From 15f145ba4c5a56803c7cb8ef5284279da8f444dc Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 3 May 2024 14:48:32 +0200 Subject: [PATCH 01/20] fix: enable resource config & remove unnecessary configs from helm-charts --- .../tractusx-connector-azure-vault/README.md | 16 ++------ .../values.yaml | 40 +++++++------------ charts/tractusx-connector-memory/README.md | 7 +--- charts/tractusx-connector-memory/values.yaml | 19 ++++----- charts/tractusx-connector/README.md | 14 +------ charts/tractusx-connector/values.yaml | 40 +++++++------------ .../tractusx-connector-azure-vault-test.yaml | 4 -- .../helm/tractusx-connector-memory-test.yaml | 3 -- .../helm/tractusx-connector-test.yaml | 6 --- 9 files changed, 42 insertions(+), 107 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index 1acbdcb9a..9e7cae231 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -123,8 +123,6 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | | controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | | controlplane.initContainers | list | `[]` | | -| controlplane.limits.cpu | float | `1.5` | | -| controlplane.limits.memory | string | `"512Mi"` | | | controlplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | controlplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | controlplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | @@ -148,9 +146,7 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | controlplane.replicaCount | int | `1` | | -| controlplane.requests.cpu | string | `"500m"` | | -| controlplane.requests.memory | string | `"128Mi"` | | -| controlplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| controlplane.resources | object | `{"limits":{"cpu":1.5,"memory":"512Mi"},"requests":{"cpu":"500m","memory":"512Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | | controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | @@ -206,8 +202,6 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | | dataplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | | dataplane.initContainers | list | `[]` | | -| dataplane.limits.cpu | float | `1.5` | | -| dataplane.limits.memory | string | `"1024Mi"` | | | dataplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | dataplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | dataplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | @@ -231,9 +225,7 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | dataplane.replicaCount | int | `1` | | -| dataplane.requests.cpu | string | `"500m"` | | -| dataplane.requests.memory | string | `"128Mi"` | | -| dataplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| dataplane.resources | object | `{"limits":{"cpu":1.5,"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"1024Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | | dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | @@ -283,9 +275,7 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | vault.azure.client | string | `nil` | | | vault.azure.name | string | `""` | | | vault.azure.secret | string | `nil` | | -| vault.azure.tenant | string | `nil` | | -| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | | -| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | | +| vault.azure.tenant | string | `""` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/tractusx-connector-azure-vault/values.yaml b/charts/tractusx-connector-azure-vault/values.yaml index 3886de42c..1dee21700 100644 --- a/charts/tractusx-connector-azure-vault/values.yaml +++ b/charts/tractusx-connector-azure-vault/values.yaml @@ -255,17 +255,13 @@ controlplane: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1.5 - memory: 512Mi - requests: - cpu: 500m - memory: 128Mi + resources: + limits: + cpu: 1.5 + memory: 512Mi + requests: + cpu: 500m + memory: 512Mi replicaCount: 1 autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) @@ -469,17 +465,13 @@ dataplane: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1.5 - memory: 1024Mi - requests: - cpu: 500m - memory: 128Mi + resources: + limits: + cpu: 1.5 + memory: 1024Mi + requests: + cpu: 500m + memory: 1024Mi replicaCount: 1 autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) @@ -535,10 +527,6 @@ vault: secret: certificate: - secretNames: - transferProxyTokenSignerPrivateKey: - transferProxyTokenSignerPublicKey: - networkPolicy: # -- If `true` network policy will be created to restrict access to control- and dataplane enabled: false diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index 6fa6270da..7d3b83c1b 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -121,8 +121,6 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | | runtime.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | | runtime.initContainers | list | `[]` | | -| runtime.limits.cpu | float | `1.5` | | -| runtime.limits.memory | string | `"512Mi"` | | | runtime.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | runtime.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | runtime.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | @@ -145,9 +143,7 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | runtime.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | runtime.replicaCount | int | `1` | | -| runtime.requests.cpu | string | `"500m"` | | -| runtime.requests.memory | string | `"128Mi"` | | -| runtime.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| runtime.resources | object | `{"limits":{"cpu":1.5,"memory":"512Mi"},"requests":{"cpu":"500m","memory":"512Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | | runtime.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | runtime.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | runtime.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | @@ -173,7 +169,6 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | serviceAccount.name | string | `""` | | | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | -| vault.secretNames | string | `nil` | | | vault.secrets | string | `""` | | | vault.server.postStart | string | `""` | | diff --git a/charts/tractusx-connector-memory/values.yaml b/charts/tractusx-connector-memory/values.yaml index d1b3d50b8..c8dc1d03b 100644 --- a/charts/tractusx-connector-memory/values.yaml +++ b/charts/tractusx-connector-memory/values.yaml @@ -263,17 +263,13 @@ runtime: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: [] # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1.5 - memory: 512Mi - requests: - cpu: 500m - memory: 128Mi + resources: + limits: + cpu: 1.5 + memory: 512Mi + requests: + cpu: 500m + memory: 512Mi replicaCount: 1 autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) @@ -308,7 +304,6 @@ runtime: vault: # secrets can be seeded by supplying them in a semicolon separated list key1:secret2;key2:secret2 secrets: "" - secretNames: server: postStart: |- backendService: diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index 16f99ed04..b8dd7e0ea 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -120,8 +120,6 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | | controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | | controlplane.initContainers | list | `[]` | | -| controlplane.limits.cpu | float | `1.5` | | -| controlplane.limits.memory | string | `"512Mi"` | | | controlplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | controlplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | controlplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | @@ -145,9 +143,7 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | controlplane.replicaCount | int | `1` | | -| controlplane.requests.cpu | string | `"500m"` | | -| controlplane.requests.memory | string | `"128Mi"` | | -| controlplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| controlplane.resources | object | `{"limits":{"cpu":1.5,"memory":"512Mi"},"requests":{"cpu":"500m","memory":"512Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | | controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | @@ -203,8 +199,6 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | dataplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | | dataplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | | dataplane.initContainers | list | `[]` | | -| dataplane.limits.cpu | float | `1.5` | | -| dataplane.limits.memory | string | `"1024Mi"` | | | dataplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | dataplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | dataplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | @@ -228,9 +222,7 