chore(docs): updated helm docs and helm charts versions

README.md

@@ -38,7 +38,7 @@ In particular, the appliction is used to access the battery passport data provid
 #### Helm Chart Version
 <pre id="helm-version"><a href="https://github.com/eclipse-tractusx/digital-product-pass/releases/tag/digital-product-pass-2.0.1">2.0.1</a></pre>
 #### Application Version
-<pre id="app-version"><a href="https://github.com/eclipse-tractusx/digital-product-pass/releases/tag/v2.0.1">v2.0.1</a></pre>
+<pre id="app-version"><a href="https://github.com/eclipse-tractusx/digital-product-pass/releases/tag/v2.1.0">v2.1.0</a></pre>
 
 
 ## Application Preview

charts/digital-product-pass/README.md

@@ -1,6 +1,6 @@
 # digital-product-pass
 
-![Version: 2.0.1](https://img.shields.io/badge/Version-2.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.1](https://img.shields.io/badge/AppVersion-2.0.1-informational?style=flat-square)
+![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.0](https://img.shields.io/badge/AppVersion-2.1.0-informational?style=flat-square)
 
 A Helm chart for Tractus-X Digital Product Pass Kubernetes
 
@@ -15,10 +15,10 @@ A Helm chart for Tractus-X Digital Product Pass Kubernetes
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
-| backend | object | `{"digitalTwinRegistry":{"endpoints":{"digitalTwin":"/shell-descriptors","search":"/lookup/shells","subModel":"/submodel-descriptors"},"temporaryStorage":{"enabled":true,"lifetime":12},"timeouts":{"digitalTwin":20,"negotiation":40,"search":10,"transfer":10}},"discovery":{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""},"edc":{"apis":{"catalog":"/catalog/request","management":"/management/v2","negotiation":"/contractnegotiations","transfer":"/transferprocesses"},"delay":100,"hostname":"","participantId":"<Add participant id here>","xApiKey":"<Add API key here>"},"hostname":"localhost","image":{"pullPolicy":"Always","repository":"docker.io/tractusx/digital-product-pass-backend"},"imagePullSecrets":[],"ingress":{"enabled":false,"hosts":[{"host":"localhost","paths":[{"path":"/","pathType":"Prefix"}]}]},"irs":{"enabled":false,"hostname":""},"logging":{"level":{"root":"INFO","utils":"INFO"}},"maxRetries":5,"name":"dpp-backend","passport":{"aspects":["urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport","urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass","urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass"]},"process":{"encryptionKey":""},"securityCheck":{"bpn":false,"edc":false},"serverPort":8888,"service":{"port":8888,"type":"ClusterIP"}}` | Backend configuration |
+| backend | object | `{"digitalTwinRegistry":{"endpoints":{"digitalTwin":"/shell-descriptors","search":"/lookup/shells","subModel":"/submodel-descriptors"},"temporaryStorage":{"enabled":true,"lifetime":12},"timeouts":{"digitalTwin":20,"negotiation":40,"search":50,"transfer":10}},"discovery":{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""},"edc":{"apis":{"catalog":"/catalog/request","management":"/management/v2","negotiation":"/contractnegotiations","transfer":"/transferprocesses"},"delay":100,"hostname":"","participantId":"<Add participant id here>","xApiKey":"<Add API key here>"},"hostname":"localhost","image":{"pullPolicy":"Always","repository":"docker.io/tractusx/digital-product-pass-backend"},"imagePullSecrets":[],"ingress":{"enabled":false,"hosts":[{"host":"localhost","paths":[{"path":"/","pathType":"Prefix"}]}]},"irs":{"enabled":false,"hostname":""},"logging":{"level":{"root":"INFO","utils":"INFO"}},"maxRetries":5,"name":"dpp-backend","passport":{"aspects":["urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport","urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass","urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass","urn:samm:io.catenax.generic.digital_product_passport:2.0.0#DigitalProductPassport"]},"podSecurityContext":{"fsGroup":3000,"runAsGroup":3000,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"process":{"encryptionKey":""},"securityCheck":{"bpn":false,"edc":false},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"add":[],"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":3000,"runAsNonRoot":true,"runAsUser":1000},"serverPort":8888,"service":{"port":8888,"type":"ClusterIP"}}` | Backend configuration |
 | backend.digitalTwinRegistry.temporaryStorage | object | `{"enabled":true,"lifetime":12}` | temporary storage of dDTRs for optimization |
 | backend.digitalTwinRegistry.temporaryStorage.lifetime | int | `12` | lifetime of the temporaryStorage in hours |
-| backend.digitalTwinRegistry.timeouts | object | `{"digitalTwin":20,"negotiation":40,"search":10,"transfer":10}` | timeouts for the digital twin registry async negotiation |
+| backend.digitalTwinRegistry.timeouts | object | `{"digitalTwin":20,"negotiation":40,"search":50,"transfer":10}` | timeouts for the digital twin registry async negotiation |
 | backend.discovery | object | `{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""}` | discovery configuration |
 | backend.discovery.bpnDiscovery | object | `{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"}` | bpn discovery configuration |
 | backend.discovery.edcDiscovery | object | `{"key":"bpn"}` | edc discovery configuration |
@@ -34,17 +34,27 @@ A Helm chart for Tractus-X Digital Product Pass Kubernetes
 | backend.logging.level.root | string | `"INFO"` | general logging level |
 | backend.logging.level.utils | string | `"INFO"` | logging for the util components |
 | backend.maxRetries | int | `5` | max retries for the backend services |
-| backend.passport | object | `{"aspects":["urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport","urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass","urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass"]}` | passport data transfer configuration |
