diff --git a/charts/connector/aasregistry/values-stable-a.yaml b/charts/connector/aasregistry/values-stable-a.yaml new file mode 100644 index 0000000000..30b2feafa8 --- /dev/null +++ b/charts/connector/aasregistry/values-stable-a.yaml @@ -0,0 +1,56 @@ +############################################################### +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +registry: + enableKeycloak: false + postgresql: + primary: + persistence: + enabled: true + size: 1Gi + resources: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 200m + memory: 1Gi + registry: + authentication: false + idpIssuerUri: https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central # check centralidp url when provided + host: trace-x-registry-stable-a.stable.demo.catena-x.net + ingress: + enabled: true + tls: true + className: nginx + urlPrefix: /semantics/registry + annotations: + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + + resources: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 200m + memory: 1Gi + diff --git a/charts/connector/aasregistry/values-stable-b.yaml b/charts/connector/aasregistry/values-stable-b.yaml new file mode 100644 index 0000000000..c295da29ee --- /dev/null +++ b/charts/connector/aasregistry/values-stable-b.yaml @@ -0,0 +1,56 @@ +############################################################### +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +registry: + enableKeycloak: false + postgresql: + primary: + persistence: + enabled: true + size: 1Gi + resources: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 200m + memory: 1Gi + registry: + authentication: false + idpIssuerUri: https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central # check centralidp url when provided + host: trace-x-registry-stable-b.stable.demo.catena-x.net + ingress: + enabled: true + tls: true + className: nginx + urlPrefix: /semantics/registry + annotations: + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + + resources: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 200m + memory: 1Gi + diff --git a/charts/connector/edc-provider/values-stable-a.yaml b/charts/connector/edc-provider/values-stable-a.yaml new file mode 100644 index 0000000000..8ee44deca3 --- /dev/null +++ b/charts/connector/edc-provider/values-stable-a.yaml @@ -0,0 +1,110 @@ +tractusx-connector: + enabled: true + nameOverride: "tx-edc-provider-stable-a" + fullnameOverride: "tx-edc-provider-stable-a" + participant: + id: CHANGE_ME # provide bpn when specified + controlplane: + ingresses: + - enabled: true + hostname: "trace-x-edc-stable-a.stable.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - protocol + - management + tls: + enabled: true + secretName: tls-secret + ssi: + miw: + url: + authorityId: + oauth: + tokenurl: + client: + id: + secretAlias: edc-miw-keycloak-secret-stable-a + endpoints: + management: + authKey: + + resources: + limits: + cpu: 400m + memory: 1.5Gi + requests: + cpu: 200m + memory: 1.5Gi + + dataplane: + ingresses: + - enabled: true + hostname: "trace-x-edc-stable-a-dataplane.stable.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - public + className: "nginx" + tls: + enabled: true + secretName: tls-secret + + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + + backendService: + httpProxyTokenReceiverUrl: "https://traceability-stable-a.stable.demo.catena-x.net/api/callback/endpoint-data-reference" + + postgresql: + enabled: true + auth: + username: "" + password: "" + username: "" + password: "" + jdbcUrl: "jdbc:postgresql://tx-edc-provider-postgresql-stable-a-hl:5432/edc" + + vault: + hashicorp: + url: "https://vault.demo.catena-x.net" + token: "" + timeout: 30 + healthCheck: + enabled: true + standbyOk: true + paths: + secret: /v1/traceability-foss + health: /v1/sys/health + secretNames: + transferProxyTokenSignerPrivateKey: daps-cert-key-stable-a + transferProxyTokenSignerPublicKey: daps-cert-stable-a + transferProxyTokenEncryptionAesKey: token-signer-aes-key + +edc-postgresql: + nameOverride: "tx-edc-provider-postgresql-stable-a" + fullnameOverride: "tx-edc-provider-postgresql-stable-a" + enabled: true + + primary: + resources: + requests: + cpu: 100m + memory: 1Gi + limits: + cpu: 200m + memory: 1Gi + auth: + database: edc + username: + postgresPassword: + password: diff --git a/charts/connector/edc-provider/values-stable-b.yaml b/charts/connector/edc-provider/values-stable-b.yaml new file mode 100644 index 0000000000..48ebe08ca0 --- /dev/null +++ b/charts/connector/edc-provider/values-stable-b.yaml @@ -0,0 +1,110 @@ +tractusx-connector: + enabled: true + nameOverride: "tx-edc-provider-stable-b" + fullnameOverride: "tx-edc-provider-stable-b" + participant: + id: CHANGE_ME # provide bpn when specified + controlplane: + ingresses: + - enabled: true + hostname: "trace-x-edc-stable-b.stable.