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | dataplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | dataplane.replicaCount | int | `1` | | -| dataplane.requests.cpu | string | `"500m"` | | -| dataplane.requests.memory | string | `"128Mi"` | | -| dataplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| dataplane.resources | object | `{"limits":{"cpu":1.5,"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"1024Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | | dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | @@ -285,8 +277,6 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | vault.hashicorp.token | string | `"root"` | | | vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | | | vault.injector.enabled | bool | `false` | | -| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | | -| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | | | vault.server.dev.devRootToken | string | `"root"` | | | vault.server.dev.enabled | bool | `true` | | | vault.server.postStart | string | `nil` | | diff --git a/charts/tractusx-connector/values.yaml b/charts/tractusx-connector/values.yaml index bbccfd65b..49beca704 100644 --- a/charts/tractusx-connector/values.yaml +++ b/charts/tractusx-connector/values.yaml @@ -255,17 +255,13 @@ controlplane: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1.5 - memory: 512Mi - requests: - cpu: 500m - memory: 128Mi + resources: + limits: + cpu: 1.5 + memory: 512Mi + requests: + cpu: 500m + memory: 512Mi replicaCount: 1 autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) @@ -467,17 +463,13 @@ dataplane: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1.5 - memory: 1024Mi - requests: - cpu: 500m - memory: 128Mi + resources: + limits: + cpu: 1.5 + memory: 1024Mi + requests: + cpu: 500m + memory: 1024Mi replicaCount: 1 autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) @@ -541,9 +533,7 @@ vault: paths: secret: /v1/secret health: /v1/sys/health - secretNames: - transferProxyTokenSignerPrivateKey: - transferProxyTokenSignerPublicKey: + networkPolicy: # -- If `true` network policy will be created to restrict access to control- and dataplane enabled: false diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml index d418ff985..8b4bc3153 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml @@ -84,10 +84,6 @@ vault: tenant: '' secret: certificate: - secretNames: - # this must be set through CLI args: --set vault.secrets=$YOUR_VAULT_SECRETS where YOUR_VAULT_SECRETS should - # be a string in the format "key1:secret1;key2:secret2;..." - secrets: server: postStart: backendService: diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml index 9032eab3a..78d4145d5 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml @@ -55,9 +55,6 @@ runtime: privatekey_alias: "key-1" verifier: publickey_alias: "key-1" -vault: - secretNames: - secrets: backendService: httpProxyTokenReceiverUrl: "http://backend:8080" tests: diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml index 98f3e4993..dcca56781 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml @@ -93,10 +93,6 @@ vault: hashicorp: url: http://{{ .Release.Name }}-vault:8200 token: root - secretNames: - # this must be set through CLI args: --set vault.secrets=$YOUR_VAULT_SECRETS where YOUR_VAULT_SECRETS should - # be a string in the format "key1:secret1;key2:secret2;..." - secrets: # the post-start object is still needed for the upgradeability test # todo: remove this after 0.7.0 is released @@ -112,7 +108,5 @@ vault: /bin/vault kv put secret/aes-keys content=YWVzX2VuY2tleV90ZXN0Cg== } -backendService: - httpProxyTokenReceiverUrl: "http://backend:8080" tests: hookDeletePolicy: before-hook-creation From eb0bda4009b616fee23076bcfdb0da6c573b6eb5 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 12:01:31 +0200 Subject: [PATCH 02/20] remove duplicate line in migration guide --- docs/migration/Version_0.5.x_0.7.x.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/migration/Version_0.5.x_0.7.x.md b/docs/migration/Version_0.5.x_0.7.x.md index 95c35aa18..18b7ab5d2 100644 --- a/docs/migration/Version_0.5.x_0.7.x.md +++ b/docs/migration/Version_0.5.x_0.7.x.md @@ -67,7 +67,6 @@ participant's control plane and data plane. | `dataplane.token.refresh.expiry_seconds` | `TX_EDC_DATAPLANE_TOKEN_EXPIRY` | | 30 | TTL for access tokens | | `dataplane.token.refresh.expiry_tolerance_seconds` | `TX_EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE` | | 10 | tolerance for token expiry | | `dataplane.token.refresh.refresh_endpoint` | `TX_EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT` | | `/token` | endpoint for an OAuth2 token refresh request | -| `dataplane.token.refresh.refresh_endpoint` | `TX_EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT` | | `/token` | endpoint for an OAuth2 token refresh request | | `dataplane.token.signer.privatekey_alias` | `EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS` | x | | alias, under which the private key is stored in the vault | | `dataplane.token.verifier.publickey_alias` | `EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS` | x | | alias, under which the public key is stored in the vault | From 292958f23e3a649a120d0b93d9d6a23bd108b71e Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 12:07:07 +0200 Subject: [PATCH 03/20] streamline services regarding labels & annotations --- .../tractusx-connector-azure-vault/README.md | 6 ++- .../templates/service-controlplane.yaml | 13 +++-- .../templates/service-dataplane.yaml | 44 ++++++++++------- .../values.yaml | 10 +++- charts/tractusx-connector-memory/README.md | 3 +- .../templates/service-runtime.yaml | 49 +++++++++++-------- charts/tractusx-connector-memory/values.yaml | 4 ++ charts/tractusx-connector/README.md | 6 ++- .../templates/service-controlplane.yaml | 13 +++-- .../templates/service-dataplane.yaml | 13 +++-- charts/tractusx-connector/values.yaml | 11 ++++- 11 files changed, 116 insertions(+), 56 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index 9e7cae231..2fb8e8b91 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -153,7 +153,8 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | controlplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | | controlplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | | controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| controlplane.service.annotations | object | `{}` | | +| controlplane.service.annotations | object | `{}` | additional annotations for the service | +| controlplane.service.labels | object | `{}` | additional labels for the service | | controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | | controlplane.tolerations | list | `[]` | | | controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | @@ -232,7 +233,8 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | | dataplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | | dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| dataplane.service.port | int | `80` | | +| dataplane.service.annotations | object | `{}` | additional annotations for the service | +| dataplane.service.labels | object | `{}` | additional labels for the service | | dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | | dataplane.token.refresh.expiry_seconds | int | `300` | | | dataplane.token.refresh.expiry_tolerance_seconds | int | `10` | | diff --git a/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml index f39a69538..5a5203f90 100644 --- a/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml @@ -1,8 +1,8 @@ ################################################################################# -# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023,2024 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -26,9 +26,16 @@ apiVersion: v1 kind: Service metadata: name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} + namespace: {{ .Release.Namespace }} + {{- with .Values.controlplane.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} labels: {{- include "txdc.controlplane.labels" . | nindent 4 }} + {{- with .Values.controlplane.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.controlplane.service.type }} ports: diff --git a/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml index 14230b9de..4733613b8 100644 --- a/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml @@ -1,30 +1,38 @@ +################################################################################# +# Copyright (c) 2024 ZF Friedrichshafen AG +# Copyright (c) 2023,2024 Contributors to the Eclipse Foundation # - # Copyright (c) 2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +################################################################################# --- apiVersion: v1 kind: Service metadata: name: {{ include "txdc.fullname" . }}-dataplane - namespace: {{ .Release.Namespace | default "default" | quote }} + namespace: {{ .Release.Namespace }} + {{- with .Values.dataplane.