Skip to content
This repository has been archived by the owner on Mar 12, 2024. It is now read-only.

Commit

Permalink
Merge pull request #26 from catenax-ng/fix-default-charts-values
Browse files Browse the repository at this point in the history
use valid values in values.yaml
  • Loading branch information
SebastianBezold authored Feb 28, 2023
2 parents e0e0a6b + a616c48 commit 6824fd3
Show file tree
Hide file tree
Showing 10 changed files with 115 additions and 140 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -350,7 +350,7 @@ docker run --env-file .env.docker -p 8080:8080 managed-identity-wallets:<VERSION
Run following command to use the base values as well as the predefined values for local deployment:

```
helm install managed-identity-wallets ./helm/managed-identity-wallets/ -n managed-identity-wallets -f ./helm/managed-identity-wallets/values.yaml -f ./helm/managed-identity-wallets/values-local.yaml
helm install managed-identity-wallets ./charts/managed-identity-wallets/ -n managed-identity-wallets -f ./charts/managed-identity-wallets/values.yaml -f ./charts/managed-identity-wallets/values-local.yaml
```

4. Expose via loadbalancer
Expand Down
2 changes: 1 addition & 1 deletion charts/managed-identity-wallets/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.7.2
version: 0.7.5
appVersion: 3.3.2

dependencies:
Expand Down
17 changes: 9 additions & 8 deletions charts/managed-identity-wallets/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# managed-identity-wallets

![Version: 0.7.2](https://img.shields.io/badge/Version-0.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.3.2](https://img.shields.io/badge/AppVersion-3.3.2-informational?style=flat-square)
![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.3.2](https://img.shields.io/badge/AppVersion-3.3.2-informational?style=flat-square)

