From 7b3b022f8d7e6efe79c96d36f235339541aabc12 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Mon, 19 Dec 2022 14:47:25 +0100 Subject: [PATCH 01/11] CPLP-1420: Add auto image update workflow to provisioning migrations --- .../provisioning-migrations-image-update.yml | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/provisioning-migrations-image-update.yml diff --git a/.github/workflows/provisioning-migrations-image-update.yml b/.github/workflows/provisioning-migrations-image-update.yml new file mode 100644 index 000000000..86c70e36f --- /dev/null +++ b/.github/workflows/provisioning-migrations-image-update.yml @@ -0,0 +1,35 @@ +name: Provisioning-Migrations Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'provisioningmigrationstag: ' + IMAGE_FULL_NEW: 'provisioningmigrationstag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for provisioning-migrations" + bash ./scripts/push.sh From 888e5343d28d3eb02b96b9cdabc19fcdfdbf125a Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Mon, 19 Dec 2022 14:51:10 +0100 Subject: [PATCH 02/11] CPLP-1420: Add auto image update workflows --- .../administration-service-image-update.yml | 35 +++++++++++ .../maintenance-service-image-update.yml | 35 +++++++++++ .../marketplace-app-service-image-update.yml | 35 +++++++++++ .../notification-service-image-update.yml | 35 +++++++++++ .../workflows/portal-assets-image-update.yml | 35 +++++++++++ ...portal-assets-int-release-image-update.yml | 35 +++++++++++ ...ortal-backend-int-release-image-update.yml | 59 +++++++++++++++++++ .github/workflows/portal-image-update.yml | 35 +++++++++++ .../portal-int-release-image-update.yml | 35 +++++++++++ .../portal-migrations-image-update.yml | 35 +++++++++++ .../portal-registration-image-update.yml | 35 +++++++++++ ...-registration-int-release-image-update.yml | 35 +++++++++++ .../provisioning-service-image-update.yml | 35 +++++++++++ .../registration-service-image-update.yml | 34 +++++++++++ .../services-service-image-update.yml | 36 +++++++++++ 15 files changed, 549 insertions(+) create mode 100644 .github/workflows/administration-service-image-update.yml create mode 100644 .github/workflows/maintenance-service-image-update.yml create mode 100644 .github/workflows/marketplace-app-service-image-update.yml create mode 100644 .github/workflows/notification-service-image-update.yml create mode 100644 .github/workflows/portal-assets-image-update.yml create mode 100644 .github/workflows/portal-assets-int-release-image-update.yml create mode 100644 .github/workflows/portal-backend-int-release-image-update.yml create mode 100644 .github/workflows/portal-image-update.yml create mode 100644 .github/workflows/portal-int-release-image-update.yml create mode 100644 .github/workflows/portal-migrations-image-update.yml create mode 100644 .github/workflows/portal-registration-image-update.yml create mode 100644 .github/workflows/portal-registration-int-release-image-update.yml create mode 100644 .github/workflows/provisioning-service-image-update.yml create mode 100644 .github/workflows/registration-service-image-update.yml create mode 100644 .github/workflows/services-service-image-update.yml diff --git a/.github/workflows/administration-service-image-update.yml b/.github/workflows/administration-service-image-update.yml new file mode 100644 index 000000000..244fde8d2 --- /dev/null +++ b/.github/workflows/administration-service-image-update.yml @@ -0,0 +1,35 @@ +name: Administration-Service Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'administrationservicetag: ' + IMAGE_FULL_NEW: 'administrationservicetag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for administration service" + bash ./scripts/push.sh diff --git a/.github/workflows/maintenance-service-image-update.yml b/.github/workflows/maintenance-service-image-update.yml new file mode 100644 index 000000000..e9817ebc3 --- /dev/null +++ b/.github/workflows/maintenance-service-image-update.yml @@ -0,0 +1,35 @@ +name: Maintenance-Service Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'portalmaintenancetag: ' + IMAGE_FULL_NEW: 'portalmaintenancetag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for maintenance service" + bash ./scripts/push.sh diff --git a/.github/workflows/marketplace-app-service-image-update.yml b/.github/workflows/marketplace-app-service-image-update.yml new file mode 100644 index 000000000..971a737ce --- /dev/null +++ b/.github/workflows/marketplace-app-service-image-update.yml @@ -0,0 +1,35 @@ +name: Marketplace-App-Service Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'appmarketplaceservicetag: ' + IMAGE_FULL_NEW: 'appmarketplaceservicetag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for marketplace-app service" + bash ./scripts/push.sh diff --git a/.github/workflows/notification-service-image-update.yml b/.github/workflows/notification-service-image-update.yml new file mode 100644 index 000000000..90efba2e7 --- /dev/null +++ b/.github/workflows/notification-service-image-update.yml @@ -0,0 +1,35 @@ +name: Notification-Service Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'notificationservicetag: ' + IMAGE_FULL_NEW: 'notificationservicetag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for notification service" + bash ./scripts/push.sh diff --git a/.github/workflows/portal-assets-image-update.yml b/.github/workflows/portal-assets-image-update.yml new file mode 100644 index 000000000..4a7c2cd02 --- /dev/null +++ b/.github/workflows/portal-assets-image-update.yml @@ -0,0 +1,35 @@ +name: Portal Assets Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'assetstag: ' + IMAGE_FULL_NEW: 'assetstag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for portal assets" + bash ./scripts/push.sh diff --git a/.github/workflows/portal-assets-int-release-image-update.yml b/.github/workflows/portal-assets-int-release-image-update.yml new file mode 100644 index 000000000..25310249e --- /dev/null +++ b/.github/workflows/portal-assets-int-release-image-update.yml @@ -0,0 +1,35 @@ +name: Portal Assets INT Release Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'assetstag: ' + IMAGE_FULL_NEW: 'assetstag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-int.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + + - name: Commit and push updated values-int.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-int.yaml + git commit -m "Add new images for portal assets int" + bash ./scripts/push.sh diff --git a/.github/workflows/portal-backend-int-release-image-update.yml b/.github/workflows/portal-backend-int-release-image-update.yml new file mode 100644 index 000000000..9a7233631 --- /dev/null +++ b/.github/workflows/portal-backend-int-release-image-update.yml @@ -0,0 +1,59 @@ +name: Portal Backend INT Release Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + ADMINISTRATION_IMAGE_BEGINN: 'administrationservicetag: ' + ADMINISTRATION_IMAGE_FULL_NEW: 'administrationservicetag: ${{ inputs.new-image }}' + PORTALMAINTENANCE_IMAGE_BEGINN: 'portalmaintenancetag: ' + PORTALMAINTENANCE_IMAGE_FULL_NEW: 'portalmaintenancetag: ${{ inputs.new-image }}' + APPMARKETPLACE_IMAGE_BEGINN: 'appmarketplaceservicetag: ' + APPMARKETPLACE_IMAGE_FULL_NEW: 'appmarketplaceservicetag: ${{ inputs.new-image }}' + NOTIFICATION_IMAGE_BEGINN: 'notificationservicetag: ' + NOTIFICATION_IMAGE_FULL_NEW: 'notificationservicetag: ${{ inputs.new-image }}' + PORTALMIGRATIONS_IMAGE_BEGINN: 'portalmigrationstag: ' + PORTALMIGRATIONS_IMAGE_FULL_NEW: 'portalmigrationstag: ${{ inputs.new-image }}' + PROVISIONING_IMAGE_BEGINN: 'provisioningservicetag: ' + PROVISIONING_IMAGE_FULL_NEW: 'provisioningservicetag: ${{ inputs.new-image }}' + REGISTRATION_IMAGE_BEGINN: 'registrationservicetag: ' + REGISTRATION_IMAGE_FULL_NEW: 'registrationservicetag: ${{ inputs.new-image }}' + SERVICES_IMAGE_BEGINN: 'servicesservicetag: ' + SERVICES_IMAGE_FULL_NEW: 'servicesservicetag: ${{ inputs.new-image }}' + PROVISIONINGMIGRATIONS_IMAGE_BEGINN: 'provisioningmigrationstag: ' + PROVISIONINGMIGRATIONS_IMAGE_FULL_NEW: 'provisioningmigrationstag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-int.yaml + run: | + sed -i 's/${{ env.ADMINISTRATION_IMAGE_BEGINN }}.*/${{ env.ADMINISTRATION_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + sed -i 's/${{ env.PORTALMAINTENANCE_IMAGE_BEGINN }}.*/${{ env.PORTALMAINTENANCE_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + sed -i 's/${{ env.APPMARKETPLACE_IMAGE_BEGINN }}.*/${{ env.APPMARKETPLACE_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + sed -i 's/${{ env.NOTIFICATION_IMAGE_BEGINN }}.*/${{ env.NOTIFICATION_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + sed -i 's/${{ env.PORTALMIGRATIONS_IMAGE_BEGINN }}.*/${{ env.PORTALMIGRATIONS_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + sed -i 's/${{ env.PROVISIONING_IMAGE_BEGINN }}.*/${{ env.PROVISIONING_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + sed -i 's/${{ env.REGISTRATION_IMAGE_BEGINN }}.*/${{ env.REGISTRATION_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + sed -i 's/${{ env.SERVICES_IMAGE_BEGINN }}.*/${{ env.SERVICES_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + sed -i 's/${{ env.PROVISIONINGMIGRATIONS_IMAGE_BEGINN }}.*/${{ env.PROVISIONINGMIGRATIONS_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + + - name: Commit and push updated values-int.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-int.yaml + git commit -m "Add new images for int" + bash ./scripts/push.sh diff --git a/.github/workflows/portal-image-update.yml b/.github/workflows/portal-image-update.yml new file mode 100644 index 000000000..8d8dfdc00 --- /dev/null +++ b/.github/workflows/portal-image-update.yml @@ -0,0 +1,35 @@ +name: Portal Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'portaltag: ' + IMAGE_FULL_NEW: 'portaltag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for portal" + bash ./scripts/push.sh diff --git a/.github/workflows/portal-int-release-image-update.yml b/.github/workflows/portal-int-release-image-update.yml new file mode 100644 index 000000000..7e01c57a2 --- /dev/null +++ b/.github/workflows/portal-int-release-image-update.yml @@ -0,0 +1,35 @@ +name: Portal INT Release Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'portaltag: ' + IMAGE_FULL_NEW: 'portaltag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-int.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + + - name: Commit and push updated values-int.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-int.yaml + git commit -m "Add new images for portal int" + bash ./scripts/push.sh diff --git a/.github/workflows/portal-migrations-image-update.yml b/.github/workflows/portal-migrations-image-update.yml new file mode 100644 index 000000000..0aedbe882 --- /dev/null +++ b/.github/workflows/portal-migrations-image-update.yml @@ -0,0 +1,35 @@ +name: Portal-Migrations Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'portalmigrationstag: ' + IMAGE_FULL_NEW: 'portalmigrationstag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for portal-migrations" + bash ./scripts/push.sh diff --git a/.github/workflows/portal-registration-image-update.yml b/.github/workflows/portal-registration-image-update.yml new file mode 100644 index 000000000..ffe2e7034 --- /dev/null +++ b/.github/workflows/portal-registration-image-update.yml @@ -0,0 +1,35 @@ +name: Portal Registration Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'registrationtag: ' + IMAGE_FULL_NEW: 'registrationtag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal-frontend/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal-frontend/values-dev.yaml + git commit -m "Add new image for portal registration" + bash ./scripts/push.sh diff --git a/.github/workflows/portal-registration-int-release-image-update.yml b/.github/workflows/portal-registration-int-release-image-update.yml new file mode 100644 index 000000000..bf3938ba3 --- /dev/null +++ b/.github/workflows/portal-registration-int-release-image-update.yml @@ -0,0 +1,35 @@ +name: Portal Registration INT Release Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'registrationtag: ' + IMAGE_FULL_NEW: 'registrationtag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-int.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal-frontend/values-int.yaml + + - name: Commit and push updated values-int.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal-frontend/values-int.yaml + git commit -m "Add new images for portal registration int" + bash ./scripts/push.sh diff --git a/.github/workflows/provisioning-service-image-update.yml b/.github/workflows/provisioning-service-image-update.yml new file mode 100644 index 000000000..d9898e7de --- /dev/null +++ b/.github/workflows/provisioning-service-image-update.yml @@ -0,0 +1,35 @@ +name: Provisioning-Service Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'provisioningservicetag: ' + IMAGE_FULL_NEW: 'provisioningservicetag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for provisioning service" + bash ./scripts/push.sh diff --git a/.github/workflows/registration-service-image-update.yml b/.github/workflows/registration-service-image-update.yml new file mode 100644 index 000000000..4ed3a9690 --- /dev/null +++ b/.github/workflows/registration-service-image-update.yml @@ -0,0 +1,34 @@ +name: Registration-Service Auto-image-update +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'registrationservicetag: ' + IMAGE_FULL_NEW: 'registrationservicetag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for registration service" + bash ./scripts/push.sh diff --git a/.github/workflows/services-service-image-update.yml b/.github/workflows/services-service-image-update.yml new file mode 100644 index 000000000..0a0963ff3 --- /dev/null +++ b/.github/workflows/services-service-image-update.yml @@ -0,0 +1,36 @@ +name: Services-Service Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'servicesservicetag: ' + IMAGE_FULL_NEW: 'servicesservicetag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for services service" + bash ./scripts/push.sh + From b6bf29168a1c4b074a7ca27cad0adffe28a4ec2e Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Tue, 20 Dec 2022 11:22:05 +0100 Subject: [PATCH 03/11] CPLP-1420: Fix auto image update for registration app --- .github/workflows/portal-registration-image-update.yml | 4 ++-- .../portal-registration-int-release-image-update.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/portal-registration-image-update.yml b/.github/workflows/portal-registration-image-update.yml index ffe2e7034..b3159b709 100644 --- a/.github/workflows/portal-registration-image-update.yml +++ b/.github/workflows/portal-registration-image-update.yml @@ -24,12 +24,12 @@ jobs: - name: Modify image tag in values-dev.yaml run: | - sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal-frontend/values-dev.yaml + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml - name: Commit and push updated values-dev.yaml run: | git config user.name github-actions git config user.email github-actions@github.com - git add charts/portal-frontend/values-dev.yaml + git add charts/portal/values-dev.yaml git commit -m "Add new image for portal registration" bash ./scripts/push.sh diff --git a/.github/workflows/portal-registration-int-release-image-update.yml b/.github/workflows/portal-registration-int-release-image-update.yml index bf3938ba3..03e0dcd0c 100644 --- a/.github/workflows/portal-registration-int-release-image-update.yml +++ b/.github/workflows/portal-registration-int-release-image-update.yml @@ -24,12 +24,12 @@ jobs: - name: Modify image tag in values-int.yaml run: | - sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal-frontend/values-int.yaml + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml - name: Commit and push updated values-int.yaml run: | git config user.name github-actions git config user.email github-actions@github.com - git add charts/portal-frontend/values-int.yaml + git add charts/portal/values-int.yaml git commit -m "Add new images for portal registration int" bash ./scripts/push.sh From 26b1e32f3c196e3dda0278fb3e57bf25227c113e Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Tue, 20 Dec 2022 12:56:37 +0100 Subject: [PATCH 04/11] CPLP-1420: Add chart release workflow for helm environments --- .../chart-release-helm-environments.yaml | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/chart-release-helm-environments.yaml diff --git a/.github/workflows/chart-release-helm-environments.yaml b/.github/workflows/chart-release-helm-environments.yaml new file mode 100644 index 000000000..ac32fe269 --- /dev/null +++ b/.github/workflows/chart-release-helm-environments.yaml @@ -0,0 +1,44 @@ +name: Release Chart Helm-Environments + +on: + workflow_dispatch: + push: + paths: + - 'charts/**' + branches: + - main + +jobs: + release: + # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions + # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Update helm dependencies for portal + run: | + cd charts/portal + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add runix https://helm.runix.net + helm dependency update + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.4.1 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 63d94be5eb93344834ff6e982329c65e4988b11f Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Thu, 5 Jan 2023 10:48:57 +0100 Subject: [PATCH 05/11] cplp-1420: add trivy scan --- .github/workflows/trivy.yml | 103 ++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 .github/workflows/trivy.yml diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml new file mode 100644 index 000000000..720cbcdad --- /dev/null +++ b/.github/workflows/trivy.yml @@ -0,0 +1,103 @@ +# Copyright (c) 2021-2022 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + +# Depending on the location of your Docker container +# you need to change the path to the specific Docker registry. +# +name: "Trivy" + +on: + push: + branches: [ main ] + # pull_request: + # The branches below must be a subset of the branches above + # branches: [ main, master ] + # paths-ignore: + # - "**/*.md" + # - "**/*.txt" + schedule: + # Once a day + - cron: "0 0 * * *" + workflow_dispatch: + # Trigger manually + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + analyze-config: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Run Trivy vulnerability scanner in repo mode + uses: aquasecurity/trivy-action@master + with: + scan-type: "config" + # ignore-unfixed: true + exit-code: "1" + hide-progress: false + format: "sarif" + output: "trivy-results1.sarif" + severity: "CRITICAL,HIGH" + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + if: always() + with: + sarif_file: "trivy-results1.sarif" + + analyze-portal-cd_initdb: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # It's also possible to scan your private registry with Trivy's built-in image scan. + # All you have to do is set ENV vars. + # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD. + # You don't need to set ENV vars when downloading from a public repository. + # For public images, no ENV vars must be set. + - name: Run Trivy vulnerability scanner + if: always() + uses: aquasecurity/trivy-action@master + with: + # Path to Docker image + image-ref: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" + format: "sarif" + output: "trivy-results2.sarif" + exit-code: "1" + severity: "CRITICAL,HIGH" + + - name: Upload Trivy scan results to GitHub Security tab + if: always() + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: "trivy-results2.sarif" From ef1a1c23aa73065813a867639fb27b1204d885f6 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Thu, 5 Jan 2023 11:19:40 +0100 Subject: [PATCH 06/11] cplp-1420: update workflows --- .../administration-service-image-update.yml | 18 +++++ .../chart-release-helm-environments.yaml | 18 +++++ .github/workflows/chart-release.yaml | 18 +++++ .github/workflows/kics.yml | 18 +++++ .../maintenance-service-image-update.yml | 18 +++++ .../marketplace-app-service-image-update.yml | 18 +++++ .../notification-service-image-update.yml | 18 +++++ .../workflows/portal-assets-image-update.yml | 18 +++++ ...portal-assets-int-release-image-update.yml | 18 +++++ ...ortal-backend-int-release-image-update.yml | 18 +++++ .github/workflows/portal-image-update.yml | 18 +++++ .github/workflows/portal-initdb.yml | 68 +++++++++++++++++++ .../portal-int-release-image-update.yml | 18 +++++ .../portal-migrations-image-update.yml | 18 +++++ .../portal-registration-image-update.yml | 18 +++++ ...-registration-int-release-image-update.yml | 18 +++++ .../provisioning-migrations-image-update.yml | 18 +++++ .../provisioning-service-image-update.yml | 18 +++++ .../registration-service-image-update.yml | 18 +++++ .../services-service-image-update.yml | 18 +++++ .github/workflows/trivy.yml | 4 +- 21 files changed, 412 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/portal-initdb.yml diff --git a/.github/workflows/administration-service-image-update.yml b/.github/workflows/administration-service-image-update.yml index 244fde8d2..d503b4f8b 100644 --- a/.github/workflows/administration-service-image-update.yml +++ b/.github/workflows/administration-service-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Administration-Service Auto-image-update on: diff --git a/.github/workflows/chart-release-helm-environments.yaml b/.github/workflows/chart-release-helm-environments.yaml index ac32fe269..52d7c2dd3 100644 --- a/.github/workflows/chart-release-helm-environments.yaml +++ b/.github/workflows/chart-release-helm-environments.yaml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Release Chart Helm-Environments on: diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index 0a727ed6f..0e9ffcd00 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Release Chart on: diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 824e2898d..628836429 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: "KICS" on: diff --git a/.github/workflows/maintenance-service-image-update.yml b/.github/workflows/maintenance-service-image-update.yml index e9817ebc3..80af98100 100644 --- a/.github/workflows/maintenance-service-image-update.yml +++ b/.github/workflows/maintenance-service-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Maintenance-Service Auto-image-update on: diff --git a/.github/workflows/marketplace-app-service-image-update.yml b/.github/workflows/marketplace-app-service-image-update.yml index 971a737ce..0832931c7 100644 --- a/.github/workflows/marketplace-app-service-image-update.yml +++ b/.github/workflows/marketplace-app-service-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Marketplace-App-Service Auto-image-update on: diff --git a/.github/workflows/notification-service-image-update.yml b/.github/workflows/notification-service-image-update.yml index 90efba2e7..2661a940d 100644 --- a/.github/workflows/notification-service-image-update.yml +++ b/.github/workflows/notification-service-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Notification-Service Auto-image-update on: diff --git a/.github/workflows/portal-assets-image-update.yml b/.github/workflows/portal-assets-image-update.yml index 4a7c2cd02..b88a592ea 100644 --- a/.github/workflows/portal-assets-image-update.yml +++ b/.github/workflows/portal-assets-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Portal Assets Auto-image-update on: diff --git a/.github/workflows/portal-assets-int-release-image-update.yml b/.github/workflows/portal-assets-int-release-image-update.yml index 25310249e..d9864aeff 100644 --- a/.github/workflows/portal-assets-int-release-image-update.yml +++ b/.github/workflows/portal-assets-int-release-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Portal Assets INT Release Auto-image-update on: diff --git a/.github/workflows/portal-backend-int-release-image-update.yml b/.github/workflows/portal-backend-int-release-image-update.yml index 9a7233631..e084a9fa0 100644 --- a/.github/workflows/portal-backend-int-release-image-update.yml +++ b/.github/workflows/portal-backend-int-release-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Portal Backend INT Release Auto-image-update on: diff --git a/.github/workflows/portal-image-update.yml b/.github/workflows/portal-image-update.yml index 8d8dfdc00..ccc0b9170 100644 --- a/.github/workflows/portal-image-update.yml +++ b/.github/workflows/portal-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Portal Auto-image-update on: diff --git a/.github/workflows/portal-initdb.yml b/.github/workflows/portal-initdb.yml new file mode 100644 index 000000000..fac7354d8 --- /dev/null +++ b/.github/workflows/portal-initdb.yml @@ -0,0 +1,68 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + +name: Portal InitDB + +on: + push: + tags: + - 'v*' + workflow_dispatch: + +jobs: + build: + name: 90 portal-initdb image built + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}_initdb + + steps: + - name: Get tag name + id: git-tag + run: echo ::set-output name=git-version::${GITHUB_REF/refs\/tags\//} + + # Get the latest sources + - name: Checkout + uses: actions/checkout@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract Metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Portal initdb image + - name: 'Build image' + uses: docker/build-push-action@v2 + with: + context: . + file: docker/Dockerfile.import + push: true + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.git-tag.outputs.git-version }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/portal-int-release-image-update.yml b/.github/workflows/portal-int-release-image-update.yml index 7e01c57a2..d73b87b93 100644 --- a/.github/workflows/portal-int-release-image-update.yml +++ b/.github/workflows/portal-int-release-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Portal INT Release Auto-image-update on: diff --git a/.github/workflows/portal-migrations-image-update.yml b/.github/workflows/portal-migrations-image-update.yml index 0aedbe882..37df8831c 100644 --- a/.github/workflows/portal-migrations-image-update.yml +++ b/.github/workflows/portal-migrations-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Portal-Migrations Auto-image-update on: diff --git a/.github/workflows/portal-registration-image-update.yml b/.github/workflows/portal-registration-image-update.yml index b3159b709..e428fd708 100644 --- a/.github/workflows/portal-registration-image-update.yml +++ b/.github/workflows/portal-registration-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Portal Registration Auto-image-update on: diff --git a/.github/workflows/portal-registration-int-release-image-update.yml b/.github/workflows/portal-registration-int-release-image-update.yml index 03e0dcd0c..c0d3456b2 100644 --- a/.github/workflows/portal-registration-int-release-image-update.yml +++ b/.github/workflows/portal-registration-int-release-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Portal Registration INT Release Auto-image-update on: diff --git a/.github/workflows/provisioning-migrations-image-update.yml b/.github/workflows/provisioning-migrations-image-update.yml index 86c70e36f..c9f8d86c5 100644 --- a/.github/workflows/provisioning-migrations-image-update.yml +++ b/.github/workflows/provisioning-migrations-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Provisioning-Migrations Auto-image-update on: diff --git a/.github/workflows/provisioning-service-image-update.yml b/.github/workflows/provisioning-service-image-update.yml index d9898e7de..3b793bfdd 100644 --- a/.github/workflows/provisioning-service-image-update.yml +++ b/.github/workflows/provisioning-service-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Provisioning-Service Auto-image-update on: diff --git a/.github/workflows/registration-service-image-update.yml b/.github/workflows/registration-service-image-update.yml index 4ed3a9690..dc3c8c9b4 100644 --- a/.github/workflows/registration-service-image-update.yml +++ b/.github/workflows/registration-service-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Registration-Service Auto-image-update on: workflow_dispatch: diff --git a/.github/workflows/services-service-image-update.yml b/.github/workflows/services-service-image-update.yml index 0a0963ff3..58d59b9b9 100644 --- a/.github/workflows/services-service-image-update.yml +++ b/.github/workflows/services-service-image-update.yml @@ -1,3 +1,21 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + name: Services-Service Auto-image-update on: diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 720cbcdad..e33551847 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -38,7 +38,7 @@ on: env: REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} + IMAGE_NAME: ${{ github.repository }}_initdb jobs: analyze-config: From 67b791a900e4db60d638f9740d6f9aeea415f2ee Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Thu, 5 Jan 2023 18:15:59 +0100 Subject: [PATCH 07/11] cplp-1420: remove initdb setup --- .github/workflows/portal-initdb.yml | 68 ----------------------------- .github/workflows/trivy.yml | 37 ---------------- 2 files changed, 105 deletions(-) delete mode 100644 .github/workflows/portal-initdb.yml diff --git a/.github/workflows/portal-initdb.yml b/.github/workflows/portal-initdb.yml deleted file mode 100644 index fac7354d8..000000000 --- a/.github/workflows/portal-initdb.yml +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. - -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# SPDX-License-Identifier: Apache-2.0 ---- - -name: Portal InitDB - -on: - push: - tags: - - 'v*' - workflow_dispatch: - -jobs: - build: - name: 90 portal-initdb image built - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }}_initdb - - steps: - - name: Get tag name - id: git-tag - run: echo ::set-output name=git-version::${GITHUB_REF/refs\/tags\//} - - # Get the latest sources - - name: Checkout - uses: actions/checkout@v3 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v3 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - # Build and push Portal initdb image - - name: 'Build image' - uses: docker/build-push-action@v2 - with: - context: . - file: docker/Dockerfile.import - push: true - tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.git-tag.outputs.git-version }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index e33551847..c4538bf4f 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -36,10 +36,6 @@ on: workflow_dispatch: # Trigger manually -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }}_initdb - jobs: analyze-config: runs-on: ubuntu-latest @@ -68,36 +64,3 @@ jobs: if: always() with: sarif_file: "trivy-results1.sarif" - - analyze-portal-cd_initdb: - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # It's also possible to scan your private registry with Trivy's built-in image scan. - # All you have to do is set ENV vars. - # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD. - # You don't need to set ENV vars when downloading from a public repository. - # For public images, no ENV vars must be set. - - name: Run Trivy vulnerability scanner - if: always() - uses: aquasecurity/trivy-action@master - with: - # Path to Docker image - image-ref: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" - format: "sarif" - output: "trivy-results2.sarif" - exit-code: "1" - severity: "CRITICAL,HIGH" - - - name: Upload Trivy scan results to GitHub Security tab - if: always() - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: "trivy-results2.sarif" From 0a7b652ff7632172fd680c0f186af56e5f7cf058 Mon Sep 17 00:00:00 2001 From: Philip Schneider Date: Fri, 20 Jan 2023 09:28:04 +0100 Subject: [PATCH 08/11] CPLP-1965 add checklist worker --- .../checklist-worker-image-update.yml | 53 +++++++++++++++++++ ...ortal-backend-int-release-image-update.yml | 3 ++ 2 files changed, 56 insertions(+) create mode 100644 .github/workflows/checklist-worker-image-update.yml diff --git a/.github/workflows/checklist-worker-image-update.yml b/.github/workflows/checklist-worker-image-update.yml new file mode 100644 index 000000000..63a0821a1 --- /dev/null +++ b/.github/workflows/checklist-worker-image-update.yml @@ -0,0 +1,53 @@ +# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + +name: Checklist-Worker Auto-image-update + +on: + workflow_dispatch: + inputs: + new-image: + description: 'new available image' + required: true + default: 'no content' + +env: + IMAGE_BEGINN: 'checklistworkertag: ' + IMAGE_FULL_NEW: 'checklistworkertag: ${{ inputs.new-image }}' + +jobs: + update-image-tag: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Modify image tag in values-dev.yaml + run: | + sed -i 's/${{ env.IMAGE_BEGINN }}.*/${{ env.IMAGE_FULL_NEW }}/' charts/portal/values-dev.yaml + + - name: Commit and push updated values-dev.yaml + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add charts/portal/values-dev.yaml + git commit -m "Add new image for checklist worker" + bash ./scripts/push.sh diff --git a/.github/workflows/portal-backend-int-release-image-update.yml b/.github/workflows/portal-backend-int-release-image-update.yml index e084a9fa0..04538eb67 100644 --- a/.github/workflows/portal-backend-int-release-image-update.yml +++ b/.github/workflows/portal-backend-int-release-image-update.yml @@ -37,6 +37,8 @@ env: NOTIFICATION_IMAGE_FULL_NEW: 'notificationservicetag: ${{ inputs.new-image }}' PORTALMIGRATIONS_IMAGE_BEGINN: 'portalmigrationstag: ' PORTALMIGRATIONS_IMAGE_FULL_NEW: 'portalmigrationstag: ${{ inputs.new-image }}' + CHECKLIST_IMAGE_BEGINN: 'checklistworkertag: ' + CHECKLIST_IMAGE_FULL_NEW: 'checklistworkertag: ${{ inputs.new-image }}' PROVISIONING_IMAGE_BEGINN: 'provisioningservicetag: ' PROVISIONING_IMAGE_FULL_NEW: 'provisioningservicetag: ${{ inputs.new-image }}' REGISTRATION_IMAGE_BEGINN: 'registrationservicetag: ' @@ -59,6 +61,7 @@ jobs: - name: Modify image tag in values-int.yaml run: | sed -i 's/${{ env.ADMINISTRATION_IMAGE_BEGINN }}.*/${{ env.ADMINISTRATION_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml + sed -i 's/${{ env.CHECKLIST_IMAGE_BEGINN }}.*/${{ env.CHECKLIST_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml sed -i 's/${{ env.PORTALMAINTENANCE_IMAGE_BEGINN }}.*/${{ env.PORTALMAINTENANCE_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml sed -i 's/${{ env.APPMARKETPLACE_IMAGE_BEGINN }}.*/${{ env.APPMARKETPLACE_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml sed -i 's/${{ env.NOTIFICATION_IMAGE_BEGINN }}.*/${{ env.NOTIFICATION_IMAGE_FULL_NEW }}/' charts/portal/values-int.yaml From b2bc567eae94d23c8d165fd0ff07a4ea824efb05 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Wed, 22 Feb 2023 19:53:50 +0100 Subject: [PATCH 09/11] chore: update chart-releaser action --- .github/workflows/chart-release.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index 0e9ffcd00..22b99dc09 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -57,5 +57,7 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.4.1 + with: + charts_dir: charts/portal env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From f6782c3d2c7247d6bd347f2d133916361e82b931 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Thu, 23 Feb 2023 14:39:03 +0100 Subject: [PATCH 10/11] release: add helm-environments updates for v1.0.0 --- .../administration-service-image-update.yml | 13 +- .../chart-release-helm-environments.yaml | 62 -- .github/workflows/chart-release.yaml | 23 +- .../checklist-worker-image-update.yml | 13 +- .github/workflows/kics.yml | 13 +- .../maintenance-service-image-update.yml | 13 +- .../marketplace-app-service-image-update.yml | 13 +- .../notification-service-image-update.yml | 13 +- .../workflows/portal-assets-image-update.yml | 13 +- ...portal-assets-int-release-image-update.yml | 13 +- ...ortal-backend-int-release-image-update.yml | 13 +- .github/workflows/portal-chart-test.yaml | 56 ++ .github/workflows/portal-image-update.yml | 13 +- .../portal-int-release-image-update.yml | 13 +- .../portal-migrations-image-update.yml | 13 +- .../portal-registration-image-update.yml | 13 +- ...-registration-int-release-image-update.yml | 13 +- .../provisioning-migrations-image-update.yml | 13 +- .../provisioning-service-image-update.yml | 13 +- .../registration-service-image-update.yml | 13 +- .../services-service-image-update.yml | 13 +- .github/workflows/trivy.yml | 13 +- CHANGELOG.md | 34 + NOTICE.md | 3 + README.md | 341 +++++++++- charts/chart-testing-config.yaml | 3 + charts/portal/.helmignore | 3 +- charts/portal/Chart.yaml | 8 +- charts/portal/README.md | 342 ++++++++++ charts/portal/README.md.gotmpl | 46 ++ .../configmap-backend-postgres-init.yaml | 38 ++ .../templates/cronjob-backend-checklist.yaml | 244 +++++++ .../cronjob-backend-maintenance.yaml | 49 -- .../cronjob-backend-portal-maintenance.yaml | 59 ++ .../deployment-backend-administration.yaml | 308 ++++++++- .../deployment-backend-appmarketplace.yaml | 173 ++++- .../deployment-backend-notification.yaml | 106 ++- .../deployment-backend-provisioning.yaml | 94 ++- .../deployment-backend-registration.yaml | 140 +++- .../deployment-backend-services.yaml | 143 +++- .../templates/deployment-frontend-assets.yaml | 80 +++ .../templates/deployment-frontend-portal.yaml | 58 +- .../deployment-frontend-registration.yaml | 54 +- .../job-backend-portal-migrations.yaml | 41 +- .../job-backend-provisioning-migrations.yaml | 62 ++ .../templates/secret-backend-external-db.yaml | 11 + .../templates/secret-backend-interfaces.yaml | 31 + ...tion.yaml => secret-backend-keycloak.yaml} | 10 +- ...-init.yaml => secret-backend-mailing.yaml} | 8 +- .../secret-backend-portal-maintenance.yaml | 27 - .../secret-backend-portal-migrations.yaml | 27 - .../secret-backend-postgres-init-db-user.yaml | 10 - ...yaml => secret-backend-postgres-init.yaml} | 11 +- .../secret-backend-provisioning.yaml | 27 - .../secret-backend-registration.yaml | 27 - .../templates/secret-backend-services.yaml | 27 - .../service-backend-administration.yaml | 2 +- .../service-backend-appmarketplace.yaml | 2 +- .../service-backend-notification.yaml | 2 +- .../service-backend-provisioning.yaml | 6 +- .../service-backend-registration.yaml | 2 +- .../templates/service-backend-services.yaml | 2 +- ...lace.yaml => service-frontend-assets.yaml} | 17 +- .../templates/service-frontend-portal.yaml | 2 +- .../service-frontend-registration.yaml | 2 +- charts/portal/values-dummy.yaml | 131 ---- charts/portal/values.yaml | 628 +++++++++++++++--- 67 files changed, 3089 insertions(+), 740 deletions(-) delete mode 100644 .github/workflows/chart-release-helm-environments.yaml create mode 100644 .github/workflows/portal-chart-test.yaml create mode 100644 CHANGELOG.md create mode 100644 charts/chart-testing-config.yaml create mode 100644 charts/portal/README.md create mode 100644 charts/portal/README.md.gotmpl create mode 100644 charts/portal/templates/configmap-backend-postgres-init.yaml create mode 100644 charts/portal/templates/cronjob-backend-checklist.yaml delete mode 100644 charts/portal/templates/cronjob-backend-maintenance.yaml create mode 100644 charts/portal/templates/cronjob-backend-portal-maintenance.yaml create mode 100644 charts/portal/templates/deployment-frontend-assets.yaml create mode 100644 charts/portal/templates/job-backend-provisioning-migrations.yaml create mode 100644 charts/portal/templates/secret-backend-external-db.yaml create mode 100644 charts/portal/templates/secret-backend-interfaces.yaml rename charts/portal/templates/{secret-backend-notification.yaml => secret-backend-keycloak.yaml} (64%) rename charts/portal/templates/{secret-backend--postgres-init.yaml => secret-backend-mailing.yaml} (72%) delete mode 100644 charts/portal/templates/secret-backend-portal-maintenance.yaml delete mode 100644 charts/portal/templates/secret-backend-portal-migrations.yaml delete mode 100644 charts/portal/templates/secret-backend-postgres-init-db-user.yaml rename charts/portal/templates/{secret-backend-administration.yaml => secret-backend-postgres-init.yaml} (61%) delete mode 100644 charts/portal/templates/secret-backend-provisioning.yaml delete mode 100644 charts/portal/templates/secret-backend-registration.yaml delete mode 100644 charts/portal/templates/secret-backend-services.yaml rename charts/portal/templates/{secret-backend-appmarketplace.yaml => service-frontend-assets.yaml} (73%) delete mode 100644 charts/portal/values-dummy.yaml diff --git a/.github/workflows/administration-service-image-update.yml b/.github/workflows/administration-service-image-update.yml index d503b4f8b..e33457895 100644 --- a/.github/workflows/administration-service-image-update.yml +++ b/.github/workflows/administration-service-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Administration-Service Auto-image-update diff --git a/.github/workflows/chart-release-helm-environments.yaml b/.github/workflows/chart-release-helm-environments.yaml deleted file mode 100644 index 52d7c2dd3..000000000 --- a/.github/workflows/chart-release-helm-environments.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. - -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# SPDX-License-Identifier: Apache-2.0 ---- - -name: Release Chart Helm-Environments - -on: - workflow_dispatch: - push: - paths: - - 'charts/**' - branches: - - main - -jobs: - release: - # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions - # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token - permissions: - contents: write - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Install Helm - uses: azure/setup-helm@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Update helm dependencies for portal - run: | - cd charts/portal - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo add runix https://helm.runix.net - helm dependency update - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.1 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index 22b99dc09..cceb470c1 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -1,30 +1,31 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Release Chart on: workflow_dispatch: - push: - paths: - - 'charts/**' - branches: - - main + # push: + # paths: + # - 'charts/**' + # branches: + # - main jobs: release: diff --git a/.github/workflows/checklist-worker-image-update.yml b/.github/workflows/checklist-worker-image-update.yml index 63a0821a1..86df5e490 100644 --- a/.github/workflows/checklist-worker-image-update.yml +++ b/.github/workflows/checklist-worker-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Checklist-Worker Auto-image-update diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 628836429..ef7187723 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: "KICS" diff --git a/.github/workflows/maintenance-service-image-update.yml b/.github/workflows/maintenance-service-image-update.yml index 80af98100..dbe4eb859 100644 --- a/.github/workflows/maintenance-service-image-update.yml +++ b/.github/workflows/maintenance-service-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Maintenance-Service Auto-image-update diff --git a/.github/workflows/marketplace-app-service-image-update.yml b/.github/workflows/marketplace-app-service-image-update.yml index 0832931c7..c23494c28 100644 --- a/.github/workflows/marketplace-app-service-image-update.yml +++ b/.github/workflows/marketplace-app-service-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Marketplace-App-Service Auto-image-update diff --git a/.github/workflows/notification-service-image-update.yml b/.github/workflows/notification-service-image-update.yml index 2661a940d..040d8aebd 100644 --- a/.github/workflows/notification-service-image-update.yml +++ b/.github/workflows/notification-service-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Notification-Service Auto-image-update diff --git a/.github/workflows/portal-assets-image-update.yml b/.github/workflows/portal-assets-image-update.yml index b88a592ea..e89822fe2 100644 --- a/.github/workflows/portal-assets-image-update.yml +++ b/.github/workflows/portal-assets-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Portal Assets Auto-image-update diff --git a/.github/workflows/portal-assets-int-release-image-update.yml b/.github/workflows/portal-assets-int-release-image-update.yml index d9864aeff..bf9e5b094 100644 --- a/.github/workflows/portal-assets-int-release-image-update.yml +++ b/.github/workflows/portal-assets-int-release-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Portal Assets INT Release Auto-image-update diff --git a/.github/workflows/portal-backend-int-release-image-update.yml b/.github/workflows/portal-backend-int-release-image-update.yml index 04538eb67..9eb56cd28 100644 --- a/.github/workflows/portal-backend-int-release-image-update.yml +++ b/.github/workflows/portal-backend-int-release-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Portal Backend INT Release Auto-image-update diff --git a/.github/workflows/portal-chart-test.yaml b/.github/workflows/portal-chart-test.yaml new file mode 100644 index 000000000..82e42ff09 --- /dev/null +++ b/.github/workflows/portal-chart-test.yaml @@ -0,0 +1,56 @@ +name: Portal Lint and Test Chart + +on: + push: + paths: + - 'charts/portal/**' + branches: [main, helm-environments] + pull_request: + paths: + - 'charts/portal/**' + workflow_dispatch: + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.10.3 + + # Setup python as a prerequisite for chart linting + - uses: actions/setup-python@v4 + with: + python-version: 3.7 + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.3.1 + + # - name: Run chart-testing (list-changed) + # id: list-changed + # run: | + # changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + # if [[ -n "$changed" ]]; then + # echo "::set-output name=changed::true" + # fi + + # run chart linting + - name: Run chart-testing (lint) + run: ct lint --charts charts/portal --config charts/chart-testing-config.yaml + + # Preparing a kind cluster to install and test charts on + - name: Create kind cluster + uses: helm/kind-action@v1.4.0 + # if: steps.list-changed.outputs.changed == 'true' + + # install the chart to the kind cluster and run helm test + # define charts to test with the --charts parameter + - name: Run chart-testing (install) + run: ct install --charts charts/portal --config charts/chart-testing-config.yaml + # if: steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/portal-image-update.yml b/.github/workflows/portal-image-update.yml index ccc0b9170..8ba8c4cc6 100644 --- a/.github/workflows/portal-image-update.yml +++ b/.github/workflows/portal-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Portal Auto-image-update diff --git a/.github/workflows/portal-int-release-image-update.yml b/.github/workflows/portal-int-release-image-update.yml index d73b87b93..132bc3a9c 100644 --- a/.github/workflows/portal-int-release-image-update.yml +++ b/.github/workflows/portal-int-release-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Portal INT Release Auto-image-update diff --git a/.github/workflows/portal-migrations-image-update.yml b/.github/workflows/portal-migrations-image-update.yml index 37df8831c..5a7252f12 100644 --- a/.github/workflows/portal-migrations-image-update.yml +++ b/.github/workflows/portal-migrations-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Portal-Migrations Auto-image-update diff --git a/.github/workflows/portal-registration-image-update.yml b/.github/workflows/portal-registration-image-update.yml index e428fd708..acd0bdab1 100644 --- a/.github/workflows/portal-registration-image-update.yml +++ b/.github/workflows/portal-registration-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Portal Registration Auto-image-update diff --git a/.github/workflows/portal-registration-int-release-image-update.yml b/.github/workflows/portal-registration-int-release-image-update.yml index c0d3456b2..0826618b2 100644 --- a/.github/workflows/portal-registration-int-release-image-update.yml +++ b/.github/workflows/portal-registration-int-release-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Portal Registration INT Release Auto-image-update diff --git a/.github/workflows/provisioning-migrations-image-update.yml b/.github/workflows/provisioning-migrations-image-update.yml index c9f8d86c5..2b3f5ff64 100644 --- a/.github/workflows/provisioning-migrations-image-update.yml +++ b/.github/workflows/provisioning-migrations-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Provisioning-Migrations Auto-image-update diff --git a/.github/workflows/provisioning-service-image-update.yml b/.github/workflows/provisioning-service-image-update.yml index 3b793bfdd..29fe21b6f 100644 --- a/.github/workflows/provisioning-service-image-update.yml +++ b/.github/workflows/provisioning-service-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Provisioning-Service Auto-image-update diff --git a/.github/workflows/registration-service-image-update.yml b/.github/workflows/registration-service-image-update.yml index dc3c8c9b4..db7ed57a3 100644 --- a/.github/workflows/registration-service-image-update.yml +++ b/.github/workflows/registration-service-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Registration-Service Auto-image-update on: diff --git a/.github/workflows/services-service-image-update.yml b/.github/workflows/services-service-image-update.yml index 58d59b9b9..0947b7205 100644 --- a/.github/workflows/services-service-image-update.yml +++ b/.github/workflows/services-service-image-update.