From a8b9465a6e8a45cccf04caf3e06a39ffd7b35f6a Mon Sep 17 00:00:00 2001 From: Sahil Aggarwal Date: Fri, 21 Jun 2024 16:35:09 +0200 Subject: [PATCH 1/4] Moving helm values from product-semantics to tractusx repository --- NOTICE.md | 5 + .../argocd-app-templates/appsetup-dev.yaml | 41 +++ .../argocd-app-templates/appsetup-int.yaml | 38 ++ consortia/environments/values-dev.yaml | 57 +++ consortia/environments/values-int.yaml | 346 ++++++++++++++++++ 5 files changed, 487 insertions(+) create mode 100644 consortia/argocd-app-templates/appsetup-dev.yaml create mode 100644 consortia/argocd-app-templates/appsetup-int.yaml create mode 100644 consortia/environments/values-dev.yaml create mode 100644 consortia/environments/values-int.yaml diff --git a/NOTICE.md b/NOTICE.md index 117f3163..3da94740 100644 --- a/NOTICE.md +++ b/NOTICE.md @@ -48,6 +48,11 @@ This project leverages the following third party content. See DEPENDENCIES file. +## Helm Values +Project contains helm values for different environments at /consortia/environments/ +Also, it contains the argocd app templates at consortia/argocd-app-templates/ + + ## Cryptography Content may contain encryption software. The country in which you are currently diff --git a/consortia/argocd-app-templates/appsetup-dev.yaml b/consortia/argocd-app-templates/appsetup-dev.yaml new file mode 100644 index 00000000..f592408a --- /dev/null +++ b/consortia/argocd-app-templates/appsetup-dev.yaml @@ -0,0 +1,41 @@ +############################################################### +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: semantic-dec-registry +spec: + destination: + namespace: product-semantics + server: 'https://kubernetes.default.svc' + source: + path: charts/registry + repoURL: 'https://github.com/eclipse-tractusx/sldt-digital-twin-registry.git' + targetRevision: main + plugin: + env: + - name: AVP_SECRET + value: vault-secret + - name: helm_args + value: '-f values.yaml -f ../../consortia/environments/values-dev.yaml' + project: project-semantics + syncPolicy: + automated: + prune: true \ No newline at end of file diff --git a/consortia/argocd-app-templates/appsetup-int.yaml b/consortia/argocd-app-templates/appsetup-int.yaml new file mode 100644 index 00000000..99b53e92 --- /dev/null +++ b/consortia/argocd-app-templates/appsetup-int.yaml @@ -0,0 +1,38 @@ +############################################################### +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: semantic-dec-registry +spec: + destination: + namespace: product-semantics + server: 'https://kubernetes.default.svc' + source: + path: charts/registry + repoURL: 'https://github.com/eclipse-tractusx/sldt-digital-twin-registry.git' + targetRevision: main + plugin: + env: + - name: AVP_SECRET + value: vault-secret + - name: helm_args + value: '-f values.yaml -f ../../consortia/environments/values-int.yaml' + project: project-semantics \ No newline at end of file diff --git a/consortia/environments/values-dev.yaml b/consortia/environments/values-dev.yaml new file mode 100644 index 00000000..6f8169c8 --- /dev/null +++ b/consortia/environments/values-dev.yaml @@ -0,0 +1,57 @@ +digital-twin-registry: + enablePostgres: true + enableKeycloak: true + keycloak: + type: NodePort + args: [ "kc.sh import --file /opt/keycloak/data/import/default-realm-import.json; kc.sh start-dev --hostname-strict=false --proxy=edge" ] + auth: + adminUser: + adminPassword: + ingress: + enabled: true + hostname: semantic-dec-registry.dev.demo.catena-x.net + path: / + tls: true + annotations: + external-dns.alpha.kubernetes.io/hostname: semantic-dec-registry.dev.demo.catena-x.net + nginx.org/location-snippets: | + add_header X-Forwarded-Proto https; + add_header X-Forwarded-For semantic-dec-registry.dev.demo.catena-x.net; + registry: + replicaCount: 1 + imagePullPolicy: Always + host: semantic-dec-registry.dev.demo.catena-x.net + ## If 'authentication' is set to false, no OAuth authentication is enforced + authentication: true + idpIssuerUri: https://semantic-dec-registry.dev.demo.catena-x.net/realms/default-realm + idpClientId: default-client + tenantId: demo-tenant + useGranularAccessControl: "true" + dataSource: + driverClassName: org.postgresql.Driver + ## The url, user, and password parameter will be ignored if 'enablePostgres' is set to true. + ## In that case the postgresql auth parameters are used. + url: jdbc:postgresql://postgresql:5432/registry + user: registryuser + password: + ingress: + enabled: true + tls: true + urlPrefix: /dec-registry + className: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + nginx.ingress.kubernetes.io/x-forwarded-prefix: /dec-registry + + postgresql: + auth: + username: default-user + # if password is empty, the postgres password will be generated random via postgres-init + password: password + database: default-database + # -- Secret contains passwords for username postgres. + existingSecret: secret-dtr-postgres-init \ No newline at end of file diff --git a/consortia/environments/values-int.yaml b/consortia/environments/values-int.yaml new file mode 100644 index 00000000..66704b39 --- /dev/null +++ b/consortia/environments/values-int.yaml @@ -0,0 +1,346 @@ +digital-twin-registry: + enableKeycloak: true + keycloak: + type: NodePort + args: [ "kc.sh import --file /opt/keycloak/data/import/default-realm-import.json; kc.sh start-dev --hostname-strict=false --proxy=edge" ] + auth: + adminUser: + adminPassword: + ingress: + enabled: true + hostname: semantics-dec-registry.int.demo.catena-x.net + path: / + tls: true + annotations: + external-dns.alpha.kubernetes.io/hostname: semantics-dec-registry.int.demo.catena-x.net + nginx.org/location-snippets: | + add_header X-Forwarded-Proto https; + add_header X-Forwarded-For semantics-dec-registry.int.demo.catena-x.net; + enablePostgres: false + postgresql: + auth: + username: + # if password is empty, the postgres password will be generated random via postgres-init + password: + database: default-database + # -- Secret contains passwords for username postgres. + existingSecret: secret-dtr-postgres-init + registry: + replicaCount: 1 + imagePullPolicy: Always + imagePullSecrets: + - name: machineuser-pull-secret-ro + containerPort: 4243 + host: semantics-dec-registry.int.demo.catena-x.net + ## If 'authentication' is set to false, no OAuth authentication is enforced + authentication: true + idpIssuerUri: https://semantics-dec-registry.int.demo.catena-x.net/realms/default-realm + idpClientId: default-client + tenantId: BPNL0000000711QM + useGranularAccessControl: "true" + service: + port: 8080 + type: NodePort + dataSource: + driverClassName: org.postgresql.Driver + ## The url, user, and password parameter will be ignored if 'enablePostgres' is set to true. + ## In that case the postgresql auth parameters are used. + url: jdbc:postgresql://postgresql:5432/registry + user: registryuser + password: + ingress: + enabled: true + tls: true + urlPrefix: /reg + className: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + nginx.ingress.kubernetes.io/x-forwarded-prefix: /reg + resources: + limits: + memory: "1024Mi" + requests: + memory: "512Mi" + +postgresql: + fullnameOverride: postgresql + service: + ports: + postgresql: 5432 + auth: + postgresPassword: + primary: + initdb: + scripts: + init.sql: | + CREATE USER edcprovider WITH ENCRYPTED PASSWORD ''; + ALTER USER edcprovider CREATEDB; + CREATE DATABASE provider; + ALTER DATABASE provider OWNER TO edcprovider; + + CREATE USER edcconsumer WITH ENCRYPTED PASSWORD ''; + ALTER USER edcconsumer CREATEDB; + CREATE DATABASE consumer; + ALTER DATABASE consumer OWNER TO edcconsumer; + + CREATE USER registryuser WITH ENCRYPTED PASSWORD ''; + ALTER USER registryuser CREATEDB; + CREATE DATABASE registry; + ALTER DATABASE registry OWNER TO registryuser; + +vault: + enabled: true + fullnameOverride: edc-vault + injector: + enabled: false + server: + authDelegator: + enabled: false + dev: + enabled: true + devRootToken: + postStart: + - "sh" + - "-c" + - | + { + + sleep 25 + + /bin/vault kv put secret/registry-client-secret-key content= + /bin/vault kv put secret/data-encryption-aes-keys content=H7j47H6vVQQOv/hbdAYz+w== + /bin/vault kv put secret/ content= + /bin/vault kv put secret/ content= + /bin/vault kv put secret/ content= + } + +provider: + enabled: true + fullnameOverride: "provider-edc" + backendService: + httpProxyTokenReceiverUrl: http://localhost + imagePullSecrets: + - name: machineuser-pull-secret-ro + # dataplane: + # url: + # public: http://provider-edc-dataplane:8081/api/public + install: + postgresql: false + vault: false + participant: + id: + dataplane: + env: + EDC_IAM_TRUSTED-ISSUER_ISSUER1_ID: did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp + EDC_IAM_ISSUER_ID: did:web:portal-backend.int.demo.catena-x.net:api:administration:staticdata:did:BPNL0000000711QM + EDC_IAM_STS_DIM_URL: https://dis-integration-service-prod.eu10.dim.cloud.sap/api/v2.0.0/iatp/catena-x-portal + EDC_IAM_STS_OAUTH_TOKEN_URL: https://bpnl0000000711qm-bosch.authentication.eu10.hana.ondemand.com/oauth/token + EDC_IAM_STS_OAUTH_CLIENT_ID: sb-eaa3865f-c0c9-49bc-8988-a73747443e0d!b458201|ica-production-dim-prod-eu10-004-prod-dis-cloud-approuter!b174292 + EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS: + TX_IAM_IATP_BDRS_SERVER_URL: https://bpn-did-resolution-service.int.demo.catena-x.net/api/directory + ingresses: + - enabled: true + hostname: semantics-edc-provider-dataplane.int.demo.catena-x.net + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + certManager: + clusterIssuer: letsencrypt-prod + endpoints: + - public + - proxy + className: nginx + tls: + enabled: true + iatp: + id: "did:web:portal-backend.int.demo.catena-x.net:api:administration:staticdata:did:BPNL0000000711QM" + trustedIssuers: + - "did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp" + sts: + dim: + url: "https://dis-integration-service-prod.eu10.dim.cloud.sap/api/v2.0.0/iatp/catena-x-portal" + oauth: + token_url: "https://bpnl0000000711qm-bosch.authentication.eu10.hana.ondemand.com/oauth/token" + client: + id: "sb-eaa3865f-c0c9-49bc-8988-a73747443e0d!b458201|ica-production-dim-prod-eu10-004-prod-dis-cloud-approuter!b174292" + secret_alias: + controlplane: + bdrs: + cache_validity_seconds: 600 + server: + url: "https://bpn-did-resolution-service.int.demo.catena-x.net/api/directory" + # SSI configuration + ssi: + miw: + url: + authorityId: + oauth: + tokenurl: + client: + id: + secretAlias: + env: + EDC_IAM_TRUSTED-ISSUER_ISSUER1_ID: did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp + EDC_IAM_ISSUER_ID: did:web:portal-backend.int.demo.catena-x.net:api:administration:staticdata:did:BPNL0000000711QM + EDC_IAM_STS_DIM_URL: https://dis-integration-service-prod.eu10.dim.cloud.sap/api/v2.0.0/iatp/catena-x-portal + EDC_IAM_STS_OAUTH_TOKEN_URL: https://bpnl0000000711qm-bosch.authentication.eu10.hana.ondemand.com/oauth/token + EDC_IAM_STS_OAUTH_CLIENT_ID: sb-eaa3865f-c0c9-49bc-8988-a73747443e0d!b458201|ica-production-dim-prod-eu10-004-prod-dis-cloud-approuter!b174292 + EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS: + TX_IAM_IATP_BDRS_SERVER_URL: https://bpn-did-resolution-service.int.demo.catena-x.net/api/directory + EDC_TRANSFER_PROXY_TOKEN_VALIDITY_SECONDS: 86400 + EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT: http://provider-edc-controlplane:8082/validation/token + EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_PROPERTIES: >- + { + "publicApiUrl": "http://provider-edc-dataplane:8081/api/public" + } + endpoints: + default: + port: "8080" + path: /api + management: + port: "8081" + path: /management + authKey: + metrics: + port: "9090" + path: /metrics + ingresses: + - enabled: true + hostname: semantics-edc-provider.int.demo.catena-x.net + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + certManager: + clusterIssuer: letsencrypt-prod + endpoints: + - ids + - management + - protocol + - default + className: nginx + tls: + enabled: true + postgresql: + fullnameOverride: "provider-postgresql" + enabled: true + jdbcUrl: jdbc:postgresql://postgresql:5432/provider + username: edcprovider + password: + auth: + database: "provider" + username: edcprovider + password: + vault: + hashicorp: + enabled: true + token: + url: http://edc-vault:8200 + secret: /v1/secret + secretNames: + transferProxyTokenEncryptionAesKey: data-encryption-aes-keys + +consumer: + enabled: true + fullnameOverride: "consumer-edc" + install: + postgresql: false + vault: false + participant: + id: + backendService: + httpProxyTokenReceiverUrl: http://localhost + imagePullSecrets: + - name: machineuser-pull-secret-ro + dataplane: + ingresses: + - enabled: true + hostname: semantics-edc-consumer-dataplane.int.demo.catena-x.net + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + certManager: + clusterIssuer: letsencrypt-prod + endpoints: + - public + - proxy + className: nginx + tls: + enabled: true + # url: + # public: http://consumer-edc-dataplane:8081/api/public + controlplane: + # SSI configuration + ssi: + miw: + url: + authorityId: + oauth: + tokenurl: + client: + id: + secretAlias: + env: + # edc.transfer.proxy.token.validity.seconds + EDC_TRANSFER_PROXY_TOKEN_VALIDITY_SECONDS: 86400 + EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT: http://consumer-edc-controlplane:8082/validation/token + EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_PROPERTIES: >- + { + "publicApiUrl": "http://consumer-edc-dataplane:8081/api/public" + } + endpoints: + default: + port: "8080" + path: /api + management: + port: "8081" + path: /management + authKey: + metrics: + port: "9090" + path: /metrics + ingresses: + - enabled: true + hostname: semantics-edc-consumer.int.demo.catena-x.net + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + certManager: + clusterIssuer: letsencrypt-prod + endpoints: + - ids + - management + - protocol + - default + className: nginx + tls: + enabled: true + postgresql: + fullnameOverride: "consumer-postgresql" + enabled: true + jdbcUrl: jdbc:postgresql://postgresql:5432/consumer + username: edcconsumer + password: + auth: + database: consumer + username: edcconsumer + password: + vault: + hashicorp: + enabled: true + token: + url: http://edc-vault:8200 + secret: /v1/secret + secretNames: + transferProxyTokenEncryptionAesKey: data-encryption-aes-keys \ No newline at end of file From 5de5bb32354080998154f8213151f3eed3167b92 Mon Sep 17 00:00:00 2001 From: Sahil Aggarwal Date: Thu, 27 Jun 2024 11:42:22 +0200 Subject: [PATCH 2/4] refactored structure and notice.md --- NOTICE.md | 6 +- .../argocd-app-templates/appsetup-dev.yaml | 0 .../argocd-app-templates/appsetup-int.yaml | 0 .../association}/environments/values-dev.yaml | 0 .../association}/environments/values-int.yaml | 0 .../argocd-app-templates/appsetup-dev.yaml | 41 +++ .../argocd-app-templates/appsetup-int.yaml | 38 ++ .../consortia/environments/values-dev.yaml | 57 +++ .../consortia/environments/values-int.yaml | 346 ++++++++++++++++++ 9 files changed, 485 insertions(+), 3 deletions(-) rename {consortia => environments/association}/argocd-app-templates/appsetup-dev.yaml (100%) rename {consortia => environments/association}/argocd-app-templates/appsetup-int.yaml (100%) rename {consortia => environments/association}/environments/values-dev.yaml (100%) rename {consortia => environments/association}/environments/values-int.yaml (100%) create mode 100644 environments/consortia/argocd-app-templates/appsetup-dev.yaml create mode 100644 environments/consortia/argocd-app-templates/appsetup-int.yaml create mode 100644 environments/consortia/environments/values-dev.yaml create mode 100644 environments/consortia/environments/values-int.yaml diff --git a/NOTICE.md b/NOTICE.md index 3da94740..e18f7ea9 100644 --- a/NOTICE.md +++ b/NOTICE.md @@ -48,9 +48,9 @@ This project leverages the following third party content. See DEPENDENCIES file. -## Helm Values -Project contains helm values for different environments at /consortia/environments/ -Also, it contains the argocd app templates at consortia/argocd-app-templates/ +## Test Environments +The project contains deployment configuration specific to hosted test environments needed for integration and end-to-end testing. +This configuration is maintained within the [environments](https://github.com/eclipse-tractusx/sldt-digital-twin-registry/environments) directory. ## Cryptography diff --git a/consortia/argocd-app-templates/appsetup-dev.yaml b/environments/association/argocd-app-templates/appsetup-dev.yaml similarity index 100% rename from consortia/argocd-app-templates/appsetup-dev.yaml rename to environments/association/argocd-app-templates/appsetup-dev.yaml diff --git a/consortia/argocd-app-templates/appsetup-int.yaml b/environments/association/argocd-app-templates/appsetup-int.yaml similarity index 100% rename from consortia/argocd-app-templates/appsetup-int.yaml rename to environments/association/argocd-app-templates/appsetup-int.yaml diff --git a/consortia/environments/values-dev.yaml b/environments/association/environments/values-dev.yaml similarity index 100% rename from consortia/environments/values-dev.yaml rename to environments/association/environments/values-dev.yaml diff --git a/consortia/environments/values-int.yaml b/environments/association/environments/values-int.yaml similarity index 100% rename from consortia/environments/values-int.yaml rename to environments/association/environments/values-int.yaml diff --git a/environments/consortia/argocd-app-templates/appsetup-dev.yaml b/environments/consortia/argocd-app-templates/appsetup-dev.yaml new file mode 100644 index 00000000..f592408a --- /dev/null +++ b/environments/consortia/argocd-app-templates/appsetup-dev.yaml @@ -0,0 +1,41 @@ +############################################################### +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: semantic-dec-registry +spec: + destination: + namespace: product-semantics + server: 'https://kubernetes.default.svc' + source: + path: charts/registry + repoURL: 'https://github.com/eclipse-tractusx/sldt-digital-twin-registry.git' + targetRevision: main + plugin: + env: + - name: AVP_SECRET + value: vault-secret + - name: helm_args + value: '-f values.yaml -f ../../consortia/environments/values-dev.yaml' + project: project-semantics + syncPolicy: + automated: + prune: true \ No newline at end of file diff --git a/environments/consortia/argocd-app-templates/appsetup-int.yaml b/environments/consortia/argocd-app-templates/appsetup-int.yaml new file mode 100644 index 00000000..99b53e92 --- /dev/null +++ b/environments/consortia/argocd-app-templates/appsetup-int.yaml @@ -0,0 +1,38 @@ +############################################################### +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: semantic-dec-registry +spec: + destination: + namespace: product-semantics + server: 'https://kubernetes.default.svc' + source: + path: charts/registry + repoURL: 'https://github.com/eclipse-tractusx/sldt-digital-twin-registry.git' + targetRevision: main + plugin: + env: + - name: AVP_SECRET + value: vault-secret + - name: helm_args + value: '-f values.yaml -f ../../consortia/environments/values-int.yaml' + project: project-semantics \ No newline at end of file diff --git a/environments/consortia/environments/values-dev.yaml b/environments/consortia/environments/values-dev.yaml new file mode 100644 index 00000000..6f8169c8 --- /dev/null +++ b/environments/consortia/environments/values-dev.yaml @@ -0,0 +1,57 @@ +digital-twin-registry: + enablePostgres: true + enableKeycloak: true + keycloak: + type: NodePort + args: [ "kc.sh import --file /opt/keycloak/data/import/default-realm-import.json; kc.sh start-dev --hostname-strict=false --proxy=edge" ] + auth: + adminUser: + adminPassword: + ingress: + enabled: true + hostname: semantic-dec-registry.dev.demo.catena-x.net + path: / + tls: true + annotations: + external-dns.alpha.kubernetes.io/hostname: semantic-dec-registry.dev.demo.catena-x.net + nginx.org/location-snippets: | + add_header X-Forwarded-Proto https; + add_header X-Forwarded-For semantic-dec-registry.dev.demo.catena-x.net; + registry: + replicaCount: 1 + imagePullPolicy: Always + host: semantic-dec-registry.dev.demo.catena-x.net + ## If 'authentication' is set to false, no OAuth authentication is enforced + authentication: true + idpIssuerUri: https://semantic-dec-registry.dev.demo.catena-x.net/realms/default-realm + idpClientId: default-client + tenantId: demo-tenant + useGranularAccessControl: "true" + dataSource: + driverClassName: org.postgresql.Driver + ## The url, user, and password parameter will be ignored if 'enablePostgres' is set to true. + ## In that case the postgresql auth parameters are used. + url: jdbc:postgresql://postgresql:5432/registry + user: registryuser + password: + ingress: + enabled: true + tls: true + urlPrefix: /dec-registry + className: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + nginx.ingress.kubernetes.io/x-forwarded-prefix: /dec-registry + + postgresql: + auth: + username: default-user + # if password is empty, the postgres password will be generated random via postgres-init + password: password + database: default-database + # -- Secret contains passwords for username postgres. + existingSecret: secret-dtr-postgres-init \ No newline at end of file diff --git a/environments/consortia/environments/values-int.yaml b/environments/consortia/environments/values-int.yaml new file mode 100644 index 00000000..66704b39 --- /dev/null +++ b/environments/consortia/environments/values-int.yaml @@ -0,0 +1,346 @@ +digital-twin-registry: + enableKeycloak: true + keycloak: + type: NodePort + args: [ "kc.sh import --file /opt/keycloak/data/import/default-realm-import.json; kc.sh start-dev --hostname-strict=false --proxy=edge" ] + auth: + adminUser: + adminPassword: + ingress: + enabled: true + hostname: semantics-dec-registry.int.demo.catena-x.net + path: / + tls: true + annotations: + external-dns.alpha.kubernetes.io/hostname: semantics-dec-registry.int.demo.catena-x.net + nginx.org/location-snippets: | + add_header X-Forwarded-Proto https; + add_header X-Forwarded-For semantics-dec-registry.int.demo.catena-x.net; + enablePostgres: false + postgresql: + auth: + username: + # if password is empty, the postgres password will be generated random via postgres-init + password: + database: default-database + # -- Secret contains passwords for username postgres. + existingSecret: secret-dtr-postgres-init + registry: + replicaCount: 1 + imagePullPolicy: Always + imagePullSecrets: + - name: machineuser-pull-secret-ro + containerPort: 4243 + host: semantics-dec-registry.int.demo.catena-x.net + ## If 'authentication' is set to false, no OAuth authentication is enforced + authentication: true + idpIssuerUri: https://semantics-dec-registry.int.demo.catena-x.net/realms/default-realm + idpClientId: default-client + tenantId: BPNL0000000711QM + useGranularAccessControl: "true" + service: + port: 8080 + type: NodePort + dataSource: + driverClassName: org.postgresql.Driver + ## The url, user, and password parameter will be ignored if 'enablePostgres' is set to true. + ## In that case the postgresql auth parameters are used. + url: jdbc:postgresql://postgresql:5432/registry + user: registryuser + password: + ingress: + enabled: true + tls: true + urlPrefix: /reg + className: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + nginx.ingress.kubernetes.io/x-forwarded-prefix: /reg + resources: + limits: + memory: "1024Mi" + requests: + memory: "512Mi" + +postgresql: + fullnameOverride: postgresql + service: + ports: + postgresql: 5432 + auth: + postgresPassword: + primary: + initdb: + scripts: + init.sql: | + CREATE USER edcprovider WITH ENCRYPTED PASSWORD ''; + ALTER USER edcprovider CREATEDB; + CREATE DATABASE provider; + ALTER DATABASE provider OWNER TO edcprovider; + + CREATE USER edcconsumer WITH ENCRYPTED PASSWORD ''; + ALTER USER edcconsumer CREATEDB; + CREATE DATABASE consumer; + ALTER DATABASE consumer OWNER TO edcconsumer; + + CREATE USER registryuser WITH ENCRYPTED PASSWORD ''; + ALTER USER registryuser CREATEDB; + CREATE DATABASE registry; + ALTER DATABASE registry OWNER TO registryuser; + +vault: + enabled: true + fullnameOverride: edc-vault + injector: + enabled: false + server: + authDelegator: + enabled: false + dev: + enabled: true + devRootToken: + postStart: + - "sh" + - "-c" + - | + { + + sleep 25 + + /bin/vault kv put secret/registry-client-secret-key content= + /bin/vault kv put secret/data-encryption-aes-keys content=H7j47H6vVQQOv/hbdAYz+w== + /bin/vault kv put secret/ content= + /bin/vault kv put secret/ content= + /bin/vault kv put secret/ content= + } + +provider: + enabled: true + fullnameOverride: "provider-edc" + backendService: + httpProxyTokenReceiverUrl: http://localhost + imagePullSecrets: + - name: machineuser-pull-secret-ro + # dataplane: + # url: + # public: http://provider-edc-dataplane:8081/api/public + install: + postgresql: false + vault: false + participant: + id: + dataplane: + env: + EDC_IAM_TRUSTED-ISSUER_ISSUER1_ID: did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp + EDC_IAM_ISSUER_ID: did:web:portal-backend.int.demo.catena-x.net:api:administration:staticdata:did:BPNL0000000711QM + EDC_IAM_STS_DIM_URL: https://dis-integration-service-prod.eu10.dim.cloud.sap/api/v2.0.0/iatp/catena-x-portal + EDC_IAM_STS_OAUTH_TOKEN_URL: https://bpnl0000000711qm-bosch.authentication.eu10.hana.ondemand.com/oauth/token + EDC_IAM_STS_OAUTH_CLIENT_ID: sb-eaa3865f-c0c9-49bc-8988-a73747443e0d!b458201|ica-production-dim-prod-eu10-004-prod-dis-cloud-approuter!b174292 + EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS: + TX_IAM_IATP_BDRS_SERVER_URL: https://bpn-did-resolution-service.int.demo.catena-x.net/api/directory + ingresses: + - enabled: true + hostname: semantics-edc-provider-dataplane.int.demo.catena-x.net + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + certManager: + clusterIssuer: letsencrypt-prod + endpoints: + - public + - proxy + className: nginx + tls: + enabled: true + iatp: + id: "did:web:portal-backend.int.demo.catena-x.net:api:administration:staticdata:did:BPNL0000000711QM" + trustedIssuers: + - "did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp" + sts: + dim: + url: "https://dis-integration-service-prod.eu10.dim.cloud.sap/api/v2.0.0/iatp/catena-x-portal" + oauth: + token_url: "https://bpnl0000000711qm-bosch.authentication.eu10.hana.ondemand.com/oauth/token" + client: + id: "sb-eaa3865f-c0c9-49bc-8988-a73747443e0d!b458201|ica-production-dim-prod-eu10-004-prod-dis-cloud-approuter!b174292" + secret_alias: + controlplane: + bdrs: + cache_validity_seconds: 600 + server: + url: "https://bpn-did-resolution-service.int.demo.catena-x.net/api/directory" + # SSI configuration + ssi: + miw: + url: + authorityId: + oauth: + tokenurl: + client: + id: + secretAlias: + env: + EDC_IAM_TRUSTED-ISSUER_ISSUER1_ID: did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp + EDC_IAM_ISSUER_ID: did:web:portal-backend.int.demo.catena-x.net:api:administration:staticdata:did:BPNL0000000711QM + EDC_IAM_STS_DIM_URL: https://dis-integration-service-prod.eu10.dim.cloud.sap/api/v2.0.0/iatp/catena-x-portal + EDC_IAM_STS_OAUTH_TOKEN_URL: https://bpnl0000000711qm-bosch.authentication.eu10.hana.ondemand.com/oauth/token + EDC_IAM_STS_OAUTH_CLIENT_ID: sb-eaa3865f-c0c9-49bc-8988-a73747443e0d!b458201|ica-production-dim-prod-eu10-004-prod-dis-cloud-approuter!b174292 + EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS: + TX_IAM_IATP_BDRS_SERVER_URL: https://bpn-did-resolution-service.int.demo.catena-x.net/api/directory + EDC_TRANSFER_PROXY_TOKEN_VALIDITY_SECONDS: 86400 + EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT: http://provider-edc-controlplane:8082/validation/token + EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_PROPERTIES: >- + { + "publicApiUrl": "http://provider-edc-dataplane:8081/api/public" + } + endpoints: + default: + port: "8080" + path: /api + management: + port: "8081" + path: /management + authKey: + metrics: + port: "9090" + path: /metrics + ingresses: + - enabled: true + hostname: semantics-edc-provider.int.demo.catena-x.net + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + certManager: + clusterIssuer: letsencrypt-prod + endpoints: + - ids + - management + - protocol + - default + className: nginx + tls: + enabled: true + postgresql: + fullnameOverride: "provider-postgresql" + enabled: true + jdbcUrl: jdbc:postgresql://postgresql:5432/provider + username: edcprovider + password: + auth: + database: "provider" + username: edcprovider + password: + vault: + hashicorp: + enabled: true + token: + url: http://edc-vault:8200 + secret: /v1/secret + secretNames: + transferProxyTokenEncryptionAesKey: data-encryption-aes-keys + +consumer: + enabled: true + fullnameOverride: "consumer-edc" + install: + postgresql: false + vault: false + participant: + id: + backendService: + httpProxyTokenReceiverUrl: http://localhost + imagePullSecrets: + - name: machineuser-pull-secret-ro + dataplane: + ingresses: + - enabled: true + hostname: semantics-edc-consumer-dataplane.int.demo.catena-x.net + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + certManager: + clusterIssuer: letsencrypt-prod + endpoints: + - public + - proxy + className: nginx + tls: + enabled: true + # url: + # public: http://consumer-edc-dataplane:8081/api/public + controlplane: + # SSI configuration + ssi: + miw: + url: + authorityId: + oauth: + tokenurl: + client: + id: + secretAlias: + env: + # edc.transfer.proxy.token.validity.seconds + EDC_TRANSFER_PROXY_TOKEN_VALIDITY_SECONDS: 86400 + EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT: http://consumer-edc-controlplane:8082/validation/token + EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_PROPERTIES: >- + { + "publicApiUrl": "http://consumer-edc-dataplane:8081/api/public" + } + endpoints: + default: + port: "8080" + path: /api + management: + port: "8081" + path: /management + authKey: + metrics: + port: "9090" + path: /metrics + ingresses: + - enabled: true + hostname: semantics-edc-consumer.int.demo.catena-x.net + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + certManager: + clusterIssuer: letsencrypt-prod + endpoints: + - ids + - management + - protocol + - default + className: nginx + tls: + enabled: true + postgresql: + fullnameOverride: "consumer-postgresql" + enabled: true + jdbcUrl: jdbc:postgresql://postgresql:5432/consumer + username: edcconsumer + password: + auth: + database: consumer + username: edcconsumer + password: + vault: + hashicorp: + enabled: true + token: + url: http://edc-vault:8200 + secret: /v1/secret + secretNames: + transferProxyTokenEncryptionAesKey: data-encryption-aes-keys \ No newline at end of file From 72cf2c6b9847e719e1dcd949dab48424b25cb387 Mon Sep 17 00:00:00 2001 From: Sahil Aggarwal Date: Thu, 27 Jun 2024 11:44:08 +0200 Subject: [PATCH 3/4] renamed folder --- .../association/{environments => helm-values}/values-dev.yaml | 0 .../association/{environments => helm-values}/values-int.yaml | 0 .../consortia/{environments => helm-values}/values-dev.yaml | 0 .../consortia/{environments => helm-values}/values-int.yaml | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename environments/association/{environments => helm-values}/values-dev.yaml (100%) rename environments/association/{environments => helm-values}/values-int.yaml (100%) rename environments/consortia/{environments => helm-values}/values-dev.yaml (100%) rename environments/consortia/{environments => helm-values}/values-int.yaml (100%) diff --git a/environments/association/environments/values-dev.yaml b/environments/association/helm-values/values-dev.yaml similarity index 100% rename from