diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index c6e3758c..6bf2593d 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -65,7 +65,6 @@ jobs: # GITHUB_TOKEN enables this github action to access github API and post comments in a pull request # token: ${{ secrets.GITHUB_TOKEN }} # enable_comments: true - exclude_paths: ./docs/* # Upload findings to GitHub Advanced Security Dashboard - name: Upload SARIF file for GitHub Advanced Security Dashboard diff --git a/docs/README.md b/docs/README.md index 274b72db..1d9f5193 100644 --- a/docs/README.md +++ b/docs/README.md @@ -46,13 +46,7 @@ The `known-knowns` folder highlights known limitations, issues, or consideration ### [Consultation Documentation](./consultation/) -### 1. [charts](./consultation/charts/) and [environments](./consultation/environments/) - -The `charts` and `environments` folder contain an **example** helm chart and configuration for a potential deployment improvement discussed during workshops. - -- [Portal IAM Helm Chart](./consultation/portal-iam-helm-chart.md): instructions on using this **example** helm chart. - -### 2. [Workshops](./consultation/workshops/) +### 1. [Workshops](./consultation/workshops/) The `workshops` folder includes minutes and topics for two workshops: @@ -60,7 +54,7 @@ The `workshops` folder includes minutes and topics for two workshops: - [Workshop 20231005](./consultation/workshops/workshop-20231005.md): topics covered during the session of October 5, 2023 workshop. -### 3. [Consultation Document](./consultation/consultation.md) +### 2. [Consultation Document](./consultation/consultation.md) - Consultation notes and decisions. diff --git a/docs/consultation/charts/portal-iam/.helmignore b/docs/consultation/charts/portal-iam/.helmignore deleted file mode 100644 index 0bffc69f..00000000 --- a/docs/consultation/charts/portal-iam/.helmignore +++ /dev/null @@ -1,27 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ - -# Custom dirs and files -argocd/ -*.gotmpl diff --git a/docs/consultation/charts/portal-iam/Chart.yaml b/docs/consultation/charts/portal-iam/Chart.yaml deleted file mode 100644 index 7ee01dd5..00000000 --- a/docs/consultation/charts/portal-iam/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -############################################################### -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -apiVersion: v2 -name: portal-iam -type: application -version: 3.0.0-example -appVersion: 22.0.3 -description: Helm chart for Catena-X Central or Shared Keycloak Instances -#home: https://github.com/eclipse-tractusx/portal-iam -#sources: -# - https://github.com/eclipse-tractusx/portal-iam -dependencies: - - name: keycloak - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - #version: 7.1.18 - version: 17.0.0 diff --git a/docs/consultation/charts/portal-iam/LICENSE b/docs/consultation/charts/portal-iam/LICENSE deleted file mode 100644 index f49a4e16..00000000 --- a/docs/consultation/charts/portal-iam/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file diff --git a/docs/consultation/charts/portal-iam/templates/_helpers.tpl b/docs/consultation/charts/portal-iam/templates/_helpers.tpl deleted file mode 100644 index 4a72f3b8..00000000 --- a/docs/consultation/charts/portal-iam/templates/_helpers.tpl +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -* Copyright (c) 2023 Contributors to the Eclipse Foundation -* -* See the NOTICE file(s) distributed with this work for additional -* information regarding copyright ownership. -* -* This program and the accompanying materials are made available under the -* terms of the Apache License, Version 2.0 which is available at -* https://www.apache.org/licenses/LICENSE-2.0. -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -* License for the specific language governing permissions and limitations -* under the License. -* -* SPDX-License-Identifier: Apache-2.0 - -Define "keycloak.fullname" in addition to the definition in the bitnami keycloak chart to set ".Chart.Name" to "keycloak". -This is necessary to retrieve the keycloak service name for the execution of the seeding job. -*/}} -{{- define "keycloak.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 20 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default "keycloak" .