Skip to main content

Prerequisites

  • Helm chart connector artifacts published to the enterprise artifactory at repo.backbase.com.
  • Access to gc-<customer>-applications-live and gc-devhub-<customer>-applications-live.
  • Create the required secrets with connector properties in the Kubernetes key vaults.

Requests to submit

Submit a request to establish Private Link connectivity between the Enterprise Backbase Platform (EBP) and the Grand Central (GC) platform with the BaaS team. EBP can use the Private Link connection by defining a hostAlias on the connecting integration service.
Contact your BaaS team representative for the Private Link connectivity setup steps and configuration details.

Deploy GC connectors

  • Create the required runtimes in the gc-<customer>-applications-live project in the GitHub organization provisioned for your project.
  • Deploy the required Secrets Operations (SOPS) secrets under runtimes/[env]/secrets. This includes OAuth client credentials, username/password, mTLS certificates, and similar items.
Contact your BaaS team representative for instructions on creating SOPS secrets and using them in connectors.

Deploy Azure API Management (APIM) components

  • Deploy APIM components through Argo CD. These configurations use Helm charts in YAML files for deployment.
  • The supported components are APIs, Named Values, Policy Fragments, Backends, Credential Managers, Products, and Subscriptions.
  • Argo CD automatically syncs and deploys the configurations as specified.
The version numbers in the following samples are illustrative. Check your shared Azure Container Registry (ACR) for the versions available in your environment.

1. Deploy unified APIs

Under main/runtimes/dev/apim/apis, add the following YAML configurations. For example, if you need to set up deposit and payment GC specs in the Azure APIM APIs: Add deposit-api.yaml: 
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: grandcentral-deposit-api
namespace: argocd
spec:
project: grandcentral
destination:
  server: https://kubernetes.default.svc
  namespace: grandcentral
sources:
  - repoURL: git@github.com:<your-org>/gc-<customer>-applications-live.git
    targetRevision: main
    ref: apps-live
  - repoURL: gcshared671.azurecr.io/charts
    chart: grandcentral-deposit-api
    targetRevision: 1.0.5
    helm:
      releaseName: grandcentral-deposit-api-v1
      valueFiles:
        - $apps-live/runtimes/dev/apim/apis/common.apim.values.yaml

syncPolicy:
  automated:
    prune: true
    allowEmpty: true
    selfHeal: true
  syncOptions:
    - CreateNamespace=false
Add payment-api.yaml: 
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: grandcentral-payment-order-api
namespace: argocd
spec:
project: grandcentral
destination:
  server: https://kubernetes.default.svc
  namespace: grandcentral
sources:
  - repoURL: git@github.com:<your-org>/gc-<customer>-applications-live.git
    targetRevision: main
    ref: apps-live
  - repoURL: gcshared671.azurecr.io/charts
    chart: grandcentral-payment-order-api
    targetRevision: 1.4.2
    helm:
      releaseName: grandcentral-payment-order-api-v1
      valueFiles:
        - $apps-live/runtimes/dev/apim/apis/common.apim.values.yaml
syncPolicy:
  automated:
    prune: true
    allowEmpty: true
    selfHeal: true
  syncOptions:
    - CreateNamespace=false

2. Deploy API version sets

Add apiversionsets.values.yaml: 
# Refer section "API Version Sets Configuration example" in apim/readme.md for more details
apiVersionSets:
  - name: grandcentral-party-reference-api
  - name: grandcentral-deposit-api

3. Deploy connector backends

Add backend.values.yaml under main/runtimes/dev/apim: 
# Refer section "Backends Configuration Example " in apim/readme.md for more details
backends:
  - name: gc-flexcube-deposit-backend
    url: "https://deposit-v0.gc-flexcube.dev.ecos.gcservices.io"
    title: "gc-flexcube-deposit-backend"
    description: "gc-flexcube-deposit-backend"

  - name: gc-flexcube-party-backend
    url: "https://party-v2.gc-flexcube.dev.ecos.gcservices.io"
    title: "gc-flexcube-party-backend"
    description: "gc-flexcube-party-backend"

