Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Helm} Chart changes to support ArgoCD deployment #522

Merged
merged 20 commits into from
May 28, 2024
Merged

[Helm} Chart changes to support ArgoCD deployment #522

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
38edfc0
Increase agent database storage volume.
i5okie May 16, 2024
e1adb3b
helpers file changes, add createsecret logic
i5okie May 16, 2024
0514e23
create secret only if necessary
i5okie May 16, 2024
522b837
Allow specifying existingSecret
i5okie May 16, 2024
e0f348c
Update Readme
i5okie May 16, 2024
3c40da8
use secret keys as defined in Values
i5okie May 16, 2024
689bb7a
Merge branch 'main' of https://github.com/bcgov/vc-authn-oidc into fe…
i5okie May 17, 2024
d6d9a18
Use latest MongoDB chart
i5okie May 17, 2024
0b00e32
bump version
i5okie May 17, 2024
92ed50c
Use 5Gi instead of 8
i5okie May 17, 2024
393bb39
Merge branch 'main' into feature/chart-update
i5okie May 24, 2024
172ac15
remove redundant logic/values
i5okie May 27, 2024
e51627a
Merge branch 'feature/chart-update' of https://github.com/i5okie/vc-a…
i5okie May 27, 2024
6a82c0c
Clean up secrets, fix white-space handling
i5okie May 27, 2024
00c7810
clean up network policy apiVersion
i5okie May 27, 2024
0fd582e
remove redundant logic
i5okie May 27, 2024
a2da178
fix helpers logic
i5okie May 27, 2024
3b7936d
add auth.api.existingSecret, update Readme
i5okie May 27, 2024
5d9ffd9
Clean up secrets
i5okie May 27, 2024
9eeff6d
Update dependencies
i5okie May 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions charts/vc-authn-oidc/Chart.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
dependencies:
- name: mongodb
repository: https://charts.bitnami.com/bitnami
version: 13.13.1
version: 15.4.3
- name: postgresql
repository: https://charts.bitnami.com/bitnami/
version: 11.9.13
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.6.0
digest: sha256:dda5d934795b4a8bebc838b46bb0e94fefbb2fd02a4c45baed829b18c03371d9
generated: "2023-07-31T09:49:41.275055325-07:00"
version: 2.19.3
digest: sha256:25b2d378a440a3b9000f24974ea1f4a1f7b97bc502a13b27773845fdd31a4507
generated: "2024-05-27T14:33:12.613817654-07:00"
4 changes: 2 additions & 2 deletions charts/vc-authn-oidc/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.0
version: 0.2.1

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand All @@ -17,7 +17,7 @@ appVersion: "2.0.2"
# Charts the vc-authn-oidc service depends on
dependencies:
- name: mongodb
version: "13.13.1"
version: 15.4.3
repository: "https://charts.bitnami.com/bitnami"
- name: postgresql
version: 11.9.13
Expand Down
25 changes: 14 additions & 11 deletions charts/vc-authn-oidc/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,10 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release
| `controllerPresentationExpireTime` | The number of time in seconds a proof request will be valid for | `300` |
| `useHTTPS` | Prepend Agent and Admin URLs with `https` | `true` |
| `logLevel` | Accepts one of the following values: CRITICAL, ERROR, WARNING, INFO, DEBUG | `INFO` |
| `auth.api.existingSecret` | Specify the name of the secret containing `controllerApiKey` key. | `""` |
| `auth.token.privateKey.filename` | Specify the name of the signing key file | `jwt-token.pem` |
| `auth.token.privateKey.existingSecret` | Specify the name of the secret containing the signing key to be mounted, if not specified, a new secret will be created. | `""` |
| `database.existingSecret` | Specify existing secret containing the keys `mongodb-root-password`, `mongodb-replica-set-key`, and `mongodb-passwords`. `database.secret.create` must be set to `false` when using existing secret. | `""` |
| `podAnnotations` | Map of annotations to add to the acapy pods | `{}` |
| `podSecurityContext` | Pod Security Context | `{}` |
| `containerSecurityContext` | Container Security Context | `{}` |
Expand Down Expand Up @@ -141,7 +143,8 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release
| `acapy.agentUrl` | Agent host, required if `enabled` is `false`, otherwise ignored | `""` |
| `acapy.adminUrl` | Agent admin host, required if `enabled` is `false`, otherwise ignored | `""` |
| `acapy.existingSecret` | Name of existing secret, required if `enabled` is `false`; Secret must contain `adminApiKey`, `walletKey`, and `webhookApiKey` keys. | `""` |
| `acapy.agentSeed` | | `""` |
| `acapy.agentSeed.seed` | | `""` |
| `acapy.agentSeed.existingSecret` | Name of existing secret with the `seed` key. | `""` |
| `acapy.image.repository` | | `ghcr.io/hyperledger/aries-cloudagent-python` |
| `acapy.image.pullPolicy` | | `IfNotPresent` |
| `acapy.image.pullSecrets` | | `[]` |
Expand Down Expand Up @@ -200,14 +203,16 @@ Note: Secure values of the configuration are passed via equivalent environment v

