diff --git a/.github/workflows/administration-service-image-update.yml b/.github/workflows/administration-service-image-update.yml index fdf3c7331..3317895a2 100644 --- a/.github/workflows/administration-service-image-update.yml +++ b/.github/workflows/administration-service-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index 43fac2bc7..6ecded366 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -36,7 +36,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 @@ -46,7 +46,7 @@ jobs: git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4 with: token: ${{ secrets.GITHUB_TOKEN }} @@ -65,7 +65,7 @@ jobs: helm dependency update - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.1 + uses: helm/chart-releaser-action@v1.6.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_SKIP_EXISTING: "true" diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 1b50af2a5..77b0a8c39 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -42,10 +42,10 @@ jobs: security-events: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: KICS scan - uses: checkmarx/kics-github-action@master + uses: checkmarx/kics-github-action@8a44970e3d2eca668be41abe9d4e06709c3b3609 # v1.7.0 with: # Scanning directory . path: "." @@ -69,6 +69,6 @@ jobs: # Upload findings to GitHub Advanced Security Dashboard - name: Upload SARIF file for GitHub Advanced Security Dashboard if: always() - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 with: sarif_file: kicsResults/results.sarif diff --git a/.github/workflows/localdev-chart-test.yaml b/.github/workflows/localdev-chart-test.yaml index 80441300f..693e68625 100644 --- a/.github/workflows/localdev-chart-test.yaml +++ b/.github/workflows/localdev-chart-test.yaml @@ -32,7 +32,7 @@ on: node_image: description: 'kindest/node image for k8s kind cluster' # k8s version from 23.12 release - default: 'kindest/node:v1.26.6' + default: 'kindest/node:v1.27.3' required: false type: string # upgrade_from: @@ -46,29 +46,29 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 - name: Kubernetes KinD Cluster - uses: container-tools/kind-action@v2 + uses: container-tools/kind-action@0ad70e2299366b0e1552c7240f4e4567148f723e # v2.0.4 with: version: v0.19.0 - node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.26.6' }} + node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }} - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4 with: version: v3.10.3 # Setup python as a prerequisite for chart linting - - uses: actions/setup-python@v4 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.9' check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (list-changed) id: list-changed diff --git a/.github/workflows/maintenance-service-image-update.yml b/.github/workflows/maintenance-service-image-update.yml index 97589076b..20117d92d 100644 --- a/.github/workflows/maintenance-service-image-update.yml +++ b/.github/workflows/maintenance-service-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/marketplace-app-service-image-update.yml b/.github/workflows/marketplace-app-service-image-update.yml index a3a20fb6c..95669c90b 100644 --- a/.github/workflows/marketplace-app-service-image-update.yml +++ b/.github/workflows/marketplace-app-service-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/notification-service-image-update.yml b/.github/workflows/notification-service-image-update.yml index ca3917419..92e79be24 100644 --- a/.github/workflows/notification-service-image-update.yml +++ b/.github/workflows/notification-service-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/portal-assets-image-update.yml b/.github/workflows/portal-assets-image-update.yml index cb63899fa..5c7f0d04b 100644 --- a/.github/workflows/portal-assets-image-update.yml +++ b/.github/workflows/portal-assets-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/portal-backend-release-image-update.yml b/.github/workflows/portal-backend-release-image-update.yml index 6605bf791..eaa9e7875 100644 --- a/.github/workflows/portal-backend-release-image-update.yml +++ b/.github/workflows/portal-backend-release-image-update.yml @@ -57,7 +57,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/portal-chart-test.yaml b/.github/workflows/portal-chart-test.yaml index f5b002411..f13f897cb 100644 --- a/.github/workflows/portal-chart-test.yaml +++ b/.github/workflows/portal-chart-test.yaml @@ -32,13 +32,13 @@ on: node_image: description: 'kindest/node image for k8s kind cluster' # k8s version to support - default: 'kindest/node:v1.26.6' + default: 'kindest/node:v1.27.3' required: false type: string upgrade_from: description: 'portal chart version to upgrade from' - # portal version from 23.12 release - default: '1.7.0' + # portal version from 24.03 release + default: '1.8.0' required: false type: string @@ -47,33 +47,33 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 - name: Kubernetes KinD Cluster - uses: container-tools/kind-action@v2.0.1 + uses: container-tools/kind-action@0ad70e2299366b0e1552c7240f4e4567148f723e # v2.0.4 with: version: v0.19.0 - node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.26.6' }} + node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }} - name: Check nodes (information only) run: | kubectl describe nodes - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4 with: version: v3.10.3 # Setup python as a prerequisite for chart linting - - uses: actions/setup-python@v4 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.9' check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -92,6 +92,7 @@ jobs: helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev helm install portal charts/portal --namespace install --create-namespace --debug + helm uninstall portal --namespace install if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true' # Upgrade the released portal chart version with the locally available chart @@ -99,7 +100,7 @@ jobs: run: | helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev - helm install portal tractusx-dev/portal --version ${{ github.event.inputs.upgrade_from || '1.7.0' }} --namespace upgrade --create-namespace + helm install portal tractusx-dev/portal --version ${{ github.event.inputs.upgrade_from || '1.8.0' }} --namespace upgrade --create-namespace helm dependency update charts/portal - helm upgrade portal charts/portal --namespace upgrade + helm upgrade portal charts/portal --namespace upgrade -f charts/values-test.yaml if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/portal-image-update.yml b/.github/workflows/portal-image-update.yml index a769ce10d..36995365f 100644 --- a/.github/workflows/portal-image-update.yml +++ b/.github/workflows/portal-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/portal-migrations-image-update.yml b/.github/workflows/portal-migrations-image-update.yml index cbd624083..e82739dbe 100644 --- a/.github/workflows/portal-migrations-image-update.yml +++ b/.github/workflows/portal-migrations-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/portal-registration-image-update.yml b/.github/workflows/portal-registration-image-update.yml index 36b87bfd2..38c8d495b 100644 --- a/.github/workflows/portal-registration-image-update.yml +++ b/.github/workflows/portal-registration-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/processes-worker-image-update.yml b/.github/workflows/processes-worker-image-update.yml index fd8559875..844dee572 100644 --- a/.github/workflows/processes-worker-image-update.yml +++ b/.github/workflows/processes-worker-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/provisioning-migrations-image-update.yml b/.github/workflows/provisioning-migrations-image-update.yml index fddc311b8..8b8e45b4a 100644 --- a/.github/workflows/provisioning-migrations-image-update.yml +++ b/.github/workflows/provisioning-migrations-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/pullRequest-lint.yaml b/.github/workflows/pullRequest-lint.yaml index e2c4fceb4..bb872d5f5 100644 --- a/.github/workflows/pullRequest-lint.yaml +++ b/.github/workflows/pullRequest-lint.yaml @@ -31,12 +31,12 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 id: lint_pr_title env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: marocchino/sticky-pull-request-comment@v2 + - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 # When the previous steps fail, the workflow would stop. By adding this # condition you can continue the execution with the populated error message. if: always() && (steps.lint_pr_title.outputs.error_message != null) @@ -55,7 +55,7 @@ jobs: # Delete a previous comment when the issue has been resolved - if: ${{ steps.lint_pr_title.outputs.error_message == null }} - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 with: header: pr-title-lint-error delete: true diff --git a/.github/workflows/registration-service-image-update.yml b/.github/workflows/registration-service-image-update.yml index d19e3ea3b..7822d8119 100644 --- a/.github/workflows/registration-service-image-update.yml +++ b/.github/workflows/registration-service-image-update.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/services-service-image-update.yml b/.github/workflows/services-service-image-update.yml index 973b426b3..b360617a3 100644 --- a/.github/workflows/services-service-image-update.yml +++ b/.github/workflows/services-service-image-update.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Modify image tag in values.yaml run: | diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 40266b595..93dc85957 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -47,10 +47,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@0.14.0 + uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0 with: scan-type: "config" hide-progress: false @@ -59,7 +59,7 @@ jobs: vuln-type: "os,library" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 if: always() with: sarif_file: "trivy-results1.sarif" diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b23c53ea..cd3958962 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,43 @@ New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal helm chart. +## 2.0.0-RC1 + +### Change + +* changed to new container images + * portal-frontend: v2.0.0-RC1 + * portal-frontend-registration: v1.7.0-RC1 + * portal-backend: v2.0.0-RC1 +* defined unique resource names for deployments, jobs, services and ingresses +* added labels and namespace if not already set +* named secrets in a more unique manner +* improve centralidp configuration for clients, realm and address +* made realm and clients configurable for frontend deployments (in the backend they were already configurable) +* changed ingress default settings according to [TRG-5.05](https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-05) +* added startup probes to frontend deployments +* improve portal helm test workflow +* set default resource limits and increase default resource requests +* db-dependency: + * change setup to get latest minor updates + * removed fullnameOverride +* helm-test: + * was enabled for removal for fullnameOverride and renaming for postgres secret + * updated version to upgrade (R24.03) from and k8s version +* portal-backend: + * moved mailing and invitation configuration to processes worker + * added new encryption configuration for onboarding service provider (osp) + * added configuration for issuer component and dim (digital identity management) + * removed obsolete db setting from administration, registration and notification service deployments + +### Technical Support + +* CONTRIBUTING.md: linked to contribution details +* upgraded gh actions and change to pinned actions full length commit sha +* add dependabot.yml file + +Please be aware that **this version is still in Release Candidate phase**: especially documentation is still WIP. + ## 1.8.0 ### Change diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1915f50a3..e7ce01fcb 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,7 +8,7 @@ The companies involved want to increase the automotive industry's competitiveness, improve efficiency through industry-specific cooperation and accelerate company processes through standardization and access to information and data. A special focus is also on SMEs, whose active participation is of -central importance for the network’s success. That is why Catena-X has been +central importance for the network's success. That is why Catena-X has been conceived from the outset as an open network with solutions ready for SMEs, where these companies will be able to participate quickly and with little IT infrastructure investment. Tractus-X is meant to be the PoC project of the @@ -51,6 +51,10 @@ fulfills the DCO's requirement that you sign-off on your contributions. For more information, please see the Eclipse Committer Handbook: https://www.eclipse.org/projects/handbook/#resources-commit +## How To Contribute + +For more practical information, please refer to [Contribution details](https://github.com/eclipse-tractusx/portal-assets/blob/main/docs/developer/Technical%20Documentation/Dev%20Process/How%20to%20contribute.md). + ## Contact Contact the project developers via the project's "dev" list. diff --git a/charts/portal/Chart.yaml b/charts/portal/Chart.yaml index 54539dee8..a268a7b04 100644 --- a/charts/portal/Chart.yaml +++ b/charts/portal/Chart.yaml @@ -20,8 +20,8 @@ apiVersion: v2 name: portal type: application -version: 1.8.0 -appVersion: 1.8.0 +version: 2.0.0-RC1 +appVersion: 2.0.0-RC1 description: Helm chart for Catena-X Portal home: https://github.com/eclipse-tractusx/portal sources: @@ -33,4 +33,4 @@ dependencies: - condition: postgresql.enabled name: postgresql repository: https://charts.bitnami.com/bitnami - version: 12.12.x + version: 12.x.x diff --git a/charts/portal/README.md b/charts/portal/README.md index 08b4aa12d..536621a42 100644 --- a/charts/portal/README.md +++ b/charts/portal/README.md @@ -1,18 +1,18 @@ # Helm chart for Catena-X Portal -![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) +![Version: 2.0.0-RC1](https://img.shields.io/badge/Version-2.0.0--RC1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0-RC1](https://img.shields.io/badge/AppVersion-2.0.0--RC1-informational?style=flat-square) This helm chart installs the Catena-X Portal application which consists of -* [portal-frontend (v1.8.0)](https://github.com/eclipse-tractusx/portal-frontend/tree/v1.8.0), -* [portal-frontend-registration (v1.6.0)](https://github.com/eclipse-tractusx/portal-frontend-registration/tree/v1.6.0), +* [portal-frontend (v2.0.0-RC1)](https://github.com/eclipse-tractusx/portal-frontend/tree/v2.0.0-RC1), +* [portal-frontend-registration (v1.7.0-RC1)](https://github.com/eclipse-tractusx/portal-frontend-registration/tree/v1.7.0-RC1), * [portal-assets (v1.8.0)](https://github.com/eclipse-tractusx/portal-assets/tree/v1.8.0) and -* [portal-backend (v1.8.0)](https://github.com/eclipse-tractusx/portal-backend/tree/v1.8.0). +* [portal-backend (v2.0.0-RC1)](https://github.com/eclipse-tractusx/portal-backend/tree/v2.0.0-RC1). The Catena-X Portal is designed to work with the [Catena-X IAM](https://github.com/eclipse-tractusx/portal-iam). -This version is compatible with the 2.1.0 version of the IAM instances: -* [Central Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/centralidp-2.1.0/charts/centralidp/README.md) -* [Shared Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/sharedidp-2.1.0/charts/sharedidp/README.md) +This version is compatible with the 3.0.0-rc.1 version of the IAM instances: +* [Central Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/centralidp-3.0.0-rc.1/charts/centralidp/README.md) +* [Shared Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/sharedidp-3.0.0-rc.1/charts/sharedidp/README.md) For information on how to upgrade from previous versions please refer to [Version Upgrade](https://github.com/eclipse-tractusx/portal-assets/tree/v1.8.0/docs/developer/Technical%20Documentation/Version%20Upgrade/portal-upgrade-details.md). @@ -41,23 +41,23 @@ To use the helm chart as a dependency: dependencies: - name: portal repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.8.0 + version: 2.0.0-RC1 ``` ## Requirements | Repository | Name | Version | |------------|------|---------| -| https://charts.bitnami.com/bitnami | postgresql | 12.12.x | +| https://charts.bitnami.com/bitnami | postgresql | 12.x.x | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| name | string | `"portal"` | | | portalAddress | string | `"https://portal.example.org"` | Provide portal base address. | | portalBackendAddress | string | `"https://portal-backend.example.org"` | Provide portal-backend base address. | -| centralidpAddress | string | `"https://centralidp.example.org"` | Provide centralidp base address (CX IAM), without trailing '/auth'. | +| centralidp | object | `{"address":"https://centralidp.example.org","clients":{"miw":"Cl5-CX-Custodian","portal":"Cl2-CX-Portal","registration":"Cl1-CX-Registration","semantic":"Cl3-CX-Semantic","technicalRolesManagement":"technical_roles_management"},"realm":"CX-Central"}` | Provide details about centralidp (CX IAM) Keycloak instance. | +| centralidp.address | string | `"https://centralidp.example.org"` | Provide centralidp base address, without trailing '/auth'. | | sharedidpAddress | string | `"https://sharedidp.example.org"` | Provide sharedidp address (CX IAM), without trailing '/auth'. | | semanticsAddress | string | `"https://semantics.example.org"` | Provide semantics base address. | | bpdmPartnersPoolAddress | string | `"https://business-partners.example.org"` | Provide bpdm partners pool base address. | @@ -67,39 +67,30 @@ dependencies: | clearinghouseAddress | string | `"https://validation.example.org"` | Provide clearinghouse base address. | | clearinghouseTokenAddress | string | `"https://keycloak.example.org/realms/example/protocol/openid-connect/token"` | Provide clearinghouse token address. | | frontend.ingress.enabled | bool | `false` | Portal frontend ingress parameters, enable ingress record generation for portal frontend. | -| frontend.ingress.className | string | `"nginx"` | | -| frontend.ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$1"` | | -| frontend.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` | | -| frontend.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` | | -| frontend.ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-origin" | string | `"https://*.example.org"` | Provide CORS allowed origin. | +| frontend.ingress.name | string | `"frontend"` | | | frontend.ingress.tls[0] | object | `{"hosts":[""],"secretName":""}` | Provide tls secret. | | frontend.ingress.tls[0].hosts | list | `[""]` | Provide host for tls secret. | -| frontend.ingress.hosts[0] | object | `{"host":"portal.example.org","paths":[{"backend":{"port":8080,"service":"portal"},"path":"/(.