MG-153 - Add Vault scripts as git subtree

charts/magistrala/Chart.yaml

@@ -6,8 +6,8 @@ name: magistrala
 description: Magistrala IoT Platform
 icon: https://avatars1.githubusercontent.com/u/13207490
 type: application
-version: 0.14.2  # Incremented chart version if the chart is updated
-appVersion: "0.14.0"  # Update application version if the app is updated
+version: 0.15.0  # Incremented chart version if the chart is updated
+appVersion: "0.15.0"  # Update application version if the app is updated
 home: https://abstractmachines.fr/magistrala.html
 sources:
   - https://hub.docker.com/u/magistrala

charts/magistrala/README.md

@@ -2,7 +2,7 @@
 
 Magistrala IoT Platform
 
-![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.0](https://img.shields.io/badge/AppVersion-0.14.0-informational?style=flat-square)
+![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.15.0](https://img.shields.io/badge/AppVersion-0.15.0-informational?style=flat-square)
 
 **Homepage:** <https://abstractmachines.fr/magistrala.html>
 
@@ -44,6 +44,11 @@ Magistrala IoT Platform
 | adapter_coap.port | int | `5683` |  |
 | adapter_http.httpPort | int | `8008` |  |
 | adapter_http.image | object | `{}` |  |
+| amcerts.enabled | bool | `true` |  |
+| amcerts.grpcPort | int | `7012` |  |
+| amcerts.httpPort | int | `9010` |  |
+| amcerts.image.repository | string | `"ghcr.io/absmach/certs"` |  |
+| amcerts.image.tag | string | `"latest"` |  |
 | auth.accessTokenDuration | string | `"1h"` |  |
 | auth.adminEmail | string | `"[email protected]"` |  |
 | auth.adminPassword | string | `"12345678"` |  |
@@ -136,6 +141,18 @@ Magistrala IoT Platform
 | nginxInternal.image.tag | string | `"1.19.1-alpine"` |  |
 | nginxInternal.mtls.intermediateCrt | string | `""` |  |
 | nginxInternal.mtls.tls | string | `""` |  |
+| postgresqlamcerts.database | string | `"certs"` |  |
+| postgresqlamcerts.enabled | bool | `true` |  |
+| postgresqlamcerts.global.postgresql.auth.database | string | `"certs"` |  |
+| postgresqlamcerts.global.postgresql.auth.password | string | `"magistrala"` |  |
+| postgresqlamcerts.global.postgresql.auth.postgresPassword | string | `"magistrala"` |  |
+| postgresqlamcerts.global.postgresql.auth.username | string | `"magistrala"` |  |
+| postgresqlamcerts.global.postgresql.service.ports.postgresql | int | `5432` |  |
+| postgresqlamcerts.host | string | `"postgresql-certs"` |  |
+| postgresqlamcerts.name | string | `"postgresql-certs"` |  |
+| postgresqlamcerts.password | string | `"magistrala"` |  |
+| postgresqlamcerts.port | int | `5432` |  |
+| postgresqlamcerts.username | string | `"magistrala"` |  |
 | postgresqlauth.database | string | `"auth"` |  |
 | postgresqlauth.enabled | bool | `true` |  |
 | postgresqlauth.global.postgresql.auth.database | string | `"auth"` |  |
@@ -252,7 +269,7 @@ Magistrala IoT Platform
 | spicedb.dispatch.enabled | bool | `false` |  |
 | spicedb.dispatch.port | int | `50053` |  |
 | spicedb.grpc.port | int | `50051` |  |
-| spicedb.grpc.presharedKey | string | `"helloworld"` |  |
+| spicedb.grpc.presharedKey | string | `"12345678"` |  |
 | spicedb.http.enabled | bool | `false` |  |
 | spicedb.http.port | int | `8443` |  |
 | spicedb.image.pullSecrets | object | `{}` |  |

