diff --git a/charts/vc-authn-oidc/Chart.lock b/charts/vc-authn-oidc/Chart.lock index ae79701e..a5654050 100644 --- a/charts/vc-authn-oidc/Chart.lock +++ b/charts/vc-authn-oidc/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: mongodb repository: https://charts.bitnami.com/bitnami - version: 13.13.1 + version: 15.4.3 - name: postgresql repository: https://charts.bitnami.com/bitnami/ version: 11.9.13 - name: common repository: https://charts.bitnami.com/bitnami - version: 2.6.0 -digest: sha256:dda5d934795b4a8bebc838b46bb0e94fefbb2fd02a4c45baed829b18c03371d9 -generated: "2023-07-31T09:49:41.275055325-07:00" + version: 2.19.3 +digest: sha256:25b2d378a440a3b9000f24974ea1f4a1f7b97bc502a13b27773845fdd31a4507 +generated: "2024-05-27T14:33:12.613817654-07:00" diff --git a/charts/vc-authn-oidc/Chart.yaml b/charts/vc-authn-oidc/Chart.yaml index 9fe5dd21..41590cf7 100644 --- a/charts/vc-authn-oidc/Chart.yaml +++ b/charts/vc-authn-oidc/Chart.yaml @@ -6,7 +6,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.0 +version: 0.2.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -17,7 +17,7 @@ appVersion: "2.0.2" # Charts the vc-authn-oidc service depends on dependencies: - name: mongodb - version: "13.13.1" + version: 15.4.3 repository: "https://charts.bitnami.com/bitnami" - name: postgresql version: 11.9.13 diff --git a/charts/vc-authn-oidc/README.md b/charts/vc-authn-oidc/README.md index 88799935..5b3dbd18 100644 --- a/charts/vc-authn-oidc/README.md +++ b/charts/vc-authn-oidc/README.md @@ -99,8 +99,10 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release | `controllerPresentationExpireTime` | The number of time in seconds a proof request will be valid for | `300` | | `useHTTPS` | Prepend Agent and Admin URLs with `https` | `true` | | `logLevel` | Accepts one of the following values: CRITICAL, ERROR, WARNING, INFO, DEBUG | `INFO` | +| `auth.api.existingSecret` | Specify the name of the secret containing `controllerApiKey` key. | `""` | | `auth.token.privateKey.filename` | Specify the name of the signing key file | `jwt-token.pem` | | `auth.token.privateKey.existingSecret` | Specify the name of the secret containing the signing key to be mounted, if not specified, a new secret will be created. | `""` | +| `database.existingSecret` | Specify existing secret containing the keys `mongodb-root-password`, `mongodb-replica-set-key`, and `mongodb-passwords`. `database.secret.create` must be set to `false` when using existing secret. | `""` | | `podAnnotations` | Map of annotations to add to the acapy pods | `{}` | | `podSecurityContext` | Pod Security Context | `{}` | | `containerSecurityContext` | Container Security Context | `{}` | @@ -141,7 +143,8 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release | `acapy.agentUrl` | Agent host, required if `enabled` is `false`, otherwise ignored | `""` | | `acapy.adminUrl` | Agent admin host, required if `enabled` is `false`, otherwise ignored | `""` | | `acapy.existingSecret` | Name of existing secret, required if `enabled` is `false`; Secret must contain `adminApiKey`, `walletKey`, and `webhookApiKey` keys. | `""` | -| `acapy.agentSeed` | | `""` | +| `acapy.agentSeed.seed` | | `""` | +| `acapy.agentSeed.existingSecret` | Name of existing secret with the `seed` key. | `""` | | `acapy.image.repository` | | `ghcr.io/hyperledger/aries-cloudagent-python` | | `acapy.image.pullPolicy` | | `IfNotPresent` | | `acapy.image.pullSecrets` | | `[]` | @@ -200,14 +203,16 @@ Note: Secure values of the configuration are passed via equivalent environment v ### Wallet Storage Credentials -| Name | Description | Value | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- | -| `acapy.walletStorageCredentials.json` | Raw json with database credentials. Overrides