*)","pathType":"Prefix"},{"backend":{"port":8080,"service":"registration"},"path":"/registration/(.*)","pathType":"Prefix"},{"backend":{"port":8080,"service":"assets"},"path":"/((assetsORdocumentation)/.*)","pathType":"Prefix"}]}` | Provide default path for the ingress record. | +| frontend.ingress.hosts[0] | object | `{"host":"","paths":[{"backend":{"port":8080,"service":"portal"},"path":"/(.*)","pathType":"Prefix"},{"backend":{"port":8080,"service":"registration"},"path":"/registration/(.*)","pathType":"Prefix"},{"backend":{"port":8080,"service":"assets"},"path":"/((assets|documentation)/.*)","pathType":"Prefix"}]}` | Provide default path for the ingress record. | | frontend.portal.name | string | `"portal"` | | | frontend.portal.image.name | string | `"docker.io/tractusx/portal-frontend"` | | -| frontend.portal.image.portaltag | string | `"v1.8.0"` | | +| frontend.portal.image.portaltag | string | `"v2.0.0-RC1"` | | | frontend.portal.image.pullPolicy | string | `"IfNotPresent"` | | -| frontend.portal.resources | object | `{"requests":{"cpu":"15m","memory":"105M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| frontend.portal.resources | object | `{"limits":{"cpu":"75m","memory":"125M"},"requests":{"cpu":"25m","memory":"125M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | frontend.registration.name | string | `"registration"` | | | frontend.registration.image.name | string | `"docker.io/tractusx/portal-frontend-registration"` | | -| frontend.registration.image.registrationtag | string | `"v1.6.0"` | | +| frontend.registration.image.registrationtag | string | `"v1.7.0-RC1"` | | | frontend.registration.image.pullPolicy | string | `"IfNotPresent"` | | -| frontend.registration.resources | object | `{"requests":{"cpu":"15m","memory":"105M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| frontend.registration.resources | object | `{"limits":{"cpu":"75m","memory":"100M"},"requests":{"cpu":"25m","memory":"100M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | frontend.assets.name | string | `"assets"` | | | frontend.assets.image.name | string | `"docker.io/tractusx/portal-assets"` | | -| frontend.assets.image.assetstag | string | `"v1.8.0"` | | +| frontend.assets.image.assetstag | string | `"2433ebaa4f53c82a8dd47b47747faaa990a8a393"` | | | frontend.assets.image.pullPolicy | string | `"IfNotPresent"` | | -| frontend.assets.resources | object | `{"requests":{"cpu":"15m","memory":"105M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| frontend.assets.resources | object | `{"limits":{"cpu":"45m","memory":"100M"},"requests":{"cpu":"25m","memory":"100M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | frontend.assets.path | string | `"/assets"` | | | frontend.centralidpAuthPath | string | `"/auth"` | | | frontend.bpdmPartnersPoolApiPath | string | `"/pool/api"` | | | backend.ingress.enabled | bool | `false` | Portal-backend ingress parameters, enable ingress record generation for portal-backend. | -| backend.ingress.name | string | `"portal-backend"` | | -| backend.ingress.className | string | `"nginx"` | | -| backend.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` | | -| backend.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` | | -| backend.ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"8m"` | | -| backend.ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-origin" | string | `"https://*.example.org"` | Provide CORS allowed origin. | +| backend.ingress.name | string | `"backend"` | | | backend.ingress.tls[0] | object | `{"hosts":[""],"secretName":""}` | Provide tls secret. | | backend.ingress.tls[0].hosts | list | `[""]` | Provide host for tls secret. | | backend.ingress.hosts[0] | object | `{"host":"portal-backend.example.org","paths":[{"backend":{"port":8080,"service":"registration-service"},"path":"/api/registration","pathType":"Prefix"},{"backend":{"port":8080,"service":"administration-service"},"path":"/api/administration","pathType":"Prefix"},{"backend":{"port":8080,"service":"notification-service"},"path":"/api/notification","pathType":"Prefix"},{"backend":{"port":8080,"service":"provisioning-service"},"path":"/api/provisioning","pathType":"Prefix"},{"backend":{"port":8080,"service":"marketplace-app-service"},"path":"/api/apps","pathType":"Prefix"},{"backend":{"port":8080,"service":"services-service"},"path":"/api/services","pathType":"Prefix"}]}` | Provide default path for the ingress record. | @@ -112,10 +103,10 @@ dependencies: | backend.portalIntroductionCompanyRolePath | string | `"/companyroles"` | | | backend.portalIntroductionDataspacePath | string | `"/dataspace"` | | | backend.userManagementPath | string | `"/usermanagement"` | | -| backend.keycloak.secret | string | `"secret-backend-keycloak"` | Secret containing the database-password and the client-secret for the connection to the centralidp (CX IAM) and the client-secret for the connection to the sharedidp (CX-IAM). | +| backend.useDimWallet | bool | `false` | | +| backend.keycloak.secret | string | `"portal-backend-keycloak"` | Secret containing the database-password and the client-secret for the connection to the centralidp (CX IAM) and the client-secret for the connection to the sharedidp (CX-IAM). | | backend.keycloak.central.clientId | string | `"central-client-id"` | Provide centralidp client-id from CX IAM centralidp. | | backend.keycloak.central.clientSecret | string | `""` | Client-secret for centralidp client-id. Secret-key 'central-client-secret'. | -| backend.keycloak.central.authRealm | string | `"CX-Central"` | | | backend.keycloak.central.jwtBearerOptions.requireHttpsMetadata | string | `"true"` | | | backend.keycloak.central.jwtBearerOptions.metadataPath | string | `"/auth/realms/CX-Central/.well-known/openid-configuration"` | | | backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath | string | `"/auth/realms/CX-Central"` | | @@ -135,21 +126,21 @@ dependencies: | backend.keycloak.shared.clientSecret | string | `""` | Client-secret for sharedidp client-id. Secret-key 'shared-client-secret'. | | backend.keycloak.shared.authRealm | string | `"master"` | | | backend.keycloak.shared.useAuthTrail | bool | `true` | Flag if the api should be used with an leading /auth path | -| backend.mailing.secret | string | `"secret-backend-mailing"` | Secret containing the passwords for backend.mailing and backend.provisioning.sharedRealm. | +| backend.mailing.secret | string | `"portal-backend-mailing"` | Secret containing the passwords for backend.mailing and backend.provisioning.sharedRealm. | | backend.mailing.host | string | `"smtp.example.org"` | Provide host. | | backend.mailing.port | string | `"587"` | Provide port. | | backend.mailing.user | string | `"smtp-user"` | Provide user. | | backend.mailing.password | string | `""` | Password for the smtp username. Secret-key 'password'. | | backend.mailing.senderEmail | string | `"email@example.org"` | The email which is set as a sender | -| backend.interfaces.secret | string | `"secret-backend-interfaces"` | Secret containing the client-secrets for the connection to custodian, bpdm, sdFactory, clearinghouse, offer provider and onboarding service provider. | +| backend.interfaces.secret | string | `"portal-backend-interfaces"` | Secret containing the client-secrets for the connection to custodian, bpdm, sdFactory, clearinghouse, offer provider and onboarding service provider. | | backend.healthChecks.startup.path | string | `"/health/startup"` | | | backend.healthChecks.liveness.path | string | `"/healthz"` | | | backend.healthChecks.readyness.path | string | `"/ready"` | | | backend.registration.name | string | `"registration-service"` | | | backend.registration.image.name | string | `"docker.io/tractusx/portal-registration-service"` | | -| backend.registration.image.registrationservicetag | string | `"v1.8.0"` | | +| backend.registration.image.registrationservicetag | string | `"v2.0.0-RC1"` | | | backend.registration.image.pullPolicy | string | `"IfNotPresent"` | | -| backend.registration.resources | object | `{"requests":{"cpu":"15m","memory":"385M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| backend.registration.resources | object | `{"limits":{"cpu":"225m","memory":"400M"},"requests":{"cpu":"75m","memory":"400M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | backend.registration.basePath | string | `"api/registration"` | | | backend.registration.logging.bpdmLibrary | string | `"Information"` | | | backend.registration.logging.registrationService | string | `"Information"` | | @@ -173,9 +164,9 @@ dependencies: | backend.registration.submitDocumentTypeIds.type0 | string | `"COMMERCIAL_REGISTER_EXTRACT"` | | | backend.administration.name | string | `"administration-service"` | | | backend.administration.image.name | string | `"docker.io/tractusx/portal-administration-service"` | | -| backend.administration.image.administrationservicetag | string | `"v1.8.0"` | | +| backend.administration.image.administrationservicetag | string | `"v2.0.0-RC1"` | | | backend.administration.image.pullPolicy | string | `"IfNotPresent"` | | -| backend.administration.resources | object | `{"requests":{"cpu":"15m","memory":"385M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| backend.administration.resources | object | `{"limits":{"cpu":"225m","memory":"500M"},"requests":{"cpu":"75m","memory":"500M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | backend.administration.basePath | string | `"api/administration"` | | | backend.administration.logging.businessLogic | string | `"Information"` | | | backend.administration.logging.sdfactoryLibrary | string | `"Information"` | | @@ -191,7 +182,6 @@ dependencies: | backend.administration.connectors.validCertificationContentTypes.type2 | string | `"application/pkix-cert"` | | | backend.administration.connectors.validCertificationContentTypes.type3 | string | `"application/octet-stream"` | | | backend.administration.connectors.selfDescriptionDocumentPath | string | `"/api/administration/documents/selfDescription"` | | -| backend.administration.keycloakClientId | string | `"Cl2-CX-Portal"` | | | backend.administration.identityProviderAdmin.csvSettings.fileName | string | `"identityproviderlinks.csv"` | | | backend.administration.identityProviderAdmin.csvSettings.contentType | string | `"text/csv"` | | | backend.administration.identityProviderAdmin.csvSettings.charset | string | `"UTF-8"` | | @@ -207,9 +197,6 @@ dependencies: | backend.administration.identityProviderAdmin.deleteIdpRoles.role1 | string | `"IT Admin"` | | | backend.administration.identityProviderAdmin.deactivateIdpRoles.role0 | string | `"Company Admin"` | | | backend.administration.identityProviderAdmin.deactivateIdpRoles.role1 | string | `"IT Admin"` | | -| backend.administration.invitation.invitedUserInitialRoles.role0 | string | `"Company Admin"` | | -| backend.administration.invitation.initialLoginTheme | string | `"catenax-shared"` | | -| backend.administration.invitation.closeApplicationPath | string | `"/decline"` | | | backend.administration.registration.documentTypeIds.type0 | string | `"COMMERCIAL_REGISTER_EXTRACT"` | | | backend.administration.userManagement.companyUserStatusIds.status0 | string | `"ACTIVE"` | | | backend.administration.userManagement.companyUserStatusIds.status1 | string | `"INACTIVE"` | | @@ -218,8 +205,6 @@ dependencies: | backend.administration.serviceAccount.clientId | string | `"technical_roles_management"` | | | backend.administration.swaggerEnabled | bool | `false` | | | backend.administration.frameDocumentTypeIds.type0 | string | `"CX_FRAME_CONTRACT"` | | -| backend.administration.onboardingServiceProvider.encryptionKey | string | `""` | Client-secret for onboardingserviceprovider encryptionKey. Secret-key 'onboardingserviceprovider-encryption-key'. | -| backend.provisioning.centralRealm | string | `"CX-Central"` | | | backend.provisioning.centralRealmId | string | `"CX-Central"` | | | backend.provisioning.invitedUserInitialRoles.registration | string | `"Company Admin"` | | | backend.provisioning.serviceAccountClientPrefix | string | `"sa"` | | @@ -236,9 +221,9 @@ dependencies: | backend.provisioning.sharedRealm.smtpServer.replyTo | string | `"smtp@example.org"` | Provide replyTo. | | backend.appmarketplace.name | string | `"marketplace-app-service"` | | | backend.appmarketplace.image.name | string | `"docker.io/tractusx/portal-marketplace-app-service"` | | -| backend.appmarketplace.image.appmarketplaceservicetag | string | `"v1.8.0"` | | +| backend.appmarketplace.image.appmarketplaceservicetag | string | `"v2.0.0-RC1"` | | | backend.appmarketplace.image.pullPolicy | string | `"IfNotPresent"` | | -| backend.appmarketplace.resources | object | `{"requests":{"cpu":"15m","memory":"445M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| backend.appmarketplace.resources | object | `{"limits":{"cpu":"225m","memory":"400M"},"requests":{"cpu":"75m","memory":"400M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | backend.appmarketplace.basePath | string | `"api/apps"` | | | backend.appmarketplace.logging.default | string | `"Information"` | | | backend.appmarketplace.logging.offersLibrary | string | `"Information"` | | @@ -318,34 +303,34 @@ dependencies: | backend.appmarketplace.companyAdminRoles.role0 | string | `"Company Admin"` | | | backend.portalmigrations.name | string | `"portal-migrations"` | | | backend.portalmigrations.image.name | string | `"docker.io/tractusx/portal-portal-migrations"` | | -| backend.portalmigrations.image.portalmigrationstag | string | `"v1.8.0"` | | +| backend.portalmigrations.image.portalmigrationstag | string | `"v2.0.0-RC1"` | | | backend.portalmigrations.image.pullPolicy | string | `"IfNotPresent"` | | -| backend.portalmigrations.resources | object | `{"requests":{"cpu":"15m","memory":"105M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| backend.portalmigrations.resources | object | `{"limits":{"cpu":"75m","memory":"350M"},"requests":{"cpu":"25m","memory":"350M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | backend.portalmigrations.seeding.testDataEnvironments | string | `""` | | | backend.portalmigrations.seeding.testDataPaths | string | `"Seeder/Data"` | when changing the testDataPath the processIdentity needs to be adjusted as well, or it must be ensured that the identity is existing within the files under the new path | | backend.portalmigrations.processIdentity.processUserId | string | `"d21d2e8a-fe35-483c-b2b8-4100ed7f0953"` | | | backend.portalmigrations.logging.default | string | `"Information"` | | | backend.portalmaintenance.name | string | `"portal-maintenance"` | | | backend.portalmaintenance.image.name | string | `"docker.io/tractusx/portal-maintenance-service"` | | -| backend.portalmaintenance.image.portalmaintenancetag | string | `"v1.8.0"` | | +| backend.portalmaintenance.image.portalmaintenancetag | string | `"v2.0.0-RC1"` | | | backend.portalmaintenance.image.pullPolicy | string | `"IfNotPresent"` | | -| backend.portalmaintenance.resources | object | `{"requests":{"cpu":"15m","memory":"105M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| backend.portalmaintenance.resources | object | `{"limits":{"cpu":"75m","memory":"200M"},"requests":{"cpu":"25m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | backend.portalmaintenance.processIdentity.processUserId | string | `"d21d2e8a-fe35-483c-b2b8-4100ed7f0953"` | | | backend.portalmaintenance.logging.default | string | `"Information"` | | | backend.notification.name | string | `"notification-service"` | | | backend.notification.image.name | string | `"docker.io/tractusx/portal-notification-service"` | | -| backend.notification.image.notificationservicetag | string | `"v1.8.0"` | | +| backend.notification.image.notificationservicetag | string | `"v2.0.0-RC1"` | | | backend.notification.image.pullPolicy | string | `"IfNotPresent"` | | -| backend.notification.resources | object | `{"requests":{"cpu":"15m","memory":"300M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| backend.notification.resources | object | `{"limits":{"cpu":"225m","memory":"200M"},"requests":{"cpu":"75m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | backend.notification.basePath | string | `"api/notification"` | | | backend.notification.healthChecks | object | `{"startup":{"tags":[{"name":"HEALTHCHECKS__0__TAGS__1","value":"portaldb"}]}}` | Keycloak Healthcheck to be enabled for startupProbe; once the centralidp Keycloak instance is available, enable healthcheck by uncommenting. | | backend.notification.swaggerEnabled | bool | `false` | | | backend.notification.logging.default | string | `"Information"` | | | backend.services.name | string | `"services-service"` | | | backend.services.image.name | string | `"docker.io/tractusx/portal-services-service"` | | -| backend.services.image.servicesservicetag | string | `"v1.8.0"` | | +| backend.services.image.servicesservicetag | string | `"v2.0.0-RC1"` | | | backend.services.image.pullPolicy | string | `"IfNotPresent"` | | -| backend.services.resources | object | `{"requests":{"cpu":"15m","memory":"445M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| backend.services.resources | object | `{"limits":{"cpu":"225m","memory":"300M"},"requests":{"cpu":"75m","memory":"300M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | backend.services.basePath | string | `"api/services"` | | | backend.services.logging.default | string | `"Information"` | | | backend.services.logging.offersLibrary | string | `"Information"` | | @@ -387,15 +372,15 @@ dependencies: | backend.services.companyAdminRoles.role0 | string | `"Company Admin"` | | | backend.provisioningmigrations.name | string | `"provisioning-migrations"` | | | backend.provisioningmigrations.image.name | string | `"docker.io/tractusx/portal-provisioning-migrations"` | | -| backend.provisioningmigrations.image.provisioningmigrationstag | string | `"v1.8.0"` | | +| backend.provisioningmigrations.image.provisioningmigrationstag | string | `"v2.0.0-RC1"` | | | backend.provisioningmigrations.image.pullPolicy | string | `"IfNotPresent"` | | -| backend.provisioningmigrations.resources | object | `{"requests":{"cpu":"15m","memory":"105M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| backend.provisioningmigrations.resources | object | `{"limits":{"cpu":"75m","memory":"200M"},"requests":{"cpu":"25m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | backend.provisioningmigrations.logging.default | string | `"Information"` | | | backend.processesworker.name | string | `"processes-worker"` | | | backend.processesworker.image.name | string | `"docker.io/tractusx/portal-processes-worker"` | | -| backend.processesworker.image.processesworkertag | string | `"v1.8.0"` | | +| backend.processesworker.image.processesworkertag | string | `"v2.0.0-RC1"` | | | backend.processesworker.image.pullPolicy | string | `"IfNotPresent"` | | -| backend.processesworker.resources | object | `{"requests":{"cpu":"15m","memory":"105M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. | +| backend.processesworker.resources | object | `{"limits":{"cpu":"225m","memory":"500M"},"requests":{"cpu":"75m","memory":"500M"}}` | We recommend to review the default resource limits as this should a conscious choice. | | backend.processesworker.logging.default | string | `"Information"` | | | backend.processesworker.logging.processesLibrary | string | `"Information"` | | | backend.processesworker.logging.bpdmLibrary | string | `"Information"` | | @@ -442,19 +427,61 @@ dependencies: | backend.processesworker.offerprovider.clientId | string | `"offerprovider-client-id"` | Provide offerprovider client-id from CX IAM centralidp. | | backend.processesworker.offerprovider.clientSecret | string | `""` | Client-secret for offer provider client-id. Secret-key 'offerprovider-client-secret'. | | backend.processesworker.processIdentity.processUserId | string | `"d21d2e8a-fe35-483c-b2b8-4100ed7f0953"` | | -| backend.processesworker.onboardingServiceProvider.encryptionKey | string | `""` | Client-secret for onboardingserviceprovider encryptionKey. Secret-key 'process-onboardingserviceprovider-encryption-key'. | +| backend.processesworker.onboardingServiceProvider.encryptionConfigIndex | int | `1` | | +| backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.index | int | `0` | | +| backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.cipherMode | string | `"ECB"` | | +| backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` | | +| backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key0'. Expected format is 256 bit (64 digits) hex. When upgrading from v2.0.0-RC1 please read document portal-upgrade-details.md | +| backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.index | int | `1` | | +| backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.cipherMode | string | `"CBC"` | | +| backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.paddingMode | string | `"PKCS7"` | | +| backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | string | `""` | EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key1'. Expected format is 256 bit (64 digits) hex. When upgrading from v2.0.0-RC1 please read document portal-upgrade-details.md | | backend.processesworker.networkRegistration.loginDocumentPath | string | `"/documentation/?path=docs%2F09.