diff --git a/charts/traceability-foss/CHANGELOG.md b/charts/traceability-foss/CHANGELOG.md index d5efeed81a..63edb69c6b 100644 --- a/charts/traceability-foss/CHANGELOG.md +++ b/charts/traceability-foss/CHANGELOG.md @@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Added callbackurl for irs to dev - Migrated from irs-helm from 5.3.0 to 6.0.0 - Migrated from irs-edc-consumer to tractusx-connector +- Added BASF instance to int environment ## [helm-charts-1.3.9 - 26.06.2023] diff --git a/charts/traceability-foss/values-int-basf.yaml b/charts/traceability-foss/values-int-basf.yaml new file mode 100644 index 0000000000..08e1280d37 --- /dev/null +++ b/charts/traceability-foss/values-int-basf.yaml @@ -0,0 +1,468 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +######################### +# Global Values configuration # +######################### +global: + enablePrometheus: false + enableGrafana: false + +######################### +# Frontend Chart Values configuration # +######################### +frontend: + image: + repository: ghcr.io/catenax-ng/tx-traceability-foss + tag: $ARGOCD_APP_REVISION + CATENAX_PORTAL_API_URL: 'https://traceability-int-basf.int.demo.catena-x.net/api' + CATENAX_PORTAL_CLIENT_ID: 'app585' + CATENAX_PORTAL_KEYCLOAK_URL: 'https://centralidp.int.demo.catena-x.net/auth' + CATENAX_PORTAL_BACKEND_DOMAIN: 'catena-x.net' + CATENAX_PORTAL_URL: 'https://portal.int.demo.catena-x.net/' + + nameOverride: "tx-frontend-int-basf" + fullnameOverride: "tx-frontend-int-basf" + + ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: "traceability-portal-int-basf.int.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "traceability-portal-int-basf.int.demo.catena-x.net" + secretName: "traceability-portal-int-basf.int.demo.catena-x.net-tls" + +######################### +# Backend Chart Values configuration # +######################### +backend: + image: + repository: ghcr.io/catenax-ng/tx-traceability-foss + tag: $ARGOCD_APP_REVISION + + nameOverride: "tx-backend-int-basf" + fullnameOverride: "tx-backend-int-basf" + + podSecurityContext: + runAsUser: 10001 + seccompProfile: + type: RuntimeDefault + + # Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm + # @url: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 3000 + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + + # Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm + # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + + springprofile: int + + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTP + hosts: + - host: "traceability-int-basf.int.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "traceability-int-basf.int.demo.catena-x.net" + secretName: tls-secret + + traceability: + bpn: "BPNL00000007QIS1" + url: "https://traceability-int-basf.int.demo.catena-x.net" + + datasource: + url: jdbc:postgresql://tx-backend-postgresql-int-basf:5432/trace + username: trace + password: + + oauth2: + clientId: + clientSecret: + clientTokenUri: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" + jwkSetUri: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs" + resourceClient: "app585" + + edc: + apiKey: "" + providerUrl: "https://tx-edc-consumer-int-basf-controlplane.int.demo.catena-x.net" + callbackUrl: "http://tx-irs-int-basf:8181/internal/endpoint-data-reference" + callbackUrlEdcClient: "https://traceability-int-basf.int.demo.catena-x.net/api/internal/endpoint-data-reference" + dataEndpointUrl: "https://tx-edc-consumer-int-basf-controlplane.int.demo.catena-x.net/management" + + discoveryfinder: + baseUrl: "https://semantics.int.demo.catena-x.net/discoveryfinder/api/v1.0/administration/connectors/discovery/search" + + irs: + baseUrl: "https://tx-irs-int-basf.int.demo.catena-x.net" + + # DEPRECATED + registry: + urlWithPath: "https://trace-x-registry.int.demo.catena-x.net" + portal: + baseUrl: "https://portal-backend.int.demo.catena-x.net/api" + + config: + allowedCorsOriginFirst: "http://localhost:4200/" + allowedCorsOriginSecond: "https://traceability-portal-int-basf.int.demo.catena-x.net/" + + dependencies: + enabled: true + irs: "tx-irs-int-basf" # + edc: "tx-edc-consumer-int-basf" # " + variables: + - name: PGADMIN_CONFIG_UPGRADE_CHECK_ENABLED + value: "False" + resources: + limits: + cpu: 200m + memory: 512Gi + requests: + cpu: 100m + memory: 512Mi + +######################### +# Postgres configuration # +######################### +postgresql: + enabled: true + + nameOverride: "tx-backend-postgresql-int-basf" + fullnameOverride: "tx-backend-postgresql-int-basf" + + auth: + postgresPassword: "" + password: "" + database: "trace" + username: "trace" + +######################### +# IRS configuration # +######################### +irs-helm: + enabled: true + bpn: BPNL00000007QIS1 + + nameOverride: "tx-irs-int-basf" + fullnameOverride: "tx-irs-int-basf" + + namespace: product-traceability-foss + + springprofile: dev + + irsUrl: "https://tx-irs-int-basf.int.demo.catena-x.net" + + ingress: + enabled: true + hosts: + - host: "tx-irs-int-basf.int.demo.catena-x.net" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - "tx-irs-int-basf.int.demo.catena-x.net" + secretName: tls-secret + digitalTwinRegistry: + type: decentral + discoveryFinderUrl: https://semantics.int.demo.catena-x.net/discoveryfinder/api/v1.0/administration/connectors/discovery/search + + semanticshub: + url: https://semantics.int.demo.catena-x.net/hub/api/v1/models + bpdm: + url: https://partners-pool.int.demo.catena-x.net + + minioUser: + minioPassword: + minioUrl: http://tx-irs-minio-int-basf:9000 + + keycloak: + oauth2: + clientId: + clientSecret: + clientTokenUri: https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token + jwkSetUri: https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs + + edc: + callbackurl: http://tx-irs-int-basf:8181/internal/endpoint-data-reference + catalog: + cache: + enabled: "false" + controlplane: + endpoint: + statesuffix: /state + data: https://tx-edc-consumer-int-basf-controlplane.int.demo.catena-x.net/management + apikey: + secret: + + minio: + nameOverride: "tx-irs-minio-int-basf" + fullnameOverride: "tx-irs-minio-int-basf" + serviceAccount: + create: false + rootUser: + rootPassword: + + +################################### +# EDC Consumer configuration # +################################### +tractusx-connector: + nameOverride: "tx-edc-consumer-int-basf" + fullnameOverride: "tx-edc-consumer-int-basf" + enabled: true + install: + postgresql: false + vault: false + participant: + id: BPNL00000007QIS1 + + controlplane: + ingresses: + - enabled: true + hostname: "tx-edc-consumer-int-basf-controlplane.int.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - protocol + - management + tls: + enabled: true + secretName: tls-secret + ssi: + miw: + url: + authorityId: + oauth: + tokenurl: + client: + id: + secretAlias: edc-miw-keycloak-secret-int-basf + + endpoints: + # -- default api for health checks, should not be added to any ingress + default: + port: 8080 + path: /api + # -- data management api, used by internal users, can be added to an ingress and must not be internet facing + management: + port: 8081 + path: /management + # -- authentication key, must be attached to each 'X-Api-Key' request header + authKey: + # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not + control: + port: 8083 + path: /control + # -- ids api, used for inter connector communication and must be internet facing + protocol: + port: 8084 + path: /api/v1/dsp + # -- metrics api, used for application metrics, must not be internet facing + metrics: + port: 9090 + path: /metrics + # -- observability api with unsecured access, must not be internet facing + observability: + port: 8085 + # -- observability api, provides /health /readiness and /liveness endpoints + path: /observability + # -- allow or disallow insecure access, i.e. access without authentication + insecure: true + + internationalDataSpaces: + id: TXDC + description: Tractus-X Eclipse IDS Data Space Connector + title: "" + maintainer: "" + curator: "" + catalogId: TXDC-Catalog + + # Explicitly declared url for reaching the ids api (e.g. if ingresses not used) + url: + ids: "" + + resources: + limits: + cpu: 400m + memory: 1.5Gi + requests: + cpu: 200m + memory: 1.5Gi + + dataplane: + ingresses: + - enabled: true + hostname: "tx-edc-consumer-int-basf-dataplane.int.demo.catena-x.net" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + endpoints: + - public + className: "nginx" + tls: + enabled: true + secretName: tls-secret + + endpoints: + default: + port: 8080 + path: /api + public: + port: 8081 + path: /api/public + control: + port: 8083 + path: /api/dataplane/control + observability: + port: 8085 + path: /observability + insecure: true + metrics: + port: 9090 + path: /metrics + + url: + public: "" + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + + ## currently we need to provide a url but is not used anywhere + # URL where the EndpointDataReference callback will be sent to + backendService: + httpProxyTokenReceiverUrl: "https://traceability-int-basf.int.demo.catena-x.net/api/callback/endpoint-data-reference" + # Files system has to be set to writeable for now since controlplane relies on temporary files to write SSI related things to + securityContext: + readOnlyRootFilesystem: false + ################################ + # EDC Vault Configuration # + ################################ + vault: + hashicorp: + url: "https://vault.demo.catena-x.net" + token: "" + timeout: 30 + healthCheck: + enabled: true + standbyOk: true + paths: + secret: /v1/traceability-foss + health: /v1/sys/health + secretNames: + transferProxyTokenSignerPrivateKey: daps-cert-key-int-basf + transferProxyTokenSignerPublicKey: daps-cert-int-basf + transferProxyTokenEncryptionAesKey: token-signer-aes-key + + ################################## + # EDC Postgres Configuration # + ################################## + postgresql: + enabled: true + size: 1Gi + auth: + username: "" + password: "" + username: "" + password: "" + jdbcUrl: "jdbc:postgresql://tx-edc-consumer-postgresql-int-basf-hl:5432/edc" + +################################### +# EDC Postgres Configuration # +################################### +edc-postgresql: + primary: + resources: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 1Gi + nameOverride: "tx-edc-consumer-postgresql-int-basf" + fullnameOverride: "tx-edc-consumer-postgresql-int-basf" + enabled: true + auth: + database: edc + username: + postgresPassword: + password: