Midaz components reference

The Midaz Helm chart deploys four possible service components: Ledger (unified, recommended), Onboarding (legacy), Transaction (legacy), and CRM (optional). Each component has its own deployment, service, ingress, and autoscaling configuration.

Quick decision: New installations → enable Ledger, disable Onboarding and Transaction. Migrating from v4.x → see Migration guide. Need CRM? → set crm.enabled: true.

Recommended for new installations: Use the unified Ledger service. The separate Onboarding and Transaction services are still supported but will become legacy in a future release.

Ledger (recommended)

The ledger service is a unified service that combines the functionality of both onboarding and transaction modules into a single deployment. This service is recommended for new installations and will become mandatory in future releases.

When ledger.enabled is set to true, the onboarding and transaction services are automatically disabled (unless migration.allowAllServices is set to true for testing purposes).

Enabling Ledger service:

ledger:
  enabled: true

onboarding:
  enabled: false

transaction:
  enabled: false

When ledger is enabled, the onboarding and transaction ingresses will automatically redirect traffic to the ledger service, maintaining backward compatibility with existing DNS configurations.

Parameter	Description	Default Value
`ledger.enabled`	Enable or disable the ledger service.	`false`
`ledger.name`	Service name.	`"ledger"`
`ledger.replicaCount`	Number of replicas for the ledger service.	`1`
`ledger.image.repository`	Repository for the ledger service container image.	`"lerianstudio/midaz-ledger"`
`ledger.image.pullPolicy`	Image pull policy.	`"IfNotPresent"`
`ledger.image.tag`	Image tag used for deployment.	`""` (defaults to Chart.AppVersion)
`ledger.imagePullSecrets`	Secrets for pulling images from a private registry.	`[]`
`ledger.nameOverride`	Overrides the default generated name by Helm.	`""`
`ledger.fullnameOverride`	Overrides the full name generated by Helm.	`""`
`ledger.podAnnotations`	Pod annotations for additional metadata.	`{}`
`ledger.podSecurityContext`	Security context applied at the pod level.	`{}`
`ledger.securityContext.*`	Defines security context settings for the container.	See `values.yaml`
`ledger.pdb.enabled`	Specifies whether PodDisruptionBudget is enabled.	`true`
`ledger.pdb.minAvailable`	Minimum number of available pods.	`1`
`ledger.pdb.maxUnavailable`	Maximum number of unavailable pods.	`1`
`ledger.pdb.annotations`	Annotations for the PodDisruptionBudget.	`{}`
`ledger.deploymentUpdate.*`	Deployment update strategy.	See `values.yaml`
`ledger.service.type`	Kubernetes service type.	`"ClusterIP"`
`ledger.service.port`	Port for the HTTP API.	`3002`
`ledger.service.annotations`	Annotations for the service.	`{}`
`ledger.ingress.enabled`	Specifies whether Ingress is enabled.	`false`
`ledger.ingress.className`	Ingress class name.	`""`
`ledger.ingress.annotations`	Additional ingress annotations.	`{}`
`ledger.ingress.hosts`	Configured hosts for Ingress and associated paths.	`[]`
`ledger.ingress.tls`	TLS configurations for Ingress.	`[]`
`ledger.resources.*`	CPU/Memory resource requests/limits.	See `values.yaml`
`ledger.autoscaling.enabled`	Specifies whether autoscaling is enabled.	`true`
`ledger.autoscaling.minReplicas`	Minimum number of replicas for autoscaling.	`2`
`ledger.autoscaling.maxReplicas`	Maximum number of replicas for autoscaling.	`5`
`ledger.autoscaling.targetCPUUtilizationPercentage`	Target CPU utilization percentage for autoscaling.	`80`
`ledger.autoscaling.targetMemoryUtilizationPercentage`	Target memory utilization percentage for autoscaling.	`80`
`ledger.nodeSelector`	Node selectors for pod scheduling.	`{}`
`ledger.tolerations`	Tolerations for pod scheduling.	`{}`
`ledger.affinity`	Affinity rules for pod scheduling.	`{}`
`ledger.configmap.*`	Environment variables for the service.	See `values.yaml`
`ledger.secrets.*`	Secrets for the service.	See `values.yaml`
`ledger.useExistingSecret`	Use an existing secret instead of creating a new one.	`false`
`ledger.existingSecretName`	The name of the existing secret to use.	`""`
`ledger.extraEnvVars`	A list of extra environment variables.	`[]`
`ledger.serviceAccount.create`	Specifies whether the service account should be created.	`true`
`ledger.serviceAccount.annotations`	Annotations for the service account.	`{}`
`ledger.serviceAccount.name`	Service account name. If not defined, it will be generated automatically.	`""`