### Wallet Storage Credentials

| Name | Description | Value |
| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- |
| `acapy.walletStorageCredentials.json` | Raw json with database credentials. Overrides all other values including postgres subchart values. e.g.: '{"account":"postgres","password":"mysecretpassword","admin_account":"postgres","admin_password":"mysecretpassword"}' | `""` |
| `acapy.walletStorageCredentials.account` | Database account name. | `""` |
| `acapy.walletStorageCredentials.password` | Database password. | `""` |
| `acapy.walletStorageCredentials.admin_account` | Database account with CREATEDB role used to create additional databases per wallet. | `postgres` |
| `acapy.walletStorageCredentials.admin_password` | Database password for admin account. | `""` |
| `acapy.walletStorageCredentials.existingSecret` | Name of an existing secret containing 'database-user', 'database-password', 'admin-password' keys. | `""` |
| Name | Description | Value |
| ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- |
| `acapy.walletStorageCredentials.json` | Raw json with database credentials. Overrides all other values including postgres subchart values. e.g.: '{"account":"postgres","password":"mysecretpassword","admin_account":"postgres","admin_password":"mysecretpassword"}' | `""` |
| `acapy.walletStorageCredentials.account` | Database account name. | `""` |
| `acapy.walletStorageCredentials.password` | Database password. | `""` |
| `acapy.walletStorageCredentials.admin_account` | Database account with CREATEDB role used to create additional databases per wallet. | `postgres` |
| `acapy.walletStorageCredentials.admin_password` | Database password for admin account. | `""` |
| `acapy.walletStorageCredentials.existingSecret` | Name of an existing secret containing 'database-user', 'database-password', 'admin-password' keys. | `""` |
| `acapy.walletStorageCredentials.secretKeys.adminPasswordKey` | Key in existing secret containing admin password | `admin-password` |
| `acapy.walletStorageCredentials.secretKeys.userPasswordKey` | Key in existing secret containing password | `database-password` |

### Acapy tails persistence configuration

Expand Down Expand Up @@ -266,8 +271,6 @@ Note: Secure values of the configuration are passed via equivalent environment v
| `acapy.openshift.adminRoute.tls.insecureEdgeTerminationPolicy` | TLS termination policy | `None` |
| `acapy.openshift.adminRoute.tls.termination` | TLS termination type | `edge` |
| `acapy.openshift.adminRoute.wildcardPolicy` | Wildcard policy for the route | `None` |
| `acapy.secret.adminApiKey.generated` | Generate admin api key | `true` |
| `acapy.secret.adminApiKey.value` | Override admin api key | `""` |
| `mongodb.auth.enabled` | Enable authentication | `true` |
| `mongodb.auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`) | `{{ include "global.fullname" . }}` |
| `mongodb.auth.usernames` | List of custom users to be created during the initialization | `["vcauthn"]` |
Expand Down
Binary file added charts/vc-authn-oidc/charts/common-2.19.3.tgz
View file
Open in desktop
Binary file not shown.
Binary file removed charts/vc-authn-oidc/charts/common-2.6.0.tgz
View file
Open in desktop
Binary file not shown.
Binary file removed charts/vc-authn-oidc/charts/mongodb-13.13.1.tgz
View file
Open in desktop
Binary file not shown.
Binary file added charts/vc-authn-oidc/charts/mongodb-15.4.3.tgz
View file
Open in desktop
Binary file not shown.
59 changes: 46 additions & 13 deletions charts/vc-authn-oidc/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,39 +156,65 @@ Usage:
{{- end }}