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - protocol + - management + tls: + enabled: true + secretName: tls-secret + ssi: + miw: + url: + authorityId: + oauth: + tokenurl: + client: + id: + secretAlias: edc-miw-keycloak-secret-stable-b + endpoints: + management: + authKey: + + resources: + limits: + cpu: 400m + memory: 1.5Gi + requests: + cpu: 200m + memory: 1.5Gi + + dataplane: + ingresses: + - enabled: true + hostname: "trace-x-edc-stable-b-dataplane.stable.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - public + className: "nginx" + tls: + enabled: true + secretName: tls-secret + + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + + backendService: + httpProxyTokenReceiverUrl: "https://traceability-stable-b.stable.demo.catena-x.net/api/callback/endpoint-data-reference" + + postgresql: + enabled: true + auth: + username: "" + password: "" + username: "" + password: "" + jdbcUrl: "jdbc:postgresql://tx-edc-provider-postgresql-stable-b-hl:5432/edc" + + vault: + hashicorp: + url: "https://vault.demo.catena-x.net" + token: "" + timeout: 30 + healthCheck: + enabled: true + standbyOk: true + paths: + secret: /v1/traceability-foss + health: /v1/sys/health + secretNames: + transferProxyTokenSignerPrivateKey: daps-cert-key-stable-b + transferProxyTokenSignerPublicKey: daps-cert-stable-b + transferProxyTokenEncryptionAesKey: token-signer-aes-key + +edc-postgresql: + nameOverride: "tx-edc-provider-postgresql-stable-b" + fullnameOverride: "tx-edc-provider-postgresql-stable-b" + enabled: true + + primary: + resources: + requests: + cpu: 100m + memory: 1Gi + limits: + cpu: 200m + memory: 1Gi + auth: + database: edc + username: + postgresPassword: + password: diff --git a/charts/connector/submodelservers/values-stable-a.yaml b/charts/connector/submodelservers/values-stable-a.yaml new file mode 100644 index 0000000000..b4b1c6d588 --- /dev/null +++ b/charts/connector/submodelservers/values-stable-a.yaml @@ -0,0 +1,133 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Default values for submodelservers. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/catenax-ng/catenax-at-home/provider-backend-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [ ] + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: { } + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: { } + +podSecurityContext: { } +# fsGroup: 2000 + +# Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm +# @url: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 3000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + hosts: + - host: "tracex-submodel-server-stable-a.stable.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "tracex-submodel-server-stable-a.stable.demo.catena-x.net" + # Default secret for certificate creation already provided to your namespace + secretName: tls-secret + +# Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm +# @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits +resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: { } + +tolerations: [ ] + +# Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm +# @url: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: DoesNotExist + topologyKey: kubernetes.io/hostname + +# Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm +# @url: https://github.com/helm/charts/blob/master/stable/nginx-ingress/values.yaml#L210 +livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + +backend: + endpoint: + default: + port: 8080 + path: / + ingress: true + + diff --git a/charts/connector/submodelservers/values-stable-b.yaml b/charts/connector/submodelservers/values-stable-b.yaml new file mode 100644 index 0000000000..f96184b12f --- /dev/null +++ b/charts/connector/submodelservers/values-stable-b.yaml @@ -0,0 +1,133 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Default values for submodelservers. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/catenax-ng/catenax-at-home/provider-backend-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [ ] + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: { } + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: { } + +podSecurityContext: { } +# fsGroup: 2000 + +# Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm +# @url: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 3000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + hosts: + - host: "tracex-submodel-server-stable-b.stable.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "tracex-submodel-server-stable-b.stable.demo.catena-x.net" + # Default secret for certificate creation already provided to your namespace + secretName: tls-secret + +# Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm +# @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits +resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: { } + +tolerations: [ ] + +# Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm +# @url: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: DoesNotExist + topologyKey: kubernetes.io/hostname + +# Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm +# @url: https://github.com/helm/charts/blob/master/stable/nginx-ingress/values.yaml#L210 +livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + +backend: + endpoint: + default: + port: 8080 + path: / + ingress: true + + diff --git a/charts/traceability-foss/values-e2e-a.yaml b/charts/traceability-foss/values-e2e-a.yaml index 1e87d687aa..1b09a78370 100644 --- a/charts/traceability-foss/values-e2e-a.yaml +++ b/charts/traceability-foss/values-e2e-a.yaml @@ -105,7 +105,7 @@ backend: cpu: 100m memory: 256Mi - springprofile: e2e-a + springprofile: dev ingress: enabled: true diff --git a/charts/traceability-foss/values-e2e-b.yaml b/charts/traceability-foss/values-e2e-b.yaml index ee97db9bd6..7435be8847 100644 --- a/charts/traceability-foss/values-e2e-b.yaml +++ b/charts/traceability-foss/values-e2e-b.yaml @@ -93,7 +93,7 @@ backend: cpu: 100m memory: 256Mi - springprofile: e2e-b + springprofile: dev ingress: enabled: true diff --git a/charts/traceability-foss/values-int-a.yaml b/charts/traceability-foss/values-int-a.yaml index e0cfa424bb..5c6998ee3d 100644 --- a/charts/traceability-foss/values-int-a.yaml +++ b/charts/traceability-foss/values-int-a.yaml @@ -93,7 +93,7 @@ backend: cpu: 100m memory: 512Mi - springprofile: int-a + springprofile: int ingress: enabled: true diff --git a/charts/traceability-foss/values-int-b.yaml b/charts/traceability-foss/values-int-b.yaml index 94e6fe45f4..cdcdc0802c 100644 --- a/charts/traceability-foss/values-int-b.yaml +++ b/charts/traceability-foss/values-int-b.yaml @@ -93,7 +93,7 @@ backend: cpu: 100m memory: 512Mi - springprofile: int-b + springprofile: int ingress: enabled: true diff --git a/charts/traceability-foss/values-int-bmw.yaml b/charts/traceability-foss/values-int-bmw.yaml index 658c8f9a90..06a6fdfbf7 100644 --- a/charts/traceability-foss/values-int-bmw.yaml +++ b/charts/traceability-foss/values-int-bmw.yaml @@ -93,7 +93,7 @@ backend: cpu: 100m memory: 512Mi - springprofile: int-bmw + springprofile: int ingress: enabled: true diff --git a/charts/traceability-foss/values-stable-a.yaml b/charts/traceability-foss/values-stable-a.yaml new file mode 100644 index 0000000000..1ad05c7266 --- /dev/null +++ b/charts/traceability-foss/values-stable-a.yaml @@ -0,0 +1,469 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +######################### +# Global Values configuration # +######################### +global: + enablePrometheus: false + enableGrafana: false + +######################### +# Frontend Chart Values configuration # +######################### +frontend: + image: + repository: ghcr.io/catenax-ng/tx-traceability-foss + tag: $ARGOCD_APP_REVISION + CATENAX_PORTAL_API_URL: '' + CATENAX_PORTAL_KEYCLOAK_URL: '' + CATENAX_PORTAL_BACKEND_DOMAIN: '' + CATENAX_PORTAL_URL: '' + CATENAX_PORTAL_CLIENT_ID: '' + + nameOverride: "tx-frontend-stable-a" + fullnameOverride: "tx-frontend-stable-a" + + ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: "traceability-portal-stable-a.stable.