feat(helm): add internal / external postgresql switch

Now, it is possible to connect an external Postgres DB or use the internal one, which is bundled with the chart.
cpomorska · Jul 31, 2023 · 5ca2e55 · 5ca2e55
1 parent 9540164
commit 5ca2e55
Show file tree

Hide file tree

Showing 8 changed files with 113 additions and 59 deletions.
diff --git a/charts/managed-identity-wallet/Chart.lock b/charts/managed-identity-wallet/Chart.lock
@@ -3,4 +3,4 @@ dependencies:
   repository: https://charts.bitnami.com/bitnami
   version: 11.9.13
 digest: sha256:051285066cef2799e39e2953c4abd405c36510a09e9e1bd1833a29224daffddb
-generated: "2023-05-31T12:06:07.066291+02:00"
+generated: "2023-07-31T13:44:30.601226+02:00"
diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml
@@ -20,12 +20,12 @@
 apiVersion: v2
 name: managed-identity-wallet
 description: |
-  Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs.
+  Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. 
   And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains.
 
 type: application
 
-version: 1.0.1
+version: 1.1.0
 appVersion: 0.0.1
 
 home: https://github.com/eclipse-tractusx/managed-identity-wallet

diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/deployment.yaml
@@ -53,6 +53,43 @@ spec:
           env:
             - name: APPLICATION_PORT
               value: "8080"
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "managed-identity-wallet.fullname" . }}-postgresql
+                  key: password
+            {{- if .Values.postgresql.external.enabled }}
+            - name: DB_HOST
+              value: {{ .Values.postgresql.external.config.host }}
+            - name: DB_PORT
+              value: {{ .Values.postgresql.external.config.port }}
+            - name: DB_USER_NAME
+              value: {{ .Values.postgresql.external.auth.username }}
+            - name: DB_NAME
+              value: {{ .Values.postgresql.external.config.database }}
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  {{- if .Values.postgresql.external.auth.existingSecret }}
+                  name: {{ .Values.postgresql.external.auth.existingSecret }}
+                  key: {{ .Values.postgresql.external.auth.existingSecretKey }}
+                  {{- else }}
+                  name: {{ include "managed-identity-wallet.fullname" . }}-postgresql
+                  key: password
+                  {{- end }}
+            {{- else }}
+            - name: DB_HOST
+              value: {{ include "managed-identity-wallet.fullname" . }}-postgresql
+            - name: DB_USER_NAME
+              value: {{ .Values.postgresql.auth.username }}
+            - name: DB_NAME
+              value: {{ .Values.postgresql.auth.database }}
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "managed-identity-wallet.fullname" . }}-postgresql
+                  key: password
+            {{- end }}
           {{- if or .Values.envs .Values.secrets }}
           {{- range $key, $val := .Values.envs }}
             - name: {{ $key }}

diff --git a/charts/managed-identity-wallet/templates/secret-database.yaml b/charts/managed-identity-wallet/templates/secret-database.yaml
@@ -0,0 +1,30 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+{{- if and .Values.postgresql.external.enabled ( not .Values.postgresql.external.auth.existingSecret ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name:{{ include "managed-identity-wallet.fullname" . }}-postgresql
+  labels:
+    {{- include "managed-identity-wallet.labels" . | nindent 4 }}
+type: Opaque
+data:
+  password: {{ .Values.postgresql.external.auth.password | b64enc }}
+{{- end -}}
diff --git a/charts/managed-identity-wallet/values-dev.yaml b/charts/managed-identity-wallet/values-dev.yaml
@@ -21,13 +21,10 @@ image:
   tag: "latest-java-did-web"
 
 secrets:
-  DB_USER_NAME: <path:managed-identity-wallets/data/dev/postgres-managed-identity-wallets-secret-config#user>
-  DB_PASSWORD: <path:managed-identity-wallets/data/dev/postgres-managed-identity-wallets-secret-config#password>
   ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3
   KEYCLOAK_CLIENT_ID: <path:managed-identity-wallets/data/dev/managed-identity-wallets-secrets#miw-auth-client-id>
 
 envs:
-  DB_HOST: managed-identity-wallets-new-postgresql
   MIW_HOST_NAME: managed-identity-wallets-new.dev.demo.catena-x.net  # Depend on ingress host name (managed-identity-wallets-new.dev.demo.catena-x.net)
   KEYCLOAK_REALM: CX-Central
   AUTH_SERVER_URL: https://centralidp.dev.demo.catena-x.net/auth
@@ -49,10 +46,8 @@ ingress:
         - managed-identity-wallets-new.dev.demo.catena-x.net
 
 postgresql:
-  primary:
-    initdb:
-      password: <path:managed-identity-wallets/data/dev/postgres-managed-identity-wallets-secret-config#postgres-password>
+  enabled: true
   auth:
     password: <path:managed-identity-wallets/data/dev/postgres-managed-identity-wallets-secret-config#password>
-    postgresPassword: <path:managed-identity-wallets/data/dev/postgres-managed-identity-wallets-secret-config#postgres-password>
     username: <path:managed-identity-wallets/data/dev/postgres-managed-identity-wallets-secret-config#user>
+    postgresPassword: <path:managed-identity-wallets/data/dev/postgres-managed-identity-wallets-secret-config#postgres-password>
diff --git a/charts/managed-identity-wallet/values-int.yaml b/charts/managed-identity-wallet/values-int.yaml
@@ -21,13 +21,10 @@ image:
   tag: "latest-java-did-web"
 
