diff --git a/charts/vc-authn-oidc/README.md b/charts/vc-authn-oidc/README.md index f60bf621..defbbf8f 100644 --- a/charts/vc-authn-oidc/README.md +++ b/charts/vc-authn-oidc/README.md @@ -1,6 +1,6 @@ # VC-AuthN OIDC -![Version: 0.2.4](https://img.shields.io/badge/Version-0.2.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.1](https://img.shields.io/badge/AppVersion-2.2.1-informational?style=flat-square) +![Version: 0.2.5](https://img.shields.io/badge/Version-0.2.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.1](https://img.shields.io/badge/AppVersion-2.2.1-informational?style=flat-square) A Helm chart to deploy Verifiable Credential Identity Provider for OpenID Connect. @@ -77,15 +77,15 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release ### Common Configuration -| Name | Description | Value | -| ------------------- | --------------------------------------------------------------- | ------------------------------- | -| `nameOverride` | | `""` | -| `fullnameOverride` | | `""` | -| `image.repository` | | `ghcr.io/bcgov/vc-authn-oidc` | -| `image.pullPolicy` | | `IfNotPresent` | -| `image.pullSecrets` | | `[]` | -| `image.tag` | Overrides the image tag which defaults to the chart appVersion. | `2.2.1` | -| `ingressSuffix` | Domain suffix to be used for default hostpaths in ingress | `.apps.silver.devops.gov.bc.ca` | +| Name | Description | Value | +| ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | +| `nameOverride` | String to override the helm chart name, second part of the prefix | `""` | +| `fullnameOverride` | String to fully override the helm chart name, full prefix. *Must be provided if using a custom release name that does not include the name of the helm chart (`vc-authn-oidc`).* | `""` | +| `image.repository` | | `ghcr.io/bcgov/vc-authn-oidc` | +| `image.pullPolicy` | | `IfNotPresent` | +| `image.pullSecrets` | | `[]` | +| `image.tag` | Overrides the image tag which defaults to the chart appVersion. | `2.2.1` | +| `ingressSuffix` | Domain suffix to be used for default hostpaths in ingress | `.apps.silver.devops.gov.bc.ca` | ### Controller Configuration @@ -299,11 +299,8 @@ Note: Secure values of the configuration are passed via equivalent environment v | `postgresql.fullnameOverride` | When overriding fullnameOverride, you must override this to match. | `""` | | `postgresql.architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | | `postgresql.commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). | `[]` | -| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` | -| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. `postgresql.auth.postgresPassword`, `postgresql.auth.password`, and `postgresql.auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `{{ include "global.fullname" . }}` | -| `postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `admin-password` | -| `postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `database-password` | -| `postgresql.auth.database` | Name for a custom database to create | `traction` | +| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user. Not recommended for production deployments. | `true` | +| `postgresql.auth.database` | Name for a custom database to create | `askar-wallet` | | `postgresql.auth.username` | Name for a custom user to create | `acapy` | | `postgresql.primary.persistence.enabled` | Enable PostgreSQL Primary data persistence using PVC | `true` | | `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `1Gi` | diff --git a/charts/vc-authn-oidc/templates/_helpers.tpl b/charts/vc-authn-oidc/templates/_helpers.tpl index 85a09f58..e4a7f2ac 100644 --- a/charts/vc-authn-oidc/templates/_helpers.tpl +++ b/charts/vc-authn-oidc/templates/_helpers.tpl @@ -261,15 +261,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} -{{/* -Return true if a database secret should be created -*/}} -{{- define "acapy.database.createSecret" -}} -{{- if not .Values.acapy.walletStorageCredentials.existingSecret -}} -{{- true -}} -{{- end -}} -{{- end -}} - {{/* Return acapy label */}} diff --git a/charts/vc-authn-oidc/templates/agent/database_secret.yaml b/charts/vc-authn-oidc/templates/agent/database_secret.yaml deleted file mode 100644 index b754a497..00000000 --- a/charts/vc-authn-oidc/templates/agent/database_secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if (include "acapy.database.createSecret" .) -}} -apiVersion: v1 -kind: Secret -metadata: - annotations: - "helm.sh/resource-policy": keep - name: {{ template "acapy.database.secretName" . }} - labels: - {{- include "common.selectorLabels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - admin-password: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.database.secretName" .) "Key" "admin-password") }} - database-user: {{ .Values.postgresql.auth.username | b64enc }} - database-password: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.database.secretName" .) "Key" "database-password") }} -{{- end -}} diff --git a/charts/vc-authn-oidc/templates/agent/deployment.yaml b/charts/vc-authn-oidc/templates/agent/deployment.yaml index 916e2520..fb832b9f 100644 --- a/charts/vc-authn-oidc/templates/agent/deployment.yaml +++ b/charts/vc-authn-oidc/templates/agent/deployment.yaml @@ -7,7 +7,6 @@ metadata: {{- include "acapy.labels" . | nindent 4 }} annotations: checksum/config: {{ include (print $.Template.BasePath "/agent/configmap.yaml") . | sha256sum }} - checksum/db-secret: {{ include (print $.Template.BasePath "/agent/database_secret.yaml") . | sha256sum }} checksum/acapy-secrets: {{ include (print $.Template.BasePath "/agent/secrets.yaml") . | sha256sum }} spec: {{- if not .Values.acapy.autoscaling.enabled }} diff --git a/charts/vc-authn-oidc/values.yaml b/charts/vc-authn-oidc/values.yaml index 8a5aac04..92c8611b 100644 --- a/charts/vc-authn-oidc/values.yaml +++ b/charts/vc-authn-oidc/values.yaml @@ -1,8 +1,8 @@ ## @section Common Configuration ## -## @param nameOverride +## @param nameOverride String to override the helm chart name, second part of the prefix. nameOverride: "" -## @param fullnameOverride +## @param fullnameOverride String to fully override the helm chart name, full prefix. *Must be provided if using a custom release name that does not include the name of the helm chart (`vc-authn-oidc`).* fullnameOverride: "" ## @param image.repository @@ -374,8 +374,8 @@ acapy: admin_password: "" existingSecret: "" secretKeys: - adminPasswordKey: admin-password - userPasswordKey: database-password + adminPasswordKey: postgres-password + userPasswordKey: password ## @section Acapy tails persistence configuration persistence: @@ -635,21 +635,12 @@ postgresql: ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-user-on-first-run ## auth: - ## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user + ## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user. Not recommended for production deployments. ## enablePostgresUser: true - ## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials. `postgresql.auth.postgresPassword`, `postgresql.auth.password`, and `postgresql.auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. - ## - existingSecret: '{{ include "global.fullname" . }}' - ## @param postgresql.auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. - ## @param postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. - ## - secretKeys: - adminPasswordKey: admin-password - userPasswordKey: database-password ## @param postgresql.auth.database Name for a custom database to create ## - database: traction + database: askar-wallet ## @param postgresql.auth.username Name for a custom user to create ## username: acapy