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} labels: {{- include "txdc.dataplane.labels" . | nindent 4 }} + {{- with .Values.dataplane.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.dataplane.service.type }} ports: diff --git a/charts/tractusx-connector-azure-vault/values.yaml b/charts/tractusx-connector-azure-vault/values.yaml index 1dee21700..2877ccc7f 100644 --- a/charts/tractusx-connector-azure-vault/values.yaml +++ b/charts/tractusx-connector-azure-vault/values.yaml @@ -144,7 +144,11 @@ controlplane: service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. type: ClusterIP + # -- additional labels for the service + labels: {} + # -- additional annotations for the service annotations: {} + # -- additional labels for the pod podLabels: {} # -- additional annotations for the pod @@ -343,7 +347,11 @@ dataplane: service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. type: ClusterIP - port: 80 + # -- additional labels for the service + labels: {} + # -- additional annotations for the service + annotations: {} + endpoints: default: port: 8080 diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index 7d3b83c1b..c785f3fa4 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -150,7 +150,8 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | | runtime.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | | runtime.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| runtime.service.annotations | object | `{}` | | +| runtime.service.annotations | object | `{}` | additional annotations for the service | +| runtime.service.labels | object | `{}` | additional labels for the service | | runtime.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | | runtime.token.refresh.expiry_seconds | int | `300` | | | runtime.token.refresh.expiry_tolerance_seconds | int | `10` | | diff --git a/charts/tractusx-connector-memory/templates/service-runtime.yaml b/charts/tractusx-connector-memory/templates/service-runtime.yaml index d6c441b85..0767c0d06 100644 --- a/charts/tractusx-connector-memory/templates/service-runtime.yaml +++ b/charts/tractusx-connector-memory/templates/service-runtime.yaml @@ -1,33 +1,40 @@ +################################################################################# +# Copyright (c) 2023,2024 ZF Friedrichshafen AG +# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH +# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # - # Copyright (c) 2023 ZF Friedrichshafen AG - # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH - # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - # Copyright (c) 2021,2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +################################################################################# --- apiVersion: v1 kind: Service metadata: name: {{ include "txdc.fullname" . }}-runtime - namespace: {{ .Release.Namespace | default "default" | quote }} + namespace: {{ .Release.Namespace }} + {{- with .Values.runtime.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} labels: {{- include "txdc.runtime.labels" . | nindent 4 }} + {{- with .Values.runtime.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.runtime.service.type }} ports: diff --git a/charts/tractusx-connector-memory/values.yaml b/charts/tractusx-connector-memory/values.yaml index c8dc1d03b..a527a569b 100644 --- a/charts/tractusx-connector-memory/values.yaml +++ b/charts/tractusx-connector-memory/values.yaml @@ -151,7 +151,11 @@ runtime: service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. type: ClusterIP + # -- additional labels for the service + labels: {} + # -- additional annotations for the service annotations: {} + # -- additional labels for the pod podLabels: {} # -- additional annotations for the pod diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index b8dd7e0ea..922b6ea34 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -150,7 +150,8 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | controlplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | | controlplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | | controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| controlplane.service.annotations | object | `{}` | | +| controlplane.service.annotations | object | `{}` | additional annotations for the service | +| controlplane.service.labels | object | `{}` | additional labels for the service | | controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | | controlplane.tolerations | list | `[]` | | | controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | @@ -229,7 +230,8 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | dataplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | | dataplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | | dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| dataplane.service.port | int | `80` | | +| dataplane.service.annotations | object | `{}` | additional annotations for the service | +| dataplane.service.labels | object | `{}` | additional labels for the service | | dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | | dataplane.token.refresh.expiry_seconds | int | `300` | | | dataplane.token.refresh.expiry_tolerance_seconds | int | `10` | | diff --git a/charts/tractusx-connector/templates/service-controlplane.yaml b/charts/tractusx-connector/templates/service-controlplane.yaml index f39a69538..400a5d80c 100644 --- a/charts/tractusx-connector/templates/service-controlplane.yaml +++ b/charts/tractusx-connector/templates/service-controlplane.yaml @@ -1,8 +1,8 @@ ################################################################################# -# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023.2024 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -26,9 +26,16 @@ apiVersion: v1 kind: Service metadata: name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} + namespace: {{ .Release.Namespace }} + {{- with .Values.controlplane.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} labels: {{- include "txdc.controlplane.labels" . | nindent 4 }} + {{- with .Values.controlplane.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.controlplane.service.type }} ports: diff --git a/charts/tractusx-connector/templates/service-dataplane.yaml b/charts/tractusx-connector/templates/service-dataplane.yaml index 0f1fc5e8c..dcd198497 100644 --- a/charts/tractusx-connector/templates/service-dataplane.yaml +++ b/charts/tractusx-connector/templates/service-dataplane.yaml @@ -1,8 +1,8 @@ ################################################################################# -# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023,2024 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -26,9 +26,16 @@ apiVersion: v1 kind: Service metadata: name: {{ include "txdc.fullname" . }}-dataplane - namespace: {{ .Release.Namespace | default "default" | quote }} + namespace: {{ .Release.Namespace }} + {{- with .Values.dataplane.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} labels: {{- include "txdc.dataplane.labels" . | nindent 4 }} + {{- with .Values.dataplane.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.dataplane.service.type }} ports: diff --git a/charts/tractusx-connector/values.yaml b/charts/tractusx-connector/values.yaml index 49beca704..169686ec2 100644 --- a/charts/tractusx-connector/values.yaml +++ b/charts/tractusx-connector/values.yaml @@ -20,7 +20,6 @@ # SPDX-License-Identifier: Apache-2.0 ################################################################################# - --- # Default values for eclipse-dataspace-connector. # This is a YAML-formatted file. @@ -144,7 +143,11 @@ controlplane: service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. type: ClusterIP + # -- additional labels for the service + labels: {} + # -- additional annotations for the service annotations: {} + # -- additional labels for the pod podLabels: {} # -- additional annotations for the pod @@ -341,7 +344,11 @@ dataplane: service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. type: ClusterIP - port: 80 + # -- additional labels for the service + labels: {} + # -- additional annotations for the service + annotations: {} + endpoints: default: port: 8080 From 9bbbbe4e3d39ba626a825e9c1daecc951f9bfc74 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 12:08:03 +0200 Subject: [PATCH 04/20] add missing network policy to azure chart --- .../templates/networkpolicy.yaml | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml diff --git a/charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml b/charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml new file mode 100644 index 000000000..890414678 --- /dev/null +++ b/charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml @@ -0,0 +1,46 @@ +################################################################################# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +################################################################################# + + +{{- if eq (.Values.networkPolicy.enabled | toString) "true" }} +{{- range tuple "controlplane" "dataplane" }} +{{- $name := . }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "txdc.fullname" $ }}-{{ $name }} + labels: + {{- include (printf "txdc.