  - name: gc-alacriti-payment-backend
    url: 'https://payments-v0-gc-alacriti.dev.ecos.gcservices.io'
    title: "gc-alacriti-payment-backend"
    description: "gc-alacriti-payment-backend"

4. Deploy product policy fragments

Add policyfragments.values.yaml under main/runtimes/dev/apim: 
- name: "flexcube-connector-product-policy-fragment"
  description: Flexcube connector policy fragment
  policyValue: |
    <fragment>
      <rate-limit calls="500" renewal-period="60" remaining-calls-variable-name="remainingCallsPerSubscription" />
      <choose>
          <when condition="@(context.Api.Id == &quot;grandcentral-deposit-api-1&quot;)">
               <set-backend-service backend-id="gc-flexcube-deposit-backend" />
          </when>
          <when condition="@(context.Api.Id == &quot;grandcentral-party-reference-api-2&quot;)">
              <set-backend-service backend-id="gc-flexcube-party-backend" />
          </when>
      </choose>
    </fragment>

5. Deploy products

Add products.values.yaml under main/runtimes/dev/apim: 
products:
- name: flexcube-connector-product
  description: Flexcube Connector Product
  displayName: Flexcube Connector Product
  approvalRequired: "false"
  policy:
    value: |
      <policies>
        <inbound>
            <base />
            <include-fragment fragment-id="flexcube-connector-product-policy-fragment" />
        </inbound>

        <backend>
            <base />
        </backend>

        <outbound>
            <set-header name="Content-Type" exists-action="override">
            <value>application/json</value>
            </set-header>
            <set-header name="gc-http-caller-headers" exists-action="delete" />
            <set-header name="x-b3-parentspanid" exists-action="delete" />
            <set-header name="errortemplate" exists-action="delete" />
            <set-header name="forwarded" exists-action="delete" />
            <set-header name="ocp-apim-subscription-key" exists-action="delete" />
            <set-header name="x-appgw-trace-id" exists-action="delete" />
            <set-header name="x-b3-sampled" exists-action="delete" />
            <set-header name="x-b3-spanid" exists-action="delete" />
            <set-header name="x-b3-traceid" exists-action="delete" />
            <set-header name="x-envoy-attempt-count" exists-action="delete" />
            <set-header name="x-envoy-external-address" exists-action="delete" />
            <set-header name="x-envoy-upstream-service-time" exists-action="delete" />
            <set-header name="x-forwarded-for" exists-action="delete" />
            <set-header name="x-forwarded-port" exists-action="delete" />
            <set-header name="x-forwarded-proto" exists-action="delete" />
            <set-header name="x-original-host" exists-action="delete" />
            <set-header name="x-original-url" exists-action="delete" />
            <set-header name="x-request-id" exists-action="delete" />
            <base />
        </outbound>

        <on-error>
            <base />
        </on-error>

      </policies>
  productApis:
    - apiName: grandcentral-deposit-api-1
    - apiName: grandcentral-party-reference-api-2
    - apiName: grandcentral-loan-api-1

6. Deploy subscriptions

Add subscription.values.yaml under main/runtimes/dev/apim: 
# Refer section "Subscriptions Configuration Example" in apim/readme.md for more details
subscriptions:
  - name: flexcube-connector-product-subscription
    productScope: flexcube-connector-product

7. Deploy connector values

Deploy the connector configurations under the values folder of the runtime. This includes secret names, connector configurations such as vendor system base URL, security token type, connection parameters, and similar items. Add deposit-v0.values.yaml under main/runtimes/dev/values/gc-flexcube: 
connector:
properties:
  flexcube.baseUrl: "http://<your-flexcube-host>:443"
traits:
  knativeservice:
    # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
    # With minScale: 0, each request grants 30 min uptime, extended when new requests arrive.
    # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
    minScale: 0
    maxScale: 1
  logging:
    level: INFO
Add payment-v0.values.yaml under main/runtimes/dev/values/gc-alacriti: 
connector:
properties:
  retryFlag: true
  alacriti.baseUrl: https://demoapi.orbipay.com
  alacriti.client_key: <your-client-key>
  alacriti.product: business_transfers
  alacriti.payment_channel: business_banking
  alacriti.requestor_type: party
  alacriti.client_requestor_reference: Test
  alacriti.access_channel: backbase_business
  routing.number: "<your-routing-number>"
traits:
  knativeservice:
    # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
    # With minScale: 0, each request grants 30 min uptime, extended when new requests arrive.
    # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
    minScale: 0
  logging:
    # DEBUG adds significant log output during startup and runtime.
    # This can noticeably slow down starts due to extra logging work and I/O.
    # Use only for troubleshooting and turn off when not needed.
    level: INFO

