diff --git a/charts/managed-identity-wallet/Chart.lock b/charts/managed-identity-wallet/Chart.lock index 665a873a6..e55955c97 100644 --- a/charts/managed-identity-wallet/Chart.lock +++ b/charts/managed-identity-wallet/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 11.9.13 digest: sha256:051285066cef2799e39e2953c4abd405c36510a09e9e1bd1833a29224daffddb -generated: "2023-05-31T12:06:07.066291+02:00" +generated: "2023-07-31T13:44:30.601226+02:00" diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index e726f719e..6e1fb7a2f 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -20,12 +20,12 @@ apiVersion: v2 name: managed-identity-wallet description: | - Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. + Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains. type: application -version: 1.0.1 +version: 1.1.0 appVersion: 0.0.1 home: https://github.com/eclipse-tractusx/managed-identity-wallet diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/deployment.yaml index a6e0d38d0..31e0906f4 100644 --- a/charts/managed-identity-wallet/templates/deployment.yaml +++ b/charts/managed-identity-wallet/templates/deployment.yaml @@ -53,6 +53,43 @@ spec: env: - name: APPLICATION_PORT value: "8080" + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallet.fullname" . }}-postgresql + key: password + {{- if .Values.postgresql.external.enabled }} + - name: DB_HOST + value: {{ .Values.postgresql.external.config.host }} + - name: DB_PORT + value: {{ .Values.postgresql.external.config.port }} + - name: DB_USER_NAME + value: {{ .Values.postgresql.external.auth.username }} + - name: DB_NAME + value: {{ .Values.postgresql.external.config.database }} + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.postgresql.external.auth.existingSecret }} + name: {{ .Values.postgresql.external.auth.existingSecret }} + key: {{ .Values.postgresql.external.auth.existingSecretKey }} + {{- else }} + name: {{ include "managed-identity-wallet.fullname" . }}-postgresql + key: password + {{- end }} + {{- else }} + - name: DB_HOST + value: {{ include "managed-identity-wallet.fullname" . }}-postgresql + - name: DB_USER_NAME + value: {{ .Values.postgresql.auth.username }} + - name: DB_NAME + value: {{ .Values.postgresql.auth.database }} + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallet.fullname" . }}-postgresql + key: password + {{- end }} {{- if or .Values.envs .Values.secrets }} {{- range $key, $val := .Values.envs }} - name: {{ $key }} diff --git a/charts/managed-identity-wallet/templates/secret-database.yaml b/charts/managed-identity-wallet/templates/secret-database.yaml new file mode 100644 index 000000000..46201d1e1 --- /dev/null +++ b/charts/managed-identity-wallet/templates/secret-database.yaml @@ -0,0 +1,30 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +{{- if and .Values.postgresql.external.enabled ( not .Values.postgresql.external.auth.existingSecret ) }} +apiVersion: v1 +kind: Secret +metadata: + name:{{ include "managed-identity-wallet.fullname" . }}-postgresql + labels: + {{- include "managed-identity-wallet.labels" . | nindent 4 }} +type: Opaque +data: + password: {{ .Values.postgresql.external.auth.password | b64enc }} +{{- end -}} diff --git a/charts/managed-identity-wallet/values-dev.yaml b/charts/managed-identity-wallet/values-dev.yaml index f0eb88beb..877dd182f 100644 --- a/charts/managed-identity-wallet/values-dev.yaml +++ b/charts/managed-identity-wallet/values-dev.yaml @@ -21,13 +21,10 @@ image: tag: "latest-java-did-web" secrets: - DB_USER_NAME: - DB_PASSWORD: ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3 KEYCLOAK_CLIENT_ID: envs: - DB_HOST: managed-identity-wallets-new-postgresql MIW_HOST_NAME: managed-identity-wallets-new.dev.demo.catena-x.net # Depend on ingress host name (managed-identity-wallets-new.dev.demo.catena-x.net) KEYCLOAK_REALM: CX-Central AUTH_SERVER_URL: https://centralidp.dev.demo.catena-x.net/auth @@ -49,10 +46,8 @@ ingress: - managed-identity-wallets-new.dev.demo.catena-x.net postgresql: - primary: - initdb: - password: + enabled: true auth: password: - postgresPassword: username: + postgresPassword: diff --git a/charts/managed-identity-wallet/values-int.yaml b/charts/managed-identity-wallet/values-int.yaml index b8897a267..9e6cc48f3 100644 --- a/charts/managed-identity-wallet/values-int.yaml +++ b/charts/managed-identity-wallet/values-int.yaml @@ -21,13 +21,10 @@ image: tag: "latest-java-did-web" secrets: - DB_USER_NAME: - DB_PASSWORD: ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3 KEYCLOAK_CLIENT_ID: envs: - DB_HOST: managed-identity-wallets-new-postgresql MIW_HOST_NAME: managed-identity-wallets-new.int.demo.catena-x.net # Depend on ingress host name (managed-identity-wallets-new.int.demo.catena-x.net) KEYCLOAK_REALM: CX-Central AUTH_SERVER_URL: https://centralidp.int.demo.catena-x.net/auth @@ -49,10 +46,8 @@ ingress: - managed-identity-wallets-new.int.demo.catena-x.net postgresql: - primary: - initdb: - password: + enabled: true auth: password: - postgresPassword: username: + postgresPassword: diff --git a/charts/managed-identity-wallet/values-local.yaml b/charts/managed-identity-wallet/values-local.yaml index 2499f4efb..aa58957ce 100644 --- a/charts/managed-identity-wallet/values-local.yaml +++ b/charts/managed-identity-wallet/values-local.yaml @@ -21,8 +21,6 @@ image: tag: "latest-java-did-web" secrets: - DB_USER_NAME: postgres - DB_PASSWORD: xxx ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3 KEYCLOAK_CLIENT_ID: z445srtzr5g @@ -57,10 +55,8 @@ backup: storageClassName: hostpath postgresql: - primary: - initdb: - password: xxx + enabled: true auth: password: xxx - postgresPassword: xxx username: postgres + postgresPassword: xxx diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 34d8f9061..8c476e9c4 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -23,40 +23,38 @@ replicaCount: 1 # -- Image of the main container image: # -- Image repository - repository: tractusx/managed-identity-wallet + repository: ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service # -- PullPolicy pullPolicy: Always # -- Image tag (empty one will use "appVersion" value from chart definition) - tag: "" + tag: "" + +# -- Credentials name for private repos +imagePullSecrets: [] nameOverride: "" fullnameOverride: "" # -- Parameters for the application (will be stored as secrets - so, for passwords, ...) -secrets: {} -# DB_USER_NAME: xxx # Has to be the same as below in "postgresql" section -# DB_PASSWORD: xxx # Has to be the same as below in "postgresql" section -# KEYCLOAK_CLIENT_ID: xxx -# ENCRYPTION_KEY: xxx # 64 chars +secrets: + KEYCLOAK_CLIENT_ID: "" + ENCRYPTION_KEY: "" # 64 chars # -- Parameters for the application (will be provided as plain environment variables) -envs: {} -# APPLICATION_ENVIRONMENT: xxx -# DB_HOST: auto -# DB_PORT: xxx -# DB_NAME: xxx # set it also in the init script in the postgres initdb section below!! -# USE_SSL: xxx -# DB_POOL_SIZE: xxx -# KEYCLOAK_MIW_PUBLIC_CLIENT: xxx -# MANAGEMENT_PORT: xxx -# MIW_HOST_NAME: xxx -# AUTHORITY_WALLET_BPN: xxx -# AUTHORITY_WALLET_NAME: xxx -# AUTHORITY_WALLET_DID: xxx -# VC_SCHEMA_LINK: xxx -# VC_EXPIRY_DATE: xxx -# KEYCLOAK_REALM: xxx -# AUTH_SERVER_URL: xxx +envs: + APPLICATION_ENVIRONMENT: "dev" + USE_SSL: false + DB_POOL_SIZE: + KEYCLOAK_MIW_PUBLIC_CLIENT: "" + MANAGEMENT_PORT: + MIW_HOST_NAME: localhost + AUTHORITY_WALLET_BPN: "" + AUTHORITY_WALLET_NAME: "" + AUTHORITY_WALLET_DID: "" + VC_SCHEMA_LINK: "" + VC_EXPIRY_DATE: "" + KEYCLOAK_REALM: "" + AUTH_SERVER_URL: "" # -- ServiceAccount configuration serviceAccount: @@ -133,17 +131,20 @@ backup: # -- storageClassName storageClassName: "-" -# @ignored postgresql: - primary: - initdb: - scripts: - init_db_script.sh: | - #!/bin/sh - createdb -O postgres miw - user: postgres - password: postgres + external: + enabled: false + config: + host: "" + port: 5432 + database: "" + auth: + username: "" + password: "" + existingSecret: "" + existingSecretKey: password + + # @ignored auth: - password: postgres - username: postgres - postgresPassword: postgres + username: miw + database: miw