to use an existing Kubernetes Secret for the pix service, you can create it manually with the following command:
kubectl create secret generic plugin-br-pix-indirect-btg-pix \
--from-literal=BTG_CLIENT_ID='<your-btg-client-id>' \
--from-literal=BTG_CLIENT_SECRET='<your-btg-client-secret>' \
--from-literal=MIDAZ_CLIENT_ID='<your-midaz-client-id>' \
--from-literal=MIDAZ_CLIENT_SECRET='<your-midaz-client-secret>' \
--from-literal=LICENSE_KEY='<your-license-key>' \
--from-literal=DB_PASSWORD='<your-db-password>' \
--from-literal=DB_REPLICA_PASSWORD='<your-db-replica-password>' \
--from-literal=REPLICATION_PASSWORD='<your-replication-password>' \
--from-literal=MONGO_PASSWORD='<your-mongo-password>' \
--from-literal=REDIS_PASSWORD='<your-redis-password>' \
--from-literal=PLUGIN_CRM_CLIENT_ID='<your-crm-client-id>' \
--from-literal=PLUGIN_CRM_CLIENT_SECRET='<your-crm-client-secret>' \
-n midaz-plugins
Then configure the pix service to use this existing secret:
pix:
useExistingSecrets: true
existingSecretName: "plugin-br-pix-indirect-btg-pix"
| Parameter | Description | Default Value |
|---|---|---|
inbound.name |
Service name. | "plugin-br-pix-indirect-btg-worker-inbound" |
inbound.replicaCount |
Number of replicas for the inbound worker. | 1 |
inbound.image.repository |
Repository for the inbound worker container image. | "ghcr.io/lerianstudio/plugin-br-pix-indirect-btg-worker-inbound" |
inbound.image.pullPolicy |
Image pull policy. | "Always" |
inbound.image.tag |
Image tag used for deployment. | "1.0.0-rc.11" |
inbound.imagePullSecrets |
Secrets for pulling images from a private registry. | [] |
inbound.podAnnotations |
Pod annotations for additional metadata. | {} |
inbound.podSecurityContext |
Security context for the pod. | {} |
inbound.securityContext.* |
Defines security context settings for the container. | See values.yaml |
inbound.pdb.enabled |
Enable or disable PodDisruptionBudget. | true |
inbound.pdb.minAvailable |
Minimum number of available pods. | 1 |
inbound.pdb.maxUnavailable |
Maximum number of unavailable pods. | 1 |
inbound.pdb.annotations |
Annotations for the PodDisruptionBudget. | {} |
inbound.service.type |
Kubernetes service type. | "ClusterIP" |
inbound.service.port |
Port for the HTTP API. | 4016 |
inbound.service.annotations |
Annotations for the service. | {} |
inbound.ingress.enabled |
Enable or disable ingress. | false |
inbound.ingress.className |
Ingress class name. | "" |
inbound.ingress.annotations |
Additional ingress annotations. | {} |
inbound.ingress.hosts |
Configured hosts for ingress and associated paths. | [] |
inbound.ingress.tls |
TLS configuration for ingress. | [] |
inbound.resources.* |
CPU/Memory resource requests/limits. | See values.yaml |
inbound.autoscaling.enabled |
Enable or disable horizontal pod autoscaling. | true |
inbound.autoscaling.minReplicas |
Minimum number of replicas for autoscaling. | 1 |
inbound.autoscaling.maxReplicas |
Maximum number of replicas for autoscaling. | 3 |
inbound.autoscaling.targetCPUUtilizationPercentage |
Target CPU utilization percentage for autoscaling. | 80 |
inbound.autoscaling.targetMemoryUtilizationPercentage |
Target memory utilization percentage for autoscaling. | 80 |
inbound.nodeSelector |
Node selector for scheduling pods on specific nodes. | {} |
inbound.tolerations |
Tolerations for scheduling on tainted nodes. | {} |
inbound.affinity |
Affinity rules for pod scheduling. | {} |
inbound.configmap.* |
Environment variables for the service. | See values.yaml |
inbound.secrets.* |
Secrets for the service. | See values.yaml |
inbound.useExistingSecrets |
Use an existing secret instead of creating a new one. | false |
inbound.existingSecretName |
The name of the existing secret to use. | "" |
inbound.extraEnvVars |
A list of extra environment variables. | [] |
If you want to use an existing Kubernetes Secret for the inbound worker, you can create it manually with the following command:
kubectl create secret generic plugin-br-pix-indirect-btg-inbound \
