From cff7160f41a02a7268efdc9127f01ab204b0fa4b Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 14 Jun 2023 10:34:02 +0200 Subject: [PATCH 01/11] chore(helm): remove legacy psql dependencies --- charts/umbrella/Chart.yaml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/charts/umbrella/Chart.yaml b/charts/umbrella/Chart.yaml index eb6e2b5b..73565581 100644 --- a/charts/umbrella/Chart.yaml +++ b/charts/umbrella/Chart.yaml @@ -59,17 +59,6 @@ dependencies: # repository: https://catenax-ng.github.io/product-edc condition: global.edc.enabled - # - alias: psqlconsumer - # name: postgresql - # version: 11.9.13 # TODO: upgrade to PSQL v15 - # repository: https://charts.bitnami.com/bitnami - # condition: global.edc.enabled - # - alias: psqlprovider - # name: postgresql - # version: 11.9.13 # TODO: upgrade to PSQL v15 - # repository: https://charts.bitnami.com/bitnami - # condition: global.edc.enabled - - name: vault version: 0.23.0 repository: https://helm.releases.hashicorp.com From 68a54afb102c44c44a5c272a5ac3a6bd9c6f2f32 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 14 Jun 2023 10:35:15 +0200 Subject: [PATCH 02/11] feat(helm): remove daps and vault chart dependencies --- charts/umbrella/Chart.yaml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/charts/umbrella/Chart.yaml b/charts/umbrella/Chart.yaml index 73565581..58fe6a47 100644 --- a/charts/umbrella/Chart.yaml +++ b/charts/umbrella/Chart.yaml @@ -40,12 +40,6 @@ dependencies: version: 0.1.0 condition: global.edc.enabled - - alias: dapsserver - name: daps-server - version: 1.7.5 - # adding repo as directory to modify the chart - # repository: https://eclipse-tractusx.github.io/charts/dev - # edc consumer - alias: edcconsumer name: tractusx-connector @@ -58,8 +52,3 @@ dependencies: version: 0.3.0 # repository: https://catenax-ng.github.io/product-edc condition: global.edc.enabled - - - name: vault - version: 0.23.0 - repository: https://helm.releases.hashicorp.com - condition: global.edc.enabled From 16bbf94840c51623b1303b5d59c94576ae304a8b Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 14 Jun 2023 10:37:45 +0200 Subject: [PATCH 03/11] chore(helm): remove daps chart files --- charts/umbrella/charts/daps-server/Chart.yaml | 27 -- charts/umbrella/charts/daps-server/README.md | 57 ----- .../charts/daps-server/templates/NOTES.txt | 18 -- .../charts/daps-server/templates/_helpers.tpl | 90 ------- .../daps-server/templates/configmap.yml | 124 --------- .../daps-server/templates/deployment.yaml | 236 ------------------ .../charts/daps-server/templates/hpa.yaml | 47 ---- .../charts/daps-server/templates/ingress.yaml | 109 -------- .../templates/persistentvolumeclaim.yaml | 35 --- .../charts/daps-server/templates/secret.yml | 27 -- .../charts/daps-server/templates/service.yaml | 34 --- .../daps-server/templates/serviceaccount.yaml | 31 --- .../templates/tests/test-connection.yaml | 34 --- .../umbrella/charts/daps-server/values.yaml | 151 ----------- 14 files changed, 1020 deletions(-) delete mode 100644 charts/umbrella/charts/daps-server/Chart.yaml delete mode 100644 charts/umbrella/charts/daps-server/README.md delete mode 100644 charts/umbrella/charts/daps-server/templates/NOTES.txt delete mode 100644 charts/umbrella/charts/daps-server/templates/_helpers.tpl delete mode 100644 charts/umbrella/charts/daps-server/templates/configmap.yml delete mode 100644 charts/umbrella/charts/daps-server/templates/deployment.yaml delete mode 100644 charts/umbrella/charts/daps-server/templates/hpa.yaml delete mode 100644 charts/umbrella/charts/daps-server/templates/ingress.yaml delete mode 100644 charts/umbrella/charts/daps-server/templates/persistentvolumeclaim.yaml delete mode 100644 charts/umbrella/charts/daps-server/templates/secret.yml delete mode 100644 charts/umbrella/charts/daps-server/templates/service.yaml delete mode 100644 charts/umbrella/charts/daps-server/templates/serviceaccount.yaml delete mode 100644 charts/umbrella/charts/daps-server/templates/tests/test-connection.yaml delete mode 100644 charts/umbrella/charts/daps-server/values.yaml diff --git a/charts/umbrella/charts/daps-server/Chart.yaml b/charts/umbrella/charts/daps-server/Chart.yaml deleted file mode 100644 index 86a3c53a..00000000 --- a/charts/umbrella/charts/daps-server/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: v2 -appVersion: 1.7.1 -description: DAPS server helm-chart -name: daps-server -sources: -- https://github.com/eclipse-tractusx/daps-helm-chart -type: application -version: 1.7.5 diff --git a/charts/umbrella/charts/daps-server/README.md b/charts/umbrella/charts/daps-server/README.md deleted file mode 100644 index 42a37ae5..00000000 --- a/charts/umbrella/charts/daps-server/README.md +++ /dev/null @@ -1,57 +0,0 @@ -# daps-server - -![Version: 1.7.4](https://img.shields.io/badge/Version-1.7.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.1](https://img.shields.io/badge/AppVersion-1.7.1-informational?style=flat-square) - -DAPS server helm-chart - -## Source Code - -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | Pod affinity configuration | -| autoscaling | object | `{"enabled":false,"maxReplicas":5,"minReplicas":1,"targetMemoryUtilizationPercentage":60}` | DAPS autoscaling configuration | -| daps.secret.clientId | string | `""` | | -| daps.secret.clientSecret | string | `""` | | -| env.config | object | `{}` | Additional env variables | -| env.secret | object | `{}` | Additional env variables that should be stored in encrypted way | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | -| image.repository | string | `""` | DAPS docker image | -| image.tag | string | `""` | Image tag. Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | Secret which contains dockerconfig.json from private container registry with daps image | -| ingress.annotations | object | `{}` | Additional ingress annotations | -| ingress.enabled | bool | `false` | If set to `true`, DAPS will be exposed with ingress controller at http(s)://(ingress.host)/(ingress.pathPrefix) | -| ingress.host | string | `"daps-beta.int.demo.catena-x.net"` | Ingress host name | -| ingress.pathPrefix | string | `"/"` | Path prefix to be added to DAPS URI. Regex can be used | -| ingress.rootPath | string | `"/"` | Root prefix without regex rules that used to configure daps host name in configuration | -| ingress.tls.certMgr.enabled | bool | `false` | If `true` cert-manager will be used to issue a certificate with ingress.host CN name | -| ingress.tls.certMgr.issuer | string | `"letsencrypt-prod"` | Cert-manager issuer name | -| ingress.tls.enabled | bool | `false` | If `true` daps will be exposed with https | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | Node selection configuration | -| omejdn.createDefaultAdmin | bool | `true` | Default user and client will be created if set to `true`. User credentials set in `omejdn.defaultAdminUser` section | -| omejdn.defaultAdminUser | string | `"admin:admin"` | Default user credentials in format `user:password` | -| omejdn.serverKey | string | `""` | Server key content. DAPS will generate key if it's not provided at startup | -| omejdn.serverKeyFolderPath | string | `"/opt"` | Path to directory with private server key | -| persistence.accessMode | list | `[]` | Storage accessMode, defaults to ReadWriteOnce | -| persistence.enabled | bool | `true` | If `true` persistent volume will be used to store clients and users configuration | -| persistence.storageClass | string | `""` | Storage class to claim a volume, defaults to azurefile. | -| persistence.storageSize | string | `"2Gi"` | Volume size | -| podAnnotations | object | `{}` | | -| podSecurityContext | object | `{}` | Pod security context configuration | -| replicaCount | int | `1` | DAPS instances count | -| resources | object | `{"limits":{"cpu":"200m","memory":"300Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` | Pod resources requests and limits configuration | -| securityContext | string | `nil` | Pod security context configuration | -| service.port | int | `4567` | Service port | -| service.type | string | `"ClusterIP"` | Service type | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | -| tolerations | list | `[]` | Pod toleration settings | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/umbrella/charts/daps-server/templates/NOTES.txt b/charts/umbrella/charts/daps-server/templates/NOTES.txt deleted file mode 100644 index df599b3c..00000000 --- a/charts/umbrella/charts/daps-server/templates/NOTES.txt +++ /dev/null @@ -1,18 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.host }}{{ .Values.ingress.rootPath }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "daps-server.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "daps-server.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "daps-server.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "daps-server.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/charts/umbrella/charts/daps-server/templates/_helpers.tpl b/charts/umbrella/charts/daps-server/templates/_helpers.tpl deleted file mode 100644 index fb4a8705..00000000 --- a/charts/umbrella/charts/daps-server/templates/_helpers.tpl +++ /dev/null @@ -1,90 +0,0 @@ -{{/* -***************************************************************************** -* Copyright (c) 2023 Contributors to the Eclipse Foundation -* -* See the NOTICE file(s) distributed with this work for additional -* information regarding copyright ownership. -* -* This program and the accompanying materials are made available under the -* terms of the Apache License, Version 2.0 which is available at -* https://www.apache.org/licenses/LICENSE-2.0. -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -* License for the specific language governing permissions and limitations -* under the License. -* -* SPDX-License-Identifier: Apache-2.0 -***************************************************************************** -*/}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "daps-server.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "daps-server.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "daps-server.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "daps-server.labels" -}} -helm.sh/chart: {{ include "daps-server.chart" . }} -{{ include "daps-server.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "daps-server.selectorLabels" -}} -app.kubernetes.io/name: {{ include "daps-server.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create name of application secret -*/}} -{{- define "daps-server.applicationSecret.name" -}} -{{- printf "%s-application" (include "daps-server.fullname" .) }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "daps-server.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "daps-server.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/umbrella/charts/daps-server/templates/configmap.yml b/charts/umbrella/charts/daps-server/templates/configmap.yml deleted file mode 100644 index 1a3f7898..00000000 --- a/charts/umbrella/charts/daps-server/templates/configmap.yml +++ /dev/null @@ -1,124 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "daps-server.fullname" . }} - labels: - {{- include "daps-server.labels" . | nindent 4 }} -data: - {{- range $key, $val := .Values.env.config }} - {{ $key }}: "{{ $val }}" - {{- end}} - plugins.yml: |- - --- - plugins: - admin_api: - token_user_attributes: - skip_access_token: false - skip_id_token: false - - scope_mapping.yml: |- - --- - plugins: - omejdn:read: - - omejdn - omejdn:write: - - omejdn - omejdn:admin: - - omejdn - profile: - - name - - family_name - - given_name - - middle_name - - nickname - - preferred_username - - profile - - picture - - website - - gender - - birthdate - - zoneinfo - - locale - - updated_at - email: - - email - - email_verified - address: - - formatted - - street_address - - locality - - region - - postal_code - - country - phone: - - phone_number - - phone_number_verified - idsc:IDS_CONNECTOR_ATTRIBUTES_ALL: - - "@type" - - "@context" - - "securityProfile" - - "referringConnector" - - - - omejdn.yml: |- - --- - issuer: https://{{ .Values.ingress.host }} - front_url: https://{{ .Values.ingress.host }} - bind_to: 0.0.0.0:4567 - environment: development - openid: false - default_audience: idsc:IDS_CONNECTORS_ALL - accept_audience: - - https://{{ .Values.ingress.host }}{{ .Values.ingress.rootPath }} - - https://{{ .Values.ingress.host }}{{ .Values.ingress.rootPath }}token - - idsc:IDS_CONNECTORS_ALL - access_token: - expiration: 3600 - algorithm: RS256 - id_token: - expiration: 3600 - algorithm: RS256 - user_backend: - - yaml - - - {{- if .Values.omejdn.createDefaultAdmin }} - clients.yml: |- - --- - - client_id: {{ .Values.daps.secret.clientId }} - name: omejdn admin ui - client_secret: {{ .Values.daps.secret.clientSecret }} - token_endpoint_auth_method: client_secret_post - attributes: - - key: omejdn - value: admin - redirect_uris: - - https://example.org/callback01 - - https://example.org/callback02 - - https://oauth.pstmn.io/v1/callback - - "/" - scope: - - omejdn:admin - grant_types: - - client_credentials - {{- end }} diff --git a/charts/umbrella/charts/daps-server/templates/deployment.yaml b/charts/umbrella/charts/daps-server/templates/deployment.yaml deleted file mode 100644 index 19e5f727..00000000 --- a/charts/umbrella/charts/daps-server/templates/deployment.yaml +++ /dev/null @@ -1,236 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- $fullName := include "daps-server.fullname" . -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "daps-server.fullname" . }} - labels: - {{- include "daps-server.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "daps-server.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "daps-server.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "daps-server.