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "traceability-portal-stable-a.stable.demo.catena-x.net" + secretName: "traceability-portal-stable-a.stable.demo.catena-x.net-tls" + +######################### +# Backend Chart Values configuration # +######################### +backend: + image: + repository: ghcr.io/catenax-ng/tx-traceability-foss + tag: $ARGOCD_APP_REVISION + + nameOverride: "tx-backend-stable-a" + fullnameOverride: "tx-backend-stable-a" + + podSecurityContext: + runAsUser: 10001 + seccompProfile: + type: RuntimeDefault + + # Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm + # @url: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 3000 + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + + # Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm + # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + + springprofile: stable + + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTP + hosts: + - host: "traceability-stable-a.stable.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "traceability-stable-a.stable.demo.catena-x.net" + secretName: tls-secret + + traceability: + bpn: "CHANGE_ME" # PROVIDE PROPER BPN + url: "https://traceability-stable-a.stable.demo.catena-x.net" + + datasource: + url: jdbc:postgresql://tx-backend-postgresql-stable-a:5432/trace + username: trace + password: + + oauth2: + clientId: + clientSecret: + clientTokenUri: "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" # check stable environment centralidp url + jwkSetUri: "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs" # check stable environment centralidp url + resourceClient: "CHANGE_ME" # provide instance resource client + + edc: + apiKey: "" + providerUrl: "https://tx-edc-consumer-stable-a-controlplane.stable.demo.catena-x.net" + callbackUrl: "http://tx-irs-stable-a:8181/internal/endpoint-data-reference" + callbackUrlEdcClient: "https://traceability-stable-a.stable.demo.catena-x.net/api/internal/endpoint-data-reference" + dataEndpointUrl: "https://tx-edc-consumer-stable-a-controlplane.stable.demo.catena-x.net/management" + + discoveryfinder: + baseUrl: "https://semantics.stable.demo.catena-x.net/discoveryfinder/api/administration/connectors/discovery/search" # check DF url when provided + + config: + allowedCorsOriginFirst: "http://localhost:4200/" + allowedCorsOriginSecond: "https://traceability-portal-stable-a.stable.demo.catena-x.net/" + + irs: + baseUrl: "https://tx-irs-stable-a.stable.demo.catena-x.net" + registry: + urlWithPath: "https://trace-x-registry-stable-a.stable.demo.catena-x.net/semantics/registry/api/v3.0" + portal: + baseUrl: "https://portal-backend.stable.demo.catena-x.net/api" # check portal backend + + dependencies: + enabled: true + irs: "tx-irs-stable-a" # + edc: "tx-edc-consumer-stable-a" # + +######################### +# PG Admin configuration # +######################### +pgadmin4: + nameOverride: "tx-pgadmin-stable-a" + fullnameOverride: "tx-pgadmin-stable-a" + enabled: true + strategy: + type: Recreate + networkPolicy: + enabled: false + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/backend-protocol: HTTP + hosts: + - host: tx-pgadmin-stable-a.stable.demo.catena-x.net + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - tx-pgadmin-stable-a.stable.demo.catena-x.net + secretName: tls-secret + env: + email: pgadmin4@trace.foss + password: "" + variables: + - name: PGADMIN_CONFIG_UPGRADE_CHECK_ENABLED + value: "False" + resources: + limits: + cpu: 200m + memory: 512Gi + requests: + cpu: 100m + memory: 512Mi + +######################### +# Postgres configuration # +######################### +postgresql: + enabled: true + + nameOverride: "tx-backend-postgresql-stable-a" + fullnameOverride: "tx-backend-postgresql-stable-a" + + auth: + postgresPassword: "" + password: "" + database: "trace" + username: "trace" + +######################### +# IRS configuration # +######################### +irs-helm: + enabled: true + bpn: CHANGE_ME # PROVIDE PROPER BPN + + nameOverride: "tx-irs-stable-a" + fullnameOverride: "tx-irs-stable-a" + + namespace: product-traceability-foss + + springprofile: dev + + irsUrl: "https://tx-irs-stable-a.stable.demo.catena-x.net" + + ingress: + enabled: true + hosts: + - host: "tx-irs-stable-a.stable.