> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.
# Midaz components reference
> Configure Helm chart components for Midaz — Ledger, Onboarding, Transaction, and CRM — with deployment, service, and ingress settings.
The Midaz Helm chart deploys four possible service components: **Ledger** (unified, recommended), **Onboarding** (legacy), **Transaction** (legacy), and **CRM** (optional). Each component has its own deployment, service, ingress, and autoscaling configuration.
**Quick decision:** New installations → enable Ledger, disable Onboarding and Transaction. Migrating from v4.x → see [Migration guide](/en/platform/helm/midaz/midaz-migrate-v4-to-v5). Need CRM? → set `crm.enabled: true`.
**Recommended for new installations**: Use the unified **Ledger** service. The separate Onboarding and Transaction services are still supported but will become legacy in a future release.
### Ledger (recommended)
The `ledger` service is a unified service that combines the functionality of both onboarding and transaction modules into a single deployment. This service is recommended for new installations and will become mandatory in future releases.
When `ledger.enabled` is set to `true`, the onboarding and transaction services are automatically disabled (unless `migration.allowAllServices` is set to `true` for testing purposes).
**Enabling Ledger service:**
```yaml theme={null}
ledger:
enabled: true
onboarding:
enabled: false
transaction:
enabled: false
```
When ledger is enabled, the onboarding and transaction ingresses will automatically redirect traffic to the ledger service, maintaining backward compatibility with existing DNS configurations.
| Parameter | Description | Default Value |
| :----------------------------------------------------- | :------------------------------------------------------------------------ | :---------------------------------- |
| `ledger.enabled` | Enable or disable the ledger service. | `false` |
| `ledger.name` | Service name. | `"ledger"` |
| `ledger.replicaCount` | Number of replicas for the ledger service. | `1` |
| `ledger.image.repository` | Repository for the ledger service container image. | `"lerianstudio/midaz-ledger"` |
| `ledger.image.pullPolicy` | Image pull policy. | `"IfNotPresent"` |
| `ledger.image.tag` | Image tag used for deployment. | `""` (defaults to Chart.AppVersion) |
| `ledger.imagePullSecrets` | Secrets for pulling images from a private registry. | `[]` |
| `ledger.nameOverride` | Overrides the default generated name by Helm. | `""` |
| `ledger.fullnameOverride` | Overrides the full name generated by Helm. | `""` |
| `ledger.podAnnotations` | Pod annotations for additional metadata. | `{}` |
| `ledger.podSecurityContext` | Security context applied at the pod level. | `{}` |
| `ledger.securityContext.*` | Defines security context settings for the container. | See `values.yaml` |
| `ledger.pdb.enabled` | Specifies whether PodDisruptionBudget is enabled. | `true` |
| `ledger.pdb.minAvailable` | Minimum number of available pods. | `1` |
| `ledger.pdb.maxUnavailable` | Maximum number of unavailable pods. | `1` |
| `ledger.pdb.annotations` | Annotations for the PodDisruptionBudget. | `{}` |
| `ledger.deploymentUpdate.*` | Deployment update strategy. | See `values.yaml` |
| `ledger.service.type` | Kubernetes service type. | `"ClusterIP"` |
| `ledger.service.port` | Port for the HTTP API. | `3002` |
| `ledger.service.annotations` | Annotations for the service. | `{}` |
| `ledger.ingress.enabled` | Specifies whether Ingress is enabled. | `false` |
| `ledger.ingress.className` | Ingress class name. | `""` |
| `ledger.ingress.annotations` | Additional ingress annotations. | `{}` |
| `ledger.ingress.hosts` | Configured hosts for Ingress and associated paths. | `[]` |
| `ledger.ingress.tls` | TLS configurations for Ingress. | `[]` |
| `ledger.resources.*` | CPU/Memory resource requests/limits. | See `values.yaml` |
| `ledger.autoscaling.enabled` | Specifies whether autoscaling is enabled. | `true` |
