diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml index 31ff6804b..9560d1971 100644 --- a/.github/workflows/helm-test.yaml +++ b/.github/workflows/helm-test.yaml @@ -36,7 +36,7 @@ on: node_image: description: 'kindest/node image for k8s kind cluster' # k8s version from 3.1 release as default - default: 'kindest/node:v1.27.3' + default: 'kindest/node:v1.30.0' required: false type: string upgrade_from: @@ -68,7 +68,7 @@ jobs: # upgrade version, default (v0.17.0) uses node image v1.21.1 and doesn't work with more recent node image versions version: v0.19.0 # default value for event_name != workflow_dispatch - node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }} + node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.30.0' }} - name: Build image for frontend id: build-frontend diff --git a/charts/digital-product-pass/LICENSE b/charts/digital-product-pass/LICENSE index 6f0a060c1..d3fe324e1 100644 --- a/charts/digital-product-pass/LICENSE +++ b/charts/digital-product-pass/LICENSE @@ -187,8 +187,9 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2022, 2024 BMW AG, Henkel AG & Co. KGaA - Copyright 2023, 2024 CGI Deutschland B.V. & Co. KG + Copyright 2022 BMW AG + Copyright 2022 Henkel AG & Co. KGaA + Copyright 2023 CGI Deutschland B.V. & Co. KG Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/digital-product-pass/templates/deployment-backend.yaml b/charts/digital-product-pass/templates/deployment-backend.yaml index 29ccd6730..ebf4f812b 100644 --- a/charts/digital-product-pass/templates/deployment-backend.yaml +++ b/charts/digital-product-pass/templates/deployment-backend.yaml @@ -92,9 +92,25 @@ spec: volumeMounts: {{- toYaml .Values.backend.volumeMounts | nindent 12 }} ports: - - containerPort: 8888 + - containerPort: {{ .Values.backend.service.port }} name: http protocol: TCP + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.livenessProbe.path }} + port: {{ .Values.livenessProbe.port }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} # trigger initial livenessProbe after 60 seconds + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} # check livenessProbe after every 5 minutes + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.readinessProbe.path }} + port: {{ .Values.readinessProbe.port }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} # trigger initial readinessProbe after 60 seconds + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} # check readinessProbe after every 5 minutes + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/charts/digital-product-pass/templates/deployment-frontend.yaml b/charts/digital-product-pass/templates/deployment-frontend.yaml index 53b1c3a33..52a599e7c 100644 --- a/charts/digital-product-pass/templates/deployment-frontend.yaml +++ b/charts/digital-product-pass/templates/deployment-frontend.yaml @@ -22,6 +22,10 @@ # SPDX-License-Identifier: Apache-2.0 ################################################################################# +--- + +{{- if .Values.frontend.enabled -}} + apiVersion: apps/v1 kind: Deployment metadata: @@ -116,7 +120,7 @@ spec: - name: "VERSION" value: "{{ .Chart.AppVersion }}" ports: - - containerPort: 8080 + - containerPort: {{ .Values.frontend.service.port }} name: http protocol: TCP resources: @@ -133,3 +137,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/charts/digital-product-pass/templates/ingress-backend.yaml b/charts/digital-product-pass/templates/ingress-backend.yaml index ca07af5eb..4189a3e33 100644 --- a/charts/digital-product-pass/templates/ingress-backend.yaml +++ b/charts/digital-product-pass/templates/ingress-backend.yaml @@ -79,10 +79,10 @@ spec: service: name: {{ $fullName }} port: - number: 8888 + number: {{ $svcPort }} {{- else }} serviceName: {{ $fullName }} - servicePort: 8888 + servicePort: {{ $svcPort }} {{- end }} {{- end }} {{- end }} diff --git a/charts/digital-product-pass/templates/ingress-frontend.yaml b/charts/digital-product-pass/templates/ingress-frontend.yaml index 5a68ca2a1..68c56b30a 100644 --- a/charts/digital-product-pass/templates/ingress-frontend.yaml +++ b/charts/digital-product-pass/templates/ingress-frontend.yaml @@ -22,6 +22,11 @@ # SPDX-License-Identifier: Apache-2.0 ################################################################################# +--- + +{{- if .Values.frontend.enabled -}} + + {{- if .Values.frontend.ingress.enabled -}} {{- $fullName := .Values.frontend.name -}} {{- $svcPort := .Values.frontend.service.port -}} @@ -79,11 +84,12 @@ spec: service: name: {{ $fullName }} port: - number: 8080 + number: {{ $svcPort }} {{- else }} serviceName: {{ $fullName }} - servicePort: 8080 + servicePort: {{ $svcPort }} {{- end }} {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/digital-product-pass/templates/service-backend.yaml b/charts/digital-product-pass/templates/service-backend.yaml index 91a2324e1..215d44638 100644 --- a/charts/digital-product-pass/templates/service-backend.yaml +++ b/charts/digital-product-pass/templates/service-backend.yaml @@ -32,8 +32,8 @@ metadata: spec: type: {{ .Values.backend.service.type }} ports: - - port: {{ .Values.backend.service.port }} # host port - targetPort: 8888 # container port + - port: {{ .Values.backend.service.port }} # host port + targetPort: {{ .Values.backend.service.port }} # container port protocol: TCP name: http selector: diff --git a/charts/digital-product-pass/templates/service-frontend.yaml b/charts/digital-product-pass/templates/service-frontend.yaml index 19644a83d..bec420098 100644 --- a/charts/digital-product-pass/templates/service-frontend.yaml +++ b/charts/digital-product-pass/templates/service-frontend.yaml @@ -22,6 +22,10 @@ # SPDX-License-Identifier: Apache-2.0 ################################################################################# +--- + +{{- if .Values.frontend.enabled -}} + apiVersion: v1 kind: Service metadata: @@ -32,11 +36,11 @@ metadata: spec: type: {{ .Values.frontend.service.type }} ports: - - port: {{ .Values.frontend.service.port }} # host port - targetPort: 8080 # container port + - port: {{ .Values.frontend.service.port }} # host port + targetPort: {{ .Values.frontend.service.port }} # container port protocol: TCP name: http selector: {{- include "chart.selectorLabels" . | nindent 4 }} component: frontend - +{{- end }} diff --git a/charts/digital-product-pass/values-int.yaml b/charts/digital-product-pass/values-int.yaml index a64023d6c..2d80460db 100644 --- a/charts/digital-product-pass/values-int.yaml +++ b/charts/digital-product-pass/values-int.yaml @@ -71,6 +71,7 @@ backend: frontend: + enabled: true image: pullPolicy: Always ingress: diff --git a/charts/digital-product-pass/values.yaml b/charts/digital-product-pass/values.yaml index 8a5e4b88d..fac89d8b9 100644 --- a/charts/digital-product-pass/values.yaml +++ b/charts/digital-product-pass/values.yaml @@ -181,12 +181,8 @@ backend: passport: aspects: - - "urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport" - - "urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass" - urn:samm:io.catenax.battery.battery_pass:6.0.0#BatteryPass - - "urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass" - urn:samm:io.catenax.transmission.transmission_pass:3.0.0#TransmissionPass - - "urn:samm:io.catenax.generic.digital_product_passport:2.0.0#DigitalProductPassport" - urn:samm:io.catenax.generic.digital_product_passport:5.0.0#DigitalProductPassport # -- configuration for policies to filter in the digital product pass asset negotiation policyCheck: @@ -265,6 +261,7 @@ backend: delay: 1000 frontend: + enabled: true name: "dpp-frontend" image: repository: docker.io/tractusx/digital-product-pass-frontend @@ -298,7 +295,7 @@ frontend: runAsUser: 1000 # -- Processes within a pod will belong to this guid runAsGroup: 3000 - # -- The owner for volumes and any files created within volumes will belong to this guid + # -- The owner for volumes and any files created within volumes will belong to this guide fsGroup: 3000 # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod @@ -390,6 +387,20 @@ resources: cpu: 250m memory: 512Mi +livenessProbe: + enabled: false + path: /health + port: 8888 + initialDelaySeconds: 60 # trigger initial readinessProbe after 60 seconds + periodSeconds: 300 # check readinessProbe after every 5 minutes + +readinessProbe: + enabled: false + path: /health + port: 8888 + initialDelaySeconds: 60 # trigger initial readinessProbe after 60 seconds + periodSeconds: 300 # check readinessProbe after every 5 minutes + # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes nodeSelector: {} diff --git a/dpp-backend/charts/digital-product-pass-backend/.helmignore b/dpp-backend/charts/digital-product-pass-backend/.helmignore deleted file mode 100644 index 92659fb43..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/.helmignore +++ /dev/null @@ -1,50 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -# Accept only values.yaml -values?*.yaml -values?*.yml diff --git a/dpp-backend/charts/digital-product-pass-backend/Chart.yaml b/dpp-backend/charts/digital-product-pass-backend/Chart.yaml deleted file mode 100644 index 6500a3f0d..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/Chart.yaml +++ /dev/null @@ -1,51 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# ---- -apiVersion: v2 -name: digital-product-pass-backend -description: A Helm chart for Tractus-X Digital Product Pass Backend Kubernetes -home: https://github.com/eclipse-tractusx/digital-product-pass/tree/main/dpp-backend/charts/digital-product-pass-backend -sources: - - https://github.com/eclipse-tractusx/digital-product-pass/tree/main/dpp-backend/charts/digital-product-pass-backend -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) - -version: 3.0.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "3.0.0" diff --git a/dpp-backend/charts/digital-product-pass-backend/LICENSE b/dpp-backend/charts/digital-product-pass-backend/LICENSE deleted file mode 100644 index 53417cc93..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/LICENSE +++ /dev/null @@ -1,203 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2022, 2024 BMW AG, Henkel AG & Co. KGaA - Copyright 2023, 2024 CGI Deutschland B.V. & Co. KG - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/dpp-backend/charts/digital-product-pass-backend/README.md b/dpp-backend/charts/digital-product-pass-backend/README.md deleted file mode 100644 index 29267c9f9..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# digital-product-pass-backend - -![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square) - -A Helm chart for Tractus-X Digital Product Pass Backend Kubernetes - -**Homepage:** - - -## TL;DR - -### Install - -```bash -cd backend/charts/digital-product-pass-backend -helm install digital-product-pass-backend -f ./values.yaml -f ./values-int.yaml -``` - -> **NOTE**: This command will deploy the backend application. - -### Exposing ports - -Once the application is running, the certain ports need to be exposed to access the backend outside the Kubernetes cluster. - -### Get pod name -Search for the application name: - -```bash -kubectl get pods --no-headers | awk '{if ($1 ~ "dpp-backend-*") print $1}' -``` -Copy the pod name with the prefix `dpp-backend-*` - -### Port forwarding - -```bash -kubectl port-forward dpp-backend-* 8888:8888 -``` - -> **NOTE**: The default port set is `8888` however it can be changed in the configuration. - -### Check if the application is running - -Open the web browser with the following url to check the health status: -``` -localhost:8888/health -``` - -## Source Code - -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| digitalTwinRegistry.endpoints.digitalTwin | string | `"/shell-descriptors"` | | -| digitalTwinRegistry.endpoints.search | string | `"/lookup/shells"` | | -| digitalTwinRegistry.endpoints.subModel | string | `"/submodel-descriptors"` | | -| digitalTwinRegistry.policyCheck | object | `{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false}` | policy configuration for the digital twin assets in the edc catalog | -| digitalTwinRegistry.policyCheck.enabled | bool | `true` | condition to enable and disable the policy check | -| digitalTwinRegistry.policyCheck.policies | list | `[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}]` | list of allowed policies that can be selected from the edc catalog in negotiations | -| digitalTwinRegistry.policyCheck.strictMode | bool | `false` | the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value | -| digitalTwinRegistry.temporaryStorage | object | `{"enabled":true,"lifetime":12}` | temporary storage of dDTRs for optimization | -| digitalTwinRegistry.timeouts | object | `{"digitalTwin":40,"negotiation":60,"search":50,"transfer":20}` | timeouts for the digital twin registry async negotiation | -| discovery | object | `{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""}` | discovery configuration | -| discovery.bpnDiscovery | object | `{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"}` | bpn discovery configuration | -| discovery.edcDiscovery | object | `{"key":"bpn"}` | edc discovery configuration | -| discovery.hostname | string | `""` | discovery finder configuration | -| edc | object | `{"apis":{"catalog":"/catalog/request","management":"/management/v2","negotiation":"/contractnegotiations","readiness":"/api/check/readiness","transfer":"/transferprocesses"},"delay":100,"hostname":"","participantId":"","xApiKey":""}` | in this section we configure the values that are inserted as secrets in the backend | -| edc.hostname | string | `""` | edc consumer connection configuration | -| edc.participantId | string | `""` | BPN Number | -| edc.xApiKey | string | `""` | the secret for assesing the edc management API | -| fullnameOverride | string | `""` | | -| hostname | string | `""` | backend hostname (without protocol prefix [DEFAULT HTTPS] for security ) | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"docker.io/tractusx/digital-product-pass-backend"` | | -| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| ingress | object | `{"enabled":false,"hosts":[{"host":"","paths":[{"path":"/","pathType":"Prefix"}]}]}` | ingress declaration to expose the dpp-backend service | -| irs | object | `{"enabled":false,"hostname":""}` | irs configuration | -| logging.level.root | string | `"INFO"` | general logging level | -| logging.level.utils | string | `"INFO"` | logging for the util components | -| maxRetries | int | `5` | max retries for the backend services | -| name | string | `"dpp-backend"` | | -| nameOverride | string | `""` | | -| namespace | string | `""` | | -| nodeSelector | object | `{}` | | -| oauth | object | `{"apiKey":{"header":"X-Api-Key","secret":""},"appId":"","bpnCheck":{"bpn":"","enabled":false},"hostname":"","onLoad":"login-required","realm":"","roleCheck":{"enabled":false},"techUser":{"clientId":"","clientSecret":""}}` | oauth configuration | -| oauth.apiKey | object | `{"header":"X-Api-Key","secret":""}` | to authenticate against single API | -| oauth.bpnCheck | object | `{"bpn":"","enabled":false}` | configure here the bpn check for the application | -| oauth.bpnCheck.bpn | string | `""` | this bpn needs to be included in the user login information when the check is enabled | -| oauth.hostname | string | `""` | url of the identity provider service | -| oauth.roleCheck | object | `{"enabled":false}` | the role check checks if the user has access roles for the appId | -| oauth.techUser | object | `{"clientId":"","clientSecret":""}` | note: this credentials need to have access to the Discovery Finder, BPN Discovery and EDC Discovery | -| passport.aspects[0] | string | `"urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport"` | | -| passport.aspects[1] | string | `"urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass"` | | -| passport.aspects[2] | string | `"urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass"` | | -| passport.aspects[3] | string | `"urn:samm:io.catenax.generic.digital_product_passport:2.0.0#DigitalProductPassport"` | | -| passport.policyCheck | object | `{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:FrameworkAgreement","operator":"odrl:eq","rightOperand":"circulareconomy:1.0"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.circular.dpp:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false}` | configuration for policies to filter in the digital product pass asset negotiation | -| passport.policyCheck.enabled | bool | `true` | condition to enable and disable the policy check | -| passport.policyCheck.policies | list | `[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:FrameworkAgreement","operator":"odrl:eq","rightOperand":"circulareconomy:1.0"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.circular.dpp:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}]` | list of allowed policies that can be selected from the edc catalog in negotiations | -| passport.policyCheck.strictMode | bool | `false` | the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value | -| podAnnotations | object | `{}` | | -| podSecurityContext | object | `{"fsGroup":3000,"runAsGroup":3000,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| podSecurityContext.fsGroup | int | `3000` | The owner for volumes and any files created within volumes will belong to this guid | -| podSecurityContext.runAsGroup | int | `3000` | Processes within a pod will belong to this guid | -| podSecurityContext.runAsUser | int | `1000` | Runs all processes within a pod with a special uid | -| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| process | object | `{"encryptionKey":""}` | digital twin registry configuration | -| process.encryptionKey | string | `""` | unique sha512 hash key used for the passport encryption | -| replicaCount | int | `1` | | -| resources.limits.cpu | string | `"500m"` | | -| resources.limits.memory | string | `"512Mi"` | | -| resources.requests.cpu | string | `"250m"` | | -| resources.requests.memory | string | `"512Mi"` | | -| securityCheck | object | `{"bpn":false,"edc":false}` | security configuration | -| securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| securityContext.runAsGroup | int | `3000` | The owner for volumes and any files created within volumes will belong to this guid | -| securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| securityContext.runAsUser | int | `1000` | The container's process will run with the specified uid | -| serverPort | int | `8888` | configuration of the spring boot server | -| service.port | int | `8888` | | -| service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| single-api | object | `{"delay":1000,"maxRetries":30}` | configuration to the single API endpoint | -| tolerations | list | `[]` | | -| volumeMounts | list | `[{"mountPath":"/app/config","name":"backend-config"},{"mountPath":"/app/data/process","name":"pvc-backend","subPath":"data/process"},{"mountPath":"/app/log","name":"tmpfs","subPath":"log"},{"mountPath":"/tmp","name":"tmpfs"},{"mountPath":"/app/data/VaultConfig","name":"tmpfs","subPath":"VaultConfig/vault.token.yml"},{"mountPath":"/app/tmp","name":"tmpfs"}]` | specifies the volume mounts for the backend deployment | -| volumeMounts[0] | object | `{"mountPath":"/app/config","name":"backend-config"}` | mounted path for the backend configuration added in the config maps | -| volumeMounts[1] | object | `{"mountPath":"/app/data/process","name":"pvc-backend","subPath":"data/process"}` | contains the location for the process data directory | -| volumeMounts[2] | object | `{"mountPath":"/app/log","name":"tmpfs","subPath":"log"}` | contains the log directory uses by the backend | -| volumeMounts[3] | object | `{"mountPath":"/tmp","name":"tmpfs"}` | container tmp directory | -| volumeMounts[4] | object | `{"mountPath":"/app/data/VaultConfig","name":"tmpfs","subPath":"VaultConfig/vault.token.yml"}` | contains the vault configuration for the backend | -| volumeMounts[5] | object | `{"mountPath":"/app/tmp","name":"tmpfs"}` | contains the temporary directory used by the backend | -| volumes | list | `[{"configMap":{"name":"{{ .Release.Name }}-backend-config"},"name":"backend-config"},{"name":"pvc-backend","persistentVolumeClaim":{"claimName":"{{ .Release.Name }}-pvc-data"}},{"emptyDir":{},"name":"tmpfs"}]` | volume claims for the containers | -| volumes[0] | object | `{"configMap":{"name":"{{ .Release.Name }}-backend-config"},"name":"backend-config"}` | persist the backend configuration | -| volumes[1] | object | `{"name":"pvc-backend","persistentVolumeClaim":{"claimName":"{{ .Release.Name }}-pvc-data"}}` | persist the backend data directories | -| volumes[2] | object | `{"emptyDir":{},"name":"tmpfs"}` | temporary file system mount | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/dpp-backend/charts/digital-product-pass-backend/templates/NOTES.txt b/dpp-backend/charts/digital-product-pass-backend/templates/NOTES.txt deleted file mode 100644 index 53b5ac225..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/templates/NOTES.txt +++ /dev/null @@ -1,46 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "chart.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "chart.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/dpp-backend/charts/digital-product-pass-backend/templates/_helpers.tpl b/dpp-backend/charts/digital-product-pass-backend/templates/_helpers.tpl deleted file mode 100644 index 2735b00f6..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/templates/_helpers.tpl +++ /dev/null @@ -1,87 +0,0 @@ -##################################################################################### - # Tractus-X - Digital Product Passport Application - # - # Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG - # Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0. - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, - # either express or implied. See the - # License for the specific language govern in permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - ################################################################################# governing permissions and - -{{/* -Expand the name of the chart. -*/}} -{{- define "chart.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "chart.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "chart.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} - -{{- define "chart.labels" -}} -helm.sh/chart: {{ include "chart.chart" . }} -{{ include "chart.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "chart.selectorLabels" -}} -app.kubernetes.io/name: {{ include "chart.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "chart.