--from-literal=DB_PASSWORD='<your-db-password>' \
--from-literal=DB_REPLICA_PASSWORD='<your-db-replica-password>' \
--from-literal=MONGO_PASSWORD='<your-mongo-password>' \
-n midaz-plugins
Then configure the inbound service to use this existing secret:
inbound:
useExistingSecrets: true
existingSecretName: "plugin-br-pix-indirect-btg-inbound"
| Parameter | Description | Default Value |
|---|---|---|
outbound.name |
Service name. | "plugin-br-pix-indirect-btg-worker-outbound" |
outbound.replicaCount |
Number of replicas for the outbound worker. | 1 |
outbound.image.repository |
Repository for the outbound worker container image. | "ghcr.io/lerianstudio/plugin-br-pix-indirect-btg-worker-outbound" |
outbound.image.pullPolicy |
Image pull policy. | "Always" |
outbound.image.tag |
Image tag used for deployment. | "1.0.0-rc.11" |
outbound.imagePullSecrets |
Secrets for pulling images from a private registry. | [] |
outbound.podAnnotations |
Pod annotations for additional metadata. | {} |
outbound.podSecurityContext |
Security context for the pod. | {} |
outbound.securityContext.* |
Defines security context settings for the container. | See values.yaml |
outbound.pdb.enabled |
Enable or disable PodDisruptionBudget. | true |
outbound.pdb.minAvailable |
Minimum number of available pods. | 1 |
outbound.pdb.maxUnavailable |
Maximum number of unavailable pods. | 1 |
outbound.pdb.annotations |
Annotations for the PodDisruptionBudget. | {} |
outbound.service.type |
Kubernetes service type. | "ClusterIP" |
outbound.service.port |
Port for the HTTP API. | 4015 |
outbound.service.annotations |
Annotations for the service. | {} |
outbound.ingress.enabled |
Enable or disable ingress. | false |
outbound.ingress.className |
Ingress class name. | "" |
outbound.ingress.annotations |
Additional ingress annotations. | {} |
outbound.ingress.hosts |
Configured hosts for ingress and associated paths. | [] |
outbound.ingress.tls |
TLS configuration for ingress. | [] |
outbound.resources.* |
CPU/Memory resource requests/limits. | See values.yaml |
outbound.autoscaling.enabled |
Enable or disable horizontal pod autoscaling. | true |
outbound.autoscaling.minReplicas |
Minimum number of replicas for autoscaling. | 1 |
outbound.autoscaling.maxReplicas |
Maximum number of replicas for autoscaling. | 3 |
outbound.autoscaling.targetCPUUtilizationPercentage |
Target CPU utilization percentage for autoscaling. | 80 |
outbound.autoscaling.targetMemoryUtilizationPercentage |
Target memory utilization percentage for autoscaling. | 80 |
outbound.nodeSelector |
Node selector for scheduling pods on specific nodes. | {} |
outbound.tolerations |
Tolerations for scheduling on tainted nodes. | {} |
outbound.affinity |
Affinity rules for pod scheduling. | {} |
outbound.configmap.* |
Environment variables for the service. | See values.yaml |
outbound.secrets.* |
Secrets for the service. | See values.yaml |
outbound.useExistingSecrets |
Use an existing secret instead of creating a new one. | false |
outbound.existingSecretName |
The name of the existing secret to use. | "" |
outbound.extraEnvVars |
A list of extra environment variables. | [] |
If you want to use an existing Kubernetes Secret for the outbound worker, you can create it manually with the following command:
kubectl create secret generic plugin-br-pix-indirect-btg-outbound \
--from-literal=DB_PASSWORD='<your-db-password>' \
--from-literal=DB_REPLICA_PASSWORD='<your-db-replica-password>' \
--from-literal=MONGO_PASSWORD='<your-mongo-password>' \
-n midaz-plugins
Then configure the outbound service to use this existing secret:
outbound:
useExistingSecrets: true
existingSecretName: "plugin-br-pix-indirect-btg-outbound"
The Plugin BR PIX Indirect BTG Helm Chart optionally supports different Ingress Controllers for exposing services when necessary. It is possible to enable Ingress for the following services: PIX, Inbound Worker, and Outbound Worker. Below are the configurations for commonly used controllers.