| `ledger.autoscaling.minReplicas` | Minimum number of replicas for autoscaling. | `2` |
| `ledger.autoscaling.maxReplicas` | Maximum number of replicas for autoscaling. | `5` |
| `ledger.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage for autoscaling. | `80` |
| `ledger.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage for autoscaling. | `80` |
| `ledger.nodeSelector` | Node selectors for pod scheduling. | `{}` |
| `ledger.tolerations` | Tolerations for pod scheduling. | `{}` |
| `ledger.affinity` | Affinity rules for pod scheduling. | `{}` |
| `ledger.configmap.*` | Environment variables for the service. | See `values.yaml` |
| `ledger.secrets.*` | Secrets for the service. | See `values.yaml` |
| `ledger.useExistingSecret` | Use an existing secret instead of creating a new one. | `false` |
| `ledger.existingSecretName` | The name of the existing secret to use. | `""` |
| `ledger.extraEnvVars` | A list of extra environment variables. | `[]` |
| `ledger.serviceAccount.create` | Specifies whether the service account should be created. | `true` |
| `ledger.serviceAccount.annotations` | Annotations for the service account. | `{}` |
| `ledger.serviceAccount.name` | Service account name. If not defined, it will be generated automatically. | `""` |
#### Creating Ledger secret manually
If you want to use an existing Kubernetes Secret for the ledger service, you can create it manually:
```bash theme={null}
kubectl create secret generic midaz-ledger \
--from-literal=DB_ONBOARDING_PASSWORD='' \
--from-literal=DB_ONBOARDING_REPLICA_PASSWORD='' \
--from-literal=MONGO_ONBOARDING_PASSWORD='' \
--from-literal=DB_TRANSACTION_PASSWORD='' \
--from-literal=DB_TRANSACTION_REPLICA_PASSWORD='' \
--from-literal=MONGO_TRANSACTION_PASSWORD='' \
--from-literal=REDIS_PASSWORD='' \
--from-literal=RABBITMQ_DEFAULT_PASS='' \
--from-literal=RABBITMQ_CONSUMER_PASS='' \
-n midaz
```
The ledger service uses module-specific database credentials (onboarding and transaction) since it combines both modules.
Then configure the ledger service to use this existing secret:
```yaml theme={null}
ledger:
enabled: true
useExistingSecret: true
existingSecretName: "midaz-ledger"
```
### Onboarding (legacy)
The Onboarding service is still supported but will become legacy in a future release. We recommend using the unified **Ledger** service for new installations.
| Parameter | Description | Default Value |
| :--------------------------------------------------------- | :------------------------------------------------------------------------ | :-------------------------------- |
| `onboarding.name` | Service name. | `"onboarding"` |
| `onboarding.replicaCount` | Number of replicas for the onboarding service. | `2` |
| `onboarding.image.repository` | Repository for the onboarding service container image. | `"lerianstudio/midaz-onboarding"` |
| `onboarding.image.pullPolicy` | Image pull policy. | `"IfNotPresent"` |
| `onboarding.image.tag` | Image tag used for deployment. | `"3.5.3"` |
| `onboarding.imagePullSecrets` | Secrets for pulling images from a private registry. | `[]` |
| `onboarding.nameOverride` | Overrides the default generated name by Helm. | `""` |
| `onboarding.fullnameOverride` | Overrides the full name generated by Helm. | `""` |
| `onboarding.podAnnotations` | Pod annotations for additional metadata. | `{}` |
| `onboarding.podSecurityContext` | Security context applied at the pod level. | `{}` |
| `onboarding.securityContext.*` | Defines security context settings for the container. | See `values.yaml` |
| `onboarding.pdb.enabled` | Specifies whether PodDisruptionBudget is enabled. | `true` |
| `onboarding.pdb.minAvailable` | Minimum number of available pods. | `1` |
| `onboarding.pdb.maxUnavailable` | Maximum number of unavailable pods. | `1` |
| `onboarding.pdb.annotations` | Annotations for the PodDisruptionBudget. | `{}` |
| `onboarding.deploymentUpdate.*` | Deployment update strategy. | See `values.yaml` |
| `onboarding.service.type` | Kubernetes service type. | `"ClusterIP"` |
| `onboarding.service.port` | Port for the HTTP API. | `3000` |
| `onboarding.service.annotations` | Annotations for the service. | `{}` |
| `onboarding.ingress.enabled` | Specifies whether Ingress is enabled. | `false` |
| `onboarding.ingress.className` | Ingress class name. | `""` |
| `onboarding.ingress.annotations` | Additional ingress annotations. | `{}` |
| `onboarding.ingress.hosts` | Configured hosts for Ingress and associated paths. | `""` |
| `onboarding.ingress.tls` | TLS configurations for Ingress. | `[]` |
| `onboarding.resources.*` | CPU/Memory resource requests/limits. | See `values.yaml` |
| `onboarding.autoscaling.enabled` | Specifies whether autoscaling is enabled. | `true` |
| `onboarding.autoscaling.minReplicas` | Minimum number of replicas for autoscaling. | `2` |
| `onboarding.autoscaling.maxReplicas` | Maximum number of replicas for autoscaling. | `5` |
| `onboarding.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage for autoscaling. | `80` |
| `onboarding.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage for autoscaling. | `80` |
| `onboarding.nodeSelector` | Node selectors for pod scheduling. | `{}` |
| `onboarding.tolerations` | Tolerations for pod scheduling. | `{}` |
| `onboarding.affinity` | Affinity rules for pod scheduling. | `{}` |
| `onboarding.configmap.*` | Environment variables for the service. | See `values.yaml` |
| `onboarding.secrets.*` | Secrets for the service. | See `values.yaml` |
| `onboarding.useExistingSecret` | Use an existing secret instead of creating a new one. | `false` |
| `onboarding.existingSecretName` | The name of the existing secret to use. | `""` |
| `onboarding.extraEnvVars` | A list of extra environment variables. | `[]` |
| `onboarding.serviceAccount.create` | Specifies whether the service account should be created. | `true` |
| `onboarding.serviceAccount.annotations` | Annotations for the service account. | `{}` |
| `onboarding.serviceAccount.name` | Service account name. If not defined, it will be generated automatically. | `""` |
#### Creating Onboarding secret manually
If you want to use an existing Kubernetes Secret for the onboarding service:
```bash theme={null}
kubectl create secret generic midaz-onboarding \
--from-literal=MONGO_PASSWORD='' \
--from-literal=DB_PASSWORD='' \
--from-literal=DB_REPLICA_PASSWORD='' \
--from-literal=RABBITMQ_DEFAULT_PASS='' \
--from-literal=REDIS_PASSWORD='' \
-n midaz
```
Then configure the onboarding service to use this existing secret:
```yaml theme={null}
onboarding:
useExistingSecret: true
existingSecretName: "midaz-onboarding"
```
### Transaction (legacy)
The Transaction service is still supported but will become legacy in a future release. We recommend using the unified **Ledger** service for new installations.
| Parameter | Description | Default Value |
| :---------------------------------------------------------- | :------------------------------------------------------ | :--------------------------------- |
| `transaction.name` | Service name. | `"transaction"` |
| `transaction.replicaCount` | Number of replicas for the transaction service. | `1` |
| `transaction.image.repository` | Repository for the transaction service container image. | `"lerianstudio/midaz-transaction"` |
| `transaction.image.pullPolicy` | Image pull policy. | `"IfNotPresent"` |
| `transaction.image.tag` | Image tag used for deployment. | `"3.5.3"` |
| `transaction.imagePullSecrets` | Secrets for pulling images from a private registry. | `[]` |
| `transaction.nameOverride` | Overrides the default generated name by Helm. | `""` |
| `transaction.fullnameOverride` | Overrides the full name generated by Helm. | `""` |
| `transaction.podAnnotations` | Pod annotations for additional metadata. | `{}` |
| `transaction.podSecurityContext` | Security context for the pod. | `{}` |