8. Deploy connectors

Deploy the GC connectors using the configuration under the apps folder. This configuration downloads the connector Helm charts from the enterprise shared repository at gcshared671.azurecr.io/charts. Add main/runtimes/dev/apps/gc-flexcube.yaml to deploy the GC managed connectors and the wiremock services for the mocked responses: 
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: gc-flexcube
  namespace: argocd
spec:
  project: grandcentral
  destination:
    server: https://kubernetes.default.svc
    namespace: gc-flexcube
  sources:
    - repoURL: git@github.com:<your-org>/gc-<customer>-applications-live.git
      targetRevision: main
      ref: apps-live

    - repoURL: gcshared671.azurecr.io/charts
      chart: gc-flexcube-party-connector
      targetRevision: 2.2.0
      helm:
        releaseName: party-v2
        valueFiles:
          - $apps-live/runtimes/dev/values/platform-resource-management/platform-resource-management.yaml
          - $apps-live/runtimes/dev/values/gc-flexcube/values.yaml
          - $apps-live/runtimes/dev/values/gc-flexcube/party-v2.values.yaml

    - repoURL: gcshared671.azurecr.io/charts
      chart: gc-flexcube-deposit-connector
      targetRevision: 1.4.1
      helm:
        releaseName: deposit-v0
        valueFiles:
          - $apps-live/runtimes/dev/values/platform-resource-management/platform-resource-management.yaml
          - $apps-live/runtimes/dev/values/gc-flexcube/values.yaml
          - $apps-live/runtimes/dev/values/gc-flexcube/deposit-v0.values.yaml

    - repoURL: gcshared671.azurecr.io/charts
      targetRevision: 1.0.1
      helm:
        releaseName: wiremock-flexcube
        valueFiles:
          - $apps-live/runtimes/dev/values/platform-resource-management/platform-resource-management.yaml
          - $apps-live/runtimes/dev/values/gc-flexcube/wiremock-flexcube.values.yaml
      chart: wiremock

    - repoURL: gcshared671.azurecr.io/charts
      targetRevision: 1.0.1
      helm:
        releaseName: wiremock-flexcube-party
        valueFiles:
          - $apps-live/runtimes/dev/values/gc-flexcube/wiremock-flexcube-party.values.yaml
      chart: wiremock

  syncPolicy:
    automated:
      prune: true
      allowEmpty: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false

9. Deploy Istio configurations (optional)

Deploy Istio configurations for secure outgoing connectivity from Kubernetes. The setup uses the Istio egress gateway with all necessary components such as serviceEntries, virtualServices, destinationRules, and similar items. Add values.yaml under main/runtimes/dev/istio: 
# Business apps namespace, used for virtualservice creation
#namespace: "grandcentral"
#defaultIngressGatewayName: "gc-ingress"
#defaultIngressGatewayNamespace: "istio-system"
#defaultIngressGatewayLabels:
#  istio: "ingressgateway"
#timeoutFixEnabled: true
#defaultHttpTimeout: "0s"

virtualServices:
#virtualServices:
#  gc-test:
#    namespace: gc-test
#    hosts:
#    - test.sandbox.example.com
#    gateways:
#    - mesh
#    - gc-egress-gc-test
#    tls:
#    - match:
#      - gateways:
#        - mesh
#        port: 443
#        sniHosts:
#        - test.sandbox.example.com
#      route:
#      - destination:
#          host: istio-egressgateway.istio-system.svc.cluster.local
#          subset: gc-test
#          port:
#            number: 443
#    - match:
#      - gateways:
#        - gc-egress-gc-test
#        port: 443
#        sniHosts:
#        - test.sandbox.example.com
#      route:
#      - destination:
#          host: test.sandbox.example.com
#          port:
#            number: 443
#        weight: 100