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "chart.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/dpp-backend/charts/digital-product-pass-backend/templates/configmap.yaml b/dpp-backend/charts/digital-product-pass-backend/templates/configmap.yaml deleted file mode 100644 index 96d105d8d..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/templates/configmap.yaml +++ /dev/null @@ -1,170 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-backend-config - namespace: {{ .Values.namespace }} -data: - application.yaml: |- - spring: - name: "Digital Product Passport Consumer Backend" - main: - allow-bean-definition-overriding: true - devtools: - add-properties: false - jackson: - serialization: - indent_output: true - logging: - level: - # -- general logging level - root: {{ tpl (.Values.logging.level.root | default "INFO") . | quote }} - # -- logging for the util components - utils: {{ tpl (.Values.logging.level.utils | default "INFO") . | quote }} - - configuration: - # -- max retries for the backend services - maxRetries: {{ .Values.maxRetries }} - # -- keycloak configuration - keycloak: - realm: {{ .Values.oauth.realm }} - resource: {{ .Values.oauth.appId }} - tokenUri: "https://{{ tpl (.Values.oauth.hostname | default "http://localhost") . }}/auth/realms/{{ .Values.oauth.realm }}/protocol/openid-connect/token" - userInfoUri: "https://{{ tpl (.Values.oauth.hostname | default "http://localhost") . }}/auth/realms/{{ .Values.oauth.realm }}/protocol/openid-connect/userinfo" - # -- edc consumer connection configuration - edc: - endpoint: "https://{{ .Values.edc.hostname }}" - readiness: {{ .Values.edc.apis.readiness }} - management: {{ .Values.edc.apis.management }} - catalog: {{ .Values.edc.apis.catalog }} - negotiation: {{ .Values.edc.apis.negotiation }} - transfer: {{ .Values.edc.apis.transfer }} - receiverEndpoint: "https://{{ .Values.hostname }}/endpoint" - delay: {{ .Values.edc.delay }} # -- Negotiation status Delay in milliseconds in between async requests [<= 500] - # -- security configuration - security: - # -- authorization configuration about bpn and role checks - authorization: - bpnAuth: {{ .Values.oauth.bpnCheck.enabled }} - roleAuth: {{ .Values.oauth.roleCheck.enabled }} - # -- checkups done in the startup - startUpChecks: - bpnCheck: {{ .Values.securityCheck.bpn }} - edcCheck: {{ .Values.securityCheck.edc }} - authentication: - header: {{ .Values.oauth.apiKey.header }} - # -- irs configuration - irs: - enabled: {{ .Values.irs.enabled }} # -- Enable search for children in the requests - endpoint: "https://{{ .Values.irs.hostname }}" # -- IRS endpoint - paths: - job: "/irs/jobs" # -- API path for calling in the IRS endpoints and staring/getting jobs - tree: - fileName: "treeDataModel" # -- Tree dataModel filename created in the processId directory - indent: true # -- Indent tree file - callbackUrl: "https://{{ .Values.hostname }}/api/irs" # -- Backend call back base url for the irs controller - # -- digital twin registry configuration - dtr: - # -- asset type to search for the registry in the edc - assetType: 'data.core.digitalTwinRegistry' - # -- submodel endpoint interface to search - endpointInterface: 'SUBMODEL-3.0' - # -- dsp endpoint key inside submodel body - dspEndpointKey: 'dspEndpoint' - # -- decentral digital twin apis - decentralApis: - search: {{ .Values.digitalTwinRegistry.endpoints.search }} - digitalTwin: {{ .Values.digitalTwinRegistry.endpoints.digitalTwin }} - subModel: {{ .Values.digitalTwinRegistry.endpoints.subModel }} - # -- timeouts for the digital twin registry async negotiation - timeouts: - search: {{ .Values.digitalTwinRegistry.timeouts.search }} - negotiation: {{ .Values.digitalTwinRegistry.timeouts.negotiation }} - transfer: {{ .Values.digitalTwinRegistry.timeouts.transfer }} - digitalTwin: {{ .Values.digitalTwinRegistry.timeouts.digitalTwin }} - # -- temporary storage of dDTRs for optimization - temporaryStorage: - enabled: {{ .Values.digitalTwinRegistry.temporaryStorage.enabled }} - lifetime: {{ .Values.digitalTwinRegistry.temporaryStorage.lifetime }} - # -- policy configuration for the digital twin registries negotiation - policyCheck: - enabled: {{ .Values.digitalTwinRegistry.policyCheck.enabled }} - strictMode: {{ .Values.digitalTwinRegistry.policyCheck.strictMode }} - policies: {{- toYaml .Values.digitalTwinRegistry.policyCheck.policies | nindent 10 }} - - # -- discovery configuration - discovery: - # -- discovery finder configuration - endpoint: "https://{{ tpl (.Values.discovery.hostname | default "") . }}/api/v1.0/administration/connectors/discovery/search" - # -- bpn discovery configuration - bpn: - key: {{ tpl (.Values.discovery.bpnDiscovery.key | default "manufacturerPartId") . | quote }} - searchPath: {{ tpl (.Values.discovery.bpnDiscovery.path | default "") . | quote }} - # -- edc discovery configuration - edc: - key: {{ tpl (.Values.discovery.edcDiscovery.key | default "bpn") . | quote }} - # -- configuration to the single API endpoint - single-api: - maxRetries: {{ .Values.singleApi.maxRetries }} - delay: {{ .Values.singleApi.delay }} - # -- process configuration - process: - # -- directory for storing the contract negotiation files - dir: "process" - # -- indent the process negotiation files - indent: true - # -- unique sha512 hash key used for the passport encryption - signKey: {{ tpl (.Values.process.encryptionKey | default "") . | quote }} - # -- passport data transfer configuration - passport: - # -- configure the data transfer - dataTransfer: - # -- encrypt the passport when he arrives from the edc data plane - encrypt: true - # -- the indent from the passport - indent: true - # -- directory to store the passport when is not linked to a process - dir: "data/transfer" - # -- passport versions and aspects allowed - aspects: {{- toYaml .Values.passport.aspects | nindent 10 }} - # -- policy configuration for the digital product pass aspect models negotiation - policyCheck: - enabled: {{ .Values.passport.policyCheck.enabled }} - strictMode: {{ .Values.passport.policyCheck.strictMode }} - policies: {{- toYaml .Values.passport.policyCheck.policies | nindent 10 }} - # -- configuration of the spring boot server - server: - # -- configuration of backend errors - error: - include-message: ALWAYS - include-binding-errors: ALWAYS - include-stacktrace: ON_PARAM - include-exception: false - # -- listening port for the backend - port: {{ .Values.serverPort }} - # -- maximum allowed connections - tomcat: - max-connections: 10000 diff --git a/dpp-backend/charts/digital-product-pass-backend/templates/deployment.yaml b/dpp-backend/charts/digital-product-pass-backend/templates/deployment.yaml deleted file mode 100644 index 310266acf..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/templates/deployment.yaml +++ /dev/null @@ -1,123 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Values.name }} - labels: - {{- include "chart.labels" . | nindent 4 }} - namespace: {{ .Values.namespace }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "chart.selectorLabels" . | nindent 6 }} - component: backend - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "chart.selectorLabels" . | nindent 8 }} - component: backend - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "chart.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Values.name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: "appId" - valueFrom: - secretKeyRef: - key: appId - name: {{ .Release.Name }}-backend-auth - - name: "client.id" - valueFrom: - secretKeyRef: - key: clientId - name: {{ .Release.Name }}-backend-auth - - name: "client.secret" - valueFrom: - secretKeyRef: - key: clientSecret - name: {{ .Release.Name }}-backend-auth - - name: "edc.apiKey" - valueFrom: - secretKeyRef: - key: xApiKey - name: {{ .Release.Name }}-backend-edc-oauth - - name: "edc.participantId" - valueFrom: - secretKeyRef: - key: participantId - name: {{ .Release.Name }}-backend-edc-oauth - - name: "oauth.apiKey" - valueFrom: - secretKeyRef: - key: xApiKey - name: {{ .Release.Name }}-backend-auth - volumeMounts: - {{- toYaml .Values.volumeMounts | nindent 12 }} - ports: - - name: http - containerPort: 8888 - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: http - readinessProbe: - httpGet: - path: /health - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- tpl (toYaml .Values.volumes | nindent 12) .}} diff --git a/dpp-backend/charts/digital-product-pass-backend/templates/ingress.yaml b/dpp-backend/charts/digital-product-pass-backend/templates/ingress.yaml deleted file mode 100644 index 448d1defa..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/templates/ingress.yaml +++ /dev/null @@ -1,89 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application - # - # Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG - # Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0. - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, - # either express or implied. See the - # License for the specific language govern in permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - ################################################################################# - -{{- if .Values.ingress.enabled -}} -{{- $fullName := .Values.name -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} - -# {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -# apiVersion: networking.k8s.io/v1 -# {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -# apiVersion: networking.k8s.io/v1beta1 -# {{- else -}} -# apiVersion: extensions/v1beta1 -# {{- end }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Values.namespace }} - labels: - {{- include "chart.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/dpp-backend/charts/digital-product-pass-backend/templates/pvc-data.yaml b/dpp-backend/charts/digital-product-pass-backend/templates/pvc-data.yaml deleted file mode 100644 index 1be674324..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/templates/pvc-data.yaml +++ /dev/null @@ -1,38 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Release.Name }}-pvc-data - labels: - {{- include "chart.labels" . | nindent 4 }} - namespace: {{ .Values.namespace }} -spec: - storageClassName: default - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/dpp-backend/charts/digital-product-pass-backend/templates/secret.yaml b/dpp-backend/charts/digital-product-pass-backend/templates/secret.yaml deleted file mode 100644 index e8edcdd42..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/templates/secret.yaml +++ /dev/null @@ -1,50 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-backend-auth - labels: - {{- include "chart.labels" . | nindent 4 }} - namespace: {{ .Values.namespace }} -type: Opaque -stringData: - appId: {{ .Values.oauth.appId }} - clientId: {{ .Values.oauth.techUser.clientId }} - clientSecret: {{ .Values.oauth.techUser.clientSecret }} - xApiKey: {{ .Values.oauth.apiKey.secret }} ---- - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-backend-edc-oauth - labels: - {{- include "chart.labels" . | nindent 4 }} - namespace: {{ .Values.namespace }} -type: Opaque -stringData: - xApiKey: {{ .Values.edc.xApiKey }} - participantId: {{ .Values.edc.participantId }} diff --git a/dpp-backend/charts/digital-product-pass-backend/templates/service.yaml b/dpp-backend/charts/digital-product-pass-backend/templates/service.yaml deleted file mode 100644 index 3d24466e0..