Creating Ledger secret manually

If you want to use an existing Kubernetes Secret for the ledger service, you can create it manually:

kubectl create secret generic midaz-ledger \
  --from-literal=DB_ONBOARDING_PASSWORD='<your-db-onboarding-password>' \
  --from-literal=DB_ONBOARDING_REPLICA_PASSWORD='<your-db-onboarding-replica-password>' \
  --from-literal=MONGO_ONBOARDING_PASSWORD='<your-mongo-onboarding-password>' \
  --from-literal=DB_TRANSACTION_PASSWORD='<your-db-transaction-password>' \
  --from-literal=DB_TRANSACTION_REPLICA_PASSWORD='<your-db-transaction-replica-password>' \
  --from-literal=MONGO_TRANSACTION_PASSWORD='<your-mongo-transaction-password>' \
  --from-literal=REDIS_PASSWORD='<your-redis-password>' \
  --from-literal=RABBITMQ_DEFAULT_PASS='<your-rabbitmq-password>' \
  --from-literal=RABBITMQ_CONSUMER_PASS='<your-rabbitmq-consumer-password>' \
  -n midaz

The ledger service uses module-specific database credentials (onboarding and transaction) since it combines both modules.

Then configure the ledger service to use this existing secret:

ledger:
  enabled: true
  useExistingSecret: true
  existingSecretName: "midaz-ledger"

Onboarding (legacy)

The Onboarding service is still supported but will become legacy in a future release. We recommend using the unified Ledger service for new installations.

Parameter	Description	Default Value
`onboarding.name`	Service name.	`"onboarding"`
`onboarding.replicaCount`	Number of replicas for the onboarding service.	`2`
`onboarding.image.repository`	Repository for the onboarding service container image.	`"lerianstudio/midaz-onboarding"`
`onboarding.image.pullPolicy`	Image pull policy.	`"IfNotPresent"`
`onboarding.image.tag`	Image tag used for deployment.	`"3.5.3"`
`onboarding.imagePullSecrets`	Secrets for pulling images from a private registry.	`[]`
`onboarding.nameOverride`	Overrides the default generated name by Helm.	`""`
`onboarding.fullnameOverride`	Overrides the full name generated by Helm.	`""`
`onboarding.podAnnotations`	Pod annotations for additional metadata.	`{}`
`onboarding.podSecurityContext`	Security context applied at the pod level.	`{}`
`onboarding.securityContext.*`	Defines security context settings for the container.	See `values.yaml`
`onboarding.pdb.enabled`	Specifies whether PodDisruptionBudget is enabled.	`true`
`onboarding.pdb.minAvailable`	Minimum number of available pods.	`1`
`onboarding.pdb.maxUnavailable`	Maximum number of unavailable pods.	`1`
`onboarding.pdb.annotations`	Annotations for the PodDisruptionBudget.	`{}`
`onboarding.deploymentUpdate.*`	Deployment update strategy.	See `values.yaml`
`onboarding.service.type`	Kubernetes service type.	`"ClusterIP"`
`onboarding.service.port`	Port for the HTTP API.	`3000`
`onboarding.service.annotations`	Annotations for the service.	`{}`
`onboarding.ingress.enabled`	Specifies whether Ingress is enabled.	`false`
`onboarding.ingress.className`	Ingress class name.	`""`
`onboarding.ingress.annotations`	Additional ingress annotations.	`{}`
`onboarding.ingress.hosts`	Configured hosts for Ingress and associated paths.	`""`
`onboarding.ingress.tls`	TLS configurations for Ingress.	`[]`
`onboarding.resources.*`	CPU/Memory resource requests/limits.	See `values.yaml`
`onboarding.autoscaling.enabled`	Specifies whether autoscaling is enabled.	`true`
`onboarding.autoscaling.minReplicas`	Minimum number of replicas for autoscaling.	`2`
`onboarding.autoscaling.maxReplicas`	Maximum number of replicas for autoscaling.	`5`
`onboarding.autoscaling.targetCPUUtilizationPercentage`	Target CPU utilization percentage for autoscaling.	`80`
`onboarding.autoscaling.targetMemoryUtilizationPercentage`	Target memory utilization percentage for autoscaling.	`80`
`onboarding.nodeSelector`	Node selectors for pod scheduling.	`{}`
`onboarding.tolerations`	Tolerations for pod scheduling.	`{}`
`onboarding.affinity`	Affinity rules for pod scheduling.	`{}`
`onboarding.configmap.*`	Environment variables for the service.	See `values.yaml`
`onboarding.secrets.*`	Secrets for the service.	See `values.yaml`
`onboarding.useExistingSecret`	Use an existing secret instead of creating a new one.	`false`
`onboarding.existingSecretName`	The name of the existing secret to use.	`""`
`onboarding.extraEnvVars`	A list of extra environment variables.	`[]`
`onboarding.serviceAccount.create`	Specifies whether the service account should be created.	`true`
`onboarding.serviceAccount.annotations`	Annotations for the service account.	`{}`
`onboarding.serviceAccount.name`	Service account name. If not defined, it will be generated automatically.	`""`