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - initContainers: - - name: init-fill-pvc - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - command: - - "sh" - - "-c" - args: - - | - mkdir -p /tmp/config /tmp/keys - #ls /tmp/ - if [ ! -f /tmp/config/users.yml ]; then - echo "File users.yml not found in pvc!. Creating empty file" - touch /tmp/config/users.yml - fi - if [ -d /tmp/key.pem ]; then - echo "Fix key is directory" - rm -rf /tmp/key.pem - fi - if [ ! -f /tmp/key.pem ]; then - echo "File key.pem not found in pvc!. Generating new key!" - openssl genrsa -out /tmp/key.pem 1024 - fi - if [ ! -f /tmp/config/clients.yml ]; then - echo "File clients.yml not found in pvc! Creating a new one with default admin client" - {{- if .Values.omejdn.createDefaultAdmin }} - cp /tmp2/clients.yml /tmp/config/clients.yml - {{- else }} - touch /tmp/config/clients.yml - {{- end }} - fi - # mounting as configmap is not an option as server expects this file writeable - if [ ! -f /tmp/config/omejdn.yml ]; then - echo "File omejdn.yml not found in pvc! Creating a new one with default admin client" - {{- if .Values.omejdn.createDefaultAdmin }} - cp /tmp2/omejdn.yml /tmp/config/omejdn.yml - {{- else }} - touch /tmp/config/omejdn.yml - {{- end }} - fi - if [ ! -f /tmp/config/scope_mapping.yml ]; then - echo "File scope_mapping.yml not found in pvc! Creating a new one with default admin client" - {{- if .Values.omejdn.createDefaultAdmin }} - cp /tmp2/scope_mapping.yml /tmp/config/scope_mapping.yml - {{- else }} - touch /tmp/config/scope_mapping.yml - {{- end }} - fi - #if [ ! -d /tmp/keys ]; then - # echo "keys directory not found in pvc! Creating empty dit" - # mkdir /tmp/keys - #fi - volumeMounts: - - name: config - mountPath: /tmp/ - readOnly: false - - mountPath: /tmp2/clients.yml - name: clients-config - subPath: clients.yml - - mountPath: /tmp2/omejdn.yml - name: omejdn-config - subPath: omejdn.yml - - mountPath: /tmp2/scope_mapping.yml - name: scope-mapping-config - subPath: scope_mapping.yml - - mountPath: /opt/keys - name: config - subPath: keys - readOnly: false - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: OMEJDN_PLUGINS - value: {{ .Values.omejdn.serverKeyFolderPath }}/config/plugins.yml - - name: OMEJDN_JWT_AUD_OVERRIDE - value: "idsc:IDS_CONNECTORS_ALL" - - name: OMEJDN_IGNORE_ENV - value: "true" - {{- if .Values.omejdn.createDefaultAdmin }} - - name: OMEJDN_ADMIN - value: {{ .Values.omejdn.defaultAdminUser }} - {{- end }} - {{- range $key, $val := .Values.env.secret }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $fullName }} - key: {{ $key }} - {{- end}} - {{- range $key, $val := .Values.env.config }} - - name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $fullName }} - key: {{ $key }} - {{- end}} - ports: - - name: http - containerPort: 4567 - protocol: TCP - #livenessProbe: - # httpGet: - # path: /.well-known/jwks.json - # port: http - # scheme: HTTP - # failureThreshold: 3 - # periodSeconds: 3 - #readinessProbe: - # httpGet: - # path: /.well-known/jwks.json - # port: http - # scheme: HTTP - # failureThreshold: 3 - # periodSeconds: 1 - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - mountPath: {{ .Values.omejdn.serverKeyFolderPath }}/key.pem - name: config - subPath: key.pem - - mountPath: {{ .Values.omejdn.serverKeyFolderPath }}/config - name: config - subPath: config - readOnly: false - - mountPath: {{ .Values.omejdn.serverKeyFolderPath }}/config/plugins.yml - name: plugins-config - subPath: plugins.yml - readOnly: false - - mountPath: {{ .Values.omejdn.serverKeyFolderPath }}/keys - name: config - subPath: keys - readOnly: false - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - - volumes: - - name: config - persistentVolumeClaim: - claimName: {{ include "daps-server.fullname" . }} - {{- if .Values.omejdn.serverKey }} - - name: server-key - secret: - secretName: {{ include "daps-server.fullname" . }} - items: - - key: key.pem - path: key.pem - {{- end }} - - name: plugins-config - configMap: - name: {{ include "daps-server.fullname" . }} - items: - - key: plugins.yml - path: plugins.yml - - name: omejdn-config - configMap: - name: {{ include "daps-server.fullname" . }} - items: - - key: omejdn.yml - path: omejdn.yml - - name: scope-mapping-config - configMap: - name: {{ include "daps-server.fullname" . }} - items: - - key: scope_mapping.yml - path: scope_mapping.yml - - name: clients-config - configMap: - name: {{ include "daps-server.fullname" . }} - items: - - key: clients.yml - path: clients.yml diff --git a/charts/umbrella/charts/daps-server/templates/hpa.yaml b/charts/umbrella/charts/daps-server/templates/hpa.yaml deleted file mode 100644 index e721dc4b..00000000 --- a/charts/umbrella/charts/daps-server/templates/hpa.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "daps-server.fullname" . }} - labels: - {{- include "daps-server.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "daps-server.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/umbrella/charts/daps-server/templates/ingress.yaml b/charts/umbrella/charts/daps-server/templates/ingress.yaml deleted file mode 100644 index 3f381015..00000000 --- a/charts/umbrella/charts/daps-server/templates/ingress.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "daps-server.fullname" . -}} -{{- $ingressExtraPaths := .Values.ingress.extraPaths -}} -{{- $svcName := include "daps-server.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "daps-server.labels" . | nindent 4 }} - annotations: - # nginx.ingress.kubernetes.io/rewrite-target: /$2 - nginx.ingress.kubernetes.io/use-regex: "true" - {{- if .Values.ingress.tls.certMgr.enabled }} - cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.certMgr.issuer }} - {{- end }} -spec: - {{- if .Values.ingress.tls.enabled }} - tls: - - hosts: - - {{ .Values.ingress.host }} - secretName: "{{ include "daps-server.fullname" . }}-tls" - {{- end }} - ingressClassName: nginx - rules: - - host: {{ .Values.ingress.host }} - http: - paths: - - path: {{ default "/" .Values.ingress.pathPrefix | quote }} - pathType: Prefix - backend: - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - {{- if $.Values.service.servicename }} - serviceName: {{ $.Values.service.servicename }} - {{- else }} - serviceName: {{ default $svcName .service }} - {{- end }} - servicePort: {{ default $svcPort .port }} - {{- end }} - ---- -{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }}-jwks - labels: - {{- include "daps-server.labels" . | nindent 4 }} - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /jwks.json - {{- if .Values.ingress.tls.certMgr.enabled }} - cert-manager.io/issuer: {{ .Values.ingress.tls.certMgr.issuer }} - {{- end }} -spec: - ingressClassName: nginx - rules: - - host: {{ .Values.ingress.host }} - http: - paths: - - path: /.well-known/jwks.json - pathType: Prefix - backend: - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - -{{- end }} diff --git a/charts/umbrella/charts/daps-server/templates/persistentvolumeclaim.yaml b/charts/umbrella/charts/daps-server/templates/persistentvolumeclaim.yaml deleted file mode 100644 index d11f571e..00000000 --- a/charts/umbrella/charts/daps-server/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- if .Values.persistence.enabled -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "daps-server.fullname" . }} -spec: -{{- if .Values.persistence.storageClass }} - storageClassName: {{ .Values.persistence.storageClass }} -{{- end }} - accessModes: - - {{ .Values.persistence.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.persistence.storageSize }} - -{{- end }} diff --git a/charts/umbrella/charts/daps-server/templates/secret.yml b/charts/umbrella/charts/daps-server/templates/secret.yml deleted file mode 100644 index 1610a9a0..00000000 --- a/charts/umbrella/charts/daps-server/templates/secret.yml +++ /dev/null @@ -1,27 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "daps-server.applicationSecret.name" . }} -type: Opaque -stringData: - ClientID: {{ .Values.daps.secret.clientId | default (randAlphaNum 16) }} - ClientSecret: {{ .Values.daps.secret.clientSecret | default (randAlphaNum 16) }} diff --git a/charts/umbrella/charts/daps-server/templates/service.yaml b/charts/umbrella/charts/daps-server/templates/service.yaml deleted file mode 100644 index a92d53bc..00000000 --- a/charts/umbrella/charts/daps-server/templates/service.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "daps-server.fullname" . }} - labels: - {{- include "daps-server.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: TCP - name: http - selector: - {{- include "daps-server.selectorLabels" . | nindent 4 }} diff --git a/charts/umbrella/charts/daps-server/templates/serviceaccount.yaml b/charts/umbrella/charts/daps-server/templates/serviceaccount.yaml deleted file mode 100644 index 57f7665d..00000000 --- a/charts/umbrella/charts/daps-server/templates/serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "daps-server.serviceAccountName" . }} - labels: - {{- include "daps-server.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/umbrella/charts/daps-server/templates/tests/test-connection.yaml b/charts/umbrella/charts/daps-server/templates/tests/test-connection.yaml deleted file mode 100644 index b89545cc..00000000 --- a/charts/umbrella/charts/daps-server/templates/tests/test-connection.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "daps-server.fullname" . }}-test-connection" - labels: - {{- include "daps-server.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "daps-server.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/umbrella/charts/daps-server/values.yaml b/charts/umbrella/charts/daps-server/values.yaml deleted file mode 100644 index 46086701..00000000 --- a/charts/umbrella/charts/daps-server/values.yaml +++ /dev/null @@ -1,151 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -# Default values for daps-server. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# -- DAPS instances count -replicaCount: 1 - -image: - # -- DAPS docker image - repository: "" - # -- Image pull policy - pullPolicy: IfNotPresent - # -- Image tag. Overrides the image tag whose default is the chart appVersion. - tag: "" - -# -- Secret which contains dockerconfig.json from private container registry with daps image -imagePullSecrets: [] - -nameOverride: "" -fullnameOverride: "" - -omejdn: - # -- Path to directory with private server key - serverKeyFolderPath: /opt - # -- Server key content. DAPS will generate key if it's not provided at startup - serverKey: "" - # -- Default user and client will be created if set to `true`. User credentials set in `omejdn.defaultAdminUser` section - createDefaultAdmin: true - # -- Default user credentials in format `user:password` - defaultAdminUser: "admin:admin" - - -serviceAccount: - # -- Specifies whether a service account should be created - create: true - # -- Annotations to add to the service account - annotations: {} - # -- The name of the service account to use. - # -- If not set and create is true, a name is generated using the fullname template - name: "" - - # -- Additional pods annotations -podAnnotations: {} - -# -- Pod security context configuration -podSecurityContext: {} - # fsGroup: 2000 - -# -- Pod security context configuration -securityContext: - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - # -- Service type - type: ClusterIP - # -- Service port - port: 4567 - -ingress: - # -- If set to `true`, DAPS will be exposed with ingress controller at http(s)://(ingress.host)/(ingress.pathPrefix) - enabled: false - # -- Additional ingress annotations - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # -- Ingress host name - host: daps-beta.int.demo.catena-x.net - # -- Path prefix to be added to DAPS URI. Regex can be used - pathPrefix: "/" - # -- Root prefix without regex rules that used to configure daps host name in configuration - rootPath: "/" - tls: - # -- If `true` daps will be exposed with https - enabled: false - - certMgr: - # -- If `true` cert-manager will be used to issue a certificate with ingress.host CN name - enabled: false - # -- Cert-manager issuer name - issuer: "letsencrypt-prod" - -persistence: - # -- If `true` persistent volume will be used to store clients and users configuration - enabled: true - # -- Storage class to claim a volume, defaults to azurefile. - storageClass: "" - # -- Storage accessMode, defaults to ReadWriteOnce. - accessMode: [] - # -- Volume size - storageSize: "2Gi" - -env: - # -- Additional env variables - config: {} - # -- Additional env variables that should be stored in encrypted way - secret: {} - -# -- Pod resources requests and limits configuration -resources: - limits: - cpu: 200m - memory: 300Mi - requests: - cpu: 200m - memory: 300Mi - -# -- DAPS autoscaling configuration -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - # targetCPUUtilizationPercentage: 60 - targetMemoryUtilizationPercentage: 60 - -# -- Node selection configuration -nodeSelector: {} - -# -- Pod toleration settings -tolerations: [] - -# -- Pod affinity configuration -affinity: {} - -daps: - secret: - clientId: "" - clientSecret: "" From 20a37df82e40c2467f84f9fd6bd54fbf1a7a0977 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 14 Jun 2023 10:39:23 +0200 Subject: [PATCH 04/11] chore(helm): update tractusx-connector dependency chart to v0.4.1 --- charts/umbrella/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/umbrella/Chart.yaml b/charts/umbrella/Chart.yaml index 58fe6a47..b7109ec5 100644 --- a/charts/umbrella/Chart.yaml +++ b/charts/umbrella/Chart.yaml @@ -43,12 +43,12 @@ dependencies: # edc consumer - alias: edcconsumer name: tractusx-connector - version: 0.3.0 - # repository: https://catenax-ng.github.io/product-edc + version: 0.4.1 + repository: https://eclipse-tractusx.github.io/charts/dev condition: global.edc.enabled # edc provider - alias: edcprovider name: tractusx-connector - version: 0.3.0 - # repository: https://catenax-ng.github.io/product-edc + version: 0.4.1 + repository: https://eclipse-tractusx.github.io/charts/dev condition: global.edc.enabled From 19b593c5fe915219131bf5378efa1be992d3f9ba Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 14 Jun 2023 10:41:31 +0200 Subject: [PATCH 05/11] chore(helm): remove tractusx-connector chart files --- .../charts/tractusx-connector/.helmignore | 42 -- .../charts/tractusx-connector/Chart.yaml | 35 -- .../charts/tractusx-connector/README.md | 230 -------- .../tractusx-connector/README.md.gotmpl | 25 - .../tractusx-connector/templates/NOTES.txt | 45 -- .../tractusx-connector/templates/_helpers.tpl | 308 ---------- .../templates/configmap-controlplane.yaml | 32 - .../templates/configmap-dataplane.yaml | 32 - .../templates/deployment-controlplane.yaml | 444 -------------- .../templates/deployment-dataplane.yaml | 288 --------- .../templates/hpa-controlplane.yaml | 47 -- .../templates/hpa-dataplane.yaml | 47 -- .../templates/ingress-controlplane.yaml | 96 --- .../templates/ingress-dataplane.yaml | 96 --- .../templates/secret-cacerts.yaml | 32 - .../templates/secret-external-db.yaml | 30 - .../templates/service-controlplane.yaml | 55 -- .../templates/service-dataplane.yaml | 47 -- .../templates/serviceaccount.yaml | 35 -- .../charts/tractusx-connector/values.yaml | 547 ------------------ 20 files changed, 2513 deletions(-) delete mode 100644 charts/umbrella/charts/tractusx-connector/.helmignore delete mode 100644 charts/umbrella/charts/tractusx-connector/Chart.