diff --git a/.DS_Store b/.DS_Store
deleted file mode 100644
index 93ce7ae..0000000
Binary files a/.DS_Store and /dev/null differ
diff --git a/AUTHORS.md b/AUTHORS.md
new file mode 100644
index 0000000..9811a2a
--- /dev/null
+++ b/AUTHORS.md
@@ -0,0 +1,6 @@
+### The following people have contributed to this repository
+
+Aditya Kumar, doubleSlash Net-Business GmbH, https://github.com/adkumar1
+Dmitrii Vasiunin, doubleSlash Net-Business GmbH, https://github.com/dvasunin
+Amol Dashwant, doubleSlash Net-Business GmbH, https://github.com/amoldashwant
+Fedor Nazarov, doubleSlash Net-Business GmbH, https://github.com/Wulghash
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e016175..58519c4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,11 +6,30 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## [Unreleased]
-## [1.7.1] - 2022-12-13
+
+## [1.7.3] - 2023-02-27
+
+### Added
+ - Added AUTHORS.md, INSTALL.md file
+ - Added comments in values.yaml
+ - Created README.md inside charts/daps-server
+ - Added sources to Chart.yaml file
+
### Changed
-- Moved helm charts from `deployment/helm` to `charts`
+ - Changed content of NOTICE.md, SECURITY.md
+ - Modified .helmignore file
+ - Modified secret.yaml
+
+ ### Removed
+ - DEPENDENCIES file not required
+
-## [0.1.1] - 2022-09-09
+## [1.7.2] - 2022-09-09
+
+### Added
Added sematic versioning, tags & helm releases
+
+### Changed
+- Moved helm charts from `deployment/helm` to `charts`
\ No newline at end of file
diff --git a/DEPENDENCIES b/DEPENDENCIES
deleted file mode 100644
index 64b762f..0000000
--- a/DEPENDENCIES
+++ /dev/null
@@ -1,5 +0,0 @@
-DAPS Image
-DAPS version
-Kubernetes
-Helm
-ArgoCD
diff --git a/INSTALL.md b/INSTALL.md
new file mode 100644
index 0000000..b29088d
--- /dev/null
+++ b/INSTALL.md
@@ -0,0 +1,30 @@
+## Installation Steps
+
+Helm charts are provided inside https://github.com/eclipse-tractusx/daps-helm-chart
+
+1.) Using helm commands:-
+
+How to install application using helm:-
+ helm install ReleaseName ChartName
+
+ a.) Add helm repository in tractusx:-
+ helm repo add daps-server https://eclipse-tractusx.github.io/charts/dev
+ b.) To search the specific repo in helm repositories
+ helm search repo tractusx-dev
+ c.) To install using helm command:-
+ helm install daps-server tractusx-dev/daps-server
+
+
+2.) Local installation:
+
+ a.) git clone https://github.com/eclipse-tractusx/daps-helm-chart.git
+ b.) Modify values file according to your requirement.
+ c.) Add the image.repository in the values file
+ c.) You need to define the secrets as well in values.yaml
+ secret:
+ clientId: -> Client id for DAPS.
+ clientSecret: -> Client Secret for DAPS
+
+ d.) These secrets should be defined in Hashicorp vault.
+ e.) Deploy in a kubernetes cluster
+ helm install daps-server charts/daps-server/ -n NameSpace
\ No newline at end of file
diff --git a/NOTICE.md b/NOTICE.md
index 03913c3..487d941 100644
--- a/NOTICE.md
+++ b/NOTICE.md
@@ -1,11 +1,15 @@
-# Notices
+# Notices for Eclipse Tractus-X
-This content is part of [CatenaX](https://catena-x.net).
+This content is produced and maintained by the Eclipse Tractus-X project.
-* Project home: https://github.com/catenax-ng
+* Project home: https://projects.eclipse.org/projects/automotive.tractusx
See the AUTHORS file(s) distributed with this work for additional information regarding authorship.
+## Trademarks
+
+Eclipse Tractus-X is a trademark of the Eclipse Foundation.
+
## Copyright
All content is the property of the respective authors or their employers. For
@@ -22,11 +26,9 @@ SPDX-License-Identifier: Apache-2.0
## Source Code
-The project maintains the following source code repositories
-in the GitHub organization https://github.com/catenax-ng:
-
-* https://github.com/catenax-ng/product-DAPS
-
+The project maintains the following source code repositories
+in the GitHub organization https://github.com/eclipse-tractusx:
+https://github.com/eclipse-tractusx/daps-helm-chart
## Third-party Content
diff --git a/README.md b/README.md
index b125ef3..bb8c750 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Notice: Tractus-x relies on an IDS-compatible architecture. In that context, a D
[https://github.com/Fraunhofer-AISEC/omejdn-server#readme ](https://github.com/Fraunhofer-AISEC/omejdn-server#readme)
-DAPS is a minimal but extensible OAuth 2.0/OpenID connect server used for ...