charts/magistrala/templates/amcerts-deployment.yaml

@@ -0,0 +1,113 @@
+# Copyright (c) Abstract Machines
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.amcerts.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-amcerts-config
+data:
+  config.yml: |
+    common_name: "AbstractMachines_Selfsigned_ca"
+    organization:
+      - "AbstractMachines"
+    organizational_unit:
+      - "AbstractMachines_ca"
+    country:
+      - "France"
+    province:
+      - "Paris"
+    locality:
+      - "Quai de Valmy"
+    postal_code:
+      - "75010 Paris"
+    dns_names:
+      - "localhost"
+    ip_addresses:
+      - "localhost"
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-amcerts
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+      component: amcerts
+  template:
+    metadata:
+      annotations:
+        prometheus.io/path: /metrics
+        prometheus.io/port: "{{ .Values.amcerts.httpPort }}"
+        prometheus.io/scrape: "true"
+      labels:
+        app: {{ .Release.Name }}
+        component: amcerts
+    spec:
+      {{- if (or .Values.amcerts.image.pullSecrets .Values.defaults.image.pullSecrets) }}
+      imagePullSecrets:
+        {{- range (or .Values.amcerts.image.pullSecrets .Values.defaults.image.pullSecrets) }}
+        - name: {{ . }}
+        {{- end }}
+      {{- end }}
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      volumes:
+        - configMap:
+            defaultMode: 256
+            name: {{ .Release.Name }}-amcerts-config
+            optional: false
+          name: amcerts-config
+      containers:
+        - name: {{ .Release.Name }}-amcerts
+          image: "{{ default (printf "%s/amcerts" .Values.defaults.image.rootRepository) .Values.amcerts.image.repository }}:{{ default .Values.defaults.image.tag .Values.amcerts.image.tag }}"
+          imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.amcerts.image.pullPolicy }}
+          env:
+            - name: AM_JAEGER_URL
+              value: "http://{{ .Values.jaeger.fullnameOverride }}-collector:{{ .Values.jaeger.collector.service.otlp.http.port }}/v1/traces"
+            - name: AM_CERTS_JAEGER_TRACE_RATIO
+              value: {{ default .Values.defaults.jaegerTraceRatio .Values.amcerts.jaegerTraceRatio | quote }}
+            - name: AM_CERTS_LOG_LEVEL
+              value: {{ default .Values.defaults.logLevel .Values.amcerts.logLevel | quote }}
+            - name: AM_CERTS_HTTP_HOST
+              value: "0.0.0.0"
+            - name: AM_CERTS_HTTP_PORT
+              value: {{ .Values.amcerts.httpPort | quote }}
+            - name: AM_CERTS_GRPC_HOST
+              value: "0.0.0.0"
+            - name: AM_CERTS_GRPC_PORT
+              value: {{ .Values.amcerts.grpcPort | quote }}
+            - name: AM_CERTS_AUTH_GRPC_URL
+              value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }}
+            - name: MG_THINGS_URL
+              value: http://{{ .Release.Name }}-things:{{ .Values.things.httpPort }}
+            - name: AM_CERTS_DB_HOST
+            {{- if .Values.postgresqlamcerts.enabled }}
+              value: {{ .Release.Name }}-postgresqlcerts
+            {{- else }}
+              value: {{ .Values.postgresqlamcerts.host | quote }}
+            {{- end }}
+            - name: AM_CERTS_DB_PORT
+              value: {{ .Values.postgresqlamcerts.port | quote }}
+            - name: AM_CERTS_DB_NAME
+              value: {{ .Values.postgresqlamcerts.database | quote }}
+            - name: AM_CERTS_DB_USER
+              value: {{ .Values.postgresqlamcerts.username | quote }}
+            - name: AM_CERTS_DB_PASS
+              value: {{ .Values.postgresqlamcerts.password | quote }}
+            - name: MG_CERTS_SIGN_CA_PATH
+              value: {{ .Values.certs.signCAPath }}
+            - name: MG_CERTS_SIGN_CA_KEY_PATH
+              value: {{ .Values.certs.signCAKeyPath }}
+          ports:
+            - containerPort: {{ .Values.amcerts.httpPort }}
+              protocol: TCP
+            - containerPort: {{ .Values.amcerts.grpcPort }}
+              protocol: TCP
+          volumeMounts:
+            - name: amcerts-config
+              mountPath: /config/config.yml
+              subPath: config.yml
+{{- end }}

charts/magistrala/templates/amcerts-service.yaml

@@ -0,0 +1,20 @@
+# Copyright (c) Abstract Machines
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.amcerts.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-amcerts
+spec:
+  selector:
+    app: {{ .Release.Name }}
+    component: amcerts
+  ports:
+    - port: {{ .Values.amcerts.httpPort }}
+      protocol: TCP
+      name: {{ .Release.Name }}-amcerts-{{ .Values.amcerts.httpPort }}
+    - port: {{ .Values.amcerts.grpcPort }}
+      protocol: TCP
+      name: {{ .Release.Name }}-amcerts-grpc-{{ .Values.amcerts.grpcPort }}
+{{- end }}

charts/magistrala/templates/users-deployment.yaml

@@ -90,6 +90,14 @@ spec:
               value: {{ .Values.postgresqlusers.username | quote }}
             - name: MG_USERS_DB_PASS
               value: {{ .Values.postgresqlusers.password | quote }}
+            - name: MG_USERS_GRPC_HOST
+              value: "0.0.0.0"
+            - name : MG_USERS_GRPC_PORT
+              value: {{ .Values.users.grpcPort | quote }}
+            - name: MG_SPICEDB_HOST
+              value: {{ .Release.Name }}-spicedb
+            - name: MG_SPICEDB_PORT
+              value: {{ .Values.spicedb.grpc.port | quote }}
             - name : MG_AUTH_GRPC_URL
               value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }}
           ports:

