From 5c7ebf5abd9c0fa407a742e2412df9e064162f1d Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Mon, 23 Sep 2024 16:10:10 +0200 Subject: [PATCH 1/3] chore: release 1.2.0-alpha.1 Release-As: 1.2.0-alpha.1 From daee68859adc7586930f890f5d198ee9d32d424f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 16:13:35 +0200 Subject: [PATCH 2/3] chore(changelog/v1.2.0-alpha.1): release 1.2.0-alpha.1 (#258) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- CHANGELOG.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ffef37a6..1ff9e491 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,27 @@ # Changelog +## [1.2.0-alpha.1](https://github.com/eclipse-tractusx/ssi-credential-issuer/compare/v1.1.0-rc.2...v1.2.0-alpha.1) (2024-09-23) + + +### Features + +* add imagePullSecrets ([#236](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/236)) ([bed4ff8](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/bed4ff875abdcca06fbdbb14779812a465773e10)) +* **config:** make wallet application and paths configurable ([#230](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/230)) ([7232f27](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/7232f271f8748d281d2909e5016e251217e88e39)), closes [#226](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/226) +* enhanced the owned-credentials endpoint ([#240](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/240)) ([e41722a](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/e41722a4e1d02ff631d8b9d1c4940b391f7fd500)) +* **notification:** adjust notification request parameter ([#233](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/233)) ([37b359d](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/37b359d9a289b58e548c6b4935d0e1016872fbff)) +* **ssi:** merge create and sign credential into one ([#235](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/235)) ([510de92](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/510de9206f916b7eedbc205ff6d3fe9428b73265)), closes [#232](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/232) + + +### Bug Fixes + +* **document:** adjust validation to allow the issuer to display documents of credentials ([#229](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/229)) ([a1dd326](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/a1dd326141942de3a873514f6508d42a2400b331)), closes [#225](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/225) +* update the template framework pdf link ([#251](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/251)) ([3356250](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/3356250fd09c6e406748298e4fca1f15a59f038e)) + + +### Miscellaneous Chores + +* release 1.2.0-alpha.1 ([abbdff1](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/abbdff1d2381ebb722e1fc505ad067565cd7b185)) + ## [1.1.0-rc.2](https://github.com/eclipse-tractusx/ssi-credential-issuer/compare/v1.1.0-rc.1...v1.1.0-rc.2) (2024-07-25) From 63c8c1c1ed6be7d34f90279867f592e103eba6eb Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Mon, 23 Sep 2024 16:22:01 +0200 Subject: [PATCH 3/3] build(1.2.0-alpha.1): bump version and update docs --- charts/ssi-credential-issuer/Chart.yaml | 4 +- charts/ssi-credential-issuer/README.md | 242 +++++++++--------- .../argocd-app-templates/appsetup-int.yaml | 2 +- src/Directory.Build.props | 4 +- 4 files changed, 128 insertions(+), 124 deletions(-) diff --git a/charts/ssi-credential-issuer/Chart.yaml b/charts/ssi-credential-issuer/Chart.yaml index b8efb96e..e3fadd1a 100644 --- a/charts/ssi-credential-issuer/Chart.yaml +++ b/charts/ssi-credential-issuer/Chart.yaml @@ -20,8 +20,8 @@ apiVersion: v2 name: ssi-credential-issuer type: application -version: 1.1.0 -appVersion: 1.1.0 +version: 1.2.0-alpha.1 +appVersion: 1.2.0-alpha.1 description: Helm chart for SSI Credential Issuer home: https://github.com/eclipse-tractusx/ssi-credential-issuer dependencies: diff --git a/charts/ssi-credential-issuer/README.md b/charts/ssi-credential-issuer/README.md index 5c36c513..6e2c8747 100644 --- a/charts/ssi-credential-issuer/README.md +++ b/charts/ssi-credential-issuer/README.md @@ -29,7 +29,7 @@ To use the helm chart as a dependency: dependencies: - name: ssi-credential-issuer repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.1.0 + version: 1.2.0-alpha.1 ``` ## Requirements @@ -40,123 +40,127 @@ dependencies: ## Values -| Key | Type | Default | Description | -|-----------------------------------------------------------|------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| portalBackendAddress | string | `"https://portal-backend.example.org"` | Provide portal-backend base address. | -| walletAddress | string | `"https://wallet.example.org"` | | -| walletTokenAddress | string | `"https://wallet.example.org/oauth/token"` | | -| service.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-service"` | | -| service.image.tag | string | `""` | | -| service.imagePullPolicy | string | `"IfNotPresent"` | | -| service.resources | object | `{"limits":{"cpu":"45m","memory":"400M"},"requests":{"cpu":"15m","memory":"400M"}}` | We recommend to review the default resource limits as this should a conscious choice. | -| service.logging.businessLogic | string | `"Information"` | | -| service.logging.default | string | `"Information"` | | -| service.healthChecks.startup.path | string | `"/health/startup"` | | -| service.healthChecks.startup.tags[0].name | string | `"HEALTHCHECKS__0__TAGS__1"` | | -| service.healthChecks.startup.tags[0].value | string | `"issuerdb"` | | -| service.healthChecks.liveness.path | string | `"/healthz"` | | -| service.healthChecks.readyness.path | string | `"/ready"` | | -| service.swaggerEnabled | bool | `false` | | -| service.portal.scope | string | `"openid"` | | -| service.portal.grantType | string | `"client_credentials"` | | -| service.portal.clientId | string | `"portal-client-id"` | Provide portal client-id from CX IAM centralidp. | -| service.portal.clientSecret | string | `""` | Client-secret for portal client-id. Secret-key 'portal-client-secret'. | -| service.credential.issuerDid | string | `"did:web:example"` | | -| service.credential.issuerBpn | string | `"BPNL00000001TEST"` | | -| service.credential.statusListUrl | string | `"https://example.org/statuslist"` | | -| service.credential.encryptionConfigIndex | int | `0` | | -| service.credential.encryptionConfigs.index0.index | int | `0` | | -| service.credential.encryptionConfigs.index0.cipherMode | string | `"CBC"` | | -| service.credential.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` | | -| service.credential.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey for wallet. Secret-key 'credential-encryption-key0'. Expected format is 256 bit (64 digits) hex. | -| migrations.name | string | `"migrations"` | | -| migrations.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-migrations"` | | -| migrations.image.tag | string | `""` | | -| migrations.imagePullPolicy | string | `"IfNotPresent"` | | -| migrations.resources | object | `{"limits":{"cpu":"45m","memory":"200M"},"requests":{"cpu":"15m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. | -| migrations.seeding.testDataEnvironments | string | `""` | | -| migrations.seeding.testDataPaths | string | `"Seeder/Data"` | | -| migrations.logging.default | string | `"Information"` | | -| migrations.processIdentity.identityId | string | `"ac1cf001-7fbc-1f2f-817f-bce058020006"` | | -| processesworker.name | string | `"processesworker"` | | -| processesworker.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-processes-worker"` | | -| processesworker.image.tag | string | `""` | | -| processesworker.imagePullPolicy | string | `"IfNotPresent"` | | -| processesworker.resources | object | `{"limits":{"cpu":"45m","memory":"200M"},"requests":{"cpu":"15m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. | -| processesworker.logging.default | string | `"Information"` | | -| processesworker.portal.scope | string | `"openid"` | | -| processesworker.portal.grantType | string | `"client_credentials"` | | -| processesworker.portal.clientId | string | `"portal-client-id"` | Provide portal client-id