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/README.md delete mode 100644 charts/umbrella/charts/tractusx-connector/README.md.gotmpl delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/NOTES.txt delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/_helpers.tpl delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/configmap-controlplane.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/configmap-dataplane.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/deployment-controlplane.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/deployment-dataplane.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/hpa-controlplane.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/hpa-dataplane.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/ingress-controlplane.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/ingress-dataplane.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/secret-cacerts.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/secret-external-db.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/service-controlplane.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/service-dataplane.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/templates/serviceaccount.yaml delete mode 100644 charts/umbrella/charts/tractusx-connector/values.yaml diff --git a/charts/umbrella/charts/tractusx-connector/.helmignore b/charts/umbrella/charts/tractusx-connector/.helmignore deleted file mode 100644 index 397e107e..00000000 --- a/charts/umbrella/charts/tractusx-connector/.helmignore +++ /dev/null @@ -1,42 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# - -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/umbrella/charts/tractusx-connector/Chart.yaml b/charts/umbrella/charts/tractusx-connector/Chart.yaml deleted file mode 100644 index 66b23ea7..00000000 --- a/charts/umbrella/charts/tractusx-connector/Chart.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: v2 -appVersion: 0.3.0 -description: A Helm chart for Tractus-X Eclipse Data Space Connector -name: tractusx-connector -type: application -version: 0.3.0 -dependencies: - - condition: postgresql.enabled - name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 12.2.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 2.x.x diff --git a/charts/umbrella/charts/tractusx-connector/README.md b/charts/umbrella/charts/tractusx-connector/README.md deleted file mode 100644 index 0624381b..00000000 --- a/charts/umbrella/charts/tractusx-connector/README.md +++ /dev/null @@ -1,230 +0,0 @@ -# tractusx-connector - -![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.3.0](https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square) - -A Helm chart for Tractus-X Eclipse Data Space Connector - -## TL;DR -```shell -$ helm repo add catenax-ng-product-edc https://catenax-ng.github.io/product-edc -$ helm install tractusx-connector catenax-ng-product-edc/tractusx-connector --version 0.3.0 -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| backendService.httpProxyTokenReceiverUrl | string | `""` | | -| controlplane.affinity | object | `{}` | | -| controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | -| controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | -| controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | -| controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| controlplane.debug.enabled | bool | `false` | | -| controlplane.debug.port | int | `1044` | | -| controlplane.debug.suspendOnStart | bool | `false` | | -| controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"data":{"authKey":"","path":"/data","port":8081},"default":{"path":"/api","port":8080},"ids":{"path":"/api/v1/ids","port":8084},"metrics":{"path":"/metrics","port":8085},"validation":{"path":"/validation","port":8082}}` | endpoints of the control plane | -| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | -| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | -| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls | -| controlplane.endpoints.data | object | `{"authKey":"","path":"/data","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | -| controlplane.endpoints.data.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header | -| controlplane.endpoints.data.path | string | `"/data"` | path for incoming api calls | -| controlplane.endpoints.data.port | int | `8081` | port for incoming api calls | -| controlplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | -| controlplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | -| controlplane.endpoints.default.port | int | `8080` | port for incoming api calls | -| controlplane.endpoints.ids | object | `{"path":"/api/v1/ids","port":8084}` | ids api, used for inter connector communication and must be internet facing | -| controlplane.endpoints.ids.path | string | `"/api/v1/ids"` | path for incoming api calls | -| controlplane.endpoints.ids.port | int | `8084` | port for incoming api calls | -| controlplane.endpoints.metrics | object | `{"path":"/metrics","port":8085}` | metrics api, used for application metrics, must not be internet facing | -| controlplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | -| controlplane.endpoints.metrics.port | int | `8085` | port for incoming api calls | -| controlplane.endpoints.validation | object | `{"path":"/validation","port":8082}` | validation api, only used by the data plane and should not be added to any ingress | -| controlplane.endpoints.validation.path | string | `"/validation"` | path for incoming api calls | -| controlplane.endpoints.validation.port | int | `8082` | port for incoming api calls | -| controlplane.env | object | `{}` | | -| controlplane.envConfigMapNames | list | `[]` | | -| controlplane.envSecretNames | list | `[]` | | -| controlplane.envValueFrom | object | `{}` | | -| controlplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| controlplane.image.repository | string | `""` | Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically | -| controlplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[0].enabled | bool | `false` | | -| controlplane.ingresses[0].endpoints | list | `["ids"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[1].enabled | bool | `false` | | -| controlplane.ingresses[1].endpoints | list | `["data","control"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.initContainers | list | `[]` | | -| controlplane.internationalDataSpaces.catalogId | string | `"TXDC-Catalog"` | | -| controlplane.internationalDataSpaces.curator | string | `""` | | -| controlplane.internationalDataSpaces.description | string | `"Tractus-X Eclipse IDS Data Space Connector"` | | -| controlplane.internationalDataSpaces.id | string | `"TXDC"` | | -| controlplane.internationalDataSpaces.maintainer | string | `""` | | -| controlplane.internationalDataSpaces.title | string | `""` | | -| controlplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| controlplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| controlplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | -| controlplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| controlplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| controlplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| controlplane.logging | string | `".level=INFO\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| controlplane.nodeSelector | object | `{}` | | -| controlplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | -| controlplane.podAnnotations | object | `{}` | additional annotations for the pod | -| controlplane.podLabels | object | `{}` | additional labels for the pod | -| controlplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| controlplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| controlplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| controlplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| controlplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| controlplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| controlplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| controlplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | -| controlplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a readiness check every 10 seconds | -| controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| controlplane.replicaCount | int | `1` | | -| controlplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | -| controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| controlplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| controlplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| controlplane.service.annotations | object | `{}` | | -| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| controlplane.tolerations | list | `[]` | | -| controlplane.url.ids | string | `""` | Explicitly declared url for reaching the ids api (e.g. if ingresses not used) | -| controlplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | -| controlplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| customLabels | object | `{}` | | -| daps.clientId | string | `""` | | -| daps.paths.jwks | string | `"/jwks.json"` | | -| daps.paths.token | string | `"/token"` | | -| daps.url | string | `""` | | -| dataplane.affinity | object | `{}` | | -| dataplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| dataplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | -| dataplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | -| dataplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | -| dataplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| dataplane.aws.accessKeyId | string | `""` | | -| dataplane.aws.endpointOverride | string | `""` | | -| dataplane.aws.secretAccessKey | string | `""` | | -| dataplane.debug.enabled | bool | `false` | | -| dataplane.debug.port | int | `1044` | | -| dataplane.debug.suspendOnStart | bool | `false` | | -| dataplane.endpoints.control.path | string | `"/api/dataplane/control"` | | -| dataplane.endpoints.control.port | int | `8083` | | -| dataplane.endpoints.default.path | string | `"/api"` | | -| dataplane.endpoints.default.port | int | `8080` | | -| dataplane.endpoints.metrics.path | string | `"/metrics"` | | -| dataplane.endpoints.metrics.port | int | `8084` | | -| dataplane.endpoints.public.path | string | `"/api/public"` | | -| dataplane.endpoints.public.port | int | `8081` | | -| dataplane.endpoints.validation.path | string | `"/validation"` | | -| dataplane.endpoints.validation.port | int | `8082` | | -| dataplane.env | object | `{}` | | -| dataplane.envConfigMapNames | list | `[]` | | -| dataplane.envSecretNames | list | `[]` | | -| dataplane.envValueFrom | object | `{}` | | -| dataplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| dataplane.image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | -| dataplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| dataplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | -| dataplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| dataplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| dataplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| dataplane.ingresses[0].enabled | bool | `false` | | -| dataplane.ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource | -| dataplane.ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| dataplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| dataplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| dataplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| dataplane.initContainers | list | `[]` | | -| dataplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| dataplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| dataplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | -| dataplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| dataplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| dataplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| dataplane.logging | string | `".level=INFO\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| dataplane.nodeSelector | object | `{}` | | -| dataplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | -| dataplane.podAnnotations | object | `{}` | additional annotations for the pod | -| dataplane.podLabels | object | `{}` | additional labels for the pod | -| dataplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| dataplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| dataplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| dataplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| dataplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| dataplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| dataplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| dataplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | -| dataplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| dataplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| dataplane.replicaCount | int | `1` | | -| dataplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | -| dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| dataplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| dataplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| dataplane.service.port | int | `80` | | -| dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| dataplane.tolerations | list | `[]` | | -| dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | -| dataplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | -| dataplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| fullnameOverride | string | `""` | | -| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| nameOverride | string | `""` | | -| postgresql.enabled | bool | `false` | | -| postgresql.jdbcUrl | string | `""` | | -| postgresql.password | string | `""` | | -| postgresql.username | string | `""` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| serviceAccount.name | string | `""` | | -| vault.azure.certificate | string | `""` | | -| vault.azure.client | string | `""` | | -| vault.azure.enabled | bool | `false` | | -| vault.azure.name | string | `""` | | -| vault.azure.secret | string | `""` | | -| vault.azure.tenant | string | `""` | | -| vault.hashicorp.enabled | bool | `false` | | -| vault.hashicorp.healthCheck.enabled | bool | `true` | | -| vault.hashicorp.healthCheck.standbyOk | bool | `true` | | -| vault.hashicorp.paths.health | string | `"/v1/sys/health"` | | -| vault.hashicorp.paths.secret | string | `"/v1/secret"` | | -| vault.hashicorp.timeout | int | `30` | | -| vault.hashicorp.token | string | `""` | | -| vault.hashicorp.url | string | `""` | | -| vault.secretNames.dapsPrivateKey | string | `"daps-private-key"` | | -| vault.secretNames.dapsPublicKey | string | `"daps-public-key"` | | -| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `"transfer-proxy-token-encryption-aes-key"` | | -| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `"transfer-proxy-token-signer-private-key"` | | -| vault.secretNames.transferProxyTokenSignerPublicKey | string | `"transfer-proxy-token-signer-public-key"` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/umbrella/charts/tractusx-connector/README.md.gotmpl b/charts/umbrella/charts/tractusx-connector/README.md.gotmpl deleted file mode 100644 index 47ef1575..00000000 --- a/charts/umbrella/charts/tractusx-connector/README.md.gotmpl +++ /dev/null @@ -1,25 +0,0 @@ -{{ template "chart.header" . }} - -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.badgesSection" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -## TL;DR -```shell -$ helm repo add catenax-ng-product-edc https://catenax-ng.github.io/product-edc -$ helm install tractusx-connector catenax-ng-product-edc/tractusx-connector --version {{ .Version }} -``` - -{{ template "chart.maintainersSection" . }} - -{{ template "chart.sourcesSection" . }} - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.valuesSection" . }} - -{{ template "helm-docs.versionFooter" . }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/NOTES.txt b/charts/umbrella/charts/tractusx-connector/templates/NOTES.txt deleted file mode 100644 index 254cf9c6..