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### name: Services-Service Auto-image-update diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index c4538bf4f..17b48f0f4 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -1,20 +1,21 @@ -# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation - +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. - +# # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0. - +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# # SPDX-License-Identifier: Apache-2.0 ---- +############################################################### # Depending on the location of your Docker container # you need to change the path to the specific Docker registry. diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 000000000..e0b6e7125 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,34 @@ +# Changelog + +New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal helm chart. + +## 1.0.0 + +### Change + +* enabled apps and jobs to use config from the environment variables. +* enabled initdb configmap with custom db user creation, removed initdb container. +* set replica count from 1 to 3. +* moved pgAdmin4 in a separate helm chart. + +### Feature + +* added checklist-worker job to chart. +* enabled option for external database. +* added rollingupdate strategy for apps. +* added option for resource management for apps. +* added livenessProbe and readinessProbe for frontend apps. +* added assign-pod-node: affinity-and-anti-affinity for apps. +* added for nodeSelector and toleration management for apps. + +### Technical Support + +* added chart test workflow for lint and install. +* added documentation for installation and changelog. + +## 0.6.0 + +### Change + +* added product helm chart for portal, combining frontend and backend chart. +* moved repository to eclipse-tractusx. diff --git a/NOTICE.md b/NOTICE.md index 78cf6613a..2f9487c32 100644 --- a/NOTICE.md +++ b/NOTICE.md @@ -25,6 +25,9 @@ The project maintains the following source code repositories in the GitHub organ * https://github.com/eclipse-tractusx/portal-frontend-registration * https://github.com/eclipse-tractusx/portal-frontend * https://github.com/eclipse-tractusx/portal-backend +* https://github.com/eclipse-tractusx/portal-assets +* https://github.com/eclipse-tractusx/portal-cd +* https://github.com/eclipse-tractusx/portal-iam ## Third-party Content diff --git a/README.md b/README.md index 803af5eb2..17c55ae38 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,342 @@ -# Catena-X Portal Helm Chart +# Helm chart for Catena-X Portal -This repository containes the helm chart to deploy the Catena-X Portal. +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) ![Tag](https://img.shields.io/static/v1?label=&message=LeadingRepository&color=green&style=flat) + +This helm chart installs the Catena-X Portal application which consists of + +* [portal-frontend](https://github.com/eclipse-tractusx/portal-frontend), +* [portal-frontend-registration](https://github.com/eclipse-tractusx/portal-frontend-registration), +* [portal-assets](https://github.com/eclipse-tractusx/portal-assets) and +* [portal-backend](https://github.com/eclipse-tractusx/portal-backend). + +The Catena-X Portal is designed to work with the [Catena-X IAM](https://github.com/eclipse-tractusx/portal-iam). + +For further information please refer to the [technical documentation](https://github.com/eclipse-tractusx/portal-assets/tree/1.0.0/developer/Technical%20Documentation). The referenced container images are for demonstration purposes only. + +## Installation + +To install the chart with the release name `portal`: + +```shell +$ helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev +$ helm install portal tractusx-dev/portal +``` + +To install the helm chart into your cluster with your values: + +```shell +$ helm install -f your-values.yaml portal tractusx-dev/portal +``` + +To use the helm chart as a dependency: + +```yaml +dependencies: + - name: portal + repository: https://eclipse-tractusx.github.io/charts/dev + version: 1.0.0 +``` + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| name | string | `"portal"` | | +| portalAddress | string | `"https://portal.example.org"` | Provide portal base address. | +| portalBackendAddress | string | `"https://portal-backend.example.org"` | Provide portal-backend base address. | +| centralidpAddress | string | `"https://centralidp.example.org"` | Provide centralidp base address (CX IAM), without trailing '/auth'. | +| sharedidpAddress | string | `"https://sharedidp.example.org"` | Provide sharedidp address (CX IAM), without trailing '/auth'. | +| semanticsAddress | string | `"https://semantics.example.org"` | Provide semantics base address. | +| dapsAddress | string | `"https://daps.example.org"` | Provide daps base address | +| bpdmPartnersPoolAddress | string | `"https://partners-pool.example.org"` | Provide bpdm partners pool base address. | +| bpdmPortalGateAddress | string | `"https://portal-gate.example.org"` | Provide bpdm portal gate base address. | +| custodianAddress | string | `"https://managed-identity-wallets.example.org"` | Provide custodian base address. | +| sdfactoryAddress | string | `"https://sdfactory.example.org"` | Provide sdfactory base address. | +| clearinghouseAddress | string | `"https://validation.example.org"` | Provide clearinghouse base address. | +| clearinghouseTokenAddress | string | `"https://keycloak.example.org/realms/example/protocol/openid-connect/token"` | Provide clearinghouse token address. | +| frontend.ingress.enabled | bool | `false` | Portal frontend ingress parameters, enable ingress record generation for portal frontend. | +| frontend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | +| frontend.ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$1"` | | +| frontend.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` | | +| frontend.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` | | +| frontend.ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-origin" | string | `"https://*.example.org"` | Provide CORS allowed origin. | +| frontend.ingress.tls[0] | object | `{"hosts":[""],"secretName":""}` | Provide tls secret. | +| frontend.ingress.tls[0].hosts | list | `[""]` | Provide host for tls secret. | +| frontend.ingress.hosts[0] | object | `{"host":"portal.example.org","paths":[{"backend":{"port":8080,"service":"portal"},"path":"/(.*)","pathType":"Prefix"},{"backend":{"port":8080,"service":"registration"},"path":"/registration/(.*)","pathType":"Prefix"},{"backend":{"port":8080,"service":"assets"},"path":"/((assetsORdocumentation)/.*)","pathType":"Prefix"}]}` | Provide default path for the ingress record. | +| frontend.portal.name | string | `"portal"` | | +| frontend.portal.image.name | string | `"ghcr.io/catenax-ng/tx-portal-frontend"` | | +| frontend.portal.image.portaltag | string | `"1.0.0"` | | +| frontend.registration.name | string | `"registration"` | | +| frontend.registration.image.name | string | `"ghcr.io/catenax-ng/tx-portal-frontend-registration"` | | +| frontend.registration.image.registrationtag | string | `"1.0.0"` | | +| frontend.assets.name | string | `"assets"` | | +| frontend.assets.image.name | string | `"ghcr.io/catenax-ng/tx-portal-assets"` | | +| frontend.assets.image.assetstag | string | `"1.0.0"` | | +| frontend.assets.path | string | `"/assets"` | | +| frontend.centralidpAuthPath | string | `"/auth"` | | +| frontend.bpdmPartnersPoolApiPath | string | `"/api"` | | +| backend.ingress.enabled | bool | `false` | Portal-backend ingress parameters, enable ingress record generation for portal-backend. | +| backend.ingress.name | string | `"portal-backend"` | | +| backend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | +| backend.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` | | +| backend.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` | | +| backend.ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"8m"` | | +| backend.ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-origin" | string | `"https://*.example.org"` | Provide CORS allowed origin. | +| backend.ingress.tls[0] | object | `{"hosts":[""],"secretName":""}` | Provide tls secret. | +| backend.ingress.tls[0].hosts | list | `[""]` | Provide host for tls secret. | +| backend.ingress.hosts[0] | object | `{"host":"portal-backend.example.org","paths":[{"backend":{"port":8080,"service":"registration-service"},"path":"/api/registration","pathType":"Prefix"},{"backend":{"port":8080,"service":"administration-service"},"path":"/api/administration","pathType":"Prefix"},{"backend":{"port":8080,"service":"notification-service"},"path":"/api/notification","pathType":"Prefix"},{"backend":{"port":8080,"service":"provisioning-service"},"path":"/api/provisioning","pathType":"Prefix"},{"backend":{"port":8080,"service":"marketplace-app-service"},"path":"/api/apps","pathType":"Prefix"},{"backend":{"port":8080,"service":"services-service"},"path":"/api/services","pathType":"Prefix"}]}` | Provide default path for the ingress record. | +| backend.dbConnection.schema | string | `"portal"` | | +| backend.dbConnection.sslMode | string | `"Disable"` | | +| backend.portalHomePath | string | `"/home"` | | +| backend.userManagementPath | string | `"/usermanagement"` | | +| backend.keycloak.secret | string | `"secret-backend-keycloak"` | Secret containing the database-password and the client-secret for the connection to the centralidp (CX IAM) and the client-secret for the connection to the sharedidp (CX-IAM). | +| backend.keycloak.central.clientId | string | `"central-client-id"` | Provide centralidp client-id from CX IAM centralidp. | +| backend.keycloak.central.clientSecret | string | `""` | Client-secret for centralidp client-id. Secret-key 'central-client-secret'. | +| backend.keycloak.central.authRealm | string | `"CX-Central"` | | +| backend.keycloak.central.jwtBearerOptions.metadataPath | string | `"/auth/realms/CX-Central/.well-known/openid-configuration"` | | +| backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath | string | `"/auth/realms/CX-Central"` | | +| backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal | string | `"Cl2-CX-Portal"` | | +| backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudienceRegistration | string | `"Cl1-CX-Registration"` | | +| backend.keycloak.central.tokenPath | string | `"/auth/realms/CX-Central/protocol/openid-connect/token"` | | +| backend.keycloak.central.dbConnection.host | string | `"centralidp-postgresql-primary"` | | +| backend.keycloak.central.dbConnection.port | int | `5432` | | +| backend.keycloak.central.dbConnection.user | string | `"kccentral"` | | +| backend.keycloak.central.dbConnection.database | string | `"iamcentralidp"` | | +| backend.keycloak.central.dbConnection.password | string | `""` | Password for the kccentral username. Secret-key 'central-db-password'. | +| backend.keycloak.central.dbConnection.schema | string | `"public"` | | +| backend.keycloak.central.dbConnection.sslMode | string | `"Disable"` | | +| backend.keycloak.shared.clientId | string | `"shared-client-id"` | Provide sharedidp client-id from CX IAM sharedidp. | +| backend.keycloak.shared.clientSecret | string | `""` | Client-secret for sharedidp client-id. Secret-key 'shared-client-secret'. | +| backend.keycloak.shared.authRealm | string | `"master"` | | +| backend.mailing.secret | string | `"secret-backend-mailing"` | Secret containing the passwords for backend.mailing and backend.provisioning.sharedRealm. | +| backend.mailing.host | string | `"smtp.example.org"` | Provide host. | +| backend.mailing.port | string | `"587"` | Provide port. | +| backend.mailing.user | string | `"smtp-user"` | Provide user. | +| backend.mailing.password | string | `""` | Password for the smtp username. Secret-key 'password'. | +| backend.interfaces.secret | string | `"secret-backend-interfaces"` | Secret containing the client-secrets for the connection to daps, custodian, bpdm, sdFactory and clearinghouse. | +| backend.registration.name | string | `"registration-service"` | | +| backend.registration.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_registration-service"` | | +| backend.registration.image.registrationservicetag | string | `"v1.0.0"` | | +| backend.registration.logging.registrationServiceBpn | string | `"Information"` | | +| backend.registration.portalRegistrationPath | string | `"/registration"` | | +| backend.registration.keycloakClientId | string | `"Cl1-CX-Registration"` | | +| backend.registration.applicationStatusIds.status0 | string | `"SUBMITTED"` | | +| backend.registration.applicationStatusIds.status1 | string | `"DECLINED"` | | +| backend.registration.applicationStatusIds.status2 | string | `"CONFIRMED"` | | +| backend.registration.documentTypeIds.type0 | string | `"CX_FRAME_CONTRACT"` | | +| backend.registration.documentTypeIds.type1 | string | `"COMMERCIAL_REGISTER_EXTRACT"` | | +| backend.registration.swaggerEnabled | bool | `false` | | +| backend.administration.name | string | `"administration-service"` | | +| backend.administration.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_administration-service"` | | +| backend.administration.image.administrationservicetag | string | `"v1.0.0"` | | +| backend.administration.logging.businessLogic | string | `"Information"` | | +| backend.administration.logging.sdfactoryLibrary | string | `"Information"` | | +| backend.administration.connectors.validCertificationContentTypes.type0 | string | `"application/x-pem-file"` | | +| backend.administration.connectors.validCertificationContentTypes.type1 | string | `"application/x-x509-ca-cert"` | | +| backend.administration.connectors.validCertificationContentTypes.type2 | string | `"application/pkix-cert"` | | +| backend.administration.connectors.validCertificationContentTypes.type3 | string | `"application/octet-stream"` | | +| backend.administration.connectors.selfDescriptionDocumentPath | string | `"/api/administration/documents/selfDescription"` | | +| backend.administration.keycloakClientId | string | `"Cl2-CX-Portal"` | | +| backend.administration.daps.apiPath | string | `"/api/v1/daps"` | | +| backend.administration.daps.scope | string | `"openid"` | | +| backend.administration.daps.grantType | string | `"client_credentials"` | | +| backend.administration.daps.clientId | string | `"daps-client-id"` | Provide daps client-id from CX IAM centralidp. | +| backend.administration.daps.clientSecret | string | `""` | Client-secret for daps client-id. Secret-key 'daps-client-secret'. | +| backend.administration.identityProviderAdmin.csvSettings.fileName | string | `"identityproviderlinks.csv"` | | +| backend.administration.identityProviderAdmin.csvSettings.contentType | string | `"text/csv"` | | +| backend.administration.identityProviderAdmin.csvSettings.charset | string | `"UTF-8"` | | +| backend.administration.identityProviderAdmin.csvSettings.separator | string | `","` | | +| backend.administration.identityProviderAdmin.csvSettings.headerUserId | string | `"UserId"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerFirstName | string | `"FirstName"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerLastName | string | `"LastName"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerEmail | string | `"Email"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerProviderAlias | string | `"ProviderAlias"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerProviderUserId | string | `"ProviderUserId"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerProviderUserName | string | `"ProviderUserName"` | | +| backend.administration.invitation.invitedUserInitialRoles.role0 | string | `"Company Admin"` | | +| backend.administration.registration.partnerUserInitialRoles.role0 | string | `"Company Admin"` | | +| backend.administration.registration.documentTypeIds.type0 | string | `"COMMERCIAL_REGISTER_EXTRACT"` | | +| backend.administration.userManagement.companyUserStatusIds.status0 | string | `"ACTIVE"` | | +| backend.administration.userManagement.companyUserStatusIds.status1 | string | `"INACTIVE"` | | +| backend.administration.serviceAccount.clientId | string | `"technical_roles_management"` | | +| backend.administration.swaggerEnabled | bool | `false` | | +| backend.provisioning.centralRealm | string | `"CX-Central"` | | +| backend.provisioning.centralRealmId | string | `"CX-Central"` | | +| backend.provisioning.invitedUserInitialRoles.registration | string | `"Company Admin"` | | +| backend.provisioning.serviceAccountClientPrefix | string | `"sa"` | | +| backend.provisioning.centralIdentityProvider.clientId | string | `"central-idp"` | | +| backend.provisioning.sharedRealmClient.clientId | string | `"central-idp"` | | +| backend.provisioning.sharedRealm.smtpServer.host | string | `"smtp.example.org"` | Provide host. | +| backend.provisioning.sharedRealm.smtpServer.port | string | `"587"` | Provide port. | +| backend.provisioning.sharedRealm.smtpServer.user | string | `"smtp-user"` | Provide user. | +| backend.provisioning.sharedRealm.smtpServer.password | string | `""` | Password for the smtp username. Secret-key 'provisioning-sharedrealm-password'. | +| backend.provisioning.sharedRealm.smtpServer.ssl | string | `""` | | +| backend.provisioning.sharedRealm.smtpServer.startTls | string | `"true"` | | +| backend.provisioning.sharedRealm.smtpServer.auth | string | `"true"` | | +| backend.provisioning.sharedRealm.smtpServer.from | string | `"smtp@example.org"` | Provide from. | +| backend.provisioning.sharedRealm.smtpServer.replyTo | string | `"smtp@example.org"` | Provide replyTo. | +| backend.provisioning.service.name | string | `"provisioning-service"` | | +| backend.provisioning.service.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_provisioning-service"` | | +| backend.provisioning.service.image.provisioningservicetag | string | `"v1.0.0"` | | +| backend.provisioning.service.swaggerEnabled | bool | `false` | | +| backend.appmarketplace.name | string | `"marketplace-app-service"` | | +| backend.appmarketplace.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_marketplace-app-service"` | | +| backend.appmarketplace.image.appmarketplaceservicetag | string | `"v1.0.0"` | | +| backend.appmarketplace.logging.offersLibrary | string | `"Information"` | | +| backend.appmarketplace.appOverviewPath | string | `"/appoverview"` | | +| backend.appmarketplace.catenaAdminRoles.role0 | string | `"CX Admin"` | | +| backend.appmarketplace.serviceAccountRoles.role0 | string | `"App Tech User"` | | +| backend.appmarketplace.salesManagerRoles.role0 | string | `"Sales Manager"` | | +| backend.appmarketplace.serviceManagerRoles.role0 | string | `"App Manager"` | | +| backend.appmarketplace.activeAppCompanyAdminRoles.role0 | string | `"IT Admin"` | | +| backend.appmarketplace.activeAppCompanyAdminRoles.role1 | string | `"Company Admin"` | | +| backend.appmarketplace.approveAppUserRoles.role0 | string | `"Sales Manager"` | | +| backend.appmarketplace.approveAppUserRoles.role1 | string | `"Service Manager"` | | +| backend.appmarketplace.ITAdminRoles.role0 | string | `"IT Admin"` | | +| backend.appmarketplace.documentTypeIds.type0 | string | `"APP_CONTRACT"` | | +| backend.appmarketplace.documentTypeIds.type1 | string | `"APP_DATA_DETAILS"` | | +| backend.appmarketplace.documentTypeIds.type2 | string | `"ADDITIONAL_DETAILS"` | | +| backend.appmarketplace.documentTypeIds.type3 | string | `"APP_TECHNICAL_INFORMATION"` | | +| backend.appmarketplace.documentTypeIds.type4 | string | `"APP_LEADIMAGE"` | | +| backend.appmarketplace.documentTypeIds.type5 | string | `"APP_IMAGE"` | | +| backend.appmarketplace.contentTypeSettings.setting0 | string | `"application/pdf"` | | +| backend.appmarketplace.contentTypeSettings.setting1 | string | `"image/jpeg"` | | +| backend.appmarketplace.contentTypeSettings.setting2 | string | `"image/png"` | | +| backend.appmarketplace.notificationTypeIds.type0 | string | `"APP_RELEASE_REQUEST"` | | +| backend.appmarketplace.activeAppNotificationTypeIds.type0 | string | `"APP_ROLE_ADDED"` | | +| backend.appmarketplace.submitAppNotificationTypeIds.type0 | string | `"APP_RELEASE_REQUEST"` | | +| backend.appmarketplace.approveAppNotificationTypeIds.type0 | string | `"APP_RELEASE_APPROVAL"` | | +| backend.appmarketplace.appImageDocumentTypeIds.type0 | string | `"APP_LEADIMAGE"` | | +| backend.appmarketplace.appImageDocumentTypeIds.type1 | string | `"APP_IMAGE"` | | +| backend.appmarketplace.offerStatusIds.status0 | string | `"IN_REVIEW"` | | +| backend.appmarketplace.offerStatusIds.status1 | string | `"ACTIVE"` | | +| backend.appmarketplace.swaggerEnabled | bool | `false` | | +| backend.portalmigrations.name | string | `"portal-migrations"` | | +| backend.portalmigrations.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_portal-migrations"` | | +| backend.portalmigrations.image.portalmigrationstag | string | `"8428dbe3d4fe9a344ea5d0adb178e6807d9fa78c"` | | +| backend.portalmigrations.seeding.testDataEnvironments | string | `""` | | +| backend.portalmaintenance.name | string | `"portal-maintenance"` | | +| backend.portalmaintenance.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_maintenance-service"` | | +| backend.portalmaintenance.image.portalmaintenancetag | string | `"v1.0.0"` | | +| backend.notification.name | string | `"notification-service"` | | +| backend.notification.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_notification-service"` | | +| backend.notification.image.notificationservicetag | string | `"v1.0.0"` | | +| backend.notification.swaggerEnabled | bool | `false` | | +| backend.services.name | string | `"services-service"` | | +| backend.services.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_services-service"` | | +| backend.services.image.servicesservicetag | string | `"v1.0.0"` | | +| backend.services.logging.offersLibrary | string | `"Information"` | | +| backend.services.serviceMarketplacePath | string | `"/servicemarketplace"` | | +| backend.services.catenaAdminRoles.role0 | string | `"CX Admin"` | | +| backend.services.serviceAccountRoles.role0 | string | `"App Tech User"` | | +| backend.services.salesManagerRoles.role0 | string | `"Sales Manager"` | | +| backend.services.serviceManagerRoles.role0 | string | `"Service Manager"` | | +| backend.services.approveServiceUserRoles.role0 | string | `"Sales Manager"` | | +| backend.services.approveServiceUserRoles.role1 | string | `"Service Manager"` | | +| backend.services.ITAdminRoles.role0 | string | `"IT Admin"` | | +| backend.services.documentTypeIds.type0 | string | `"ADDITIONAL_DETAILS"` | | +| backend.services.contentTypeSettings.setting0 | string | `"application/pdf"` | | +| backend.services.submitServiceNotificationTypeIds.type0 | string | `"SERVICE_RELEASE_REQUEST"` | | +| backend.services.approveServiceNotificationTypeIds.type0 | string | `"SERVICE_RELEASE_APPROVAL"` | | +| backend.services.swaggerEnabled | bool | `false` | | +| backend.provisioningmigrations.name | string | `"provisioning-migrations"` | | +| backend.provisioningmigrations.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_provisioning-migrations"` | | +| backend.provisioningmigrations.image.provisioningmigrationstag | string | `"v1.0.0"` | | +| backend.checklistworker.name | string | `"checklist-worker"` | | +| backend.checklistworker.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_checklist-worker"` | | +| backend.checklistworker.image.checklistworkertag | string | `"v1.0.0"` | | +| backend.checklistworker.logging.checklistLibrary | string | `"Information"` | | +| backend.checklistworker.logging.bpdmLibrary | string | `"Information"` | | +| backend.checklistworker.logging.clearinghouseLibrary | string | `"Information"` | | +| backend.checklistworker.logging.custodianLibrary | string | `"Information"` | | +| backend.checklistworker.logging.sdfactoryLibrary | string | `"Information"` | | +| backend.checklistworker.applicationActivation.applicationApprovalInitialRoles.portal.role0 | string | `"Company Admin"` | | +| backend.checklistworker.applicationActivation.applicationApprovalInitialRoles.registration.role0 | string | `"Company Admin"` | | +| backend.checklistworker.applicationActivation.clientToRemoveRolesOnActivation.client0 | string | `"Cl1-CX-Registration"` | | +| backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type0 | string | `"WELCOME"` | | +| backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type1 | string | `"WELCOME_USE_CASES"` | | +| backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type2 | string | `"WELCOME_SERVICE_PROVIDER"` | | +| backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type3 | string | `"WELCOME_CONNECTOR_REGISTRATION"` | | +| backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type4 | string | `"WELCOME_APP_MARKETPLACE"` | | +| backend.checklistworker.bpdm.scope | string | `"openid"` | | +| backend.checklistworker.bpdm.grantType | string | `"client_credentials"` | | +| backend.checklistworker.bpdm.clientId | string | `"bpdm-client-id"` | Provide bpdm client-id from CX IAM centralidp. | +| backend.checklistworker.bpdm.clientSecret | string | `""` | Client-secret for bpdm client-id. Secret-key 'bpdm-client-secret'. | +| backend.checklistworker.custodian.scope | string | `"openid"` | | +| backend.checklistworker.custodian.grantType | string | `"client_credentials"` | | +| backend.checklistworker.custodian.clientId | string | `"custodian-client-id"` | Provide custodian client-id from CX IAM centralidp. | +| backend.checklistworker.custodian.clientSecret | string | `""` | Client-secret for custodian client-id. Secret-key 'custodian-client-secret'. | +| backend.checklistworker.sdfactory.selfdescriptionPath | string | `"/api/rel3/selfdescription"` | | +| backend.checklistworker.sdfactory.scope | string | `"openid"` | | +| backend.checklistworker.sdfactory.grantType | string | `"client_credentials"` | | +| backend.checklistworker.sdfactory.issuerBpn | string | `"BPNDUMMY000DUMMY"` | Provide BPN for sdfactory. | +| backend.checklistworker.sdfactory.clientId | string | `"sdfactory-client-id"` | Provide sdfactory client-id from CX IAM centralidp. | +| backend.checklistworker.sdfactory.clientSecret | string | `""` | Client-secret for sdfactory client-id. Secret-key 'sdfactory-client-secret'. | +| backend.checklistworker.clearinghouse.scope | string | `"openid"` | | +| backend.checklistworker.clearinghouse.grantType | string | `"client_credentials"` | | +| backend.checklistworker.clearinghouse.clientId | string | `"clearinghouse-client-id"` | Provide clearinghouse client-id from clearinghouse IAM. | +| backend.checklistworker.clearinghouse.clientSecret | string | `""` | Client-secret for clearinghouse client-id. Secret-key 'clearinghouse-client-secret'. | +| backend.checklistworker.clearinghouse.callbackPath | string | `"/api/administration/registration/clearinghouse"` | | +| backend.placeholder | string | `"empty"` | | +| postgresql.enabled | bool | `true` | PostgreSQL chart configuration Switch to enable or disable the PostgreSQL helm chart | +| postgresql.fullnameOverride | string | `"portal-backend-postgresql"` | FullnameOverride to 'portal-backend-postgresql'. | +| postgresql.auth.database | string | `"postgres"` | Database name | +| postgresql.auth.port | int | `5432` | Database port number | +| postgresql.auth.existingSecret | string | `"secret-postgres-init"` | Secret containing the passwords for root usernames postgres and non-root usernames repl_user, portal and provisioning. | +| postgresql.auth.password | string | `""` | Password for the root username 'postgres'. Secret-key 'postgres-password'. | +| postgresql.auth.