from CX IAM centralidp. | -| processesworker.portal.clientSecret | string | `""` | Client-secret for portal client-id. Secret-key 'portal-client-secret'. | -| processesworker.processIdentity.identityId | string | `"ac1cf001-7fbc-1f2f-817f-bce058020006"` | | -| processesworker.wallet.scope | string | `"openid"` | | -| processesworker.wallet.grantType | string | `"client_credentials"` | | -| processesworker.wallet.clientId | string | `"wallet-client-id"` | Provide wallet client-id from CX IAM centralidp. | -| processesworker.wallet.clientSecret | string | `""` | Client-secret for wallet client-id. Secret-key 'wallet-client-secret'. | -| processesworker.wallet.application | string | `"catena-x-portal"` | the application set in the wallet | -| processesworker.wallet.createSignedCredentialPath | string | `"/api/v2.0.0/credentials"` | path to create a specific credential which is directly signed | -| processesworker.wallet.createCredentialPath | string | `"api/v2.0.0/credentials"` | path to create a credential | -| processesworker.wallet.getCredentialPath | string | `"/api/v2.0.0/credentials/{0}"` | path to get a specific credential; {0} will be replaced by the credential id | -| processesworker.wallet.revokeCredentialPath | string | `"/api/v2.0.0/credentials/{0}"` | path to revoke a specific credential; {0} will be replaced by the credential id | -| credentialExpiry.name | string | `"expiry"` | | -| credentialExpiry.image.name | string | `"docker.io/tractusx/ssi-credential-expiry-app"` | | -| credentialExpiry.image.tag | string | `""` | | -| credentialExpiry.imagePullPolicy | string | `"IfNotPresent"` | | -| credentialExpiry.resources | object | `{"limits":{"cpu":"45m","memory":"105M"},"requests":{"cpu":"15m","memory":"105M"}}` | We recommend to review the default resource limits as this should a conscious choice. | -| credentialExpiry.processIdentity.identityId | string | `"ac1cf001-7fbc-1f2f-817f-bce058020006"` | | -| credentialExpiry.logging.default | string | `"Information"` | | -| credentialExpiry.expiry.expiredVcsToDeleteInMonth | int | `12` | | -| credentialExpiry.expiry.inactiveVcsToDeleteInWeeks | int | `12` | | -| existingSecret | string | `""` | Secret containing the client-secrets for the connection to portal and wallet as well as encryptionKeys for issuer.credential and processesworker.wallet | -| dotnetEnvironment | string | `"Production"` | | -| dbConnection.schema | string | `"issuer"` | | -| dbConnection.sslMode | string | `"Disable"` | | -| postgresql.enabled | bool | `true` | PostgreSQL chart configuration; default configurations: host: "issuer-postgresql-primary", port: 5432; Switch to enable or disable the PostgreSQL helm chart. | -| postgresql.image | object | `{"tag":"15-debian-12"}` | Setting image tag to major to get latest minor updates | -| postgresql.commonLabels."app.kubernetes.io/version" | string | `"15"` | | -| postgresql.auth.username | string | `"issuer"` | Non-root username. | -| postgresql.auth.database | string | `"issuer"` | Database name. | -| postgresql.auth.existingSecret | string | `"{{ .Release.Name }}-issuer-postgres"` | Secret containing the passwords for root usernames postgres and non-root username issuer. Should not be changed without changing the "issuer-postgresSecretName" template as well. | -| postgresql.auth.postgrespassword | string | `""` | Password for the root username 'postgres'. Secret-key 'postgres-password'. | -| postgresql.auth.password | string | `""` | Password for the non-root username 'issuer'. Secret-key 'password'. | -| postgresql.auth.