Managed Identity Wallets Service

Expand Down Expand Up @@ -57,27 +57,27 @@ Managed Identity Wallets Service
| revocationService.clientIssuanceApiUrl | string | `"http://localhost:8080"` | The url at which the MIW is reachable |
| acapy.imageName | string | `"bcgovimages/aries-cloudagent"` | |
| acapy.tag | string | `"py36-1.16-1_0.7.5"` | |
| acapy.endorser.ledgerUrl | string | `"https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis"` | The url of the used Indy ledger |
| acapy.endorser.genesisUrl | string | `"http://dev.greenlight.bcovrin.vonx.io/genesis"` | The url of the used Indy ledger |
| acapy.endorser.label | string | `"BaseWalletIssuer"` | The label of the instance |
| acapy.endorser.logLevel | string | `"INFO"` | |
| acapy.endorser.networkIdentifier | string | `"idunion:test"` | The network identifier of the used Indy ledger |
| acapy.endorser.networkIdentifier | string | `"greenlight:dev"` | The network identifier of the used Indy ledger |
| acapy.endorser.endpointUrl | string | `"https://localhost:8000"` | The endpoint url in the DID document |
| acapy.endorser.databaseHost | string | `"acapypostgresql"` | The host of the used database |
| acapy.endorser.endpointPort | string | `"8000"` | The port at which the wallet is reachable |
| acapy.endorser.adminPort | string | `"11000"` | The port at which the admin API is reachable |
| acapy.endorser.adminUrl | string | `"http://localhost:11000"` | The url of the admin API |
| acapy.endorser.secret.apikey | string | `"0"` | The API key of the admin endpoints. It must be a random and secure string |
| acapy.endorser.secret.walletseed | string | `"0"` | The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers) |
| acapy.endorser.secret.walletseed | string | `"RandomSeedPlaceHolder0x135791113"` | The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser. |
| acapy.endorser.secret.dbaccount | string | `"postgres"` | |
| acapy.endorser.secret.dbadminuser | string | `"postgres"` | |
| acapy.endorser.secret.dbadminpassword | string | `"postgres"` | |
| acapy.endorser.secret.dbpassword | string | `"postgres"` | |
| acapy.endorser.secret.jwtsecret | string | `"0"` | |
| acapy.endorser.secret.walletkey | string | `"0"` | |
| acapy.mt.ledgerUrl | string | `"https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis"` | The url of the used Indy ledger |
| acapy.mt.genesisUrl | string | `"http://dev.greenlight.bcovrin.vonx.io/genesis"` | The url of the used Indy ledger |
| acapy.mt.label | string | `"ManagedWallet"` | The label of the instance |
| acapy.mt.logLevel | string | `"INFO"` | |
| acapy.mt.networkIdentifier | string | `"idunion:test"` | The network identifier of the used Indy ledger |
| acapy.mt.networkIdentifier | string | `"greenlight:dev"` | The network identifier of the used Indy ledger |
| acapy.mt.endpointUrl | string | `"https://localhost:8003"` | The endpoint url in the DID document |
| acapy.mt.databaseHost | string | `"acapypostgresql"` | The host of the used database |
| acapy.mt.endpointPort | string | `"8003"` | The port at which the sub-wallets are reachable |
Expand All @@ -86,7 +86,7 @@ Managed Identity Wallets Service
| acapy.mt.endorserPublicDid | string | `"ShortDIDPlaceholderX"` | The short DID of the base wallet |
| acapy.mt.webhookUrl | string | `"http://localhost:8080/webhook"` | The url at which events are sent. It should be the webhook endpoint in MIW |
| acapy.mt.secret.apikey | string | `"0"` | The API-Key of the admin endpoints. It must be a random and secure string |
| acapy.mt.secret.walletseed | string | `"0"` | The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers) |
| acapy.mt.secret.walletseed | string | `"RandomSeedPlaceHolder0x246810120"` | The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser. |
| acapy.mt.secret.dbaccount | string | `"postgres"` | |
| acapy.mt.secret.dbadminuser | string | `"postgres"` | |
| acapy.mt.secret.dbadminpassword | string | `"postgres"` | |
Expand All @@ -99,6 +99,7 @@ Managed Identity Wallets Service
| acapypostgresql.secret.password | string | `"postgres"` | |
| acapypostgresql.secret.postgrespassword | string | `"postgres"` | |
| acapypostgresql.secret.user | string | `"postgres"` | |
| postgresql.useDefaultJdbcUrl | bool | `true` | use the default jdbc url `jdbc:postgresql://%s-postgresql:5432/postgres?user=%s&password=%s` instead of the value in managedIdentityWallets.secrets.jdbcUrl |
| postgresql.enabled | bool | `true` | |
| postgresql.auth.existingSecret | string | `"product-managed-identity-wallets-postgresql"` | |
| postgresql.primary.extraVolumeMounts[0].name | string | `"initdb"` | |
Expand All @@ -121,7 +122,7 @@ Managed Identity Wallets Service
| datapool.refreshHour | string | `"23"` | At which hour (24-hour clock) the cron job should pull the data from the BPDM data pool |
| datapool.url | string | `""` | Url at which the API of BPDM is reachable |
| datapool.authUrl | string | `""` | IAM url to get the access token for BPDM data pool endpoint |
| managedIdentityWallets.secret.jdbcurl | string | `"jdbc:postgresql://postgresql:5432/postgres?user=postgres&password=postgres"` | Database connection string to the Postgres database of MIW |
| managedIdentityWallets.secret.jdbcurl | string | `"jdbc:postgresql://<host>:<port>/<db-name>?user=<user>&password=<password>"` | Database connection string to the Postgres database of MIW. Used when postgresql.useDefaultJdbcUrl is false |
| managedIdentityWallets.secret.authclientid | string | `"clientid"` | It can be extracted from Keycloak |
| managedIdentityWallets.secret.authclientsecret | string | `"client"` | It can be extracted from Keycloak |
| managedIdentityWallets.secret.bpdmauthclientid | string | `"clientid"` | client id for accessing the BPDM data pool endpoint |
Expand Down
7 changes: 7 additions & 0 deletions charts/managed-identity-wallets/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,13 @@ Usage: include "postgresContext" (list $ "your_include_function_here")
{{- include $function (dict "Values" $.Values.postgresql "Chart" (dict "Name" "postgresql") "Release" $.Release) }}
{{- end }}

{{/*
Create the default JDBC url
*/}}
{{- define "managed-identity-wallets.jdbcUrl" -}}
{{- printf "jdbc:postgresql://%s-postgresql:5432/postgres?user=%s&password=%s" .Release.Name .Values.postgresql.secret.user .Values.postgresql.secret.postgrespassword }}
{{- end -}}

