From 7ce0e6888e5711597bc4b15e795e6c7783c7b319 Mon Sep 17 00:00:00 2001 From: Torsten Egenolf Date: Wed, 29 May 2024 17:53:37 +0200 Subject: [PATCH] docs: addded configuration documentation --- .../tngkds/charts/tngkds-backend/README.md | 145 +++++++++--------- .../tngkds/charts/tngkds-backend/values.yaml | 4 +- 2 files changed, 78 insertions(+), 71 deletions(-) diff --git a/k8s/helm/tngkds/charts/tngkds-backend/README.md b/k8s/helm/tngkds/charts/tngkds-backend/README.md index 41c9c24..42a95f8 100644 --- a/k8s/helm/tngkds/charts/tngkds-backend/README.md +++ b/k8s/helm/tngkds/charts/tngkds-backend/README.md @@ -7,73 +7,80 @@ A Helm chart for TNG Key Distribution Service ## Values -| Key | Type | Default | Description | -|--------------------------------------------|--------|---------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| did.cron | string | `"*/10 * * * * *"` | spring cronjob configuration, how often shall the did file be generated | -| did.didUploadProvider | string | `"local-file"` | Upload provider for Did document, currently local-file | -| did.localFile.directory | string | `"trustlist"` | If upload provider is local-file: directory of the generated file | -| did.localFile.file-name | string | `"did.json"` | If upload provider is local-file: file-name of the generated file | -| did.did_controller | string | `"did:web:def"` | The controller that is generating the did.json / controlling its contents | -| did.did_id | string | `"did:web:abc"` | The ID of the did entry | -| did.enableDidGeneration | bool | `true` | Shall the did documents be generated | -| did.ld_proof_nonce | string | `"n0nc3"` | Nonce of the Did Document | -| did.ld_proof_verification_method | string | `"did:web:dummy.net"` | Verification Method of the DID Signer. Usually a did-link to a did.json containing the public key material that was used to sign this DID | -| did.trust_list_controller_prefix | string | `"did:web:abc"` | | -| did.trust_list_id_prefix | string | `"did:web:abc"` | | -| fullnameOverride | string | `""` | | -| gateway.connector.enabled | bool | `true` | | -| gateway.connector.endpoint | string | `""` | | -| gateway.connector.max-cache-age | int | `300` | | -| gateway.connector.proxy.enabled | bool | `false` | used for development, when your machine needs a proxy to access _tng.who.int_ | -| gateway.connector.tls_key_store.alias | string | `""` | KDS application accesses the cert via its alias | -| gateway.connector.tls_key_store.password | string | `""` | | -| gateway.connector.tls_key_store.path | string | `""` | | -| gateway.connector.tls_trust_store.alias | string | `""` | KDS application accesses the cert via its alias | -| gateway.connector.tls_trust_store.password | string | `""` | | -| gateway.connector.tls_trust_store.path | string | `""` | | -| gateway.connector.trust_anchor.alias | string | `""` | tng application access the cert via its alias | -| gateway.connector.trust_anchor.password | string | `""` | | -| gateway.connector.trust_anchor.path | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution"` | | -| image.tag | string | `"0.0.1-d890889"` | version of the container image to be used for deployment | -| imagePullSecrets | string | `"tng-distribution-pull-secret"` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| liquibaseImage.repository | string | `"ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution-initcontainer"` | | -| liquibaseImage.tag | string | `""` | version of the initcontainer image to be used, the tag is the same as for _image.tag_ | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podSecurityContext | object | `{}` | | -| db.driverclass | String | `org.h2.Driver` | The JDBC driver class | -| db.plattform | String | `org.hibernate.dialect.H2Dialect` | The Hibernate dialect | -| db.url | String | `jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;` | The JDBC URL for the database connection | -| db.username | String | `sa` | The username for the database connection | -| db.password | String | `''` | The password for the database connection | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| server.port | int | `8080` | port of the kds applications api server | -| service.ports[0].name | string | `"http"` | | -| service.ports[0].nodePort | int | `30166` | | -| service.ports[0].port | int | `8080` | | -| service.ports[0].protocol | string | `"TCP"` | | -| service.ports[0].targetPort | int | `8080` | | -| service.type | string | `"NodePort"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| spring.profile | string | `"cloud"` | {_0..n_} Spring profiles to be activated, usually used for feature toggle, currently not in use (existing values will be ignored) | -| tolerations | list | `[]` | | +| Key | Type | Default | Description | +|--------------------------------------------|--------|---------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| affinity | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| did.cron | string | `"*/10 * * * * *"` | spring cronjob configuration, how often shall the did file be generated | +| did.didUploadProvider | string | `"local-file"` | Upload provider for Did document, currently local-file | +| did.localFile.directory | string | `"trustlist"` | If upload provider is local-file: directory of the generated file | +| did.localFile.file-name | string | `"did.json"` | If