environments/association/environments/values-dev.yaml rename to environments/association/helm-values/values-dev.yaml diff --git a/environments/association/environments/values-int.yaml b/environments/association/helm-values/values-int.yaml similarity index 100% rename from environments/association/environments/values-int.yaml rename to environments/association/helm-values/values-int.yaml diff --git a/environments/consortia/environments/values-dev.yaml b/environments/consortia/helm-values/values-dev.yaml similarity index 100% rename from environments/consortia/environments/values-dev.yaml rename to environments/consortia/helm-values/values-dev.yaml diff --git a/environments/consortia/environments/values-int.yaml b/environments/consortia/helm-values/values-int.yaml similarity index 100% rename from environments/consortia/environments/values-int.yaml rename to environments/consortia/helm-values/values-int.yaml From caa2294af0238c47d73688b985e646bef055f233 Mon Sep 17 00:00:00 2001 From: Sahil Aggarwal Date: Thu, 27 Jun 2024 11:48:16 +0200 Subject: [PATCH 4/4] removed dev folder from association --- .../argocd-app-templates/appsetup-dev.yaml | 41 ------------- .../association/helm-values/values-dev.yaml | 57 ------------------- 2 files changed, 98 deletions(-) delete mode 100644 environments/association/argocd-app-templates/appsetup-dev.yaml delete mode 100644 environments/association/helm-values/values-dev.yaml diff --git a/environments/association/argocd-app-templates/appsetup-dev.yaml b/environments/association/argocd-app-templates/appsetup-dev.yaml deleted file mode 100644 index f592408a..00000000 --- a/environments/association/argocd-app-templates/appsetup-dev.yaml +++ /dev/null @@ -1,41 +0,0 @@ -############################################################### -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: semantic-dec-registry -spec: - destination: - namespace: product-semantics - server: 'https://kubernetes.default.svc' - source: - path: charts/registry - repoURL: 'https://github.com/eclipse-tractusx/sldt-digital-twin-registry.git' - targetRevision: main - plugin: - env: - - name: AVP_SECRET - value: vault-secret - - name: helm_args - value: '-f values.yaml -f ../../consortia/environments/values-dev.yaml' - project: project-semantics - syncPolicy: - automated: - prune: true \ No newline at end of file diff --git a/environments/association/helm-values/values-dev.yaml b/environments/association/helm-values/values-dev.yaml deleted file mode 100644 index 6f8169c8..00000000 --- a/environments/association/helm-values/values-dev.yaml +++ /dev/null @@ -1,57 +0,0 @@ -digital-twin-registry: - enablePostgres: true - enableKeycloak: true - keycloak: - type: NodePort - args: [ "kc.sh import --file /opt/keycloak/data/import/default-realm-import.json; kc.sh start-dev --hostname-strict=false --proxy=edge" ] - auth: - adminUser: - adminPassword: - ingress: - enabled: true - hostname: semantic-dec-registry.dev.demo.catena-x.net - path: / - tls: true - annotations: - external-dns.alpha.kubernetes.io/hostname: semantic-dec-registry.dev.demo.catena-x.net - nginx.org/location-snippets: | - add_header X-Forwarded-Proto https; - add_header X-Forwarded-For semantic-dec-registry.dev.demo.catena-x.net; - registry: - replicaCount: 1 - imagePullPolicy: Always - host: semantic-dec-registry.dev.demo.catena-x.net - ## If 'authentication' is set to false, no OAuth authentication is enforced - authentication: true - idpIssuerUri: https://semantic-dec-registry.dev.demo.catena-x.net/realms/default-realm - idpClientId: default-client - tenantId: demo-tenant - useGranularAccessControl: "true" - dataSource: - driverClassName: org.postgresql.Driver - ## The url, user, and password parameter will be ignored if 'enablePostgres' is set to true. - ## In that case the postgresql auth parameters are used. - url: jdbc:postgresql://postgresql:5432/registry - user: registryuser - password: - ingress: - enabled: true - tls: true - urlPrefix: /dec-registry - className: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/rewrite-target: /$2 - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-credentials: "true" - nginx.ingress.kubernetes.io/x-forwarded-prefix: /dec-registry - - postgresql: - auth: - username: default-user - # if password is empty, the postgres password will be generated random via postgres-init - password: password - database: default-database - # -- Secret contains passwords for username postgres. - existingSecret: secret-dtr-postgres-init \ No newline at end of file