{{/*
Create the name of the service account to use
*/}}
Expand Down
12 changes: 10 additions & 2 deletions charts/managed-identity-wallets/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,14 @@ spec:
- name: ALLOW_EMPTY_PASSWORD
value: {{ .Values.allowEmptyPassword | default "no" }}
- name: MIW_DB_JDBC_URL
{{- if .Values.postgresql.useDefaultJdbcUrl }}
value: {{ include "managed-identity-wallets.jdbcUrl" . }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ include "managed-identity-wallets.fullname" . }}-secret
key: miw-db-jdbc-url
{{- end }}
- name: MIW_DB_JDBC_DRIVER
value: {{ .Values.db.jdbcDriver }}
- name: MIW_AUTH_JWKS_URL
Expand Down Expand Up @@ -182,10 +186,14 @@ spec:
- name: QUARKUS_HTTP_ACCESS_LOG_ENABLED
value: {{ .Values.revocationService.httpAccessLog | quote | default "false" }}
- name: QUARKUS_DATASOURCE_JDBC_URL
{{- if .Values.postgresql.useDefaultJdbcUrl }}
value: {{ include "managed-identity-wallets.jdbcUrl" . }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ include "managed-identity-wallets.fullname" . }}-secret
key: miw-db-jdbc-url
{{- end }}
- name: REVOCATION_BASE_URL
value: {{ .Values.revocationService.baseUrlForCredentialList }}
- name: REVOCATION_MIN_ISSUE_INTERVAL
Expand Down Expand Up @@ -215,7 +223,7 @@ spec:
name: {{ include "managed-identity-wallets.fullname" . }}-acapy
key: acapy-endorser-agent-wallet-seed
- name: LEDGER_URL
value: {{ .Values.acapy.endorser.ledgerUrl }}
value: {{ .Values.acapy.endorser.genesisUrl }}
- name: LABEL
value: {{ .Values.acapy.endorser.label }}
- name: JWT_SECRET
Expand Down Expand Up @@ -309,7 +317,7 @@ spec:
name: {{ include "managed-identity-wallets.fullname" . }}-acapy
key: acapy-mt-agent-wallet-seed
- name: LEDGER_URL
value: {{ .Values.acapy.mt.ledgerUrl }}
value: {{ .Values.acapy.mt.genesisUrl }}
- name: LABEL
value: {{ .Values.acapy.mt.label }}
- name: JWT_SECRET
Expand Down
95 changes: 73 additions & 22 deletions charts/managed-identity-wallets/values-beta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,12 @@ auth:
redirectUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/callback"
wallet:
baseWalletBpn: "BPNL00000003CRHK"
baseWalletShortDid: "YPp94k3hzcedGE6JBBzd7k"
baseWalletVerkey: "J7QUrkAtsWDGSsNeHKwQxr8aipWCBNvxxGZQ8SjVc5u5"
baseWalletName: "Catena-X-BETA"
membershipOrganisation: "Catena-X"
datapool:
url: "https://catenax-bpdm-beta.demo.catena-x.net"
url: "https://partners-pool.beta.demo.catena-x.net"
authUrl: "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
revocationService:
baseUrlForCredentialList: "https://managed-identity-wallets.beta.demo.catena-x.net/api/credentials/"
Expand All @@ -15,30 +19,77 @@ ingress:
certificate:
host: "managed-identity-wallets.beta.demo.catena-x.net"
acapy:
endpointUrl: "https://managed-identity-wallets.beta.demo.catena-x.net:8000/"
secret:
apikey: <path:managed-identity-wallets/data/beta/managed-identity-wallets-acapy-secrets#acapy-admin-api-key>
walletseed: <path:managed-identity-wallets/data/beta/managed-identity-wallets-acapy-secrets#acapy-agent-wallet-seed>
dbaccount: <path:managed-identity-wallets/data/beta/managed-identity-wallets-acapy-secrets#acapy-db-account>
dbadminuser: <path:managed-identity-wallets/data/beta/managed-identity-wallets-acapy-secrets#acapy-db-admin>
dbadminpassword: <path:managed-identity-wallets/data/beta/managed-identity-wallets-acapy-secrets#acapy-db-admin-password>
dbpassword: <path:managed-identity-wallets/data/beta/managed-identity-wallets-acapy-secrets#acapy-db-password>
jwtsecret: <path:managed-identity-wallets/data/beta/managed-identity-wallets-acapy-secrets#acapy-jwt-secret>
walletkey: <path:managed-identity-wallets/data/beta/managed-identity-wallets-acapy-secrets#acapy-wallet-key>
endorser:
genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis"
networkIdentifier: "idunion:test"
endpointUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/didcomm-base"
secret:
apikey: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-endorser-admin-api-key>
walletseed: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-endorser-agent-wallet-seed>
dbaccount: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-endorser-db-account>
dbadminuser: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-endorser-db-admin>
dbadminpassword: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-endorser-db-admin-password>
dbpassword: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-endorser-db-password>
jwtsecret: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-endorser-jwt-secret>
walletkey: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-endorser-wallet-key>
mt:
genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis"
networkIdentifier: "idunion:test"
endpointUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/didcomm-managed-wallets"
endorserPublicDid: "YPp94k3hzcedGE6JBBzd7k"
secret:
apikey: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-mt-admin-api-key>