-| backend.passport.aspects | list | `["urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport","urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass","urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass"]` | passport versions and aspects allowed |
+| backend.podSecurityContext | object | `{"fsGroup":3000,"runAsGroup":3000,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment |
+| backend.podSecurityContext.fsGroup | int | `3000` | The owner for volumes and any files created within volumes will belong to this guid |
+| backend.podSecurityContext.runAsGroup | int | `3000` | Processes within a pod will belong to this guid |
+| backend.podSecurityContext.runAsUser | int | `1000` | Runs all processes within a pod with a special uid |
+| backend.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
 | backend.process | object | `{"encryptionKey":""}` | digital twin registry configuration |
 | backend.process.encryptionKey | string | `""` | unique sha512 hash key used for the passport encryption |
 | backend.securityCheck | object | `{"bpn":false,"edc":false}` | security configuration |
+| backend.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
+| backend.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
+| backend.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
+| backend.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
+| backend.securityContext.runAsGroup | int | `3000` | The owner for volumes and any files created within volumes will belong to this guid |
+| backend.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
+| backend.securityContext.runAsUser | int | `1000` | The container's process will run with the specified uid |
 | backend.serverPort | int | `8888` | configuration of the spring boot server |
 | backend.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service |
-| frontend.api | object | `{"delay":1000,"max_retries":30,"timeout":90000}` | api timeouts |
+| frontend.api | object | `{"delay":1000,"max_retries":30,"timeout":{"decline":20000,"negotiate":40000,"search":60000}}` | api timeouts |
 | frontend.api.delay | int | `1000` | delay from getting status |
 | frontend.api.max_retries | int | `30` | max retries for getting status |
-| frontend.api.timeout | int | `90000` | default timeout  - 90 seconds in milliseconds |
+| frontend.api.timeout | object | `{"decline":20000,"negotiate":40000,"search":60000}` | default timeout  - 90 seconds in milliseconds |
 | frontend.backend | object | `{"hostname":""}` | url of the digital product pass backend service |
 | frontend.image.pullPolicy | string | `"Always"` |  |
 | frontend.image.repository | string | `"docker.io/tractusx/digital-product-pass-frontend"` |  |
@@ -54,14 +64,27 @@ A Helm chart for Tractus-X Digital Product Pass Kubernetes
 | frontend.irs.maxWaitingTime | int | `30` | maximum waiting time to get the irs job status |
 | frontend.irs.requestDelay | int | `30000` | request timeout delay |
 | frontend.name | string | `"dpp-frontend"` |  |
+| frontend.negotiation.autoSign | bool | `true` |  |
+| frontend.podSecurityContext | object | `{"fsGroup":3000,"runAsGroup":3000,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment |
+| frontend.podSecurityContext.fsGroup | int | `3000` | The owner for volumes and any files created within volumes will belong to this guid |
+| frontend.podSecurityContext.runAsGroup | int | `3000` | Processes within a pod will belong to this guid |
+| frontend.podSecurityContext.runAsUser | int | `1000` | Runs all processes within a pod with a special uid |
+| frontend.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
 | frontend.portal.hostname | string | `""` |  |
+| frontend.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
+| frontend.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
+| frontend.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
+| frontend.securityContext.readOnlyRootFilesystem | bool | `false` | Whether the root filesystem is mounted in read-only mode |
+| frontend.securityContext.runAsGroup | int | `3000` | The owner for volumes and any files created within volumes will belong to this guid |
+| frontend.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
+| frontend.securityContext.runAsUser | int | `1000` | The container's process will run with the specified uid |
 | frontend.service.port | int | `8080` |  |
 | frontend.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service |
 | frontend.supportContact.adminEmail | string | `"[email protected]"` |  |
 | name | string | `"digital-product-pass"` |  |
 | namespace | string | `""` |  |
 | nodeSelector | object | `{}` |  |
-| oauth | object | `{"appId":"","bpnCheck":{"bpn":"<Add participant id here>","enabled":false},"hostname":"","onLoad":"login-required","realm":"","roleCheck":{"enabled":false},"techUser":{"clientId":"<Add client id here>","clientSecret":"<Add client secret here>"}}` | oauth configuration |
+| oauth | object | `{"appId":"<app-id>","bpnCheck":{"bpn":"<Add participant id here>","enabled":false},"hostname":"","onLoad":"login-required","realm":"<realm>","roleCheck":{"enabled":false},"techUser":{"clientId":"<Add client id here>","clientSecret":"<Add client secret here>"}}` | oauth configuration |
 | oauth.bpnCheck | object | `{"bpn":"<Add participant id here>","enabled":false}` | configure here the bpn check for the application |
 | oauth.bpnCheck.bpn | string | `"<Add participant id here>"` | this bpn needs to be included in the user login information when the check is enabled |
 | oauth.hostname | string | `""` | url of the identity provider service |

