From 02fb5ab7faaa2c625ccafeb7e64df503c7ba2856 Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Thu, 31 Aug 2023 12:06:11 +0200 Subject: [PATCH 1/8] feat(charts):[TRI-1548] Add DIL charts --- charts/irs-environments/dil/.helmignore | 23 +++ charts/irs-environments/dil/Chart.yaml | 30 ++++ charts/irs-environments/dil/values.yaml | 210 ++++++++++++++++++++++++ 3 files changed, 263 insertions(+) create mode 100644 charts/irs-environments/dil/.helmignore create mode 100644 charts/irs-environments/dil/Chart.yaml create mode 100644 charts/irs-environments/dil/values.yaml diff --git a/charts/irs-environments/dil/.helmignore b/charts/irs-environments/dil/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/charts/irs-environments/dil/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/irs-environments/dil/Chart.yaml b/charts/irs-environments/dil/Chart.yaml new file mode 100644 index 0000000000..9d9bc27557 --- /dev/null +++ b/charts/irs-environments/dil/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: irs-dev +description: IRS Helm chart for deployment on Catena-X ArgoCD + + +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.6 + +dependencies: + - name: irs-helm + repository: https://catenax-ng.github.io/tx-item-relationship-service + version: 6.5.0 + - name: tractusx-connector + repository: https://eclipse-tractusx.github.io/tractusx-edc + version: 0.5.0 + - condition: postgresql.enabled + alias: edc-postgresql + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 12.1.6 diff --git a/charts/irs-environments/dil/values.yaml b/charts/irs-environments/dil/values.yaml new file mode 100644 index 0000000000..e872da3f8b --- /dev/null +++ b/charts/irs-environments/dil/values.yaml @@ -0,0 +1,210 @@ +irs-helm: + ##################### + # IRS Configuration # + ##################### + irsUrl: "https://irs-dil.dev.demo.catena-x.net" + image: + repository: ghcr.io/catenax-ng/irs-api + tag: PR-469 + bpn: BPNL00000001CRHK + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + hosts: + - host: "irs-dil.dev.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "irs-dil.dev.demo.catena-x.net" + secretName: tls-secret + digitalTwinRegistry: + url: https://irs-aas-registry.dev.demo.catena-x.net/semantics/registry/api/v3.0 + discoveryFinderUrl: https://discovery-mock.dev.demo.catena-x.net/api/administration/connectors/discovery/search + shellDescriptorTemplate: /shell-descriptors/{aasIdentifier} + lookupShellsTemplate: /lookup/shells?assetIds={assetIds} + semanticshub: + url: https://semantics.int.demo.catena-x.net/hub/api/v1/models + bpdm: + url: https://partners-pool.int.demo.catena-x.net + minioUser: + minioPassword: + keycloak: + oauth2: + clientId: + clientSecret: + clientTokenUri: + jwkSetUri: + edc: + controlplane: + apikey: + secret: + + resources: + limits: + cpu: 1 + memory: 1.5Gi + requests: + cpu: 100m + memory: 1.5Gi + + + ####################### + # Minio Configuration # + ####################### + minio: + rootUser: + rootPassword: + serviceAccount: + name: "irs-dev-minio-sa" + + +tractusx-connector: + install: + postgresql: false + vault: false + participant: + id: + + controlplane: + # SSI configuration + ssi: + miw: + url: + authorityId: + oauth: + tokenurl: + client: + id: + secretAlias: edc-test-miw-keycloak-secret + ingresses: + - enabled: true + hostname: "irs-dil-consumer-controlplane.dev.