formancehq · flemzord · Jun 30, 2025 · Jun 30, 2025 · Jun 30, 2025 · Oct 1, 2025
@@ -108,6 +108,50 @@ make docker-build docker-push IMG=<some-registry>/operator:tag
 And it is required to have access to pull the image from the working environment. 
 Make sure you have the proper permission to the registry if the above commands don’t work.
 
+**Enable audit for a stack**
+
+```sh
+cat <<EOF | kubectl create -f -
+---
+apiVersion: formance.com/v1beta1
+kind: BrokerConsumer
+metadata:
+  name: audit
+spec:
+  services:
+  - gateway
+  stack: <stack-name>
+  # Used for consumer group
+  queriedBy: admin
+---
+apiVersion: formance.com/v1beta1
+kind: Benthos
+metadata:
+  name: benthos
+spec:
+  stack: <stack-name>
+---
+# Create a stream
+apiVersion: formance.com/v1beta1
+kind: BenthosStream
+metadata:
+  name: audit-stream
+spec:
+  name: audit
+  stack: <stack-name>
+  data: |
+    input:
+      event_bus:
+        topic: gateway
+        consumer_group: audit
+    pipeline: {}
+    output:
+      label: "debug"
+      stdout:
+        codec: lines
+EOF
+```
+
 **Install the CRDs into the cluster:**
 
 ```sh

@@ -21,24 +21,16 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// Batching allow to define custom batching configuration
-type Batching struct {
-	// Count indicates the number of messages that can be kept in memory before being flushed to ElasticSearch
-	Count int `json:"count"`
-	// Period indicates the maximum duration messages can be kept in memory before being flushed to ElasticSearch
-	Period string `json:"period"`
-}
-
 type BenthosSpec struct {
 	StackDependency `json:",inline"`
 	DevProperties   `json:",inline"`
 	//+optional
 	ResourceProperties *corev1.ResourceRequirements `json:"resourceRequirements,omitempty"`
 	//+optional
-	Batching *Batching `json:"batching,omitempty"`
-	//+optional
 	InitContainers   []corev1.Container            `json:"initContainers"`
 	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+	Resources        map[string]string             `json:"resources,omitempty"`
+	Templates        map[string]string             `json:"templates,omitempty"`
 }
 
 type BenthosStatus struct {

@@ -27,7 +27,8 @@ type BenthosStreamSpec struct {
 }
 
 type BenthosStreamStatus struct {
-	Status `json:",inline"`
+	Status        `json:",inline"`
+	ConfigMapHash string `json:"configMapHash,omitempty"`
 }
 
 //+kubebuilder:object:root=true

@@ -17,54 +17,14 @@ limitations under the License.
 package v1beta1
 
 import (
-	"time"
-
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-type LockingStrategyRedisConfig struct {
-	Uri string `json:"uri,omitempty"`
-	// +optional
-	// +kubebuilder:default:=false
-	TLS bool `json:"tls"`
-	// +optional
-	// +kubebuilder:default:=false
-	InsecureTLS bool `json:"insecure,omitempty"`
-	// +optional
-	Duration time.Duration `json:"duration,omitempty"`
-	// +optional
-	Retry time.Duration `json:"retry,omitempty"`
-}
-
-type LockingStrategy struct {
-	// +kubebuilder:Enum:={memory,redis}
-	// +kubebuilder:default:=memory
-	// +optional
-	Strategy string `json:"strategy,omitempty"`
-	// +optional
-	Redis *LockingStrategyRedisConfig `json:"redis"`
-}
-
-type DeploymentStrategy string
-
-const (
-	DeploymentStrategySingle                   = "single"
-	DeploymentStrategyMonoWriterMultipleReader = "single-writer"
-)
-
 type LedgerSpec struct {
 	ModuleProperties `json:",inline"`
 	StackDependency  `json:",inline"`
 	// +optional
 	Auth *AuthConfig `json:"auth,omitempty"`
-	//+kubebuilder:Enum:={single, single-writer}
-	//+kubebuilder:default:=single
-	//+optional
-	// Deprecated.