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. | +| postgresql.auth.portalUser | string | `"portal"` | Non-root username for portal. | +| postgresql.auth.provisioningUser | string | `"provisioning"` | Non-root username for provisioning. | +| postgresql.auth.portalPassword | string | `""` | Password for the non-root username 'portal'. Secret-key 'portal-password'. | +| postgresql.auth.provisioningPassword | string | `""` | Password for the non-root username 'provisioning'. Secret-key 'provisioning-password'. | +| postgresql.architecture | string | `"replication"` | | +| postgresql.audit.pgAuditLog | string | `"write, ddl"` | | +| postgresql.audit.logLinePrefix | string | `"%m %u %d "` | | +| postgresql.primary.initdb.scriptsConfigMap | string | `"configmap-postgres-init"` | | +| postgresql.primary.extraEnvVars[0].name | string | `"PORTAL_PASSWORD"` | | +| postgresql.primary.extraEnvVars[0].valueFrom.secretKeyRef.name | string | `"{{ .Values.auth.existingSecret }}"` | | +| postgresql.primary.extraEnvVars[0].valueFrom.secretKeyRef.key | string | `"portal-password"` | | +| postgresql.primary.extraEnvVars[1].name | string | `"PROVISIONING_PASSWORD"` | | +| postgresql.primary.extraEnvVars[1].valueFrom.secretKeyRef.name | string | `"{{ .Values.auth.existingSecret }}"` | | +| postgresql.primary.extraEnvVars[1].valueFrom.secretKeyRef.key | string | `"provisioning-password"` | | +| externalDatabase.host | string | `"portal-backend-postgresql-external-db"` | External PostgreSQL configuration IMPORTANT: init scripts (01-init-db-user.sh and 02-init-db.sql) available in templates/configmap-backend-postgres-init.yaml need to be executed beforehand. Database host | +| externalDatabase.database | string | `"postgres"` | Database name | +| externalDatabase.port | int | `5432` | Database port number | +| externalDatabase.secret | string | `"secret-postgres-external-db"` | Secret containing the passwords non-root usernames portal and provisioning. | +| externalDatabase.portalUser | string | `"portal"` | Non-root username for portal. | +| externalDatabase.provisioningUser | string | `"provisioning"` | Non-root username for provisioning. | +| externalDatabase.portalPassword | string | `""` | Password for the non-root username 'portal'. Secret-key 'portal-password'. | +| externalDatabase.provisioningPassword | string | `""` | Password for the non-root username 'provisioning'. Secret-key 'provisioning-password'. | +| portContainer | int | `8080` | | +| portService | int | `8080` | | +| replicaCount | int | `3` | | +| securityContext.allowPrivilegeEscalation | bool | `false` | | +| securityContext.runAsNonRoot | bool | `true` | | +| securityContext.capabilities.drop[0] | string | `"ALL"` | | +| resources | object | `{}` | If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. | +| nodeSelector | object | `{}` | Node labels for pod assignment | +| tolerations | list | `[]` | Tolerations for pod assignment | +| affinity.podAntiAffinity | object | `{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"DoesNotExist"}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}` | Following Catena-X Helm Best Practices, [reference](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). | +| updateStrategy.type | string | `"RollingUpdate"` | Update strategy type, rolling update configuration parameters, [reference](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies). | +| updateStrategy.rollingUpdate.maxSurge | int | `1` | | +| updateStrategy.rollingUpdate.maxUnavailable | int | `0` | | +| livenessProbe.failureThreshold | int | `3` | Following Catena-X Helm Best Practices, [reference](https://github.com/helm/charts/blob/master/stable/nginx-ingress/values.yaml#L210). | +| livenessProbe.initialDelaySeconds | int | `10` | | +| livenessProbe.periodSeconds | int | `10` | | +| livenessProbe.successThreshold | int | `1` | | +| livenessProbe.timeoutSeconds | int | `1` | | +| readinessProbe.failureThreshold | int | `3` | | +| readinessProbe.initialDelaySeconds | int | `10` | | +| readinessProbe.periodSeconds | int | `10` | | +| readinessProbe.successThreshold | int | `1` | | +| readinessProbe.timeoutSeconds | int | `1` | | + +Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/chart-testing-config.yaml b/charts/chart-testing-config.yaml new file mode 100644 index 000000000..8fefdda2a --- /dev/null +++ b/charts/chart-testing-config.yaml @@ -0,0 +1,3 @@ +validate-maintainers: false +chart-repos: + - bitnami=https://charts.bitnami.com/bitnami diff --git a/charts/portal/.helmignore b/charts/portal/.helmignore index 28ca7b537..0bffc69f7 100644 --- a/charts/portal/.helmignore +++ b/charts/portal/.helmignore @@ -23,4 +23,5 @@ .vscode/ # Custom dirs and files -values-dummy.yaml +argocd/ +*.gotmpl diff --git a/charts/portal/Chart.yaml b/charts/portal/Chart.yaml index 0002bacb2..d4927f30c 100644 --- a/charts/portal/Chart.yaml +++ b/charts/portal/Chart.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -21,10 +21,10 @@ apiVersion: v2 name: portal description: Helm chart for Catena-X Portal type: application -version: 0.6.0 -appVersion: 0.6.0 +version: 1.0.0 +appVersion: 1.0.0 dependencies: - condition: postgresql.enabled name: postgresql repository: https://charts.bitnami.com/bitnami - version: 11.x.x + version: 11.9.13 diff --git a/charts/portal/README.md b/charts/portal/README.md new file mode 100644 index 000000000..17c55ae38 --- /dev/null +++ b/charts/portal/README.md @@ -0,0 +1,342 @@ +# Helm chart for Catena-X Portal + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) ![Tag](https://img.shields.io/static/v1?label=&message=LeadingRepository&color=green&style=flat) + +This helm chart installs the Catena-X Portal application which consists of + +* [portal-frontend](https://github.com/eclipse-tractusx/portal-frontend), +* [portal-frontend-registration](https://github.com/eclipse-tractusx/portal-frontend-registration), +* [portal-assets](https://github.com/eclipse-tractusx/portal-assets) and +* [portal-backend](https://github.com/eclipse-tractusx/portal-backend). + +The Catena-X Portal is designed to work with the [Catena-X IAM](https://github.com/eclipse-tractusx/portal-iam). + +For further information please refer to the [technical documentation](https://github.com/eclipse-tractusx/portal-assets/tree/1.0.0/developer/Technical%20Documentation). + +The referenced container images are for demonstration purposes only. + +## Installation + +To install the chart with the release name `portal`: + +```shell +$ helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev +$ helm install portal tractusx-dev/portal +``` + +To install the helm chart into your cluster with your values: + +```shell +$ helm install -f your-values.yaml portal tractusx-dev/portal +``` + +To use the helm chart as a dependency: + +```yaml +dependencies: + - name: portal + repository: https://eclipse-tractusx.github.io/charts/dev + version: 1.0.0 +``` + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| name | string | `"portal"` | | +| portalAddress | string | `"https://portal.example.org"` | Provide portal base address. | +| portalBackendAddress | string | `"https://portal-backend.example.org"` | Provide portal-backend base address. | +| centralidpAddress | string | `"https://centralidp.example.org"` | Provide centralidp base address (CX IAM), without trailing '/auth'. | +| sharedidpAddress | string | `"https://sharedidp.example.org"` | Provide sharedidp address (CX IAM), without trailing '/auth'. | +| semanticsAddress | string | `"https://semantics.example.org"` | Provide semantics base address. | +| dapsAddress | string | `"https://daps.example.org"` | Provide daps base address | +| bpdmPartnersPoolAddress | string | `"https://partners-pool.example.org"` | Provide bpdm partners pool base address. | +| bpdmPortalGateAddress | string | `"https://portal-gate.example.org"` | Provide bpdm portal gate base address. | +| custodianAddress | string | `"https://managed-identity-wallets.example.org"` | Provide custodian base address. | +| sdfactoryAddress | string | `"https://sdfactory.example.org"` | Provide sdfactory base address. | +| clearinghouseAddress | string | `"https://validation.example.org"` | Provide clearinghouse base address. | +| clearinghouseTokenAddress | string | `"https://keycloak.example.org/realms/example/protocol/openid-connect/token"` | Provide clearinghouse token address. | +| frontend.ingress.enabled | bool | `false` | Portal frontend ingress parameters, enable ingress record generation for portal frontend. | +| frontend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | +| frontend.ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$1"` | | +| frontend.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` | | +| frontend.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` | | +| frontend.ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-origin" | string | `"https://*.example.org"` | Provide CORS allowed origin. | +| frontend.ingress.tls[0] | object | `{"hosts":[""],"secretName":""}` | Provide tls secret. | +| frontend.ingress.tls[0].hosts | list | `[""]` | Provide host for tls secret. | +| frontend.ingress.hosts[0] | object | `{"host":"portal.example.org","paths":[{"backend":{"port":8080,"service":"portal"},"path":"/(.*)","pathType":"Prefix"},{"backend":{"port":8080,"service":"registration"},"path":"/registration/(.*)","pathType":"Prefix"},{"backend":{"port":8080,"service":"assets"},"path":"/((assetsORdocumentation)/.*)","pathType":"Prefix"}]}` | Provide default path for the ingress record. | +| frontend.portal.name | string | `"portal"` | | +| frontend.portal.image.name | string | `"ghcr.io/catenax-ng/tx-portal-frontend"` | | +| frontend.portal.image.portaltag | string | `"1.0.0"` | | +| frontend.registration.name | string | `"registration"` | | +| frontend.registration.image.name | string | `"ghcr.io/catenax-ng/tx-portal-frontend-registration"` | | +| frontend.registration.image.registrationtag | string | `"1.0.0"` | | +| frontend.assets.name | string | `"assets"` | | +| frontend.assets.image.name | string | `"ghcr.io/catenax-ng/tx-portal-assets"` | | +| frontend.assets.image.assetstag | string | `"1.0.0"` | | +| frontend.assets.path | string | `"/assets"` | | +| frontend.centralidpAuthPath | string | `"/auth"` | | +| frontend.bpdmPartnersPoolApiPath | string | `"/api"` | | +| backend.ingress.enabled | bool | `false` | Portal-backend ingress parameters, enable ingress record generation for portal-backend. | +| backend.ingress.name | string | `"portal-backend"` | | +| backend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | +| backend.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` | | +| backend.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` | | +| backend.ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"8m"` | | +| backend.ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-origin" | string | `"https://*.example.org"` | Provide CORS allowed origin. | +| backend.ingress.tls[0] | object | `{"hosts":[""],"secretName":""}` | Provide tls secret. | +| backend.ingress.tls[0].hosts | list | `[""]` | Provide host for tls secret. | +| backend.ingress.hosts[0] | object | `{"host":"portal-backend.example.org","paths":[{"backend":{"port":8080,"service":"registration-service"},"path":"/api/registration","pathType":"Prefix"},{"backend":{"port":8080,"service":"administration-service"},"path":"/api/administration","pathType":"Prefix"},{"backend":{"port":8080,"service":"notification-service"},"path":"/api/notification","pathType":"Prefix"},{"backend":{"port":8080,"service":"provisioning-service"},"path":"/api/provisioning","pathType":"Prefix"},{"backend":{"port":8080,"service":"marketplace-app-service"},"path":"/api/apps","pathType":"Prefix"},{"backend":{"port":8080,"service":"services-service"},"path":"/api/services","pathType":"Prefix"}]}` | Provide default path for the ingress record. | +| backend.dbConnection.schema | string | `"portal"` | | +| backend.dbConnection.sslMode | string | `"Disable"` | | +| backend.portalHomePath | string | `"/home"` | | +| backend.userManagementPath | string | `"/usermanagement"` | | +| backend.keycloak.secret | string | `"secret-backend-keycloak"` | Secret containing the database-password and the client-secret for the connection to the centralidp (CX IAM) and the client-secret for the connection to the sharedidp (CX-IAM). | +| backend.keycloak.central.clientId | string | `"central-client-id"` | Provide centralidp client-id from CX IAM centralidp. | +| backend.keycloak.central.clientSecret | string | `""` | Client-secret for centralidp client-id. Secret-key 'central-client-secret'. | +| backend.keycloak.central.authRealm | string | `"CX-Central"` | | +| backend.keycloak.central.jwtBearerOptions.metadataPath | string | `"/auth/realms/CX-Central/.well-known/openid-configuration"` | | +| backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath | string | `"/auth/realms/CX-Central"` | | +| backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal | string | `"Cl2-CX-Portal"` | | +| backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudienceRegistration | string | `"Cl1-CX-Registration"` | | +| backend.keycloak.central.tokenPath | string | `"/auth/realms/CX-Central/protocol/openid-connect/token"` | | +| backend.keycloak.central.dbConnection.host | string | `"centralidp-postgresql-primary"` | | +| backend.keycloak.central.dbConnection.port | int | `5432` | | +| backend.keycloak.central.dbConnection.user | string | `"kccentral"` | | +| backend.keycloak.central.dbConnection.database | string | `"iamcentralidp"` | | +| backend.keycloak.central.dbConnection.password | string | `""` | Password for the kccentral username. Secret-key 'central-db-password'. | +| backend.keycloak.central.dbConnection.schema | string | `"public"` | | +| backend.keycloak.central.dbConnection.sslMode | string | `"Disable"` | | +| backend.keycloak.shared.clientId | string | `"shared-client-id"` | Provide sharedidp client-id from CX IAM sharedidp. | +| backend.keycloak.shared.clientSecret | string | `""` | Client-secret for sharedidp client-id. Secret-key 'shared-client-secret'. | +| backend.keycloak.shared.authRealm | string | `"master"` | | +| backend.mailing.secret | string | `"secret-backend-mailing"` | Secret containing the passwords for backend.mailing and backend.provisioning.sharedRealm. | +| backend.mailing.host | string | `"smtp.example.org"` | Provide host. | +| backend.mailing.port | string | `"587"` | Provide port. | +| backend.mailing.user | string | `"smtp-user"` | Provide user. | +| backend.mailing.password | string | `""` | Password for the smtp username. Secret-key 'password'. | +| backend.interfaces.secret | string | `"secret-backend-interfaces"` | Secret containing the client-secrets for the connection to daps, custodian, bpdm, sdFactory and clearinghouse. | +| backend.registration.name | string | `"registration-service"` | | +| backend.registration.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_registration-service"` | | +| backend.registration.image.registrationservicetag | string | `"v1.0.0"` | | +| backend.registration.logging.registrationServiceBpn | string | `"Information"` | | +| backend.registration.portalRegistrationPath | string | `"/registration"` | | +| backend.registration.keycloakClientId | string | `"Cl1-CX-Registration"` | | +| backend.registration.applicationStatusIds.status0 | string | `"SUBMITTED"` | | +| backend.registration.applicationStatusIds.status1 | string | `"DECLINED"` | | +| backend.registration.applicationStatusIds.status2 | string | `"CONFIRMED"` | | +| backend.registration.documentTypeIds.type0 | string | `"CX_FRAME_CONTRACT"` | | +| backend.registration.documentTypeIds.type1 | string | `"COMMERCIAL_REGISTER_EXTRACT"` | | +| backend.registration.swaggerEnabled | bool | `false` | | +| backend.administration.name | string | `"administration-service"` | | +| backend.administration.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_administration-service"` | | +| backend.administration.image.administrationservicetag | string | `"v1.0.0"` | | +| backend.administration.logging.businessLogic | string | `"Information"` | | +| backend.administration.logging.sdfactoryLibrary | string | `"Information"` | | +| backend.administration.connectors.validCertificationContentTypes.type0 | string | `"application/x-pem-file"` | | +| backend.administration.connectors.validCertificationContentTypes.type1 | string | `"application/x-x509-ca-cert"` | | +| backend.administration.connectors.validCertificationContentTypes.type2 | string | `"application/pkix-cert"` | | +| backend.administration.connectors.validCertificationContentTypes.type3 | string | `"application/octet-stream"` | | +| backend.administration.connectors.selfDescriptionDocumentPath | string | `"/api/administration/documents/selfDescription"` | | +| backend.administration.keycloakClientId | string | `"Cl2-CX-Portal"` | | +| backend.administration.daps.apiPath | string | `"/api/v1/daps"` | | +| backend.administration.daps.scope | string | `"openid"` | | +| backend.administration.daps.grantType | string | `"client_credentials"` | | +| backend.administration.daps.clientId | string | `"daps-client-id"` | Provide daps client-id from CX IAM centralidp. | +| backend.administration.daps.clientSecret | string | `""` | Client-secret for daps client-id. Secret-key 'daps-client-secret'. | +| backend.administration.identityProviderAdmin.csvSettings.fileName | string | `"identityproviderlinks.csv"` | | +| backend.administration.identityProviderAdmin.csvSettings.contentType | string | `"text/csv"` | | +| backend.administration.identityProviderAdmin.csvSettings.charset | string | `"UTF-8"` | | +| backend.administration.identityProviderAdmin.csvSettings.separator | string | `","` | | +| backend.administration.identityProviderAdmin.csvSettings.headerUserId | string | `"UserId"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerFirstName | string | `"FirstName"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerLastName | string | `"LastName"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerEmail | string | `"Email"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerProviderAlias | string | `"ProviderAlias"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerProviderUserId | string | `"ProviderUserId"` | | +| backend.administration.identityProviderAdmin.csvSettings.headerProviderUserName | string | `"ProviderUserName"` | | +| backend.administration.invitation.invitedUserInitialRoles.role0 | string | `"Company Admin"` | | +| backend.administration.registration.partnerUserInitialRoles.role0 | string | `"Company Admin"` | | +| backend.administration.registration.documentTypeIds.type0 | string | `"COMMERCIAL_REGISTER_EXTRACT"` | | +| backend.administration.userManagement.companyUserStatusIds.status0 | string | `"ACTIVE"` | | +| backend.administration.userManagement.companyUserStatusIds.status1 | string | `"INACTIVE"` | | +| backend.administration.serviceAccount.clientId | string | `"technical_roles_management"` | | +| backend.administration.swaggerEnabled | bool | `false` | | +| backend.provisioning.centralRealm | string | `"CX-Central"` | | +| backend.provisioning.centralRealmId | string | `"CX-Central"` | | +| backend.provisioning.invitedUserInitialRoles.registration | string | `"Company Admin"` | | +| backend.provisioning.serviceAccountClientPrefix | string | `"sa"` | | +| backend.provisioning.centralIdentityProvider.clientId | string | `"central-idp"` | | +| backend.provisioning.sharedRealmClient.clientId | string | `"central-idp"` | | +| backend.provisioning.sharedRealm.smtpServer.host | string | `"smtp.example.org"` | Provide host. | +| backend.provisioning.sharedRealm.smtpServer.port | string | `"587"` | Provide port. | +| backend.provisioning.sharedRealm.smtpServer.user | string | `"smtp-user"` | Provide user. | +| backend.provisioning.sharedRealm.smtpServer.password | string | `""` | Password for the smtp username. Secret-key 'provisioning-sharedrealm-password'. | +| backend.provisioning.sharedRealm.smtpServer.ssl | string | `""` | | +| backend.provisioning.sharedRealm.smtpServer.startTls | string | `"true"` | | +| backend.provisioning.sharedRealm.smtpServer.auth | string | `"true"` | | +| backend.provisioning.sharedRealm.smtpServer.from | string | `"smtp@example.org"` | Provide from. | +| backend.provisioning.sharedRealm.smtpServer.replyTo | string | `"smtp@example.org"` | Provide replyTo. | +| backend.provisioning.service.name | string | `"provisioning-service"` | | +| backend.provisioning.service.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_provisioning-service"` | | +| backend.provisioning.service.image.provisioningservicetag | string | `"v1.0.0"` | | +| backend.provisioning.service.swaggerEnabled | bool | `false` | | +| backend.appmarketplace.name | string | `"marketplace-app-service"` | | +| backend.appmarketplace.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_marketplace-app-service"` | | +| backend.appmarketplace.image.appmarketplaceservicetag | string | `"v1.0.0"` | | +| backend.appmarketplace.logging.offersLibrary | string | `"Information"` | | +| backend.appmarketplace.appOverviewPath | string | `"/appoverview"` | | +| backend.appmarketplace.catenaAdminRoles.role0 | string | `"CX Admin"` | | +| backend.appmarketplace.serviceAccountRoles.role0 | string | `"App Tech User"` | | +| backend.appmarketplace.salesManagerRoles.role0 | string | `"Sales Manager"` | | +| backend.appmarketplace.serviceManagerRoles.role0 | string | `"App Manager"` | | +| backend.appmarketplace.activeAppCompanyAdminRoles.role0 | string | `"IT Admin"` | | +| backend.appmarketplace.activeAppCompanyAdminRoles.role1 | string | `"Company Admin"` | | +| backend.appmarketplace.approveAppUserRoles.role0 | string | `"Sales Manager"` | | +| backend.appmarketplace.approveAppUserRoles.role1 | string | `"Service Manager"` | | +| backend.appmarketplace.ITAdminRoles.role0 | string | `"IT Admin"` | | +| backend.appmarketplace.documentTypeIds.type0 | string | `"APP_CONTRACT"` | | +| backend.appmarketplace.documentTypeIds.type1 | string | `"APP_DATA_DETAILS"` | | +| backend.appmarketplace.documentTypeIds.type2 | string | `"ADDITIONAL_DETAILS"` | | +| backend.appmarketplace.documentTypeIds.type3 | string | `"APP_TECHNICAL_INFORMATION"` | | +| backend.appmarketplace.documentTypeIds.type4 | string | `"APP_LEADIMAGE"` | | +| backend.appmarketplace.documentTypeIds.type5 | string | `"APP_IMAGE"` | | +| backend.appmarketplace.contentTypeSettings.setting0 | string | `"application/pdf"` | | +| backend.appmarketplace.contentTypeSettings.setting1 | string | `"image/jpeg"` | | +| backend.appmarketplace.contentTypeSettings.setting2 | string | `"image/png"` | | +| backend.appmarketplace.notificationTypeIds.type0 | string | `"APP_RELEASE_REQUEST"` | | +| backend.appmarketplace.activeAppNotificationTypeIds.type0 | string | `"APP_ROLE_ADDED"` | | +| backend.appmarketplace.submitAppNotificationTypeIds.type0 | string | `"APP_RELEASE_REQUEST"` | | +| backend.appmarketplace.approveAppNotificationTypeIds.type0 | string | `"APP_RELEASE_APPROVAL"` | | +| backend.appmarketplace.appImageDocumentTypeIds.type0 | string | `"APP_LEADIMAGE"` | | +| backend.appmarketplace.appImageDocumentTypeIds.type1 | string | `"APP_IMAGE"` | | +| backend.appmarketplace.offerStatusIds.status0 | string | `"IN_REVIEW"` | | +| backend.appmarketplace.offerStatusIds.status1 | string | `"ACTIVE"` | | +| backend.appmarketplace.swaggerEnabled | bool | `false` | | +| backend.portalmigrations.name | string | `"portal-migrations"` | | +| backend.portalmigrations.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_portal-migrations"` | | +| backend.portalmigrations.image.portalmigrationstag | string | `"8428dbe3d4fe9a344ea5d0adb178e6807d9fa78c"` | | +| backend.portalmigrations.seeding.testDataEnvironments | string | `""` | | +| backend.portalmaintenance.name | string | `"portal-maintenance"` | | +| backend.portalmaintenance.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_maintenance-service"` | | +| backend.portalmaintenance.image.portalmaintenancetag | string | `"v1.0.0"` | | +| backend.notification.name | string | `"notification-service"` | | +| backend.notification.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_notification-service"` | | +| backend.notification.image.notificationservicetag | string | `"v1.0.0"` | | +| backend.notification.swaggerEnabled | bool | `false` | | +| backend.services.name | string | `"services-service"` | | +| backend.services.