upload provider is local-file: file-name of the generated file | +| did.did_controller | string | `"did:web:def"` | The controller that is generating the did.json / controlling its contents | +| did.did_id | string | `"did:web:abc"` | The ID of the did entry | +| did.enableDidGeneration | bool | `true` | Shall the did documents be generated | +| did.ld_proof_nonce | string | `"n0nc3"` | Nonce of the Did Document | +| did.ld_proof_verification_method | string | `"did:web:dummy.net"` | Verification Method of the DID Signer. Usually a did-link to a did.json containing the public key material that was used to sign this DID | +| did.trust_list_controller_prefix | string | `"did:web:abc"` | | +| did.trust_list_id_prefix | string | `"did:web:abc"` | | +| did.workdir | string | `"/tmp/kdsgituploader"` | local folder used for checkout and update git repository | +| did.prefix | string | `"v2.0.0"` | prefix used as root folder name for generated files | +| did.url | string | `"https://github.com/WorldHealthOrganization/tng-cdn-dev"` | the git repository to work in | +| did.pat | string | `"git did pat by secret tng-bot-dev"` | the personal access token of the technical user that has permission to write to the repository | +| did.didSigningProvider | string | `"dummy"`, `"local-keystore"` for configured private key | signing provider to be used to sign the did documents (proof section). dummy can be used for dev. "local-keystore"` should be used with configured private key in keystore. (see: How to setup signing material for DID Signing in [certs documentation](../../../../../certs/PlaceYourGatewayAccessKeysHere.md) | +| did.trust-list-path | string | `"trustlist"` | path that contains DID documents of trustlist | +| did.trust-list-ref-path | string | `"trustlist-ref"` | path that contains DID documents with references only | +| fullnameOverride | string | `""` | | +| gateway.connector.enabled | bool | `true` | | +| gateway.connector.endpoint | string | `""` | | +| gateway.connector.max-cache-age | int | `300` | | +| gateway.connector.proxy.enabled | bool | `false` | used for development, when your machine needs a proxy to access _tng.who.int_ | +| gateway.connector.tls_key_store.alias | string | `""` | KDS application accesses the cert via its alias | +| gateway.connector.tls_key_store.password | string | `""` | | +| gateway.connector.tls_key_store.path | string | `""` | | +| gateway.connector.tls_trust_store.alias | string | `""` | KDS application accesses the cert via its alias | +| gateway.connector.tls_trust_store.password | string | `""` | | +| gateway.connector.tls_trust_store.path | string | `""` | | +| gateway.connector.trust_anchor.alias | string | `""` | tng application access the cert via its alias | +| gateway.connector.trust_anchor.password | string | `""` | | +| gateway.connector.trust_anchor.path | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution"` | | +| image.tag | string | `"0.0.1-d890889"` | version of the container image to be used for deployment | +| imagePullSecrets | string | `"tng-distribution-pull-secret"` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| liquibaseImage.repository | string | `"ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution-initcontainer"` | | +| liquibaseImage.tag | string | `""` | version of the initcontainer image to be used, the tag is the same as for _image.tag_ | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podSecurityContext | object | `{}` | | +| db.driverclass | String | `org.h2.Driver` | The JDBC driver class | +| db.plattform | String | `org.hibernate.dialect.H2Dialect` | The Hibernate dialect | +| db.url | String | `jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;` | The JDBC URL for the database connection | +| db.username | String | `sa` | The username for the database connection | +| db.password | String | `''` | The password for the database connection | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| server.port | int | `8080` | port of the kds applications api server | +| service.ports[0].name | string | `"http"` | | +| service.ports[0].nodePort | int | `30166` | | +| service.ports[0].port | int | `8080` | | +| service.ports[0].protocol | string | `"TCP"` | | +| service.ports[0].targetPort | int | `8080` | | +| service.type | string | `"NodePort"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| spring.profile | string | `"cloud"` | {_0..n_} Spring profiles to be activated, usually used for feature toggle, currently not in use (existing values will be ignored) | +| tolerations | list | `[]` | | diff --git a/k8s/helm/tngkds/charts/tngkds-backend/values.yaml b/k8s/helm/tngkds/charts/tngkds-backend/values.yaml index 84bac08..c26858c 100644 --- a/k8s/helm/tngkds/charts/tngkds-backend/values.yaml +++ b/k8s/helm/tngkds/charts/tngkds-backend/values.yaml @@ -146,10 +146,10 @@ did: enableDidGeneration: true didUploadProvider: local-file localFile: - directory: ./kdsgitworkdir/tng-cdn-dev/v2.0.0 + directory: /tmp/kdsgitworkdir/tng-cdn-dev/v2.0.0 file-name: did.json git: - workdir: ./kdsgituploader # oon clonind will checkout e.g. tng-cdn-dev + workdir: /tmp/kdsgituploader # oon clonind will checkout e.g. tng-cdn-dev prefix: v2.0.0 #for copy action into git workdir from local file exporter path url: https://github.com/WorldHealthOrganization/tng-cdn-dev pat: #TODO: set by secret