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - protocol + - management + tls: + enabled: true + secretName: tls-secret + + endpoints: + # -- data management api, used by internal users, can be added to an ingress and must not be internet facing + management: + port: 8081 + path: /management + authKey: # -- authentication key, must be attached to each 'X-Api-Key' request header + # -- protocol api, used for inter connector communication and must be internet facing + protocol: + port: 8084 + path: /api/v1/dsp + # -- observability api with unsecured access, must not be internet facing + observability: + port: 8085 + path: /observability # -- observability api, provides /health /readiness and /liveness endpoints + insecure: true # -- allow or disallow insecure access, i.e. access without authentication + + internationalDataSpaces: + id: TXDC + description: Tractus-X Eclipse IDS Data Space Connector + title: "" + maintainer: "" + curator: "" + catalogId: TXDC-Catalog + + resources: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 100m + memory: 2Gi + + dataplane: + ingresses: + - enabled: true + hostname: "irs-dil-consumer-dataplane.dev.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - public + className: "nginx" + tls: + enabled: true + secretName: tls-secret + + endpoints: + public: + port: 8081 + path: /api/public + observability: + port: 8085 + path: /observability + insecure: true + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + + # URL where the EndpointDataReference callback will be sent to + backendService: + httpProxyTokenReceiverUrl: "http://irs-dev-irs-helm:8181/internal/endpoint-data-reference" + + ################################ + # EDC Vault/DAPS Configuration # + ################################ + vault: + hashicorp: + url: "https://vault.demo.catena-x.net" + token: "" + timeout: 30 + healthCheck: + enabled: true + standbyOk: true + paths: + secret: /v1/traceability-irs + health: /v1/sys/health + secretNames: + transferProxyTokenSignerPrivateKey: irs-dev-daps-cert-consumer-key + transferProxyTokenSignerPublicKey: irs-dev-daps-cert-consumer + transferProxyTokenEncryptionAesKey: test-edc-encryption-key + + ################################## + # EDC Postgres Configuration # + ################################## + postgresql: + enabled: true + auth: + username: "" + password: "" + username: "" + password: "" + jdbcUrl: "jdbc:postgresql://irs-dev-edc-postgresql-hl:5432/edc" + +############################## +# EDC Postgres Configuration # +############################## +# EDC chart do not support multiple postgres instances in the same namespace at the moment. +# Enable this to use the postgres dependency for when you want to deploy multiple EDC instances in one namespace +postgresql: + enabled: true +edc-postgresql: + auth: + database: edc + username: + postgresPassword: + password: From b33f6ce6d0549d22dc7209b32c576a6b603848f9 Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Thu, 31 Aug 2023 12:20:51 +0200 Subject: [PATCH 2/8] feat(charts):[TRI-1548] Add DIL charts --- charts/irs-environments/dil/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/irs-environments/dil/values.yaml b/charts/irs-environments/dil/values.yaml index e872da3f8b..1ec4de4bab 100644 --- a/charts/irs-environments/dil/values.yaml +++ b/charts/irs-environments/dil/values.yaml @@ -61,7 +61,7 @@ irs-helm: rootUser: rootPassword: serviceAccount: - name: "irs-dev-minio-sa" + name: "irs-dil-minio-sa" tractusx-connector: From 6dbf3c7ef026fd4953f16137cdf1a2905256ece4 Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Thu, 31 Aug 2023 14:08:56 +0200 Subject: [PATCH 3/8] feat(charts):[TRI-1548] Add certificate to config --- charts/irs-environments/dil/values.yaml | 114 ++++++++++++++++++++++-- 1 file changed, 108 insertions(+), 6 deletions(-) diff --git a/charts/irs-environments/dil/values.yaml b/charts/irs-environments/dil/values.yaml index 1ec4de4bab..3c7d95fc0b 100644 --- a/charts/irs-environments/dil/values.yaml +++ b/charts/irs-environments/dil/values.yaml @@ -44,14 +44,116 @@ irs-helm: controlplane: apikey: secret: + config: + override: true + content: + # Config overriding Spring Boot configuration + server: + trustedPort: 8181 + + irs: + apiUrl: "https://irs-dil.dev.demo.catena-x.net" + + blobstore: + endpoint: "http://release-name-minio:9000" + accessKey: "${MINIO_ACCESS_KEY}" # taken from secret ENV + secretKey: "${MINIO_SECRET_KEY}" # taken from secret ENV + + policystore: + persistence: + endpoint: "http://release-name-minio:9000" + accessKey: "${MINIO_ACCESS_KEY}" # taken from secret ENV + secretKey: "${MINIO_SECRET_KEY}" # taken from secret ENV + + spring: + security: + oauth2: + client: + registration: + keycloak: + client-id: "${KEYCLOAK_OAUTH2_CLIENT_ID}" # taken from secret ENV + client-secret: "${KEYCLOAK_OAUTH2_CLIENT_SECRET}" # taken from secret ENV + portal: + client-id: ${PORTAL_OAUTH2_CLIENT_ID} # taken from secret ENV + client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # taken from secret ENV + provider: + keycloak: + token-uri: "" + portal: + token-uri: "" + resourceserver: + jwt: + jwk-set-uri: "" + + digitalTwinRegistry: + descriptorEndpoint: "https://irs-aas-registry.dev.demo.catena-x.net/semantics/registry/api/v3.0/shell-descriptors/{aasIdentifier}" + shellLookupEndpoint: "https://irs-aas-registry.dev.demo.catena-x.net/semantics/registry/api/v3.0/lookup/shells?assetIds={assetIds}" + discoveryFinderUrl: "https://discovery-mock.dev.demo.catena-x.net/api/administration/connectors/discovery/search" + shellDescriptorTemplate: "/shell-descriptors/{aasIdentifier}" + lookupShellsTemplate: "/lookup/shells?assetIds={assetIds}" + type: "decentral" + + semanticshub: + url: "https://semantics.int.demo.catena-x.net/hub/api/v1/models" + pageSize: 100 + modelJsonSchemaEndpoint: "https://semantics.int.demo.catena-x.net/hub/api/v1/models/{urn}/json-schema" + defaultUrns: "" + + bpdm: + bpnEndpoint: "https://partners-pool.int.demo.catena-x.net/api/catena/legal-entities/{partnerId}?idType={idType}" + + irs-edc-client: + callback-url: "http://release-name-irs-helm:8181/internal/endpoint-data-reference" + controlplane: + request-ttl: "PT10M" + endpoint: + data: "http://release-name-tractusx-connector-controlplane:8081/management" + catalog: "/v2/catalog/request" + contract-negotiation: "/v2/contractnegotiations" + transfer-process: "/v2/transferprocesses" + state-suffix: "/state" + provider-suffix: "/api/v1/dsp" + catalog-limit: 1000 + catalog-page-size: 50 + api-key: + header: "X-Api-Key" + secret: ${EDC_API_KEY_SECRET:} # taken from secret ENV + + submodel: + request-ttl: "PT10M" + path: "/submodel" + urn-prefix: "/urn" + + catalog: + policies: + acceptedRightOperands: "active" + acceptedLeftOperands: "PURPOSE" + + edc: + catalog: + policies: + allowedNames: "ID 3.0 Trace, ID 3.1 Trace, R2_Traceability, FrameworkAgreement.traceability, Membership" + + ess: + localBpn: "BPNL00000001CRHK" + localEdcEndpoint: "" + managementPath: "/management/v2" + irs: + url: "https://irs-dil.dev.demo.catena-x.net" + discovery: + endpoint: "" + oAuthClientId: portal + + integrity: + publicKeyCert: resources: - limits: - cpu: 1 - memory: 1.5Gi - requests: - cpu: 100m - memory: 1.5Gi + limits: + cpu: 1 + memory: 1.5Gi + requests: + cpu: 100m + memory: 1.5Gi ####################### From a9f31ca848c602e327ef9b849438f703a26eff5a Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Thu, 31 Aug 2023 14:11:20 +0200 Subject: [PATCH 4/8] feat(charts):[TRI-1548] Add certificate to config --- charts/irs-environments/dil/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/irs-environments/dil/values.yaml b/charts/irs-environments/dil/values.yaml index 3c7d95fc0b..6f8b4d1a13 100644 --- a/charts/irs-environments/dil/values.yaml +++ b/charts/irs-environments/dil/values.yaml @@ -145,7 +145,8 @@ irs-helm: oAuthClientId: portal integrity: - publicKeyCert: + publicKeyCert: | + resources: limits: From 41427bf65fee975da6f0ca7102990b8b0e3dcc7f Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Thu, 31 Aug 2023 14:13:14 +0200 Subject: [PATCH 5/8] feat(charts):[TRI-1548] Add certificate to config --- charts/irs-environments/dil/values.yaml | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/charts/irs-environments/dil/values.yaml b/charts/irs-environments/dil/values.yaml