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_services-service"` | | +| backend.services.image.servicesservicetag | string | `"v1.0.0"` | | +| backend.services.logging.offersLibrary | string | `"Information"` | | +| backend.services.serviceMarketplacePath | string | `"/servicemarketplace"` | | +| backend.services.catenaAdminRoles.role0 | string | `"CX Admin"` | | +| backend.services.serviceAccountRoles.role0 | string | `"App Tech User"` | | +| backend.services.salesManagerRoles.role0 | string | `"Sales Manager"` | | +| backend.services.serviceManagerRoles.role0 | string | `"Service Manager"` | | +| backend.services.approveServiceUserRoles.role0 | string | `"Sales Manager"` | | +| backend.services.approveServiceUserRoles.role1 | string | `"Service Manager"` | | +| backend.services.ITAdminRoles.role0 | string | `"IT Admin"` | | +| backend.services.documentTypeIds.type0 | string | `"ADDITIONAL_DETAILS"` | | +| backend.services.contentTypeSettings.setting0 | string | `"application/pdf"` | | +| backend.services.submitServiceNotificationTypeIds.type0 | string | `"SERVICE_RELEASE_REQUEST"` | | +| backend.services.approveServiceNotificationTypeIds.type0 | string | `"SERVICE_RELEASE_APPROVAL"` | | +| backend.services.swaggerEnabled | bool | `false` | | +| backend.provisioningmigrations.name | string | `"provisioning-migrations"` | | +| backend.provisioningmigrations.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_provisioning-migrations"` | | +| backend.provisioningmigrations.image.provisioningmigrationstag | string | `"v1.0.0"` | | +| backend.checklistworker.name | string | `"checklist-worker"` | | +| backend.checklistworker.image.name | string | `"ghcr.io/catenax-ng/tx-portal-backend_checklist-worker"` | | +| backend.checklistworker.image.checklistworkertag | string | `"v1.0.0"` | | +| backend.checklistworker.logging.checklistLibrary | string | `"Information"` | | +| backend.checklistworker.logging.bpdmLibrary | string | `"Information"` | | +| backend.checklistworker.logging.clearinghouseLibrary | string | `"Information"` | | +| backend.checklistworker.logging.custodianLibrary | string | `"Information"` | | +| backend.checklistworker.logging.sdfactoryLibrary | string | `"Information"` | | +| backend.checklistworker.applicationActivation.applicationApprovalInitialRoles.portal.role0 | string | `"Company Admin"` | | +| backend.checklistworker.applicationActivation.applicationApprovalInitialRoles.registration.role0 | string | `"Company Admin"` | | +| backend.checklistworker.applicationActivation.clientToRemoveRolesOnActivation.client0 | string | `"Cl1-CX-Registration"` | | +| backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type0 | string | `"WELCOME"` | | +| backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type1 | string | `"WELCOME_USE_CASES"` | | +| backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type2 | string | `"WELCOME_SERVICE_PROVIDER"` | | +| backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type3 | string | `"WELCOME_CONNECTOR_REGISTRATION"` | | +| backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type4 | string | `"WELCOME_APP_MARKETPLACE"` | | +| backend.checklistworker.bpdm.scope | string | `"openid"` | | +| backend.checklistworker.bpdm.grantType | string | `"client_credentials"` | | +| backend.checklistworker.bpdm.clientId | string | `"bpdm-client-id"` | Provide bpdm client-id from CX IAM centralidp. | +| backend.checklistworker.bpdm.clientSecret | string | `""` | Client-secret for bpdm client-id. Secret-key 'bpdm-client-secret'. | +| backend.checklistworker.custodian.scope | string | `"openid"` | | +| backend.checklistworker.custodian.grantType | string | `"client_credentials"` | | +| backend.checklistworker.custodian.clientId | string | `"custodian-client-id"` | Provide custodian client-id from CX IAM centralidp. | +| backend.checklistworker.custodian.clientSecret | string | `""` | Client-secret for custodian client-id. Secret-key 'custodian-client-secret'. | +| backend.checklistworker.sdfactory.selfdescriptionPath | string | `"/api/rel3/selfdescription"` | | +| backend.checklistworker.sdfactory.scope | string | `"openid"` | | +| backend.checklistworker.sdfactory.grantType | string | `"client_credentials"` | | +| backend.checklistworker.sdfactory.issuerBpn | string | `"BPNDUMMY000DUMMY"` | Provide BPN for sdfactory. | +| backend.checklistworker.sdfactory.clientId | string | `"sdfactory-client-id"` | Provide sdfactory client-id from CX IAM centralidp. | +| backend.checklistworker.sdfactory.clientSecret | string | `""` | Client-secret for sdfactory client-id. Secret-key 'sdfactory-client-secret'. | +| backend.checklistworker.clearinghouse.scope | string | `"openid"` | | +| backend.checklistworker.clearinghouse.grantType | string | `"client_credentials"` | | +| backend.checklistworker.clearinghouse.clientId | string | `"clearinghouse-client-id"` | Provide clearinghouse client-id from clearinghouse IAM. | +| backend.checklistworker.clearinghouse.clientSecret | string | `""` | Client-secret for clearinghouse client-id. Secret-key 'clearinghouse-client-secret'. | +| backend.checklistworker.clearinghouse.callbackPath | string | `"/api/administration/registration/clearinghouse"` | | +| backend.placeholder | string | `"empty"` | | +| postgresql.enabled | bool | `true` | PostgreSQL chart configuration Switch to enable or disable the PostgreSQL helm chart | +| postgresql.fullnameOverride | string | `"portal-backend-postgresql"` | FullnameOverride to 'portal-backend-postgresql'. | +| postgresql.auth.database | string | `"postgres"` | Database name | +| postgresql.auth.port | int | `5432` | Database port number | +| postgresql.auth.existingSecret | string | `"secret-postgres-init"` | Secret containing the passwords for root usernames postgres and non-root usernames repl_user, portal and provisioning. | +| postgresql.auth.password | string | `""` | Password for the root username 'postgres'. Secret-key 'postgres-password'. | +| postgresql.auth.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. | +| postgresql.auth.portalUser | string | `"portal"` | Non-root username for portal. | +| postgresql.auth.provisioningUser | string | `"provisioning"` | Non-root username for provisioning. | +| postgresql.auth.portalPassword | string | `""` | Password for the non-root username 'portal'. Secret-key 'portal-password'. | +| postgresql.auth.provisioningPassword | string | `""` | Password for the non-root username 'provisioning'. Secret-key 'provisioning-password'. | +| postgresql.architecture | string | `"replication"` | | +| postgresql.audit.pgAuditLog | string | `"write, ddl"` | | +| postgresql.audit.logLinePrefix | string | `"%m %u %d "` | | +| postgresql.primary.initdb.scriptsConfigMap | string | `"configmap-postgres-init"` | | +| postgresql.primary.extraEnvVars[0].name | string | `"PORTAL_PASSWORD"` | | +| postgresql.primary.extraEnvVars[0].valueFrom.secretKeyRef.name | string | `"{{ .Values.auth.existingSecret }}"` | | +| postgresql.primary.extraEnvVars[0].valueFrom.secretKeyRef.key | string | `"portal-password"` | | +| postgresql.primary.extraEnvVars[1].name | string | `"PROVISIONING_PASSWORD"` | | +| postgresql.primary.extraEnvVars[1].valueFrom.secretKeyRef.name | string | `"{{ .Values.auth.existingSecret }}"` | | +| postgresql.primary.extraEnvVars[1].valueFrom.secretKeyRef.key | string | `"provisioning-password"` | | +| externalDatabase.host | string | `"portal-backend-postgresql-external-db"` | External PostgreSQL configuration IMPORTANT: init scripts (01-init-db-user.sh and 02-init-db.sql) available in templates/configmap-backend-postgres-init.yaml need to be executed beforehand. Database host | +| externalDatabase.database | string | `"postgres"` | Database name | +| externalDatabase.port | int | `5432` | Database port number | +| externalDatabase.secret | string | `"secret-postgres-external-db"` | Secret containing the passwords non-root usernames portal and provisioning. | +| externalDatabase.portalUser | string | `"portal"` | Non-root username for portal. | +| externalDatabase.provisioningUser | string | `"provisioning"` | Non-root username for provisioning. | +| externalDatabase.portalPassword | string | `""` | Password for the non-root username 'portal'. Secret-key 'portal-password'. | +| externalDatabase.provisioningPassword | string | `""` | Password for the non-root username 'provisioning'. Secret-key 'provisioning-password'. | +| portContainer | int | `8080` | | +| portService | int | `8080` | | +| replicaCount | int | `3` | | +| securityContext.allowPrivilegeEscalation | bool | `false` | | +| securityContext.runAsNonRoot | bool | `true` | | +| securityContext.capabilities.drop[0] | string | `"ALL"` | | +| resources | object | `{}` | If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. | +| nodeSelector | object | `{}` | Node labels for pod assignment | +| tolerations | list | `[]` | Tolerations for pod assignment | +| affinity.podAntiAffinity | object | `{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"DoesNotExist"}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}` | Following Catena-X Helm Best Practices, [reference](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). | +| updateStrategy.type | string | `"RollingUpdate"` | Update strategy type, rolling update configuration parameters, [reference](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies). | +| updateStrategy.rollingUpdate.maxSurge | int | `1` | | +| updateStrategy.rollingUpdate.maxUnavailable | int | `0` | | +| livenessProbe.failureThreshold | int | `3` | Following Catena-X Helm Best Practices, [reference](https://github.com/helm/charts/blob/master/stable/nginx-ingress/values.yaml#L210). | +| livenessProbe.initialDelaySeconds | int | `10` | | +| livenessProbe.periodSeconds | int | `10` | | +| livenessProbe.successThreshold | int | `1` | | +| livenessProbe.timeoutSeconds | int | `1` | | +| readinessProbe.failureThreshold | int | `3` | | +| readinessProbe.initialDelaySeconds | int | `10` | | +| readinessProbe.periodSeconds | int | `10` | | +| readinessProbe.successThreshold | int | `1` | | +| readinessProbe.timeoutSeconds | int | `1` | | + +Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/portal/README.md.gotmpl b/charts/portal/README.md.gotmpl new file mode 100644 index 000000000..59c3c2beb --- /dev/null +++ b/charts/portal/README.md.gotmpl @@ -0,0 +1,46 @@ +# {{ template "chart.description" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}![Tag](https://img.shields.io/static/v1?label=&message=LeadingRepository&color=green&style=flat) + +This helm chart installs the Catena-X Portal application which consists of + +* [portal-frontend](https://github.com/eclipse-tractusx/portal-frontend), +* [portal-frontend-registration](https://github.com/eclipse-tractusx/portal-frontend-registration), +* [portal-assets](https://github.com/eclipse-tractusx/portal-assets) and +* [portal-backend](https://github.com/eclipse-tractusx/portal-backend). + +The Catena-X Portal is designed to work with the [Catena-X IAM](https://github.com/eclipse-tractusx/portal-iam). + +For further information please refer to the [technical documentation](https://github.com/eclipse-tractusx/portal-assets/tree/{{ template "chart.version" . }}/developer/Technical%20Documentation). + +The referenced container images are for demonstration purposes only. + +## Installation + +To install the chart with the release name `{{ template "chart.name" . }}`: + +```shell +$ helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev +$ helm install {{ template "chart.name" . }} tractusx-dev/{{ template "chart.name" . }} +``` + +To install the helm chart into your cluster with your values: + +```shell +$ helm install -f your-values.yaml {{ template "chart.name" . }} tractusx-dev/{{ template "chart.name" . }} +``` + +To use the helm chart as a dependency: + +```yaml +dependencies: + - name: {{ template "chart.name" . }} + repository: https://eclipse-tractusx.github.io/charts/dev + version: {{ template "chart.version" . }} +``` + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/portal/templates/configmap-backend-postgres-init.yaml b/charts/portal/templates/configmap-backend-postgres-init.yaml new file mode 100644 index 000000000..e60097b7a --- /dev/null +++ b/charts/portal/templates/configmap-backend-postgres-init.yaml @@ -0,0 +1,38 @@ +{{- if .Values.postgresql.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.postgresql.primary.initdb.scriptsConfigMap }} + namespace: {{ .Release.Namespace }} +data: + 01-init-db-user.sh: | + postgresql_create_portal_user() { + local -r escaped_password="${PORTAL_PASSWORD//\'/\'\'}" + info "Creating user portal" + export PGPASSWORD="$POSTGRES_PASSWORD" + echo "CREATE USER portal WITH PASSWORD '${escaped_password}';" | psql -U postgres + } + postgresql_create_portal_user + postgresql_create_provisioning_user() { + local -r escaped_password="${PROVISIONING_PASSWORD//\'/\'\'}" + info "Creating user provisioning" + export PGPASSWORD="$POSTGRES_PASSWORD" + echo "CREATE USER provisioning WITH PASSWORD '${escaped_password}';" | psql -U postgres + } + postgresql_create_provisioning_user + 02-init-db.sql: | + CREATE SCHEMA portal; + ALTER SCHEMA portal OWNER TO portal; + CREATE SCHEMA provisioning; + ALTER SCHEMA provisioning OWNER TO provisioning; + CREATE TABLE public.__efmigrations_history_portal ( + migration_id character varying(150) NOT NULL, + product_version character varying(32) NOT NULL + ); + ALTER TABLE public.__efmigrations_history_portal OWNER TO portal; + CREATE TABLE public.__efmigrations_history_provisioning ( + migration_id character varying(150) NOT NULL, + product_version character varying(32) NOT NULL + ); + ALTER TABLE public.__efmigrations_history_provisioning OWNER TO provisioning; +{{- end -}} diff --git a/charts/portal/templates/cronjob-backend-checklist.yaml b/charts/portal/templates/cronjob-backend-checklist.yaml new file mode 100644 index 000000000..40c597dc3 --- /dev/null +++ b/charts/portal/templates/cronjob-backend-checklist.yaml @@ -0,0 +1,244 @@ +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Values.backend.checklistworker.name }} +spec: + schedule: "*/5 * * * *" + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Values.backend.checklistworker.name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 16 }} + image: "{{ .Values.backend.checklistworker.image.name }}:{{ .Values.backend.checklistworker.image.checklistworkertag | default .Chart.AppVersion }}" + imagePullPolicy: "Always" + env: + {{- if .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + - name: "APPLICATIONACTIVATION__APPLICATIONAPPROVALINITIALROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.checklistworker.applicationActivation.applicationApprovalInitialRoles.portal.role0 }}" + - name: "APPLICATIONACTIVATION__CLIENTTOREMOVEROLESONACTIVATION__0" + value: "{{ .Values.backend.checklistworker.applicationActivation.clientToRemoveRolesOnActivation.client0 }}" + - name: "APPLICATIONACTIVATION__BASEPORTALADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" + - name: "APPLICATIONACTIVATION__COMPANYADMINROLES__Cl1-CX-Registration__0" + value: "{{ .Values.backend.checklistworker.applicationActivation.applicationApprovalInitialRoles.registration.role0 }}" + - name: "APPLICATIONACTIVATION__WELCOMENOTIFICATIONTYPEIDS__0" + value: "{{ .Values.backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type0 }}" + - name: "APPLICATIONACTIVATION__WELCOMENOTIFICATIONTYPEIDS__1" + value: "{{ .Values.backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type1 }}" + - name: "APPLICATIONACTIVATION__WELCOMENOTIFICATIONTYPEIDS__2" + value: "{{ .Values.backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type2 }}" + - name: "APPLICATIONACTIVATION__WELCOMENOTIFICATIONTYPEIDS__3" + value: "{{ .Values.backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type3 }}" + - name: "APPLICATIONACTIVATION__WELCOMENOTIFICATIONTYPEIDS__4" + value: "{{ .Values.backend.checklistworker.applicationActivation.welcomeNotificationTypeIds.type4 }}" + - name: "CHECKLIST__BPDM__BASEADDRESS" + value: "{{ .Values.bpdmPortalGateAddress }}" + - name: "CHECKLIST__BPDM__CLIENTID" + value: "{{ .Values.backend.checklistworker.bpdm.clientId }}" + - name: "CHECKLIST__BPDM__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "bpdm-client-secret" + - name: "CHECKLIST__BPDM__GRANTTYPE" + value: "{{ .Values.backend.checklistworker.bpdm.grantType }}" + - name: "CHECKLIST__BPDM__KEYCLOAKTOKENADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "CHECKLIST__BPDM__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__BPDM__SCOPE" + value: "{{ .Values.backend.checklistworker.bpdm.scope }}" + - name: "CHECKLIST__BPDM__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__CLEARINGHOUSE__BASEADDRESS" + value: "{{ .Values.clearinghouseAddress }}" + - name: "CHECKLIST__CLEARINGHOUSE__CLIENTID" + value: "{{ .Values.backend.checklistworker.clearinghouse.clientId }}" + - name: "CHECKLIST__CLEARINGHOUSE__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "clearinghouse-client-secret" + - name: "CHECKLIST__CLEARINGHOUSE__GRANTTYPE" + value: "{{ .Values.backend.checklistworker.clearinghouse.grantType }}" + - name: "CHECKLIST__CLEARINGHOUSE__KEYCLOAKTOKENADDRESS" + value: "{{ .Values.clearinghouseTokenAddress }}" + - name: "CHECKLIST__CLEARINGHOUSE__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__CLEARINGHOUSE__SCOPE" + value: "{{ .Values.backend.checklistworker.clearinghouse.scope }}" + - name: "CHECKLIST__CLEARINGHOUSE__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__CLEARINGHOUSE__CALLBACKURL" + value: "{{ .Values.portalBackendAddress }}{{ .Values.backend.checklistworker.clearinghouse.callbackPath }}" + - name: "CHECKLIST__CUSTODIAN__BASEADDRESS" + value: "{{ .Values.custodianAddress }}" + - name: "CHECKLIST__CUSTODIAN__CLIENTID" + value: "{{ .Values.backend.checklistworker.custodian.clientId }}" + - name: "CHECKLIST__CUSTODIAN__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "custodian-client-secret" + - name: "CHECKLIST__CUSTODIAN__GRANTTYPE" + value: "{{ .Values.backend.checklistworker.custodian.grantType }}" + - name: "CHECKLIST__CUSTODIAN__KEYCLOAKTOKENADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "CHECKLIST__CUSTODIAN__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__CUSTODIAN__SCOPE" + value: "{{ .Values.backend.checklistworker.custodian.scope }}" + - name: "CHECKLIST__CUSTODIAN__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__SDFACTORY__CLIENTID" + value: "{{ .Values.backend.checklistworker.sdfactory.clientId }}" + - name: "CHECKLIST__SDFACTORY__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "sdfactory-client-secret" + - name: "CHECKLIST__SDFACTORY__GRANTTYPE" + value: "{{ .Values.backend.checklistworker.sdfactory.grantType }}" + - name: "CHECKLIST__SDFACTORY__KEYCLOAKTOKENADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "CHECKLIST__SDFACTORY__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__SDFACTORY__SCOPE" + value: "{{ .Values.backend.checklistworker.sdfactory.scope }}" + - name: "CHECKLIST__SDFACTORY__SDFACTORYISSUERBPN" + value: "{{ .Values.backend.checklistworker.sdfactory.issuerBpn }}" + - name: "CHECKLIST__SDFACTORY__SDFACTORYURL" + value: "{{ .Values.sdfactoryAddress }}{{ .Values.backend.checklistworker.sdfactory.selfdescriptionPath }}" + - name: "CHECKLIST__SDFACTORY__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "KEYCLOAK__CENTRAL__AUTHREALM" + value: "{{ .Values.backend.keycloak.central.authRealm }}" + - name: "KEYCLOAK__CENTRAL__CLIENTID" + value: "{{ .Values.backend.keycloak.central.clientId }}" + - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "central-client-secret" + - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" + value: "{{ .Values.centralidpAddress }}" + - name: "KEYCLOAK__SHARED__AUTHREALM" + value: "{{ .Values.backend.keycloak.shared.authRealm }}" + - name: "KEYCLOAK__SHARED__CLIENTID" + value: "{{ .Values.backend.keycloak.shared.clientId }}" + - name: "KEYCLOAK__SHARED__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "shared-client-secret" + - name: "KEYCLOAK__SHARED__CONNECTIONSTRING" + value: "{{ .Values.sharedidpAddress }}" + - name: "LOGGING__LOGLEVEL__ORG.ECLIPSE.TRACTUSX.PORTAL.BACKEND.CHECKLIST.LIBRARY" + value: "{{ .Values.backend.checklistworker.logging.checklistLibrary }}" + - name: "LOGGING__LOGLEVEL__ORG.ECLIPSE.TRACTUSX.PORTAL.BACKEND.BPDM.LIBRARY" + value: "{{ .Values.backend.checklistworker.logging.bpdmLibrary }}" + - name: "LOGGING__LOGLEVEL__ORG.ECLIPSE.TRACTUSX.PORTAL.BACKEND.CLEARINGHOUSE.LIBRARY" + value: "{{ .Values.backend.checklistworker.logging.clearinghouseLibrary }}" + - name: "LOGGING__LOGLEVEL__ORG.ECLIPSE.TRACTUSX.PORTAL.BACKEND.CUSTODIAN.LIBRARY" + value: "{{ .Values.backend.checklistworker.logging.custodianLibrary }}" + - name: "LOGGING__LOGLEVEL__ORG.ECLIPSE.TRACTUSX.PORTAL.BACKEND.SDFACTORY.LIBRARY" + value: "{{ .Values.backend.checklistworker.logging.sdfactoryLibrary }}" + - name: "MAILINGSERVICE__MAIL__SMTPHOST" + value: "{{ .Values.backend.mailing.host }}" + - name: "MAILINGSERVICE__MAIL__SMTPPASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.mailing.secret }}" + key: "password" + - name: "MAILINGSERVICE__MAIL__SMTPPORT" + value: "{{ .Values.backend.mailing.port }}" + - name: "MAILINGSERVICE__MAIL__SMTPUSER" + value: "{{ .Values.backend.mailing.user }}" + - name: "PROVISIONING__CENTRALIDENTITYPROVIDER__CONFIG__CLIENTID" + value: "{{ .Values.backend.provisioning.centralIdentityProvider.clientId }}" + - name: "PROVISIONING__CENTRALREALM" + value: "{{ .Values.backend.provisioning.centralRealm }}" + - name: "PROVISIONING__CENTRALREALMID" + value: "{{ .Values.backend.provisioning.centralRealmId }}" + - name: "PROVISIONING__INVITEDUSERINITIALROLES__Cl1-CX-Registration__0" + value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__AUTH" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.auth }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__FROM" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.from }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__HOST" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.host }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.mailing.secret }}" + key: "provisioning-sharedrealm-password" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__PORT" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.port }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__REPLYTO" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.replyTo }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__STARTTLS" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.startTls }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__USER" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.user }}" + - name: "PROVISIONING__SHAREDREALMCLIENT__CLIENTID" + value: "{{ .Values.backend.provisioning.sharedRealmClient.clientId }}" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP diff --git a/charts/portal/templates/cronjob-backend-maintenance.yaml b/charts/portal/templates/cronjob-backend-maintenance.yaml deleted file mode 100644 index 13b9825a3..000000000 --- a/charts/portal/templates/cronjob-backend-maintenance.yaml +++ /dev/null @@ -1,49 +0,0 @@ -############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ .Values.backend.portalmaintenance.name }} -spec: - schedule: "0 0 * * *" - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - containers: - - name: {{ .Values.backend.portalmaintenance.name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 16 }} - image: "{{ .Values.backend.portalmaintenance.image.name }}:{{ .Values.backend.portalmaintenance.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: "Always" - ports: - - containerPort: {{ .Values.portContainer }} - env: - - name: "DOTNET_ENVIRONMENT" - value: "Kubernetes" - volumeMounts: - - name: secrets - mountPath: /app/secrets - readOnly: true - volumes: - - name: secrets - secret: - secretName: {{ .Values.backend.portalmaintenance.secret.name }} diff --git a/charts/portal/templates/cronjob-backend-portal-maintenance.yaml b/charts/portal/templates/cronjob-backend-portal-maintenance.yaml new file mode 100644 index 000000000..baeafabdd --- /dev/null +++ b/charts/portal/templates/cronjob-backend-portal-maintenance.yaml @@ -0,0 +1,59 @@ +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Values.backend.portalmaintenance.name }} +spec: + schedule: "0 0 * * *" + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Values.backend.portalmaintenance.name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 16 }} + image: "{{ .Values.backend.portalmaintenance.image.name }}:{{ .Values.backend.portalmaintenance.image.portalmaintenancetag | default .Chart.AppVersion }}" + imagePullPolicy: "Always" + env: + {{- if .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "portal-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "portal-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP diff --git a/charts/portal/templates/deployment-backend-administration.yaml b/charts/portal/templates/deployment-backend-administration.yaml index 666589596..d5ac3ab3a 100644 --- a/charts/portal/templates/deployment-backend-administration.yaml +++ b/charts/portal/templates/deployment-backend-administration.