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. | -| postgresql.architecture | string | `"replication"` | | -| postgresql.audit.pgAuditLog | string | `"write, ddl"` | | -| postgresql.audit.logLinePrefix | string | `"%m %u %d "` | | -| postgresql.primary.extendedConfiguration | string | `""` | Extended PostgreSQL Primary configuration (increase of max_connections recommended - default is 100) | -| postgresql.primary.initdb.scriptsConfigMap | string | `"{{ .Release.Name }}-issuer-cm-postgres"` | | -| postgresql.readReplicas.extendedConfiguration | string | `""` | Extended PostgreSQL read only replicas configuration (increase of max_connections recommended - default is 100) | -| externalDatabase.host | string | `"issuer-postgres-ext"` | External PostgreSQL configuration IMPORTANT: non-root db user needs to be created beforehand on external database. And the init script (02-init-db.sql) available in templates/configmap-postgres-init.yaml needs to be executed beforehand. Database host ('-primary' is added as postfix). | -| externalDatabase.port | int | `5432` | Database port number. | -| externalDatabase.username | string | `"issuer"` | Non-root username for issuer. | -| externalDatabase.database | string | `"issuer"` | Database name. | -| externalDatabase.password | string | `""` | Password for the non-root username (default 'issuer'). Secret-key 'password'. | -| externalDatabase.existingSecret | string | `"issuer-external-db"` | Secret containing the password non-root username, (default 'issuer'). | -| centralidp | object | `{"address":"https://centralidp.example.org","authRealm":"CX-Central","jwtBearerOptions":{"metadataPath":"/auth/realms/CX-Central/.well-known/openid-configuration","refreshInterval":"00:00:30","requireHttpsMetadata":"true","tokenValidationParameters":{"validAudience":"Cl24-CX-SSI-CredentialIssuer","validIssuerPath":"/auth/realms/CX-Central"}},"tokenPath":"/auth/realms/CX-Central/protocol/openid-connect/token","useAuthTrail":true}` | Provide details about centralidp (CX IAM) Keycloak instance. | -| centralidp.address | string | `"https://centralidp.example.org"` | Provide centralidp base address (CX IAM), without trailing '/auth'. | -| centralidp.useAuthTrail | bool | `true` | Flag if the api should be used with an leading /auth path | -| ingress.enabled | bool | `false` | SSI Credential Issuer ingress parameters, enable ingress record generation for ssi-credential-issuer. | -| ingress.tls | list | `[]` | Ingress TLS configuration | -| ingress.hosts[0] | object | `{"host":"","paths":[{"backend":{"port":8080},"path":"/api","pathType":"Prefix"}]}` | Provide default path for the ingress record. | -| portContainer | int | `8080` | | -| portService | int | `8080` | | -| replicaCount | int | `3` | | -| nodeSelector | object | `{}` | Node labels for pod assignment | -| tolerations | list | `[]` | Tolerations for pod assignment | -| affinity.podAntiAffinity | object | `{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"DoesNotExist"}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}` | Following Catena-X Helm Best Practices, [reference](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). | -| updateStrategy.type | string | `"RollingUpdate"` | Update strategy type, rolling update configuration parameters, [reference](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies). | -| updateStrategy.rollingUpdate.maxSurge | int | `1` | | -| updateStrategy.rollingUpdate.maxUnavailable | int | `0` | | -| startupProbe | object | `{"failureThreshold":30,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Following Catena-X Helm Best Practices, [reference](https://github.com/helm/charts/blob/master/stable/nginx-ingress/values.yaml#L210). | -| livenessProbe.failureThreshold | int | `3` | | -| livenessProbe.initialDelaySeconds | int | `10` | | -| livenessProbe.periodSeconds | int | `10` | | -| livenessProbe.successThreshold | int | `1` | | -| livenessProbe.timeoutSeconds | int | `10` | | -| readinessProbe.failureThreshold | int | `3` | | -| readinessProbe.initialDelaySeconds | int | `10` | | -| readinessProbe.periodSeconds | int | `10` | | -| readinessProbe.successThreshold | int | `1` | | -| readinessProbe.timeoutSeconds | int | `1` | | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| portalBackendAddress | string | `"https://portal-backend.example.org"` | Provide portal-backend base address. | +| walletAddress | string | `"https://wallet.example.org"` | | +| walletTokenAddress | string | `"https://wallet.example.org/oauth/token"` | | +| service.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-service"` | | +| service.image.tag | string | `""` | | +| service.image.pullSecrets | list | `[]` | | +| service.imagePullPolicy | string | `"IfNotPresent"` | | +| service.resources | object | `{"limits":{"cpu":"45m","memory":"400M"},"requests":{"cpu":"15m","memory":"400M"}}` | We recommend to review the default resource limits as this should a conscious choice. | +| service.logging.businessLogic | string | `"Information"` | | +| service.logging.default | string | `"Information"` | | +| service.healthChecks.startup.path | string | `"/health/startup"` | | +| service.healthChecks.startup.tags[0].name | string | `"HEALTHCHECKS__0__TAGS__1"` | | +| service.healthChecks.startup.tags[0].value | string | `"issuerdb"` | | +| service.healthChecks.liveness.path | string | `"/healthz"` | | +| service.healthChecks.readyness.path | string | `"/ready"` | | +| service.swaggerEnabled | bool | `false` | | +| service.portal.scope | string | `"openid"` | | +| service.portal.grantType | string | `"client_credentials"` | | +| service.portal.clientId | string | `"portal-client-id"` | Provide portal client-id from CX IAM centralidp. | +| service.portal.clientSecret | string | `""` | Client-secret for portal client-id. Secret-key 'portal-client-secret'. | +| service.credential.issuerDid | string | `"did:web:example"` | | +| service.credential.issuerBpn | string | `"BPNL00000001TEST"` | | +| service.credential.statusListUrl | string | `"https://example.org/statuslist"` | | +| service.credential.encryptionConfigIndex | int | `0` | | +| service.credential.encryptionConfigs.index0.index | int | `0` | | +| service.credential.encryptionConfigs.index0.cipherMode | string | `"CBC"` | | +| service.credential.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` | | +| service.credential.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey for wallet. Secret-key 'credential-encryption-key0'. Expected format is 256 bit (64 digits) hex. | +| migrations.name | string | `"migrations"` | | +| migrations.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-migrations"` | | +| migrations.image.tag | string | `""` | | +| migrations.image.pullSecrets | list | `[]` | | +| migrations.imagePullPolicy | string | `"IfNotPresent"` | | +| migrations.resources | object | `{"limits":{"cpu":"45m","memory":"200M"},"requests":{"cpu":"15m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. | +| migrations.seeding.testDataEnvironments | string | `""` | | +| migrations.seeding.testDataPaths | string | `"Seeder/Data"` | | +| migrations.logging.default | string | `"Information"` | | +| migrations.processIdentity.identityId | string | `"ac1cf001-7fbc-1f2f-817f-bce058020006"` | | +| processesworker.name | string | `"processesworker"` | | +| processesworker.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-processes-worker"` | | +| processesworker.image.tag | string | `""` | | +| processesworker.image.pullSecrets | list | `[]` | | +| processesworker.imagePullPolicy | string | `"IfNotPresent"` | | +| processesworker.resources | object | `{"limits":{"cpu":"45m","memory":"200M"},"requests":{"cpu":"15m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. | +| processesworker.logging.default | string | `"Information"` | | +| processesworker.portal.scope | string | `"openid"` | | +| processesworker.portal.grantType | string | `"client_credentials"` | | +| processesworker.portal.clientId | string | `"portal-client-id"` | Provide portal client-id from CX IAM centralidp. | +| processesworker.portal.clientSecret | string | `""` | Client-secret for portal client-id. Secret-key 'portal-client-secret'. | +| processesworker.processIdentity.identityId | string | `"ac1cf001-7fbc-1f2f-817f-bce058020006"` | | +| processesworker.wallet.scope | string | `"openid"` | | +| processesworker.wallet.grantType | string | `"client_credentials"` | | +| processesworker.wallet.clientId | string | `"wallet-client-id"` | Provide wallet client-id from CX IAM centralidp. | +| processesworker.wallet.clientSecret | string | `""` | Client-secret for wallet client-id. Secret-key 'wallet-client-secret'. | +| processesworker.wallet.application | string | `"catena-x-portal"` | the application set in the wallet | +| processesworker.wallet.createCredentialPath | string | `"api/v2.0.0/credentials"` | path to create a credential | +| processesworker.wallet.createSignedCredentialPath | string | `"/api/v2.0.0/credentials"` | path to create a specific credential which is directly signed | +| processesworker.wallet.getCredentialPath | string | `"/api/v2.0.0/credentials/{0}"` | path to get a specific credential; {0} will be replaced by the credential id | +| processesworker.wallet.revokeCredentialPath | string | `"/api/v2.0.0/credentials/{0}"` | path to revoke a specific credential; {0} will be replaced by the credential id | +| credentialExpiry.name | string | `"expiry"` | | +| credentialExpiry.image.name | string | `"docker.io/tractusx/ssi-credential-expiry-app"` | | +| credentialExpiry.image.tag | string | `""` | | +| credentialExpiry.image.pullSecrets | list | `[]` | | +| credentialExpiry.imagePullPolicy | string | `"IfNotPresent"` | | +| credentialExpiry.resources | object | `{"limits":{"cpu":"45m","memory":"105M"},"requests":{"cpu":"15m","memory":"105M"}}` | We recommend to review the default resource limits as this should a conscious choice. | +| credentialExpiry.processIdentity.identityId | string | `"ac1cf001-7fbc-1f2f-817f-bce058020006"` | | +| credentialExpiry.logging.default | string | `"Information"` | | +| credentialExpiry.expiry.expiredVcsToDeleteInMonth | int | `12` | | +| credentialExpiry.expiry.inactiveVcsToDeleteInWeeks | int | `12` | | +| existingSecret | string | `""` | Secret containing the client-secrets for the connection to portal and wallet as well as encryptionKeys for issuer.credential and processesworker.wallet | +| dotnetEnvironment | string | `"Production"` | | +| dbConnection.schema | string | `"issuer"` | | +| dbConnection.sslMode | string | `"Disable"` | | +| postgresql.enabled | bool | `true` | PostgreSQL chart configuration; default configurations: host: "issuer-postgresql-primary", port: 5432; Switch to enable or disable the PostgreSQL helm chart. | +| postgresql.image | object | `{"tag":"15-debian-12"}` | Setting image tag to major to get latest minor updates | +| postgresql.commonLabels."app.kubernetes.io/version" | string | `"15"` | | +| postgresql.auth.username | string | `"issuer"` | Non-root username. | +| postgresql.auth.database | string | `"issuer"` | Database name. | +| postgresql.auth.existingSecret | string | `"{{ .Release.Name }}-issuer-postgres"` | Secret containing the passwords for root usernames postgres and non-root username issuer. Should not be changed without changing the "issuer-postgresSecretName" template as well. | +| postgresql.auth.postgrespassword | string | `""` | Password for the root username 'postgres'. Secret-key 'postgres-password'. | +| postgresql.auth.password | string | `""` | Password for the non-root username 'issuer'. Secret-key 'password'. | +| postgresql.auth.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. | +| postgresql.architecture | string | `"replication"` | | +| postgresql.audit.pgAuditLog | string | `"write, ddl"` | | +| postgresql.audit.logLinePrefix | string | `"%m %u %d "` | | +| postgresql.primary.extendedConfiguration | string | `""` | Extended PostgreSQL Primary configuration (increase of max_connections recommended - default is 100) | +| postgresql.primary.initdb.scriptsConfigMap | string | `"{{ .Release.Name }}-issuer-cm-postgres"` | | +| postgresql.readReplicas.extendedConfiguration | string | `""` | Extended PostgreSQL read only replicas configuration (increase of max_connections recommended - default is 100) | +| externalDatabase.host | string | `"issuer-postgres-ext"` | External PostgreSQL configuration IMPORTANT: non-root db user needs to be created beforehand on external database. And the init script (02-init-db.sql) available in templates/configmap-postgres-init.yaml needs to be executed beforehand. Database host ('-primary' is added as postfix). | +| externalDatabase.port | int | `5432` | Database port number. | +| externalDatabase.username | string | `"issuer"` | Non-root username for issuer. | +| externalDatabase.database | string | `"issuer"` | Database name. | +| externalDatabase.password | string | `""` | Password for the non-root username (default 'issuer'). Secret-key 'password'. | +| externalDatabase.existingSecret | string | `"issuer-external-db"` | Secret containing the password non-root username, (default 'issuer'). | +| centralidp | object | `{"address":"https://centralidp.example.org","authRealm":"CX-Central","jwtBearerOptions":{"metadataPath":"/auth/realms/CX-Central/.well-known/openid-configuration","refreshInterval":"00:00:30","requireHttpsMetadata":"true","tokenValidationParameters":{"validAudience":"Cl24-CX-SSI-CredentialIssuer","validIssuerPath":"/auth/realms/CX-Central"}},"tokenPath":"/auth/realms/CX-Central/protocol/openid-connect/token","useAuthTrail":true}` | Provide details about centralidp (CX IAM) Keycloak instance. | +| centralidp.address | string | `"https://centralidp.example.org"` | Provide centralidp base address (CX IAM), without trailing '/auth'. | +| centralidp.useAuthTrail | bool | `true` | Flag if the api should be used with an leading /auth path | +| ingress.enabled | bool | `false` | SSI Credential Issuer ingress parameters, enable ingress record generation for ssi-credential-issuer. | +| ingress.tls | list | `[]` | Ingress TLS configuration | +| ingress.hosts[0] | object | `{"host":"","paths":[{"backend":{"port":8080},"path":"/api","pathType":"Prefix"}]}` | Provide default path for the ingress record. | +| portContainer | int | `8080` | | +| portService | int | `8080` | | +| replicaCount | int | `3` | | +| nodeSelector | object | `{}` | Node labels for pod assignment | +| tolerations | list | `[]` | Tolerations for pod assignment | +| affinity.podAntiAffinity | object | `{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"DoesNotExist"}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}` | Following Catena-X Helm Best Practices, [reference](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). | +| updateStrategy.type | string | `"RollingUpdate"` | Update strategy type, rolling update configuration parameters, [reference](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies). | +| updateStrategy.rollingUpdate.maxSurge | int | `1` | | +| updateStrategy.rollingUpdate.maxUnavailable | int | `0` | | +| startupProbe | object | `{"failureThreshold":30,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Following Catena-X Helm Best Practices, [reference](https://github.com/helm/charts/blob/master/stable/nginx-ingress/values.yaml#L210). | +| livenessProbe.failureThreshold | int | `3` | | +| livenessProbe.initialDelaySeconds | int | `10` | | +| livenessProbe.periodSeconds | int | `10` | | +| livenessProbe.successThreshold | int | `1` | | +| livenessProbe.timeoutSeconds | int | `10` | | +| readinessProbe.failureThreshold | int | `3` | | +| readinessProbe.initialDelaySeconds | int | `10` | | +| readinessProbe.periodSeconds | int | `10` | | +| readinessProbe.successThreshold | int | `1` | | +| readinessProbe.timeoutSeconds | int | `1` | | Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs) diff --git a/environments/argocd-app-templates/appsetup-int.yaml b/environments/argocd-app-templates/appsetup-int.yaml index 0e68c0b0..15d826e9 100644 --- a/environments/argocd-app-templates/appsetup-int.yaml +++ b/environments/argocd-app-templates/appsetup-int.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/ssi-credential-issuer repoURL: 'https://github.com/eclipse-tractusx/ssi-credential-issuer.git' - targetRevision: ssi-credential-issuer-1.1.0 + targetRevision: ssi-credential-issuer-1.2.0-alpha.1 plugin: env: - name: AVP_SECRET diff --git a/src/Directory.Build.props b/src/Directory.Build.props index ef267766..5eb6f1e5 100644 --- a/src/Directory.Build.props +++ b/src/Directory.Build.props @@ -19,7 +19,7 @@ - 1.1.0 - + 1.2.0 + alpha.1