walletseed: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-mt-agent-wallet-seed>
dbaccount: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-mt-db-account>
dbadminuser: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-mt-db-admin>
dbadminpassword: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-mt-db-admin-password>
dbpassword: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-mt-db-password>
jwtsecret: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-mt-jwt-secret>
walletkey: <path:managed-identity-wallets/data/pre/managed-identity-wallets-acapy-secrets#acapy-mt-wallet-key>
managedIdentityWallets:
secret:
jdbcurl: <path:managed-identity-wallets/data/beta/managed-identity-wallets-secrets#miw-db-jdbc-url>
authclientid: <path:managed-identity-wallets/data/beta/managed-identity-wallets-secrets#miw-auth-client-id>
authclientsecret: <path:managed-identity-wallets/data/beta/managed-identity-wallets-secrets#miw-auth-client-secret>
bpdmauthclientid: <path:managed-identity-wallets/data/beta/managed-identity-wallets-secrets#bpdm-auth-client-id>
bpdmauthclientsecret: <path:managed-identity-wallets/data/beta/managed-identity-wallets-secrets#bpdm-auth-client-secret>
jdbcurl: <path:managed-identity-wallets/data/pre/managed-identity-wallets-secrets#miw-db-jdbc-url>
authclientid: <path:managed-identity-wallets/data/pre/managed-identity-wallets-secrets#miw-auth-client-id>
authclientsecret: <path:managed-identity-wallets/data/pre/managed-identity-wallets-secrets#miw-auth-client-secret>
bpdmauthclientid: <path:managed-identity-wallets/data/pre/managed-identity-wallets-secrets#bpdm-auth-client-id>
bpdmauthclientsecret: <path:managed-identity-wallets/data/pre/managed-identity-wallets-secrets#bpdm-auth-client-secret>
postgresql:
useDefaultJdbcUrl: false
secret:
password: <path:managed-identity-wallets/data/beta/postgres-managed-identity-wallets-secret-config#password>
postgrespassword: <path:managed-identity-wallets/data/beta/postgres-managed-identity-wallets-secret-config#postgres-password>
user: <path:managed-identity-wallets/data/beta/postgres-managed-identity-wallets-secret-config#user>
password: <path:managed-identity-wallets/data/pre/postgres-managed-identity-wallets-secret-config#password>
postgrespassword: <path:managed-identity-wallets/data/pre/postgres-managed-identity-wallets-secret-config#postgres-password>
user: <path:managed-identity-wallets/data/pre/postgres-managed-identity-wallets-secret-config#user>
acapypostgresql:
secret:
password: <path:managed-identity-wallets/data/beta/postgres-acapy-secret-config#password>
postgrespassword: <path:managed-identity-wallets/data/beta/postgres-acapy-secret-config#postgres-password>
user: <path:managed-identity-wallets/data/beta/postgres-acapy-secret-config#user>
password: <path:managed-identity-wallets/data/pre/postgres-acapy-secret-config#password>
postgrespassword: <path:managed-identity-wallets/data/pre/postgres-acapy-secret-config#postgres-password>
user: <path:managed-identity-wallets/data/pre/postgres-acapy-secret-config#user>
resources:
managedIdentityWallets:
requests:
cpu: "200m"
memory: "512Mi"
limits:
cpu: "250m"
memory: "512Mi"
revocationService:
requests:
cpu: "200m"
memory: "512Mi"
limits:
cpu: "250m"
memory: "512Mi"
endorserAcapy:
requests:
cpu: "200m"
memory: "256Mi"
limits:
cpu: "250m"
memory: "512Mi"
mtAcapy:
requests:
cpu: "200m"
memory: "256Mi"
limits:
cpu: "250m"
memory: "512Mi"
3 changes: 1 addition & 2 deletions charts/managed-identity-wallets/values-dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ certificate:
acapy:
endorser:
logLevel: "DEBUG"
ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis"
endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/didcomm-base"
secret:
apikey: <path:managed-identity-wallets/data/dev/managed-identity-wallets-acapy-secrets#acapy-endorser-admin-api-key>
Expand All @@ -34,7 +33,6 @@ acapy:
walletkey: <path:managed-identity-wallets/data/dev/managed-identity-wallets-acapy-secrets#acapy-endorser-wallet-key>
mt:
logLevel: "DEBUG"
ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis"
endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/didcomm-managed-wallets"
endorserPublicDid: "MhLrwtKpZhNCzazMeofPQH"
secret:
Expand All @@ -54,6 +52,7 @@ managedIdentityWallets:
bpdmauthclientid: <path:managed-identity-wallets/data/dev/managed-identity-wallets-secrets#bpdm-auth-client-id>
bpdmauthclientsecret: <path:managed-identity-wallets/data/dev/managed-identity-wallets-secrets#bpdm-auth-client-secret>
postgresql:
useDefaultJdbcUrl: false
secret:
password: <path:managed-identity-wallets/data/dev/postgres-managed-identity-wallets-secret-config#password>
postgrespassword: <path:managed-identity-wallets/data/dev/postgres-managed-identity-wallets-secret-config#postgres-password>
Expand Down
Loading

0 comments on commit 6824fd3

Please sign in to comment.