charts/magistrala/values.yaml

@@ -92,8 +92,7 @@
         maxSize: 2Gi
 
 adapter_coap:
-  image:
-    {}
+  image: {}
     # pullSecrets: {}
     # If your image repository requires authentication, you can specify image pull secrets here.
     # Example:
@@ -147,8 +146,7 @@
   #     effect: "NoSchedule"
 
 adapter_http:
-  image:
-    {}
+  image: {}
     # pullSecrets: {}
     # repository: "magistrala/adapter-http"
     # tag: "latest"
@@ -198,7 +196,7 @@
     tag: latest
     # pullPolicy: "IfNotPresent"
   grpc:
-    presharedKey: "helloworld"
+    presharedKey: "12345678"
     port: 50051
   datastore:
     ## engine can be any one of the two options: postgres (default) , memory
@@ -238,8 +236,7 @@
 
 auth:
   # logLevel: error
-  image:
-    {}
+  image: {}
     # pullSecrets: {}
     # rootRepository: "magistrala/auth"
     # tag: "latest"
@@ -280,8 +277,7 @@
           postgresql: *postgresqlAuthPort
 
 users:
-  image:
-    {}
+  image: {}
     # pullSecrets: {}
     # repository: "magistrala/users"
     # tag: "latest"
@@ -324,8 +320,7 @@
           postgresql: *postgresqlUsersPort
 
 things:
-  image:
-    {}
+  image: {}
     # pullSecrets: {}
     # repository: "magistrala/things"
     # tag: "latest"
@@ -407,8 +402,7 @@
 
 certs:
   enabled: true
-  image:
-    {}
+  image: {}
     # pullSecrets: {}
     # repository: "magistrala/certs"
     # tag: "latest"
@@ -449,11 +443,51 @@
       service:
         ports:
           postgresql: *postgresqlCertsPort
+amcerts:
+  enabled: true
+  image:
+    repository: "ghcr.io/absmach/certs"
+    tag: "latest"
+    # pullSecrets: {}
+    # pullPolicy: "IfNotPresent"
+  # jaegerTraceRatio: 1.0
+  # sendTelemetry: true
+  # logLevel: "info"
+  httpPort: 9010
+  grpcPort: 7012
+  # signCAPath: "/etc/ssl/certs/ca.crt"
+  # signCAKeyPath: "/etc/ssl/certs/ca.key"
+  # vault:
+  #   url: "http://magistrala-vault:8200"
+  #   approleRoleid: magistrala
+  #   approleSecret: magistrala
+  #   namespace: magistrala
+  #   thingsCertsPkiPath: pki_int
+  #   thingsCertsPkiRoleName: magistrala_things_certs
+
+postgresqlamcerts:
+  ## If you want to use an external database, set this to false and change host & port to external postgresql server host & port respectively
+  enabled: true
+  name: postgresql-certs
+  host: postgresql-certs
+  port: &postgresqlCertsPort 5432
+  database: &postgresqlCertsDatabase certs
+  username: &postgresqlCertsUsername magistrala
+  password: &postgresqlCertsPassword magistrala
+  global:
+    postgresql:
+      auth:
+        postgresPassword: *postgresqlCertsPassword
+        username: *postgresqlCertsUsername
+        password: *postgresqlCertsPassword
+        database: *postgresqlCertsDatabase
+      service:
+        ports:
+          postgresql: *postgresqlCertsPort
 
 invitations:
   enabled: true
-  image:
-    {}
+  image: {}
     # pullSecrets: {}
     # repository: "magistrala/invitations"
     # tag: "latest"
@@ -488,8 +522,7 @@
 
 journal:
   enabled: true
-  image:
-    {}
+  image: {}
     # pullSecrets: {}
     # repository: "magistrala/journal"
     # tag: "latest"
@@ -532,8 +565,7 @@
   username: &messagesRwTimescaleUsername magistrala
   password: &messagesRwTimescalePassword magistrala
   reader:
-    image:
-      {}
+    image: {}
       # pullSecrets: {}
       # repository: "magistrala/timescale-reader"
       # tag: "latest"
@@ -542,13 +574,12 @@
     # sendTelemetry: true
     # logLevel: "info"
     enabled: true
-    http: {port: 9011}
+    http: { port: 9011 }
     # nodeSelector: {}
     # affinity: {}
     # tolerations: {}
   writer:
-    image:
-      {}
+    image: {}
       # pullSecrets: {}
       # repository: "magistrala/timescale-writer"
       # tag: "latest"
@@ -560,7 +591,7 @@
     # affinity: {}
     # tolerations: {}
     enabled: true
-    http: {port: 9012}
+    http: { port: 9012 }
   ## Configurations of Bitnami postgres
   global:
     postgresql:
@@ -579,8 +610,7 @@
 
 ui:
   enabled: true
-  image:
-    {}
+  image: {}
     # pullSecrets: {}
     # repository: "magistrala/ui"
     # tag: "latest"