| `transaction.securityContext.*` | Defines security context settings for the container. | See `values.yaml` |
| `transaction.pdb.enabled` | Enable or disable PodDisruptionBudget. | `true` |
| `transaction.pdb.minAvailable` | Minimum number of available pods. | `2` |
| `transaction.pdb.maxUnavailable` | Maximum number of unavailable pods. | `1` |
| `transaction.pdb.annotations` | Annotations for the PodDisruptionBudget. | `{}` |
| `transaction.deploymentUpdate.*` | Deployment update strategy. | See `values.yaml` |
| `transaction.service.type` | Kubernetes service type. | `"ClusterIP"` |
| `transaction.service.port` | Port for the HTTP API. | `3001` |
| `transaction.service.annotations` | Annotations for the service. | `{}` |
| `transaction.ingress.enabled` | Enable or disable ingress. | `false` |
| `transaction.ingress.className` | Ingress class name. | `""` |
| `transaction.ingress.annotations` | Additional ingress annotations. | `{}` |
| `transaction.ingress.hosts` | Configured hosts for ingress and associated paths. | `[]` |
| `transaction.ingress.tls` | TLS configuration for ingress. | `[]` |
| `transaction.resources.*` | CPU/Memory resource requests/limits. | See `values.yaml` |
| `transaction.autoscaling.enabled` | Enable or disable horizontal pod autoscaling. | `true` |
| `transaction.autoscaling.minReplicas` | Minimum number of replicas for autoscaling. | `1` |
| `transaction.autoscaling.maxReplicas` | Maximum number of replicas for autoscaling. | `5` |
| `transaction.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage for autoscaling. | `80` |
| `transaction.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage for autoscaling. | `80` |
| `transaction.nodeSelector` | Node selector for scheduling pods on specific nodes. | `{}` |
| `transaction.tolerations` | Tolerations for scheduling on tainted nodes. | `{}` |
| `transaction.affinity` | Affinity rules for pod scheduling. | `{}` |
| `transaction.configmap.*` | Environment variables for the service. | See `values.yaml` |
| `transaction.secrets.*` | Secrets for the service. | See `values.yaml` |
| `transaction.useExistingSecret` | Use an existing secret instead of creating a new one. | `false` |
| `transaction.existingSecretName` | The name of the existing secret to use. | `""` |
| `transaction.extraEnvVars` | A list of extra environment variables. | `[]` |
| `transaction.serviceAccount.create` | Specifies whether a ServiceAccount should be created. | `true` |
| `transaction.serviceAccount.annotations` | Annotations for the ServiceAccount. | `{}` |
| `transaction.serviceAccount.name` | Name of the service account. | `""` |
#### Creating Transaction secret manually
If you want to use an existing Kubernetes Secret for the transaction service:
```bash theme={null}
kubectl create secret generic midaz-transaction \
--from-literal=MONGO_PASSWORD='' \
--from-literal=DB_PASSWORD='' \
--from-literal=DB_REPLICA_PASSWORD='' \
--from-literal=RABBITMQ_DEFAULT_PASS='' \
--from-literal=RABBITMQ_CONSUMER_PASS='' \
--from-literal=REDIS_PASSWORD='' \
-n midaz
```
The transaction service requires an additional secret key `RABBITMQ_CONSUMER_PASS` compared to onboarding.
Then configure the transaction service to use this existing secret:
```yaml theme={null}
transaction:
useExistingSecret: true
existingSecretName: "midaz-transaction"
```
### CRM (Customer relationship management)
The `crm` service provides APIs for managing holder data and their relationships with ledger accounts. Previously available as a separate chart (`plugin-crm`) deployed in the `midaz-plugins` namespace, the CRM is now integrated into the main Midaz Helm chart and deployed in the `midaz` namespace.
If you are currently using `plugin-crm` in the `midaz-plugins` namespace, we recommend migrating to this new integrated CRM workload. See the [Upgrading Helm](/en/platform/helm/midaz/midaz-upgrade-guide) guide for migration steps.
For more details about CRM functionality, refer to the [CRM Documentation](/en/midaz/crm/crm-overview).