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 20 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 20 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/docs/consultation/charts/portal-iam/templates/hooks/check-variable.yaml b/docs/consultation/charts/portal-iam/templates/hooks/check-variable.yaml deleted file mode 100644 index d9ea1bf7..00000000 --- a/docs/consultation/charts/portal-iam/templates/hooks/check-variable.yaml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################### -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -# templates/hooks/check-variable.yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-check-variable - annotations: - "helm.sh/hook": pre-install,pre-upgrade -spec: - template: - spec: - containers: - - name: check-variable - image: busybox - args: ["/bin/sh", "-c", "if [ -z \"{{ .Values.instanceType }}\" ]; then exit 1; fi"] - restartPolicy: Never diff --git a/docs/consultation/charts/portal-iam/templates/hooks/seeding-job.yaml b/docs/consultation/charts/portal-iam/templates/hooks/seeding-job.yaml deleted file mode 100644 index c5008ab0..00000000 --- a/docs/consultation/charts/portal-iam/templates/hooks/seeding-job.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- /* -* Copyright (c) 2023 Contributors to the Eclipse Foundation -* -* See the NOTICE file(s) distributed with this work for additional -* information regarding copyright ownership. -* -* This program and the accompanying materials are made available under the -* terms of the Apache License, Version 2.0 which is available at -* https://www.apache.org/licenses/LICENSE-2.0. -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -* License for the specific language governing permissions and limitations -* under the License. -* -* SPDX-License-Identifier: Apache-2.0 -*/}} - -{{- if and (eq .Values.instanceType "central" ) .Values.seeding.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Values.seeding.name }} - namespace: {{ .Release.Namespace }} - annotations: - "batch.kubernetes.io/job-tracking": "true" - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" -spec: - template: - metadata: - name: {{ .Values.seeding.name }} - spec: - restartPolicy: Never - containers: - - name: echo-container - image: busybox - command: ["/bin/sh", "-c", "echo 'This is the seeding job only for Central instances!'"] -{{- end }} diff --git a/docs/consultation/charts/portal-iam/templates/secret-external-db.yaml b/docs/consultation/charts/portal-iam/templates/secret-external-db.yaml deleted file mode 100644 index daca2877..00000000 --- a/docs/consultation/charts/portal-iam/templates/secret-external-db.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- /* -* Copyright (c) 2023 Contributors to the Eclipse Foundation -* -* See the NOTICE file(s) distributed with this work for additional -* information regarding copyright ownership. -* -* This program and the accompanying materials are made available under the -* terms of the Apache License, Version 2.0 which is available at -* https://www.apache.org/licenses/LICENSE-2.0. -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -* License for the specific language governing permissions and limitations -* under the License. -* -* SPDX-License-Identifier: Apache-2.0 -*/}} - -{{- if not .Values.keycloak.postgresql.enabled -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.keycloak.externalDatabase.existingSecret }} - namespace: {{ .Release.Namespace }} -type: Opaque -# use lookup function to check if secret exists -{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.keycloak.externalDatabase.existingSecret) }} -{{ if $secret -}} -data: - # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret - # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret - password: {{ ( .Values.secrets.externalDatabase.password | b64enc ) | default $secret.data.password }} -{{ else -}} -stringData: - # if secret doesn't exist, use provided value from values file or generate a random one - password: {{ .Values.secrets.externalDatabase.password | default ( randAlphaNum 32 | quote ) }} -{{ end }} -{{- end -}} diff --git a/docs/consultation/charts/portal-iam/templates/secret-instancetype.yaml b/docs/consultation/charts/portal-iam/templates/secret-instancetype.yaml deleted file mode 100644 index f0fa83a8..00000000 --- a/docs/consultation/charts/portal-iam/templates/secret-instancetype.yaml +++ /dev/null @@ -1,27 +0,0 @@ -############################################################### -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-secret-{{ .Values.instanceType }} - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - instanceType: "This is a secret only for the {{ .Values.instanceType }}" diff --git a/docs/consultation/charts/portal-iam/templates/secret-kc-admin.yaml b/docs/consultation/charts/portal-iam/templates/secret-kc-admin.yaml deleted file mode 100644 index d5b5ec4b..00000000 --- a/docs/consultation/charts/portal-iam/templates/secret-kc-admin.yaml +++ /dev/null @@ -1,40 +0,0 @@ -############################################################### -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.keycloak.auth.existingSecret }} - namespace: {{ .Release.Namespace }} -type: Opaque -# use lookup function to check if secret exists -{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.keycloak.auth.existingSecret) }} -{{ if $secret -}} -data: - # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret - # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret - # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too - admin-password: {{ ( .Values.secrets.auth.existingSecret.adminpassword | b64enc ) | default ( index $secret.data "admin-password" ) }} - management-password: {{ ( .Values.secrets.auth.existingSecret.managementpassword | b64enc ) | default ( index $secret.data "management-password" ) }} -{{ else -}} -stringData: - # if secret doesn't exist, use provided value from values file or generate a random one - admin-password: {{ .Values.secrets.auth.existingSecret.adminpassword | default ( randAlphaNum 32 | quote ) }} - management-password: {{ .Values.secrets.auth.existingSecret.managementpassword | default ( randAlphaNum 32 | quote ) }} -{{ end }} diff --git a/docs/consultation/charts/portal-iam/values.yaml b/docs/consultation/charts/portal-iam/values.yaml deleted file mode 100644 index 650df578..00000000 --- a/docs/consultation/charts/portal-iam/values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -############################################################### -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -instanceType: "" - -seeding: - enabled: false - -# Default Values for any Keycloak Instance -keycloak: - image: - tag: 22.0.3-debian-11-r14 - #tag: 22.0.3-debian-11-r18 - replicaCount: 1 - auth: - adminUser: admin - postgresql: - enabled: false - serviceDiscovery: - enabled: true - service: - type: ClusterIP - sessionAffinity: ClientIP - ingress: - enabled: true - ingressClassName: "nginx" - servicePort: 8080 diff --git a/docs/consultation/environments/centralidp/blue/kc-central-blue-values.yaml b/docs/consultation/environments/centralidp/blue/kc-central-blue-values.yaml deleted file mode 100644 index c6b637ac..00000000 --- a/docs/consultation/environments/centralidp/blue/kc-central-blue-values.yaml +++ /dev/null @@ -1,68 +0,0 @@ -############################################################### -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -# Variables to use by Portal IAM Helm Chart - -instanceType: "central" - -secrets: - auth: - existingSecret: - adminpassword: admincentral - managementpassword: managercentral - externalDatabase: - password: password - -seeding: - enabled: true - name: kc-central-blue-cx-central-realm-upgrade - -# Variables to use by Bitname Keycloak Helm Chart -keycloak: - auth: - adminUser: admin - existingSecret: "kc-central-blue-admin-password" - externalDatabase: - host: "postgresql-db-central-blue" - port: 5432 - database: "keycloak" - user: "admin" - existingSecret: "kc-central-blue-postgresql-secret" - existingSecretPasswordKey: "password" - service: - type: LoadBalancer - ingress: - enabled: true - ingressClassName: "nginx" - servicePort: 8080 - hostname: "kc-central-blue.example.org" - extraEnvVars: - - name: KEYCLOAK_USER - value: "admin" - - name: KEYCLOAK_PASSWORD - valueFrom: - secretKeyRef: - name: kc-central-blue-admin-password - key: admin-password - #- name: CACHE_OWNERS_COUNT - # value: "3" - #- name: CACHE_OWNERS_AUTH_SESSIONS_COUNT - # value: "3" - #- name: KEYCLOAK_EXTRA_ARGS - # value: "-Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=/realms/CX-Central-realm.json -Dkeycloak.migration.strategy=IGNORE_EXISTING" diff --git a/docs/consultation/environments/centralidp/blue/postgresql-db-central-blue-statefulset.yaml b/docs/consultation/environments/centralidp/blue/postgresql-db-central-blue-statefulset.yaml deleted file mode 100644 index 53d0b7b7..00000000 --- a/docs/consultation/environments/centralidp/blue/postgresql-db-central-blue-statefulset.yaml +++ /dev/null @@ -1,77 +0,0 @@ -############################################################### -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: postgresql-pvc-central-blue -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 2Gi ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: postgresql-db-central-blue -spec: - serviceName: postgresql-db-central-blue - selector: - matchLabels: - app: postgresql-db-central-blue - replicas: 1 - template: - metadata: - labels: - app: postgresql-db-central-blue - spec: - containers: - - name: postgresql-db - image: postgres:latest - volumeMounts: - - mountPath: /data - name: postgresql-pvc-central-blue - env: - - name: POSTGRES_USER - value: admin - - name: POSTGRES_PASSWORD - value: password - - name: PGDATA - value: /data/pgdata - - name: POSTGRES_DB - value: keycloak - volumes: - - name: postgresql-pvc-central-blue - persistentVolumeClaim: - claimName: postgresql-pvc-central-blue ---- -apiVersion: v1 -kind: Service -metadata: - name: postgresql-db-central-blue -spec: - selector: - app: postgresql-db-central-blue - ports: - - port: 