%s.labels" $name) $ | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include (printf "txdc.%s.selectorLabels" $name) $ | nindent 6 }} + ingress: + - from: + {{- toYaml (index $.Values.networkPolicy $name "from") | nindent 6 }} + ports: + {{- range $key,$value := (index $.Values $name "endpoints") }} + - port: {{ $value.port }} + protocol: TCP + {{- end }} + policyTypes: + - Ingress +--- +{{- end }} +{{- end }} From c8c4d4dc329d9306a4f20f694aa9fd71bcaa533a Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 12:15:12 +0200 Subject: [PATCH 05/20] Update values documentations --- .../tractusx-connector-azure-vault/README.md | 101 +++++++------- .../values.yaml | 109 +++++++++++----- charts/tractusx-connector-memory/README.md | 68 +++++----- charts/tractusx-connector-memory/values.yaml | 73 ++++++++--- charts/tractusx-connector/README.md | 112 +++++++++------- charts/tractusx-connector/values.yaml | 123 +++++++++++++----- 6 files changed, 379 insertions(+), 207 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index 2fb8e8b91..5e145edcd 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -66,18 +66,18 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | Key | Type | Default | Description | |-----|------|---------|-------------| -| controlplane.affinity | object | `{}` | | +| controlplane.affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on | | controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | | controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | | controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | | controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | | controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| controlplane.bdrs.cache_validity_seconds | int | `600` | | -| controlplane.bdrs.server.url | string | `nil` | | +| controlplane.bdrs.cache_validity_seconds | int | `600` | Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) | +| controlplane.bdrs.server.url | string | `nil` | URL of the BPN/DID Resolution Service | | controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` | | -| controlplane.debug.enabled | bool | `false` | | -| controlplane.debug.port | int | `1044` | | -| controlplane.debug.suspendOnStart | bool | `false` | | +| controlplane.debug.enabled | bool | `false` | Enables java debugging mode. | +| controlplane.debug.port | int | `1044` | Port where the debuggee can connect to. | +| controlplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | | controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane | | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | | controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | @@ -86,7 +86,7 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | controlplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | | controlplane.endpoints.default.port | int | `8080` | port for incoming api calls | | controlplane.endpoints.management | object | `{"authKey":"password","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | -| controlplane.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header | +| controlplane.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | | controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | | controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | | controlplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | @@ -96,9 +96,9 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | | controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls | | controlplane.env | object | `{}` | | -| controlplane.envConfigMapNames | list | `[]` | | -| controlplane.envSecretNames | list | `[]` | | -| controlplane.envValueFrom | object | `{}` | | +| controlplane.envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from | +| controlplane.envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from | +| controlplane.envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core | | controlplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | | controlplane.image.repository | string | `""` | Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically | | controlplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | @@ -130,7 +130,7 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | controlplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | controlplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | controlplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| controlplane.nodeSelector | object | `{}` | | +| controlplane.nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes | | controlplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | | controlplane.podAnnotations | object | `{}` | additional annotations for the pod | | controlplane.podLabels | object | `{}` | additional labels for the pod | @@ -156,13 +156,13 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | controlplane.service.annotations | object | `{}` | additional annotations for the service | | controlplane.service.labels | object | `{}` | additional labels for the service | | controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| controlplane.tolerations | list | `[]` | | +| controlplane.tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes | | controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | | controlplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | | controlplane.volumes | string | `nil` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | | customCaCerts | object | `{}` | Add custom ca certificates to the truststore | -| customLabels | object | `{}` | To add some custom labels | -| dataplane.affinity | object | `{}` | | +| customLabels | object | `{}` | Add some custom labels | +| dataplane.affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on | | dataplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | | dataplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | | dataplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | @@ -171,24 +171,29 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.aws.accessKeyId | string | `""` | | | dataplane.aws.endpointOverride | string | `""` | | | dataplane.aws.secretAccessKey | string | `""` | | -| dataplane.debug.enabled | bool | `false` | | -| dataplane.debug.port | int | `1044` | | -| dataplane.debug.suspendOnStart | bool | `false` | | +| dataplane.debug.enabled | bool | `false` | Enables java debugging mode. | +| dataplane.debug.port | int | `1044` | Port where the debuggee can connect to. | +| dataplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | +| dataplane.endpoints | object | `{"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081},"signaling":{"path":"/api/signaling","port":8083}}` | endpoints of the dataplane | | dataplane.endpoints.control.path | string | `"/api/control"` | | | dataplane.endpoints.control.port | int | `8084` | | -| dataplane.endpoints.default.path | string | `"/api"` | | -| dataplane.endpoints.default.port | int | `8080` | | -| dataplane.endpoints.metrics.path | string | `"/metrics"` | | -| dataplane.endpoints.metrics.port | int | `9090` | | -| dataplane.endpoints.proxy.authKey | string | `"password"` | | -| dataplane.endpoints.proxy.path | string | `"/proxy"` | | -| dataplane.endpoints.proxy.port | int | `8186` | | -| dataplane.endpoints.public.path | string | `"/api/public"` | | -| dataplane.endpoints.public.port | int | `8081` | | -| dataplane.env | object | `{}` | | -| dataplane.envConfigMapNames | list | `[]` | | -| dataplane.envSecretNames | list | `[]` | | -| dataplane.envValueFrom | object | `{}` | | +| dataplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | +| dataplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | +| dataplane.endpoints.default.port | int | `8080` | port for incoming api calls | +| dataplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | +| dataplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | +| dataplane.endpoints.metrics.port | int | `9090` | port for incoming api calls | +| dataplane.endpoints.proxy | object | `{"authKey":"password","path":"/proxy","port":8186}` | proxy API | +| dataplane.endpoints.proxy.