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/NOTES.txt +++ /dev/null @@ -1,45 +0,0 @@ -1. Get the control plane URL by running these commands: -{{ with index .Values.controlplane.ingresses 0}} -{{- if .enabled }} -{{- range .paths }} - http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} -{{- end }} -{{- else if contains "NodePort" $.Values.controlplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}) - export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" $.Values.controlplane.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "txdc.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ $.Values.controlplane.service.port }} -{{- else if contains "ClusterIP" $.Values.controlplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }},app.kubernetes.io/instance={{ $.Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} -{{- end }} - -2. Get the data plane URL by running these commands: -{{ with index .Values.controlplane.ingresses 0}} -{{- if .enabled }} -{{- range .paths }} - http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} -{{- end }} -{{- else if contains "NodePort" $.Values.dataplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}) - export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" $.Values.dataplane.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txdc.fullname" $ }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" $ }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" $.Values.dataplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }},app.kubernetes.io/instance={{ $.Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} -{{- end }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/_helpers.tpl b/charts/umbrella/charts/tractusx-connector/templates/_helpers.tpl deleted file mode 100644 index 8b707f78..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/_helpers.tpl +++ /dev/null @@ -1,308 +0,0 @@ -{{/* -***************************************************************************** -* Copyright (c) 2023 Contributors to the Eclipse Foundation -* -* See the NOTICE file(s) distributed with this work for additional -* information regarding copyright ownership. -* -* This program and the accompanying materials are made available under the -* terms of the Apache License, Version 2.0 which is available at -* https://www.apache.org/licenses/LICENSE-2.0. -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -* License for the specific language governing permissions and limitations -* under the License. -* -* SPDX-License-Identifier: Apache-2.0 -***************************************************************************** -*/}} - - -{{/* -Expand the name of the chart. -*/}} -{{- define "txdc.name" -}} -{{- default .Chart.Name .Values.nameOverride | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "txdc.postgresql.fullname" -}} -{{- include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) -}} -{{- end -}} - - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "txdc.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "txdc.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Control Common labels -*/}} -{{- define "txdc.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Control Common labels -*/}} -{{- define "txdc.controlplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{ include "txdc.controlplane.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: edc-controlplane -app.kubernetes.io/part-of: edc -{{- end }} - -{{/* -Data Common labels -*/}} -{{- define "txdc.dataplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{ include "txdc.dataplane.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: edc-dataplane -app.kubernetes.io/part-of: edc -{{- end }} - -{{/* -Control Selector labels -*/}} -{{- define "txdc.controlplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" . }}-controlplane -app.kubernetes.io/instance: {{ .Release.Name }}-controlplane -{{- end }} - -{{/* -Data Selector labels -*/}} -{{- define "txdc.dataplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" . }}-dataplane -app.kubernetes.io/instance: {{ .Release.Name }}-dataplane -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.controlplane.serviceaccount.name" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.dataplane.serviceaccount.name" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Control IDS URL -*/}} -{{- define "txdc.controlplane.url.ids" -}} -{{- if .Values.controlplane.url.ids }}{{/* if ids api url has been specified explicitly */}} -{{- .Values.controlplane.url.ids }} -{{- else }}{{/* else when ids api url has not been specified explicitly */}} -{{- with (index .Values.controlplane.ingresses 0) }} -{{- if .enabled }}{{/* if ingress enabled */}} -{{- if .tls.enabled }}{{/* if TLS enabled */}} -{{- printf "https://%s" ( tpl .hostname $ ) -}} -{{- else }}{{/* else when TLS not enabled */}} -{{- printf "http://%s" ( tpl .hostname $ ) -}} -{{- end }}{{/* end if tls */}} -{{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-controlplane:%v" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.ids.port -}} -{{- end }}{{/* end if ingress */}} -{{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .Values.controlplane.url.ids */}} -{{- end }} - -{{/* -Control IDS URL -*/}} -{{- define "txdc.controlplane.url.validation" -}} -{{- printf "http://%s-controlplane:%v%s/token" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.validation.port $.Values.controlplane.endpoints.validation.path -}} -{{- end }} - -{{/* -Data Control URL -*/}} -{{- define "txdc.dataplane.url.control" -}} -{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) .Values.dataplane.endpoints.control.port .Values.dataplane.endpoints.control.path -}} -{{- end }} - -{{/* -Data Public URL -*/}} -{{- define "txdc.dataplane.url.public" -}} -{{- if .Values.dataplane.url.public }}{{/* if public api url has been specified explicitly */}} -{{- .Values.dataplane.url.public }} -{{- else }}{{/* else when public api url has not been specified explicitly */}} -{{- with (index .Values.dataplane.ingresses 0) }} -{{- if .enabled }}{{/* if ingress enabled */}} -{{- if .tls.enabled }}{{/* if TLS enabled */}} -{{- printf "https://%s%s" ( tpl .hostname $ ) $.Values.dataplane.endpoints.public.path -}} -{{- else }}{{/* else when TLS not enabled */}} -{{- printf "http://%s%s" ( tpl .hostname $ ) $.Values.dataplane.endpoints.public.path -}} -{{- end }}{{/* end if tls */}} -{{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" $ ) $.Values.dataplane.endpoints.public.port $.Values.dataplane.endpoints.public.path -}} -{{- end }}{{/* end if ingress */}} -{{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .Values.dataplane.url.public */}} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Return the Database hostname -*/}} -{{- define "txdc.databaseHost" -}} -{{- if eq .Values.postgresql.architecture "replication" }} -{{- ternary (include "txdc.postgresql.fullname" .) .Values.externalDatabase.host .Values.postgresql.enabled -}}-primary -{{- else -}} -{{- ternary (include "txdc.postgresql.fullname" .) .Values.externalDatabase.host .Values.postgresql.enabled -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Database port -*/}} -{{- define "txdc.databasePort" -}} -{{- ternary "5432" .Values.externalDatabase.port .Values.postgresql.enabled -}} -{{- end -}} - -{{/* -Return the Database database name -*/}} -{{- define "txdc.databaseName" -}} -{{- if .Values.postgresql.enabled }} - {{- if .Values.global.postgresql }} - {{- if .Values.global.postgresql.auth }} - {{- coalesce .Values.global.postgresql.auth.database .Values.postgresql.auth.database -}} - {{- else -}} - {{- .Values.postgresql.auth.database -}} - {{- end -}} - {{- else -}} - {{- .Values.postgresql.auth.database -}} - {{- end -}} -{{- else -}} - {{- .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Database user -*/}} -{{- define "txdc.databaseUser" -}} -{{- if .Values.postgresql.enabled -}} - {{- if .Values.global.postgresql -}} - {{- if .Values.global.postgresql.auth -}} - {{- coalesce .Values.global.postgresql.auth.username .Values.postgresql.auth.username -}} - {{- else -}} - {{- .Values.postgresql.auth.username -}} - {{- end -}} - {{- else -}} - {{- .Values.postgresql.auth.username -}} - {{- end -}} -{{- else -}} - {{- .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Database encrypted password -*/}} -{{- define "txdc.databaseSecretName" -}} -{{- if .Values.postgresql.enabled -}} - {{- if .Values.global.postgresql -}} - {{- if .Values.global.postgresql.auth -}} - {{- if .Values.global.postgresql.auth.existingSecret -}} - {{- tpl .Values.global.postgresql.auth.existingSecret $ -}} - {{- else -}} - {{- default (include "txdc.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}} - {{- end -}} - {{- else -}} - {{- default (include "txdc.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}} - {{- end -}} - {{- else -}} - {{- default (include "txdc.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}} - {{- end -}} -{{- else -}} - {{- default (printf "%s-externaldb" (include "txdc.fullname" .)) (tpl .Values.externalDatabase.existingSecret $) -}} -{{- end -}} -{{- end -}} - -{{- define "txdc.databaseSecretKey" -}} -{{- if .Values.postgresql.enabled -}} - {{- print "password" -}} -{{- else -}} - {{- if .Values.externalDatabase.existingSecret -}} - {{- if .Values.externalDatabase.existingSecretPasswordKey -}} - {{- printf "%s" .Values.externalDatabase.existingSecretPasswordKey -}} - {{- else -}} - {{- print "db-password" -}} - {{- end -}} - {{- else -}} - {{- print "db-password" -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the PostgreSQL jdbcUrl -*/}} -{{- define "txdc.jdbcUrl" -}} -{{- printf "jdbc:postgresql://%s:%s/%s" (include "txdc.databaseHost" .) (include "txdc.databasePort" .) (include "txdc.databaseName" .) -}} -{{- end -}} diff --git a/charts/umbrella/charts/tractusx-connector/templates/configmap-controlplane.yaml b/charts/umbrella/charts/tractusx-connector/templates/configmap-controlplane.yaml deleted file mode 100644 index b30b5738..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/configmap-controlplane.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -data: - opentelemetry.properties: |- - {{- .Values.controlplane.opentelemetry | nindent 4 }} - - logging.properties: |- - {{- .Values.controlplane.logging | nindent 4 }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/configmap-dataplane.yaml b/charts/umbrella/charts/tractusx-connector/templates/configmap-dataplane.yaml deleted file mode 100644 index 309ffbd5..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/configmap-dataplane.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "txdc.fullname" . }}-dataplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.dataplane.labels" . | nindent 4 }} -data: - opentelemetry.properties: |- - {{- .Values.dataplane.opentelemetry | nindent 4 }} - - logging.properties: |- - {{- .Values.dataplane.logging | nindent 4 }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/deployment-controlplane.yaml b/charts/umbrella/charts/tractusx-connector/templates/deployment-controlplane.yaml deleted file mode 100644 index 37ff55f2..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/deployment-controlplane.yaml +++ /dev/null @@ -1,444 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - {{- if not .Values.controlplane.autoscaling.enabled }} - replicas: {{ .Values.controlplane.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "txdc.controlplane.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.controlplane.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "txdc.controlplane.selectorLabels" . | nindent 8 }} - {{- with .Values.controlplane.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }} - initContainers: - {{- if .Values.cacerts }} - - name: "init-castore" - {{- if .Values.controlplane.image.repository }} - image: "{{ .Values.controlplane.image.repository }}:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else if and (or .Values.postgresql.enabled .Values.externalDatabase.enabled) .Values.vault.hashicorp.enabled }} - image: "ghcr.io/catenax-ng/product-edc/edc-controlplane-postgresql-hashicorp-vault:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else if and (or .Values.postgresql.enabled .Values.externalDatabase.enabled) .Values.vault.azure.enabled }} - image: "ghcr.io/catenax-ng/product-edc/edc-controlplane-postgresql-vault:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else if .Values.vault.hashicorp.enabled }} - image: "ghcr.io/catenax-ng/product-edc/edc-controlplane-memory-hashicorp-vault:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else if .Values.vault.azure.enabled }} - image: "ghcr.io/catenax-ng/product-edc/edc-controlplane-memory:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else }} - {{- fail "cannot choose control-plane image automatically based on configuration" }} - {{- end }} - volumeMounts: - - name: castore - mountPath: /workdir - - name: cacerts - mountPath: /cacerts - command: - - /bin/sh - - -c - - | - cp /etc/ssl/certs/java/cacerts /workdir/ - chmod ug+w /workdir/cacerts - find /cacerts -type f \( -iname \*.crt -o -iname \*.pem \) -exec echo "{}" \; | while read PEM_FILE_PATH; do - PEM_FILE=${PEM_FILE_PATH##*/} - ALIAS=${PEM_FILE%.