-	DeploymentStrategy DeploymentStrategy `json:"deploymentStrategy,omitempty"`
-	// Locking is intended for ledger v1 only
-	//+optional
-	Locking *LockingStrategy `json:"locking,omitempty"`
 }
 
 type LedgerStatus struct {
@@ -73,18 +33,8 @@ type LedgerStatus struct {
 
 // Ledger is the module allowing to install a ledger instance.
 //
-// The ledger is actually a stateful application on the writer part.
-// So we cannot scale the ledger as we want without prior configuration.
-//
-// So, the ledger can run in two modes :
-// * single instance: Only one instance will be deployed. We cannot scale in that mode.
-// * single writer / multiple reader: In this mode, we will have a single writer and multiple readers if needed.
-//
-// Use setting `ledger.deployment-strategy` with either the value :
-//   - single : For the single instance mode.
-//   - single-writer: For the single writer / multiple reader mode.
-//     Under the hood, the operator create two deployments and force the scaling of the writer to stay at 1.
-//     Then you can scale the deployment of the reader to the value you want.
+// The ledger is a stateful application that manages financial transactions
+// and maintains an immutable audit trail.
 //
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status

@@ -23,8 +23,6 @@ import (
 type SearchSpec struct {
 	StackDependency  `json:",inline"`
 	ModuleProperties `json:",inline"`
-	//+optional
-	Batching *Batching `json:"batching,omitempty"`
 	// +optional
 	Auth *AuthConfig `json:"auth,omitempty"`
 }
@@ -33,10 +31,6 @@ type SearchStatus struct {
 	Status `json:",inline"`
 	//+optional
 	ElasticSearchURI *URI `json:"elasticSearchURI,omitempty"`
-	// TopicCleaned is used to flag stacks where the topics have been cleaned (still search-ledgerv2 and co consumers)
-	//+optional
-	// +kubebuilder:default:=false
-	TopicCleaned bool `json:"topicCleaned,omitempty"`
 }
 
 // +kubebuilder:object:root=true

@@ -33,11 +33,6 @@ type StackSpec struct {
 	VersionsFromFile string `json:"versionsFromFile"`
 	// +optional
 	// +kubebuilder:default:=false
-	// EnableAudit enable audit at the stack level.
-	// Actually, it enables audit on [Gateway](#gateway)
-	EnableAudit bool `json:"enableAudit,omitempty"`
-	// +optional
-	// +kubebuilder:default:=false
 	// Disabled indicate the stack is disabled.
 	// A disabled stack disable everything
 	// It just keeps the namespace and the [Database](#database) resources.

@@ -51,21 +51,6 @@ spec:
             type: object
           spec:
             properties:
-              batching:
-                description: Batching allow to define custom batching configuration
-                properties:
-                  count:
-                    description: Count indicates the number of messages that can be
-                      kept in memory before being flushed to ElasticSearch
-                    type: integer
-                  period:
-                    description: Period indicates the maximum duration messages can
-                      be kept in memory before being flushed to ElasticSearch
-                    type: string
-                required:
-                - count
-                - period
-                type: object
               debug:
                 default: false
                 description: Allow to enable debug mode on the module
@@ -1480,9 +1465,17 @@ spec:
                       More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
                     type: object
                 type: object
+              resources:
+                additionalProperties:
+                  type: string
+                type: object
               stack:
                 description: Stack indicates the stack on which the module is installed
                 type: string
+              templates:
+                additionalProperties:
+                  type: string
+                type: object
             type: object
           status:
             properties:

@@ -123,6 +123,8 @@ spec:
                   - type
                   type: object
                 type: array
+              configMapHash:
+                type: string
               info:
                 description: Info can contain any additional like reconciliation errors
                 type: string