+Others%28s%29%2F01.+Login.md"` | | | backend.processesworker.networkRegistration.externalRegistrationPath | string | `"/?overlay=consent_osp"` | | | backend.processesworker.networkRegistration.closeApplicationPath | string | `"/decline"` | The logic to decline an application is not yet implemented in the backend - this will currently lead to a 404 page when clicking on the link in the mail | -| backend.clients.portal | string | `"Cl2-CX-Portal"` | | -| backend.clients.registration | string | `"Cl1-CX-Registration"` | | -| backend.clients.technicalRolesManagement | string | `"technical_roles_management"` | | +| backend.processesworker.dim.clientId | string | `"dim-client-id"` | Provide dim client-id from CX IAM centralidp. | +| backend.processesworker.dim.clientSecret | string | `""` | Client-secret for dim client-id. Secret-key 'dim-client-secret'. | +| backend.processesworker.dim.grantType | string | `"client_credentials"` | | +| backend.processesworker.dim.scope | string | `"openid"` | | +| backend.processesworker.dim.baseAddress | string | `"https://dim.example.org"` | Base address of the DIM Middle Layer | +| backend.processesworker.dim.universalResolverAddress | string | `"https://resolver.example.org/did"` | Url of a public available universal resolver to validate the did and did document | +| backend.processesworker.dim.didDocumentPath | string | `"/api/administration/staticdata/did"` | path where the did document will be hosted | +| backend.processesworker.dim.maxValidationTimeInDays | int | `7` | | +| backend.processesworker.dim.encryptionConfigIndex | int | `0` | | +| backend.processesworker.dim.encryptionConfigs.index0.index | int | `0` | | +| backend.processesworker.dim.encryptionConfigs.index0.cipherMode | string | `"CBC"` | | +| backend.processesworker.dim.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` | | +| backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey for dim wallet creation. Secret-key 'dim-encryption-key0'. Expected format is 256 bit (64 digits) hex. | +| backend.processesworker.issuerComponent.clientId | string | `"issuercomponent-client-id"` | Provide dim client-id from CX IAM centralidp. | +| backend.processesworker.issuerComponent.clientSecret | string | `""` | Client-secret for dim client-id. Secret-key 'issuercomponent-client-secret'. | +| backend.processesworker.issuerComponent.grantType | string | `"client_credentials"` | | +| backend.processesworker.issuerComponent.scope | string | `"openid"` | | +| backend.processesworker.issuerComponent.baseAddress | string | `"https://issuercomponent.example.org"` | Base address of the SSI Credential Issuer | +| backend.processesworker.issuerComponent.encryptionConfigIndex | int | `0` | | +| backend.processesworker.issuerComponent.encryptionConfigs.index0.index | int | `0` | | +| backend.processesworker.issuerComponent.encryptionConfigs.index0.cipherMode | string | `"CBC"` | | +| backend.processesworker.issuerComponent.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` | | +| backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey for the issuer component. Secret-key 'issuercomponent-encryption-key0'. Expected format is 256 bit (64 digits) hex. | +| backend.processesworker.invitation.invitedUserInitialRoles.role0 | string | `"Company Admin"` | | +| backend.processesworker.invitation.initialLoginTheme | string | `"catenax-shared"` | | +| backend.processesworker.invitation.closeApplicationPath | string | `"/decline"` | | +| backend.processesworker.invitation.encryptionConfigIndex | int | `0` | | +| backend.processesworker.invitation.encryptionConfigs.index0.index | int | `0` | | +| backend.processesworker.invitation.encryptionConfigs.index0.cipherMode | string | `"CBC"` | | +| backend.processesworker.invitation.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` | | +| backend.processesworker.invitation.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey to encrypt the company-invitation client-secret. Secret-key 'invitation-encryption-key0'. Expected format is 256 bit (64 digits) hex. | +| backend.processesworker.mailing.encryptionConfigIndex | int | `0` | | +| backend.processesworker.mailing.encryptionConfigs.index0.index | int | `0` | | +| backend.processesworker.mailing.encryptionConfigs.index0.cipherMode | string | `"CBC"` | | +| backend.processesworker.mailing.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` | | +| backend.processesworker.mailing.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey to encrypt the parameters of mailing processes. Secret-key 'mailing-encryption-key0'. Expected format is 256 bit (64 digits) hex. | | backend.placeholder | string | `"empty"` | | | postgresql.enabled | bool | `true` | PostgreSQL chart configuration Switch to enable or disable the PostgreSQL helm chart | -| postgresql.fullnameOverride | string | `"portal-backend-postgresql"` | FullnameOverride to 'portal-backend-postgresql'. | +| postgresql.image | object | `{"tag":"15-debian-11"}` | Setting image tag to major to get latest minor updates | +| postgresql.commonLabels."app.kubernetes.io/version" | string | `"15"` | | | postgresql.auth.database | string | `"postgres"` | Database name | | postgresql.auth.port | int | `5432` | Database port number | -| postgresql.auth.existingSecret | string | `"secret-postgres-init"` | Secret containing the passwords for root usernames postgres and non-root usernames repl_user, portal and provisioning. | +| postgresql.auth.existingSecret | string | `"portal-postgres"` | Secret containing the passwords for root usernames postgres and non-root usernames repl_user, portal and provisioning. | | postgresql.auth.password | string | `""` | Password for the root username 'postgres'. Secret-key 'postgres-password'. | | postgresql.auth.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. | | postgresql.auth.portalUser | string | `"portal"` | Non-root username for portal. | @@ -465,7 +492,7 @@ dependencies: | postgresql.audit.pgAuditLog | string | `"write, ddl"` | | | postgresql.audit.logLinePrefix | string | `"%m %u %d "` | | | postgresql.primary.extendedConfiguration | string | `""` | Extended PostgreSQL Primary configuration (increase of max_connections recommended - default is 100) | -| postgresql.primary.initdb.scriptsConfigMap | string | `"configmap-postgres-init"` | | +| postgresql.primary.initdb.scriptsConfigMap | string | `"{{ .Release.Name }}-portal-cm-postgres"` | | | postgresql.primary.extraEnvVars[0].name | string | `"PORTAL_PASSWORD"` | | | postgresql.primary.extraEnvVars[0].valueFrom.secretKeyRef.name | string | `"{{ .Values.auth.existingSecret }}"` | | | postgresql.primary.extraEnvVars[0].valueFrom.secretKeyRef.key | string | `"portal-password"` | | @@ -476,7 +503,7 @@ dependencies: | externalDatabase.host | string | `"portal-backend-postgresql-external-db"` | External PostgreSQL configuration IMPORTANT: init scripts (01-init-db-user.sh and 02-init-db.sql) available in templates/configmap-backend-postgres-init.yaml need to be executed beforehand. Database host | | externalDatabase.database | string | `"postgres"` | Database name | | externalDatabase.port | int | `5432` | Database port number | -| externalDatabase.secret | string | `"secret-postgres-external-db"` | Secret containing the passwords non-root usernames portal and provisioning. | +| externalDatabase.secret | string | `"portal-postgres-external-db"` | Secret containing the passwords non-root usernames portal and provisioning. | | externalDatabase.portalUser | string | `"portal"` | Non-root username for portal. | | externalDatabase.provisioningUser | string | `"provisioning"` | Non-root username for provisioning. | | externalDatabase.portalPassword | string | `""` | Password for the non-root username 'portal'. Secret-key 'portal-password'. | diff --git a/charts/portal/README.md.gotmpl b/charts/portal/README.md.gotmpl index bf316223f..814d78871 100644 --- a/charts/portal/README.md.gotmpl +++ b/charts/portal/README.md.gotmpl @@ -4,15 +4,15 @@ This helm chart installs the Catena-X Portal application which consists of -* [portal-frontend (v1.8.0)](https://github.com/eclipse-tractusx/portal-frontend/tree/v1.8.0), -* [portal-frontend-registration (v1.6.0)](https://github.com/eclipse-tractusx/portal-frontend-registration/tree/v1.6.0), +* [portal-frontend (v2.0.0-RC1)](https://github.com/eclipse-tractusx/portal-frontend/tree/v2.0.0-RC1), +* [portal-frontend-registration (v1.7.0-RC1)](https://github.com/eclipse-tractusx/portal-frontend-registration/tree/v1.7.0-RC1), * [portal-assets (v1.8.0)](https://github.com/eclipse-tractusx/portal-assets/tree/v1.8.0) and -* [portal-backend (v1.8.0)](https://github.com/eclipse-tractusx/portal-backend/tree/v1.8.0). +* [portal-backend (v2.0.0-RC1)](https://github.com/eclipse-tractusx/portal-backend/tree/v2.0.0-RC1). The Catena-X Portal is designed to work with the [Catena-X IAM](https://github.com/eclipse-tractusx/portal-iam). -This version is compatible with the 2.1.0 version of the IAM instances: -* [Central Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/centralidp-2.1.0/charts/centralidp/README.md) -* [Shared Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/sharedidp-2.1.0/charts/sharedidp/README.md) +This version is compatible with the 3.0.0-rc.1 version of the IAM instances: +* [Central Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/centralidp-3.0.0-rc.1/charts/centralidp/README.md) +* [Shared Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/sharedidp-3.0.0-rc.1/charts/sharedidp/README.md) For information on how to upgrade from previous versions please refer to [Version Upgrade](https://github.com/eclipse-tractusx/portal-assets/tree/v1.8.0/docs/developer/Technical%20Documentation/Version%20Upgrade/portal-upgrade-details.md). diff --git a/charts/portal/templates/_helpers.tpl b/charts/portal/templates/_helpers.tpl index 226c33f57..f503a547e 100644 --- a/charts/portal/templates/_helpers.tpl +++ b/charts/portal/templates/_helpers.tpl @@ -1,3 +1,22 @@ +{{- /* +* Copyright (c) 2022 Contributors to the Eclipse Foundation +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License, Version 2.0 which is available at +* https://www.apache.org/licenses/LICENSE-2.0. +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +* License for the specific language governing permissions and limitations +* under the License. +* +* SPDX-License-Identifier: Apache-2.0 +*/}} + {{/* Expand the name of the chart. */}} diff --git a/charts/portal/templates/configmap-backend-postgres-init.yaml b/charts/portal/templates/configmap-backend-postgres-init.yaml index e0e232095..a8b2d9f75 100644 --- a/charts/portal/templates/configmap-backend-postgres-init.yaml +++ b/charts/portal/templates/configmap-backend-postgres-init.yaml @@ -21,8 +21,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Values.postgresql.primary.initdb.scriptsConfigMap }} + name: {{ .Release.Name }}-portal-cm-postgres namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} data: 01-init-db-user.sh: | postgresql_create_portal_user() { diff --git a/charts/portal/templates/cronjob-backend-portal-maintenance.yaml b/charts/portal/templates/cronjob-backend-portal-maintenance.yaml index 8d7aa7e37..4606c294d 100644 --- a/charts/portal/templates/cronjob-backend-portal-maintenance.yaml +++ b/charts/portal/templates/cronjob-backend-portal-maintenance.yaml @@ -20,16 +20,21 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: {{ .Values.backend.portalmaintenance.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.portalmaintenance.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: schedule: "0 0 * * *" jobTemplate: + metadata: + name: {{ include "portal.fullname" . }}-{{ .Values.backend.portalmaintenance.name }} spec: template: spec: restartPolicy: OnFailure containers: - - name: {{ .Values.backend.portalmaintenance.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.backend.portalmaintenance.name }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/charts/portal/templates/cronjob-backend-processes.yaml b/charts/portal/templates/cronjob-backend-processes.yaml index 317783ca5..6d9863c92 100644 --- a/charts/portal/templates/cronjob-backend-processes.yaml +++ b/charts/portal/templates/cronjob-backend-processes.yaml @@ -20,17 +20,22 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: {{ .Values.backend.processesworker.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.processesworker.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: schedule: "*/5 * * * *" concurrencyPolicy: Forbid jobTemplate: + metadata: + name: {{ include "portal.fullname" . }}-{{ .Values.backend.processesworker.name }} spec: template: spec: restartPolicy: OnFailure containers: - - name: {{ .Values.backend.processesworker.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.backend.processesworker.name }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -76,7 +81,7 @@ spec: value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" {{- end }} - name: "APPLICATIONACTIVATION__APPLICATIONAPPROVALINITIALROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "APPLICATIONACTIVATION__APPLICATIONAPPROVALINITIALROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.applicationActivation.applicationApprovalInitialRoles.portal.role0 }}" - name: "APPLICATIONACTIVATION__CLIENTTOREMOVEROLESONACTIVATION__0" @@ -84,7 +89,7 @@ spec: - name: "APPLICATIONACTIVATION__BASEPORTALADDRESS" value: "{{ .Values.portalAddress }}" - name: "APPLICATIONACTIVATION__COMPANYADMINROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.registration }}" + value: "{{ .Values.centralidp.clients.registration }}" - name: "APPLICATIONACTIVATION__COMPANYADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.applicationActivation.applicationApprovalInitialRoles.registration.role0 }}" - name: "APPLICATIONACTIVATION__WELCOMENOTIFICATIONTYPEIDS__0" @@ -119,7 +124,7 @@ spec: - name: "APPLICATIONCHECKLIST__BPDM__GRANTTYPE" value: "{{ .Values.backend.processesworker.bpdm.grantType }}" - name: "APPLICATIONCHECKLIST__BPDM__TOKENADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" - name: "APPLICATIONCHECKLIST__BPDM__PASSWORD" value: "{{ .Values.backend.placeholder }}" - name: "APPLICATIONCHECKLIST__BPDM__SCOPE" @@ -161,7 +166,7 @@ spec: - name: "APPLICATIONCHECKLIST__CUSTODIAN__GRANTTYPE" value: "{{ .Values.backend.processesworker.custodian.grantType }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__TOKENADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__PASSWORD" value: "{{ .Values.backend.placeholder }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__SCOPE" @@ -178,7 +183,7 @@ spec: - name: "APPLICATIONCHECKLIST__SDFACTORY__GRANTTYPE" value: "{{ .Values.backend.processesworker.sdfactory.grantType }}" - name: "APPLICATIONCHECKLIST__SDFACTORY__TOKENADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" - name: "APPLICATIONCHECKLIST__SDFACTORY__PASSWORD" value: "{{ .Values.backend.placeholder }}" - name: "APPLICATIONCHECKLIST__SDFACTORY__SCOPE" @@ -189,8 +194,80 @@ spec: value: "{{ .Values.sdfactoryAddress }}{{ .Values.backend.processesworker.sdfactory.selfdescriptionPath }}" - name: "APPLICATIONCHECKLIST__SDFACTORY__USERNAME" value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__CLIENTID" + value: "{{ .Values.backend.processesworker.dim.clientId }}" + - name: "APPLICATIONCHECKLIST__DIM__GRANTTYPE" + value: "{{ .Values.backend.processesworker.dim.grantType }}" + - name: "APPLICATIONCHECKLIST__DIM__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "dim-client-secret" + - name: "APPLICATIONCHECKLIST__DIM__SCOPE" + value: "{{ .Values.backend.processesworker.dim.scope }}" + - name: "APPLICATIONCHECKLIST__DIM__TOKENADDRESS" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "APPLICATIONCHECKLIST__DIM__BASEADDRESS" + value: "{{ .Values.backend.processesworker.dim.baseAddress }}" + - name: "APPLICATIONCHECKLIST__DIM__UNIVERSALRESOLVERADDRESS" + value: "{{ .Values.backend.processesworker.dim.universalResolverAddress }}" + - name: "APPLICATIONCHECKLIST__DIM__DIDDOCUMENTBASELOCATION" + value: "{{ .Values.portalAddress }}{{ .Values.backend.processesworker.dim.didDocumentPath }}" + - name: "APPLICATIONCHECKLIST__DIM__MAXVALIDATIONTIMEINDAYS" + value: "{{ .Values.backend.processesworker.dim.maxValidationTimeInDays }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigIndex }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.index }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "dim-encryption-key0" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}" + - name: "APPLICATIONCHECKLIST__DIM__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__CLIENTID" + value: "{{ .Values.backend.processesworker.dim.clientId }}" + - name: "APPLICATIONCHECKLIST__DIM__GRANTTYPE" + value: "{{ .Values.backend.processesworker.dim.grantType }}" + - name: "APPLICATIONCHECKLIST__DIM__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "dim-client-secret" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__SCOPE" + value: "{{ .Values.backend.processesworker.issuerComponent.scope }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__TOKENADDRESS" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__BASEADDRESS" + value: "{{ .Values.backend.processesworker.issuerComponent.baseAddress }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CALLBACKURL" + value: "{{ .Values.portalBackendAddress }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigIndex }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.index }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "issuercomponent-encryption-key0" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.cipherMode }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.paddingMode }}" - name: "KEYCLOAK__CENTRAL__AUTHREALM" - value: "{{ .Values.backend.keycloak.central.authRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "KEYCLOAK__CENTRAL__CLIENTID" value: "{{ .Values.backend.keycloak.central.clientId }}" - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" @@ -199,7 +276,7 @@ spec: name: "{{ .Values.backend.keycloak.secret }}" key: "central-client-secret" - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" - value: "{{ .Values.centralidpAddress }}" + value: "{{ .Values.centralidp.address }}" - name: "KEYCLOAK__CENTRAL__USEAUTHTRAIL" value: "{{ .Values.backend.keycloak.central.useAuthTrail }}" - name: "KEYCLOAK__SHARED__AUTHREALM" @@ -236,8 +313,14 @@ spec: secretKeyRef: name: "{{ .Values.backend.mailing.secret }}" key: "password" + - name: "MAILINGSERVICE__MAIL__SMTPPORT" + value: "{{ .Values.backend.mailing.port }}" + - name: "MAILINGSERVICE__MAIL__SMTPUSER" + value: "{{ .Values.backend.mailing.user }}" + - name: "MAILINGSERVICE__MAIL__SENDEREMAIL" + value: "{{ .Values.backend.mailing.senderEmail }}" - name: "NETWORKREGISTRATION__INITIALROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.registration }}" + value: "{{ .Values.centralidp.clients.registration }}" - name: "NETWORKREGISTRATION__INITIALROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" - name: "NETWORKREGISTRATION__BASEPORTALADDRESS" @@ -248,22 +331,16 @@ spec: value: "{{ .Values.portalAddress }}{{ .Values.backend.processesworker.networkRegistration.externalRegistrationPath }}" - name: "NETWORKREGISTRATION__CLOSEAPPLICATIONADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.processesworker.networkRegistration.closeApplicationPath }}" - - name: "MAILINGSERVICE__MAIL__SMTPPORT" - value: "{{ .Values.backend.mailing.port }}" - - name: "MAILINGSERVICE__MAIL__SMTPUSER" - value: "{{ .Values.backend.mailing.user }}" - - name: "MAILINGSERVICE__MAIL__SENDEREMAIL" - value: "{{ .Values.backend.mailing.senderEmail }}" - name: "PROCESSES__LOCKEXPIRYSECONDS" value: "{{ .Values.backend.processesworker.processes.lockExpirySeconds }}" - name: "PROVISIONING__CENTRALIDENTITYPROVIDER__CONFIG__CLIENTID" value: "{{ .Values.backend.provisioning.centralIdentityProvider.clientId }}" - name: "PROVISIONING__CENTRALREALM" - value: "{{ .Values.backend.provisioning.centralRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "PROVISIONING__CENTRALREALMID" value: "{{ .Values.backend.provisioning.centralRealmId }}" - name: "PROVISIONING__INVITEDUSERINITIALROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.registration }}" + value: "{{ .Values.centralidp.clients.registration }}" # -- if the array is extended please extend NETWORKREGISTRATION__INITIALROLES as well - name: "PROVISIONING__INVITEDUSERINITIALROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" @@ -291,19 +368,19 @@ spec: - name: "OFFERSUBSCRIPTIONPROCESS__BASEPORTALADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" - name: "OFFERSUBSCRIPTIONPROCESS__SERVICEACCOUNTROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.technicalRolesManagement }}" + value: "{{ .Values.centralidp.clients.technicalRolesManagement }}" - name: "OFFERSUBSCRIPTIONPROCESS__SERVICEACCOUNTROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.offerSubscriptionProcess.serviceAccountRoles.role0 }}" - name: "OFFERSUBSCRIPTIONPROCESS__SERVICEMANAGERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "OFFERSUBSCRIPTIONPROCESS__SERVICEMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.offerSubscriptionProcess.serviceManagerRoles.role0 }}" - name: "OFFERSUBSCRIPTIONPROCESS__ITADMINROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "OFFERSUBSCRIPTIONPROCESS__ITADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.offerSubscriptionProcess.itAdminRoles.role0 }}" - name: "OFFERPROVIDER__SERVICEMANAGERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "OFFERPROVIDER__SERVICEMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.offerprovider.serviceManagerRoles.role0 }}" - name: "OFFERPROVIDER__CLIENTID" @@ -316,7 +393,7 @@ spec: - name: "OFFERPROVIDER__GRANTTYPE" value: "{{ .Values.backend.processesworker.offerprovider.grantType }}" - name: "OFFERPROVIDER__TOKENADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" - name: "OFFERPROVIDER__PASSWORD" value: "{{ .Values.backend.placeholder }}" - name: "OFFERPROVIDER__SCOPE" @@ -325,11 +402,68 @@ spec: value: "{{ .Values.backend.placeholder }}" - name: "PROCESSIDENTITY__PROCESSUSERID" value: "{{ .Values.backend.processesworker.processIdentity.processUserId }}" - - name: "ONBOARDINGSERVICEPROVIDER__ENCYRPTIONKEY" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigIndex }}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.index}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.cipherMode}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.paddingMode}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "onboardingserviceprovider-encryption-key0" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__INDEX" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.index}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__CIPHERMODE" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.cipherMode}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__PADDINGMODE" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.paddingMode}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "onboardingserviceprovider-encryption-key1" + - name: "INVITATION__INVITEDUSERINITIALROLES__0__CLIENTID" + value: "{{ .Values.centralidp.clients.registration }}" + - name: "INVITATION__INVITEDUSERINITIALROLES__0__USERROLENAMES__0" + value: "{{ .Values.backend.processesworker.invitation.invitedUserInitialRoles.role0 }}" + - name: "INVITATION__REGISTRATIONAPPADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.registration.portalRegistrationPath }}" + - name: "INVITATION__PASSWORDRESENDADDRESS" + value: "{{ .Values.portalAddress }}{{ .Values.backend.portalPasswordResendPath }}" + - name: "INVITATION__INITIALLOGINTHEME" + value: "{{ .Values.backend.processesworker.invitation.initialLoginTheme }}" + - name: "INVITATION__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.invitation.encryptionConfigIndex }}" + - name: "INVITATION__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.invitation.encryptionConfigs.index0.index }}" + - name: "INVITATION__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "invitation-encryption-key0" + - name: "INVITATION__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.invitation.encryptionConfigs.index0.cipherMode }}" + - name: "INVITATION__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.invitation.encryptionConfigs.index0.paddingMode }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigIndex }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.index }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" valueFrom: secretKeyRef: name: "{{ .Values.backend.interfaces.secret }}" - key: "process-onboardingserviceprovider-encryption-key" + key: "mailing-encryption-key0" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.cipherMode }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.paddingMode }}" + - name: "APPLICATIONCREATION_USEDIMWALLET" + value: "{{ .Values.backend.useDimWallet }}" ports: - name: http containerPort: {{ .Values.portContainer }} diff --git a/charts/portal/templates/deployment-backend-administration.yaml b/charts/portal/templates/deployment-backend-administration.yaml index ab196dd39..e2efefc3d 100644 --- a/charts/portal/templates/deployment-backend-administration.yaml +++ b/charts/portal/templates/deployment-backend-administration.yaml @@ -20,21 +20,26 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.backend.administration.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.administration.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ .Values.backend.administration.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.administration.name }} + {{- include "portal.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ .Values.backend.administration.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.administration.name }} + {{- include "portal.selectorLabels" . | nindent 8 }} spec: containers: - - name: {{ .Values.backend.administration.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.backend.administration.name }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -64,8 +69,6 @@ spec: value: "Server={{ template "portal.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - name: "CONNECTIONSTRINGS__PROVISIONINGDB" value: "Server={{ template "portal.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" - value: "Server={{ template "portal.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" {{- end }} {{- if not .Values.postgresql.enabled }} - name: "PORTAL_PASSWORD" @@ -82,8 +85,6 @@ spec: value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - name: "CONNECTIONSTRINGS__PROVISIONINGDB" value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" - value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};;" {{- end }} - name: "MVC_ROUTING_BASEPATH" value: "{{ .Values.backend.administration.basePath }}" @@ -110,7 +111,7 @@ spec: - name: "APPLICATIONCHECKLIST__BPDM__GRANTTYPE" value: "{{ .Values.backend.processesworker.bpdm.grantType }}" - name: "APPLICATIONCHECKLIST__BPDM__TOKENADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" - name: "APPLICATIONCHECKLIST__BPDM__PASSWORD" value: "{{ .Values.backend.placeholder }}" - name: "APPLICATIONCHECKLIST__BPDM__SCOPE" @@ -152,7 +153,7 @@ spec: - name: "APPLICATIONCHECKLIST__CUSTODIAN__GRANTTYPE" value: "{{ .Values.backend.processesworker.custodian.grantType }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__TOKENADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__PASSWORD" value: "{{ .Values.backend.placeholder }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__SCOPE" @@ -169,7 +170,7 @@ spec: - name: "APPLICATIONCHECKLIST__SDFACTORY__GRANTTYPE" value: "{{ .Values.backend.processesworker.sdfactory.grantType }}" - name: "APPLICATIONCHECKLIST__SDFACTORY__TOKENADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" - name: "APPLICATIONCHECKLIST__SDFACTORY__PASSWORD" value: "{{ .Values.backend.placeholder }}" - name: "APPLICATIONCHECKLIST__SDFACTORY__SCOPE" @@ -180,6 +181,65 @@ spec: value: "{{ .Values.sdfactoryAddress }}{{ .Values.backend.processesworker.sdfactory.selfdescriptionPath }}" - name: "APPLICATIONCHECKLIST__SDFACTORY__USERNAME" value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__CLIENTID" + value: "{{ .Values.backend.processesworker.dim.clientId }}" + - name: "APPLICATIONCHECKLIST__DIM__GRANTTYPE" + value: "{{ .Values.backend.processesworker.dim.grantType }}" + - name: "APPLICATIONCHECKLIST__DIM__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "dim-client-secret" + - name: "APPLICATIONCHECKLIST__DIM__SCOPE" + value: "{{ .Values.backend.processesworker.dim.scope }}" + - name: "APPLICATIONCHECKLIST__DIM__TOKENADDRESS" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "APPLICATIONCHECKLIST__DIM__BASEADDRESS" + value: "{{ .Values.backend.processesworker.dim.baseAddress }}" + - name: "APPLICATIONCHECKLIST__DIM__UNIVERSALRESOLVERADDRESS" + value: "{{ .Values.backend.processesworker.dim.universalResolverAddress }}" + - name: "APPLICATIONCHECKLIST__DIM__DIDDOCUMENTBASELOCATION" + value: "{{ .Values.portalAddress }}{{ .Values.backend.processesworker.dim.didDocumentPath }}" + - name: "APPLICATIONCHECKLIST__DIM__MAXVALIDATIONTIMEINDAYS" + value: "{{ .Values.backend.processesworker.dim.maxValidationTimeInDays }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigIndex }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.index }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "dim-encryption-key0" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__SCOPE" + value: "{{ .Values.backend.processesworker.issuerComponent.scope }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__TOKENADDRESS" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__BASEADDRESS" + value: "{{ .Values.backend.processesworker.issuerComponent.baseAddress }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CALLBACKURL" + value: "{{ .Values.portalBackendAddress }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigIndex }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.index }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "issuercomponent-encryption-key0" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.cipherMode }}" + - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.paddingMode }}" - name: "COMPANYDATA__USECASEPARTICIPATIONMEDIATYPES__0" value: "{{ .Values.backend.administration.companyData.useCaseParticipationMediaTypes.type0 }}" - name: "COMPANYDATA__SSICERTIFICATEMEDIATYPES__0" @@ -196,9 +256,9 @@ spec: value: "{{ .Values.backend.administration.connectors.validCertificationContentTypes.type3 }}" - name: "CONNECTORS__SELFDESCRIPTIONDOCUMENTURL" value: "{{ .Values.portalBackendAddress }}{{ .Values.backend.administration.connectors.selfDescriptionDocumentPath }}" - - name: "Document__EnableSeedEndpoint" + - name: "DOCUMENT__ENABLESEEDENDPOINT" value: "True" - - name: "Document__FRAMEDOCUMENTTYPEIDS__0" + - name: "DOCUMENT__FRAMEDOCUMENTTYPEIDS__0" value: "{{ .Values.backend.administration.frameDocumentTypeIds.type0 }}" - name: "HEALTHCHECKS__0__PATH" value: "{{ .Values.backend.healthChecks.startup.path}}" @@ -232,41 +292,29 @@ spec: - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__SEPARATOR" value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.separator }}" - name: "IDENTITYPROVIDERADMIN__DELETEIDPROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "IDENTITYPROVIDERADMIN__DELETEIDPROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.administration.identityProviderAdmin.deleteIdpRoles.role0 }}" - name: "IDENTITYPROVIDERADMIN__DELETEIDPROLES__0__USERROLENAMES__1" value: "{{ .Values.backend.administration.identityProviderAdmin.deleteIdpRoles.role1 }}" - name: "IDENTITYPROVIDERADMIN__DEACTIVATEIDPROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "IDENTITYPROVIDERADMIN__DEACTIVATEIDPROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.administration.identityProviderAdmin.deactivateIdpRoles.role0 }}" - name: "IDENTITYPROVIDERADMIN__DEACTIVATEIDPROLES__0__USERROLENAMES__1" value: "{{ .Values.backend.administration.identityProviderAdmin.deactivateIdpRoles.role1 }}" - - name: "INVITATION__INVITEDUSERINITIALROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.registration }}" - - name: "INVITATION__INVITEDUSERINITIALROLES__0__USERROLENAMES__0" - value: "{{ .Values.backend.administration.invitation.invitedUserInitialRoles.role0 }}" - - name: "INVITATION__REGISTRATIONAPPADDRESS" - value: "{{ .Values.portalAddress }}{{ .Values.backend.registration.portalRegistrationPath }}" - - name: "INVITATION__PASSWORDRESENDADDRESS" - value: "{{ .Values.portalAddress }}{{ .Values.backend.portalPasswordResendPath }}" - - name: "INVITATION__INITIALLOGINTHEME" - value: "{{ .Values.backend.administration.invitation.initialLoginTheme }}" - - name: "INVITATION__CLOSEAPPLICATIONADDRESS" - value: "{{ .Values.portalAddress }}{{ .Values.backend.administration.invitation.closeApplicationPath }}" - name: "JWTBEAREROPTIONS__METADATAADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" - name: "JWTBEAREROPTIONS__REQUIREHTTPSMETADATA" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.requireHttpsMetadata }}" - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal }}" - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" - name: "JWTBEAREROPTIONS__REFRESHINTERVAL" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.refreshInterval }}" - name: "KEYCLOAK__CENTRAL__AUTHREALM" - value: "{{ .Values.backend.keycloak.central.authRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "KEYCLOAK__CENTRAL__CLIENTID" value: "{{ .Values.backend.keycloak.central.clientId }}" - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" @@ -275,7 +323,7 @@ spec: name: "{{ .Values.backend.keycloak.secret }}" key: "central-client-secret" - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" - value: "{{ .Values.centralidpAddress }}" + value: "{{ .Values.centralidp.address }}" - name: "KEYCLOAK__CENTRAL__USEAUTHTRAIL" value: "{{ .Values.backend.keycloak.central.useAuthTrail }}" - name: "KEYCLOAK__SHARED__AUTHREALM" @@ -301,38 +349,42 @@ spec: value: "{{ .Values.backend.administration.logging.custodianLibrary }}" - name: "SERILOG__MINIMUMLEVEL__OVERRIDE__Org.Eclipse.TractusX.Portal.Backend.Bpdm.Library" value: "{{ .Values.backend.administration.logging.bpdmLibrary }}" - - name: "MAILINGSERVICE__MAIL__SMTPHOST" - value: "{{ .Values.backend.mailing.host }}" - - name: "MAILINGSERVICE__MAIL__SMTPPASSWORD" - valueFrom: - secretKeyRef: - name: "{{ .Values.backend.mailing.secret }}" - key: "password" - - name: "MAILINGSERVICE__MAIL__SMTPPORT" - value: "{{ .Values.backend.mailing.port }}" - - name: "MAILINGSERVICE__MAIL__SMTPUSER" - value: "{{ .Values.backend.mailing.user }}" - - name: "MAILINGSERVICE__MAIL__SENDEREMAIL" - value: "{{ .Values.backend.mailing.senderEmail }}" - name: "NETWORK2NETWORK__INITIALROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.registration }}" + value: "{{ .Values.centralidp.clients.registration }}" - name: "NETWORK2NETWORK__INITIALROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" - - name: "NETWORK2NETWORK__BASEPORTALADDRESS" - value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" - - name: "ONBOARDINGSERVICEPROVIDER__ENCYRPTIONKEY" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigIndex }}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.index}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.cipherMode}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.paddingMode}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" valueFrom: secretKeyRef: name: "{{ .Values.backend.interfaces.secret }}" - key: "onboardingserviceprovider-encryption-key" + key: "onboardingserviceprovider-encryption-key0" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__INDEX" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.index}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__CIPHERMODE" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.cipherMode}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__PADDINGMODE" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.paddingMode}}" + - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "onboardingserviceprovider-encryption-key1" - name: "PROVISIONING__CENTRALIDENTITYPROVIDER__CONFIG__CLIENTID" value: "{{ .Values.backend.provisioning.centralIdentityProvider.clientId }}" - name: "PROVISIONING__CENTRALREALM" - value: "{{ .Values.backend.provisioning.centralRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "PROVISIONING__CENTRALREALMID" value: "{{ .Values.backend.provisioning.centralRealmId }}" - name: "PROVISIONING__INVITEDUSERINITIALROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.registration }}" + value: "{{ .Values.centralidp.clients.registration }}" # -- if the array is extended please extend NETWORK2NETWORK__INITIALROLES as well - name: "PROVISIONING__INVITEDUSERINITIALROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" @@ -370,7 +422,7 @@ spec: - name: "USERMANAGEMENT__COMPANYUSERSTATUSIDS__1" value: "{{ .Values.backend.administration.userManagement.companyUserStatusIds.status1 }}" - name: "USERMANAGEMENT__USERADMINROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "USERMANAGEMENT__USERADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.administration.userManagement.userAdminRoles.role0 }}" - name: "USERMANAGEMENT__USERADMINROLES__0__USERROLENAMES__1" @@ -380,7 +432,20 @@ spec: - name: "USERMANAGEMENT__PORTAL__PASSWORDRESENDADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.portalPasswordResendPath }}" - name: "USERMANAGEMENT__PORTAL__KEYCLOAKCLIENTID" - value: "{{ .Values.backend.administration.keycloakClientId }}" + value: "{{ .Values.centralidp.clients.portal }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigIndex }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.index }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "mailing-encryption-key0" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.cipherMode }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.paddingMode }}" ports: - name: http containerPort: {{ .Values.portContainer }} diff --git a/charts/portal/templates/deployment-backend-appmarketplace.yaml b/charts/portal/templates/deployment-backend-appmarketplace.yaml index c01b416dc..39306cd29 100644 --- a/charts/portal/templates/deployment-backend-appmarketplace.yaml +++ b/charts/portal/templates/deployment-backend-appmarketplace.yaml @@ -20,21 +20,26 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.backend.appmarketplace.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.appmarketplace.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ .Values.backend.appmarketplace.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.appmarketplace.name }} + {{- include "portal.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ .Values.backend.appmarketplace.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.appmarketplace.name }} + {{- include "portal.selectorLabels" . | nindent 8 }} spec: containers: - - name: {{ .Values.backend.appmarketplace.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.backend.appmarketplace.name }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -82,7 +87,7 @@ spec: value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" {{- end }} - name: "APPMARKETPLACE__ACTIVEAPPCOMPANYADMINROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "APPMARKETPLACE__ACTIVEAPPCOMPANYADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.activeAppCompanyAdminRoles.role0 }}" - name: "APPMARKETPLACE__ACTIVEAPPCOMPANYADMINROLES__0__USERROLENAMES__1" @@ -106,7 +111,7 @@ spec: - name: "APPMARKETPLACE__APPROVEAPPNOTIFICATIONTYPEIDS__0" value: "{{ .Values.backend.appmarketplace.approveAppNotificationTypeIds.type0 }}" - name: "APPMARKETPLACE__APPROVEAPPUSERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "APPMARKETPLACE__APPROVEAPPUSERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.approveAppUserRoles.role0 }}" - name: "APPMARKETPLACE__APPROVEAPPUSERROLES__0__USERROLENAMES__1" @@ -120,7 +125,7 @@ spec: - name: "APPMARKETPLACE__USERMANAGEMENTADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.userManagementPath }}" - name: "APPMARKETPLACE__CATENAADMINROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "APPMARKETPLACE__CATENAADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.catenaAdminRoles.role0 }}" - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__0__DOCUMENTTYPEID" @@ -208,11 +213,11 @@ spec: - name: "APPMARKETPLACE__UPLOADACTIVEAPPDOCUMENTTYPEIDS__3__MEDIATYPES__0" value: "{{ .Values.backend.appmarketplace.uploadActiveAppDocumentTypeIds.mediaTypeIds3.mediaTypeId0 }}" - name: "APPMARKETPLACE__ITADMINROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "APPMARKETPLACE__ITADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.ITAdminRoles.role0 }}" - name: "APPMARKETPLACE__ACTIVATIONUSERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "APPMARKETPLACE__ACTIVATIONUSERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.activationUserRoles.role0 }}" - name: "APPMARKETPLACE__ACTIVATIONUSERROLES__0__USERROLENAMES__1" @@ -224,19 +229,19 @@ spec: - name: "APPMARKETPLACE__OFFERSTATUSIDS__1" value: "{{ .Values.backend.appmarketplace.offerStatusIds.status1 }}" - name: "APPMARKETPLACE__SALESMANAGERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "APPMARKETPLACE__SALESMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.salesManagerRoles.role0 }}" - name: "APPMARKETPLACE__SERVICEACCOUNTROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.technicalRolesManagement }}" + value: "{{ .Values.centralidp.clients.technicalRolesManagement }}" - name: "APPMARKETPLACE__SERVICEACCOUNTROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.serviceAccountRoles.role0 }}" - name: "APPMARKETPLACE__SERVICEMANAGERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "APPMARKETPLACE__SERVICEMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.serviceManagerRoles.role0 }}" - name: "APPMARKETPLACE__SUBSCRIPTIONMANAGERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "APPMARKETPLACE__SUBSCRIPTIONMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.subscriptionManagerRoles.role0 }}" - name: "APPMARKETPLACE__SUBSCRIPTIONMANAGERROLES__0__USERROLENAMES__1" @@ -246,7 +251,7 @@ spec: - name: "APPMARKETPLACE__TECHNICALUSERPROFILECLIENT" value: "{{ .Values.backend.appmarketplace.technicalUserProfileClient }}" - name: "APPMARKETPLACE__COMPANYADMINROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "APPMARKETPLACE__COMPANYADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.companyAdminRoles.role0 }}" - name: "HEALTHCHECKS__0__PATH" @@ -259,17 +264,17 @@ spec: - name: "HEALTHCHECKS__2__PATH" value: "{{ .Values.backend.healthChecks.liveness.path}}" - name: "JWTBEAREROPTIONS__METADATAADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" - name: "JWTBEAREROPTIONS__REQUIREHTTPSMETADATA" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.requireHttpsMetadata }}" - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal }}" - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" - name: "JWTBEAREROPTIONS__REFRESHINTERVAL" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.refreshInterval }}" - name: "KEYCLOAK__CENTRAL__AUTHREALM" - value: "{{ .Values.backend.keycloak.central.authRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "KEYCLOAK__CENTRAL__CLIENTID" value: "{{ .Values.backend.keycloak.central.clientId }}" - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" @@ -278,7 +283,7 @@ spec: name: "{{ .Values.backend.keycloak.secret }}" key: "central-client-secret" - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" - value: "{{ .Values.centralidpAddress }}" + value: "{{ .Values.centralidp.address }}" - name: "KEYCLOAK__CENTRAL__USEAUTHTRAIL" value: "{{ .Values.backend.keycloak.central.useAuthTrail }}" - name: "KEYCLOAK__SHARED__AUTHREALM" @@ -300,23 +305,23 @@ spec: value: "{{ .Values.backend.appmarketplace.logging.default }}" - name: "SERILOG__MINIMUMLEVEL__OVERRIDE__Org.Eclipse.TractusX.Portal.Backend.Offers.Library.Service" value: "{{ .Values.backend.appmarketplace.logging.offersLibrary }}" - - name: "MAILINGSERVICE__MAIL__SMTPHOST" - value: "{{ .Values.backend.mailing.host }}" - - name: "MAILINGSERVICE__MAIL__SMTPPASSWORD" - valueFrom: - secretKeyRef: - name: "{{ .Values.backend.mailing.secret }}" - key: "password" - - name: "MAILINGSERVICE__MAIL__SMTPPORT" - value: "{{ .Values.backend.mailing.port }}" - - name: "MAILINGSERVICE__MAIL__SMTPUSER" - value: "{{ .Values.backend.mailing.user }}" - - name: "MAILINGSERVICE__MAIL__SENDEREMAIL" - value: "{{ .Values.backend.mailing.senderEmail }}" - name: "PROVISIONING__CENTRALREALM" - value: "{{ .Values.backend.provisioning.centralRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "PROVISIONING__CENTRALREALMID" value: "{{ .Values.backend.provisioning.centralRealmId }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigIndex }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.index }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "mailing-encryption-key0" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.cipherMode }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.paddingMode }}" - name: "SWAGGERENABLED" value: "{{ .Values.backend.appmarketplace.swaggerEnabled }}" ports: diff --git a/charts/portal/templates/deployment-backend-notification.yaml b/charts/portal/templates/deployment-backend-notification.yaml index 1170046de..711eb4f9d 100644 --- a/charts/portal/templates/deployment-backend-notification.yaml +++ b/charts/portal/templates/deployment-backend-notification.yaml @@ -20,21 +20,26 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.backend.notification.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.notification.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ .Values.backend.notification.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.notification.name }} + {{- include "portal.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ .Values.backend.notification.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.notification.name }} + {{- include "portal.selectorLabels" . | nindent 8 }} spec: containers: - - name: {{ .Values.backend.notification.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.backend.notification.name }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -55,8 +60,6 @@ spec: key: "portal-password" - name: "CONNECTIONSTRINGS__PORTALDB" value: "Server={{ template "portal.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" - value: "Server={{ template "portal.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" {{- end }} {{- if not .Values.postgresql.enabled }} - name: "PORTAL_PASSWORD" @@ -73,8 +76,6 @@ spec: value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - name: "CONNECTIONSTRINGS__PROVISIONINGDB" value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" - value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};;" {{- end }} - name: "DATABASEACCESS__PORTAL__DATABASESCHEMA" value: "{{ .Values.backend.dbConnection.schema }}" @@ -97,17 +98,17 @@ spec: - name: "HEALTHCHECKS__2__PATH" value: "{{ .Values.backend.healthChecks.liveness.path}}" - name: "JWTBEAREROPTIONS__METADATAADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" - name: "JWTBEAREROPTIONS__REQUIREHTTPSMETADATA" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.requireHttpsMetadata }}" - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal }}" - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" - name: "JWTBEAREROPTIONS__REFRESHINTERVAL" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.refreshInterval }}" - name: "KEYCLOAK__CENTRAL__AUTHREALM" - value: "{{ .Values.backend.keycloak.central.authRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "KEYCLOAK__CENTRAL__CLIENTID" value: "{{ .Values.backend.keycloak.central.clientId }}" - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" @@ -116,7 +117,7 @@ spec: name: "{{ .Values.backend.keycloak.secret }}" key: "central-client-secret" - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" - value: "{{ .Values.centralidpAddress }}" + value: "{{ .Values.centralidp.address }}" - name: "KEYCLOAK__CENTRAL__USEAUTHTRAIL" value: "{{ .Values.backend.keycloak.central.useAuthTrail }}" - name: "KEYCLOAK__SHARED__AUTHREALM" diff --git a/charts/portal/templates/deployment-backend-registration.yaml b/charts/portal/templates/deployment-backend-registration.yaml index 16e39008d..8b770ee00 100644 --- a/charts/portal/templates/deployment-backend-registration.yaml +++ b/charts/portal/templates/deployment-backend-registration.yaml @@ -20,21 +20,26 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.backend.registration.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.registration.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ .Values.backend.registration.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.registration.name }} + {{- include "portal.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ .Values.backend.registration.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.registration.name }} + {{- include "portal.selectorLabels" . | nindent 8 }} spec: containers: - - name: {{ .Values.backend.registration.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.backend.registration.name }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -64,8 +69,6 @@ spec: value: "Server={{ template "portal.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - name: "CONNECTIONSTRINGS__PROVISIONINGDB" value: "Server={{ template "portal.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" - value: "Server={{ template "portal.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" {{- end }} {{- if not .Values.postgresql.enabled }} - name: "PORTAL_PASSWORD" @@ -82,8 +85,6 @@ spec: value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - name: "CONNECTIONSTRINGS__PROVISIONINGDB" value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" - - name: "DATABASEACCESS__PORTAL__CONNECTIONSTRING" - value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.portalUser }};Password=$(PORTAL_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};;" {{- end }} - name: "DATABASEACCESS__PORTAL__DATABASESCHEMA" value: "{{ .Values.backend.dbConnection.schema }}" @@ -99,17 +100,17 @@ spec: - name: "HEALTHCHECKS__2__PATH" value: "{{ .Values.backend.healthChecks.liveness.path}}" - name: "JWTBEAREROPTIONS__METADATAADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" - name: "JWTBEAREROPTIONS__REQUIREHTTPSMETADATA" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.requireHttpsMetadata }}" - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudienceRegistration }}" - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" - name: "JWTBEAREROPTIONS__REFRESHINTERVAL" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.refreshInterval }}" - name: "KEYCLOAK__CENTRAL__AUTHREALM" - value: "{{ .Values.backend.keycloak.central.authRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "KEYCLOAK__CENTRAL__CLIENTID" value: "{{ .Values.backend.keycloak.central.clientId }}" - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" @@ -118,7 +119,7 @@ spec: name: "{{ .Values.backend.keycloak.secret }}" key: "central-client-secret" - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" - value: "{{ .Values.centralidpAddress }}" + value: "{{ .Values.centralidp.address }}" - name: "KEYCLOAK__CENTRAL__USEAUTHTRAIL" value: "{{ .Values.backend.keycloak.central.useAuthTrail }}" - name: "KEYCLOAK__SHARED__AUTHREALM" @@ -140,25 +141,12 @@ spec: value: "{{ .Values.backend.registration.logging.bpdmLibrary }}" - name: "SERILOG__MINIMUMLEVEL__OVERRIDE__Org.Eclipse.TractusX.Portal.Backend.Registration.Service.BusinessLogic" value: "{{ .Values.backend.registration.logging.registrationService }}" - - name: "MAILINGSERVICE__MAIL__SMTPHOST" - value: "{{ .Values.backend.mailing.host }}" - - name: "MAILINGSERVICE__MAIL__SMTPPASSWORD" - valueFrom: - secretKeyRef: - name: "{{ .Values.backend.mailing.secret }}" - key: "password" - - name: "MAILINGSERVICE__MAIL__SMTPPORT" - value: "{{ .Values.backend.mailing.port }}" - - name: "MAILINGSERVICE__MAIL__SMTPUSER" - value: "{{ .Values.backend.mailing.user }}" - - name: "MAILINGSERVICE__MAIL__SENDEREMAIL" - value: "{{ .Values.backend.mailing.senderEmail }}" - name: "MVC_ROUTING_BASEPATH" value: "{{ .Values.backend.registration.basePath }}" - name: "PROVISIONING__CENTRALREALM" - value: "{{ .Values.backend.provisioning.centralRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "PROVISIONING__INVITEDUSERINITIALROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.registration }}" + value: "{{ .Values.centralidp.clients.registration }}" - name: "APPMARKETPLACE__SERVICEMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" - name: "PROVISIONING__SERVICEACCOUNTCLIENTPREFIX" @@ -197,6 +185,21 @@ spec: value: "{{ .Values.backend.registration.registrationDocumentTypeIds.type0 }}" - name: "REGISTRATION__SUBMITDOCUMENTTYPEIDS__0" value: "{{ .Values.backend.registration.submitDocumentTypeIds.type0 }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigIndex }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.index }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "mailing-encryption-key0" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.cipherMode }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.paddingMode }}" + - name: "APPLICATIONCREATION_USEDIMWALLET" + value: "{{ .Values.backend.useDimWallet }}" ports: - name: http containerPort: {{ .Values.portContainer }} diff --git a/charts/portal/templates/deployment-backend-services.yaml b/charts/portal/templates/deployment-backend-services.yaml index dcb13daca..2084ad8f3 100644 --- a/charts/portal/templates/deployment-backend-services.yaml +++ b/charts/portal/templates/deployment-backend-services.yaml @@ -20,21 +20,26 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.backend.services.