5432 - targetPort: 5432 diff --git a/docs/consultation/environments/sharedidp/blue/kc-shared-blue-values.yaml b/docs/consultation/environments/sharedidp/blue/kc-shared-blue-values.yaml deleted file mode 100644 index 23634be3..00000000 --- a/docs/consultation/environments/sharedidp/blue/kc-shared-blue-values.yaml +++ /dev/null @@ -1,64 +0,0 @@ -############################################################### -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -# Variables to use by Portal IAM Helm Chart - -instanceType: "shared" - -secrets: - auth: - existingSecret: - adminpassword: adminshared - managementpassword: managershared - externalDatabase: - password: password - -# Variables to use by Bitname Keycloak Helm Chart -keycloak: - auth: - adminUser: admin - existingSecret: "kc-shared-blue-admin-password" - externalDatabase: - host: "postgresql-db-shared-blue" - port: 5432 - database: "keycloak" - user: "admin" - existingSecret: "kc-shared-bluepostgresql-secret" - existingSecretPasswordKey: "password" - service: - type: LoadBalancer - ingress: - enabled: true - ingressClassName: "nginx" - servicePort: 8080 - hostname: "kc-shared-blue.example.org" - extraEnvVars: - - name: KEYCLOAK_USER - value: "admin" - - name: KEYCLOAK_PASSWORD - valueFrom: - secretKeyRef: - name: kc-shared-blue-admin-password - key: admin-password - #- name: CACHE_OWNERS_COUNT - # value: "3" - #- name: CACHE_OWNERS_AUTH_SESSIONS_COUNT - # value: "3" - #- name: KEYCLOAK_EXTRA_ARGS - # value: "-Dkeycloak.migration.action=import -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/realms -Dkeycloak.migration.strategy=IGNORE_EXISTING" diff --git a/docs/consultation/environments/sharedidp/blue/postgresql-db-shared-blue-statefulset.yaml b/docs/consultation/environments/sharedidp/blue/postgresql-db-shared-blue-statefulset.yaml deleted file mode 100644 index dd5e8a77..00000000 --- a/docs/consultation/environments/sharedidp/blue/postgresql-db-shared-blue-statefulset.yaml +++ /dev/null @@ -1,77 +0,0 @@ -############################################################### -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: postgresql-pvc-shared-blue -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 2Gi ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: postgresql-db-shared-blue -spec: - serviceName: postgresql-db-shared-blue - selector: - matchLabels: - app: postgresql-db-shared-blue - replicas: 1 - template: - metadata: - labels: - app: postgresql-db-shared-blue - spec: - containers: - - name: postgresql-db - image: postgres:latest - volumeMounts: - - mountPath: /data - name: postgresql-pvc-shared-blue - env: - - name: POSTGRES_USER - value: admin - - name: POSTGRES_PASSWORD - value: password - - name: PGDATA - value: /data/pgdata - - name: POSTGRES_DB - value: keycloak - volumes: - - name: postgresql-pvc-shared-blue - persistentVolumeClaim: - claimName: postgresql-pvc-shared-blue ---- -apiVersion: v1 -kind: Service -metadata: - name: postgresql-db-shared-blue -spec: - selector: - app: postgresql-db-shared-blue - ports: - - port: 5432 - targetPort: 5432 diff --git a/docs/consultation/portal-iam-helm-chart.md b/docs/consultation/portal-iam-helm-chart.md index bd4d1866..d367a0bf 100644 --- a/docs/consultation/portal-iam-helm-chart.md +++ b/docs/consultation/portal-iam-helm-chart.md @@ -27,14 +27,20 @@ the specific objects for each type of instance, such as: The Helm Chart requires to have declared the `instanceType` property with the right value (`central`, `shared`) to create the right objects on the Kubernetes. It this property is not declared, the Helm Chart will not be executed, as -there is a [hook](./charts/portal-iam/templates/hooks/check-variable.yaml) created for that purpose. +there is a [hook](https://github.com/eclipse-tractusx/portal-iam/tree/v4.0.0-rc.2/docs/consultation/charts/portal-iam/templates/hooks/check-variable.yaml) created for that purpose. The Helm Chart can be extended to add more detailed objects, but it was not part of this Proof of Concept. -The chart is implemented [here](./charts/). +The chart is implemented [here](https://github.com/eclipse-tractusx/portal-iam/tree/v4.0.0-rc.2/docs/consultation/charts/). ### How to use - Example of usage +Checkout the tag where the example helm chart is still available: + +``` +git checkout tags/v4.0.0-rc.2 -b test/example-chart +``` + This example will deploy the following instances: * A Central instance identified as `kc-central-blue` @@ -55,7 +61,7 @@ To visualize the dashboard of the Kubernetes, execute `minikube dashboard` comma 2. Update the `portal-iam` helm chart with the latest status of the dependencies ```shell -helm dependency update ./charts/portal-iam +helm dependency update ./docs/consultation/charts/portal-iam ``` 3. Deploy the Database for the Central Blue instance