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | +| dataplane.endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls | +| dataplane.endpoints.proxy.port | int | `8186` | port for incoming api calls | +| dataplane.endpoints.public | object | `{"path":"/api/public","port":8081}` | public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. | +| dataplane.endpoints.public.path | string | `"/api/public"` | path for incoming api calls | +| dataplane.endpoints.public.port | int | `8081` | port for incoming api calls | +| dataplane.env | object | `{}` | Extra environment variables that will be pass onto deployment pods | +| dataplane.envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from | +| dataplane.envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from | +| dataplane.envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core | | dataplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | | dataplane.image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | | dataplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | @@ -210,7 +215,7 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | dataplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | dataplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| dataplane.nodeSelector | object | `{}` | | +| dataplane.nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes | | dataplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | | dataplane.podAnnotations | object | `{}` | additional annotations for the pod | | dataplane.podLabels | object | `{}` | additional labels for the pod | @@ -227,6 +232,10 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | dataplane.replicaCount | int | `1` | | | dataplane.resources | object | `{"limits":{"cpu":1.5,"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"1024Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| dataplane.resources.limits.cpu | float | `1.5` | Maximum CPU limit | +| dataplane.resources.limits.memory | string | `"1024Mi"` | Maximum memory limit | +| dataplane.resources.requests.cpu | string | `"500m"` | Initial CPU request | +| dataplane.resources.requests.memory | string | `"1024Mi"` | Initial memory request | | dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | @@ -236,24 +245,24 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.service.annotations | object | `{}` | additional annotations for the service | | dataplane.service.labels | object | `{}` | additional labels for the service | | dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| dataplane.token.refresh.expiry_seconds | int | `300` | | -| dataplane.token.refresh.expiry_tolerance_seconds | int | `10` | | -| dataplane.token.refresh.refresh_endpoint | string | `nil` | | -| dataplane.token.signer.privatekey_alias | string | `nil` | | -| dataplane.token.verifier.publickey_alias | string | `nil` | | -| dataplane.tolerations | list | `[]` | | +| dataplane.token.refresh.expiry_seconds | int | `300` | TTL in seconds for access tokens (also known as EDR token) | +| dataplane.token.refresh.expiry_tolerance_seconds | int | `10` | Tolerance for token expiry in seconds | +| dataplane.token.refresh.refresh_endpoint | string | `nil` | Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` | +| dataplane.token.signer.privatekey_alias | string | `nil` | Alias under which the private key (JWK or PEM format) is stored in the vault | +| dataplane.token.verifier.publickey_alias | string | `nil` | Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` | +| dataplane.tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes | | dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | | dataplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | | dataplane.volumes | string | `nil` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | | fullnameOverride | string | `""` | | -| iatp.id | string | `"did:web:changeme"` | | -| iatp.sts.dim.url | string | `nil` | | -| iatp.sts.oauth.client.id | string | `nil` | | -| iatp.sts.oauth.client.secret_alias | string | `nil` | | -| iatp.sts.oauth.token_url | string | `nil` | | +| iatp.id | string | `"did:web:changeme"` | Decentralized IDentifier (DID) of the connector | +| iatp.sts.dim.url | string | `nil` | URL where connectors can request SI tokens | +| iatp.sts.oauth.client.id | string | `nil` | Client ID for requesting OAuth2 access token for DIM access | +| iatp.sts.oauth.client.secret_alias | string | `nil` | Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access | +| iatp.sts.oauth.token_url | string | `nil` | URL where connectors can request OAuth2 access tokens for DIM access | | iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime | | imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| install.postgresql | bool | `true` | | +| install.postgresql | bool | `true` | Deploying a PostgreSQL instance | | nameOverride | string | `""` | | | networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component | | networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) | @@ -267,10 +276,10 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` | | | postgresql.primary.persistence.enabled | bool | `false` | | | postgresql.readReplicas.persistence.enabled | bool | `false` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| serviceAccount.name | string | `""` | | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | | vault.azure.certificate | string | `nil` | | diff --git a/charts/tractusx-connector-azure-vault/values.yaml b/charts/tractusx-connector-azure-vault/values.yaml index 2877ccc7f..f7cd0e6c9 100644 --- a/charts/tractusx-connector-azure-vault/values.yaml +++ b/charts/tractusx-connector-azure-vault/values.yaml @@ -1,8 +1,8 @@ ################################################################################# -# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023,2024 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -20,41 +20,47 @@ # SPDX-License-Identifier: Apache-2.0 ################################################################################# - --- # Default values for eclipse-dataspace-connector. # This is a YAML-formatted file. # Declare variables to be passed into your templates. install: + # -- Deploying a PostgreSQL instance postgresql: true + fullnameOverride: "" nameOverride: "" # -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) imagePullSecrets: [] -# -- To add some custom labels +# -- Add some custom labels customLabels: {} participant: # -- BPN Number id: "BPNLCHANGEME" - iatp: - # Decentralized IDentifier + # -- Decentralized IDentifier (DID) of the connector id: "did:web:changeme" # -- Configures the trusted issuers for this runtime trustedIssuers: [] sts: dim: + # -- URL where connectors can request SI tokens url: oauth: + # -- URL where connectors can request OAuth2 access tokens for DIM access token_url: client: + # -- Client ID for requesting OAuth2 access token for DIM access id: + # -- Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access secret_alias: +# -- Add custom ca certificates to the truststore +customCaCerts: {} controlplane: image: @@ -66,9 +72,13 @@ controlplane: tag: "" initContainers: [] debug: + # -- Enables java debugging mode. enabled: false + # -- Port where the debuggee can connect to. port: 1044 + # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port. suspendOnStart: false + livenessProbe: # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) enabled: true @@ -95,6 +105,7 @@ controlplane: failureThreshold: 6 # -- number of consecutive successes for the probe to be considered successful after having failed successThreshold: 1 + # -- endpoints of the control plane endpoints: # -- default api for health checks, should not be added to any ingress @@ -109,7 +120,7 @@ controlplane: port: 8081 # -- path for incoming api calls path: /management - # -- authentication key, must be attached to each 'X-Api-Key' request header + # -- authentication key, must be attached to each request as `X-Api-Key` header authKey: "password" # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not control: @@ -135,10 +146,10 @@ controlplane: agreementValidation: true bdrs: - # time that a cached BPN/DID resolution map is valid in seconds, default is 10 min + # -- Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) cache_validity_seconds: 600 server: - # URL of the BPN/DID Resolution Service - required: + # -- URL of the BPN/DID Resolution Service url: service: @@ -180,11 +191,12 @@ controlplane: runAsNonRoot: true # -- The container's process will run with the specified uid runAsUser: 10001 + # Extra environment variables that will be pass onto deployment pods env: {} # ENV_NAME: value - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. + # -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core envValueFrom: {} # ENV_NAME: @@ -195,12 +207,12 @@ controlplane: # name: secret-name # key: value_key - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from + # -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from envSecretNames: [] # - first-secret # - second-secret - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from + # -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from envConfigMapNames: [] # - first-config-map # - second-config-map @@ -254,10 +266,12 @@ controlplane: issuer: "" # -- If preset enables certificate generation via cert-manager cluster-wide issuer clusterIssuer: "" + # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container volumeMounts: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: + # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container resources: limits: @@ -266,7 +280,9 @@ controlplane: requests: cpu: 500m memory: 512Mi + replicaCount: 1 + autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) enabled: false @@ -278,6 +294,7 @@ controlplane: targetCPUUtilizationPercentage: 80 # -- targetAverageUtilization of memory provided to a pod targetMemoryUtilizationPercentage: 80 + # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics opentelemetry: |- otel.javaagent.enabled=false @@ -291,20 +308,17 @@ controlplane: java.util.logging.ConsoleHandler.level=ALL java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes + # -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes + # -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on + # -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on affinity: {} url: # -- Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) protocol: "" -# -- Add custom ca certificates to the truststore -customCaCerts: {} - dataplane: image: # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically @@ -315,9 +329,13 @@ dataplane: tag: "" initContainers: [] debug: + # -- Enables java debugging mode. enabled: false + # -- Port where the debuggee can connect to. port: 1044 + # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port. suspendOnStart: false + livenessProbe: # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) enabled: true @@ -344,6 +362,7 @@ dataplane: failureThreshold: 6 # -- number of consecutive successes for the probe to be considered successful after having failed successThreshold: 1 + service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. type: ClusterIP @@ -352,41 +371,57 @@ dataplane: # -- additional annotations for the service annotations: {} + # -- endpoints of the dataplane endpoints: + # -- default api for health checks, should not be added to any ingress default: + # -- port for incoming api calls port: 8080 + # -- path for incoming api calls path: /api + # -- public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. public: + # -- port for incoming api calls port: 8081 + # -- path for incoming api calls path: /api/public control: port: 8084 path: /api/control proxy: + # -- port for incoming api calls port: 8186 + # -- path for incoming api calls path: /proxy + # -- authentication key, must be attached to each request as `X-Api-Key` header authKey: "password" + # -- metrics api, used for application metrics, must not be internet facing metrics: + # -- port for incoming api calls port: 9090 + # -- path for incoming api calls path: /metrics token: refresh: + # -- TTL in seconds for access tokens (also known as EDR token) expiry_seconds: 300 + # -- Tolerance for token expiry in seconds expiry_tolerance_seconds: 10 - # optional URL that can be provided where clients go to refresh tokens. + # -- Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` refresh_endpoint: signer: - # alias under which the private key is stored in the vault (JWK or PEM format) + # -- Alias under which the private key (JWK or PEM format) is stored in the vault privatekey_alias: verifier: - # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + # -- Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` publickey_alias: aws: endpointOverride: "" accessKeyId: "" secretAccessKey: "" + # -- additional labels for the pod podLabels: {} # -- additional annotations for the pod @@ -418,11 +453,12 @@ dataplane: runAsNonRoot: true # -- The container's process will run with the specified uid runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods + + # -- Extra environment variables that will be pass onto deployment pods env: {} # ENV_NAME: value - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. + # -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core envValueFrom: {} # ENV_NAME: @@ -433,12 +469,12 @@ dataplane: # name: secret-name # key: value_key - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from + # -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from envSecretNames: [] # - first-secret # - second-secret - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from + # -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from envConfigMapNames: [] # - first-config-map # - second-config-map @@ -468,19 +504,27 @@ dataplane: issuer: "" # -- If preset enables certificate generation via cert-manager cluster-wide issuer clusterIssuer: "" + # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container volumeMounts: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: + # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container resources: limits: + # -- Maximum CPU limit cpu: 1.5 + # -- Maximum memory limit memory: 1024Mi requests: + # -- Initial CPU request cpu: 500m + # -- Initial memory request memory: 1024Mi + replicaCount: 1 + autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) enabled: false @@ -492,6 +536,7 @@ dataplane: targetCPUUtilizationPercentage: 80 # -- targetAverageUtilization of memory provided to a pod targetMemoryUtilizationPercentage: 80 + # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics opentelemetry: |- otel.javaagent.enabled=false @@ -504,11 +549,12 @@ dataplane: java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter java.util.logging.ConsoleHandler.level=ALL java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes + + # -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes + # -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on + # -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on affinity: {} url: @@ -527,6 +573,7 @@ postgresql: database: "edc" username: "user" password: "password" + vault: azure: name: "" @@ -550,11 +597,11 @@ networkPolicy: - namespaceSelector: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index c785f3fa4..fbdda8ef2 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -56,30 +56,30 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ |-----|------|---------|-------------| | backendService.httpProxyTokenReceiverUrl | string | `"https://example.com"` | Specifies a backend service which will receive the EDR | | customCaCerts | object | `{}` | Add custom ca certificates to the truststore | -| customLabels | object | `{}` | To add some custom labels | +| customLabels | object | `{}` | Add some custom labels | | fullnameOverride | string | `""` | | -| iatp.id | string | `"did:web:changeme"` | | -| iatp.sts.dim.url | string | `nil` | | -| iatp.sts.oauth.client.id | string | `nil` | | -| iatp.sts.oauth.client.secret_alias | string | `nil` | | -| iatp.sts.oauth.token_url | string | `nil` | | +| iatp.id | string | `"did:web:changeme"` | Decentralized IDentifier (DID) of the connector | +| iatp.sts.dim.url | string | `nil` | URL where connectors can request SI tokens | +| iatp.sts.oauth.client.id | string | `nil` | Client ID for requesting OAuth2 access token for DIM access | +| iatp.sts.oauth.client.secret_alias | string | `nil` | Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access | +| iatp.sts.oauth.token_url | string | `nil` | URL where connectors can request OAuth2 access tokens for DIM access | | iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime | | imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | | nameOverride | string | `""` | | | participant.id | string | `"BPNLCHANGEME"` | BPN Number | -| runtime.affinity | object | `{}` | | +| runtime.affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on | | runtime.