Creating Onboarding secret manually

If you want to use an existing Kubernetes Secret for the onboarding service:

kubectl create secret generic midaz-onboarding \
  --from-literal=MONGO_PASSWORD='<your-mongo-password>' \
  --from-literal=DB_PASSWORD='<your-db-password>' \
  --from-literal=DB_REPLICA_PASSWORD='<your-db-replica-password>' \
  --from-literal=RABBITMQ_DEFAULT_PASS='<your-rabbitmq-password>' \
  --from-literal=REDIS_PASSWORD='<your-redis-password>' \
  -n midaz

Then configure the onboarding service to use this existing secret:

onboarding:
  useExistingSecret: true
  existingSecretName: "midaz-onboarding"

Transaction (legacy)

The Transaction service is still supported but will become legacy in a future release. We recommend using the unified Ledger service for new installations.

Parameter	Description	Default Value
`transaction.name`	Service name.	`"transaction"`
`transaction.replicaCount`	Number of replicas for the transaction service.	`1`
`transaction.image.repository`	Repository for the transaction service container image.	`"lerianstudio/midaz-transaction"`
`transaction.image.pullPolicy`	Image pull policy.	`"IfNotPresent"`
`transaction.image.tag`	Image tag used for deployment.	`"3.5.3"`
`transaction.imagePullSecrets`	Secrets for pulling images from a private registry.	`[]`
`transaction.nameOverride`	Overrides the default generated name by Helm.	`""`
`transaction.fullnameOverride`	Overrides the full name generated by Helm.	`""`
`transaction.podAnnotations`	Pod annotations for additional metadata.	`{}`
`transaction.podSecurityContext`	Security context for the pod.	`{}`
`transaction.securityContext.*`	Defines security context settings for the container.	See `values.yaml`
`transaction.pdb.enabled`	Enable or disable PodDisruptionBudget.	`true`
`transaction.pdb.minAvailable`	Minimum number of available pods.	`2`
`transaction.pdb.maxUnavailable`	Maximum number of unavailable pods.	`1`
`transaction.pdb.annotations`	Annotations for the PodDisruptionBudget.	`{}`
`transaction.deploymentUpdate.*`	Deployment update strategy.	See `values.yaml`
`transaction.service.type`	Kubernetes service type.	`"ClusterIP"`
`transaction.service.port`	Port for the HTTP API.	`3001`
`transaction.service.annotations`	Annotations for the service.	`{}`
`transaction.ingress.enabled`	Enable or disable ingress.	`false`
`transaction.ingress.className`	Ingress class name.	`""`
`transaction.ingress.annotations`	Additional ingress annotations.	`{}`
`transaction.ingress.hosts`	Configured hosts for ingress and associated paths.	`[]`
`transaction.ingress.tls`	TLS configuration for ingress.	`[]`
`transaction.resources.*`	CPU/Memory resource requests/limits.	See `values.yaml`
`transaction.autoscaling.enabled`	Enable or disable horizontal pod autoscaling.	`true`
`transaction.autoscaling.minReplicas`	Minimum number of replicas for autoscaling.	`1`