{{/*
Create the name of the database secret to use
Define the name of the database secret to use
*/}}
{{- define "vc-authn-oidc.databaseSecretName" -}}
{{- if (empty .Values.database.existingSecret) -}}
{{- printf "%s-%s" .Release.Name "mongodb" | trunc 63 | trimSuffix "-" }}
{{- else -}}
{{- .Values.database.existingSecret -}}
{{- end -}}
{{- end }}

{{/*
Return true if a database secret should be created
*/}}
{{- define "vc-authn-oidc.database.createSecret" -}}
{{- if not .Values.database.existingSecret -}}
{{- true -}}
{{- end -}}
{{- end -}}

{{/*
Create the name of the api key secret to use
*/}}
{{- define "vc-authn-oidc.apiSecretName" -}}
{{- printf "%s-%s" .Release.Name "api-key" | trunc 63 | trimSuffix "-" }}
{{- if (empty .Values.auth.api.existingSecret) }}
{{- printf "%s-%s" .Release.Name "api-key" | trunc 63 | trimSuffix "-" }}
{{- else -}}
{{- .Values.auth.api.existingSecret }}
{{- end -}}
{{- end }}

{{/*
Return true if a secret object should be created for the vc-authn-oidc token private key
Return true if the api-secret should be created
*/}}
{{- define "vc-authn-oidc.token.createSecret" -}}
{{- define "vc-authn-oidc.api.createSecret" -}}
{{- if (empty .Values.auth.token.privateKey.existingSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{- end }}

{{/*
Return the secret with vc-authn-oidc token private key
*/}}
{{- define "vc-authn-oidc.token.secretName" -}}
{{- if .Values.auth.token.privateKey.existingSecret -}}
{{- printf "%s" .Values.auth.token.privateKey.existingSecret | trunc 63 | trimSuffix "-" -}}
{{- .Values.auth.token.privateKey.existingSecret -}}
{{- else -}}
{{- printf "%s-jwt-token" (include "global.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}

{{/*
Return true if a secret object should be created for the vc-authn-oidc token private key
*/}}
{{- define "vc-authn-oidc.token.createSecret" -}}
{{- if (empty .Values.auth.token.privateKey.existingSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}

{{/*
Generate token private key
*/}}
Expand Down Expand Up @@ -217,7 +243,7 @@ Return the secret with vc-authn-oidc token private key
*/}}
{{- define "acapy.secretName" -}}
{{- if .Values.acapy.existingSecret -}}
{{- printf "%s" .Values.acapy.existingSecret | trunc 63 | trimSuffix "-" -}}
{{- .Values.acapy.existingSecret -}}
{{- else -}}
{{- printf "%s-acapy-secret" (include "global.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
Expand All @@ -235,6 +261,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- end -}}
{{- end -}}

{{/*
Return true if a database secret should be created
*/}}
{{- define "acapy.database.createSecret" -}}
{{- if not .Values.acapy.walletStorageCredentials.existingSecret -}}
{{- true -}}
{{- end -}}
{{- end -}}

{{/*
Return acapy label
*/}}
Expand Down Expand Up @@ -346,12 +381,10 @@ Create the name of the acapy service account to use
{{- end }}

{{/*
Return seed
Return true if the seed secret should be created
*/}}
{{- define "acapy.seed" -}}
{{- if .Values.acapy.agentSeed -}}
{{- .Values.acapy.agentSeed }}
{{- else -}}
{{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.fullname" .) "Key" "seed" "Length" 32) }}
{{- define "acapy.seed.createSecret" -}}
{{- if not .Values.acapy.agentSeed.existingSecret -}}
{{- true -}}
{{- end -}}
{{- end -}}
Loading