authorizationPolices: {}
# authorizationPolices:
#   identity:
#     - from:
#         - source:
#             remoteIpBlocks:
#               - 54.216.203.94
#               - 10.0.0.0/8
#       to:
#         - operation:
#             hosts: [ "identity.dev.gamma.gcservices.io" ]
#     - when:
#         - key: request.headers[X-GAMMA-GC]
#           values: [ "gamma-dev-36b953f1-f421-4ed9-85e7-9b49fa11b780" ]
#       to:
#         - operation:
#             hosts: [ "identity.dev.gamma.gcservices.io" ]
#   edge:
#     - from:
#         - source:
#             remoteIpBlocks:
#               - 54.216.203.94
#       to:
#         - operation:
#             hosts: ["app.dev.gamma.gcservices.io"]

egressFiltering:
  enabled: false
  allowedHosts:
    {}
    # googlecom:
    #   hosts:
    #   - "www.google.com"
    #   ports:
    #   - number: 80
    #     name: http
  #     protocol: HTTP

serviceEntries:
#serviceEntries:
#  gc-test:
#    namespace: gc-test
#    hosts:
#    - test.sandbox.example.com
#    ports:
#    - name: TLS
#      number: 443
#      protocol: TLS
#    location: MESH_EXTERNAL
#    resolution: DNS

destinationRules:
#destinationRules:
#  gc-test:
#    namespace: gc-test
#    host: istio-egressgateway.istio-system.svc.cluster.local
#    subsets:
#    - name: gc-test

gateway:
#gateway:
#  gc-test:
#    namespace: gc-test
#    hosts:
#    - "test.sandbox.example.com"
#    port: 443
#    protocol: TLS

telemetry: {}
# telemetry:
#   istio-ingressgateway:
#     accessLogging:
#       disabled: false
#   backbase-identity:
#     accessLogging:
#       disabled: false

Deploy Sync Hub components

  • (Optional) Deploy the required platform components such as Sync Hub configurations for Azure Service Bus (ASB) topic, subscriptions, and similar items.
After you deploy all components, retrieve the Azure APIM subscription key for the product you created through the Argo CD deployments from the Azure portal.

Manage feature flags and custom configuration properties

Add feature flags

  • Configure the feature flags as required by the connectors in the runtime’s values configuration. Based on the implementation of the feature, the connector can handle the flow.

Add or modify data fields

  • Override the GC transformation mappings under the specific values resource of that API for any data mapping required for a specific integration API.