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -23,6 +23,8 @@ metadata: name: {{ .Values.backend.administration.name }} spec: replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: app: {{ .Values.backend.administration.name }} @@ -35,18 +37,296 @@ spec: - name: {{ .Values.backend.administration.name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.backend.administration.image.name }}:{{ .Values.backend.administration.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.backend.administration.image.name }}:{{ .Values.backend.administration.image.administrationservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" - ports: - - containerPort: {{ .Values.portContainer }} env: - - name: "ASPNETCORE_ENVIRONMENT" - value: "Kubernetes" - volumeMounts: - - name: secrets - mountPath: /app/secrets - readOnly: true - volumes: - - name: secrets - secret: - secretName: {{ .Values.backend.administration.secret.name }} + {{- if .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};;" + {{- end }} + - name: "DATABASEACCESS__PORTAL__DATABASESCHEMA" + value: "{{ .Values.backend.dbConnection.schema }}" + - name: "KEYCLOAK_CENTRAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "central-db-password" + - name: "DATABASEACCESS__KEYCLOAK__CONNECTIONSTRING" + value: "Server={{ .Values.backend.keycloak.central.dbConnection.host }};Database={{ .Values.backend.keycloak.central.dbConnection.database }};Port={{ .Values.backend.keycloak.central.dbConnection.port }};User Id={{ .Values.backend.keycloak.central.dbConnection.user }};Password=$(KEYCLOAK_CENTRAL_PASSWORD);Ssl Mode={{ .Values.backend.keycloak.central.dbConnection.sslMode }};" + - name: "DATABASEACCESS__KEYCLOAK__DATABASESCHEMA" + value: "{{ .Values.backend.keycloak.central.dbConnection.schema }}" + - name: "CHECKLIST__BPDM__BASEADDRESS" + value: "{{ .Values.bpdmPortalGateAddress }}" + - name: "CHECKLIST__BPDM__CLIENTID" + value: "{{ .Values.backend.checklistworker.bpdm.clientId }}" + - name: "CHECKLIST__BPDM__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "bpdm-client-secret" + - name: "CHECKLIST__BPDM__GRANTTYPE" + value: "{{ .Values.backend.checklistworker.bpdm.grantType }}" + - name: "CHECKLIST__BPDM__KEYCLOAKTOKENADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "CHECKLIST__BPDM__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__BPDM__SCOPE" + value: "{{ .Values.backend.checklistworker.bpdm.scope }}" + - name: "CHECKLIST__BPDM__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__CLEARINGHOUSE__BASEADDRESS" + value: "{{ .Values.clearinghouseAddress }}" + - name: "CHECKLIST__CLEARINGHOUSE__CLIENTID" + value: "{{ .Values.backend.checklistworker.clearinghouse.clientId }}" + - name: "CHECKLIST__CLEARINGHOUSE__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "clearinghouse-client-secret" + - name: "CHECKLIST__CLEARINGHOUSE__GRANTTYPE" + value: "{{ .Values.backend.checklistworker.clearinghouse.grantType }}" + - name: "CHECKLIST__CLEARINGHOUSE__KEYCLOAKTOKENADDRESS" + value: "{{ .Values.clearinghouseTokenAddress }}" + - name: "CHECKLIST__CLEARINGHOUSE__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__CLEARINGHOUSE__SCOPE" + value: "{{ .Values.backend.checklistworker.clearinghouse.scope }}" + - name: "CHECKLIST__CLEARINGHOUSE__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__CLEARINGHOUSE__CALLBACKURL" + value: "{{ .Values.portalBackendAddress }}{{ .Values.backend.checklistworker.clearinghouse.callbackPath }}" + - name: "CHECKLIST__CUSTODIAN__BASEADDRESS" + value: "{{ .Values.custodianAddress }}" + - name: "CHECKLIST__CUSTODIAN__CLIENTID" + value: "{{ .Values.backend.checklistworker.custodian.clientId }}" + - name: "CHECKLIST__CUSTODIAN__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "custodian-client-secret" + - name: "CHECKLIST__CUSTODIAN__GRANTTYPE" + value: "{{ .Values.backend.checklistworker.custodian.grantType }}" + - name: "CHECKLIST__CUSTODIAN__KEYCLOAKTOKENADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "CHECKLIST__CUSTODIAN__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__CUSTODIAN__SCOPE" + value: "{{ .Values.backend.checklistworker.custodian.scope }}" + - name: "CHECKLIST__CUSTODIAN__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__SDFACTORY__CLIENTID" + value: "{{ .Values.backend.checklistworker.sdfactory.clientId }}" + - name: "CHECKLIST__SDFACTORY__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "sdfactory-client-secret" + - name: "CHECKLIST__SDFACTORY__GRANTTYPE" + value: "{{ .Values.backend.checklistworker.sdfactory.grantType }}" + - name: "CHECKLIST__SDFACTORY__KEYCLOAKTOKENADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "CHECKLIST__SDFACTORY__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "CHECKLIST__SDFACTORY__SCOPE" + value: "{{ .Values.backend.checklistworker.sdfactory.scope }}" + - name: "CHECKLIST__SDFACTORY__SDFACTORYISSUERBPN" + value: "{{ .Values.backend.checklistworker.sdfactory.issuerBpn }}" + - name: "CHECKLIST__SDFACTORY__SDFACTORYURL" + value: "{{ .Values.sdfactoryAddress }}{{ .Values.backend.checklistworker.sdfactory.selfdescriptionPath }}" + - name: "CHECKLIST__SDFACTORY__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "CONNECTORS__VALIDCERTIFICATIONCONTENTTYPES__0" + value: "{{ .Values.backend.administration.connectors.validCertificationContentTypes.type0 }}" + - name: "CONNECTORS__VALIDCERTIFICATIONCONTENTTYPES__1" + value: "{{ .Values.backend.administration.connectors.validCertificationContentTypes.type1 }}" + - name: "CONNECTORS__VALIDCERTIFICATIONCONTENTTYPES__2" + value: "{{ .Values.backend.administration.connectors.validCertificationContentTypes.type2 }}" + - name: "CONNECTORS__VALIDCERTIFICATIONCONTENTTYPES__3" + value: "{{ .Values.backend.administration.connectors.validCertificationContentTypes.type3 }}" + - name: "CONNECTORS__SELFDESCRIPTIONDOCUMENTURL" + value: "{{ .Values.portalBackendAddress }}{{ .Values.backend.administration.connectors.selfDescriptionDocumentPath }}" + - name: "DAPS__CLIENTID" + value: "{{ .Values.backend.administration.daps.clientId }}" + - name: "DAPS__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "daps-client-secret" + - name: "DAPS__DAPSURL" + value: "{{ .Values.dapsAddress }}{{ .Values.backend.administration.daps.apiPath }}" + - name: "DAPS__GRANTTYPE" + value: "{{ .Values.backend.administration.daps.grantType }}" + - name: "DAPS__KEYCLOAKTOKENADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "DAPS__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "DAPS__SCOPE" + value: "{{ .Values.backend.administration.daps.scope }}" + - name: "DAPS__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "Document__EnableSeedEndpoint" + value: "True" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__CHARSET" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.charset }}" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__CONTENTTYPE" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.contentType }}" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__FILENAME" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.fileName }}" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__HEADEREMAIL" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.headerEmail }}" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__HEADERFIRSTNAME" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.headerFirstName }}" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__HEADERLASTNAME" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.headerLastName }}" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__HEADERPROVIDERALIAS" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.headerProviderAlias }}" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__HEADERPROVIDERUSERID" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.headerProviderUserId }}" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__HEADERPROVIDERUSERNAME" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.headerProviderUserName }}" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__HEADERUSERID" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.headerUserId }}" + - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__SEPARATOR" + value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.separator }}" + - name: "INVITATION__INVITEDUSERINITIALROLES__Cl1-CX-Registration__0" + value: "{{ .Values.backend.administration.invitation.invitedUserInitialRoles.role0 }}" + - name: "INVITATION__REGISTRATIONAPPADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.registration.portalRegistrationPath }}" + - name: "JWTBEAREROPTIONS__METADATAADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" + value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + - name: "KEYCLOAK__CENTRAL__AUTHREALM" + value: "{{ .Values.backend.keycloak.central.authRealm }}" + - name: "KEYCLOAK__CENTRAL__CLIENTID" + value: "{{ .Values.backend.keycloak.central.clientId }}" + - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "central-client-secret" + - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" + value: "{{ .Values.centralidpAddress }}" + - name: "KEYCLOAK__SHARED__AUTHREALM" + value: "{{ .Values.backend.keycloak.shared.authRealm }}" + - name: "KEYCLOAK__SHARED__CLIENTID" + value: "{{ .Values.backend.keycloak.shared.clientId }}" + - name: "KEYCLOAK__SHARED__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "shared-client-secret" + - name: "KEYCLOAK__SHARED__CONNECTIONSTRING" + value: "{{ .Values.sharedidpAddress }}" + - name: "LOGGING__LOGLEVEL__ORG.CATENAX.NG.PORTAL.BACKEND.ADMINISTRATION.SERVICE.BUSINESSLOGIC" + value: "{{ .Values.backend.administration.logging.businessLogic }}" + - name: "LOGGING__LOGLEVEL__ORG.ECLIPSE.TRACTUSX.PORTAL.BACKEND.SDFACTORY.LIBRARY" + value: "{{ .Values.backend.administration.logging.sdfactoryLibrary }}" + - name: "MAILINGSERVICE__MAIL__SMTPHOST" + value: "{{ .Values.backend.mailing.host }}" + - name: "MAILINGSERVICE__MAIL__SMTPPASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.mailing.secret }}" + key: "password" + - name: "MAILINGSERVICE__MAIL__SMTPPORT" + value: "{{ .Values.backend.mailing.port }}" + - name: "MAILINGSERVICE__MAIL__SMTPUSER" + value: "{{ .Values.backend.mailing.user }}" + - name: "PROVISIONING__CENTRALIDENTITYPROVIDER__CONFIG__CLIENTID" + value: "{{ .Values.backend.provisioning.centralIdentityProvider.clientId }}" + - name: "PROVISIONING__CENTRALREALM" + value: "{{ .Values.backend.provisioning.centralRealm }}" + - name: "PROVISIONING__CENTRALREALMID" + value: "{{ .Values.backend.provisioning.centralRealmId }}" + - name: "PROVISIONING__INVITEDUSERINITIALROLES__Cl1-CX-Registration__0" + value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__AUTH" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.auth }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__FROM" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.from }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__HOST" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.host }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.mailing.secret }}" + key: "provisioning-sharedrealm-password" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__PORT" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.port }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__REPLYTO" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.replyTo }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__STARTTLS" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.startTls }}" + - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__USER" + value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.user }}" + - name: "PROVISIONING__SHAREDREALMCLIENT__CLIENTID" + value: "{{ .Values.backend.provisioning.sharedRealmClient.clientId }}" + - name: "REGISTRATION__DOCUMENTTYPEIDS__0" + value: "{{ .Values.backend.administration.registration.documentTypeIds.type0 }}" + - name: "REGISTRATION__PARTNERUSERINITIALROLES__Cl1-CX-Registration__0" + value: "{{ .Values.backend.administration.registration.partnerUserInitialRoles.role0 }}" + - name: "SERVICEACCOUNT__CLIENTID" + value: "{{ .Values.backend.administration.serviceAccount.clientId }}" + - name: "SWAGGERENABLED" + value: "{{ .Values.backend.administration.swaggerEnabled }}" + - name: "USERMANAGEMENT__COMPANYUSERSTATUSIDS__0" + value: "{{ .Values.backend.administration.userManagement.companyUserStatusIds.status0 }}" + - name: "USERMANAGEMENT__COMPANYUSERSTATUSIDS__1" + value: "{{ .Values.backend.administration.userManagement.companyUserStatusIds.status1 }}" + - name: "USERMANAGEMENT__PORTAL__BASEPORTALADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" + - name: "USERMANAGEMENT__PORTAL__KEYCLOAKCLIENTID" + value: "{{ .Values.backend.administration.keycloakClientId }}" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/portal/templates/deployment-backend-appmarketplace.yaml b/charts/portal/templates/deployment-backend-appmarketplace.yaml index 165226888..bd76d8d59 100644 --- a/charts/portal/templates/deployment-backend-appmarketplace.yaml +++ b/charts/portal/templates/deployment-backend-appmarketplace.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -23,6 +23,8 @@ metadata: name: {{ .Values.backend.appmarketplace.name }} spec: replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: app: {{ .Values.backend.appmarketplace.name }} @@ -35,18 +37,161 @@ spec: - name: {{ .Values.backend.appmarketplace.name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.backend.appmarketplace.image.name }}:{{ .Values.backend.appmarketplace.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.backend.appmarketplace.image.name }}:{{ .Values.backend.appmarketplace.image.appmarketplaceservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" - ports: - - containerPort: {{ .Values.portContainer }} env: - - name: "ASPNETCORE_ENVIRONMENT" - value: "Kubernetes" - volumeMounts: - - name: secrets - mountPath: /app/secrets - readOnly: true - volumes: - - name: secrets - secret: - secretName: {{ .Values.backend.appmarketplace.secret.name }} + {{- if .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + - name: "APPMARKETPLACE__ACTIVEAPPCOMPANYADMINROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.appmarketplace.activeAppCompanyAdminRoles.role0 }}" + - name: "APPMARKETPLACE__ACTIVEAPPCOMPANYADMINROLES__Cl2-CX-Portal__1" + value: "{{ .Values.backend.appmarketplace.activeAppCompanyAdminRoles.role1 }}" + - name: "APPMARKETPLACE__ACTIVEAPPNOTIFICATIONTYPEIDS__0" + value: "{{ .Values.backend.appmarketplace.activeAppNotificationTypeIds.type0 }}" + - name: "APPMARKETPLACE__APPIMAGEDOCUMENTTYPEIDS__0" + value: "{{ .Values.backend.appmarketplace.appImageDocumentTypeIds.type0 }}" + - name: "APPMARKETPLACE__APPIMAGEDOCUMENTTYPEIDS__1" + value: "{{ .Values.backend.appmarketplace.appImageDocumentTypeIds.type1 }}" + - name: "APPMARKETPLACE__APPOVERVIEWADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.appmarketplace.appOverviewPath }}" + - name: "APPMARKETPLACE__APPROVEAPPNOTIFICATIONTYPEIDS__0" + value: "{{ .Values.backend.appmarketplace.approveAppNotificationTypeIds.type0 }}" + - name: "APPMARKETPLACE__APPROVEAPPUSERROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.appmarketplace.approveAppUserRoles.role0 }}" + - name: "APPMARKETPLACE__APPROVEAPPUSERROLES__Cl2-CX-Portal__1" + value: "{{ .Values.backend.appmarketplace.approveAppUserRoles.role1 }}" + - name: "APPMARKETPLACE__BASEPORTALADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" + - name: "APPMARKETPLACE__USERMANAGEMENTADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.userManagementPath }}" + - name: "APPMARKETPLACE__CATENAADMINROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.appmarketplace.catenaAdminRoles.role0 }}" + - name: "APPMARKETPLACE__CONTENTTYPESETTINGS__0" + value: "{{ .Values.backend.appmarketplace.contentTypeSettings.setting0 }}" + - name: "APPMARKETPLACE__CONTENTTYPESETTINGS__1" + value: "{{ .Values.backend.appmarketplace.contentTypeSettings.setting1 }}" + - name: "APPMARKETPLACE__CONTENTTYPESETTINGS__2" + value: "{{ .Values.backend.appmarketplace.contentTypeSettings.setting2 }}" + - name: "APPMARKETPLACE__DOCUMENTTYPEIDS__0" + value: "{{ .Values.backend.appmarketplace.documentTypeIds.type0 }}" + - name: "APPMARKETPLACE__DOCUMENTTYPEIDS__1" + value: "{{ .Values.backend.appmarketplace.documentTypeIds.type1 }}" + - name: "APPMARKETPLACE__DOCUMENTTYPEIDS__2" + value: "{{ .Values.backend.appmarketplace.documentTypeIds.type2 }}" + - name: "APPMARKETPLACE__DOCUMENTTYPEIDS__3" + value: "{{ .Values.backend.appmarketplace.documentTypeIds.type3 }}" + - name: "APPMARKETPLACE__DOCUMENTTYPEIDS__4" + value: "{{ .Values.backend.appmarketplace.documentTypeIds.type4 }}" + - name: "APPMARKETPLACE__DOCUMENTTYPEIDS__5" + value: "{{ .Values.backend.appmarketplace.documentTypeIds.type5 }}" + - name: "APPMARKETPLACE__ITADMINROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.appmarketplace.ITAdminRoles.role0 }}" + - name: "APPMARKETPLACE__NOTIFICATIONTYPEIDS__0" + value: "{{ .Values.backend.appmarketplace.notificationTypeIds.type0 }}" + - name: "APPMARKETPLACE__OFFERSTATUSIDS__0" + value: "{{ .Values.backend.appmarketplace.offerStatusIds.status0 }}" + - name: "APPMARKETPLACE__OFFERSTATUSIDS__1" + value: "{{ .Values.backend.appmarketplace.offerStatusIds.status1 }}" + - name: "APPMARKETPLACE__SALESMANAGERROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.appmarketplace.salesManagerRoles.role0 }}" + - name: "APPMARKETPLACE__SERVICEACCOUNTROLES__technical_roles_management__0" + value: "{{ .Values.backend.appmarketplace.serviceAccountRoles.role0 }}" + - name: "APPMARKETPLACE__SERVICEMANAGERROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.appmarketplace.serviceManagerRoles.role0 }}" + - name: "APPMARKETPLACE__SUBMITAPPNOTIFICATIONTYPEIDS__0" + value: "{{ .Values.backend.appmarketplace.submitAppNotificationTypeIds.type0 }}" + - name: "JWTBEAREROPTIONS__METADATAADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" + value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + - name: "KEYCLOAK__CENTRAL__AUTHREALM" + value: "{{ .Values.backend.keycloak.central.authRealm }}" + - name: "KEYCLOAK__CENTRAL__CLIENTID" + value: "{{ .Values.backend.keycloak.central.clientId }}" + - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "central-client-secret" + - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" + value: "{{ .Values.centralidpAddress }}" + - name: "KEYCLOAK__SHARED__AUTHREALM" + value: "{{ .Values.backend.keycloak.shared.authRealm }}" + - name: "KEYCLOAK__SHARED__CLIENTID" + value: "{{ .Values.backend.keycloak.shared.clientId }}" + - name: "KEYCLOAK__SHARED__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "shared-client-secret" + - name: "KEYCLOAK__SHARED__CONNECTIONSTRING" + value: "{{ .Values.sharedidpAddress }}" + - name: "LOGGING__LOGLEVEL__ORG.CATENAX.NG.PORTAL.BACKEND.OFFERS.LIBRARY.SERVICE" + value: "{{ .Values.backend.appmarketplace.logging.offersLibrary }}" + - name: "MAILINGSERVICE__MAIL__SMTPHOST" + value: "{{ .Values.backend.mailing.host }}" + - name: "MAILINGSERVICE__MAIL__SMTPPASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.mailing.secret }}" + key: "password" + - name: "MAILINGSERVICE__MAIL__SMTPPORT" + value: "{{ .Values.backend.mailing.port }}" + - name: "MAILINGSERVICE__MAIL__SMTPUSER" + value: "{{ .Values.backend.mailing.user }}" + - name: "PROVISIONING__CENTRALREALM" + value: "{{ .Values.backend.provisioning.centralRealm }}" + - name: "PROVISIONING__CENTRALREALMID" + value: "{{ .Values.backend.provisioning.centralRealmId }}" + - name: "SWAGGERENABLED" + value: "{{ .Values.backend.appmarketplace.swaggerEnabled }}" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/portal/templates/deployment-backend-notification.yaml b/charts/portal/templates/deployment-backend-notification.yaml index 5d85bc087..06b1b359f 100644 --- a/charts/portal/templates/deployment-backend-notification.yaml +++ b/charts/portal/templates/deployment-backend-notification.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -23,6 +23,8 @@ metadata: name: {{ .Values.backend.notification.name }} spec: replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: app: {{ .Values.backend.notification.name }} @@ -35,18 +37,94 @@ spec: - name: {{ .Values.backend.notification.name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.backend.notification.image.name }}:{{ .Values.backend.notification.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.backend.notification.image.name }}:{{ .Values.backend.notification.image.notificationservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" - ports: - - containerPort: {{ .Values.portContainer }} env: - - name: "ASPNETCORE_ENVIRONMENT" - value: "Kubernetes" - volumeMounts: - - name: secrets - mountPath: /app/secrets - readOnly: true - volumes: - - name: secrets - secret: - secretName: {{ .Values.backend.notification.secret.name }} + {{- if .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "portal-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};;" + {{- end }} + - name: "DATABASEACCESS__PORTAL__DATABASESCHEMA" + value: "{{ .Values.backend.dbConnection.schema }}" + - name: "KEYCLOAK_CENTRAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "central-db-password" + - name: "DATABASEACCESS__KEYCLOAK__CONNECTIONSTRING" + value: "Server={{ .Values.backend.keycloak.central.dbConnection.host }};Database={{ .Values.backend.keycloak.central.dbConnection.database }};Port={{ .Values.backend.keycloak.central.dbConnection.port }};User Id={{ .Values.backend.keycloak.central.dbConnection.user }};Password=$(KEYCLOAK_CENTRAL_PASSWORD);Ssl Mode={{ .Values.backend.keycloak.central.dbConnection.sslMode }};" + - name: "DATABASEACCESS__KEYCLOAK__DATABASESCHEMA" + value: "{{ .Values.backend.keycloak.central.dbConnection.schema }}" + - name: "JWTBEAREROPTIONS__METADATAADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" + value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + - name: "KEYCLOAK__CENTRAL__AUTHREALM" + value: "{{ .Values.backend.keycloak.central.authRealm }}" + - name: "KEYCLOAK__CENTRAL__CLIENTID" + value: "{{ .Values.backend.keycloak.central.clientId }}" + - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "central-client-secret" + - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" + value: "{{ .Values.centralidpAddress }}" + - name: "KEYCLOAK__SHARED__AUTHREALM" + value: "{{ .Values.backend.keycloak.shared.authRealm }}" + - name: "KEYCLOAK__SHARED__CLIENTID" + value: "{{ .Values.backend.keycloak.shared.clientId }}" + - name: "KEYCLOAK__SHARED__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "shared-client-secret" + - name: "KEYCLOAK__SHARED__CONNECTIONSTRING" + value: "{{ .Values.sharedidpAddress }}" + - name: "SWAGGERENABLED" + value: "{{ .Values.backend.notification.swaggerEnabled }}" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/portal/templates/deployment-backend-provisioning.yaml b/charts/portal/templates/deployment-backend-provisioning.yaml index 7fbe430a3..004f76828 100644 --- a/charts/portal/templates/deployment-backend-provisioning.yaml +++ b/charts/portal/templates/deployment-backend-provisioning.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -20,33 +20,91 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.backend.provisioning.name }} + name: {{ .Values.backend.provisioning.service.name }} spec: replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ .Values.backend.provisioning.name }} + app: {{ .Values.backend.provisioning.service.name }} template: metadata: labels: - app: {{ .Values.backend.provisioning.name }} + app: {{ .Values.backend.provisioning.service.name }} spec: containers: - - name: {{ .Values.backend.provisioning.name }} + - name: {{ .Values.backend.provisioning.service.name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.backend.provisioning.image.name }}:{{ .Values.backend.provisioning.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.backend.provisioning.service.image.name }}:{{ .Values.backend.provisioning.service.image.provisioningservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" - ports: - - containerPort: {{ .Values.portContainer }} env: - - name: "ASPNETCORE_ENVIRONMENT" - value: "Kubernetes" - volumeMounts: - - name: secrets - mountPath: /app/secrets - readOnly: true - volumes: - - name: secrets - secret: - secretName: {{ .Values.backend.provisioning.secret.name }} + {{- if .Values.postgresql.enabled }} + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + - name: "JWTBEAREROPTIONS__METADATAADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" + value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + - name: "KEYCLOAK__CENTRAL__AUTHREALM" + value: "{{ .Values.backend.keycloak.central.authRealm }}" + - name: "KEYCLOAK__CENTRAL__CLIENTID" + value: "{{ .Values.backend.keycloak.central.clientId }}" + - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "central-client-secret" + - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" + value: "{{ .Values.centralidpAddress }}" + - name: "KEYCLOAK__SHARED__AUTHREALM" + value: "{{ .Values.backend.keycloak.shared.authRealm }}" + - name: "KEYCLOAK__SHARED__CLIENTID" + value: "{{ .Values.backend.keycloak.shared.clientId }}" + - name: "KEYCLOAK__SHARED__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "shared-client-secret" + - name: "KEYCLOAK__SHARED__CONNECTIONSTRING" + value: "{{ .Values.sharedidpAddress }}" + - name: "PROVISIONING__CENTRALREALM" + value: "{{ .Values.backend.provisioning.centralRealm }}" + - name: "SWAGGERENABLED" + value: "{{ .Values.backend.provisioning.service.swaggerEnabled }}" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/portal/templates/deployment-backend-registration.yaml b/charts/portal/templates/deployment-backend-registration.yaml index 74cb36e3b..fca770e1f 100644 --- a/charts/portal/templates/deployment-backend-registration.yaml +++ b/charts/portal/templates/deployment-backend-registration.