 secrets:
-  DB_USER_NAME: <path:managed-identity-wallets/data/int/postgres-managed-identity-wallets-secret-config#user>
-  DB_PASSWORD: <path:managed-identity-wallets/data/int/postgres-managed-identity-wallets-secret-config#password>
   ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3
   KEYCLOAK_CLIENT_ID: <path:managed-identity-wallets/data/int/managed-identity-wallets-secrets#miw-auth-client-id>
 
 envs:
-  DB_HOST: managed-identity-wallets-new-postgresql
   MIW_HOST_NAME: managed-identity-wallets-new.int.demo.catena-x.net  # Depend on ingress host name (managed-identity-wallets-new.int.demo.catena-x.net)
   KEYCLOAK_REALM: CX-Central
   AUTH_SERVER_URL: https://centralidp.int.demo.catena-x.net/auth
@@ -49,10 +46,8 @@ ingress:
         - managed-identity-wallets-new.int.demo.catena-x.net
 
 postgresql:
-  primary:
-    initdb:
-      password: <path:managed-identity-wallets/data/int/postgres-managed-identity-wallets-secret-config#postgres-password>
+  enabled: true
   auth:
     password: <path:managed-identity-wallets/data/int/postgres-managed-identity-wallets-secret-config#password>
-    postgresPassword: <path:managed-identity-wallets/data/int/postgres-managed-identity-wallets-secret-config#postgres-password>
     username: <path:managed-identity-wallets/data/int/postgres-managed-identity-wallets-secret-config#user>
+    postgresPassword: <path:managed-identity-wallets/data/int/postgres-managed-identity-wallets-secret-config#postgres-password>
diff --git a/charts/managed-identity-wallet/values-local.yaml b/charts/managed-identity-wallet/values-local.yaml
@@ -21,8 +21,6 @@ image:
   tag: "latest-java-did-web"
 
 secrets:
-  DB_USER_NAME: postgres
-  DB_PASSWORD: xxx
   ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3
   KEYCLOAK_CLIENT_ID: z445srtzr5g
 
@@ -57,10 +55,8 @@ backup:
       storageClassName: hostpath
 
 postgresql:
-  primary:
-    initdb:
-      password: xxx
+  enabled: true
   auth:
     password: xxx
-    postgresPassword: xxx
     username: postgres
+    postgresPassword: xxx
diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
@@ -23,40 +23,38 @@ replicaCount: 1
 # -- Image of the main container
 image:
   # -- Image repository
-  repository: tractusx/managed-identity-wallet
+  repository: ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service
   # -- PullPolicy
   pullPolicy: Always
   # -- Image tag (empty one will use "appVersion" value from chart definition)
-  tag: "" 
+  tag: ""
+
+# -- Credentials name for private repos
+imagePullSecrets: []
 
 nameOverride: ""
 fullnameOverride: ""
 
 # -- Parameters for the application (will be stored as secrets - so, for passwords, ...)
-secrets: {}
-#  DB_USER_NAME: xxx # Has to be the same as below in "postgresql" section
-#  DB_PASSWORD: xxx # Has to be the same as below in "postgresql" section
-#  KEYCLOAK_CLIENT_ID: xxx
-#  ENCRYPTION_KEY: xxx  # 64 chars
+secrets:
+  KEYCLOAK_CLIENT_ID: ""
+  ENCRYPTION_KEY: ""  # 64 chars
 
 # -- Parameters for the application (will be provided as plain environment variables)
-envs: {}
-#  APPLICATION_ENVIRONMENT: xxx
-#  DB_HOST: auto
-#  DB_PORT: xxx
-#  DB_NAME: xxx  # set it also in the init script in the postgres initdb section below!!
-#  USE_SSL: xxx
-#  DB_POOL_SIZE: xxx
-#  KEYCLOAK_MIW_PUBLIC_CLIENT: xxx
-#  MANAGEMENT_PORT: xxx
-#  MIW_HOST_NAME: xxx
-#  AUTHORITY_WALLET_BPN: xxx
-#  AUTHORITY_WALLET_NAME: xxx
-#  AUTHORITY_WALLET_DID: xxx
-#  VC_SCHEMA_LINK: xxx
-#  VC_EXPIRY_DATE: xxx
-#  KEYCLOAK_REALM: xxx
-#  AUTH_SERVER_URL: xxx
+envs:
+  APPLICATION_ENVIRONMENT: "dev"
+  USE_SSL: false
+  DB_POOL_SIZE:
+  KEYCLOAK_MIW_PUBLIC_CLIENT: ""
+  MANAGEMENT_PORT:
+  MIW_HOST_NAME: localhost
+  AUTHORITY_WALLET_BPN: ""
+  AUTHORITY_WALLET_NAME: ""
+  AUTHORITY_WALLET_DID: ""
+  VC_SCHEMA_LINK: ""
+  VC_EXPIRY_DATE: ""
+  KEYCLOAK_REALM: ""
+  AUTH_SERVER_URL: ""
 
 # -- ServiceAccount configuration
 serviceAccount:
@@ -133,17 +131,20 @@ backup:
       # -- storageClassName
       storageClassName: "-"
 
-# @ignored
 postgresql:
-  primary:
-    initdb:
-      scripts:
-        init_db_script.sh: |
-          #!/bin/sh
-          createdb -O postgres miw
-      user: postgres
-      password: postgres
+  external:
+    enabled: false
+    config:
+      host: ""
+      port: 5432
+      database: ""
+    auth:
+      username: ""
+      password: ""
+      existingSecret: ""
+      existingSecretKey: password
+
+  # @ignored
   auth:
-    password: postgres
-    username: postgres
-    postgresPassword: postgres
+    username: miw
+    database: miw