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/templates/service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.name }} - namespace: {{ .Values.namespace }} - labels: - {{- include "chart.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} # host port - targetPort: 8888 # container port - protocol: TCP - name: http - selector: - {{- include "chart.selectorLabels" . | nindent 4 }} - component: backend diff --git a/dpp-backend/charts/digital-product-pass-backend/templates/serviceaccount.yaml b/dpp-backend/charts/digital-product-pass-backend/templates/serviceaccount.yaml deleted file mode 100644 index cbf734797..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/templates/serviceaccount.yaml +++ /dev/null @@ -1,34 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "chart.serviceAccountName" . }} - labels: - {{- include "chart.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/dpp-backend/charts/digital-product-pass-backend/templates/tests/test-connection.yaml b/dpp-backend/charts/digital-product-pass-backend/templates/tests/test-connection.yaml deleted file mode 100644 index 90657f81a..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/templates/tests/test-connection.yaml +++ /dev/null @@ -1,40 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -apiVersion: v1 -kind: Pod -metadata: - name: dpp-test-connection - labels: - {{- include "chart.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: backend - image: busybox - command: ['/bin/sh','-c'] - args: ["i=0; wget '{{ .Values.name }}:{{ .Values.service.port }}'/health -O /dev/null; while [ $i -ne 5 ]; do wget '{{ .Values.name }}:{{ .Values.service.port }}'/health -O /dev/null; sleep 6; i=$(($i+1)); done"] - restartPolicy: Never - diff --git a/dpp-backend/charts/digital-product-pass-backend/values-int.yaml b/dpp-backend/charts/digital-product-pass-backend/values-int.yaml deleted file mode 100644 index e51e09534..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/values-int.yaml +++ /dev/null @@ -1,81 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -ingress: - enabled: true - # className: "nginx" - annotations: - ingressClassName: nginx - # kubernetes.io/tls-acme: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/ssl-passthrough: "false" - nginx.ingress.kubernetes.io/backend-protocol: "HTTP" - hosts: - - host: &hostname "dpp-backend.int.demo.catena-x.net" - paths: - - path: / - pathType: Prefix - tls: - - secretName: tls-secret - hosts: - - *hostname -edc: - xApiKey: - participantId: &bpn - hostname: "materialpass.int.demo.catena-x.net/consumer" - -hostname: *hostname -securityCheck: - bpn: true - edc: true - -irs: - enabled: true - hostname: "materialpass-irs.int.demo.catena-x.net" - -process: - encryptionKey: "" - -discovery: - hostname: "semantics.int.demo.catena-x.net/discoveryfinder" - -single-api: - maxRetries: 30 - delay: 1000 - -oauth: - hostname: "centralidp.int.demo.catena-x.net" - techUser: - clientId: - clientSecret: - realm: - appId: - bpnCheck: - enabled: true - bpn: *bpn - roleCheck: - enabled: false - apiKey: - header: "X-Api-Key" - secret: diff --git a/dpp-backend/charts/digital-product-pass-backend/values.yaml b/dpp-backend/charts/digital-product-pass-backend/values.yaml deleted file mode 100644 index a69d0735c..000000000 --- a/dpp-backend/charts/digital-product-pass-backend/values.yaml +++ /dev/null @@ -1,313 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Passport Application -# -# Copyright (c) 2022, 2024 BMW AG, Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -# Default values for dpp-frontend. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -name: "dpp-backend" -replicaCount: 1 -namespace: "" -nameOverride: "" -fullnameOverride: "" - -image: - repository: docker.io/tractusx/digital-product-pass-backend - pullPolicy: IfNotPresent -# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) -imagePullSecrets: [] - -service: -# -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service - type: ClusterIP - port: 8888 - - -# -- ingress declaration to expose the dpp-backend service -ingress: - enabled: false - hosts: - - host: &hostname "" - paths: - - path: / - pathType: Prefix - -# -- in this section we configure the values that are inserted as secrets in the backend -edc: - # -- the secret for assesing the edc management API - xApiKey: "" - # -- BPN Number - participantId: &bpn "" - # -- edc consumer connection configuration - hostname: "" - apis: - readiness: "/api/check/readiness" - management: '/management/v2' - catalog: '/catalog/request' - negotiation: '/contractnegotiations' - transfer: '/transferprocesses' - delay: 100 # -- Negotiation status Delay in milliseconds in between async requests [<= 500] - -# -- backend hostname (without protocol prefix [DEFAULT HTTPS] for security ) -hostname: *hostname -# -- configuration of the spring boot server -serverPort: 8888 - -logging: - level: - # -- general logging level - root: INFO - # -- logging for the util components - utils: INFO - -# -- Provide your custom configuration here (this overrides the DPP backend spring application.yaml) -# -- max retries for the backend services -maxRetries: 5 - - # -- security configuration -securityCheck: - bpn: false - edc: false - -# -- irs configuration -irs: - enabled: false - hostname: "" - -# -- digital twin registry configuration -process: - # -- unique sha512 hash key used for the passport encryption - encryptionKey: "" - -passport: - aspects: - - "urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport" - - "urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass" - - "urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass" - - "urn:samm:io.catenax.generic.digital_product_passport:2.0.0#DigitalProductPassport" - # -- configuration for policies to filter in the digital product pass asset negotiation - policyCheck: - # -- condition to enable and disable the policy check - enabled: true - # -- the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value - strictMode: false - # -- list of allowed policies that can be selected from the edc catalog in negotiations - policies: - - permission: - - action: "USE" - logicalConstraint: "odrl:and" - constraints: - - leftOperand: "cx-policy:Membership" - operator: "odrl:eq" - rightOperand: "active" - - leftOperand: "cx-policy:FrameworkAgreement" - operator: "odrl:eq" - rightOperand: "circulareconomy:1.0" - - leftOperand: "cx-policy:UsagePurpose" - operator: "odrl:eq" - rightOperand: "cx.circular.dpp:1" - prohibition: [ ] - obligation: [ ] -digitalTwinRegistry: - endpoints: - search: "/lookup/shells" - digitalTwin: "/shell-descriptors" - subModel: "/submodel-descriptors" - # -- timeouts for the digital twin registry async negotiation - timeouts: - search: 50 - negotiation: 60 - transfer: 20 - digitalTwin: 40 - # -- temporary storage of dDTRs for optimization - temporaryStorage: - enabled: true - lifetime: 12 # -- Hours - # -- policy configuration for the digital twin assets in the edc catalog - policyCheck: - # -- condition to enable and disable the policy check - enabled: true - # -- the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value - strictMode: false - # -- list of allowed policies that can be selected from the edc catalog in negotiations - policies: - - permission: - - action: "USE" - logicalConstraint: "odrl:and" - constraints: - - leftOperand: "cx-policy:Membership" - operator: "odrl:eq" - rightOperand: "active" - - leftOperand: "cx-policy:UsagePurpose" - operator: "odrl:eq" - rightOperand: "cx.core.digitalTwinRegistry:1" - prohibition: [ ] - obligation: [ ] -# -- discovery configuration -discovery: - # -- discovery finder configuration - hostname: "" - # -- bpn discovery configuration - bpnDiscovery: - key: "manufacturerPartId" - path: "/api/v1.0/administration/connectors/bpnDiscovery/search" - # -- edc discovery configuration - edcDiscovery: - key: "bpn" -# -- configuration to the single API endpoint -single-api: - maxRetries: 30 - delay: 1000 - -# -- oauth configuration -oauth: - # -- url of the identity provider service - hostname: "" - # -- technical user keycloak central id credentials - # -- note: this credentials need to have access to the Discovery Finder, BPN Discovery and EDC Discovery - techUser: - clientId: "" - clientSecret: "" - realm: "" - appId: "" - onLoad: "login-required" - # -- configure here the bpn check for the application - bpnCheck: - enabled: false - # -- this bpn needs to be included in the user login information when the check is enabled - bpn: *bpn - # -- the role check checks if the user has access roles for the appId - roleCheck: - enabled: false - - # -- to authenticate against single API - apiKey: - header: "X-Api-Key" - secret: "" - -# -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment -podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 1000 - # -- Processes within a pod will belong to this guid - runAsGroup: 3000 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 3000 - -# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod -securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 1000 - # -- The owner for volumes and any files created within volumes will belong to this guid - runAsGroup: 3000 - -# -- specifies the volume mounts for the backend deployment -volumeMounts: - # -- mounted path for the backend configuration added in the config maps - - name: backend-config - mountPath: /app/config - # -- contains the location for the process data directory - - name: pvc-backend - mountPath: /app/data/process - subPath: data/process - # -- contains the log directory uses by the backend - - name: tmpfs - mountPath: /app/log - subPath: log - # -- container tmp directory - - name: tmpfs - mountPath: /tmp - # -- contains the vault configuration for the backend - - name: tmpfs - mountPath: /app/data/VaultConfig - subPath: VaultConfig/vault.token.yml - # -- contains the temporary directory used by the backend - - name: tmpfs - mountPath: /app/tmp - -# -- volume claims for the containers -volumes: - # -- persist the backend configuration - - name: backend-config - configMap: - name: "{{ .Release.Name }}-backend-config" - # -- persist the backend data directories - - name: pvc-backend - persistentVolumeClaim: - claimName: "{{ .Release.Name }}-pvc-data" - # -- temporary file system mount - - name: tmpfs - emptyDir: {} - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -# Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm -# @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits -resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 250m - memory: 512Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -podAnnotations: {} - -# [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes -nodeSelector: {} - -# [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes -tolerations: [] - -# [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on -affinity: {} diff --git a/dpp-frontend/Dockerfile b/dpp-frontend/Dockerfile index 809f0109d..6f35c0f9a 100644 --- a/dpp-frontend/Dockerfile +++ b/dpp-frontend/Dockerfile @@ -33,7 +33,7 @@ COPY package*.json ./ RUN npm install -g npm #RUN npm install -RUN npm install --legacy-peer-deps +RUN npm install # Copy rest of the files COPY . .