`transaction.autoscaling.maxReplicas`	Maximum number of replicas for autoscaling.	`5`
`transaction.autoscaling.targetCPUUtilizationPercentage`	Target CPU utilization percentage for autoscaling.	`80`
`transaction.autoscaling.targetMemoryUtilizationPercentage`	Target memory utilization percentage for autoscaling.	`80`
`transaction.nodeSelector`	Node selector for scheduling pods on specific nodes.	`{}`
`transaction.tolerations`	Tolerations for scheduling on tainted nodes.	`{}`
`transaction.affinity`	Affinity rules for pod scheduling.	`{}`
`transaction.configmap.*`	Environment variables for the service.	See `values.yaml`
`transaction.secrets.*`	Secrets for the service.	See `values.yaml`
`transaction.useExistingSecret`	Use an existing secret instead of creating a new one.	`false`
`transaction.existingSecretName`	The name of the existing secret to use.	`""`
`transaction.extraEnvVars`	A list of extra environment variables.	`[]`
`transaction.serviceAccount.create`	Specifies whether a ServiceAccount should be created.	`true`
`transaction.serviceAccount.annotations`	Annotations for the ServiceAccount.	`{}`
`transaction.serviceAccount.name`	Name of the service account.	`""`

Creating Transaction secret manually

If you want to use an existing Kubernetes Secret for the transaction service:

kubectl create secret generic midaz-transaction \
  --from-literal=MONGO_PASSWORD='<your-mongo-password>' \
  --from-literal=DB_PASSWORD='<your-db-password>' \
  --from-literal=DB_REPLICA_PASSWORD='<your-db-replica-password>' \
  --from-literal=RABBITMQ_DEFAULT_PASS='<your-rabbitmq-password>' \
  --from-literal=RABBITMQ_CONSUMER_PASS='<your-rabbitmq-consumer-password>' \
  --from-literal=REDIS_PASSWORD='<your-redis-password>' \
  -n midaz

The transaction service requires an additional secret key RABBITMQ_CONSUMER_PASS compared to onboarding.

Then configure the transaction service to use this existing secret:

transaction:
  useExistingSecret: true
  existingSecretName: "midaz-transaction"

CRM (Customer relationship management)

The crm service provides APIs for managing holder data and their relationships with ledger accounts. Previously available as a separate chart (plugin-crm) deployed in the midaz-plugins namespace, the CRM is now integrated into the main Midaz Helm chart and deployed in the midaz namespace.

If you are currently using plugin-crm in the midaz-plugins namespace, we recommend migrating to this new integrated CRM workload. See the Upgrading Helm guide for migration steps.

For more details about CRM functionality, refer to the CRM Documentation.

Enabling CRM service:

crm:
  enabled: true
  configmap:
    MONGO_HOST: "midaz-mongodb"  # Use your MongoDB host
    MONGO_NAME: "crm"
    MONGO_USER: "midaz"
  secrets:
    MONGO_PASSWORD: "lerian"