dpp-backend/charts/digital-product-pass-backend/Chart.yaml

@@ -41,10 +41,10 @@ type: application
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 2.0.1
+version: 2.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "2.0.1"
+appVersion: "2.1.0"

dpp-backend/charts/digital-product-pass-backend/README.md

@@ -1,46 +1,9 @@
 # digital-product-pass-backend
 
-![Version: 2.0.1](https://img.shields.io/badge/Version-2.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.1](https://img.shields.io/badge/AppVersion-2.0.1-informational?style=flat-square)
+![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.0](https://img.shields.io/badge/AppVersion-2.1.0-informational?style=flat-square)
 
 A Helm chart for Tractus-X Digital Product Pass Backend Kubernetes
 
-## TL;DR 
-
-### Install
-
-```bash
-cd backend/charts/digital-product-pass-backend
-helm install digital-product-pass-backend -f ./values.yaml -f ./values-int.yaml
-```
-
-> **NOTE**: This command will deploy the backend application.
-
-### Exposing ports
-
-Once the application is running, the certain ports need to be exposed to access the backend outside the Kubernetes cluster.
-
-### Get pod name
-Search for the application name:
-
-```bash
-kubectl get pods --no-headers |  awk '{if ($1 ~ "dpp-backend-*") print $1}'
-```
-Copy the pod name with the prefix `dpp-backend-*`
-
-### Port forwarding
-
-```bash
-kubectl port-forward dpp-backend-* 8888:8888
-```
-
-> **NOTE**: The default port set is `8888` however it can be changed in the configuration.
-
-### Check if the application is running
-
-Open the web browser with the following url to check the health status:
-```
-localhost:8888/health
-
 **Homepage:** <https://github.com/eclipse-tractusx/digital-product-pass/tree/main/dpp-backend/charts/digital-product-pass-backend>
 
 ## Source Code
@@ -60,7 +23,7 @@ localhost:8888/health
 | digitalTwinRegistry.endpoints.search | string | `"/lookup/shells"` |  |
 | digitalTwinRegistry.endpoints.subModel | string | `"/submodel-descriptors"` |  |
 | digitalTwinRegistry.temporaryStorage | object | `{"enabled":true,"lifetime":12}` | temporary storage of dDTRs for optimization |
-| digitalTwinRegistry.timeouts | object | `{"digitalTwin":20,"negotiation":40,"search":10,"transfer":10}` | timeouts for the digital twin registry async negotiation |
+| digitalTwinRegistry.timeouts | object | `{"digitalTwin":20,"negotiation":40,"search":50,"transfer":10}` | timeouts for the digital twin registry async negotiation |
 | discovery | object | `{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""}` | discovery configuration |
 | discovery.bpnDiscovery | object | `{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"}` | bpn discovery configuration |
 | discovery.edcDiscovery | object | `{"key":"bpn"}` | edc discovery configuration |
@@ -87,11 +50,13 @@ localhost:8888/health
 | oauth.hostname | string | `""` | url of the identity provider service |
 | oauth.roleCheck | object | `{"enabled":false}` | the role check checks if the user has access roles for the appId |
 | oauth.techUser | object | `{"clientId":"<Add client id here>","clientSecret":"<Add client secret here>"}` | note: this credentials need to have access to the Discovery Finder, BPN Discovery and EDC Discovery |
-| passport | object | `{"aspects":["urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport","urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass","urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass"]}` | passport data transfer configuration |
-| passport.aspects | list | `["urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport","urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass","urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass"]` | passport versions and aspects allowed |
+| passport.aspects[0] | string | `"urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport"` |  |
+| passport.aspects[1] | string | `"urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass"` |  |
+| passport.aspects[2] | string | `"urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass"` |  |
+| passport.aspects[3] | string | `"urn:samm:io.catenax.generic.digital_product_passport:2.0.0#DigitalProductPassport"` |  |
 | podAnnotations | object | `{}` |  |
 | podSecurityContext.fsGroup | int | `3000` |  |
-| podSecurityContext.runAsUser | int | `10000` |  |
+| podSecurityContext.runAsUser | int | `1000` |  |
 | process | object | `{"encryptionKey":""}` | digital twin registry configuration |
 | process.encryptionKey | string | `""` | unique sha512 hash key used for the passport encryption |
 | replicaCount | int | `1` |  |
@@ -104,7 +69,7 @@ localhost:8888/health
 | securityContext.readOnlyRootFilesystem | bool | `true` |  |
 | securityContext.runAsGroup | int | `3000` |  |
 | securityContext.runAsNonRoot | bool | `true` |  |
-| securityContext.runAsUser | int | `10000` |  |
+| securityContext.runAsUser | int | `1000` |  |
 | serverPort | int | `8888` | configuration of the spring boot server |
 | service.port | int | `8888` |  |
 | service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service |