*} - echo "[info] - adding ${PEM_FILE} with alias ${ALIAS} to cacerts ..." - keytool -import -noprompt -trustcacerts -alias ${ALIAS} -file ${PEM_FILE_PATH} -keystore /workdir/cacerts -storepass changeit - done - {{- end }} - {{- with .Values.controlplane.initContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.controlplane.securityContext | nindent 12 }} - {{- if .Values.controlplane.image.repository }} - image: "{{ .Values.controlplane.image.repository }}:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else if and (or .Values.postgresql.enabled .Values.externalDatabase.enabled) .Values.vault.hashicorp.enabled }} - image: "ghcr.io/catenax-ng/product-edc/edc-controlplane-postgresql-hashicorp-vault:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else if and (or .Values.postgresql.enabled .Values.externalDatabase.enabled) .Values.vault.azure.enabled }} - image: "ghcr.io/catenax-ng/product-edc/edc-controlplane-postgresql-vault:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else if .Values.vault.hashicorp.enabled }} - image: "ghcr.io/catenax-ng/product-edc/edc-controlplane-memory-hashicorp-vault:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else if .Values.vault.azure.enabled }} - image: "ghcr.io/catenax-ng/product-edc/edc-controlplane-memory:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else }} - {{- fail "cannot choose control-plane image automatically based on configuration" }} - {{- end }} - imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }} - ports: - {{- range $key,$value := .Values.controlplane.endpoints }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: TCP - {{- end }} - {{- if .Values.controlplane.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.controlplane.endpoints.default.path }}/check/liveness - port: {{ .Values.controlplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.controlplane.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controlplane.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controlplane.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.controlplane.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.controlplane.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.controlplane.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.controlplane.endpoints.default.path }}/check/readiness - port: {{ .Values.controlplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.controlplane.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controlplane.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controlplane.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.controlplane.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.controlplane.readinessProbe.successThreshold }} - {{- end }} - resources: - {{- toYaml .Values.controlplane.resources | nindent 12 }} - env: - {{- if .Values.controlplane.debug.enabled }} - - name: "JAVA_TOOL_OPTIONS" - {{- if and .Values.controlplane.debug.enabled .Values.controlplane.debug.suspendOnStart }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.controlplane.debug.port }} - {{- else }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.controlplane.debug.port }} - {{- end }} - {{- end }} - - ######################## - ## DAPS CONFIGURATION ## - ######################## - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/iam/oauth2/oauth2-core - - name: EDC_OAUTH_CLIENT_ID - value: {{ .Values.daps.clientId | required ".Values.daps.clientId is required" | quote }} - - name: EDC_OAUTH_PROVIDER_JWKS_URL - value: {{ printf "%s%s" ( tpl .Values.daps.url . ) .Values.daps.paths.jwks }} - - name: EDC_OAUTH_TOKEN_URL - value: {{ printf "%s%s" ( tpl .Values.daps.url . ) .Values.daps.paths.token }} - - name: EDC_OAUTH_PRIVATE_KEY_ALIAS - value: {{ .Values.vault.secretNames.dapsPrivateKey | required ".Values.vault.secretNames.dapsPrivateKey is required" | quote }} - - name: EDC_OAUTH_PUBLIC_KEY_ALIAS - value: {{ .Values.vault.secretNames.dapsPublicKey | required ".Values.vault.secretNames.dapsPublicKey is required" | quote }} - - ####### - # API # - ####### - - name: "EDC_API_AUTH_KEY" - value: {{ .Values.controlplane.endpoints.data.authKey | required ".Values.controlplane.endpoints.data.authKey is required" | quote }} - - name: "WEB_HTTP_DEFAULT_PORT" - value: {{ .Values.controlplane.endpoints.default.port | quote }} - - name: "WEB_HTTP_DEFAULT_PATH" - value: {{ .Values.controlplane.endpoints.default.path | quote }} - {{- if or (eq (substr 0 3 .Values.controlplane.image.tag) "0.1") (eq (substr 0 3 .Values.controlplane.image.tag) "0.2") }} - # WEB_HTTP_DATA_PORT is renamed to WEB_HTTP_MANAGEMENT_PORT from version 0.2.1 and newer - # we will keep both settings for downward capabilities - - name: "WEB_HTTP_DATA_PORT" - value: {{ .Values.controlplane.endpoints.data.port | quote }} - # WEB_HTTP_DATA_PATH is renamed to WEB_HTTP_MANAGEMENT_PATH from version 0.2.1 and newer - # we will keep both settings for downward capabilities - - name: "WEB_HTTP_DATA_PATH" - value: {{ .Values.controlplane.endpoints.data.path | quote }} - {{- else }} - - name: "WEB_HTTP_MANAGEMENT_PORT" - value: {{ .Values.controlplane.endpoints.data.port | quote }} - - name: "WEB_HTTP_MANAGEMENT_PATH" - value: {{ .Values.controlplane.endpoints.data.path | quote }} - {{- end }} - - name: "WEB_HTTP_VALIDATION_PORT" - value: {{ .Values.controlplane.endpoints.validation.port | quote }} - - name: "WEB_HTTP_VALIDATION_PATH" - value: {{ .Values.controlplane.endpoints.validation.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ .Values.controlplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ .Values.controlplane.endpoints.control.path | quote }} - - name: "WEB_HTTP_IDS_PORT" - value: {{ .Values.controlplane.endpoints.ids.port | quote }} - - name: "WEB_HTTP_IDS_PATH" - value: {{ .Values.controlplane.endpoints.ids.path | quote }} - - ######### - ## IDS ## - ######### - - name: "IDS_WEBHOOK_ADDRESS" - value: {{ include "txdc.controlplane.url.ids" . | quote }} - - name: "EDC_IDS_ENDPOINT" - value: {{ printf "%s%s" (include "txdc.controlplane.url.ids" .) .Values.controlplane.endpoints.ids.path | quote }} - - name: "EDC_IDS_ID" - value: {{ printf "urn:connector:%s" (lower .Values.controlplane.internationalDataSpaces.id) | quote }} - - name: "EDC_IDS_DESCRIPTION" - value: {{ .Values.controlplane.internationalDataSpaces.description | quote }} - - name: "EDC_IDS_TITLE" - value: {{ .Values.controlplane.internationalDataSpaces.title | quote }} - - name: "EDC_IDS_MAINTAINER" - value: {{ .Values.controlplane.internationalDataSpaces.maintainer | quote }} - - name: "EDC_IDS_CURATOR" - value: {{ .Values.controlplane.internationalDataSpaces.curator | quote }} - - name: "EDC_IDS_CATALOG_ID" - value: {{ printf "urn:catalog:%s" (lower .Values.controlplane.internationalDataSpaces.catalogId) | quote }} - - name: "EDC_OAUTH_PROVIDER_AUDIENCE" - value: "idsc:IDS_CONNECTORS_ALL" - - name: "EDC_OAUTH_ENDPOINT_AUDIENCE" - value: {{ printf "%s%s%s" (include "txdc.controlplane.url.ids" . ) .Values.controlplane.endpoints.ids.path "/data" | quote }} - # this is the old setting name for 'EDC_OAUTH_ENDPOINT_AUDIENCE' and is mandatory for Produce EDC v0.1.2 and older - - name: "EDC_IDS_ENDPOINT_AUDIENCE" - value: {{ printf "%s%s%s" (include "txdc.controlplane.url.ids" . ) .Values.controlplane.endpoints.ids.path "/data" | quote }} - - {{- if or .Values.postgresql.enabled .Values.externalDatabase.enabled }} - - ################ - ## POSTGRESQL ## - ################ - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/asset-index-sql - - name: "EDC_DATASOURCE_ASSET_NAME" - value: "asset" - - name: "EDC_DATASOURCE_ASSET_USER" - value: {{ include "txdc.databaseUser" . | quote }} - - name: "EDC_DATASOURCE_ASSET_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ include "txdc.databaseSecretName" . }} - key: {{ include "txdc.databaseSecretKey" . }} - - name: "EDC_DATASOURCE_ASSET_URL" - value: {{ include "txdc.jdbcUrl" . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-definition-store-sql - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_NAME" - value: "contractdefinition" - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_USER" - value: {{ include "txdc.databaseUser" . | quote }} - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ include "txdc.databaseSecretName" . }} - key: {{ include "txdc.databaseSecretKey" . }} - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_URL" - value: {{ include "txdc.jdbcUrl" . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-negotiation-store-sql - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_NAME" - value: "contractnegotiation" - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_USER" - value: {{ include "txdc.databaseUser" . | quote }} - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ include "txdc.databaseSecretName" . }} - key: {{ include "txdc.databaseSecretKey" . }} - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_URL" - value: {{ include "txdc.jdbcUrl" . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/policy-store-sql - - name: "EDC_DATASOURCE_POLICY_NAME" - value: "policy" - - name: "EDC_DATASOURCE_POLICY_USER" - value: {{ include "txdc.databaseUser" . | quote }} - - name: "EDC_DATASOURCE_POLICY_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ include "txdc.databaseSecretName" . }} - key: {{ include "txdc.databaseSecretKey" . }} - - name: "EDC_DATASOURCE_POLICY_URL" - value: {{ include "txdc.jdbcUrl" . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/transfer-process-store-sql - - name: "EDC_DATASOURCE_TRANSFERPROCESS_NAME" - value: "transferprocess" - - name: "EDC_DATASOURCE_TRANSFERPROCESS_USER" - value: {{ include "txdc.databaseUser" . | quote }} - - name: "EDC_DATASOURCE_TRANSFERPROCESS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ include "txdc.databaseSecretName" . }} - key: {{ include "txdc.databaseSecretKey" . }} - - name: "EDC_DATASOURCE_TRANSFERPROCESS_URL" - value: {{ include "txdc.jdbcUrl" . | quote }} - {{- end }} - - ################ - ## DATA PLANE ## - ################ - - # see extension https://github.com/catenax-ng/product-edc/tree/develop/edc-extensions/dataplane-selector-configuration - - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_URL" - value: {{ include "txdc.dataplane.url.control" . }}/transfer - - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_SOURCETYPES" - value: "HttpData,AmazonS3" - - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_DESTINATIONTYPES" - value: "HttpProxy,AmazonS3" - - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_PROPERTIES" - value: |- - {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" . ) }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer - - name: "EDC_TRANSFER_PROXY_ENDPOINT" - value: {{ include "txdc.dataplane.url.public" . }} - - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }} - - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/http-receiver - - - name: "EDC_RECEIVER_HTTP_ENDPOINT" - value: {{ .Values.backendService.httpProxyTokenReceiverUrl | required ".Values.backendService.httpProxyTokenReceiverUrl is required" | quote }} - - ########### - ## VAULT ## - ########### - - {{- if .Values.vault.hashicorp.enabled }} - # see extension https://github.com/catenax-ng/product-edc/tree/develop/edc-extensions/hashicorp-vault - - name: "EDC_VAULT_HASHICORP_URL" - value: {{ tpl .Values.vault.hashicorp.url . | required ".Values.vault.hashicorp.url is required" | quote }} - - name: "EDC_VAULT_HASHICORP_TOKEN" - value: {{ .Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }} - - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS" - value: {{ .Values.vault.hashicorp.timeout | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED" - value: {{ .Values.vault.hashicorp.healthCheck.enabled | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK" - value: {{ .Values.vault.hashicorp.healthCheck.standbyOk | quote }} - - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH" - value: {{ .Values.vault.hashicorp.paths.secret | quote }} - - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" - value: {{ .Values.vault.hashicorp.paths.health | quote }} - {{- end }} - - {{- if .Values.vault.azure.enabled }} - - name: "EDC_VAULT_CLIENTID" - value: {{ .Values.vault.azure.client | required ".Values.vault.azure.client is required" | quote }} - - name: "EDC_VAULT_TENANTID" - value: {{ .Values.vault.azure.tenant | required ".Values.vault.azure.tenant is required" | quote }} - - name: "EDC_VAULT_NAME" - value: {{ .Values.vault.azure.name | required ".Values.vault.azure.name is required" | quote }} - - name: "EDC_VAULT_CLIENTSECRET" - value: {{ .Values.vault.azure.secret | required ".Values.vault.azure.secret is required" | quote }} - - name: "EDC_VAULT_CERTIFICATE" - value: {{ .Values.vault.azure.certificate | required ".Values.vault.azure.certificate is required" | quote }} - {{- end }} - - ##################### - ## DATA ENCRYPTION ## - ##################### - - # see extension https://github.com/catenax-ng/product-edc/tree/develop/edc-extensions/data-encryption - - name: "EDC_DATA_ENCRYPTION_KEYS_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenEncryptionAesKey | quote }} - - name: "EDC_DATA_ENCRYPTION_ALGORITHM" - value: "AES" - - ###################################### - ## Additional environment variables ## - ###################################### - {{- range $key, $value := .Values.controlplane.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 16 }} - {{- end }} - {{- range $key, $value := .Values.controlplane.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if and (or .Values.controlplane.envSecretNames .Values.controlplane.envConfigMapNames) (or (gt (len .Values.controlplane.envSecretNames) 0) (gt (len .Values.controlplane.envConfigMapNames) 0)) }} - envFrom: - {{- range $value := .Values.controlplane.envSecretNames }} - - secretRef: - name: {{ $value | quote }} - {{- end }} - {{- range $value := .Values.controlplane.envConfigMapNames }} - - configMapRef: - name: {{ $value | quote }} - {{- end }} - {{- end }} - volumeMounts: - - name: "configuration" - mountPath: "/app/opentelemetry.properties" - subPath: "opentelemetry.properties" - - name: "configuration" - mountPath: "/app/logging.properties" - subPath: "logging.properties" - {{- if .Values.cacerts }} - - name: castore - mountPath: /etc/ssl/certs/java/cacerts - subPath: cacerts - {{- end }} - {{- with .Values.controlplane.