Parameter	Description	Default Value
`crm.enabled`	Enable or disable the CRM service.	`false`
`crm.name`	Service name.	`"crm"`
`crm.replicaCount`	Number of replicas for the CRM service.	`1`
`crm.image.repository`	Repository for the CRM service container image.	`"lerianstudio/midaz-crm"`
`crm.image.pullPolicy`	Image pull policy.	`"Always"`
`crm.image.tag`	Image tag used for deployment.	`"3.5.3"`
`crm.imagePullSecrets`	Secrets for pulling images from a private registry.	`[]`
`crm.nameOverride`	Overrides the default generated name by Helm.	`""`
`crm.fullnameOverride`	Overrides the full name generated by Helm.	`""`
`crm.podAnnotations`	Pod annotations for additional metadata.	`{}`
`crm.podSecurityContext`	Security context applied at the pod level.	`{}`
`crm.securityContext.*`	Defines security context settings for the container.	See `values.yaml`
`crm.pdb.enabled`	Specifies whether PodDisruptionBudget is enabled.	`true`
`crm.pdb.minAvailable`	Minimum number of available pods.	`1`
`crm.pdb.maxUnavailable`	Maximum number of unavailable pods.	`1`
`crm.pdb.annotations`	Annotations for the PodDisruptionBudget.	`{}`
`crm.deploymentUpdate.type`	Type of deployment strategy.	`"RollingUpdate"`
`crm.deploymentUpdate.maxSurge`	Maximum number of pods that can be created over the desired number of pods.	`1`
`crm.deploymentUpdate.maxUnavailable`	Maximum number of pods that can be unavailable during the update.	`1`
`crm.service.type`	Kubernetes service type.	`"ClusterIP"`
`crm.service.port`	Service port.	`4003`
`crm.ingress.enabled`	Specifies whether Ingress is enabled.	`false`
`crm.ingress.className`	Ingress class name.	`""`
`crm.ingress.annotations`	Additional ingress annotations.	`{}`
`crm.ingress.hosts`	Configured hosts for Ingress and associated paths.	`[]`
`crm.ingress.tls`	TLS configurations for Ingress.	`[]`
`crm.resources.*`	CPU/Memory resource requests/limits.	See `values.yaml`
`crm.autoscaling.enabled`	Specifies whether autoscaling is enabled.	`true`
`crm.autoscaling.minReplicas`	Minimum number of replicas for autoscaling.	`1`
`crm.autoscaling.maxReplicas`	Maximum number of replicas for autoscaling.	`3`
`crm.autoscaling.targetCPUUtilizationPercentage`	Target CPU utilization percentage for autoscaling.	`80`
`crm.autoscaling.targetMemoryUtilizationPercentage`	Target memory utilization percentage for autoscaling.	`80`
`crm.nodeSelector`	Node selectors for pod scheduling.	`{}`
`crm.tolerations`	Tolerations for pod scheduling.	`{}`
`crm.affinity`	Affinity rules for pod scheduling.	`{}`
`crm.configmap.*`	Environment variables for the service.	See `values.yaml`
`crm.secrets.*`	Secrets for the service.	See `values.yaml`
`crm.useExistingSecret`	Use an existing secret instead of creating a new one.	`false`
`crm.existingSecretName`	The name of the existing secret to use.	`""`
`crm.extraEnvVars`	A list of extra environment variables.	`{}`

Creating CRM secret manually

If you want to use an existing Kubernetes Secret for the CRM service:

kubectl create secret generic midaz-crm \
  --from-literal=LCRYPTO_HASH_SECRET_KEY='<your-hash-secret-key>' \
  --from-literal=LCRYPTO_ENCRYPT_SECRET_KEY='<your-encrypt-secret-key>' \
  --from-literal=MONGO_PASSWORD='<your-mongo-password>' \
  -n midaz

Then configure the CRM service to use this existing secret:

crm:
  enabled: true
  useExistingSecret: true
  existingSecretName: "midaz-crm"

Introduction

Midaz

Other products

Midaz components reference

Ledger (recommended)

Creating Ledger secret manually

Onboarding (legacy)

Creating Onboarding secret manually

Transaction (legacy)

Creating Transaction secret manually

CRM (Customer relationship management)

Creating CRM secret manually

Introduction

Midaz

Other products

​Ledger (recommended)

​Creating Ledger secret manually

​Onboarding (legacy)

​Creating Onboarding secret manually

​Transaction (legacy)

​Creating Transaction secret manually

​CRM (Customer relationship management)

​Creating CRM secret manually

Ledger (recommended)

Creating Ledger secret manually

Onboarding (legacy)

Creating Onboarding secret manually

Transaction (legacy)

Creating Transaction secret manually

CRM (Customer relationship management)

Creating CRM secret manually