Skip to content

Commit

Permalink
Merge pull request #522 from i5okie/feature/chart-update
Browse files Browse the repository at this point in the history
[Helm} Chart changes to support ArgoCD deployment
  • Loading branch information
i5okie authored May 28, 2024
2 parents a48c136 + 9eeff6d commit 2804ef3
Show file tree
Hide file tree
Showing 17 changed files with 120 additions and 70 deletions.
8 changes: 4 additions & 4 deletions charts/vc-authn-oidc/Chart.lock
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
dependencies:
- name: mongodb
repository: https://charts.bitnami.com/bitnami
version: 13.13.1
version: 15.4.3
- name: postgresql
repository: https://charts.bitnami.com/bitnami/
version: 11.9.13
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.6.0
digest: sha256:dda5d934795b4a8bebc838b46bb0e94fefbb2fd02a4c45baed829b18c03371d9
generated: "2023-07-31T09:49:41.275055325-07:00"
version: 2.19.3
digest: sha256:25b2d378a440a3b9000f24974ea1f4a1f7b97bc502a13b27773845fdd31a4507
generated: "2024-05-27T14:33:12.613817654-07:00"
4 changes: 2 additions & 2 deletions charts/vc-authn-oidc/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.0
version: 0.2.1

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand All @@ -17,7 +17,7 @@ appVersion: "2.0.2"
# Charts the vc-authn-oidc service depends on
dependencies:
- name: mongodb
version: "13.13.1"
version: 15.4.3
repository: "https://charts.bitnami.com/bitnami"
- name: postgresql
version: 11.9.13
Expand Down
25 changes: 14 additions & 11 deletions charts/vc-authn-oidc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,10 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release
| `controllerPresentationExpireTime` | The number of time in seconds a proof request will be valid for | `300` |
| `useHTTPS` | Prepend Agent and Admin URLs with `https` | `true` |
| `logLevel` | Accepts one of the following values: CRITICAL, ERROR, WARNING, INFO, DEBUG | `INFO` |
| `auth.api.existingSecret` | Specify the name of the secret containing `controllerApiKey` key. | `""` |
| `auth.token.privateKey.filename` | Specify the name of the signing key file | `jwt-token.pem` |
| `auth.token.privateKey.existingSecret` | Specify the name of the secret containing the signing key to be mounted, if not specified, a new secret will be created. | `""` |
| `database.existingSecret` | Specify existing secret containing the keys `mongodb-root-password`, `mongodb-replica-set-key`, and `mongodb-passwords`. `database.secret.create` must be set to `false` when using existing secret. | `""` |
| `podAnnotations` | Map of annotations to add to the acapy pods | `{}` |
| `podSecurityContext` | Pod Security Context | `{}` |
| `containerSecurityContext` | Container Security Context | `{}` |
Expand Down Expand Up @@ -141,7 +143,8 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release
| `acapy.agentUrl` | Agent host, required if `enabled` is `false`, otherwise ignored | `""` |
| `acapy.adminUrl` | Agent admin host, required if `enabled` is `false`, otherwise ignored | `""` |
| `acapy.existingSecret` | Name of existing secret, required if `enabled` is `false`; Secret must contain `adminApiKey`, `walletKey`, and `webhookApiKey` keys. | `""` |
| `acapy.agentSeed` | | `""` |
| `acapy.agentSeed.seed` | | `""` |
| `acapy.agentSeed.existingSecret` | Name of existing secret with the `seed` key. | `""` |
| `acapy.image.repository` | | `ghcr.io/hyperledger/aries-cloudagent-python` |
| `acapy.image.pullPolicy` | | `IfNotPresent` |
| `acapy.image.pullSecrets` | | `[]` |
Expand Down Expand Up @@ -200,14 +203,16 @@ Note: Secure values of the configuration are passed via equivalent environment v

### Wallet Storage Credentials

| Name | Description | Value |
| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- |
| `acapy.walletStorageCredentials.json` | Raw json with database credentials. Overrides all other values including postgres subchart values. e.g.: '{"account":"postgres","password":"mysecretpassword","admin_account":"postgres","admin_password":"mysecretpassword"}' | `""` |
| `acapy.walletStorageCredentials.account` | Database account name. | `""` |
| `acapy.walletStorageCredentials.password` | Database password. | `""` |
| `acapy.walletStorageCredentials.admin_account` | Database account with CREATEDB role used to create additional databases per wallet. | `postgres` |
| `acapy.walletStorageCredentials.admin_password` | Database password for admin account. | `""` |
| `acapy.walletStorageCredentials.existingSecret` | Name of an existing secret containing 'database-user', 'database-password', 'admin-password' keys. | `""` |
| Name | Description | Value |
| ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- |
| `acapy.walletStorageCredentials.json` | Raw json with database credentials. Overrides all other values including postgres subchart values. e.g.: '{"account":"postgres","password":"mysecretpassword","admin_account":"postgres","admin_password":"mysecretpassword"}' | `""` |
| `acapy.walletStorageCredentials.account` | Database account name. | `""` |
| `acapy.walletStorageCredentials.password` | Database password. | `""` |
| `acapy.walletStorageCredentials.admin_account` | Database account with CREATEDB role used to create additional databases per wallet. | `postgres` |
| `acapy.walletStorageCredentials.admin_password` | Database password for admin account. | `""` |
| `acapy.walletStorageCredentials.existingSecret` | Name of an existing secret containing 'database-user', 'database-password', 'admin-password' keys. | `""` |
| `acapy.walletStorageCredentials.secretKeys.adminPasswordKey` | Key in existing secret containing admin password | `admin-password` |
| `acapy.walletStorageCredentials.secretKeys.userPasswordKey` | Key in existing secret containing password | `database-password` |