all other values including postgres subchart values. e.g.: '{"account":"postgres","password":"mysecretpassword","admin_account":"postgres","admin_password":"mysecretpassword"}' | `""` | -| `acapy.walletStorageCredentials.account` | Database account name. | `""` | -| `acapy.walletStorageCredentials.password` | Database password. | `""` | -| `acapy.walletStorageCredentials.admin_account` | Database account with CREATEDB role used to create additional databases per wallet. | `postgres` | -| `acapy.walletStorageCredentials.admin_password` | Database password for admin account. | `""` | -| `acapy.walletStorageCredentials.existingSecret` | Name of an existing secret containing 'database-user', 'database-password', 'admin-password' keys. | `""` | +| Name | Description | Value | +| ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| `acapy.walletStorageCredentials.json` | Raw json with database credentials. Overrides all other values including postgres subchart values. e.g.: '{"account":"postgres","password":"mysecretpassword","admin_account":"postgres","admin_password":"mysecretpassword"}' | `""` | +| `acapy.walletStorageCredentials.account` | Database account name. | `""` | +| `acapy.walletStorageCredentials.password` | Database password. | `""` | +| `acapy.walletStorageCredentials.admin_account` | Database account with CREATEDB role used to create additional databases per wallet. | `postgres` | +| `acapy.walletStorageCredentials.admin_password` | Database password for admin account. | `""` | +| `acapy.walletStorageCredentials.existingSecret` | Name of an existing secret containing 'database-user', 'database-password', 'admin-password' keys. | `""` | +| `acapy.walletStorageCredentials.secretKeys.adminPasswordKey` | Key in existing secret containing admin password | `admin-password` | +| `acapy.walletStorageCredentials.secretKeys.userPasswordKey` | Key in existing secret containing password | `database-password` | ### Acapy tails persistence configuration @@ -266,8 +271,6 @@ Note: Secure values of the configuration are passed via equivalent environment v | `acapy.openshift.adminRoute.tls.insecureEdgeTerminationPolicy` | TLS termination policy | `None` | | `acapy.openshift.adminRoute.tls.termination` | TLS termination type | `edge` | | `acapy.openshift.adminRoute.wildcardPolicy` | Wildcard policy for the route | `None` | -| `acapy.secret.adminApiKey.generated` | Generate admin api key | `true` | -| `acapy.secret.adminApiKey.value` | Override admin api key | `""` | | `mongodb.auth.enabled` | Enable authentication | `true` | | `mongodb.auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`) | `{{ include "global.fullname" . }}` | | `mongodb.auth.usernames` | List of custom users to be created during the initialization | `["vcauthn"]` | diff --git a/charts/vc-authn-oidc/charts/common-2.19.3.tgz b/charts/vc-authn-oidc/charts/common-2.19.3.tgz new file mode 100644 index 00000000..88a859d0 Binary files /dev/null and b/charts/vc-authn-oidc/charts/common-2.19.3.tgz differ diff --git a/charts/vc-authn-oidc/charts/common-2.6.0.tgz b/charts/vc-authn-oidc/charts/common-2.6.0.tgz deleted file mode 100644 index 6ad0e840..00000000 Binary files a/charts/vc-authn-oidc/charts/common-2.6.0.tgz and /dev/null differ diff --git a/charts/vc-authn-oidc/charts/mongodb-13.13.1.tgz b/charts/vc-authn-oidc/charts/mongodb-13.13.1.tgz deleted file mode 100644 index d8619078..00000000 Binary files a/charts/vc-authn-oidc/charts/mongodb-13.13.1.tgz and /dev/null differ diff --git a/charts/vc-authn-oidc/charts/mongodb-15.4.3.tgz b/charts/vc-authn-oidc/charts/mongodb-15.4.3.tgz new file mode 100644 index 00000000..6403ba0f Binary files /dev/null and b/charts/vc-authn-oidc/charts/mongodb-15.4.3.tgz differ diff --git