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.services.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ .Values.backend.services.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.services.name }} + {{- include "portal.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ .Values.backend.services.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.services.name }} + {{- include "portal.selectorLabels" . | nindent 8 }} spec: containers: - - name: {{ .Values.backend.services.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.backend.services.name }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -91,17 +96,17 @@ spec: - name: "HEALTHCHECKS__2__PATH" value: "{{ .Values.backend.healthChecks.liveness.path}}" - name: "JWTBEAREROPTIONS__METADATAADDRESS" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.jwtBearerOptions.metadataPath }}" - name: "JWTBEAREROPTIONS__REQUIREHTTPSMETADATA" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.requireHttpsMetadata }}" - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudiencePortal }}" - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" - value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" - name: "JWTBEAREROPTIONS__REFRESHINTERVAL" value: "{{ .Values.backend.keycloak.central.jwtBearerOptions.refreshInterval }}" - name: "KEYCLOAK__CENTRAL__AUTHREALM" - value: "{{ .Values.backend.keycloak.central.authRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "KEYCLOAK__CENTRAL__CLIENTID" value: "{{ .Values.backend.keycloak.central.clientId }}" - name: "KEYCLOAK__CENTRAL__CLIENTSECRET" @@ -110,7 +115,7 @@ spec: name: "{{ .Values.backend.keycloak.secret }}" key: "central-client-secret" - name: "KEYCLOAK__CENTRAL__CONNECTIONSTRING" - value: "{{ .Values.centralidpAddress }}" + value: "{{ .Values.centralidp.address }}" - name: "KEYCLOAK__CENTRAL__USEAUTHTRAIL" value: "{{ .Values.backend.keycloak.central.useAuthTrail }}" - name: "KEYCLOAK__SHARED__AUTHREALM" @@ -130,29 +135,16 @@ spec: value: "{{ .Values.backend.services.logging.default }}" - name: "SERILOG__MINIMUMLEVEL__OVERRIDE__Org.Eclipse.TractusX.Portal.Backend.Offers.Library.Service" value: "{{ .Values.backend.services.logging.offersLibrary }}" - - name: "MAILINGSERVICE__MAIL__SMTPHOST" - value: "{{ .Values.backend.mailing.host }}" - - name: "MAILINGSERVICE__MAIL__SMTPPASSWORD" - valueFrom: - secretKeyRef: - name: "{{ .Values.backend.mailing.secret }}" - key: "password" - - name: "MAILINGSERVICE__MAIL__SMTPPORT" - value: "{{ .Values.backend.mailing.port }}" - - name: "MAILINGSERVICE__MAIL__SMTPUSER" - value: "{{ .Values.backend.mailing.user }}" - - name: "MAILINGSERVICE__MAIL__SENDEREMAIL" - value: "{{ .Values.backend.mailing.senderEmail }}" - name: "MVC_ROUTING_BASEPATH" value: "{{ .Values.backend.services.basePath }}" - name: "PROVISIONING__CENTRALREALM" - value: "{{ .Values.backend.provisioning.centralRealm }}" + value: "{{ .Values.centralidp.realm }}" - name: "PROVISIONING__CENTRALREALMID" value: "{{ .Values.backend.provisioning.centralRealmId }}" - name: "SERVICES__APPROVESERVICENOTIFICATIONTYPEIDS__0" value: "{{ .Values.backend.services.approveServiceNotificationTypeIds.type0 }}" - name: "SERVICES__APPROVESERVICEUSERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "SERVICES__APPROVESERVICEUSERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.approveServiceUserRoles.role0 }}" - name: "SERVICES__APPROVESERVICEUSERROLES__0__USERROLENAMES__1" @@ -166,7 +158,7 @@ spec: - name: "SERVICES__USERMANAGEMENTADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.userManagementPath }}" - name: "SERVICES__CATENAADMINROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "SERVICES__CATENAADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.catenaAdminRoles.role0 }}" - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__0__DOCUMENTTYPEID" @@ -186,29 +178,29 @@ spec: - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__2__MEDIATYPES__0" value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.mediaTypeIds2.mediaTypeId0 }}" - name: "SERVICES__ITADMINROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "SERVICES__ITADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.ITAdminRoles.role0 }}" - name: "SERVICES__ACTIVATIONUSERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "SERVICES__ACTIVATIONUSERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.activationUserRoles.role0 }}" - name: "SERVICES__ACTIVATIONUSERROLES__0__USERROLENAMES__1" value: "{{ .Values.backend.services.activationUserRoles.role1 }}" - name: "SERVICES__SALESMANAGERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "SERVICES__SALESMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.salesManagerRoles.role0 }}" - name: "SERVICES__SERVICEACCOUNTROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.technicalRolesManagement }}" + value: "{{ .Values.centralidp.clients.technicalRolesManagement }}" - name: "SERVICES__SERVICEACCOUNTROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.serviceAccountRoles.role0 }}" - name: "SERVICES__SERVICEMANAGERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "SERVICES__SERVICEMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.serviceManagerRoles.role0 }}" - name: "SERVICES__SUBSCRIPTIONMANAGERROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "SERVICES__SUBSCRIPTIONMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.subscriptionManagerRoles.role0 }}" - name: "SERVICES__SUBSCRIPTIONMANAGERROLES__0__USERROLENAMES__1" @@ -238,9 +230,22 @@ spec: - name: "SERVICES__TECHNICALUSERPROFILECLIENT" value: "{{ .Values.backend.services.technicalUserProfileClient }}" - name: "SERVICES__COMPANYADMINROLES__0__CLIENTID" - value: "{{ .Values.backend.clients.portal }}" + value: "{{ .Values.centralidp.clients.portal }}" - name: "SERVICES__COMPANYADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.companyAdminRoles.role0 }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigIndex }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.index }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "mailing-encryption-key0" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.cipherMode }}" + - name: "MAILINGPROCESSCREATION__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.paddingMode }}" ports: - name: http containerPort: {{ .Values.portContainer }} diff --git a/charts/portal/templates/deployment-frontend-assets.yaml b/charts/portal/templates/deployment-frontend-assets.yaml index 966018f55..babad712b 100644 --- a/charts/portal/templates/deployment-frontend-assets.yaml +++ b/charts/portal/templates/deployment-frontend-assets.yaml @@ -20,21 +20,26 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.frontend.assets.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.frontend.assets.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ .Values.frontend.assets.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.frontend.assets.name }} + {{- include "portal.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ .Values.frontend.assets.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.frontend.assets.name }} + {{- include "portal.selectorLabels" . | nindent 8 }} spec: containers: - - name: {{ .Values.frontend.assets.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.frontend.assets.name }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -48,6 +53,16 @@ spec: - name: http containerPort: {{ .Values.portContainer }} protocol: TCP + startupProbe: + httpGet: + path: "/" + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} livenessProbe: httpGet: path: "/" diff --git a/charts/portal/templates/deployment-frontend-portal.yaml b/charts/portal/templates/deployment-frontend-portal.yaml index 0eef3ef11..8d9b2d5a5 100644 --- a/charts/portal/templates/deployment-frontend-portal.yaml +++ b/charts/portal/templates/deployment-frontend-portal.yaml @@ -20,21 +20,26 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.frontend.portal.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.frontend.portal.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ .Values.frontend.portal.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.frontend.portal.name }} + {{- include "portal.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ .Values.frontend.portal.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.frontend.portal.name }} + {{- include "portal.selectorLabels" . | nindent 8 }} spec: containers: - - name: {{ .Values.frontend.portal.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.frontend.portal.name }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -50,17 +55,35 @@ spec: - name: PORTAL_BACKEND_URL value: "{{ .Values.portalBackendAddress }}" - name: CENTRALIDP_URL - value: "{{ .Values.centralidpAddress }}{{ .Values.frontend.centralidpAuthPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.frontend.centralidpAuthPath }}" - name: BPDM_API_URL value: "{{ .Values.bpdmPartnersPoolAddress }}{{ .Values.frontend.bpdmPartnersPoolApiPath }}" - name: SEMANTICS_URL value: "{{ .Values.semanticsAddress }}" - name: MANAGED_IDENTITY_WALLETS_NEW_URL value: "{{ .Values.custodianAddress }}" + - name: REALM + value: "{{ .Values.centralidp.realm }}" + - name: CLIENT_ID + value: "{{ .Values.centralidp.clients.portal }}" + - name: CLIENT_ID_SEMANTIC + value: "{{ .Values.centralidp.clients.semantic }}" + - name: CLIENT_ID_MIW + value: "{{ .Values.centralidp.clients.miw }}" ports: - name: http containerPort: {{ .Values.portContainer }} protocol: TCP + startupProbe: + httpGet: + path: "/" + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} livenessProbe: httpGet: path: "/" diff --git a/charts/portal/templates/deployment-frontend-registration.yaml b/charts/portal/templates/deployment-frontend-registration.yaml index b4d7f901a..08e8b95f7 100644 --- a/charts/portal/templates/deployment-frontend-registration.yaml +++ b/charts/portal/templates/deployment-frontend-registration.yaml @@ -20,21 +20,26 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.frontend.registration.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.frontend.registration.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ .Values.frontend.registration.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.frontend.registration.name }} + {{- include "portal.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ .Values.frontend.registration.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.frontend.registration.name }} + {{- include "portal.selectorLabels" . | nindent 8 }} spec: containers: - - name: {{ .Values.frontend.registration.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.frontend.registration.name }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -50,11 +55,25 @@ spec: - name: PORTAL_BACKEND_URL value: "{{ .Values.portalBackendAddress }}" - name: CENTRALIDP_URL - value: "{{ .Values.centralidpAddress }}{{ .Values.frontend.centralidpAuthPath }}" + value: "{{ .Values.centralidp.address }}{{ .Values.frontend.centralidpAuthPath }}" + - name: REALM + value: "{{ .Values.centralidp.realm }}" + - name: CLIENT_ID_REGISTRATION + value: "{{ .Values.centralidp.clients.registration }}" ports: - name: http containerPort: {{ .Values.portContainer }} protocol: TCP + startupProbe: + httpGet: + path: "/" + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} livenessProbe: httpGet: path: "/" diff --git a/charts/portal/templates/ingress-backend.yaml b/charts/portal/templates/ingress-backend.yaml index a4bf2c60c..a0704240c 100644 --- a/charts/portal/templates/ingress-backend.yaml +++ b/charts/portal/templates/ingress-backend.yaml @@ -18,7 +18,7 @@ */}} {{- if .Values.backend.ingress.enabled -}} -{{- $fullName := .Values.backend.ingress.name -}} +{{- $fullName := include "portal.fullname" . -}} {{- $svcPort := .Values.portService -}} {{- if and .Values.backend.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.backend.ingress.annotations "kubernetes.io/ingress.class") }} @@ -34,7 +34,8 @@ apiVersion: extensions/v1beta1 {{- end }} kind: Ingress metadata: - name: {{ $fullName }} + name: {{ $fullName }}-{{ .Values.backend.ingress.name }} + namespace: {{ .Release.Namespace }} labels: {{- include "portal.labels" . | nindent 4 }} {{- with .Values.backend.ingress.annotations }} @@ -68,11 +69,11 @@ spec: backend: {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: - name: {{ .backend.service }} + name: {{ $fullName }}-{{ .backend.service }} port: number: {{ $svcPort }} {{- else }} - serviceName: {{ .backend.service }} + serviceName: {{ $fullName }}-{{ .backend.service }} servicePort: {{ .backend.port }} {{- end }} {{- end }} diff --git a/charts/portal/templates/ingress-frontend.yaml b/charts/portal/templates/ingress-frontend.yaml index 1eaa32b97..30ce26139 100644 --- a/charts/portal/templates/ingress-frontend.yaml +++ b/charts/portal/templates/ingress-frontend.yaml @@ -18,7 +18,7 @@ */}} {{- if .Values.frontend.ingress.enabled -}} -{{- $fullName := .Values.name -}} +{{- $fullName := include "portal.fullname" . -}} {{- $svcPort := .Values.portService -}} {{- if and .Values.frontend.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.frontend.ingress.annotations "kubernetes.io/ingress.class") }} @@ -34,7 +34,8 @@ apiVersion: extensions/v1beta1 {{- end }} kind: Ingress metadata: - name: {{ $fullName }} + name: {{ $fullName }}-{{ .Values.frontend.ingress.name }} + namespace: {{ .Release.Namespace }} labels: {{- include "portal.labels" . | nindent 4 }} {{- with .Values.frontend.ingress.annotations }} @@ -68,11 +69,11 @@ spec: backend: {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: - name: {{ .backend.service }} + name: {{ $fullName }}-{{ .backend.service }} port: number: {{ $svcPort }} {{- else }} - serviceName: {{ .backend.service }} + serviceName: {{ $fullName }}-{{ .backend.service }} servicePort: {{ .backend.port }} {{- end }} {{- end }} diff --git a/charts/portal/templates/job-backend-portal-migrations.yaml b/charts/portal/templates/job-backend-portal-migrations.yaml index 47e5fac3f..c02eb718f 100644 --- a/charts/portal/templates/job-backend-portal-migrations.yaml +++ b/charts/portal/templates/job-backend-portal-migrations.yaml @@ -20,7 +20,10 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ .Values.backend.portalmigrations.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.portalmigrations.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} annotations: "batch.kubernetes.io/job-tracking": "true" "helm.sh/hook": post-install,post-upgrade @@ -28,11 +31,11 @@ metadata: spec: template: metadata: - name: {{ .Values.backend.portalmigrations.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.portalmigrations.name }} spec: restartPolicy: Never containers: - - name: {{ .Values.backend.portalmigrations.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.backend.portalmigrations.name }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/charts/portal/templates/job-backend-provisioning-migrations.yaml b/charts/portal/templates/job-backend-provisioning-migrations.yaml index 64c88df26..7fd371c8a 100644 --- a/charts/portal/templates/job-backend-provisioning-migrations.yaml +++ b/charts/portal/templates/job-backend-provisioning-migrations.yaml @@ -20,7 +20,10 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ .Values.backend.provisioningmigrations.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.provisioningmigrations.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} annotations: batch.kubernetes.io/job-tracking: "true" "helm.sh/hook": post-install,post-upgrade @@ -28,11 +31,11 @@ metadata: spec: template: metadata: - name: {{ .Values.backend.provisioningmigrations.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.provisioningmigrations.name }} spec: restartPolicy: Never containers: - - name: {{ .Values.backend.provisioningmigrations.name }} + - name: {{ include "portal.fullname" . }}-{{ .Values.backend.provisioningmigrations.name }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/charts/portal/templates/secret-backend-external-db.yaml b/charts/portal/templates/secret-backend-external-db.yaml index c550cd09b..2127c868c 100644 --- a/charts/portal/templates/secret-backend-external-db.yaml +++ b/charts/portal/templates/secret-backend-external-db.yaml @@ -23,6 +23,8 @@ kind: Secret metadata: name: {{ .Values.externalDatabase.secret }} namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} type: Opaque # use lookup function to check if secret exists {{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.externalDatabase.secret) }} diff --git a/charts/portal/templates/secret-backend-interfaces.yaml b/charts/portal/templates/secret-backend-interfaces.yaml index 6a1545a7e..e6684a91b 100644 --- a/charts/portal/templates/secret-backend-interfaces.yaml +++ b/charts/portal/templates/secret-backend-interfaces.yaml @@ -22,6 +22,8 @@ kind: Secret metadata: name: {{ .Values.backend.interfaces.secret }} namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} type: Opaque # use lookup function to check if secret exists {{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.backend.interfaces.secret) }} @@ -35,8 +37,14 @@ data: custodian-client-secret: {{ coalesce ( .Values.backend.processesworker.custodian.clientSecret | b64enc ) ( index $secret.data "custodian-client-secret" ) | default ( randAlphaNum 32 ) | quote }} sdfactory-client-secret: {{ coalesce ( .Values.backend.processesworker.sdfactory.clientSecret | b64enc ) ( index $secret.data "sdfactory-client-secret" ) | default ( randAlphaNum 32 ) | quote }} offerprovider-client-secret: {{ coalesce ( .Values.backend.processesworker.offerprovider.clientSecret | b64enc ) ( index $secret.data "offerprovider-client-secret" ) | default ( randAlphaNum 32 ) | quote }} - onboardingserviceprovider-encryption-key: {{ coalesce ( .Values.backend.administration.onboardingServiceProvider.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key" ) | default ( randAlphaNum 32 ) | quote }} - process-onboardingserviceprovider-encryption-key: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionKey | b64enc ) ( index $secret.data "process-onboardingserviceprovider-encryption-key" ) | default ( randAlphaNum 32 ) | quote }} + dim-client-secret: {{ coalesce ( .Values.backend.processesworker.dim.clientSecret | b64enc ) ( index $secret.data "dim-client-secret" ) | default ( randAlphaNum 32 ) | quote }} + dim-encryption-key0: {{ coalesce ( .