+DAPS is a minimal but extensible OAuth 2.0/OpenID connect server used for ..
IoT devices which use their private keys to request OAuth2 access tokens in order to access protected resources
Websites or apps which retrieve user attributes
@@ -22,7 +22,13 @@ A User Selfservice API Plugin
Standard Compliance (see below)
IMPORTANT: DAPS is meant to be a research sandbox in which we can (re)implement standard protocols and potentially extend and modify functionality under the hood to support research projects. Use at your own risk! At a minimum, take a look at the documentation for production setups.
-## DAPS installed version -> v1.7.1
+
+### Software Version
+```shell
+Helm version is v1.7.3
+Application version is v1.7.1
+```
+
## Directory structure of an DAPS server
By default, daps uses the following directory structure for configurations and keys:
@@ -149,19 +155,7 @@ You may retrieve the server configuration under
# Installation Steps
-Helm charts are provided inside [https://github.com/catenax-ng/product-DAPS/charts/](https://github.com/catenax-ng/product-DAPS/tree/main/charts)
-
-1. Using helm commands:
-
- 1. git clone https://github.com/eclipse-tractusx/daps-helm-chart.git
- 1. Add the daps image and version in values.yaml
- 1. Deploy in a kubernetes cluster
- ```helm install dapsName charts/daps-server/ -n namespace```
+https://github.com/eclipse-tractusx/daps-helm-chart/blob/main/INSTALL.md
-1. Using ArgoCD:
-To see how to deploy an application on 'Hotel Budapest':
-[How to deploy](https://catenax-ng.github.io/docs/guides/how-to-deploy-an-application)
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)
diff --git a/SECURITY.md b/SECURITY.md
index ebfd8b3..7d8fced 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,63 +1,6 @@
# Security Policy
-
-
-
-
-## Reporting a bug in Catena-X
-
-
-
-
-Report security bugs in Catena-X to "dl_CoP_IT_Security@catena-x.net".
-
-Your report will be acknowledged within 5 days, and you’ll receive a more detailed response to your report within 10 days indicating the next steps in handling your submission.
-
-After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement, and may ask for additional information or guidance surrounding the reported issue.
-
-Please do not report security bugs through public GitHub issues.
-
-
-
-
-Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
-
-- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
-
-- Full paths of source file(s) related to the manifestation of the issue
-
-- The location of the affected source code (tag/branch/commit or direct URL)
-
-- Any special configuration required to reproduce the issue
-
-- Step-by-step instructions to reproduce the issue
-
-- Proof-of-concept or exploit code (if possible)
-
-- Impact of the issue, including how an attacker might exploit the issue
-
-This information will help us triage your report more quickly.
-
-
-
-
-## Reporting a bug in a third party module
-
-Security bugs in third party modules should be reported to their respective maintainers.
-
-
-
-
-## Disclosure policy
-
-Here is the security disclosure policy for Catena-X.
-
-- The security report is received and is assigned a primary handler.
-
-- This person will coordinate the fix and release process.
-
-- Fixes are prepared for all releases which are still under maintenance.
-
-- A suggested embargo date for this vulnerability is chosen. Typically the embargo date will be set to 72 hours. However, this may vary depending on the severity of the bug or difficulty in applying a fix.
-
-This process can take some time, especially when coordination is required with maintainers of other projects.
-Every effort will be made to handle the bug in as timely a manner as possible; however, it’s important that we follow the release process above to ensure that the disclosure is handled in a consistent manner.