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -23,6 +23,8 @@ metadata: name: {{ .Values.backend.registration.name }} spec: replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: app: {{ .Values.backend.registration.name }} @@ -35,18 +37,128 @@ spec: - name: {{ .Values.backend.registration.name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.backend.registration.image.name }}:{{ .Values.backend.registration.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.backend.registration.image.name }}:{{ .Values.backend.registration.image.registrationservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" - ports: - - containerPort: {{ .Values.portContainer }} env: - - name: "ASPNETCORE_ENVIRONMENT" - value: "Kubernetes" - volumeMounts: - - name: secrets - mountPath: /app/secrets - readOnly: true - volumes: - - name: secrets - secret: - secretName: {{ .Values.backend.registration.secret.name }} + {{- if .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};;" + {{- end }} + - name: "DATABASEACCESS__PORTAL__DATABASESCHEMA" + value: "{{ .Values.backend.dbConnection.schema }}" + - name: "BPN_ADDRESS" + value: "{{ .Values.bpdmPartnersPoolAddress }}" + - name: "JWTBEAREROPTIONS__METADATAADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" + value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudienceRegistration }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + - name: "KEYCLOAK__CENTRAL__AUTHREALM" + value: "{{ .Values.backend.keycloak.central.authRealm }}" + - name: "KEYCLOAK__CENTRAL__CLIENTID" + value: "{{ .Values.backend.keycloak.central.clientId }}" + - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "central-client-secret" + - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" + value: "{{ .Values.centralidpAddress }}" + - name: "KEYCLOAK__SHARED__AUTHREALM" + value: "{{ .Values.backend.keycloak.shared.authRealm }}" + - name: "KEYCLOAK__SHARED__CLIENTID" + value: "{{ .Values.backend.keycloak.shared.clientId }}" + - name: "KEYCLOAK__SHARED__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "shared-client-secret" + - name: "KEYCLOAK__SHARED__CONNECTIONSTRING" + value: "{{ .Values.sharedidpAddress }}" + - name: "LOGGING__LOGLEVEL__ORG.CATENAX.NG.PORTAL.BACKEND.REGISTRATION.SERVICE.BPN" + value: "{{ .Values.backend.registration.logging.registrationServiceBpn }}" + - name: "MAILINGSERVICE__MAIL__SMTPHOST" + value: "{{ .Values.backend.mailing.host }}" + - name: "MAILINGSERVICE__MAIL__SMTPPASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.mailing.secret }}" + key: "password" + - name: "MAILINGSERVICE__MAIL__SMTPPORT" + value: "{{ .Values.backend.mailing.port }}" + - name: "MAILINGSERVICE__MAIL__SMTPUSER" + value: "{{ .Values.backend.mailing.user }}" + - name: "PROVISIONING__CENTRALREALM" + value: "{{ .Values.backend.provisioning.centralRealm }}" + - name: "PROVISIONING__INVITEDUSERINITIALROLES__Cl1-CX-Registration__0" + value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" + - name: "PROVISIONING__SERVICEACCOUNTCLIENTPREFIX" + value: "{{ .Values.backend.provisioning.serviceAccountClientPrefix }}" + - name: "REGISTRATION__APPLICATIONSTATUSIDS__0" + value: "{{ .Values.backend.registration.applicationStatusIds.status0 }}" + - name: "REGISTRATION__APPLICATIONSTATUSIDS__1" + value: "{{ .Values.backend.registration.applicationStatusIds.status1 }}" + - name: "REGISTRATION__APPLICATIONSTATUSIDS__2" + value: "{{ .Values.backend.registration.applicationStatusIds.status2 }}" + - name: "REGISTRATION__BASEPORTALADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.registration.portalRegistrationPath }}" + - name: "REGISTRATION__DOCUMENTTYPEIDS__0" + value: "{{ .Values.backend.registration.documentTypeIds.type0 }}" + - name: "REGISTRATION__DOCUMENTTYPEIDS__1" + value: "{{ .Values.backend.registration.documentTypeIds.type1 }}" + - name: "REGISTRATION__KEYCLOAKCLIENTID" + value: "{{ .Values.backend.registration.keycloakClientId }}" + - name: "SWAGGERENABLED" + value: "{{ .Values.backend.registration.swaggerEnabled }}" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + diff --git a/charts/portal/templates/deployment-backend-services.yaml b/charts/portal/templates/deployment-backend-services.yaml index ecd175991..991b57154 100644 --- a/charts/portal/templates/deployment-backend-services.yaml +++ b/charts/portal/templates/deployment-backend-services.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -23,6 +23,8 @@ metadata: name: {{ .Values.backend.services.name }} spec: replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: app: {{ .Values.backend.services.name }} @@ -35,18 +37,131 @@ spec: - name: {{ .Values.backend.services.name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.backend.services.image.name }}:{{ .Values.backend.services.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.backend.services.image.name }}:{{ .Values.backend.services.image.servicesservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" - ports: - - containerPort: {{ .Values.portContainer }} env: - - name: "ASPNETCORE_ENVIRONMENT" - value: "Kubernetes" - volumeMounts: - - name: secrets - mountPath: /app/secrets - readOnly: true - volumes: - - name: secrets - secret: - secretName: {{ .Values.backend.services.secret.name }} + {{- if .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + - name: "JWTBEAREROPTIONS__METADATAADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" + value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + - name: "KEYCLOAK__CENTRAL__AUTHREALM" + value: "{{ .Values.backend.keycloak.central.authRealm }}" + - name: "KEYCLOAK__CENTRAL__CLIENTID" + value: "{{ .Values.backend.keycloak.central.clientId }}" + - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "central-client-secret" + - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" + value: "{{ .Values.centralidpAddress }}" + - name: "KEYCLOAK__SHARED__AUTHREALM" + value: "{{ .Values.backend.keycloak.shared.authRealm }}" + - name: "KEYCLOAK__SHARED__CLIENTID" + value: "{{ .Values.backend.keycloak.shared.clientId }}" + - name: "KEYCLOAK__SHARED__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.keycloak.secret }}" + key: "shared-client-secret" + - name: "KEYCLOAK__SHARED__CONNECTIONSTRING" + value: "{{ .Values.sharedidpAddress }}" + - name: "LOGGING__LOGLEVEL__ORG.CATENAX.NG.PORTAL.BACKEND.OFFERS.LIBRARY.SERVICE" + value: "{{ .Values.backend.services.logging.offersLibrary }}" + - name: "MAILINGSERVICE__MAIL__SMTPHOST" + value: "{{ .Values.backend.mailing.host }}" + - name: "MAILINGSERVICE__MAIL__SMTPPASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.mailing.secret }}" + key: "password" + - name: "MAILINGSERVICE__MAIL__SMTPPORT" + value: "{{ .Values.backend.mailing.port }}" + - name: "MAILINGSERVICE__MAIL__SMTPUSER" + value: "{{ .Values.backend.mailing.user }}" + - name: "PROVISIONING__CENTRALREALM" + value: "{{ .Values.backend.provisioning.centralRealm }}" + - name: "PROVISIONING__CENTRALREALMID" + value: "{{ .Values.backend.provisioning.centralRealmId }}" + - name: "SERVICES__APPROVESERVICENOTIFICATIONTYPEIDS__0" + value: "{{ .Values.backend.services.approveServiceNotificationTypeIds.type0 }}" + - name: "SERVICES__APPROVESERVICEUSERROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.services.approveServiceUserRoles.role0 }}" + - name: "SERVICES__APPROVESERVICEUSERROLES__Cl2-CX-Portal__1" + value: "{{ .Values.backend.services.approveServiceUserRoles.role1 }}" + - name: "SERVICES__BASEPORTALADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" + - name: "SERVICES__USERMANAGEMENTADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.userManagementPath }}" + - name: "SERVICES__CATENAADMINROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.services.catenaAdminRoles.role0 }}" + - name: "SERVICES__CONTENTTYPESETTINGS__0" + value: "{{ .Values.backend.services.contentTypeSettings.setting0 }}" + - name: "SERVICES__DOCUMENTTYPEIDS__0" + value: "{{ .Values.backend.services.documentTypeIds.type0 }}" + - name: "SERVICES__ITADMINROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.services.ITAdminRoles.role0 }}" + - name: "SERVICES__SALESMANAGERROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.services.salesManagerRoles.role0 }}" + - name: "SERVICES__SERVICEACCOUNTROLES__technical_roles_management__0" + value: "{{ .Values.backend.services.serviceAccountRoles.role0 }}" + - name: "SERVICES__SERVICEMANAGERROLES__Cl2-CX-Portal__0" + value: "{{ .Values.backend.services.serviceManagerRoles.role0 }}" + - name: "SERVICES__SERVICEMARKETPLACEADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.services.serviceMarketplacePath }}" + - name: "SERVICES__SUBMITSERVICENOTIFICATIONTYPEIDS__0" + value: "{{ .Values.backend.services.submitServiceNotificationTypeIds.type0 }}" + - name: "SWAGGERENABLED" + value: "{{ .Values.backend.services.swaggerEnabled }}" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/portal/templates/deployment-frontend-assets.yaml b/charts/portal/templates/deployment-frontend-assets.yaml new file mode 100644 index 000000000..45a87861c --- /dev/null +++ b/charts/portal/templates/deployment-frontend-assets.yaml @@ -0,0 +1,80 @@ +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.frontend.assets.name }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + selector: + matchLabels: + app: {{ .Values.frontend.assets.name }} + template: + metadata: + labels: + app: {{ .Values.frontend.assets.name }} + spec: + containers: + - name: {{ .Values.frontend.assets.name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ .Values.frontend.assets.image.name }}:{{ .Values.frontend.assets.image.assetstag | default .Chart.AppVersion }} + imagePullPolicy: "Always" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-setting-up-health-checks-with-readiness-and-liveness-probes + readinessProbe: + httpGet: + path: "/" + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/portal/templates/deployment-frontend-portal.yaml b/charts/portal/templates/deployment-frontend-portal.yaml index 42eaf924d..e96847ca0 100644 --- a/charts/portal/templates/deployment-frontend-portal.yaml +++ b/charts/portal/templates/deployment-frontend-portal.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -23,6 +23,8 @@ metadata: name: {{ .Values.frontend.portal.name }} spec: replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: app: {{ .Values.frontend.portal.name }} @@ -35,7 +37,57 @@ spec: - name: {{ .Values.frontend.portal.name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: {{ .Values.frontend.portal.image.name }}:{{ .Values.frontend.portal.image.tag | default .Chart.AppVersion }} + image: {{ .Values.frontend.portal.image.name }}:{{ .Values.frontend.portal.image.portaltag | default .Chart.AppVersion }} imagePullPolicy: "Always" + env: + - name: PORTAL_FRONTEND_URL + value: "{{ .Values.portalAddress }}" + - name: PORTAL_ASSETS_URL + value: "{{ .Values.portalAddress }}{{ .Values.frontend.assets.path }}" + - name: PORTAL_BACKEND_URL + value: "{{ .Values.portalBackendAddress }}" + - name: CENTRALIDP_URL + value: "{{ .Values.centralidpAddress }}{{ .Values.frontend.centralidpAuthPath }}" + - name: BPDM_API_URL + value: "{{ .Values.bpdmPartnersPoolAddress }}{{ .Values.frontend.bpdmPartnersPoolApiPath }}" + - name: SEMANTICS_URL + value: "{{ .Values.semanticsAddress }}" ports: - - containerPort: {{ .Values.portContainer }} + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-setting-up-health-checks-with-readiness-and-liveness-probes + readinessProbe: + httpGet: + path: "/" + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/portal/templates/deployment-frontend-registration.yaml b/charts/portal/templates/deployment-frontend-registration.yaml index 1cae92373..7198097b5 100644 --- a/charts/portal/templates/deployment-frontend-registration.yaml +++ b/charts/portal/templates/deployment-frontend-registration.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -23,6 +23,8 @@ metadata: name: {{ .Values.frontend.registration.name }} spec: replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: app: {{ .Values.frontend.registration.name }} @@ -35,7 +37,53 @@ spec: - name: {{ .Values.frontend.registration.name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: {{ .Values.frontend.registration.image.name }}:{{ .Values.frontend.registration.image.tag | default .Chart.AppVersion }} + image: {{ .Values.frontend.registration.image.name }}:{{ .Values.frontend.registration.image.registrationtag | default .Chart.AppVersion }} imagePullPolicy: "Always" + env: + - name: PORTAL_FRONTEND_URL + value: "{{ .Values.portalAddress }}" + - name: PORTAL_ASSETS_URL + value: "{{ .Values.portalAddress }}{{ .Values.frontend.assets.path }}" + - name: PORTAL_BACKEND_URL + value: "{{ .Values.portalBackendAddress }}" + - name: CENTRALIDP_URL + value: "{{ .Values.centralidpAddress }}{{ .Values.frontend.centralidpAuthPath }}" ports: - - containerPort: {{ .Values.portContainer }} + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-setting-up-health-checks-with-readiness-and-liveness-probes + readinessProbe: + httpGet: + path: "/" + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/portal/templates/job-backend-portal-migrations.yaml b/charts/portal/templates/job-backend-portal-migrations.yaml index c8a66bf5b..9da117f5a 100644 --- a/charts/portal/templates/job-backend-portal-migrations.yaml +++ b/charts/portal/templates/job-backend-portal-migrations.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -22,7 +22,9 @@ kind: Job metadata: name: {{ .Values.backend.portalmigrations.name }} annotations: - batch.kubernetes.io/job-tracking: "true" + "batch.kubernetes.io/job-tracking": "true" + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" spec: template: metadata: @@ -33,15 +35,30 @@ spec: - name: {{ .Values.backend.portalmigrations.name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.backend.portalmigrations.image.name }}:{{ .Values.backend.portalmigrations.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.backend.portalmigrations.image.name }}:{{ .Values.backend.portalmigrations.image.portalmigrationstag | default .Chart.AppVersion }}" imagePullPolicy: "Always" + env: + {{- if .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "portal-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "portal-password" + - name: "CONNECTIONSTRINGS__PORTALDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + - name: "SEEDING__TESTDATAENVIRONMENTS__0" + value: "{{ .Values.backend.portalmigrations.seeding.testDataEnvironments }}" ports: - - containerPort: {{ .Values.portContainer }} - volumeMounts: - - name: secrets - mountPath: /migrations/secrets - readOnly: true - volumes: - - name: secrets - secret: - secretName: {{ .Values.backend.portalmigrations.secret.name }} + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP diff --git a/charts/portal/templates/job-backend-provisioning-migrations.yaml b/charts/portal/templates/job-backend-provisioning-migrations.yaml new file mode 100644 index 000000000..d26d438ae --- /dev/null +++ b/charts/portal/templates/job-backend-provisioning-migrations.yaml @@ -0,0 +1,62 @@ +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Values.backend.provisioningmigrations.name }} + annotations: + batch.kubernetes.io/job-tracking: "true" + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" +spec: + template: + metadata: + name: {{ .Values.backend.provisioningmigrations.name }} + spec: + restartPolicy: Never + containers: + - name: {{ .Values.backend.provisioningmigrations.name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.backend.provisioningmigrations.image.name }}:{{ .Values.backend.provisioningmigrations.image.provisioningmigrationstag | default .Chart.AppVersion }}" + imagePullPolicy: "Always" + env: + {{- if .Values.postgresql.enabled }} + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.postgresql.fullnameOverride }}-primary;Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "provisioning-password" + - name: "CONNECTIONSTRINGS__PROVISIONINGDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" + {{- end }} + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP diff --git a/charts/portal/templates/secret-backend-external-db.yaml b/charts/portal/templates/secret-backend-external-db.yaml new file mode 100644 index 000000000..60cbd3746 --- /dev/null +++ b/charts/portal/templates/secret-backend-external-db.yaml @@ -0,0 +1,11 @@ +{{- if not .Values.postgresql.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.externalDatabase.secret}} + namespace: {{ .Release.Namespace }} +type: Opaque +stringData: + portal-password: {{ .Values.externalDatabase.portalPassword | default ( randAlphaNum 32 | quote ) }} + provisioning-password: {{ .Values.externalDatabase.provisioningPassword | default ( randAlphaNum 32 | quote ) }} +{{- end -}} diff --git a/charts/portal/templates/secret-backend-interfaces.yaml b/charts/portal/templates/secret-backend-interfaces.yaml new file mode 100644 index 000000000..a069b281e --- /dev/null +++ b/charts/portal/templates/secret-backend-interfaces.yaml @@ -0,0 +1,31 @@ +############################################################### +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.backend.interfaces.secret }} + namespace: {{ .Release.Namespace }} +type: Opaque +stringData: + bpdm-client-secret: {{ .Values.backend.checklistworker.bpdm.clientSecret | default ( randAlphaNum 32 | quote ) }} + clearinghouse-client-secret: {{ .Values.backend.checklistworker.clearinghouse.clientSecret | default ( randAlphaNum 32 | quote ) }} + custodian-client-secret: {{ .Values.backend.checklistworker.custodian.clientSecret | default ( randAlphaNum 32 | quote ) }} + sdfactory-client-secret: {{ .Values.backend.checklistworker.sdfactory.clientSecret | default ( randAlphaNum 32 | quote ) }} + daps-client-secret: {{ .Values.backend.administration.daps.clientSecret | default ( randAlphaNum 32 | quote ) }} diff --git a/charts/portal/templates/secret-backend-notification.yaml b/charts/portal/templates/secret-backend-keycloak.yaml similarity index 64% rename from charts/portal/templates/secret-backend-notification.yaml rename to charts/portal/templates/secret-backend-keycloak.yaml index 0435dda42..c4b0a8361 100644 --- a/charts/portal/templates/secret-backend-notification.yaml +++ b/charts/portal/templates/secret-backend-keycloak.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -20,8 +20,10 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Values.backend.notification.secret.name }} + name: {{ .Values.backend.keycloak.secret }} namespace: {{ .Release.Namespace }} type: Opaque -data: - appsettings.json: {{ .Values.backend.notification.secret.appsettings }} +stringData: + central-db-password: {{ .Values.backend.keycloak.central.dbConnection.password | default ( randAlphaNum 32 | quote ) }} + central-client-secret: {{ .Values.backend.keycloak.central.clientSecret | default ( randAlphaNum 32 | quote ) }} + shared-client-secret: {{ .Values.backend.keycloak.shared.clientSecret | default ( randAlphaNum 32 | quote ) }} diff --git a/charts/portal/templates/secret-backend--postgres-init.yaml b/charts/portal/templates/secret-backend-mailing.yaml similarity index 72% rename from charts/portal/templates/secret-backend--postgres-init.yaml rename to charts/portal/templates/secret-backend-mailing.yaml index 50b397e3f..c9089eaf3 100644 --- a/charts/portal/templates/secret-backend--postgres-init.yaml +++ b/charts/portal/templates/secret-backend-mailing.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -20,9 +20,9 @@ apiVersion: v1 kind: Secret metadata: - name: secret-postgres-init + name: {{ .Values.backend.mailing.secret }} namespace: {{ .Release.Namespace }} type: Opaque stringData: - postgres-password: {{ .Values.postgresql.secret.password | default ( randAlphaNum 32 | quote ) }} - replication-password: {{ .Values.postgresql.secret.replicationPassword | default ( randAlphaNum 32 | quote ) }} + password: {{ .Values.backend.mailing.password | default ( randAlphaNum 32 | quote ) }} + provisioning-sharedrealm-password: {{ .Values.backend.provisioning.sharedRealm.smtpServer.password | default ( randAlphaNum 32 | quote ) }} diff --git a/charts/portal/templates/secret-backend-portal-maintenance.yaml b/charts/portal/templates/secret-backend-portal-maintenance.yaml deleted file mode 100644 index 3d5ef879c..000000000 --- a/charts/portal/templates/secret-backend-portal-maintenance.yaml +++ /dev/null @@ -1,27 +0,0 @@ -############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.backend.portalmaintenance.secret.name }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - appsettings.json: {{ .Values.backend.portalmaintenance.secret.appsettings }} diff --git a/charts/portal/templates/secret-backend-portal-migrations.yaml b/charts/portal/templates/secret-backend-portal-migrations.yaml deleted file mode 100644 index 406abb7a7..000000000 --- a/charts/portal/templates/secret-backend-portal-migrations.yaml +++ /dev/null @@ -1,27 +0,0 @@ -############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.backend.portalmigrations.secret.name }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - appsettings.json: {{ .Values.backend.portalmigrations.secret.appsettings }} diff --git a/charts/portal/templates/secret-backend-postgres-init-db-user.yaml b/charts/portal/templates/secret-backend-postgres-init-db-user.yaml deleted file mode 100644 index 1fb849494..000000000 --- a/charts/portal/templates/secret-backend-postgres-init-db-user.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.postgresql.secret.initUserDbSql -}} -apiVersion: v1 -kind: Secret -metadata: - name: secret-postgres-init-db-user - namespace: {{ .Release.Namespace }} -type: Opaque -data: - 01-init-user-db.sql: {{ .Values.postgresql.secret.initUserDbSql }} -{{- end -}} diff --git a/charts/portal/templates/secret-backend-administration.yaml b/charts/portal/templates/secret-backend-postgres-init.yaml similarity index 61% rename from charts/portal/templates/secret-backend-administration.yaml rename to charts/portal/templates/secret-backend-postgres-init.yaml index 7dd6f69c0..240d2d432 100644 --- a/charts/portal/templates/secret-backend-administration.yaml +++ b/charts/portal/templates/secret-backend-postgres-init.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -20,8 +20,11 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Values.backend.administration.secret.name }} + name: {{ .Values.postgresql.auth.existingSecret }} namespace: {{ .Release.Namespace }} type: Opaque -data: - appsettings.json: {{ .Values.backend.administration.secret.appsettings }} +stringData: + postgres-password: {{ .Values.postgresql.auth.password | default ( randAlphaNum 32 | quote ) }} + replication-password: {{ .Values.postgresql.auth.replicationPassword | default ( randAlphaNum 32 | quote ) }} + portal-password: {{ .Values.postgresql.auth.portalPassword | default ( randAlphaNum 32 | quote ) }} + provisioning-password: {{ .Values.postgresql.auth.provisioningPassword | default ( randAlphaNum 32 | quote ) }} diff --git a/charts/portal/templates/secret-backend-provisioning.yaml b/charts/portal/templates/secret-backend-provisioning.yaml deleted file mode 100644 index 759ff38ae..000000000 --- a/charts/portal/templates/secret-backend-provisioning.yaml +++ /dev/null @@ -1,27 +0,0 @@ -############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.backend.provisioning.secret.name }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - appsettings.json: {{ .Values.backend.provisioning.secret.appsettings }} diff --git a/charts/portal/templates/secret-backend-registration.yaml b/charts/portal/templates/secret-backend-registration.yaml deleted file mode 100644 index 0a465eb23..000000000 --- a/charts/portal/templates/secret-backend-registration.yaml +++ /dev/null @@ -1,27 +0,0 @@ -############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.backend.registration.secret.name }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - appsettings.json: {{ .Values.backend.registration.secret.appsettings }} diff --git a/charts/portal/templates/secret-backend-services.yaml b/charts/portal/templates/secret-backend-services.yaml deleted file mode 100644 index 483ba0105..000000000 --- a/charts/portal/templates/secret-backend-services.yaml +++ /dev/null @@ -1,27 +0,0 @@ -############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.backend.services.secret.name }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - appsettings.json: {{ .Values.backend.services.secret.appsettings }} diff --git a/charts/portal/templates/service-backend-administration.yaml b/charts/portal/templates/service-backend-administration.yaml index 255d0c85c..696639ae1 100644 --- a/charts/portal/templates/service-backend-administration.yaml +++ b/charts/portal/templates/service-backend-administration.