index 6f8b4d1a13..1fae050228 100644 --- a/charts/irs-environments/dil/values.yaml +++ b/charts/irs-environments/dil/values.yaml @@ -146,15 +146,23 @@ irs-helm: integrity: publicKeyCert: | - + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6h9Uz0RH9xwlb/rqSws2 + JccIs817v1wfgLDGDY36YwzKVBNm+5IUJvCwLeMRZJ6otUFYQUUInQgM6MgW90z7 + k9SjUB7UxiSqZFfwIF6uanN0HisEo5dCfGSzLQBIrg1nw/CPKGf8Vn5kZ/+5aBl3 + dLu8pht+29yALFNZxThmnUx2rmTB9fH0SKtgY9HxBzQlbYuiwhqgbpnWTgCQb+F5 + 6Q3TnvXyG3DkOMYvzdle/QLPm+ywSf1FKp/qOaX483yVN5GpkWkQJwA5fsBGFkmT + 7hmisXEyTiIps5yR/scAOjj7evQk6+FqRksPr8mOwYwBU7F6LjnJRtg9WeHZn0CA + GQIDAQAB + -----END PUBLIC KEY----- resources: - limits: - cpu: 1 - memory: 1.5Gi - requests: - cpu: 100m - memory: 1.5Gi + limits: + cpu: 1 + memory: 1.5Gi + requests: + cpu: 100m + memory: 1.5Gi ####################### From 070b33b8c86cdd82b0a3899f99075406a1d2a5d9 Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Thu, 31 Aug 2023 14:15:41 +0200 Subject: [PATCH 6/8] feat(charts):[TRI-1548] Add certificate to config --- charts/irs-environments/dil/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/irs-environments/dil/values.yaml b/charts/irs-environments/dil/values.yaml index 1fae050228..fbacfdca0f 100644 --- a/charts/irs-environments/dil/values.yaml +++ b/charts/irs-environments/dil/values.yaml @@ -55,13 +55,13 @@ irs-helm: apiUrl: "https://irs-dil.dev.demo.catena-x.net" blobstore: - endpoint: "http://release-name-minio:9000" + endpoint: "http://irs-dil-minio:9000" accessKey: "${MINIO_ACCESS_KEY}" # taken from secret ENV secretKey: "${MINIO_SECRET_KEY}" # taken from secret ENV policystore: persistence: - endpoint: "http://release-name-minio:9000" + endpoint: "http://irs-dil-name-minio:9000" accessKey: "${MINIO_ACCESS_KEY}" # taken from secret ENV secretKey: "${MINIO_SECRET_KEY}" # taken from secret ENV @@ -103,11 +103,11 @@ irs-helm: bpnEndpoint: "https://partners-pool.int.demo.catena-x.net/api/catena/legal-entities/{partnerId}?idType={idType}" irs-edc-client: - callback-url: "http://release-name-irs-helm:8181/internal/endpoint-data-reference" + callback-url: "http://irs-dil-irs-helm:8181/internal/endpoint-data-reference" controlplane: request-ttl: "PT10M" endpoint: - data: "http://release-name-tractusx-connector-controlplane:8081/management" + data: "http://irs-dil-tractusx-connector-controlplane:8081/management" catalog: "/v2/catalog/request" contract-negotiation: "/v2/contractnegotiations" transfer-process: "/v2/transferprocesses" From 7a3fb4492052c0da50aedc5c45a84f99152fe5dc Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Thu, 31 Aug 2023 14:17:40 +0200 Subject: [PATCH 7/8] feat(charts):[TRI-1548] Add certificate to config --- charts/irs-environments/dil/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/irs-environments/dil/values.yaml b/charts/irs-environments/dil/values.yaml index fbacfdca0f..17fe35b88f 100644 --- a/charts/irs-environments/dil/values.yaml +++ b/charts/irs-environments/dil/values.yaml @@ -61,7 +61,7 @@ irs-helm: policystore: persistence: - endpoint: "http://irs-dil-name-minio:9000" + endpoint: "http://irs-dil-minio:9000" accessKey: "${MINIO_ACCESS_KEY}" # taken from secret ENV secretKey: "${MINIO_SECRET_KEY}" # taken from secret ENV From 6df9f735aec364786d6d90b929db06041ab0672d Mon Sep 17 00:00:00 2001 From: ds-mkanal <100209308+mkanal@users.noreply.github.com> Date: Mon, 4 Sep 2023 13:25:49 +0200 Subject: [PATCH 8/8] Update charts/irs-environments/dil/Chart.yaml --- charts/irs-environments/dil/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/irs-environments/dil/Chart.yaml b/charts/irs-environments/dil/Chart.yaml index 9d9bc27557..6c613e3103 100644 --- a/charts/irs-environments/dil/Chart.yaml +++ b/charts/irs-environments/dil/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: irs-dev +name: irs-dil description: IRS Helm chart for deployment on Catena-X ArgoCD