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "tx-irs-stable-a.stable.demo.catena-x.net" + secretName: tls-secret + # is dtr url correct ? + digitalTwinRegistry: + type: decentral + descriptorEndpoint: https://trace-x-registry-stable-a.stable.demo.catena-x.net/semantics/registry/api/v3.0/shell-descriptors/{aasIdentifier} + shellLookupEndpoint: https://trace-x-registry-stable-a.stable.demo.catena-x.net/semantics/registry/api/v3.0/lookup/shells?assetIds={assetIds} + discoveryFinderUrl: https://semantics.stable.demo.catena-x.net/discoveryfinder/api/administration/connectors/discovery/search # check DF url when provided + + semanticshub: + url: https://semantics.stable.demo.catena-x.net/hub/api/v1/models # check DF url when provided + bpdm: + url: https://partners-pool.stable.demo.catena-x.net # check url when provided + + minioUser: + minioPassword: + minioUrl: http://tx-irs-minio-stable-a:9000 + + keycloak: + oauth2: + clientId: + clientSecret: + clientTokenUri: https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token # check stable environment centralidp url + jwkSetUri: https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs # check stable environment centralidp url + + edc: + callbackurl: http://tx-irs-stable-a:8181/internal/endpoint-data-reference + catalog: + cache: + enabled: "false" + controlplane: + endpoint: + statesuffix: /state + data: https://tx-edc-consumer-stable-a-controlplane.stable.demo.catena-x.net/management + apikey: + secret: + + minio: + nameOverride: "tx-irs-minio-stable-a" + fullnameOverride: "tx-irs-minio-stable-a" + serviceAccount: + create: false + rootUser: + rootPassword: + +################################### +# EDC Consumer configuration # +################################### +tractusx-connector: + nameOverride: "tx-edc-consumer-stable-a" + fullnameOverride: "tx-edc-consumer-stable-a" + enabled: true + install: + postgresql: false + vault: false + participant: + id: BPNL00000003CML1 + + controlplane: + ingresses: + - enabled: true + hostname: "tx-edc-consumer-stable-a-controlplane.stable.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - protocol + - management + tls: + enabled: true + secretName: tls-secret + ssi: + miw: + url: + authorityId: + oauth: + tokenurl: + client: + id: + secretAlias: edc-miw-keycloak-secret-stable-a + + endpoints: + # -- default api for health checks, should not be added to any ingress + default: + port: 8080 + path: /api + # -- data management api, used by internal users, can be added to an ingress and must not be internet facing + management: + port: 8081 + path: /management + # -- authentication key, must be attached to each 'X-Api-Key' request header + authKey: + # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not + control: + port: 8083 + path: /control + # -- ids api, used for inter connector communication and must be internet facing + protocol: + port: 8084 + path: /api/v1/dsp + # -- metrics api, used for application metrics, must not be internet facing + metrics: + port: 9090 + path: /metrics + # -- observability api with unsecured access, must not be internet facing + observability: + port: 8085 + # -- observability api, provides /health /readiness and /liveness endpoints + path: /observability + # -- allow or disallow insecure access, i.e. access without authentication + insecure: true + + internationalDataSpaces: + id: TXDC + description: Tractus-X Eclipse IDS Data Space Connector + title: "" + maintainer: "" + curator: "" + catalogId: TXDC-Catalog + + # Explicitly declared url for reaching the ids api (e.g. if ingresses not used) + url: + ids: "" + + resources: + limits: + cpu: 400m + memory: 1.5Gi + requests: + cpu: 200m + memory: 1.5Gi + + dataplane: + ingresses: + - enabled: true + hostname: "tx-edc-consumer-stable-a-dataplane.stable.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - public + className: "nginx" + tls: + enabled: true + secretName: tls-secret + + endpoints: + default: + port: 8080 + path: /api + public: + port: 8081 + path: /api/public + control: + port: 8083 + path: /api/dataplane/control + observability: + port: 8085 + path: /observability + insecure: true + metrics: + port: 9090 + path: /metrics + + url: + public: "" + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + + ## currently we need to provide a url but is not used anywhere + # URL where the EndpointDataReference callback will be sent to + backendService: + httpProxyTokenReceiverUrl: "https://traceability-stable-a.stable.demo.catena-x.net/api/callback/endpoint-data-reference" + # Files system has to be set to writeable for now since controlplane relies on temporary files to write SSI related things to + securityContext: + readOnlyRootFilesystem: false + ################################ + # EDC Vault Configuration # + ################################ + vault: + hashicorp: + url: "https://vault.demo.catena-x.net" + token: "" + timeout: 30 + healthCheck: + enabled: true + standbyOk: true + paths: + secret: /v1/traceability-foss + health: /v1/sys/health + secretNames: + transferProxyTokenSignerPrivateKey: daps-cert-key-stable-a + transferProxyTokenSignerPublicKey: daps-cert-stable-a + transferProxyTokenEncryptionAesKey: token-signer-aes-key + + ################################## + # EDC Postgres Configuration # + ################################## + postgresql: + enabled: true + size: 1Gi + auth: + username: "" + password: "" + username: "" + password: "" + jdbcUrl: "jdbc:postgresql://tx-edc-consumer-postgresql-stable-a-hl:5432/edc" + +################################### +# EDC Postgres Configuration # +################################### +edc-postgresql: + primary: + resources: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 1Gi + nameOverride: "tx-edc-consumer-postgresql-stable-a" + fullnameOverride: "tx-edc-consumer-postgresql-stable-a" + enabled: true + auth: + database: edc + username: + postgresPassword: + password: + diff --git a/charts/traceability-foss/values-stable-b.yaml b/charts/traceability-foss/values-stable-b.yaml new file mode 100644 index 0000000000..7996f1c087 --- /dev/null +++ b/charts/traceability-foss/values-stable-b.yaml @@ -0,0 +1,469 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +######################### +# Global Values configuration # +######################### +global: + enablePrometheus: false + enableGrafana: false + +######################### +# Frontend Chart Values configuration # +######################### +frontend: + image: + repository: ghcr.io/catenax-ng/tx-traceability-foss + tag: $ARGOCD_APP_REVISION + CATENAX_PORTAL_API_URL: '' + CATENAX_PORTAL_KEYCLOAK_URL: '' + CATENAX_PORTAL_BACKEND_DOMAIN: '' + CATENAX_PORTAL_URL: '' + CATENAX_PORTAL_CLIENT_ID: '' + + nameOverride: "tx-frontend-stable-b" + fullnameOverride: "tx-frontend-stable-b" + + ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: "traceability-portal-stable-b.stable.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "traceability-portal-stable-b.stable.demo.catena-x.net" + secretName: "traceability-portal-stable-b.stable.demo.catena-x.net-tls" + +######################### +# Backend Chart Values configuration # +######################### +backend: + image: + repository: ghcr.io/catenax-ng/tx-traceability-foss + tag: $ARGOCD_APP_REVISION + + nameOverride: "tx-backend-stable-b" + fullnameOverride: "tx-backend-stable-b" + + podSecurityContext: + runAsUser: 10001 + seccompProfile: + type: RuntimeDefault + + # Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm + # @url: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 3000 + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + + # Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm + # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + + springprofile: stable + + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTP + hosts: + - host: "traceability-stable-b.stable.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "traceability-stable-b.stable.demo.catena-x.net" + secretName: tls-secret + + traceability: + bpn: "CHANGE_ME" # PROVIDE PROPER BPN + url: "https://traceability-stable-b.stable.demo.catena-x.net" + + datasource: + url: jdbc:postgresql://tx-backend-postgresql-stable-b:5432/trace + username: trace + password: + + oauth2: + clientId: + clientSecret: + clientTokenUri: "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" # check stable environment centralidp url + jwkSetUri: "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs" # check stable environment centralidp url + resourceClient: "CHANGE_ME" # provide instance resource client + + edc: + apiKey: "" + providerUrl: "https://tx-edc-consumer-stable-b-controlplane.stable.demo.catena-x.net" + callbackUrl: "http://tx-irs-stable-b:8181/internal/endpoint-data-reference" + callbackUrlEdcClient: "https://traceability-stable-b.stable.demo.catena-x.net/api/internal/endpoint-data-reference" + dataEndpointUrl: "https://tx-edc-consumer-stable-b-controlplane.stable.demo.catena-x.net/management" + + discoveryfinder: + baseUrl: "https://semantics.stable.demo.catena-x.net/discoveryfinder/api/administration/connectors/discovery/search" # check DF url when provided + + config: + allowedCorsOriginFirst: "http://localhost:4200/" + allowedCorsOriginSecond: "https://traceability-portal-stable-b.stable.demo.catena-x.net/" + + irs: + baseUrl: "https://tx-irs-stable-b.stable.demo.catena-x.net" + registry: + urlWithPath: "https://trace-x-registry-stable-b.stable.demo.catena-x.net/semantics/registry/api/v3.0" + portal: + baseUrl: "https://portal-backend.stable.demo.catena-x.net/api" # check portal backend + + dependencies: + enabled: true + irs: "tx-irs-stable-b" # + edc: "tx-edc-consumer-stable-b" # + +######################### +# PG Admin configuration # +######################### +pgadmin4: + nameOverride: "tx-pgadmin-stable-b" + fullnameOverride: "tx-pgadmin-stable-b" + enabled: true + strategy: + type: Recreate + networkPolicy: + enabled: false + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/backend-protocol: HTTP + hosts: + - host: tx-pgadmin-stable-b.stable.demo.catena-x.net + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - tx-pgadmin-stable-b.stable.demo.catena-x.net + secretName: tls-secret + env: + email: pgadmin4@trace.foss + password: "" + variables: + - name: PGADMIN_CONFIG_UPGRADE_CHECK_ENABLED + value: "False" + resources: + limits: + cpu: 200m + memory: 512Gi + requests: + cpu: 100m + memory: 512Mi + +######################### +# Postgres configuration # +######################### +postgresql: + enabled: true + + nameOverride: "tx-backend-postgresql-stable-b" + fullnameOverride: "tx-backend-postgresql-stable-b" + + auth: + postgresPassword: "" + password: "" + database: "trace" + username: "trace" + +######################### +# IRS configuration # +######################### +irs-helm: + enabled: true + bpn: CHANGE_ME # PROVIDE PROPER BPN + + nameOverride: "tx-irs-stable-b" + fullnameOverride: "tx-irs-stable-b" + + namespace: product-traceability-foss + + springprofile: dev + + irsUrl: "https://tx-irs-stable-b.stable.demo.catena-x.net" + + ingress: + enabled: true + hosts: + - host: "tx-irs-stable-b.stable.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "tx-irs-stable-b.stable.demo.catena-x.net" + secretName: tls-secret + # is dtr url correct ? + digitalTwinRegistry: + type: decentral + descriptorEndpoint: https://trace-x-registry-stable-b.stable.demo.catena-x.net/semantics/registry/api/v3.0/shell-descriptors/{aasIdentifier} + shellLookupEndpoint: https://trace-x-registry-stable-b.stable.demo.catena-x.net/semantics/registry/api/v3.0/lookup/shells?assetIds={assetIds} + discoveryFinderUrl: https://semantics.stable.demo.catena-x.net/discoveryfinder/api/administration/connectors/discovery/search # check DF url when provided + + semanticshub: + url: https://semantics.stable.demo.catena-x.net/hub/api/v1/models # check DF url when provided + bpdm: + url: https://partners-pool.stable.demo.catena-x.net # check url when provided + + minioUser: + minioPassword: + minioUrl: http://tx-irs-minio-stable-b:9000 + + keycloak: + oauth2: + clientId: + clientSecret: + clientTokenUri: https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token # check stable environment centralidp url + jwkSetUri: https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs # check stable environment centralidp url + + edc: + callbackurl: http://tx-irs-stable-b:8181/internal/endpoint-data-reference + catalog: + cache: + enabled: "false" + controlplane: + endpoint: + statesuffix: /state + data: https://tx-edc-consumer-stable-b-controlplane.stable.demo.catena-x.net/management + apikey: + secret: + + minio: + nameOverride: "tx-irs-minio-stable-b" + fullnameOverride: "tx-irs-minio-stable-b" + serviceAccount: + create: false + rootUser: + rootPassword: + +################################### +# EDC Consumer configuration # +################################### +tractusx-connector: + nameOverride: "tx-edc-consumer-stable-b" + fullnameOverride: "tx-edc-consumer-stable-b" + enabled: true + install: + postgresql: false + vault: false + participant: + id: BPNL00000003CML1 + + controlplane: + ingresses: + - enabled: true + hostname: "tx-edc-consumer-stable-b-controlplane.stable.