+
+## Reporting a Vulnerability
+
+Please report a found vulnerability here:
+[https://www.eclipse.org/security/](https://www.eclipse.org/security/)
\ No newline at end of file
diff --git a/charts/.DS_Store b/charts/.DS_Store
deleted file mode 100644
index 6287b42..0000000
Binary files a/charts/.DS_Store and /dev/null differ
diff --git a/charts/.helmignore b/charts/.helmignore
new file mode 100644
index 0000000..e0b66e2
--- /dev/null
+++ b/charts/.helmignore
@@ -0,0 +1,9 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+values?*.yaml
+values?*.yml
\ No newline at end of file
diff --git a/charts/daps-server/.DS_Store b/charts/daps-server/.DS_Store
deleted file mode 100644
index 8d6a5d0..0000000
Binary files a/charts/daps-server/.DS_Store and /dev/null differ
diff --git a/charts/daps-server/Chart.yaml b/charts/daps-server/Chart.yaml
index 22d4515..81afd9b 100644
--- a/charts/daps-server/Chart.yaml
+++ b/charts/daps-server/Chart.yaml
@@ -12,10 +12,13 @@ description: DAPS server helm-chart
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
+sources:
+ - https://github.com/eclipse-tractusx/daps-helm-chart
+
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.7.2
+version: 1.7.3
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/daps-server/README.md b/charts/daps-server/README.md
index d335235..456fec3 100644
--- a/charts/daps-server/README.md
+++ b/charts/daps-server/README.md
@@ -1,50 +1,56 @@
# daps-server
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+![Version: 1.7.3](https://img.shields.io/badge/Version-1.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.1](https://img.shields.io/badge/AppVersion-1.7.1-informational?style=flat-square)
DAPS server helm-chart
+## Source Code
+
+*
+
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Pod affinity configuration |
-| autoscaling | object | `{"enabled":false, "maxReplicas":100, "minReplicas":1, "targetCPUUtilizationPercentage":80}` | DAPS autoscaling configuration |
+| autoscaling | object | `{"enabled":false,"maxReplicas":5,"minReplicas":1,"targetMemoryUtilizationPercentage":60}` | DAPS autoscaling configuration |
+| daps.secret.clientId | string | `""` | |
+| daps.secret.clientSecret | string | `""` | |
| env.config | object | `{}` | Additional env variables |
| env.secret | object | `{}` | Additional env variables that should be stored in encrypted way |
| fullnameOverride | string | `""` | |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
-| image.repository | string | `"nginx"` | DAPS docker image |
+| image.repository | string | `nil` | DAPS docker image |
| image.tag | string | `""` | Image tag. Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | Secret which contains dockerconfig.json from private container registry with daps image |
| ingress.annotations | object | `{}` | Additional ingress annotations |
| ingress.enabled | bool | `false` | If set to `true`, DAPS will be exposed with ingress controller at http(s)://(ingress.host)/(ingress.pathPrefix) |
-| ingress.host | string | `"chart-example.local"` | |
+| ingress.host | string | `"daps-beta.int.demo.catena-x.net"` | Ingress host name |
| ingress.pathPrefix | string | `"/"` | Path prefix to be added to DAPS URI. Regex can be used |
| ingress.rootPath | string | `"/"` | Root prefix without regex rules that used to configure daps host name in configuration |
| ingress.tls.certMgr.enabled | bool | `false` | If `true` cert-manager will be used to issue a certificate with ingress.host CN name |
-| ingress.tls.certMgr.issuer | string | `""` | Cert-manager issuer name |
+| ingress.tls.certMgr.issuer | string | `"letsencrypt-prod"` | Cert-manager issuer name |
| ingress.tls.enabled | bool | `false` | If `true` daps will be exposed with https |
| nameOverride | string | `""` | |
| nodeSelector | object | `{}` | Node selection configuration |
-| omejdn.createDefaultAdmin | bool | `false` | Default user and client will be created if set to `true`. User credentials set in `omejdn.defaultAdminUser` section |
+| omejdn.createDefaultAdmin | bool | `true` | Default user and client will be created if set to `true`. User credentials set in `omejdn.defaultAdminUser` section |
| omejdn.defaultAdminUser | string | `"admin:admin"` | Default user credentials in format `user:password` |
| omejdn.serverKey | string | `""` | Server key content. DAPS will generate key if it's not provided at startup |
-| omejdn.serverKeyFolderPath | string | `"/opt/server-key"` | Path to directory with private server key |
+| omejdn.serverKeyFolderPath | string | `"/opt"` | Path to directory with private server key |
| persistence.enabled | bool | `true` | If `true` persistent volume will be used to store clients and users configuration |
| persistence.storageClass | string | `"azurefile"` | Storage class to claim a volume. |