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: "configuration" - configMap: - name: {{ include "txdc.fullname" . }}-controlplane - items: - - key: "opentelemetry.properties" - path: "opentelemetry.properties" - - key: "logging.properties" - path: "logging.properties" - {{- if .Values.cacerts }} - - name: castore - emptyDir: - sizeLimit: 5Mi - - name: cacerts - secret: - secretName: {{ include "txdc.fullname" . }}-cacerts - defaultMode: 0400 - {{- end }} - {{- with .Values.controlplane.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/deployment-dataplane.yaml b/charts/umbrella/charts/tractusx-connector/templates/deployment-dataplane.yaml deleted file mode 100644 index a43974d0..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/deployment-dataplane.yaml +++ /dev/null @@ -1,288 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "txdc.fullname" . }}-dataplane - labels: - {{- include "txdc.dataplane.labels" . | nindent 4 }} -spec: - {{- if not .Values.dataplane.autoscaling.enabled }} - replicas: {{ .Values.dataplane.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "txdc.dataplane.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.dataplane.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "txdc.dataplane.selectorLabels" . | nindent 8 }} - {{- with .Values.dataplane.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.dataplane.podSecurityContext | nindent 8 }} - initContainers: - {{- if .Values.cacerts }} - - name: "init-castore" - {{- if .Values.dataplane.image.repository }} - image: "{{ .Values.dataplane.image.repository }}:{{ .Values.dataplane.image.tag | default .Chart.AppVersion }}" - {{- else if and .Values.vault.hashicorp }} - image: "ghcr.io/catenax-ng/product-edc/edc-dataplane-hashicorp-vault:{{ .Values.dataplane.image.tag | default .Chart.AppVersion }}" - {{- else if .Values.vault.azure }} - image: "ghcr.io/catenax-ng/product-edc/edc-dataplane-azure-vault:{{ .Values.dataplane.image.tag | default .Chart.AppVersion }}" - {{- else }} - {{- fail "cannot choose data-plane image automatically based on configuration" }} - {{- end }} - volumeMounts: - - name: castore - mountPath: /workdir - - name: cacerts - mountPath: /cacerts - command: - - /bin/sh - - -c - - | - cp /etc/ssl/certs/java/cacerts /workdir/ - chmod ug+w /workdir/cacerts - find /cacerts -type f \( -iname \*.crt -o -iname \*.pem \) -exec echo "{}" \; | while read PEM_FILE_PATH; do - PEM_FILE=${PEM_FILE_PATH##*/} - ALIAS=${PEM_FILE%.*} - echo "[info] - adding ${PEM_FILE} with alias ${ALIAS} to cacerts ..." - keytool -import -noprompt -trustcacerts -alias ${ALIAS} -file ${PEM_FILE_PATH} -keystore /workdir/cacerts -storepass changeit - done - {{- end }} - {{- with .Values.dataplane.initContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.dataplane.securityContext | nindent 12 }} - {{- if .Values.dataplane.image.repository }} - image: "{{ .Values.dataplane.image.repository }}:{{ .Values.dataplane.image.tag | default .Chart.AppVersion }}" - {{- else if and .Values.vault.hashicorp }} - image: "ghcr.io/catenax-ng/product-edc/edc-dataplane-hashicorp-vault:{{ .Values.dataplane.image.tag | default .Chart.AppVersion }}" - {{- else if .Values.vault.azure }} - image: "ghcr.io/catenax-ng/product-edc/edc-dataplane-azure-vault:{{ .Values.dataplane.image.tag | default .Chart.AppVersion }}" - {{- else }} - {{- fail "cannot choose data-plane image automatically based on configuration" }} - {{- end }} - imagePullPolicy: {{ .Values.dataplane.image.pullPolicy }} - ports: - {{- range $key,$value := .Values.dataplane.endpoints }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: TCP - {{- end }} - {{- if .Values.dataplane.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.dataplane.endpoints.default.path }}/check/liveness - port: {{ .Values.dataplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.dataplane.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplane.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplane.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplane.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplane.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.dataplane.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.dataplane.endpoints.default.path }}/check/readiness - port: {{ .Values.dataplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.dataplane.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplane.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplane.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplane.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplane.readinessProbe.successThreshold }} - {{- end }} - resources: - {{- toYaml .Values.dataplane.resources | nindent 12 }} - env: - {{- if .Values.dataplane.debug.enabled }} - - name: "JAVA_TOOL_OPTIONS" - {{- if and .Values.dataplane.debug.enabled .Values.dataplane.debug.suspendOnStart }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.dataplane.debug.port }} - {{- else }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.dataplane.debug.port }} - {{- end }} - {{- end }} - - ####### - # API # - ####### - - name: "WEB_HTTP_DEFAULT_PORT" - value: {{ .Values.dataplane.endpoints.default.port | quote }} - - name: "WEB_HTTP_DEFAULT_PATH" - value: {{ .Values.dataplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ .Values.dataplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ .Values.dataplane.endpoints.control.path | quote }} - - name: "WEB_HTTP_VALIDATION_PORT" - value: {{ .Values.dataplane.endpoints.validation.port | quote }} - - name: "WEB_HTTP_VALIDATION_PATH" - value: {{ .Values.dataplane.endpoints.validation.path | quote }} - - name: "WEB_HTTP_METRICS_PORT" - value: {{ .Values.dataplane.endpoints.metrics.port | quote }} - - name: "WEB_HTTP_METRICS_PATH" - value: {{ .Values.dataplane.endpoints.metrics.path | quote }} - - name: "WEB_HTTP_PUBLIC_PORT" - value: {{ .Values.dataplane.endpoints.public.port | quote }} - - name: "WEB_HTTP_PUBLIC_PATH" - value: {{ .Values.dataplane.endpoints.public.path | quote }} - - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" - value: {{ include "txdc.controlplane.url.validation" .}} - - ####### - # AWS # - ####### - {{- if .Values.dataplane.aws.endpointOverride }} - - name: "EDC_AWS_ENDPOINT_OVERRIDE" - value: {{ .Values.dataplane.aws.endpointOverride | quote }} - {{- end }} - {{- if .Values.dataplane.aws.secretAccessKey }} - - name: "AWS_SECRET_ACCESS_KEY" - value: {{ .Values.dataplane.aws.secretAccessKey | quote }} - {{- end }} - {{- if .Values.dataplane.aws.accessKeyId }} - - name: "AWS_ACCESS_KEY_ID" - value: {{ .Values.dataplane.aws.accessKeyId | quote }} - {{- end }} - - ########### - ## VAULT ## - ########### - - {{- if .Values.vault.hashicorp.enabled }} - # see extension https://github.com/catenax-ng/product-edc/tree/develop/edc-extensions/hashicorp-vault - - name: "EDC_VAULT_HASHICORP_URL" - value: {{ tpl .Values.vault.hashicorp.url . | required ".Values.vault.hashicorp.url is required" | quote }} - - name: "EDC_VAULT_HASHICORP_TOKEN" - value: {{ .Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }} - - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS" - value: {{ .Values.vault.hashicorp.timeout | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED" - value: {{ .Values.vault.hashicorp.healthCheck.enabled | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK" - value: {{ .Values.vault.hashicorp.healthCheck.standbyOk | quote }} - - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH" - value: {{ .Values.vault.hashicorp.paths.secret | quote }} - - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" - value: {{ .Values.vault.hashicorp.paths.health | quote }} - {{- end }} - - {{- if .Values.vault.azure.enabled }} - - name: "EDC_VAULT_CLIENTID" - value: {{ .Values.vault.azure.client | quote }} - - name: "EDC_VAULT_TENANTID" - value: {{ .Values.vault.azure.tenant | quote }} - - name: "EDC_VAULT_NAME" - value: {{ .Values.vault.azure.name | quote }} - - name: "EDC_VAULT_CLIENTSECRET" - value: {{ .Values.vault.azure.secret | quote }} - - name: "EDC_VAULT_CERTIFICATE" - value: {{ .Values.vault.azure.certificate | quote }} - {{- end }} - - ###################################### - ## Additional environment variables ## - ###################################### - {{- range $key, $value := .Values.dataplane.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 16 }} - {{- end }} - {{- range $key, $value := .Values.dataplane.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if and (or .Values.dataplane.envSecretNames .Values.dataplane.envConfigMapNames) (or (gt (len .Values.dataplane.envSecretNames) 0) (gt (len .Values.dataplane.envConfigMapNames) 0)) }} - envFrom: - {{- range $value := .Values.dataplane.envSecretNames }} - - secretRef: - name: {{ $value | quote }} - {{- end }} - {{- range $value := .Values.dataplane.envConfigMapNames }} - - configMapRef: - name: {{ $value | quote }} - {{- end }} - {{- end }} - volumeMounts: - - name: "configuration" - mountPath: "/app/opentelemetry.properties" - subPath: "opentelemetry.properties" - - name: "configuration" - mountPath: "/app/logging.properties" - subPath: "logging.properties" - {{- if .Values.cacerts }} - - name: castore - mountPath: /etc/ssl/certs/java/cacerts - subPath: cacerts - {{- end }} - {{- with .Values.dataplane.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: "configuration" - configMap: - name: {{ include "txdc.fullname" . }}-dataplane - items: - - key: "opentelemetry.properties" - path: "opentelemetry.properties" - - key: "logging.properties" - path: "logging.properties" - {{- if .Values.cacerts }} - - name: castore - emptyDir: - sizeLimit: 5Mi - - name: cacerts - secret: - secretName: {{ include "txdc.fullname" . }}-cacerts - defaultMode: 0400 - {{- end }} - {{- with .Values.dataplane.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.dataplane.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.dataplane.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.dataplane.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/hpa-controlplane.yaml b/charts/umbrella/charts/tractusx-connector/templates/hpa-controlplane.yaml deleted file mode 100644 index ddef980b..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/hpa-controlplane.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- if .Values.controlplane.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "txdc.fullname" . }}-controlplane - minReplicas: {{ .Values.controlplane.autoscaling.minReplicas }} - maxReplicas: {{ .Values.controlplane.autoscaling.maxReplicas }} - metrics: - {{- if .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/hpa-dataplane.yaml b/charts/umbrella/charts/tractusx-connector/templates/hpa-dataplane.yaml deleted file mode 100644 index 3a4b61c4..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/hpa-dataplane.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- if .Values.controlplane.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "txdc.fullname" . }}-dataplane - labels: - {{- include "txdc.dataplane.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "txdc.fullname" . }}-dataplane - minReplicas: {{ .Values.dataplane.autoscaling.minReplicas }} - maxReplicas: {{ .Values.dataplane.autoscaling.maxReplicas }} - metrics: - {{- if .Values.dataplane.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.dataplane.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.dataplane.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.dataplane.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/ingress-controlplane.yaml b/charts/umbrella/charts/tractusx-connector/templates/ingress-controlplane.yaml deleted file mode 100644 index 95fd7a98..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/ingress-controlplane.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- $fullName := include "txdc.fullname" . }} -{{- $controlLabels := include "txdc.controlplane.labels" . | nindent 4 }} -{{- $controlEdcEndpoints := .Values.controlplane.endpoints }} -{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} -{{- $namespace := .Release.Namespace }} - -{{- range .Values.controlplane.ingresses }} -{{- if and .enabled .endpoints }} -{{- $controlIngressName := printf "%s-controlplane-%s" $fullName (tpl .hostname $) }} ---- -{{- if semverCompare ">=1.19-0" $gitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $gitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $controlIngressName }} - namespace: {{ $namespace | default "default" | quote }} - labels: - {{- $controlLabels | nindent 2 }} - annotations: - {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }} - {{- if not (hasKey .annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .annotations "kubernetes.io/ingress.class" .className}} - {{- end }} - {{- end }} - {{- if .certManager }} - {{- if .certManager.issuer }} - {{- $_ := set .annotations "cert-manager.io/issuer" .certManager.issuer}} - {{- end }} - {{- if .certManager.clusterIssuer }} - {{- $_ := set .annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} - {{- end }} - {{- end }} - {{- with .annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }} - ingressClassName: {{ .className }} - {{- end }} - {{- if .hostname }} - {{- if .tls.enabled }} - tls: - - hosts: - - {{ tpl .hostname $ }} - {{- if .tls.secretName }} - secretName: {{ .tls.secretName }} - {{- else }} - secretName: {{ $controlIngressName }}-tls - {{- end }} - {{- end }} - rules: - - host: {{ tpl .hostname $ }} - http: - paths: - {{- $ingressEdcEndpoints := .endpoints }} - {{- range $name, $mapping := $controlEdcEndpoints }} - {{- if (has $name $ingressEdcEndpoints) }} - - path: {{ $mapping.path }} - pathType: Prefix - backend: - {{- if semverCompare ">=1.19-0" $gitVersion }} - service: - name: {{ $fullName }}-controlplane - port: - number: {{ $mapping.port }} - {{- else }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end }}{{- /* end: if .enabled */}} -{{- end }}{{- /* end: range .Values.ingresses */}} diff --git a/charts/umbrella/charts/tractusx-connector/templates/ingress-dataplane.yaml b/charts/umbrella/charts/tractusx-connector/templates/ingress-dataplane.yaml deleted file mode 100644 index 8d9a3730..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/ingress-dataplane.