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - protocol + - management + tls: + enabled: true + secretName: tls-secret + ssi: + miw: + url: + authorityId: + oauth: + tokenurl: + client: + id: + secretAlias: edc-miw-keycloak-secret-stable-b + + endpoints: + # -- default api for health checks, should not be added to any ingress + default: + port: 8080 + path: /api + # -- data management api, used by internal users, can be added to an ingress and must not be internet facing + management: + port: 8081 + path: /management + # -- authentication key, must be attached to each 'X-Api-Key' request header + authKey: + # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not + control: + port: 8083 + path: /control + # -- ids api, used for inter connector communication and must be internet facing + protocol: + port: 8084 + path: /api/v1/dsp + # -- metrics api, used for application metrics, must not be internet facing + metrics: + port: 9090 + path: /metrics + # -- observability api with unsecured access, must not be internet facing + observability: + port: 8085 + # -- observability api, provides /health /readiness and /liveness endpoints + path: /observability + # -- allow or disallow insecure access, i.e. access without authentication + insecure: true + + internationalDataSpaces: + id: TXDC + description: Tractus-X Eclipse IDS Data Space Connector + title: "" + maintainer: "" + curator: "" + catalogId: TXDC-Catalog + + # Explicitly declared url for reaching the ids api (e.g. if ingresses not used) + url: + ids: "" + + resources: + limits: + cpu: 400m + memory: 1.5Gi + requests: + cpu: 200m + memory: 1.5Gi + + dataplane: + ingresses: + - enabled: true + hostname: "tx-edc-consumer-stable-b-dataplane.stable.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - public + className: "nginx" + tls: + enabled: true + secretName: tls-secret + + endpoints: + default: + port: 8080 + path: /api + public: + port: 8081 + path: /api/public + control: + port: 8083 + path: /api/dataplane/control + observability: + port: 8085 + path: /observability + insecure: true + metrics: + port: 9090 + path: /metrics + + url: + public: "" + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + + ## currently we need to provide a url but is not used anywhere + # URL where the EndpointDataReference callback will be sent to + backendService: + httpProxyTokenReceiverUrl: "https://traceability-stable-b.stable.demo.catena-x.net/api/callback/endpoint-data-reference" + # Files system has to be set to writeable for now since controlplane relies on temporary files to write SSI related things to + securityContext: + readOnlyRootFilesystem: false + ################################ + # EDC Vault Configuration # + ################################ + vault: + hashicorp: + url: "https://vault.demo.catena-x.net" + token: "" + timeout: 30 + healthCheck: + enabled: true + standbyOk: true + paths: + secret: /v1/traceability-foss + health: /v1/sys/health + secretNames: + transferProxyTokenSignerPrivateKey: daps-cert-key-stable-b + transferProxyTokenSignerPublicKey: daps-cert-stable-b + transferProxyTokenEncryptionAesKey: token-signer-aes-key + + ################################## + # EDC Postgres Configuration # + ################################## + postgresql: + enabled: true + size: 1Gi + auth: + username: "" + password: "" + username: "" + password: "" + jdbcUrl: "jdbc:postgresql://tx-edc-consumer-postgresql-stable-b-hl:5432/edc" + +################################### +# EDC Postgres Configuration # +################################### +edc-postgresql: + primary: + resources: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 1Gi + nameOverride: "tx-edc-consumer-postgresql-stable-b" + fullnameOverride: "tx-edc-consumer-postgresql-stable-b" + enabled: true + auth: + database: edc + username: + postgresPassword: + password: + diff --git a/charts/traceability-foss/values-test-dev.yaml b/charts/traceability-foss/values-test-dev.yaml index 4a9b303a75..ff51f43d94 100644 --- a/charts/traceability-foss/values-test-dev.yaml +++ b/charts/traceability-foss/values-test-dev.yaml @@ -120,7 +120,7 @@ backend: cpu: 100m memory: 256Mi - springprofile: test + springprofile: dev ingress: enabled: true