Add custom fields

  • Add any custom fields (additions) that you need in the same values resource-transformation mappings.
The following example shows deposit API custom field additions for the Flexcube deposit connector, including custom fields such as OFFSACC and PERCENTAGE. 
connector:
properties:
  regex.deposit-id.pattern: ^[a-zA-Z0-9]{1,20}$
  regex.deposit-id.failure-message: "The maximum allowed length of the Deposit ID is up to 20 characters."
  product.secondaryProductId.POIN.type: POCKETS
  product.secondaryProductId.I1MB.type: TERM_DEPOSIT
traits:
  knativeservice:
    minScale: 1
  logging:
    level: DEBUG
  pdb:
    enabled: false
  prometheus:
    enabled: false
resources:
  create-term-deposit-request-transformation.xslt: >
        <xsl:stylesheet version="2.0"
                        xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
                        xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                        xmlns:fcub="http://fcubs.ofss.com/service/FCUBSAccService">
            <xsl:output method="xml" version="1.0" indent="yes" encoding="UTF-8" omit-xml-declaration="yes"/>
            <xsl:param name="source"/>
            <xsl:param name="ubsComp"/>
            <xsl:param name="userId"/>
            <xsl:param name="branch"/>
            <xsl:param name="entity"/>
            <xsl:param name="moduleId"/>
            <xsl:template match="/">
                <soapenv:Envelope>
                    <soapenv:Body>
                        <CREATETDCUSTACC_FSFS_REQ xmlns="http://fcubs.ofss.com/service/FCUBSAccService">
                            <fcub:FCUBS_HEADER>
                                <fcub:SOURCE><xsl:value-of select="$source"/></fcub:SOURCE>
                                <fcub:UBSCOMP><xsl:value-of select="$ubsComp"/></fcub:UBSCOMP>
                                <fcub:USERID><xsl:value-of select="$userId"/></fcub:USERID>
                                <fcub:BRANCH><xsl:value-of select="$branch"/></fcub:BRANCH>
                                <fcub:ENTITY><xsl:value-of select="$entity"/></fcub:ENTITY>
                                <fcub:MODULEID><xsl:value-of select="$moduleId"/></fcub:MODULEID>
                                <fcub:SERVICE>FCUBSAccService</fcub:SERVICE>
                                <fcub:OPERATION>CreateTDCustAcc</fcub:OPERATION>
                            </fcub:FCUBS_HEADER>
                            <fcub:FCUBS_BODY>
                                <Cust-Account-Full>
                                    <BRN><xsl:value-of select="$branch"/></BRN>
                                    <TERM_ACNO>DUMMY</TERM_ACNO>
                                    <CUSTNO><xsl:value-of select="//parties/partyId"/></CUSTNO>
                                    <ACCLS><xsl:value-of select="//product/secondaryProductId"/></ACCLS>
                                    <TDCCY><xsl:value-of select="//currencyCode"/></TDCCY>

                                    <Intdetails>
                                        <BOOKACC><xsl:value-of select="//customFields/Tdpayoutdetails_OFFSACC"/></BOOKACC>
                                    </Intdetails>
                                    <Tddetails>
                                        <INITIAL_TDAMT><xsl:value-of select="//principalAmount"/></INITIAL_TDAMT>
                                        <CLONMAT>Y</CLONMAT>
                                        <AUTOROLL>N</AUTOROLL>
                                        <PAYBRN><xsl:value-of select="$branch"/></PAYBRN>
                                        <PMNTCCY><xsl:value-of select="//currencyCode"/></PMNTCCY>
                                    </Tddetails>
                                    <Tdpayindetails>
                                        <OFFBRN><xsl:value-of select="$branch"/></OFFBRN>
                                        <OFFSACC><xsl:value-of select="//customFields/Tdpayindetails_OFFSACC"/></OFFSACC>
                                        <PERCENTAGE><xsl:value-of select="//customFields/Tdpayindetails_PERCENTAGE"/></PERCENTAGE>
                                    </Tdpayindetails>
                                    <Tdpayoutdetails>
                                        <PAYOUTTYPE>S</PAYOUTTYPE>
                                        <OFFBRN><xsl:value-of select="$branch"/></OFFBRN>
                                        <OFFSACC><xsl:value-of select="//customFields/Tdpayoutdetails_OFFSACC"/></OFFSACC>
                                        <PERCENTAGE><xsl:value-of select="//customFields/Tdpayoutdetails_PERCENTAGE"/></PERCENTAGE>
                                        <PAYOUTCOMP><xsl:value-of select="//customFields/Tdpayoutdetails_PAYOUTCOMP"/></PAYOUTCOMP>
                                    </Tdpayoutdetails>
                                    <CustAcc>
                                        <Misdetails>
                                            <RTFLAG>R</RTFLAG>
                                        </Misdetails>
                                    </CustAcc>
                                </Cust-Account-Full>
                            </fcub:FCUBS_BODY>
                        </CREATETDCUSTACC_FSFS_REQ>
                    </soapenv:Body>
                </soapenv:Envelope>
            </xsl:template>
        </xsl:stylesheet>
In both cases, add the entire transformation resource file (included in managed connectors) along with the new, modified, or custom data mapping fields.

Test the connectors

Use Postman to test the GC APIs by passing the APIM product subscription key as the api-key header value. GC unified API Web Application Firewall (WAF) endpoint base URL: api.[runtime].[customer].gcservices.io Argo CD: https://argo.[runtime].[customer].gcservices.io/