**Enabling CRM service:**
```yaml theme={null}
crm:
enabled: true
configmap:
MONGO_HOST: "midaz-mongodb" # Use your MongoDB host
MONGO_NAME: "crm"
MONGO_USER: "midaz"
secrets:
MONGO_PASSWORD: "lerian"
```
| Parameter | Description | Default Value |
| :-------------------------------------------------- | :-------------------------------------------------------------------------- | :------------------------- |
| `crm.enabled` | Enable or disable the CRM service. | `false` |
| `crm.name` | Service name. | `"crm"` |
| `crm.replicaCount` | Number of replicas for the CRM service. | `1` |
| `crm.image.repository` | Repository for the CRM service container image. | `"lerianstudio/midaz-crm"` |
| `crm.image.pullPolicy` | Image pull policy. | `"Always"` |
| `crm.image.tag` | Image tag used for deployment. | `"3.5.3"` |
| `crm.imagePullSecrets` | Secrets for pulling images from a private registry. | `[]` |
| `crm.nameOverride` | Overrides the default generated name by Helm. | `""` |
| `crm.fullnameOverride` | Overrides the full name generated by Helm. | `""` |
| `crm.podAnnotations` | Pod annotations for additional metadata. | `{}` |
| `crm.podSecurityContext` | Security context applied at the pod level. | `{}` |
| `crm.securityContext.*` | Defines security context settings for the container. | See `values.yaml` |
| `crm.pdb.enabled` | Specifies whether PodDisruptionBudget is enabled. | `true` |
| `crm.pdb.minAvailable` | Minimum number of available pods. | `1` |
| `crm.pdb.maxUnavailable` | Maximum number of unavailable pods. | `1` |
| `crm.pdb.annotations` | Annotations for the PodDisruptionBudget. | `{}` |
| `crm.deploymentUpdate.type` | Type of deployment strategy. | `"RollingUpdate"` |
| `crm.deploymentUpdate.maxSurge` | Maximum number of pods that can be created over the desired number of pods. | `1` |
| `crm.deploymentUpdate.maxUnavailable` | Maximum number of pods that can be unavailable during the update. | `1` |
| `crm.service.type` | Kubernetes service type. | `"ClusterIP"` |
| `crm.service.port` | Service port. | `4003` |
| `crm.ingress.enabled` | Specifies whether Ingress is enabled. | `false` |
| `crm.ingress.className` | Ingress class name. | `""` |
| `crm.ingress.annotations` | Additional ingress annotations. | `{}` |
| `crm.ingress.hosts` | Configured hosts for Ingress and associated paths. | `[]` |
| `crm.ingress.tls` | TLS configurations for Ingress. | `[]` |
| `crm.resources.*` | CPU/Memory resource requests/limits. | See `values.yaml` |
| `crm.autoscaling.enabled` | Specifies whether autoscaling is enabled. | `true` |
| `crm.autoscaling.minReplicas` | Minimum number of replicas for autoscaling. | `1` |
| `crm.autoscaling.maxReplicas` | Maximum number of replicas for autoscaling. | `3` |
| `crm.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage for autoscaling. | `80` |
| `crm.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage for autoscaling. | `80` |
| `crm.nodeSelector` | Node selectors for pod scheduling. | `{}` |
| `crm.tolerations` | Tolerations for pod scheduling. | `{}` |
| `crm.affinity` | Affinity rules for pod scheduling. | `{}` |
| `crm.configmap.*` | Environment variables for the service. | See `values.yaml` |
| `crm.secrets.*` | Secrets for the service. | See `values.yaml` |
| `crm.useExistingSecret` | Use an existing secret instead of creating a new one. | `false` |
| `crm.existingSecretName` | The name of the existing secret to use. | `""` |
| `crm.extraEnvVars` | A list of extra environment variables. | `{}` |
#### Creating CRM secret manually
If you want to use an existing Kubernetes Secret for the CRM service:
```bash theme={null}
kubectl create secret generic midaz-crm \
--from-literal=LCRYPTO_HASH_SECRET_KEY='' \
--from-literal=LCRYPTO_ENCRYPT_SECRET_KEY='' \
--from-literal=MONGO_PASSWORD='' \
-n midaz
```
Then configure the CRM service to use this existing secret:
```yaml theme={null}
crm:
enabled: true
useExistingSecret: true
existingSecretName: "midaz-crm"
```