Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(userId): fixed userId issue from helm values and Dockerfiles
- Loading branch information
1 parent
a384648
commit 1c3df09
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -31,7 +31,7 @@ helm install digital-product-pass tractusx/digital-product-pass | |
| | Key | Type | Default | Description | | ||
| |-----|------|---------|-------------| | ||
| | affinity | object | `{}` | | | ||
| | backend | object | `{"digitalTwinRegistry":{"endpoints":{"digitalTwin":"/shell-descriptors","search":"/lookup/shells","subModel":"/submodel-descriptors"},"policyCheck":{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false},"temporaryStorage":{"enabled":true,"lifetime":12},"timeouts":{"digitalTwin":40,"negotiation":60,"search":50,"transfer":20}},"discovery":{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""},"edc":{"apis":{"catalog":"/catalog/request","management":"/management/v2","negotiation":"/contractnegotiations","readiness":"/api/check/readiness","transfer":"/transferprocesses"},"delay":100,"hostname":"","participantId":"<Add participant id here>","xApiKey":"<Add API key here>"},"hostname":"","image":{"pullPolicy":"IfNotPresent","repository":"docker.io/tractusx/digital-product-pass-backend"},"imagePullSecrets":[],"ingress":{"annotations":{"ingressClassName":"nginx","nginx.ingress.kubernetes.io/backend-protocol":"HTTP","nginx.ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/ssl-passthrough":"false"},"enabled":false,"hosts":[{"host":"","paths":[{"path":"/","pathType":"Prefix"}]}]},"irs":{"enabled":false,"hostname":""},"logging":{"level":{"root":"INFO","utils":"INFO"}},"maxRetries":5,"name":"dpp-backend","passport":{"aspects":["urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport","urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass","urn:samm:io.catenax.battery.battery_pass:6.0.0#BatteryPass","urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass","urn:samm:io.catenax.transmission.transmission_pass:3.0.0#TransmissionPass","urn:samm:io.catenax.generic.digital_product_passport:2.0.0#DigitalProductPassport","urn:samm:io.catenax.generic.digital_product_passport:5.0.0#DigitalProductPassport"],"policyCheck":{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:FrameworkAgreement","operator":"odrl:eq","rightOperand":"CircularEconomy:1.0"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.circular.dpp:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false}},"podSecurityContext":{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10000,"seccompProfile":{"type":"RuntimeDefault"}},"process":{"encryptionKey":""},"securityCheck":{"bpn":false,"edc":false},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"add":[],"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":10001,"runAsNonRoot":true,"runAsUser":10000},"serverPort":8888,"service":{"port":8888,"type":"ClusterIP"},"singleApi":{"delay":1000,"maxRetries":30},"volumeMounts":[{"mountPath":"/app/config","name":"backend-config"},{"mountPath":"/app/data/process","name":"pvc-backend","subPath":"data/process"},{"mountPath":"/app/log","name":"tmpfs","subPath":"log"},{"mountPath":"/tmp","name":"tmpfs"},{"mountPath":"/app/data/VaultConfig","name":"tmpfs","subPath":"VaultConfig/vault.token.yml"},{"mountPath":"/app/tmp","name":"tmpfs"}],"volumes":[{"configMap":{"name":"{{ .Release.Name }}-backend-config"},"name":"backend-config"},{"name":"pvc-backend","persistentVolumeClaim":{"claimName":"{{ .Release.Name }}-pvc-data"}},{"emptyDir":{},"name":"tmpfs"}]}` | Backend configuration | | ||
| | backend.digitalTwinRegistry.policyCheck | object | `{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false}` | policy configuration for the digital twin assets in the edc catalog | | ||
| | backend.digitalTwinRegistry.policyCheck.enabled | bool | `true` | condition to enable and disable the policy check | | ||
| | backend.digitalTwinRegistry.policyCheck.policies | list | `[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}]` | list of allowed policies that can be selected from the edc catalog in negotiations | | ||
|
|
@@ -60,10 +60,10 @@ helm install digital-product-pass tractusx/digital-product-pass | |
| | backend.passport.policyCheck.enabled | bool | `true` | condition to enable and disable the policy check | | ||
| | backend.passport.policyCheck.policies | list | `[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:FrameworkAgreement","operator":"odrl:eq","rightOperand":"CircularEconomy:1.0"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.circular.dpp:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}]` | list of allowed policies that can be selected from the edc catalog in negotiations | | ||
| | backend.passport.policyCheck.strictMode | bool | `false` | the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value | | ||
| | backend.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10000,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | | ||
| | backend.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | | ||
| | backend.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | | ||
| | backend.podSecurityContext.runAsUser | int | `10000` | Runs all processes within a pod with a special uid | | ||
| | backend.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | | ||
| | backend.process | object | `{"encryptionKey":""}` | digital twin registry configuration | | ||
| | backend.process.encryptionKey | string | `""` | unique sha512 hash key used for the passport encryption | | ||
|
|
@@ -74,7 +74,7 @@ helm install digital-product-pass tractusx/digital-product-pass | |
| | backend.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | | ||
| | backend.securityContext.runAsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | | ||
| | backend.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | | ||
| | backend.securityContext.runAsUser | int | `10000` | The container's process will run with the specified uid | | ||
| | backend.serverPort | int | `8888` | configuration of the spring boot server | | ||
| | backend.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service | | ||
| | backend.singleApi | object | `{"delay":1000,"maxRetries":30}` | configuration to the single API endpoint | | ||
|
|
@@ -104,10 +104,10 @@ helm install digital-product-pass tractusx/digital-product-pass | |
| | frontend.irs.requestDelay | int | `30000` | request timeout delay | | ||
| | frontend.name | string | `"dpp-frontend"` | | | ||
| | frontend.negotiation.autoSign | bool | `true` | | | ||
| | frontend.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10000,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | | ||
| | frontend.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | | ||
| | frontend.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | | ||
| | frontend.podSecurityContext.runAsUser | int | `10000` | Runs all processes within a pod with a special uid | | ||
| | frontend.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | | ||
| | frontend.portal.hostname | string | `""` | | | ||
| | frontend.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | ||
|
|
@@ -116,7 +116,7 @@ helm install digital-product-pass tractusx/digital-product-pass | |
| | frontend.securityContext.readOnlyRootFilesystem | bool | `false` | Whether the root filesystem is mounted in read-only mode | | ||
| | frontend.securityContext.runAsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | | ||
| | frontend.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | | ||
| | frontend.securityContext.runAsUser | int | `10000` | The container's process will run with the specified uid | | ||
| | frontend.service.port | int | `8080` | | | ||
| | frontend.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service | | ||
| | frontend.supportContact.adminEmail | string | `"[email protected]"` | | | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