a/charts/vc-authn-oidc/templates/_helpers.tpl b/charts/vc-authn-oidc/templates/_helpers.tpl index f60e864e..7b5d6707 100644 --- a/charts/vc-authn-oidc/templates/_helpers.tpl +++ b/charts/vc-authn-oidc/templates/_helpers.tpl @@ -156,39 +156,65 @@ Usage: {{- end }} {{/* -Create the name of the database secret to use +Define the name of the database secret to use */}} {{- define "vc-authn-oidc.databaseSecretName" -}} +{{- if (empty .Values.database.existingSecret) -}} {{- printf "%s-%s" .Release.Name "mongodb" | trunc 63 | trimSuffix "-" }} +{{- else -}} +{{- .Values.database.existingSecret -}} +{{- end -}} {{- end }} +{{/* +Return true if a database secret should be created +*/}} +{{- define "vc-authn-oidc.database.createSecret" -}} +{{- if not .Values.database.existingSecret -}} +{{- true -}} +{{- end -}} +{{- end -}} + {{/* Create the name of the api key secret to use */}} {{- define "vc-authn-oidc.apiSecretName" -}} -{{- printf "%s-%s" .Release.Name "api-key" | trunc 63 | trimSuffix "-" }} +{{- if (empty .Values.auth.api.existingSecret) }} + {{- printf "%s-%s" .Release.Name "api-key" | trunc 63 | trimSuffix "-" }} +{{- else -}} + {{- .Values.auth.api.existingSecret }} +{{- end -}} {{- end }} {{/* -Return true if a secret object should be created for the vc-authn-oidc token private key +Return true if the api-secret should be created */}} -{{- define "vc-authn-oidc.token.createSecret" -}} +{{- define "vc-authn-oidc.api.createSecret" -}} {{- if (empty .Values.auth.token.privateKey.existingSecret) }} {{- true -}} {{- end -}} -{{- end -}} +{{- end }} {{/* Return the secret with vc-authn-oidc token private key */}} {{- define "vc-authn-oidc.token.secretName" -}} {{- if .Values.auth.token.privateKey.existingSecret -}} - {{- printf "%s" .Values.auth.token.privateKey.existingSecret | trunc 63 | trimSuffix "-" -}} + {{- .Values.auth.token.privateKey.existingSecret -}} {{- else -}} {{- printf "%s-jwt-token" (include "global.fullname" .) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} +{{/* +Return true if a secret object should be created for the vc-authn-oidc token private key +*/}} +{{- define "vc-authn-oidc.token.createSecret" -}} +{{- if (empty .Values.auth.token.privateKey.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + {{/* Generate token private key */}} @@ -217,7 +243,7 @@ Return the secret with vc-authn-oidc token private key */}} {{- define "acapy.secretName" -}} {{- if .Values.acapy.existingSecret -}} - {{- printf "%s" .Values.acapy.existingSecret | trunc 63 | trimSuffix "-" -}} + {{- .Values.acapy.existingSecret -}} {{- else -}} {{- printf "%s-acapy-secret" (include "global.fullname" .) | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -235,6 +261,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} +{{/* +Return true if a database secret should be created +*/}} +{{- define "acapy.database.createSecret" -}} +{{- if not .Values.acapy.walletStorageCredentials.existingSecret -}} +{{- true -}} +{{- end -}} +{{- end -}} + {{/* Return acapy label */}} @@ -346,12 +381,10 @@ Create the name of the acapy service account to use {{- end }} {{/* -Return seed +Return true if the seed secret should be created */}} -{{- define "acapy.seed" -}} -{{- if .Values.acapy.agentSeed -}} -{{- .Values.acapy.agentSeed }} -{{- else -}} -{{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.fullname" .) "Key" "seed" "Length" 32) }} +{{- define "acapy.seed.createSecret" -}} +{{- if not .Values.acapy.agentSeed.existingSecret -}} +{{- true -}} {{- end -}} {{- end -}} diff --git a/charts/vc-authn-oidc/templates/agent/database_secret.yaml b/charts/vc-authn-oidc/templates/agent/database_secret.yaml index 424fdefd..b754a497 100644 --- a/charts/vc-authn-oidc/templates/agent/database_secret.yaml +++ b/charts/vc-authn-oidc/templates/agent/database_secret.yaml @@ -1,3 +1,4 @@ +{{- if (include "acapy.database.createSecret" .) -}} apiVersion: v1 kind: Secret metadata: @@ -12,3 +13,4 @@ data: admin-password: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.database.secretName" .) "Key" "admin-password") }} database-user: {{ .Values.postgresql.auth.username | b64enc }} database-password: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.database.secretName" .) "Key" "database-password") }} +{{- end -}} diff --git a/charts/vc-authn-oidc/templates/agent/deployment.yaml b/charts/vc-authn-oidc/templates/agent/deployment.yaml index d92e282f..916e2520 100644 --- a/charts/vc-authn-oidc/templates/agent/deployment.yaml +++ b/charts/vc-authn-oidc/templates/agent/deployment.yaml @@ -62,12 +62,12 @@ spec: valueFrom: secretKeyRef: name: {{ template "acapy.database.secretName" . }} - key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey }} + key: {{ .Values.acapy.walletStorageCredentials.secretKeys.userPasswordKey }} - name: POSTGRES_POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ template "acapy.database.secretName" . }} - key: {{ .Values.postgresql.auth.secretKeys.adminPasswordKey }} + key: {{ .Values.acapy.walletStorageCredentials.secretKeys.adminPasswordKey }} - name: WEBHOOK_API_KEY valueFrom: secretKeyRef: diff --git a/charts/vc-authn-oidc/templates/agent/secrets.yaml b/charts/vc-authn-oidc/templates/agent/secrets.yaml index bbd443e1..4651c58a 100644 --- a/charts/vc-authn-oidc/templates/agent/secrets.yaml +++ b/charts/vc-authn-oidc/templates/agent/secrets.yaml @@ -1,3 +1,7 @@ +{{- if (include "acapy.createSecret" .) }} +{{ $secretName := include "acapy.secretName" . }} +{{ $adminApiKey := include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" $secretName "Key" "adminApiKey" "Length" 32) }} +{{ $walletKey := include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" $secretName "Key" "walletKey" "Length" 32) }} apiVersion: v1 kind: Secret metadata: @@ -10,14 +14,12 @@ metadata: type: Opaque data: {{- if not (index .Values "acapy" "argfile.yml" "admin-insecure-mode") }} - {{- if .Values.acapy.secret.adminApiKey.generated }} - adminApiKey: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.secretName" .) "Key" "adminApiKey" "Length" 32) }} - {{ else }} - adminApiKey: {{ include "common.secrets.lookup" (dict "secret" (include "acapy.secretName" .) "key" "adminApiKey" "defaultValue" .Values.acapy.secret.adminApiKey.value "context" $) }} + adminApiKey: {{ $adminApiKey }} {{- end }} - {{- end }} - walletKey: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.secretName" .) "Key" "walletKey" "Length" 32) }} + walletKey: {{ $walletKey }} +{{- end }} --- +{{- if (include "acapy.seed.createSecret" .) }} apiVersion: v1 kind: Secret metadata: @@ -29,4 +31,5 @@ metadata: namespace: {{ .Release.Namespace }} type: Opaque data: - seed: {{ include "acapy.seed" . }} + seed: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.fullname" .) "Key" "seed" "Length" 32) }} +{{- end }} diff --git a/charts/vc-authn-oidc/templates/networkpolicy-agent-ingress.yaml b/charts/vc-authn-oidc/templates/networkpolicy-agent-ingress.yaml index 2bedfd25..120faa55 100644 --- a/charts/vc-authn-oidc/templates/networkpolicy-agent-ingress.yaml +++ b/charts/vc-authn-oidc/templates/networkpolicy-agent-ingress.yaml @@ -1,5 +1,5 @@ {{- if and .Values.acapy.networkPolicy.enabled .Values.acapy.networkPolicy.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ include "acapy.fullname" . }}-ingress diff --git a/charts/vc-authn-oidc/templates/networkpolicy-agent.yaml b/charts/vc-authn-oidc/templates/networkpolicy-agent.yaml index d2fb97df..5400349b 100644 --- a/charts/vc-authn-oidc/templates/networkpolicy-agent.yaml +++ b/charts/vc-authn-oidc/templates/networkpolicy-agent.yaml @@ -1,7 +1,6 @@ {{- if .Values.networkPolicy.enabled -}} -apiVersion: v1 kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: name: {{ include "global.fullname" . }}-agent-webhook labels: @@ -20,9 +19,8 @@ spec: matchLabels: {{- include "vc-authn-oidc.selectorLabels" . | nindent 6 }} --- -apiVersion: v1 kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: name: {{ include "global.fullname" . }}-agent-access labels: diff --git a/charts/vc-authn-oidc/templates/networkpolicy-db.yaml b/charts/vc-authn-oidc/templates/networkpolicy-db.yaml index aa2f803c..f3e5c00b 100644 --- a/charts/vc-authn-oidc/templates/networkpolicy-db.yaml +++ b/charts/vc-authn-oidc/templates/networkpolicy-db.yaml @@ -1,7 +1,6 @@ {{- if .Values.networkPolicy.enabled -}} -apiVersion: v1 kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: name: {{ include "global.fullname" . }}-db labels: @@ -27,9 +26,8 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} --- -apiVersion: v1 kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: name: {{ include "acapy.fullname" . }}-db labels: diff --git a/charts/vc-authn-oidc/templates/networkpolicy-ingress.yaml b/charts/vc-authn-oidc/templates/networkpolicy-ingress.yaml index a3f7e99f..cd4c78e8 100644 --- a/charts/vc-authn-oidc/templates/networkpolicy-ingress.yaml +++ b/charts/vc-authn-oidc/templates/networkpolicy-ingress.yaml @@ -1,7 +1,6 @@ {{- if or .Values.networkPolicy.enabled .Values.networkPolicy.ingress.enabled -}} -apiVersion: v1 kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: name: {{ include "global.fullname" . }}-ingress labels: diff --git a/charts/vc-authn-oidc/templates/secrets.yaml b/charts/vc-authn-oidc/templates/secrets.yaml index a0c8c019..7dbd4e9f 100644 --- a/charts/vc-authn-oidc/templates/secrets.yaml +++ b/charts/vc-authn-oidc/templates/secrets.yaml @@ -1,7 +1,12 @@ +{{- if (include "vc-authn-oidc.database.createSecret" .) -}} +{{ $databaseSecretName := (include "vc-authn-oidc.databaseSecretName" .) }} +{{ $mongoRootPassword := include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" $databaseSecretName "Key" "mongodb-root-password" "Length" 32) }} +{{ $mongoReplicaSetKey := include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" $databaseSecretName "Key" "mongodb-replica-set-key" "Length" 32) }} +{{ $mongoPasswords := include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" $databaseSecretName "Key" "mongodb-passwords" "Length" 32) }} apiVersion: v1 kind: Secret metadata: - name: {{ include "vc-authn-oidc.databaseSecretName" . }} + name: {{ $databaseSecretName }} labels: {{- include "vc-authn-oidc.labels" . | nindent 4 }} annotations: @@ -9,14 +14,18 @@ metadata: namespace: {{ .Release.Namespace }} type: Opaque data: - mongodb-root-password: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "vc-authn-oidc.databaseSecretName" .) "Key" "mongodb-root-password" "Length" 32) }} - mongodb-replica-set-key: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "vc-authn-oidc.databaseSecretName" .) "Key" "mongodb-replica-set-key" "Length" 32) }} - mongodb-passwords: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "vc-authn-oidc.databaseSecretName" .) "Key" "mongodb-passwords" "Length" 32) }} + mongodb-root-password: {{ $mongoRootPassword }} + mongodb-replica-set-key: {{ $mongoReplicaSetKey }} + mongodb-passwords: {{ $mongoPasswords }} +{{- end }} --- +{{- if (include "vc-authn-oidc.api.createSecret" .) -}} +{{- $apiSecretName := include "vc-authn-oidc.apiSecretName" . -}} +{{- $controllerApiKey := include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" $apiSecretName "Key" "controllerApiKey" "Length" 32) }} apiVersion: v1 kind: Secret metadata: - name: {{ include "vc-authn-oidc.apiSecretName" . }} + name: {{ $apiSecretName }} labels: {{- include "vc-authn-oidc.labels" . | nindent 4 }} annotations: @@ -24,4 +33,5 @@ metadata: namespace: {{ .Release.Namespace }} type: Opaque data: - controllerApiKey: {{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "vc-authn-oidc.apiSecretName" .) "Key" "controllerApiKey" "Length" 32) }} + controllerApiKey: {{ $controllerApiKey }} +{{- end }} diff --git a/charts/vc-authn-oidc/values.yaml b/charts/vc-authn-oidc/values.yaml index 6ee42e93..b5fc298c 100644 --- a/charts/vc-authn-oidc/values.yaml +++ b/charts/vc-authn-oidc/values.yaml @@ -39,14 +39,21 @@ useHTTPS: true ## @param logLevel Accepts one of the following values: CRITICAL, ERROR, WARNING, INFO, DEBUG logLevel: INFO +## @param auth.api.existingSecret Specify the name of the secret containing `controllerApiKey` key. ## @param auth.token.privateKey.filename Specify the name of the signing key file ## @param auth.token.privateKey.existingSecret Specify the name of the secret containing the signing key to be mounted, if not specified, a new secret will be created. auth: + api: + existingSecret: "" token: privateKey: filename: jwt-token.pem existingSecret: "" +## @param database.secret.existingSecret Specify existing secret containing the keys `mongodb-root-password`, `mongodb-replica-set-key`, and `mongodb-passwords`. `database.secret.create` must be set to `false` when using existing secret. +database: + existingSecret: "" + ## @param podAnnotations Map of annotations to add to the acapy pods ## podAnnotations: {} @@ -193,8 +200,10 @@ acapy: adminUrl: "" ## @param acapy.existingSecret Name of existing secret, required if `enabled` is `false`; Secret must contain `adminApiKey`, `walletKey`, and `webhookApiKey` keys. existingSecret: "" - ## @param acapy.agentSeed - agentSeed: "" + ## @param acapy.agentSeed.existingSecret Name of existing secret with the 'seed' key. + agentSeed: + existingSecret: "" + ## @param acapy.image.repository ## @param acapy.image.pullPolicy ## @param acapy.image.pullSecrets [array] @@ -341,6 +350,8 @@ acapy: ## @param acapy.walletStorageCredentials.admin_account Database account with CREATEDB role used to create additional databases per wallet. ## @param acapy.walletStorageCredentials.admin_password Database password for admin account. ## @param acapy.walletStorageCredentials.existingSecret Name of an existing secret containing 'database-user', 'database-password', 'admin-password' keys. + ## @param acapy.walletStorageCredentials.secretKeys.adminPasswordKey Key in existing secret containing admin password. + ## @param acapy.walletStorageCredentials.secretKeys.userPasswordKey Key in existing secret containing password . ## walletStorageCredentials: json: "" @@ -349,6 +360,10 @@ acapy: admin_account: postgres admin_password: "" existingSecret: "" + secretKeys: + adminPasswordKey: admin-password + userPasswordKey: database-password + ## @section Acapy tails persistence configuration persistence: ## @param acapy.persistence.existingClaim Name of an existing PVC to use @@ -510,17 +525,6 @@ acapy: ## wildcardPolicy: None - ## Acapy secret configuration - ## - secret: - adminApiKey: - ## @param acapy.secret.adminApiKey.generated Generate admin api key - ## - generated: true - ## @param acapy.secret.adminApiKey.value Override admin api key - ## - value: "" - ## Overrides for bitnami/mongodb chart - https://github.com/bitnami/charts/tree/main/bitnami/mongodb mongodb: auth: @@ -646,7 +650,7 @@ postgresql: enabled: true ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume ## - size: 1Gi + size: 5Gi ## Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param postgresql.primary.containerSecurityContext.enabled Enable container security context