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "dim-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }} + onboardingserviceprovider-encryption-key0: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }} + onboardingserviceprovider-encryption-key1: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key1" ) | default ( randAlphaNum 32 ) | quote }} + invitation-encryption-key0: {{ coalesce ( .Values.backend.processesworker.invitation.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "invitation-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }} + mailing-encryption-key0: {{ coalesce ( .Values.backend.processesworker.mailing.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "mailing-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }} + issuercomponent-client-secret: {{ coalesce ( .Values.backend.processesworker.issuerComponent.clientSecret | b64enc ) ( index $secret.data "issuercomponent-client-secret" ) | default ( randAlphaNum 32 ) | quote }} + issuercomponent-encryption-key0: {{ coalesce ( .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "issuercomponent-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }} {{ else -}} stringData: # if secret doesn't exist, use provided value from values file or generate a random one @@ -45,6 +53,12 @@ stringData: custodian-client-secret: {{ .Values.backend.processesworker.custodian.clientSecret | default ( randAlphaNum 32 ) | quote }} sdfactory-client-secret: {{ .Values.backend.processesworker.sdfactory.clientSecret | default ( randAlphaNum 32 ) | quote }} offerprovider-client-secret: {{ .Values.backend.processesworker.offerprovider.clientSecret | default ( randAlphaNum 32 ) | quote }} - onboardingserviceprovider-encryption-key: {{ .Values.backend.administration.onboardingServiceProvider.encryptionKey | default ( randAlphaNum 32 ) | quote }} - process-onboardingserviceprovider-encryption-key: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionKey | default ( randAlphaNum 32 ) | quote }} + dim-client-secret: {{ .Values.backend.processesworker.dim.clientSecret | default ( randAlphaNum 32 ) | quote }} + dim-encryption-key0: {{ .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }} + onboardingserviceprovider-encryption-key0: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }} + onboardingserviceprovider-encryption-key1: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | default ( randAlphaNum 32 ) | quote }} + invitation-encryption-key0: {{ .Values.backend.processesworker.invitation.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }} + mailing-encryption-key0: {{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }} + issuercomponent-client-secret: {{ .Values.backend.processesworker.issuerComponent.clientSecret | default ( randAlphaNum 32 ) | quote }} + issuercomponent-encryption-key0: {{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }} {{ end }} diff --git a/charts/portal/templates/secret-backend-keycloak.yaml b/charts/portal/templates/secret-backend-keycloak.yaml index 0c28aadd3..2e64d2c59 100644 --- a/charts/portal/templates/secret-backend-keycloak.yaml +++ b/charts/portal/templates/secret-backend-keycloak.yaml @@ -22,6 +22,8 @@ kind: Secret metadata: name: {{ .Values.backend.keycloak.secret }} namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} type: Opaque # use lookup function to check if secret exists {{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.backend.keycloak.secret) }} diff --git a/charts/portal/templates/secret-backend-mailing.yaml b/charts/portal/templates/secret-backend-mailing.yaml index 248f54e93..45025fa3b 100644 --- a/charts/portal/templates/secret-backend-mailing.yaml +++ b/charts/portal/templates/secret-backend-mailing.yaml @@ -22,6 +22,8 @@ kind: Secret metadata: name: {{ .Values.backend.mailing.secret }} namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} type: Opaque # use lookup function to check if secret exists {{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.backend.mailing.secret) }} diff --git a/charts/portal/templates/secret-backend-postgres-init.yaml b/charts/portal/templates/secret-backend-postgres-init.yaml index 9abf36103..f3e3ab604 100644 --- a/charts/portal/templates/secret-backend-postgres-init.yaml +++ b/charts/portal/templates/secret-backend-postgres-init.yaml @@ -23,6 +23,8 @@ kind: Secret metadata: name: {{ .Values.postgresql.auth.existingSecret }} namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} type: Opaque # use lookup function to check if secret exists {{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.auth.existingSecret) }} diff --git a/charts/portal/templates/service-backend-administration.yaml b/charts/portal/templates/service-backend-administration.yaml index 696639ae1..2b043dc84 100644 --- a/charts/portal/templates/service-backend-administration.yaml +++ b/charts/portal/templates/service-backend-administration.yaml @@ -20,11 +20,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.backend.administration.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.administration.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: type: ClusterIP ports: - port: {{ .Values.portService }} targetPort: {{ .Values.portContainer }} selector: - app: {{ .Values.backend.administration.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.administration.name }} + {{- include "portal.selectorLabels" . | nindent 4 }} diff --git a/charts/portal/templates/service-backend-appmarketplace.yaml b/charts/portal/templates/service-backend-appmarketplace.yaml index 0ec8e03e4..8e9930783 100644 --- a/charts/portal/templates/service-backend-appmarketplace.yaml +++ b/charts/portal/templates/service-backend-appmarketplace.yaml @@ -20,11 +20,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.backend.appmarketplace.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.appmarketplace.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: type: ClusterIP ports: - port: {{ .Values.portService }} targetPort: {{ .Values.portContainer }} selector: - app: {{ .Values.backend.appmarketplace.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.appmarketplace.name }} + {{- include "portal.selectorLabels" . | nindent 4 }} diff --git a/charts/portal/templates/service-backend-notification.yaml b/charts/portal/templates/service-backend-notification.yaml index 31414a440..429ab7d74 100644 --- a/charts/portal/templates/service-backend-notification.yaml +++ b/charts/portal/templates/service-backend-notification.yaml @@ -20,11 +20,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.backend.notification.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.notification.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: type: ClusterIP ports: - port: {{ .Values.portService }} targetPort: {{ .Values.portContainer }} selector: - app: {{ .Values.backend.notification.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.notification.name }} + {{- include "portal.selectorLabels" . | nindent 4 }} diff --git a/charts/portal/templates/service-backend-registration.yaml b/charts/portal/templates/service-backend-registration.yaml index e2344aaf4..01dfafc4e 100644 --- a/charts/portal/templates/service-backend-registration.yaml +++ b/charts/portal/templates/service-backend-registration.yaml @@ -20,11 +20,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.backend.registration.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.registration.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: type: ClusterIP ports: - port: {{ .Values.portService }} targetPort: {{ .Values.portContainer }} selector: - app: {{ .Values.backend.registration.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.registration.name }} + {{- include "portal.selectorLabels" . | nindent 4 }} diff --git a/charts/portal/templates/service-backend-services.yaml b/charts/portal/templates/service-backend-services.yaml index 577a31c68..17587d16e 100644 --- a/charts/portal/templates/service-backend-services.yaml +++ b/charts/portal/templates/service-backend-services.yaml @@ -20,11 +20,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.backend.services.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.backend.services.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: type: ClusterIP ports: - port: {{ .Values.portService }} targetPort: {{ .Values.portContainer }} selector: - app: {{ .Values.backend.services.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.backend.services.name }} + {{- include "portal.selectorLabels" . | nindent 4 }} diff --git a/charts/portal/templates/service-frontend-assets.yaml b/charts/portal/templates/service-frontend-assets.yaml index 4ae259735..7cf6f77da 100644 --- a/charts/portal/templates/service-frontend-assets.yaml +++ b/charts/portal/templates/service-frontend-assets.yaml @@ -20,11 +20,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.frontend.assets.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.frontend.assets.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: type: ClusterIP ports: - port: {{ .Values.portService }} targetPort: {{ .Values.portContainer }} selector: - app: {{ .Values.frontend.assets.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.frontend.assets.name }} + {{- include "portal.selectorLabels" . | nindent 4 }} diff --git a/charts/portal/templates/service-frontend-portal.yaml b/charts/portal/templates/service-frontend-portal.yaml index 5561da414..cf018ef3a 100644 --- a/charts/portal/templates/service-frontend-portal.yaml +++ b/charts/portal/templates/service-frontend-portal.yaml @@ -20,11 +20,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.frontend.portal.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.frontend.portal.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: type: ClusterIP ports: - port: {{ .Values.portService }} targetPort: {{ .Values.portContainer }} selector: - app: {{ .Values.frontend.portal.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.frontend.portal.name }} + {{- include "portal.selectorLabels" . | nindent 4 }} diff --git a/charts/portal/templates/service-frontend-registration.yaml b/charts/portal/templates/service-frontend-registration.yaml index f4ec267cf..a0c686969 100644 --- a/charts/portal/templates/service-frontend-registration.yaml +++ b/charts/portal/templates/service-frontend-registration.yaml @@ -20,11 +20,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.frontend.registration.name }} + name: {{ include "portal.fullname" . }}-{{ .Values.frontend.registration.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "portal.labels" . | nindent 4 }} spec: type: ClusterIP ports: - port: {{ .Values.portService }} targetPort: {{ .Values.portContainer }} selector: - app: {{ .Values.frontend.registration.name }} + app: {{ include "portal.fullname" . }}-{{ .Values.frontend.registration.name }} + {{- include "portal.selectorLabels" . | nindent 4 }} diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml index c3cb26b02..12561cfb1 100644 --- a/charts/portal/values.yaml +++ b/charts/portal/values.yaml @@ -17,16 +17,23 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################### -name: "portal" - # -- Provide portal base address. portalAddress: "https://portal.example.org" # -- Provide portal-backend base address. portalBackendAddress: "https://portal-backend.example.org" -# -- Provide centralidp base address (CX IAM), without trailing '/auth'. -centralidpAddress: "https://centralidp.example.org" +# -- Provide details about centralidp (CX IAM) Keycloak instance. +centralidp: + # -- Provide centralidp base address, without trailing '/auth'. + address: "https://centralidp.example.org" + realm: "CX-Central" + clients: + portal: "Cl2-CX-Portal" + registration: "Cl1-CX-Registration" + semantic: "Cl3-CX-Semantic" + miw: "Cl5-CX-Custodian" + technicalRolesManagement: "technical_roles_management" # -- Provide sharedidp address (CX IAM), without trailing '/auth'. sharedidpAddress: "https://sharedidp.example.org" @@ -56,13 +63,15 @@ frontend: # -- Portal frontend ingress parameters, # enable ingress record generation for portal frontend. enabled: false - className: "nginx" - annotations: - nginx.ingress.kubernetes.io/rewrite-target: "/$1" - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - # -- Provide CORS allowed origin. - nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.example.org" + name: "frontend" + # className: "nginx" + ## Optional annotations when using the nginx ingress class + # annotations: + # nginx.ingress.kubernetes.io/rewrite-target: "/$1" + # nginx.ingress.kubernetes.io/use-regex: "true" + # nginx.ingress.kubernetes.io/enable-cors: "true" + # # -- Provide CORS allowed origin. + # nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.example.org" tls: # -- Provide tls secret. - secretName: "" @@ -71,7 +80,7 @@ frontend: - "" hosts: # -- Provide default path for the ingress record. - - host: "portal.example.org" + - host: "" paths: - path: "/(.*)" pathType: "Prefix" @@ -92,47 +101,44 @@ frontend: name: "portal" image: name: "docker.io/tractusx/portal-frontend" - portaltag: v1.8.0 + portaltag: v2.0.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 105M - # limits: - # cpu: 45m - # memory: 105M + cpu: 25m + memory: 125M + limits: + cpu: 75m + memory: 125M registration: name: "registration" image: name: "docker.io/tractusx/portal-frontend-registration" - registrationtag: v1.6.0 + registrationtag: v1.7.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 105M - # limits: - # cpu: 45m - # memory: 105M + cpu: 25m + memory: 100M + limits: + cpu: 75m + memory: 100M assets: name: "assets" image: name: "docker.io/tractusx/portal-assets" - assetstag: v1.8.0 + assetstag: 2433ebaa4f53c82a8dd47b47747faaa990a8a393 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 105M - # limits: - # cpu: 45m - # memory: 105M + cpu: 25m + memory: 100M + limits: + cpu: 45m + memory: 100M path: "/assets" centralidpAuthPath: "/auth" bpdmPartnersPoolApiPath: "/pool/api" @@ -142,14 +148,15 @@ backend: # -- Portal-backend ingress parameters, # enable ingress record generation for portal-backend. enabled: false - name: "portal-backend" - className: "nginx" - annotations: - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/proxy-body-size: "8m" - # -- Provide CORS allowed origin. - nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.example.org" + name: "backend" + # className: "nginx" + ## Optional annotations when using the nginx ingress class + # annotations: + # nginx.ingress.kubernetes.io/use-regex: "true" + # nginx.ingress.kubernetes.io/enable-cors: "true" + # nginx.ingress.kubernetes.io/proxy-body-size: "8m" + # # -- Provide CORS allowed origin. + # nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.example.org" tls: # -- Provide tls secret. - secretName: "" @@ -201,15 +208,15 @@ backend: portalIntroductionCompanyRolePath: "/companyroles" portalIntroductionDataspacePath: "/dataspace" userManagementPath: "/usermanagement" + useDimWallet: false keycloak: # -- Secret containing the database-password and the client-secret for the connection to the centralidp (CX IAM) and the client-secret for the connection to the sharedidp (CX-IAM). - secret: "secret-backend-keycloak" + secret: "portal-backend-keycloak" central: # -- Provide centralidp client-id from CX IAM centralidp. clientId: "central-client-id" # -- Client-secret for centralidp client-id. Secret-key 'central-client-secret'. clientSecret: "" - authRealm: "CX-Central" jwtBearerOptions: requireHttpsMetadata: "true" metadataPath: "/auth/realms/CX-Central/.well-known/openid-configuration" @@ -240,7 +247,7 @@ backend: useAuthTrail: true mailing: # -- Secret containing the passwords for backend.mailing and backend.provisioning.sharedRealm. - secret: "secret-backend-mailing" + secret: "portal-backend-mailing" # -- Provide host. host: "smtp.example.org" # -- Provide port. @@ -253,7 +260,7 @@ backend: senderEmail: "email@example.org" interfaces: # -- Secret containing the client-secrets for the connection to custodian, bpdm, sdFactory, clearinghouse, offer provider and onboarding service provider. - secret: "secret-backend-interfaces" + secret: "portal-backend-interfaces" healthChecks: startup: path: "/health/startup" @@ -265,17 +272,16 @@ backend: name: "registration-service" image: name: "docker.io/tractusx/portal-registration-service" - registrationservicetag: v1.8.0 + registrationservicetag: v2.0.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 385M - # limits: - # cpu: 45m - # memory: 460M + cpu: 75m + memory: 400M + limits: + cpu: 225m + memory: 400M basePath: "api/registration" logging: bpdmLibrary: "Information" @@ -315,17 +321,16 @@ backend: name: "administration-service" image: name: "docker.io/tractusx/portal-administration-service" - administrationservicetag: v1.8.0 + administrationservicetag: v2.0.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 385M - # limits: - # cpu: 45m - # memory: 430M + cpu: 75m + memory: 500M + limits: + cpu: 225m + memory: 500M basePath: "api/administration" logging: businessLogic: "Information" @@ -358,7 +363,6 @@ backend: type2: "application/pkix-cert" type3: "application/octet-stream" selfDescriptionDocumentPath: /api/administration/documents/selfDescription - keycloakClientId: "Cl2-CX-Portal" identityProviderAdmin: csvSettings: fileName: "identityproviderlinks.csv" @@ -378,11 +382,6 @@ backend: deactivateIdpRoles: role0: "Company Admin" role1: "IT Admin" - invitation: - invitedUserInitialRoles: - role0: "Company Admin" - initialLoginTheme: "catenax-shared" - closeApplicationPath: "/decline" registration: documentTypeIds: type0: "COMMERCIAL_REGISTER_EXTRACT" @@ -398,11 +397,7 @@ backend: swaggerEnabled: false frameDocumentTypeIds: type0: "CX_FRAME_CONTRACT" - onboardingServiceProvider: - # -- Client-secret for onboardingserviceprovider encryptionKey. Secret-key 'onboardingserviceprovider-encryption-key'. - encryptionKey: "" provisioning: - centralRealm: "CX-Central" centralRealmId: "CX-Central" invitedUserInitialRoles: registration: "Company Admin" @@ -432,17 +427,16 @@ backend: name: "marketplace-app-service" image: name: "docker.io/tractusx/portal-marketplace-app-service" - appmarketplaceservicetag: v1.8.0 + appmarketplaceservicetag: v2.0.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 445M - # limits: - # cpu: 45m - # memory: 500M + cpu: 75m + memory: 400M + limits: + cpu: 225m + memory: 400M basePath: "api/apps" logging: default: "Information" @@ -565,17 +559,16 @@ backend: name: "portal-migrations" image: name: "docker.io/tractusx/portal-portal-migrations" - portalmigrationstag: v1.8.0 + portalmigrationstag: v2.0.