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/portal/templates/service-backend-appmarketplace.yaml b/charts/portal/templates/service-backend-appmarketplace.yaml index 3e615e3f8..0ec8e03e4 100644 --- a/charts/portal/templates/service-backend-appmarketplace.yaml +++ b/charts/portal/templates/service-backend-appmarketplace.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/portal/templates/service-backend-notification.yaml b/charts/portal/templates/service-backend-notification.yaml index 7d31044cb..31414a440 100644 --- a/charts/portal/templates/service-backend-notification.yaml +++ b/charts/portal/templates/service-backend-notification.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/portal/templates/service-backend-provisioning.yaml b/charts/portal/templates/service-backend-provisioning.yaml index bdd260af4..613cfd835 100644 --- a/charts/portal/templates/service-backend-provisioning.yaml +++ b/charts/portal/templates/service-backend-provisioning.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -20,11 +20,11 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.backend.provisioning.name }} + name: {{ .Values.backend.provisioning.service.name }} spec: type: ClusterIP ports: - port: {{ .Values.portService }} targetPort: {{ .Values.portContainer }} selector: - app: {{ .Values.backend.provisioning.name }} + app: {{ .Values.backend.provisioning.service.name }} diff --git a/charts/portal/templates/service-backend-registration.yaml b/charts/portal/templates/service-backend-registration.yaml index b8e0019a6..e2344aaf4 100644 --- a/charts/portal/templates/service-backend-registration.yaml +++ b/charts/portal/templates/service-backend-registration.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/portal/templates/service-backend-services.yaml b/charts/portal/templates/service-backend-services.yaml index aa5765c63..577a31c68 100644 --- a/charts/portal/templates/service-backend-services.yaml +++ b/charts/portal/templates/service-backend-services.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/portal/templates/secret-backend-appmarketplace.yaml b/charts/portal/templates/service-frontend-assets.yaml similarity index 73% rename from charts/portal/templates/secret-backend-appmarketplace.yaml rename to charts/portal/templates/service-frontend-assets.yaml index 3013bfa02..4ae259735 100644 --- a/charts/portal/templates/secret-backend-appmarketplace.yaml +++ b/charts/portal/templates/service-frontend-assets.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -18,10 +18,13 @@ ############################################################### apiVersion: v1 -kind: Secret +kind: Service metadata: - name: {{ .Values.backend.appmarketplace.secret.name }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - appsettings.json: {{ .Values.backend.appmarketplace.secret.appsettings }} + name: {{ .Values.frontend.assets.name }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.portService }} + targetPort: {{ .Values.portContainer }} + selector: + app: {{ .Values.frontend.assets.name }} diff --git a/charts/portal/templates/service-frontend-portal.yaml b/charts/portal/templates/service-frontend-portal.yaml index 9221d112f..5561da414 100644 --- a/charts/portal/templates/service-frontend-portal.yaml +++ b/charts/portal/templates/service-frontend-portal.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/portal/templates/service-frontend-registration.yaml b/charts/portal/templates/service-frontend-registration.yaml index b8c63ad88..f4ec267cf 100644 --- a/charts/portal/templates/service-frontend-registration.yaml +++ b/charts/portal/templates/service-frontend-registration.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/portal/values-dummy.yaml b/charts/portal/values-dummy.yaml deleted file mode 100644 index 5b1cad056..000000000 --- a/charts/portal/values-dummy.yaml +++ /dev/null @@ -1,131 +0,0 @@ -############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -frontend: - - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/rewrite-target: "/$1" - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-origin: "https://portal.dummy" - tls: - - secretName: "tls-secret" - hosts: - - "portal.dummy" - hosts: - - host: "portal.dummy" - paths: - - path: "/(.*)" - pathType: "Prefix" - backend: - service: "portal" - port: 8080 - - path: "/registration/(.*)" - pathType: "Prefix" - backend: - service: "registration" - port: 8080 - -backend: - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/proxy-body-size: "8m" - nginx.ingress.kubernetes.io/cors-allow-origin: "https://portal.dummy" - tls: - - secretName: "tls-secret" - hosts: - - "portal-backend.dummy" - hosts: - - host: "portal-backend.dummy" - paths: - - path: "/api/registration" - pathType: "Prefix" - backend: - service: "registration-service" - port: 8080 - - path: "/api/administration" - pathType: "Prefix" - backend: - service: "administration-service" - port: 8080 - - path: "/api/notification" - pathType: "Prefix" - backend: - service: "notification-service" - port: 8080 - - path: "/api/provisioning" - pathType: "Prefix" - backend: - service: "provisioning-service" - port: 8080 - - path: "/api/apps" - pathType: "Prefix" - backend: - service: "marketplace-app-service" - port: 8080 - - path: "/api/services" - pathType: "Prefix" - backend: - service: "services-service" - port: 8080 - - registration: - secret: - appsettings: "" - - administration: - secret: - appsettings: "" - - provisioning: - secret: - appsettings: "" - - appmarketplace: - secret: - appsettings: "" - - portalmigrations: - secret: - appsettings: "" - - portalmaintenance: - secret: - appsettings: "" - - notification: - secret: - appsettings: "" - - services: - secret: - appsettings: "" - -postgresql: - secret: - password: "" - replicationPassword: "" - initUserDbSql: "" diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml index d464021ff..c10d1082b 100644 --- a/charts/portal/values.yaml +++ b/charts/portal/values.yaml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -18,138 +18,594 @@ ############################################################### name: "portal" -portContainer: 8080 -portService: 8080 -replicaCount: 1 -securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: ["ALL"] + +# -- Provide portal base address. +portalAddress: "https://portal.example.org" + +# -- Provide portal-backend base address. +portalBackendAddress: "https://portal-backend.example.org" + +# -- Provide centralidp base address (CX IAM), without trailing '/auth'. +centralidpAddress: "https://centralidp.example.org" + +# -- Provide sharedidp address (CX IAM), without trailing '/auth'. +sharedidpAddress: "https://sharedidp.example.org" + +# -- Provide semantics base address. +semanticsAddress: "https://semantics.example.org" + +# -- Provide daps base address +dapsAddress: "https://daps.example.org" + +# -- Provide bpdm partners pool base address. +bpdmPartnersPoolAddress: "https://partners-pool.example.org" + +# -- Provide bpdm portal gate base address. +bpdmPortalGateAddress: "https://portal-gate.example.org" + +# -- Provide custodian base address. +custodianAddress: "https://managed-identity-wallets.example.org" + +# -- Provide sdfactory base address. +sdfactoryAddress: "https://sdfactory.example.org" + +# -- Provide clearinghouse base address. +clearinghouseAddress: "https://validation.example.org" +# -- Provide clearinghouse token address. +clearinghouseTokenAddress: "https://keycloak.example.org/realms/example/protocol/openid-connect/token" frontend: ingress: + # -- Portal frontend ingress parameters, + # enable ingress record generation for portal frontend. enabled: false + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: "/$1" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + # -- Provide CORS allowed origin. + nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.example.org" + tls: + # -- Provide tls secret. + - secretName: "" + # -- Provide host for tls secret. + hosts: + - "" + hosts: + # -- Provide default path for the ingress record. + - host: "portal.example.org" + paths: + - path: "/(.*)" + pathType: "Prefix" + backend: + service: "portal" + port: 8080 + - path: "/registration/(.*)" + pathType: "Prefix" + backend: + service: "registration" + port: 8080 + - path: "/((assets|documentation)/.*)" + pathType: "Prefix" + backend: + service: "assets" + port: 8080 portal: name: "portal" image: name: "ghcr.io/catenax-ng/tx-portal-frontend" - tag: "0.6.0" + portaltag: 1.0.0 registration: name: "registration" image: name: "ghcr.io/catenax-ng/tx-portal-frontend-registration" - tag: "0.6.0" + registrationtag: 1.0.0 + assets: + name: "assets" + image: + name: "ghcr.io/catenax-ng/tx-portal-assets" + assetstag: 1.0.0 + path: "/assets" + centralidpAuthPath: "/auth" + bpdmPartnersPoolApiPath: "/api" backend: ingress: + # -- Portal-backend ingress parameters, + # enable ingress record generation for portal-backend. enabled: false name: "portal-backend" + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "8m" + # -- Provide CORS allowed origin. + nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.example.org" + tls: + # -- Provide tls secret. + - secretName: "" + # -- Provide host for tls secret. + hosts: + - "" + hosts: + # -- Provide default path for the ingress record. + - host: "portal-backend.example.org" + paths: + - path: "/api/registration" + pathType: "Prefix" + backend: + service: "registration-service" + port: 8080 + - path: "/api/administration" + pathType: "Prefix" + backend: + service: "administration-service" + port: 8080 + - path: "/api/notification" + pathType: "Prefix" + backend: + service: "notification-service" + port: 8080 + - path: "/api/provisioning" + pathType: "Prefix" + backend: + service: "provisioning-service" + port: 8080 + - path: "/api/apps" + pathType: "Prefix" + backend: + service: "marketplace-app-service" + port: 8080 + - path: "/api/services" + pathType: "Prefix" + backend: + service: "services-service" + port: 8080 + dbConnection: + schema: "portal" + sslMode: "Disable" + portalHomePath: "/home" + userManagementPath: "/usermanagement" + keycloak: + # -- Secret containing the database-password and the client-secret for the connection to the centralidp (CX IAM) and the client-secret for the connection to the sharedidp (CX-IAM). + secret: "secret-backend-keycloak" + central: + # -- Provide centralidp client-id from CX IAM centralidp. + clientId: "central-client-id" + # -- Client-secret for centralidp client-id. Secret-key 'central-client-secret'. + clientSecret: "" + authRealm: "CX-Central" + jwtBearerOptions: + metadataPath: "/auth/realms/CX-Central/.well-known/openid-configuration" + tokenValidationParameters: + validIssuerPath: "/auth/realms/CX-Central" + validAudiencePortal: "Cl2-CX-Portal" + validAudienceRegistration: "Cl1-CX-Registration" + tokenPath: "/auth/realms/CX-Central/protocol/openid-connect/token" + dbConnection: + host: "centralidp-postgresql-primary" + port: 5432 + user: "kccentral" + database: "iamcentralidp" + # -- Password for the kccentral username. Secret-key 'central-db-password'. + password: "" + schema: "public" + sslMode: "Disable" + shared: + # -- Provide sharedidp client-id from CX IAM sharedidp. + clientId: "shared-client-id" + # -- Client-secret for sharedidp client-id. Secret-key 'shared-client-secret'. + clientSecret: "" + authRealm: "master" + mailing: + # -- Secret containing the passwords for backend.mailing and backend.provisioning.sharedRealm. + secret: "secret-backend-mailing" + # -- Provide host. + host: "smtp.example.org" + # -- Provide port. + port: "587" + # -- Provide user. + user: "smtp-user" + # -- Password for the smtp username. Secret-key 'password'. + password: "" + interfaces: + # -- Secret containing the client-secrets for the connection to daps, custodian, bpdm, sdFactory and clearinghouse. + secret: "secret-backend-interfaces" registration: name: "registration-service" image: - name: "ghcr.io/catenax-ng/product-portal-backend_registration-service" - tag: "int-v0.6.0" - secret: - name: "secret-registration" - appsettings: "" + name: "ghcr.io/catenax-ng/tx-portal-backend_registration-service" + registrationservicetag: v1.0.0 + logging: + registrationServiceBpn: "Information" + portalRegistrationPath: "/registration" + keycloakClientId: "Cl1-CX-Registration" + applicationStatusIds: + status0: "SUBMITTED" + status1: "DECLINED" + status2: "CONFIRMED" + documentTypeIds: + type0: "CX_FRAME_CONTRACT" + type1: "COMMERCIAL_REGISTER_EXTRACT" + swaggerEnabled: false administration: name: "administration-service" image: - name: "ghcr.io/catenax-ng/product-portal-backend_administration-service" - tag: "int-v0.6.0" - secret: - name: "secret-administration" - appsettings: "" + name: "ghcr.io/catenax-ng/tx-portal-backend_administration-service" + administrationservicetag: v1.0.0 + logging: + businessLogic: "Information" + sdfactoryLibrary: "Information" + connectors: + validCertificationContentTypes: + type0: "application/x-pem-file" + type1: "application/x-x509-ca-cert" + type2: "application/pkix-cert" + type3: "application/octet-stream" + selfDescriptionDocumentPath: /api/administration/documents/selfDescription + keycloakClientId: "Cl2-CX-Portal" + daps: + apiPath: "/api/v1/daps" + scope: "openid" + grantType: "client_credentials" + # -- Provide daps client-id from CX IAM centralidp. + clientId: "daps-client-id" + # -- Client-secret for daps client-id. Secret-key 'daps-client-secret'. + clientSecret: "" + identityProviderAdmin: + csvSettings: + fileName: "identityproviderlinks.csv" + contentType: "text/csv" + charset: "UTF-8" + separator: "," + headerUserId: "UserId" + headerFirstName: "FirstName" + headerLastName: "LastName" + headerEmail: "Email" + headerProviderAlias: "ProviderAlias" + headerProviderUserId: "ProviderUserId" + headerProviderUserName: "ProviderUserName" + invitation: + invitedUserInitialRoles: + role0: "Company Admin" + registration: + partnerUserInitialRoles: + role0: "Company Admin" + documentTypeIds: + type0: "COMMERCIAL_REGISTER_EXTRACT" + userManagement: + companyUserStatusIds: + status0: "ACTIVE" + status1: "INACTIVE" + serviceAccount: + clientId: "technical_roles_management" + swaggerEnabled: false provisioning: - name: "provisioning-service" - image: - name: "ghcr.io/catenax-ng/product-portal-backend_provisioning-service" - tag: "int-v0.6.0" - secret: - name: "secret-provisioning" - appsettings: "" + centralRealm: "CX-Central" + centralRealmId: "CX-Central" + invitedUserInitialRoles: + registration: "Company Admin" + serviceAccountClientPrefix: "sa" + centralIdentityProvider: + clientId: "central-idp" + sharedRealmClient: + clientId: "central-idp" + sharedRealm: + smtpServer: + # -- Provide host. + host: "smtp.example.org" + # -- Provide port. + port: "587" + # -- Provide user. + user: "smtp-user" + # -- Password for the smtp username. Secret-key 'provisioning-sharedrealm-password'. + password: "" + ssl: "" + startTls: "true" + auth: "true" + # -- Provide from. + from: "smtp@example.org" + # -- Provide replyTo. + replyTo: "smtp@example.org" + service: + name: "provisioning-service" + image: + name: "ghcr.io/catenax-ng/tx-portal-backend_provisioning-service" + provisioningservicetag: v1.0.0 + swaggerEnabled: false appmarketplace: name: "marketplace-app-service" image: - name: "ghcr.io/catenax-ng/product-portal-backend_marketplace-app-service" - tag: "int-v0.6.0" - secret: - name: "secret-appmarketplace" - appsettings: "" + name: "ghcr.io/catenax-ng/tx-portal-backend_marketplace-app-service" + appmarketplaceservicetag: v1.0.0 + logging: + offersLibrary: "Information" + appOverviewPath: "/appoverview" + catenaAdminRoles: + role0: "CX Admin" + serviceAccountRoles: + role0: "App Tech User" + salesManagerRoles: + role0: "Sales Manager" + serviceManagerRoles: + role0: "App Manager" + activeAppCompanyAdminRoles: + role0: "IT Admin" + role1: "Company Admin" + approveAppUserRoles: + role0: "Sales Manager" + role1: "Service Manager" + ITAdminRoles: + role0: "IT Admin" + documentTypeIds: + type0: "APP_CONTRACT" + type1: "APP_DATA_DETAILS" + type2: "ADDITIONAL_DETAILS" + type3: "APP_TECHNICAL_INFORMATION" + type4: "APP_LEADIMAGE" + type5: "APP_IMAGE" + contentTypeSettings: + setting0: "application/pdf" + setting1: "image/jpeg" + setting2: "image/png" + notificationTypeIds: + type0: "APP_RELEASE_REQUEST" + activeAppNotificationTypeIds: + type0: "APP_ROLE_ADDED" + submitAppNotificationTypeIds: + type0: "APP_RELEASE_REQUEST" + approveAppNotificationTypeIds: + type0: "APP_RELEASE_APPROVAL" + appImageDocumentTypeIds: + type0: "APP_LEADIMAGE" + type1: "APP_IMAGE" + offerStatusIds: + status0: "IN_REVIEW" + status1: "ACTIVE" + swaggerEnabled: false portalmigrations: name: "portal-migrations" image: - name: "ghcr.io/catenax-ng/product-portal-backend_portal-migrations" - tag: "int-v0.6.0" - secret: - name: "secret-portal-migrations" - appsettings: "" + name: "ghcr.io/catenax-ng/tx-portal-backend_portal-migrations" + portalmigrationstag: 8428dbe3d4fe9a344ea5d0adb178e6807d9fa78c + seeding: + testDataEnvironments: "" portalmaintenance: name: "portal-maintenance" image: - name: "ghcr.io/catenax-ng/product-portal-backend_maintenance-service" - tag: "int-v0.6.0" - secret: - name: "secret-portal-maintenance" - appsettings: "" + name: "ghcr.io/catenax-ng/tx-portal-backend_maintenance-service" + portalmaintenancetag: v1.0.0 notification: name: "notification-service" image: - name: "ghcr.io/catenax-ng/product-portal-backend_notification-service" - tag: "int-v0.6.0" - secret: - name: "secret-notification" - appsettings: "" + name: "ghcr.io/catenax-ng/tx-portal-backend_notification-service" + notificationservicetag: v1.0.0 + swaggerEnabled: false services: name: "services-service" image: - name: "ghcr.io/catenax-ng/product-portal-backend_services-service" - tag: "int-v0.6.0" - secret: - name: "secret-services" - appsettings: "" + name: "ghcr.io/catenax-ng/tx-portal-backend_services-service" + servicesservicetag: v1.0.0 + logging: + offersLibrary: "Information" + serviceMarketplacePath: "/servicemarketplace" + catenaAdminRoles: + role0: "CX Admin" + serviceAccountRoles: + role0: "App Tech User" + salesManagerRoles: + role0: "Sales Manager" + serviceManagerRoles: + role0: "Service Manager" + approveServiceUserRoles: + role0: "Sales Manager" + role1: "Service Manager" + ITAdminRoles: + role0: "IT Admin" + documentTypeIds: + type0: "ADDITIONAL_DETAILS" + contentTypeSettings: + setting0: "application/pdf" + submitServiceNotificationTypeIds: + type0: "SERVICE_RELEASE_REQUEST" + approveServiceNotificationTypeIds: + type0: "SERVICE_RELEASE_APPROVAL" + swaggerEnabled: false + provisioningmigrations: + name: "provisioning-migrations" + image: + name: "ghcr.io/catenax-ng/tx-portal-backend_provisioning-migrations" + provisioningmigrationstag: v1.0.0 + checklistworker: + name: "checklist-worker" + image: + name: "ghcr.io/catenax-ng/tx-portal-backend_checklist-worker" + checklistworkertag: v1.0.0 + logging: + checklistLibrary: "Information" + bpdmLibrary: "Information" + clearinghouseLibrary: "Information" + custodianLibrary: "Information" + sdfactoryLibrary: "Information" + applicationActivation: + applicationApprovalInitialRoles: + portal: + role0: "Company Admin" + registration: + role0: "Company Admin" + clientToRemoveRolesOnActivation: + client0: "Cl1-CX-Registration" + welcomeNotificationTypeIds: + type0: "WELCOME" + type1: "WELCOME_USE_CASES" + type2: "WELCOME_SERVICE_PROVIDER" + type3: "WELCOME_CONNECTOR_REGISTRATION" + type4: "WELCOME_APP_MARKETPLACE" + bpdm: + scope: "openid" + grantType: "client_credentials" + # -- Provide bpdm client-id from CX IAM centralidp. + clientId: "bpdm-client-id" + # -- Client-secret for bpdm client-id. Secret-key 'bpdm-client-secret'. + clientSecret: "" + custodian: + scope: "openid" + grantType: "client_credentials" + # -- Provide custodian client-id from CX IAM centralidp. + clientId: "custodian-client-id" + # -- Client-secret for custodian client-id. Secret-key 'custodian-client-secret'. + clientSecret: "" + sdfactory: + selfdescriptionPath: "/api/rel3/selfdescription" + scope: "openid" + grantType: "client_credentials" + # -- Provide BPN for sdfactory. + issuerBpn: "BPNDUMMY000DUMMY" + # -- Provide sdfactory client-id from CX IAM centralidp. + clientId: "sdfactory-client-id" + # -- Client-secret for sdfactory client-id. Secret-key 'sdfactory-client-secret'. + clientSecret: "" + clearinghouse: + scope: "openid" + grantType: "client_credentials" + # -- Provide clearinghouse client-id from clearinghouse IAM. + clientId: "clearinghouse-client-id" + # -- Client-secret for clearinghouse client-id. Secret-key 'clearinghouse-client-secret'. + clientSecret: "" + callbackPath: "/api/administration/registration/clearinghouse" + placeholder: "empty" postgresql: +# -- PostgreSQL chart configuration + # Switch to enable or disable the PostgreSQL helm chart enabled: true + # -- FullnameOverride to 'portal-backend-postgresql'. fullnameOverride: "portal-backend-postgresql" auth: + # -- Database name + database: "postgres" + # -- Database port number + port: 5432 + # -- Secret containing the passwords for root usernames postgres and non-root usernames repl_user, portal and provisioning. existingSecret: "secret-postgres-init" + # -- Password for the root username 'postgres'. Secret-key 'postgres-password'. + password: "" + # -- Password for the non-root username 'repl_user'. Secret-key 'replication-password'. + replicationPassword: "" + # -- Non-root username for portal. + portalUser: "portal" + # -- Non-root username for provisioning. + provisioningUser: "provisioning" + # -- Password for the non-root username 'portal'. Secret-key 'portal-password'. + portalPassword: "" + # -- Password for the non-root username 'provisioning'. Secret-key 'provisioning-password'. + provisioningPassword: "" architecture: "replication" audit: pgAuditLog: "write, ddl" logLinePrefix: "%m %u %d " primary: - extraVolumeMounts: - - name: "initdb" - mountPath: "/docker-entrypoint-initdb.d" - - name: "initdb-secrets" - mountPath: "/secrets" - extraVolumes: - - name: "initdb" - emptyDir: {} - - name: "initdb-secrets" - secret: - secretName: "secret-postgres-init-db-user" - initContainers: - - name: "initdb" - image: "ghcr.io/catenax-ng/product-portal-cd_initdb:v0.6.0" - imagePullPolicy: "Always" - command: - - sh - args: - - -c - - | - echo "Copying initdb secret sqls..." - cp /secrets/* /docker-entrypoint-initdb.d - echo "Copying initdb sqls..." - cp -R /import/* /docker-entrypoint-initdb.d - volumeMounts: - - name: "initdb" - mountPath: "/docker-entrypoint-initdb.d" - - name: "initdb-secrets" - mountPath: "/secrets" - secret: - password: "" - replicationPassword: "" - initUserDbSql: "" + initdb: + scriptsConfigMap: "configmap-postgres-init" + extraEnvVars: + - name: "PORTAL_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.auth.existingSecret }}" + key: "portal-password" + - name: "PROVISIONING_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.auth.existingSecret }}" + key: "provisioning-password" + + +externalDatabase: +# -- External PostgreSQL configuration +# IMPORTANT: init scripts (01-init-db-user.sh and 02-init-db.sql) available +# in templates/configmap-backend-postgres-init.yaml need to be executed beforehand. + # Database host + host: "portal-backend-postgresql-external-db" + # -- Database name + database: "postgres" + # -- Database port number + port: 5432 + # -- Secret containing the passwords non-root usernames portal and provisioning. + secret: "secret-postgres-external-db" + # -- Non-root username for portal. + portalUser: "portal" + # -- Non-root username for provisioning. + provisioningUser: "provisioning" + # -- Password for the non-root username 'portal'. Secret-key 'portal-password'. + portalPassword: "" + # -- Password for the non-root username 'provisioning'. Secret-key 'provisioning-password'. + provisioningPassword: "" + +portContainer: 8080 + +portService: 8080 + +replicaCount: 3 + +securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: ["ALL"] + +# -- If you do want to specify resources, uncomment the following lines, +# adjust them as necessary, and remove the curly braces after 'resources:'. +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# -- Node labels for pod assignment +nodeSelector: {} + +# -- Tolerations for pod assignment +tolerations: [] + + +affinity: +# -- Following Catena-X Helm Best Practices, +# [reference](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: DoesNotExist + topologyKey: kubernetes.io/hostname + + +updateStrategy: +# -- Update strategy type, +# rolling update configuration parameters, +# [reference](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies). + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + +livenessProbe: +# -- Following Catena-X Helm Best Practices, +# [reference](https://github.com/helm/charts/blob/master/stable/nginx-ingress/values.yaml#L210). + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 From 30ac434c4572ddd1cca8ca2f10df43538f92d80f Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Thu, 23 Feb 2023 14:53:00 +0100 Subject: [PATCH 11/11] fix: update chart-releaser action --- .github/workflows/chart-release.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index cceb470c1..150802e71 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -58,7 +58,5 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.4.1 - with: - charts_dir: charts/portal env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"