### Acapy tails persistence configuration

Expand Down Expand Up @@ -266,8 +271,6 @@ Note: Secure values of the configuration are passed via equivalent environment v
| `acapy.openshift.adminRoute.tls.insecureEdgeTerminationPolicy` | TLS termination policy | `None` |
| `acapy.openshift.adminRoute.tls.termination` | TLS termination type | `edge` |
| `acapy.openshift.adminRoute.wildcardPolicy` | Wildcard policy for the route | `None` |
| `acapy.secret.adminApiKey.generated` | Generate admin api key | `true` |
| `acapy.secret.adminApiKey.value` | Override admin api key | `""` |
| `mongodb.auth.enabled` | Enable authentication | `true` |
| `mongodb.auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`) | `{{ include "global.fullname" . }}` |
| `mongodb.auth.usernames` | List of custom users to be created during the initialization | `["vcauthn"]` |
Expand Down
Binary file added charts/vc-authn-oidc/charts/common-2.19.3.tgz
Binary file not shown.
Binary file removed charts/vc-authn-oidc/charts/common-2.6.0.tgz
Binary file not shown.
Binary file removed charts/vc-authn-oidc/charts/mongodb-13.13.1.tgz
Binary file not shown.
Binary file added charts/vc-authn-oidc/charts/mongodb-15.4.3.tgz
Binary file not shown.
59 changes: 46 additions & 13 deletions charts/vc-authn-oidc/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -156,39 +156,65 @@ Usage:
{{- end }}

{{/*
Create the name of the database secret to use
Define the name of the database secret to use
*/}}
{{- define "vc-authn-oidc.databaseSecretName" -}}
{{- if (empty .Values.database.existingSecret) -}}
{{- printf "%s-%s" .Release.Name "mongodb" | trunc 63 | trimSuffix "-" }}
{{- else -}}
{{- .Values.database.existingSecret -}}
{{- end -}}
{{- end }}

{{/*
Return true if a database secret should be created
*/}}
{{- define "vc-authn-oidc.database.createSecret" -}}
{{- if not .Values.database.existingSecret -}}
{{- true -}}
{{- end -}}
{{- end -}}

{{/*
Create the name of the api key secret to use
*/}}
{{- define "vc-authn-oidc.apiSecretName" -}}
{{- printf "%s-%s" .Release.Name "api-key" | trunc 63 | trimSuffix "-" }}
{{- if (empty .Values.auth.api.existingSecret) }}
{{- printf "%s-%s" .Release.Name "api-key" | trunc 63 | trimSuffix "-" }}
{{- else -}}
{{- .Values.auth.api.existingSecret }}
{{- end -}}
{{- end }}

{{/*
Return true if a secret object should be created for the vc-authn-oidc token private key
Return true if the api-secret should be created
*/}}
{{- define "vc-authn-oidc.token.createSecret" -}}
{{- define "vc-authn-oidc.api.createSecret" -}}
{{- if (empty .Values.auth.token.privateKey.existingSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{- end }}

{{/*
Return the secret with vc-authn-oidc token private key
*/}}
{{- define "vc-authn-oidc.token.secretName" -}}
{{- if .Values.auth.token.privateKey.existingSecret -}}
{{- printf "%s" .Values.auth.token.privateKey.existingSecret | trunc 63 | trimSuffix "-" -}}
{{- .Values.auth.token.privateKey.existingSecret -}}
{{- else -}}
{{- printf "%s-jwt-token" (include "global.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}

{{/*
Return true if a secret object should be created for the vc-authn-oidc token private key
*/}}
{{- define "vc-authn-oidc.token.createSecret" -}}
{{- if (empty .Values.auth.token.privateKey.existingSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}

{{/*
Generate token private key
*/}}
Expand Down Expand Up @@ -217,7 +243,7 @@ Return the secret with vc-authn-oidc token private key
*/}}
{{- define "acapy.secretName" -}}
{{- if .Values.acapy.existingSecret -}}
{{- printf "%s" .Values.acapy.existingSecret | trunc 63 | trimSuffix "-" -}}
{{- .Values.acapy.existingSecret -}}
{{- else -}}
{{- printf "%s-acapy-secret" (include "global.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
Expand All @@ -235,6 +261,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- end -}}
{{- end -}}

{{/*
Return true if a database secret should be created
*/}}
{{- define "acapy.database.createSecret" -}}
{{- if not .Values.acapy.walletStorageCredentials.existingSecret -}}
{{- true -}}
{{- end -}}
{{- end -}}

{{/*
Return acapy label
*/}}
Expand Down Expand Up @@ -346,12 +381,10 @@ Create the name of the acapy service account to use
{{- end }}

{{/*
Return seed
Return true if the seed secret should be created
*/}}
{{- define "acapy.seed" -}}
{{- if .Values.acapy.agentSeed -}}
{{- .Values.acapy.agentSeed }}
{{- else -}}
{{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.fullname" .) "Key" "seed" "Length" 32) }}
{{- define "acapy.seed.createSecret" -}}
{{- if not .Values.acapy.agentSeed.existingSecret -}}
{{- true -}}
{{- end -}}
{{- end -}}
Loading

0 comments on commit 2804ef3

Please sign in to comment.