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 105M - # limits: - # cpu: 45m - # memory: 105M + cpu: 25m + memory: 350M + limits: + cpu: 75m + memory: 350M seeding: testDataEnvironments: "" # -- when changing the testDataPath the processIdentity needs to be adjusted as well, @@ -589,17 +582,16 @@ backend: name: "portal-maintenance" image: name: "docker.io/tractusx/portal-maintenance-service" - portalmaintenancetag: v1.8.0 + portalmaintenancetag: v2.0.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 105M - # limits: - # cpu: 45m - # memory: 105M + cpu: 25m + memory: 200M + limits: + cpu: 75m + memory: 200M processIdentity: processUserId: d21d2e8a-fe35-483c-b2b8-4100ed7f0953 logging: @@ -608,17 +600,16 @@ backend: name: "notification-service" image: name: "docker.io/tractusx/portal-notification-service" - notificationservicetag: v1.8.0 + notificationservicetag: v2.0.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 300M - # limits: - # cpu: 45m - # memory: 400M + cpu: 75m + memory: 200M + limits: + cpu: 225m + memory: 200M basePath: "api/notification" # -- Keycloak Healthcheck to be enabled for startupProbe; # once the centralidp Keycloak instance is available, enable healthcheck by uncommenting. @@ -636,17 +627,16 @@ backend: name: "services-service" image: name: "docker.io/tractusx/portal-services-service" - servicesservicetag: v1.8.0 + servicesservicetag: v2.0.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 445M - # limits: - # cpu: 45m - # memory: 500M + cpu: 75m + memory: 300M + limits: + cpu: 225m + memory: 300M basePath: "api/services" logging: default: "Information" @@ -717,34 +707,32 @@ backend: name: "provisioning-migrations" image: name: "docker.io/tractusx/portal-provisioning-migrations" - provisioningmigrationstag: v1.8.0 + provisioningmigrationstag: v2.0.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 105M - # limits: - # cpu: 45m - # memory: 105M + cpu: 25m + memory: 200M + limits: + cpu: 75m + memory: 200M logging: default: "Information" processesworker: name: "processes-worker" image: name: "docker.io/tractusx/portal-processes-worker" - processesworkertag: v1.8.0 + processesworkertag: v2.0.0-RC1 pullPolicy: "IfNotPresent" - # -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user. - # If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. + # -- We recommend to review the default resource limits as this should a conscious choice. resources: requests: - cpu: 15m - memory: 105M - # limits: - # cpu: 45m - # memory: 105M + cpu: 75m + memory: 500M + limits: + cpu: 225m + memory: 500M logging: default: "Information" processesLibrary: "Information" @@ -822,32 +810,110 @@ backend: processIdentity: processUserId: d21d2e8a-fe35-483c-b2b8-4100ed7f0953 onboardingServiceProvider: - # -- Client-secret for onboardingserviceprovider encryptionKey. Secret-key 'process-onboardingserviceprovider-encryption-key'. - encryptionKey: "" + encryptionConfigIndex: 1 + encryptionConfigs: + index0: + index: 0 + cipherMode: "ECB" + paddingMode: "PKCS7" + # -- EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key0'. + # Expected format is 256 bit (64 digits) hex. When upgrading from v2.0.0-RC1 please read document portal-upgrade-details.md + encryptionKey: "" + index1: + index: 1 + cipherMode: "CBC" + paddingMode: "PKCS7" + # -- EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key1'. + # Expected format is 256 bit (64 digits) hex. When upgrading from v2.0.0-RC1 please read document portal-upgrade-details.md + encryptionKey: "" networkRegistration: loginDocumentPath: "/documentation/?path=docs%2F09.+Others%28s%29%2F01.+Login.md" externalRegistrationPath: "/?overlay=consent_osp" # -- The logic to decline an application is not yet implemented in the backend - this will currently lead to a 404 page when clicking on the link in the mail closeApplicationPath: "/decline" - clients: - portal: "Cl2-CX-Portal" - registration: "Cl1-CX-Registration" - technicalRolesManagement: "technical_roles_management" + dim: + # -- Provide dim client-id from CX IAM centralidp. + clientId: "dim-client-id" + # -- Client-secret for dim client-id. Secret-key 'dim-client-secret'. + clientSecret: "" + grantType: "client_credentials" + scope: "openid" + # -- Base address of the DIM Middle Layer + baseAddress: "https://dim.example.org" + # -- Url of a public available universal resolver to validate the did and did document + universalResolverAddress: "https://resolver.example.org/did" + # -- path where the did document will be hosted + didDocumentPath: "/api/administration/staticdata/did" + maxValidationTimeInDays: 7 + encryptionConfigIndex: 0 + encryptionConfigs: + index0: + index: 0 + cipherMode: "CBC" + paddingMode: "PKCS7" + # -- EncryptionKey for dim wallet creation. Secret-key 'dim-encryption-key0'. + # Expected format is 256 bit (64 digits) hex. + encryptionKey: "" + issuerComponent: + # -- Provide dim client-id from CX IAM centralidp. + clientId: "issuercomponent-client-id" + # -- Client-secret for dim client-id. Secret-key 'issuercomponent-client-secret'. + clientSecret: "" + grantType: "client_credentials" + scope: "openid" + # -- Base address of the SSI Credential Issuer + baseAddress: "https://issuercomponent.example.org" + encryptionConfigIndex: 0 + encryptionConfigs: + index0: + index: 0 + cipherMode: "CBC" + paddingMode: "PKCS7" + # -- EncryptionKey for the issuer component. Secret-key 'issuercomponent-encryption-key0'. + # Expected format is 256 bit (64 digits) hex. + encryptionKey: "" + invitation: + invitedUserInitialRoles: + role0: "Company Admin" + initialLoginTheme: "catenax-shared" + closeApplicationPath: "/decline" + encryptionConfigIndex: 0 + encryptionConfigs: + index0: + index: 0 + cipherMode: "CBC" + paddingMode: "PKCS7" + # -- EncryptionKey to encrypt the company-invitation client-secret. Secret-key 'invitation-encryption-key0'. + # Expected format is 256 bit (64 digits) hex. + encryptionKey: "" + mailing: + encryptionConfigIndex: 0 + encryptionConfigs: + index0: + index: 0 + cipherMode: "CBC" + paddingMode: "PKCS7" + # -- EncryptionKey to encrypt the parameters of mailing processes. Secret-key 'mailing-encryption-key0'. + # Expected format is 256 bit (64 digits) hex. + encryptionKey: "" placeholder: "empty" postgresql: # -- PostgreSQL chart configuration # Switch to enable or disable the PostgreSQL helm chart enabled: true - # -- FullnameOverride to 'portal-backend-postgresql'. - fullnameOverride: "portal-backend-postgresql" + # -- Setting image tag to major to get latest minor updates + image: + tag: "15-debian-11" + commonLabels: + app.kubernetes.io/version: "15" auth: # -- Database name database: "postgres" # -- Database port number port: 5432 # -- Secret containing the passwords for root usernames postgres and non-root usernames repl_user, portal and provisioning. - existingSecret: "secret-postgres-init" + existingSecret: "portal-postgres" # -- Password for the root username 'postgres'. Secret-key 'postgres-password'. password: "" # -- Password for the non-root username 'repl_user'. Secret-key 'replication-password'. @@ -868,7 +934,7 @@ postgresql: # -- Extended PostgreSQL Primary configuration (increase of max_connections recommended - default is 100) extendedConfiguration: "" initdb: - scriptsConfigMap: "configmap-postgres-init" + scriptsConfigMap: "{{ .Release.Name }}-portal-cm-postgres" extraEnvVars: - name: "PORTAL_PASSWORD" valueFrom: @@ -895,7 +961,7 @@ externalDatabase: # -- Database port number port: 5432 # -- Secret containing the passwords non-root usernames portal and provisioning. - secret: "secret-postgres-external-db" + secret: "portal-postgres-external-db" # -- Non-root username for portal. portalUser: "portal" # -- Non-root username for provisioning. diff --git a/charts/values-test.yaml b/charts/values-test.yaml new file mode 100644 index 000000000..8c28656a0 --- /dev/null +++ b/charts/values-test.yaml @@ -0,0 +1,23 @@ +############################################################### +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +postgresql: + fullnameOverride: "portal-backend-postgresql" + auth: + existingSecret: "secret-postgres-init" diff --git a/consortia/argocd-app-templates/appsetup-beta.yaml b/consortia/argocd-app-templates/appsetup-beta.yaml index 9ed1955c6..751ec7444 100644 --- a/consortia/argocd-app-templates/appsetup-beta.yaml +++ b/consortia/argocd-app-templates/appsetup-beta.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/portal repoURL: 'https://github.com/eclipse-tractusx/portal.git' - targetRevision: portal-1.8.0 + targetRevision: portal-2.0.0-RC1 plugin: env: - name: AVP_SECRET diff --git a/consortia/argocd-app-templates/appsetup-int.yaml b/consortia/argocd-app-templates/appsetup-int.yaml index 794d04ce6..34e5704e5 100644 --- a/consortia/argocd-app-templates/appsetup-int.yaml +++ b/consortia/argocd-app-templates/appsetup-int.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/portal repoURL: 'https://github.com/eclipse-tractusx/portal.git' - targetRevision: portal-1.8.0 + targetRevision: portal-2.0.0-RC1 plugin: env: - name: AVP_SECRET diff --git a/consortia/argocd-app-templates/appsetup-pen.yaml b/consortia/argocd-app-templates/appsetup-pen.yaml index 3277acf57..af81953b6 100644 --- a/consortia/argocd-app-templates/appsetup-pen.yaml +++ b/consortia/argocd-app-templates/appsetup-pen.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/portal repoURL: 'https://github.com/eclipse-tractusx/portal.git' - targetRevision: portal-1.8.0 + targetRevision: portal-2.0.0-RC1 plugin: env: - name: AVP_SECRET diff --git a/consortia/argocd-app-templates/appsetup-stable.yaml b/consortia/argocd-app-templates/appsetup-stable.yaml index de2d36749..17649548e 100644 --- a/consortia/argocd-app-templates/appsetup-stable.yaml +++ b/consortia/argocd-app-templates/appsetup-stable.yaml @@ -29,14 +29,15 @@ spec: source: path: '' repoURL: 'https://eclipse-tractusx.github.io/charts/dev' - targetRevision: 1.8.0 + targetRevision: 2.0.0-RC1 plugin: env: - name: HELM_VALUES value: | portalAddress: "https://portal.stable.demo.catena-x.net" portalBackendAddress: "https://portal-backend.stable.demo.catena-x.net" - centralidpAddress: "https://centralidp.stable.demo.catena-x.net" + centralidp: + address: "https://centralidp.stable.demo.catena-x.net" sharedidpAddress: "https://sharedidp.stable.demo.catena-x.net" semanticsAddress: "https://semantics.stable.demo.catena-x.net" bpdmPartnersPoolAddress: "https://business-partners.stable.demo.catena-x.net" @@ -238,7 +239,29 @@ spec: clientId: "" clientSecret: "" onboardingServiceProvider: - encryptionKey: "" + encryptionConfigs: + index0: + encryptionKey: "" + index1: + encryptionKey: "" + dim: + encryptionConfigs: + index0: + encryptionKey: "" + issuerComponent: + clientId: "" + clientSecret: "" + encryptionConfigs: + index0: + encryptionKey: "" + invitation: + encryptionConfigs: + index0: + encryptionKey: "" + mailing: + encryptionConfigs: + index0: + encryptionKey: "" postgresql: auth: diff --git a/consortia/argocd-app-templates/appsetup-upgrade.yaml b/consortia/argocd-app-templates/appsetup-upgrade.yaml index 0541e371e..baabb7c01 100644 --- a/consortia/argocd-app-templates/appsetup-upgrade.yaml +++ b/consortia/argocd-app-templates/appsetup-upgrade.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/portal repoURL: 'https://github.com/eclipse-tractusx/portal.git' - targetRevision: portal-1.8.0 + targetRevision: portal-2.0.0-RC1 plugin: env: - name: AVP_SECRET diff --git a/consortia/environments/values-beta.yaml b/consortia/environments/values-beta.yaml index c700083b1..490daa329 100644 --- a/consortia/environments/values-beta.yaml +++ b/consortia/environments/values-beta.yaml @@ -19,7 +19,8 @@ portalAddress: "https://portal.beta.demo.catena-x.net" portalBackendAddress: "https://portal-backend.beta.demo.catena-x.net" -centralidpAddress: "https://centralidp.beta.demo.catena-x.net" +centralidp: + address: "https://centralidp.beta.demo.catena-x.net" sharedidpAddress: "https://sharedidp.beta.demo.catena-x.net" semanticsAddress: "https://semantics.beta.demo.catena-x.net" bpdmPartnersPoolAddress: "https://business-partners.beta.demo.catena-x.net" @@ -151,8 +152,6 @@ backend: value: "portaldb" - name: "HEALTHCHECKS__0__TAGS__2" value: "provisioningdb" - onboardingServiceProvider: - encryptionKey: "" swaggerEnabled: true provisioning: @@ -235,7 +234,32 @@ backend: clientId: "" clientSecret: "" onboardingServiceProvider: - encryptionKey: "" + encryptionConfigs: + index0: + encryptionKey: "" + index1: + encryptionKey: "" + dim: + clientId: "" + clientSecret: "" + universalResolverAddress: "https://dev.uniresolver.io/" + encryptionConfigs: + index0: + encryptionKey: "" + issuerComponent: + clientId: "" + clientSecret: "" + encryptionConfigs: + index0: + encryptionKey: "" + invitation: + encryptionConfigs: + index0: + encryptionKey: "" + mailing: + encryptionConfigs: + index0: + encryptionKey: "" postgresql: auth: diff --git a/consortia/environments/values-dev.yaml b/consortia/environments/values-dev.yaml index 2f10f3f95..6f44ae4c4 100644 --- a/consortia/environments/values-dev.yaml +++ b/consortia/environments/values-dev.yaml @@ -19,7 +19,8 @@ portalAddress: "https://portal.dev.demo.catena-x.net" portalBackendAddress: "https://portal-backend.dev.demo.catena-x.net" -centralidpAddress: "https://centralidp.dev.demo.catena-x.net" +centralidp: + address: "https://centralidp.dev.demo.catena-x.net" sharedidpAddress: "https://sharedidp.dev.demo.catena-x.net" semanticsAddress: "https://semantics.dev.demo.catena-x.net" bpdmPartnersPoolAddress: "https://business-partners.dev.demo.catena-x.net" @@ -151,8 +152,6 @@ backend: value: "portaldb" - name: "HEALTHCHECKS__0__TAGS__2" value: "provisioningdb" - onboardingServiceProvider: - encryptionKey: "" swaggerEnabled: true provisioning: @@ -235,7 +234,32 @@ backend: clientId: "" clientSecret: "" onboardingServiceProvider: - encryptionKey: "" + encryptionConfigs: + index0: + encryptionKey: "" + index1: + encryptionKey: "" + dim: + clientId: "" + clientSecret: "" + universalResolverAddress: "https://dev.uniresolver.io/" + encryptionConfigs: + index0: + encryptionKey: "" + issuerComponent: + clientId: "" + clientSecret: "" + encryptionConfigs: + index0: + encryptionKey: "" + invitation: + encryptionConfigs: + index0: + encryptionKey: "" + mailing: + encryptionConfigs: + index0: + encryptionKey: "" postgresql: auth: diff --git a/consortia/environments/values-int.yaml b/consortia/environments/values-int.yaml index 8d35d9db2..1482eb592 100644 --- a/consortia/environments/values-int.yaml +++ b/consortia/environments/values-int.yaml @@ -19,7 +19,8 @@ portalAddress: "https://portal.int.demo.catena-x.net" portalBackendAddress: "https://portal-backend.int.demo.catena-x.net" -centralidpAddress: "https://centralidp.int.demo.catena-x.net" +centralidp: + address: "https://centralidp.int.demo.catena-x.net" sharedidpAddress: "https://sharedidp.int.demo.catena-x.net" semanticsAddress: "https://semantics.int.demo.catena-x.net" bpdmPartnersPoolAddress: "https://business-partners.int.demo.catena-x.net" @@ -151,8 +152,6 @@ backend: value: "portaldb" - name: "HEALTHCHECKS__0__TAGS__2" value: "provisioningdb" - onboardingServiceProvider: - encryptionKey: "" swaggerEnabled: true provisioning: @@ -235,7 +234,32 @@ backend: clientId: "" clientSecret: "" onboardingServiceProvider: - encryptionKey: "" + encryptionConfigs: + index0: + encryptionKey: "" + index1: + encryptionKey: "" + dim: + clientId: "" + clientSecret: "" + universalResolverAddress: "https://dev.uniresolver.io/" + encryptionConfigs: + index0: + encryptionKey: "" + issuerComponent: + clientId: "" + clientSecret: "" + encryptionConfigs: + index0: + encryptionKey: "" + invitation: + encryptionConfigs: + index0: + encryptionKey: "" + mailing: + encryptionConfigs: + index0: + encryptionKey: "" postgresql: auth: diff --git a/consortia/environments/values-pen.yaml b/consortia/environments/values-pen.yaml index 309204168..41c65ea0c 100644 --- a/consortia/environments/values-pen.yaml +++ b/consortia/environments/values-pen.yaml @@ -19,7 +19,8 @@ portalAddress: "https://portal-pen.dev.demo.catena-x.net" portalBackendAddress: "https://portal-backend-pen.dev.demo.catena-x.net" -centralidpAddress: "https://centralidp-pen.dev.demo.catena-x.net" +centralidp: + address: "https://centralidp-pen.dev.demo.catena-x.net" sharedidpAddress: "https://sharedidp-pen.dev.demo.catena-x.net" semanticsAddress: "https://semantics-pen.dev.demo.catena-x.net" bpdmPartnersPoolAddress: "https://business-partners-pen.dev.demo.catena-x.net" @@ -152,8 +153,6 @@ backend: value: "portaldb" - name: "HEALTHCHECKS__0__TAGS__2" value: "provisioningdb" - onboardingServiceProvider: - encryptionKey: "" swaggerEnabled: true provisioning: @@ -236,7 +235,32 @@ backend: clientId: "" clientSecret: "" onboardingServiceProvider: - encryptionKey: "" + encryptionConfigs: + index0: + encryptionKey: "" + index1: + encryptionKey: "" + dim: + clientId: "" + clientSecret: "" + universalResolverAddress: "https://dev.uniresolver.io/" + encryptionConfigs: + index0: + encryptionKey: "" + issuerComponent: + clientId: "" + clientSecret: "" + encryptionConfigs: + index0: + encryptionKey: "" + invitation: + encryptionConfigs: + index0: + encryptionKey: "" + mailing: + encryptionConfigs: + index0: + encryptionKey: "" postgresql: auth: diff --git a/consortia/environments/values-rc.yaml b/consortia/environments/values-rc.yaml index f976ffb9e..774287bcb 100644 --- a/consortia/environments/values-rc.yaml +++ b/consortia/environments/values-rc.yaml @@ -19,7 +19,8 @@ portalAddress: "https://portal-rc.dev.demo.catena-x.net" portalBackendAddress: "https://portal-backend-rc.dev.demo.catena-x.net" -centralidpAddress: "https://centralidp-rc.dev.demo.catena-x.net" +centralidp: + address: "https://centralidp-rc.dev.demo.catena-x.net" sharedidpAddress: "https://sharedidp-rc.dev.demo.catena-x.net" semanticsAddress: "https://semantics.dev.demo.catena-x.net" bpdmPartnersPoolAddress: "https://business-partners.dev.demo.catena-x.net" @@ -151,8 +152,6 @@ backend: value: "portaldb" - name: "HEALTHCHECKS__0__TAGS__2" value: "provisioningdb" - onboardingServiceProvider: - encryptionKey: "" swaggerEnabled: true provisioning: @@ -235,7 +234,32 @@ backend: clientId: "" clientSecret: "" onboardingServiceProvider: - encryptionKey: "" + encryptionConfigs: + index0: + encryptionKey: "" + index1: + encryptionKey: "" + dim: + clientId: "" + clientSecret: "" + universalResolverAddress: "https://dev.uniresolver.io/" + encryptionConfigs: + index0: + encryptionKey: "" + issuerComponent: + clientId: "" + clientSecret: "" + encryptionConfigs: + index0: + encryptionKey: "" + invitation: + encryptionConfigs: + index0: + encryptionKey: "" + mailing: + encryptionConfigs: + index0: + encryptionKey: "" postgresql: fullnameOverride: "portal-backend-rc-postgresql"