| persistence.storageSize | string | `"1Gi"` | Volume size |
| podAnnotations | object | `{}` | |
| podSecurityContext | object | `{}` | Pod security context configuration |
| replicaCount | int | `1` | DAPS instances count |
-| resources | object | `{}` | Pod resources requests and limits configuration |
-| securityContext | object | `{}` | Pod security context configuration |
+| resources | object | `{"limits":{"cpu":"200m","memory":"300Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` | Pod resources requests and limits configuration |
+| securityContext | string | `nil` | Pod security context configuration |
| service.port | int | `4567` | Service port |
| service.type | string | `"ClusterIP"` | Service type |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
-| serviceAccount.name | string | `""` | The name of the service account to use. -- If not set and create is true, a name is generated using the fullname template |
+| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template |
| tolerations | list | `[]` | Pod toleration settings |
----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/daps-server/templates/_helpers.tpl b/charts/daps-server/templates/_helpers.tpl
index bcc2a4c..eccc2b4 100644
--- a/charts/daps-server/templates/_helpers.tpl
+++ b/charts/daps-server/templates/_helpers.tpl
@@ -50,6 +50,13 @@ app.kubernetes.io/name: {{ include "daps-server.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
+{{/*
+Create name of application secret
+*/}}
+{{- define "daps-server.applicationSecret.name" -}}
+{{- printf "%s-application" (include "daps-server.fullname" .) }}
+{{- end }}
+
{{/*
Create the name of the service account to use
*/}}
diff --git a/charts/daps-server/templates/persistentvolumeclaim.yaml b/charts/daps-server/templates/persistentvolumeclaim.yaml
index e670335..51feeb3 100644
--- a/charts/daps-server/templates/persistentvolumeclaim.yaml
+++ b/charts/daps-server/templates/persistentvolumeclaim.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.ingress.enabled -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
@@ -9,3 +10,5 @@ spec:
resources:
requests:
storage: {{ .Values.persistence.storageSize }}
+
+{{- end }}
diff --git a/charts/daps-server/templates/secret.yml b/charts/daps-server/templates/secret.yml
index 4a9a8eb..ea2490a 100644
--- a/charts/daps-server/templates/secret.yml
+++ b/charts/daps-server/templates/secret.yml
@@ -1,19 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
- name: avp-daps-secret
+ name: {{ include "daps-server.applicationSecret.name" . }}
type: Opaque
stringData:
- ClientID: {{ .Values.daps.secret.clientId }}
- ClientSecret: {{ .Values.daps.secret.clientSecret }}
-#apiVersion: v1
-#kind: Secret
-#metadata:
-# name: avp-daps-secret
-# annotations:
-# avp.kubernetes.io/path: "essential-services/data/daps-beta"
-#type: Opaque
-#stringData:
-# ClientID:
-# ClientSecret:
-
+ ClientID: {{ .Values.daps.secret.clientId | default (randAlphaNum 16) }}
+ ClientSecret: {{ .Values.daps.secret.clientSecret | default (randAlphaNum 16) }}
diff --git a/charts/daps-server/values-bt.yaml b/charts/daps-server/values-dev.yaml
similarity index 81%
rename from charts/daps-server/values-bt.yaml
rename to charts/daps-server/values-dev.yaml
index 90c6560..fb65a0f 100644
--- a/charts/daps-server/values-bt.yaml
+++ b/charts/daps-server/values-dev.yaml
@@ -6,7 +6,7 @@ ingress:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# -- Ingress host name
- host: daps-n.int.demo.catena-x.net
+ host: daps.dev.demo.catena-x.net
# -- Path prefix to be added to DAPS URI. Regex can be used
pathPrefix: "/"
# -- Root prefix without regex rules that used to configure daps host name in configuration
@@ -23,5 +23,5 @@ ingress:
daps:
secret:
- clientId: ""
- clientSecret: ""
+ clientId: ""
+ clientSecret: ""
diff --git a/charts/daps-server/values-int.yaml b/charts/daps-server/values-int.yaml
index ec58f7a..bae55fe 100644
--- a/charts/daps-server/values-int.yaml
+++ b/charts/daps-server/values-int.yaml
@@ -21,6 +21,12 @@ ingress:
# -- Cert-manager issuer name
issuer: "letsencrypt-prod"
+daps:
+ secret:
+ clientId: ""
+ clientSecret: ""
+
+
resources:
limits:
cpu: 400m
diff --git a/charts/daps-server/values.yaml b/charts/daps-server/values.yaml
index 4c65308..c15a769 100644
--- a/charts/daps-server/values.yaml
+++ b/charts/daps-server/values.yaml
@@ -7,7 +7,7 @@ replicaCount: 1
image:
# -- DAPS docker image
- repository:
+ repository: ""
# -- Image pull policy
pullPolicy: IfNotPresent
# -- Image tag. Overrides the image tag whose default is the chart appVersion.
@@ -90,7 +90,7 @@ persistence:
# -- Storage class to claim a volume.
storageClass: "azurefile"
# -- Volume size
- storageSize: "1Gi"
+ storageSize: "2Gi"
env:
# -- Additional env variables