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- $fullName := include "txdc.fullname" . }} -{{- $dataLabels := include "txdc.dataplane.labels" . | nindent 4 }} -{{- $dataEdcEndpoints := .Values.dataplane.endpoints }} -{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} -{{- $namespace := .Release.Namespace }} - -{{- range .Values.dataplane.ingresses }} -{{- if and .enabled .endpoints }} -{{- $dataIngressName := printf "%s-dataplane-%s" $fullName .hostname }} ---- -{{- if semverCompare ">=1.19-0" $gitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $gitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $dataIngressName }} - namespace: {{ $namespace | default "default" | quote }} - labels: - {{- $dataLabels | nindent 2 }} - annotations: - {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }} - {{- if not (hasKey .annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .annotations "kubernetes.io/ingress.class" .className}} - {{- end }} - {{- end }} - {{- if .certManager }} - {{- if .certManager.issuer }} - {{- $_ := set .annotations "cert-manager.io/issuer" .certManager.issuer}} - {{- end }} - {{- if .certManager.clusterIssuer }} - {{- $_ := set .annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} - {{- end }} - {{- end }} - {{- with .annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }} - ingressClassName: {{ .className }} - {{- end }} - {{- if .hostname }} - {{- if .tls.enabled }} - tls: - - hosts: - - {{ .hostname }} - {{- if .tls.secretName }} - secretName: {{ .tls.secretName }} - {{- else }} - secretName: {{ $dataIngressName }}-tls - {{- end }} - {{- end }} - rules: - - host: {{ .hostname }} - http: - paths: - {{- $ingressEdcEndpoints := .endpoints }} - {{- range $name, $mapping := $dataEdcEndpoints }} - {{- if (has $name $ingressEdcEndpoints) }} - - path: {{ $mapping.path }} - pathType: Prefix - backend: - {{- if semverCompare ">=1.19-0" $gitVersion }} - service: - name: {{ $fullName }}-dataplane - port: - number: {{ $mapping.port }} - {{- else }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end }}{{- /* end: if .enabled */}} -{{- end }}{{- /* end: range .Values.ingresses */}} diff --git a/charts/umbrella/charts/tractusx-connector/templates/secret-cacerts.yaml b/charts/umbrella/charts/tractusx-connector/templates/secret-cacerts.yaml deleted file mode 100644 index 1ae203ce..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/secret-cacerts.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- if .Values.cacerts }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "txdc.fullname" . }}-cacerts - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "txdc.labels" . | nindent 4 }} -type: Opaque -stringData: -{{- with .Values.cacerts }} - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/secret-external-db.yaml b/charts/umbrella/charts/tractusx-connector/templates/secret-external-db.yaml deleted file mode 100644 index 66d76ad0..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/secret-external-db.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) (not .Values.postgresql.existingSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "txdc.fullname" . }}-externaldb - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "txdc.controlplane.labels" . | nindent 4 }} -type: Opaque -data: - db-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-externaldb" .Release.Name) "key" "db-password" "length" 10 "providedValues" (list "externalDatabase.password") "context" $) }} -{{- end }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/service-controlplane.yaml b/charts/umbrella/charts/tractusx-connector/templates/service-controlplane.yaml deleted file mode 100644 index 702c768e..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/service-controlplane.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - type: {{ .Values.controlplane.service.type }} - ports: - - port: {{ .Values.controlplane.endpoints.default.port }} - targetPort: default - protocol: TCP - name: default - - port: {{ .Values.controlplane.endpoints.control.port }} - targetPort: control - protocol: TCP - name: control - - port: {{ .Values.controlplane.endpoints.data.port }} - targetPort: data - protocol: TCP - name: data - - port: {{ .Values.controlplane.endpoints.validation.port }} - targetPort: validation - protocol: TCP - name: validation - - port: {{ .Values.controlplane.endpoints.ids.port }} - targetPort: ids - protocol: TCP - name: ids - - port: {{ .Values.controlplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: - {{- include "txdc.controlplane.selectorLabels" . | nindent 4 }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/service-dataplane.yaml b/charts/umbrella/charts/tractusx-connector/templates/service-dataplane.yaml deleted file mode 100644 index 40760700..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/service-dataplane.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "txdc.fullname" . }}-dataplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.dataplane.labels" . | nindent 4 }} -spec: - type: {{ .Values.dataplane.service.type }} - ports: - - port: {{ .Values.dataplane.endpoints.default.port }} - targetPort: default - protocol: TCP - name: default - - port: {{ .Values.dataplane.endpoints.control.port }} - targetPort: control - protocol: TCP - name: control - - port: {{ .Values.dataplane.endpoints.public.port }} - targetPort: public - protocol: TCP - name: public - - port: {{ .Values.dataplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: - {{- include "txdc.dataplane.selectorLabels" . | nindent 4 }} diff --git a/charts/umbrella/charts/tractusx-connector/templates/serviceaccount.yaml b/charts/umbrella/charts/tractusx-connector/templates/serviceaccount.yaml deleted file mode 100644 index 6e95ebb6..00000000 --- a/charts/umbrella/charts/tractusx-connector/templates/serviceaccount.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "txdc.serviceAccountName" . }} - labels: - {{- include "txdc.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- with .Values.serviceAccount.imagePullSecrets }} -imagePullSecrets: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} diff --git a/charts/umbrella/charts/tractusx-connector/values.yaml b/charts/umbrella/charts/tractusx-connector/values.yaml deleted file mode 100644 index 41391022..00000000 --- a/charts/umbrella/charts/tractusx-connector/values.yaml +++ /dev/null @@ -1,547 +0,0 @@ -# ############################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ############################################################################# ---- -# Default values for eclipse-dataspace-connector. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -fullnameOverride: "" -nameOverride: "" - -# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) -imagePullSecrets: [] - -customLabels: {} - -# -- Custom CA certificates, that will automatically be added to the java truststore -# cacerts: -# RootCA.pem: | -# -----BEGIN CERTIFICATE----- -# ... -# -----END CERTIFICATE----- - -controlplane: - image: - # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically - repository: "" - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - initContainers: [] - debug: - enabled: false - port: 1044 - suspendOnStart: false - internationalDataSpaces: - id: TXDC - description: Tractus-X Eclipse IDS Data Space Connector - title: "" - maintainer: "" - curator: "" - catalogId: TXDC-Catalog - livenessProbe: - # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first liveness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - readinessProbe: - # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first readiness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a readiness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # -- endpoints of the control plane - endpoints: - # -- default api for health checks, should not be added to any ingress - default: - # -- port for incoming api calls - port: 8080 - # -- path for incoming api calls - path: /api - # -- data management api, used by internal users, can be added to an ingress and must not be internet facing - data: - # -- port for incoming api calls - port: 8081 - # -- path for incoming api calls - path: /data - # -- authentication key, must be attached to each 'X-Api-Key' request header - authKey: "" - # -- validation api, only used by the data plane and should not be added to any ingress - validation: - # -- port for incoming api calls - port: 8082 - # -- path for incoming api calls - path: /validation - # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not - control: - # -- port for incoming api calls - port: 8083 - # -- path for incoming api calls - path: /control - # -- ids api, used for inter connector communication and must be internet facing - ids: - # -- port for incoming api calls - port: 8084 - # -- path for incoming api calls - path: /api/v1/ids - # -- metrics api, used for application metrics, must not be internet facing - metrics: - # -- port for incoming api calls - port: 8085 - # -- path for incoming api calls - path: /metrics - service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - annotations: {} - # -- additional labels for the pod - podLabels: {} - # -- additional annotations for the pod - podAnnotations: {} - # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment - podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod - securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods - env: {} - # ENV_NAME: value - - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # secretKeyRef: - # name: secret-name - # key: value_key - - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from - envSecretNames: [] - # - first-secret - # - second-secret - - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from - envConfigMapNames: [] - # - first-config-map - # - second-config-map - - ## Ingress declaration to expose the network service. - ingresses: - ## Public / Internet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-control.local" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - ids - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - ## Private / Intranet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-control.intranet" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - data - - control - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container - volumeMounts: [] - # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories - volumes: [] - # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - replicaCount: 1 - autoscaling: - # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) - enabled: false - # -- Minimal replicas if resource consumption falls below resource threshholds - minReplicas: 1 - # -- Maximum replicas if resource consumption exceeds resource threshholds - maxReplicas: 100 - # -- targetAverageUtilization of cpu provided to a pod - targetCPUUtilizationPercentage: 80 - # -- targetAverageUtilization of memory provided to a pod - targetMemoryUtilizationPercentage: 80 - # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics - opentelemetry: |- - otel.javaagent.enabled=false - otel.javaagent.debug=false - # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) - logging: |- - .level=INFO - handlers=java.util.logging.ConsoleHandler - java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter - java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes - nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes - tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on - affinity: {} - - url: - # -- Explicitly declared url for reaching the ids api (e.g. if ingresses not used) - ids: "" - -dataplane: - image: - # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically - repository: "" - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - initContainers: [] - debug: - enabled: false - port: 1044 - suspendOnStart: false - livenessProbe: - # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first liveness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - readinessProbe: - # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first readiness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - port: 80 - endpoints: - default: - port: 8080 - path: /api - public: - port: 8081 - path: /api/public - validation: - port: 8082 - path: /validation - control: - port: 8083 - path: /api/dataplane/control - metrics: - port: 8084 - path: /metrics - aws: - endpointOverride: "" - accessKeyId: "" - secretAccessKey: "" - # -- additional labels for the pod - podLabels: {} - # -- additional annotations for the pod - podAnnotations: {} - # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment - podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod - securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods - env: {} - # ENV_NAME: value - - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # secretKeyRef: - # name: secret-name - # key: value_key - - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from - envSecretNames: [] - # - first-secret - # - second-secret - - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from - envConfigMapNames: [] - # - first-config-map - # - second-config-map - - ## Ingress declaration to expose the network service. - ingresses: - ## Public / Internet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-data.local" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - public - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container - volumeMounts: [] - # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories - volumes: [] - # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - replicaCount: 1 - autoscaling: - # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) - enabled: false - # -- Minimal replicas if resource consumption falls below resource threshholds - minReplicas: 1 - # -- Maximum replicas if resource consumption exceeds resource threshholds - maxReplicas: 100 - # -- targetAverageUtilization of cpu provided to a pod - targetCPUUtilizationPercentage: 80 - # -- targetAverageUtilization of memory provided to a pod - targetMemoryUtilizationPercentage: 80 - # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics - opentelemetry: |- - otel.javaagent.enabled=false - otel.javaagent.debug=false - # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) - logging: |- - .level=INFO - handlers=java.util.logging.ConsoleHandler - java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter - java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes - nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes - tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on - affinity: {} - - url: - # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) - public: "" - -## PostgreSQL chart configuration -## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml -## -postgresql: - ## @param postgresql.enabled Deploy a PostgreSQL server to satisfy the applications database requirements - ## To use an external database set this to false and configure the `externalDatabase.