To use the NGINX Ingress Controller, configure the values.yaml as follows:
pix:
ingress:
enabled: true
className: "nginx"
annotations: {}
hosts:
- host: pix.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: pix-tls
hosts:
- pix.example.com
For AWS ALB Ingress Controller, use the following configuration:
pix:
ingress:
enabled: true
className: "alb"
annotations:
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.name: "plugin-pix"
alb.ingress.kubernetes.io/healthcheck-path: "/healthz"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
hosts:
- host: pix.example.com
paths:
- path: /
pathType: Prefix
tls: []
For Traefik, configure the values.yaml as follows:
pix:
ingress:
enabled: true
className: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "web, websecure"
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- host: pix.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: pix-tls
hosts:
- pix.example.com
This Chart has the following dependencies for the project’s default installation. All dependencies are enabled by default.
valkey.enabled to false in the values file.Note: If you have an existing Valkey or Redis instance, you can disable this dependency and configure Plugin Components to use your external instance, like this:
pix:
configmap:
REDIS_HOST: { your-host }:{ your-host-port }
secrets:
REDIS_PASSWORD: { your-host-pass }
outbound:
configmap:
REDIS_HOST: { your-host }:{ your-host-port }
postgresql.enabled to false in the values file.Note: If you have an existing PostgreSQL instance, you can disable this dependency and configure Plugin Components to use your external PostgreSQL, like this:
pix:
configmap:
DB_HOST: { your-host }
DB_USER: { your-host-user }
DB_PORT: { your-host-port }
DB_REPLICA_HOST: { your-replication-host }
DB_REPLICA_USER: { your-replication-host-user }
DB_REPLICA_PORT: { your-replication-host-port}
secrets:
DB_PASSWORD: { your-host-pass }
DB_REPLICA_PASSWORD: { your-replication-host-pass }
inbound:
configmap:
DB_HOST: { your-host }
DB_USER: { your-host-user }
DB_PORT: { your-host-port }
DB_REPLICA_HOST: { your-replication-host }
DB_REPLICA_USER: { your-replication-host-user }
DB_REPLICA_PORT: { your-replication-host-port}
secrets:
DB_PASSWORD: { your-host-pass }
DB_REPLICA_PASSWORD: { your-replication-host-pass }
outbound:
configmap:
DB_HOST: { your-host }
DB_USER: { your-host-user }
DB_PORT: { your-host-port }
DB_REPLICA_HOST: { your-replication-host }
DB_REPLICA_USER: { your-replication-host-user }
DB_REPLICA_PORT: { your-replication-host-port}
secrets:
DB_PASSWORD: { your-host-pass }
DB_REPLICA_PASSWORD: { your-replication-host-pass }
mongodb.enabled to false in the values file.Note: If you have an existing MongoDB instance, you can disable this dependency and configure Plugin Components to use your external MongoDB, like this:
pix:
configmap:
MONGO_HOST: { your-host }
MONGO_NAME: { your-host-name }
MONGO_USER: { your-host-user }
MONGO_PORT: { your-host-port }
secrets:
MONGO_PASSWORD: { your-host-pass }
inbound:
configmap:
MONGO_HOST: { your-host }
MONGO_NAME: { your-host-name }
MONGO_USER: { your-host-user }
MONGO_PORT: { your-host-port }
secrets:
MONGO_PASSWORD: { your-host-pass }
outbound:
configmap:
MONGO_HOST: { your-host }
MONGO_NAME: { your-host-name }
MONGO_USER: { your-host-user }
MONGO_PORT: { your-host-port }
secrets:
MONGO_PASSWORD: { your-host-pass }
otel-collector-lerian.enabled to false in the values file.otel-collector-lerian:
enabled: false