feat: add config to portal, iam and discoveryfinder and update docs (#60

)

* feat: add tls and ingress config to portal and idps

* chore: adjust license header year

* docs: self-signed TLS in readme

* chore: add discoveryfinder ingress to values file

* chore: bump chart version

* chore: fix comment format in values.yaml

* chore: fix centralidp and sharedidp setup

* docs: update chart readme and chart description

* chore: add portal config and keycloak themes and fix discoveryfinder config

---------

Co-authored-by: Evelyn Gurschler <[email protected]>

charts/umbrella/Chart.yaml

@@ -20,15 +20,15 @@
 apiVersion: v2
 name: umbrella
 description: |
-  A Helm chart to spin up Catena-X OSS components to simulate a complete dataspace network.
+  A Helm chart to spin up Tractus-X OSS components to simulate a complete dataspace network.
 
-  With this Helm chart you are able to create a sandbox environment or run end-to-end.
+  With this Helm chart you are able to run end-to-end or create a sandbox environment.
 
 sources:
-  - https://github.com/eclipse-tractusx/e2e-testing
+  - https://github.com/eclipse-tractusx/tractus-x-umbrella
 
 type: application
-version: 0.8.0
+version: 0.9.0
 
 dependencies:
 #  # TODO: update edc components to R23.12

charts/umbrella/README.md

@@ -1,29 +1,98 @@
-# E2E umbrella Chart
+# Umbrella Chart
 
-This e2e umbrella Chart is a basis for end-to-end testing of an [Catena-X](https://catena-x.net/en/) automotive dataspace network
-consisting of [Tractus-X](https://projects.eclipse.org/projects/automotive.tractusx) OSS coponents.
+This umbrella chart provides a basis for running end-to-end tests or creating a sandbox environment of the [Catena-X](https://catena-x.net/en/) automotive dataspace network
+consisting of [Tractus-X](https://projects.eclipse.org/projects/automotive.tractusx) OSS components.
 
-The Chart aims for a completely automated setup of a fully functional network, that does not require manual setup steps.
+The chart aims for a completely automated setup of a fully functional network, that does not require manual setup steps.
 
 ## Installing
 
 Running this Chart requires a kubernetes cluster `>1.24.x`. One of the options is to run a local instance of [minikube](https://minikube.sigs.k8s.io/docs/start/) setup.
 Assuming you have a running cluster and your `kubectl` context is set to that cluster, you can use the following command to install
-the Chart as `lab` release.
+the chart as `umbrella` release.
+
+### (Optional) Self-signed TLS setup
+
+Install cert-manager chart in the same namespace where the umbrella chart will be located.
+
+```bash
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
+```
+
+```bash
+helm install \
+  cert-manager jetstack/cert-manager \
+  --namespace umbrella \
+  --create-namespace \
+  --version v1.14.4 \
+  --set installCRDs=true
+```
+
+Configure the self-signed certificate and issuer to be used by the ingress resources.
+
+```bash
+kubectl apply -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: my-selfsigned-ca
+  namespace: umbrella
+spec:
+  isCA: true
+  commonName: cx.local
+  secretName: root-secret
+  privateKey:
+    algorithm: RSA
+    size: 2048
+  issuerRef:
+    name: selfsigned-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+  subject:
+    organizations:
+      - CX
+    countries:
+      - DE
+    provinces:
+      - Some-State
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: my-ca-issuer
+spec:
+  ca:
+    secretName: root-secret
+EOF
+```
+
+See [cert-manager self-signed](https://cert-manager.io/docs/configuration/selfsigned) for reference.
+
+### Installing the chart
 
 ```shell
 # Download (recursive chart dependencies) with hack script
 hack/helm-dependencies.bash
 
 cd charts/umbrella
 
-helm install lab . --namespace lab --create-namespace
+helm install umbrella . --namespace umbrella --create-namespace
 ```
 
-To taredown your setup, run:
+## Uninstalling
+
+To teardown your setup, run:
 
 ```shell
-helm delete lab --namespace lab
+helm delete umbrella --namespace umbrella
 ```
 
 ## How to contribute

charts/umbrella/templates/centralidp-spi.yaml

@@ -0,0 +1,40 @@
+{{- /*
+* Copyright (c) 2024 Contributors to the Eclipse Foundation
+*
+* See the NOTICE file(s) distributed with this work for additional
+* information regarding copyright ownership.
+*
+* This program and the accompanying materials are made available under the
+* terms of the Apache License, Version 2.0 which is available at
+* https://www.apache.org/licenses/LICENSE-2.0.
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+* License for the specific language governing permissions and limitations
+* under the License.
+*
+* SPDX-License-Identifier: Apache-2.0
+*/}}
+
+{{- if .Values.centralidp.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: centralidp-spi
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+# use lookup function to check if secret exists
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace "centralidp-spi") }}
+{{ if $secret -}}
+data:
+  # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
+  # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
+  # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
+  spi-truststore-password: {{ ( .Values.centralidp.secrets.auth.spi.truststorePassword | b64enc ) | default ( index $secret.data "spi-truststore-password" ) | quote }}
+{{ else -}}
+stringData:
+  # if secret doesn't exist, use provided value from values file or generate a random one
+  spi-truststore-password: {{ ( .Values.centralidp.secrets.auth.spi.truststorePassword | b64enc ) | default ( randAlphaNum 32 | quote ) }}
+{{ end }}
+{{- end -}}

charts/umbrella/templates/sharedidp-spi.yaml

@@ -0,0 +1,40 @@
+{{- /*
+* Copyright (c) 2024 Contributors to the Eclipse Foundation
+*
+* See the NOTICE file(s) distributed with this work for additional
+* information regarding copyright ownership.
+*
+* This program and the accompanying materials are made available under the
+* terms of the Apache License, Version 2.0 which is available at
+* https://www.apache.org/licenses/LICENSE-2.0.
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+* License for the specific language governing permissions and limitations
+* under the License.
+*
+* SPDX-License-Identifier: Apache-2.0
+*/}}
+
+{{- if .Values.sharedidp.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sharedidp-spi
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+# use lookup function to check if secret exists
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace "sharedidp-spi") }}
+{{ if $secret -}}
+data:
+  # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
+  # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
+  # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
+  spi-truststore-password: {{ ( .Values.sharedidp.secrets.auth.spi.truststorePassword | b64enc ) | default ( index $secret.data "spi-truststore-password" ) | quote }}
+{{ else -}}
+stringData:
+  # if secret doesn't exist, use provided value from values file or generate a random one
+  spi-truststore-password: {{ ( .Values.sharedidp.secrets.auth.spi.truststorePassword | b64enc ) | default ( randAlphaNum 32 | quote ) }}
+{{ end }}
+{{- end -}}