*` parameters - ## - enabled: false - auth: - username: "tx_connector" - password: "" - database: "connector" - -externalDatabase: - enabled: false - host: "" - port: 5432 - user: "tx_connector" - database: "connector" - password: "" - existingSecret: "" - existingSecretPasswordKey: "" - -vault: - hashicorp: - enabled: false - url: "" - token: "" - timeout: 30 - healthCheck: - enabled: true - standbyOk: true - paths: - secret: /v1/secret - health: /v1/sys/health - azure: - enabled: false - name: "" - client: "" - tenant: "" - secret: "" - certificate: "" - secretNames: - transferProxyTokenSignerPrivateKey: transfer-proxy-token-signer-private-key - transferProxyTokenSignerPublicKey: transfer-proxy-token-signer-public-key - transferProxyTokenEncryptionAesKey: transfer-proxy-token-encryption-aes-key - dapsPrivateKey: daps-private-key - dapsPublicKey: daps-public-key - -daps: - url: "" - clientId: "" - paths: - jwks: /jwks.json - token: /token - -backendService: - httpProxyTokenReceiverUrl: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) - imagePullSecrets: [] From 5a1e9571f135586de5ea5764ce05347e5159851d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 14 Jun 2023 11:10:00 +0200 Subject: [PATCH 06/11] chore(helm): rework umbrella chart values --- charts/umbrella/values.yaml | 147 +++++++++++++----------------------- 1 file changed, 53 insertions(+), 94 deletions(-) diff --git a/charts/umbrella/values.yaml b/charts/umbrella/values.yaml index f233a190..dd1215e7 100644 --- a/charts/umbrella/values.yaml +++ b/charts/umbrella/values.yaml @@ -19,7 +19,7 @@ --- global: daps: - url: &dapsUrl "http://{{ .Release.Name }}-dapsserver:4567" + # url: &dapsUrl "http://{{ .Release.Name }}-daps:4567" auth: clientId: &dapsClientId admin clientSecret: &dapsClientSecret ThisiSaSuPERSecretPassword1!11 @@ -27,13 +27,6 @@ global: edc: enabled: true - controlplane: - image: - tag: &edcCpImageTag 0.1.6 - dataplane: - image: - tag: &edcDpImageTag 0.1.6 - consumer: daps: clientId: &edcConsumerDapsClientId consumer-daps-clientid @@ -63,12 +56,11 @@ global: publicKey: &edcProviderVaultTransferPublicKey edcprovider-transfer-proxy-token-signer-public-key vault: - url: &vaultUrl "http://{{ .Release.Name }}-vault:8200" + # url: &vaultUrl "http://{{ .Release.Name }}-vault:8200" token: &edcVaultToken vaultRootToken certsconsumer: daps: - url: *dapsUrl auth: clientId: *dapsClientId clientSecret: *dapsClientSecret @@ -76,7 +68,6 @@ certsconsumer: clientId: *edcConsumerDapsClientId vault: - url: *vaultUrl daps: privateKey: *edcConsumerVaultDapsPrivateKey publicKey: *edcConsumerVaultDapsPublicKey @@ -88,7 +79,6 @@ certsconsumer: certsprovider: daps: - url: *dapsUrl auth: clientId: *dapsClientId clientSecret: *dapsClientSecret @@ -96,7 +86,6 @@ certsprovider: clientId: *edcProviderDapsClientId vault: - url: *vaultUrl daps: privateKey: *edcProviderVaultDapsPrivateKey publicKey: *edcProviderVaultDapsPublicKey @@ -106,85 +95,66 @@ certsprovider: privateKey: *edcProviderVaultTransferPrivateKey publicKey: *edcProviderVaultTransferPublicKey -# eclipse-tractusx DAPS -# https://github.com/eclipse-tractusx/daps-helm-chart -dapsserver: - # fullnameOverride: daps - image: - repository: ghcr.io/fraunhofer-aisec/omejdn-server - tag: "1.7.1" - podSecurityContext: - fsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 1000 - persistence: - accessMode: "ReadWriteOnce" - omejdn: - defaultAdminUser: "admin:ThisiSaSuPERSecretPassword1!11" - daps: - secret: - clientId: *dapsClientId - clientSecret: *dapsClientSecret - edcconsumer: nameOverride: edcconsumer + install: + daps: true + postgresql: true + vault: true + backendService: # TODO: what is the correct value here? httpProxyTokenReceiverUrl: "http://localhost" controlplane: - image: - tag: *edcCpImageTag - endpoints: - data: - # TODO: what is the correct value here? - authKey: edcconsumercpauthkey + management: + authKey: consumer-authkey daps: - url: *dapsUrl clientId: *edcConsumerDapsClientId - dataplane: + daps: + secret: + clientId: *dapsClientId + clientSecret: *dapsClientSecret + image: - tag: *edcDpImageTag + repository: ghcr.io/fraunhofer-aisec/omejdn-server -# test1: no database + podSecurityContext: + fsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + # persistence: + # accessMode: "ReadWriteOnce" + + participant: + id: consumer -# test2: byo database postgresql: - enabled: true - nameOverride: edcconsumer-postgresql - -# externalDB: helm upgrade --install thedb bitnami/postgresql --values thedb.yaml -# test3 external database with password - # externalDatabase: - # enabled: true - # host: "thedb-postgresql" - # password: "ThePassword" - -# test4 external database with existing secret - # externalDatabase: - # enabled: true - # host: "thedb-postgresql" - # existingSecret: "thedb-postgresql" - # existingSecretPasswordKey: "password" + nameOverride: consumer-postgresql + + jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-consumer-postgresql:5432/edc" + + auth: + username: psql-consumer-user + password: psql-consumer-password vault: hashicorp: - enabled: true - - url: *vaultUrl token: *edcVaultToken + server: + dev: + devRootToken: *edcVaultToken secretNames: dapsPrivateKey: *edcConsumerVaultDapsPrivateKey dapsPublicKey: *edcConsumerVaultDapsPublicKey transferProxyTokenEncryptionAesKey: *edcConsumerVaultTransferEncryptionAesKey - transferProxyTokenSignerPrivateKey: *edcConsumerVaultTransferPrivateKey transferProxyTokenSignerPublicKey: *edcConsumerVaultTransferPublicKey @@ -192,36 +162,39 @@ edcconsumer: edcprovider: nameOverride: edcprovider + install: + daps: false + postgresql: true + vault: false + backendService: # TODO: what is the correct value here? httpProxyTokenReceiverUrl: "http://localhost" controlplane: - image: - tag: *edcCpImageTag - endpoints: - data: - # TODO: what is the correct value here? - authKey: edcprovidercpauthkey + management: + authKey: provider-authkey daps: - url: *dapsUrl clientId: *edcProviderDapsClientId - dataplane: - image: - tag: *edcDpImageTag + participant: + id: provider + + clientId: *edcProviderDapsClientId postgresql: - enabled: true - nameOverride: edcprovider-postgresql + nameOverride: provider-postgresql + + jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-provider-postgresql:5432/edc" + + auth: + username: psql-provider-user + password: psql-provider-password vault: hashicorp: - enabled: true - - url: *vaultUrl token: *edcVaultToken secretNames: @@ -229,19 +202,5 @@ edcprovider: dapsPublicKey: *edcProviderVaultDapsPublicKey transferProxyTokenEncryptionAesKey: *edcProviderVaultTransferEncryptionAesKey - transferProxyTokenSignerPrivateKey: *edcProviderVaultTransferPrivateKey transferProxyTokenSignerPublicKey: *edcProviderVaultTransferPublicKey - -vault: - # fullnameOverride: vault - - injector: - enabled: false - - server: - authDelegator: - enabled: false - dev: - enabled: true - devRootToken: *edcVaultToken From d7eb98fb52009cde19678349e236ff60d857e676 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 14 Jun 2023 11:11:08 +0200 Subject: [PATCH 07/11] chore(helm): remove condition global.edc.enabled --- charts/umbrella/Chart.yaml | 4 ---- charts/umbrella/values.yaml | 3 --- 2 files changed, 7 deletions(-) diff --git a/charts/umbrella/Chart.yaml b/charts/umbrella/Chart.yaml index b7109ec5..c0070193 100644 --- a/charts/umbrella/Chart.yaml +++ b/charts/umbrella/Chart.yaml @@ -34,21 +34,17 @@ dependencies: - alias: certsconsumer name: certs version: 0.1.0 - condition: global.edc.enabled - alias: certsprovider name: certs version: 0.1.0 - condition: global.edc.enabled # edc consumer - alias: edcconsumer name: tractusx-connector version: 0.4.1 repository: https://eclipse-tractusx.github.io/charts/dev - condition: global.edc.enabled # edc provider - alias: edcprovider name: tractusx-connector version: 0.4.1 repository: https://eclipse-tractusx.github.io/charts/dev - condition: global.edc.enabled diff --git a/charts/umbrella/values.yaml b/charts/umbrella/values.yaml index dd1215e7..fa2202c9 100644 --- a/charts/umbrella/values.yaml +++ b/charts/umbrella/values.yaml @@ -24,9 +24,6 @@ global: clientId: &dapsClientId admin clientSecret: &dapsClientSecret ThisiSaSuPERSecretPassword1!11 - edc: - enabled: true - consumer: daps: clientId: &edcConsumerDapsClientId consumer-daps-clientid From 335fb0d2d1d68c1892a18070eedab97b2900863a Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 14 Jun 2023 11:11:40 +0200 Subject: [PATCH 08/11] docs(helm): add global values comments --- charts/umbrella/values.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/charts/umbrella/values.yaml b/charts/umbrella/values.yaml index fa2202c9..410caf6a 100644 --- a/charts/umbrella/values.yaml +++ b/charts/umbrella/values.yaml @@ -21,25 +21,34 @@ global: daps: # url: &dapsUrl "http://{{ .Release.Name }}-daps:4567" auth: + # management login credentials for daps-server (username) clientId: &dapsClientId admin + # management login credentials for daps-server (password) clientSecret: &dapsClientSecret ThisiSaSuPERSecretPassword1!11 consumer: daps: + # identity of the EDC (consumer) at daps-server clientId: &edcConsumerDapsClientId consumer-daps-clientid vault: daps: + # vault path of registered certificate for EDC to authenticate to EDC privateKey: &edcConsumerVaultDapsPrivateKey edcconsumer-daps-private-key + # vault path of registered certificate for EDC to authenticate to EDC publicKey: &edcConsumerVaultDapsPublicKey edcconsumer-daps-public-key transfer: + # vault path of key for dataplane transfer encryptionAesKey: &edcConsumerVaultTransferEncryptionAesKey edcconsumer-transfer-proxy-token-encryption-aes-key + # vault path of certificate for dataplane transfer privateKey: &edcConsumerVaultTransferPrivateKey edcconsumer-transfer-proxy-token-signer-private-key + # vault path of certificate for dataplane transfer publicKey: &edcConsumerVaultTransferPublicKey edcconsumer-transfer-proxy-token-signer-public-key provider: daps: + # identity of the EDC (provider) at daps-server clientId: &edcProviderDapsClientId provider-daps-clientid vault: From 500d378a99cdc765d3f05257b6dee5010f72740a Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 14 Jun 2023 11:38:39 +0200 Subject: [PATCH 09/11] fix(helm): disable podSecurityContext for daps dependency --- charts/umbrella/values.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/umbrella/values.yaml b/charts/umbrella/values.yaml index 410caf6a..f8a357f1 100644 --- a/charts/umbrella/values.yaml +++ b/charts/umbrella/values.yaml @@ -129,11 +129,11 @@ edcconsumer: image: repository: ghcr.io/fraunhofer-aisec/omejdn-server - podSecurityContext: - fsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 1000 + # podSecurityContext: + # fsGroup: 1000 + # runAsNonRoot: true + # runAsUser: 1000 + # runAsGroup: 1000 # persistence: # accessMode: "ReadWriteOnce" From 8dd797f9f24f924c398c5da7a45d0a12cd73408d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 14 Jun 2023 13:33:24 +0200 Subject: [PATCH 10/11] chore(ci): update helm repo list to tractusx bitnami and hashicorp are not longer required - the dependencies are loaded via tx-c chart directly --- hack/helm-dependencies.bash | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hack/helm-dependencies.bash b/hack/helm-dependencies.bash index 7530bfbd..1d5e8c27 100755 --- a/hack/helm-dependencies.bash +++ b/hack/helm-dependencies.bash @@ -3,8 +3,7 @@ # Check if any repositories is present if ! helm repo list ; then echo "Need to add repos" - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo add hashicorp https://helm.releases.hashicorp.com + helm repo add tractusx https://eclipse-tractusx.github.io/charts/dev fi # This hack script will download all chart/umbrella dependency charts. From 0ca5ca2bd03bd3a2372498710ccb84b5995db854 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 26 Jun 2023 10:56:37 +0200 Subject: [PATCH 11/11] chore: use tx-c Helm chart 0.5.0-rc1 with image 0.4.1 temporary using fixed image + tag Because there is no tractusx-connector release including PRs 473,474,475 for 0.4.x we use the legacy Helm chart from release 0.5.0-rc1 --- charts/umbrella/Chart.yaml | 8 ++++---- charts/umbrella/values.yaml | 29 +++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/charts/umbrella/Chart.yaml b/charts/umbrella/Chart.yaml index c0070193..35e953bb 100644 --- a/charts/umbrella/Chart.yaml +++ b/charts/umbrella/Chart.yaml @@ -40,11 +40,11 @@ dependencies: # edc consumer - alias: edcconsumer - name: tractusx-connector - version: 0.4.1 + name: tractusx-connector-legacy + version: 0.5.0-rc1 repository: https://eclipse-tractusx.github.io/charts/dev # edc provider - alias: edcprovider - name: tractusx-connector - version: 0.4.1 + name: tractusx-connector-legacy + version: 0.5.0-rc1 repository: https://eclipse-tractusx.github.io/charts/dev diff --git a/charts/umbrella/values.yaml b/charts/umbrella/values.yaml index f8a357f1..cd25d980 100644 --- a/charts/umbrella/values.yaml +++ b/charts/umbrella/values.yaml @@ -18,6 +18,17 @@ # ############################################################################# --- global: + edc: + # temporary using fixed image + tag + # Because there is no tractusx-connector release including PRs 473,474,475 + # for 0.4.x we use the legacy Helm chart from release 0.5.0-rc1 + cp: + image: &edcCpImage tractusx/edc-controlplane-postgresql-hashicorp-vault + dp: + image: &edcDpImage tractusx/edc-dataplane-hashicorp-vault + tag: &edcImageTag 0.4.1 + + daps: # url: &dapsUrl "http://{{ .Release.Name }}-daps:4567" auth: @@ -118,6 +129,10 @@ edcconsumer: management: authKey: consumer-authkey + image: + repository: *edcCpImage + tag: *edcImageTag + daps: clientId: *edcConsumerDapsClientId @@ -137,6 +152,11 @@ edcconsumer: # persistence: # accessMode: "ReadWriteOnce" + dataplane: + image: + repository: *edcDpImage + tag: *edcImageTag + participant: id: consumer @@ -182,9 +202,18 @@ edcprovider: management: authKey: provider-authkey + image: + repository: *edcCpImage + tag: *edcImageTag + daps: clientId: *edcProviderDapsClientId + dataplane: + image: + repository: *edcDpImage + tag: *edcImageTag + participant: id: provider