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | | runtime.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | | runtime.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | | runtime.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | | runtime.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| runtime.bdrs.cache_validity_seconds | int | `600` | | -| runtime.bdrs.server.url | string | `nil` | | +| runtime.bdrs.cache_validity_seconds | int | `600` | Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) | +| runtime.bdrs.server.url | string | `nil` | URL of the BPN/DID Resolution Service | | runtime.businessPartnerValidation.log.agreementValidation | bool | `true` | | -| runtime.debug.enabled | bool | `false` | | -| runtime.debug.port | int | `1044` | | -| runtime.debug.suspendOnStart | bool | `false` | | -| runtime.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8086}}` | endpoints of the control plane | +| runtime.debug.enabled | bool | `false` | Enables java debugging mode. | +| runtime.debug.port | int | `1044` | Port where the debuggee can connect to. | +| runtime.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | +| runtime.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084},"proxy":{"path":"/proxy","port":8186},"public":{"path":"/api/public","port":8086},"signaling":{"path":"/api/signaling","port":8087}}` | endpoints of the controlplane | | runtime.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | | runtime.endpoints.control.path | string | `"/control"` | path for incoming api calls | | runtime.endpoints.control.port | int | `8083` | port for incoming api calls | @@ -87,18 +87,24 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.endpoints.default.path | string | `"/api"` | path for incoming api calls | | runtime.endpoints.default.port | int | `8080` | port for incoming api calls | | runtime.endpoints.management | object | `{"authKey":"password","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | -| runtime.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header | +| runtime.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | | runtime.endpoints.management.path | string | `"/management"` | path for incoming api calls | | runtime.endpoints.management.port | int | `8081` | port for incoming api calls | | runtime.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | | runtime.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | | runtime.endpoints.protocol.port | int | `8084` | port for incoming api calls | +| runtime.endpoints.proxy | object | `{"path":"/proxy","port":8186}` | proxy API | +| runtime.endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls | +| runtime.endpoints.proxy.port | int | `8186` | port for incoming api calls | +| runtime.endpoints.public | object | `{"path":"/api/public","port":8086}` | public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. | +| runtime.endpoints.public.path | string | `"/api/public"` | path for incoming api calls | +| runtime.endpoints.public.port | int | `8086` | port for incoming api calls | | runtime.env | object | `{}` | | -| runtime.envConfigMapNames | list | `[]` | | -| runtime.envSecretNames | list | `[]` | | -| runtime.envValueFrom | object | `{}` | | +| runtime.envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from | +| runtime.envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from | +| runtime.envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core | | runtime.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| runtime.image.repository | string | `""` | | +| runtime.image.repository | string | `""` | Which derivate of the control plane to use. When left empty the deployment will select the correct image automatically | | runtime.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | | runtime.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | | runtime.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | @@ -128,7 +134,7 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | runtime.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | runtime.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| runtime.nodeSelector | object | `{}` | | +| runtime.nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes | | runtime.podAnnotations | object | `{}` | additional annotations for the pod | | runtime.podLabels | object | `{}` | additional labels for the pod | | runtime.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | @@ -144,6 +150,10 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | runtime.replicaCount | int | `1` | | | runtime.resources | object | `{"limits":{"cpu":1.5,"memory":"512Mi"},"requests":{"cpu":"500m","memory":"512Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| runtime.resources.limits.cpu | float | `1.5` | Maximum CPU limit | +| runtime.resources.limits.memory | string | `"512Mi"` | Maximum memory limit | +| runtime.resources.requests.cpu | string | `"500m"` | Initial CPU request | +| runtime.resources.requests.memory | string | `"512Mi"` | Initial memory request | | runtime.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | runtime.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | runtime.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | @@ -153,21 +163,21 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.service.annotations | object | `{}` | additional annotations for the service | | runtime.service.labels | object | `{}` | additional labels for the service | | runtime.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| runtime.token.refresh.expiry_seconds | int | `300` | | -| runtime.token.refresh.expiry_tolerance_seconds | int | `10` | | -| runtime.token.refresh.refresh_endpoint | string | `nil` | | -| runtime.token.signer.privatekey_alias | string | `nil` | | -| runtime.token.verifier.publickey_alias | string | `nil` | | -| runtime.tolerations | list | `[]` | | +| runtime.token.refresh.expiry_seconds | int | `300` | TTL in seconds for access tokens (also known as EDR token) | +| runtime.token.refresh.expiry_tolerance_seconds | int | `10` | Tolerance for token expiry in seconds | +| runtime.token.refresh.refresh_endpoint | string | `nil` | Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` | +| runtime.token.signer.privatekey_alias | string | `nil` | Alias under which the private key (JWK or PEM format) is stored in the vault | +| runtime.token.verifier.publickey_alias | string | `nil` | Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` | +| runtime.tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes | | runtime.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | -| runtime.url.public | string | `""` | | +| runtime.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | | runtime.url.readiness | string | `""` | | | runtime.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | | runtime.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| serviceAccount.name | string | `""` | | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | | vault.secrets | string | `""` | | diff --git a/charts/tractusx-connector-memory/values.yaml b/charts/tractusx-connector-memory/values.yaml index a527a569b..d66e88761 100644 --- a/charts/tractusx-connector-memory/values.yaml +++ b/charts/tractusx-connector-memory/values.yaml @@ -1,6 +1,7 @@ ################################################################################# +# Copyright (c) 2024 ZF Friedrichshafen AG # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -25,9 +26,10 @@ fullnameOverride: "" nameOverride: "" + # -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) imagePullSecrets: [] -# -- To add some custom labels +# -- Add some custom labels customLabels: {} participant: @@ -35,17 +37,21 @@ participant: id: "BPNLCHANGEME" iatp: - # Decentralized IDentifier + # -- Decentralized IDentifier (DID) of the connector id: "did:web:changeme" # -- Configures the trusted issuers for this runtime trustedIssuers: [] sts: dim: + # -- URL where connectors can request SI tokens url: oauth: + # -- URL where connectors can request OAuth2 access tokens for DIM access token_url: client: + # -- Client ID for requesting OAuth2 access token for DIM access id: + # -- Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access secret_alias: # -- Add custom ca certificates to the truststore @@ -53,6 +59,7 @@ customCaCerts: {} runtime: image: + # -- Which derivate of the control plane to use. When left empty the deployment will select the correct image automatically repository: "" # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use pullPolicy: IfNotPresent @@ -60,9 +67,13 @@ runtime: tag: "" initContainers: [] debug: + # -- Enables java debugging mode. enabled: false + # -- Port where the debuggee can connect to. port: 1044 + # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port. suspendOnStart: false + livenessProbe: # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) enabled: true @@ -89,7 +100,8 @@ runtime: failureThreshold: 6 # -- number of consecutive successes for the probe to be considered successful after having failed successThreshold: 1 - # -- endpoints of the control plane + + # -- endpoints of the controlplane endpoints: # -- default api for health checks, should not be added to any ingress default: @@ -103,7 +115,7 @@ runtime: port: 8081 # -- path for incoming api calls path: /management - # -- authentication key, must be attached to each 'X-Api-Key' request header + # -- authentication key, must be attached to each request as `X-Api-Key` header authKey: "password" # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not control: @@ -117,12 +129,19 @@ runtime: port: 8084 # -- path for incoming api calls path: /api/v1/dsp + # -- public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. public: + # -- port for incoming api calls port: 8086 + # -- path for incoming api calls path: /api/public + # -- proxy API proxy: + # -- port for incoming api calls port: 8186 + # -- path for incoming api calls path: /proxy + # -- authentication key, must be attached to each request as `X-Api-Key` header authKey: "password" businessPartnerValidation: @@ -130,22 +149,24 @@ runtime: agreementValidation: true token: refresh: + # -- TTL in seconds for access tokens (also known as EDR token) expiry_seconds: 300 + # -- Tolerance for token expiry in seconds expiry_tolerance_seconds: 10 - # optional URL that can be provided where clients go to refresh tokens. + # -- Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` refresh_endpoint: signer: - # alias under which the private key is stored in the vault (JWK or PEM format) + # -- Alias under which the private key (JWK or PEM format) is stored in the vault privatekey_alias: verifier: - # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + # -- Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` publickey_alias: bdrs: - # time that a cached BPN/DID resolution map is valid in seconds, default is 10 min + # -- Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) cache_validity_seconds: 600 server: - # URL of the BPN/DID Resolution Service - required: + # -- URL of the BPN/DID Resolution Service url: service: @@ -187,11 +208,12 @@ runtime: runAsNonRoot: true # -- The container's process will run with the specified uid runAsUser: 10001 + # Extra environment variables that will be pass onto deployment pods env: {} # ENV_NAME: value - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. + # -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core envValueFrom: {} # ENV_NAME: @@ -202,12 +224,12 @@ runtime: # name: secret-name # key: value_key - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from + # -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from envSecretNames: [] # - first-secret # - second-secret - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from + # -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from envConfigMapNames: [] # - first-config-map # - second-config-map @@ -262,19 +284,27 @@ runtime: issuer: "" # -- If preset enables certificate generation via cert-manager cluster-wide issuer clusterIssuer: "" + # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container volumeMounts: [] # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: [] + # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container resources: limits: + # -- Maximum CPU limit cpu: 1.5 + # -- Maximum memory limit memory: 512Mi requests: + # -- Initial CPU request cpu: 500m + # -- Initial memory request memory: 512Mi + replicaCount: 1 + autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) enabled: false @@ -286,6 +316,7 @@ runtime: targetCPUUtilizationPercentage: 80 # -- targetAverageUtilization of memory provided to a pod targetMemoryUtilizationPercentage: 80 + # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) logging: |- .level=INFO @@ -294,15 +325,18 @@ runtime: java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter java.util.logging.ConsoleHandler.level=ALL java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes + + # -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes + # -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on + # -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on affinity: {} + url: # -- Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) protocol: "" + # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) public: "" readiness: "" vault: @@ -314,15 +348,16 @@ backendService: # -- Specifies a backend service which will receive the EDR httpProxyTokenReceiverUrl: "https://example.com" serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) imagePullSecrets: [] + # -- Configurations for Helm tests tests: # -- Configure the hook-delete-policy for Helm tests diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index 922b6ea34..a551da2d0 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -63,18 +63,18 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | Key | Type | Default | Description | |-----|------|---------|-------------| -| controlplane.affinity | object | `{}` | | +| controlplane.affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on | | controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | | controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | | controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | | controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | | controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| controlplane.bdrs.cache_validity_seconds | int | `600` | | -| controlplane.bdrs.server.url | string | `nil` | | +| controlplane.bdrs.cache_validity_seconds | int | `600` | Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) | +| controlplane.bdrs.server.url | string | `nil` | URL of the BPN/DID Resolution Service | | controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` | | -| controlplane.debug.enabled | bool | `false` | | -| controlplane.debug.port | int | `1044` | | -| controlplane.debug.suspendOnStart | bool | `false` | | +| controlplane.debug.enabled | bool | `false` | Enables java debugging mode. | +| controlplane.debug.port | int | `1044` | Port where the debuggee can connect to. | +| controlplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | | controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane | | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | | controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | @@ -83,7 +83,7 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | controlplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | | controlplane.endpoints.default.port | int | `8080` | port for incoming api calls | | controlplane.endpoints.management | object | `{"authKey":"password","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | -| controlplane.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header | +| controlplane.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | | controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | | controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | | controlplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | @@ -92,12 +92,12 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | | controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | | controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls | -| controlplane.env | object | `{}` | | -| controlplane.envConfigMapNames | list | `[]` | | -| controlplane.envSecretNames | list | `[]` | | -| controlplane.envValueFrom | object | `{}` | | +| controlplane.env | object | `{}` | Extra environment variables that will be pass onto deployment pods | +| controlplane.envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from | +| controlplane.envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from | +| controlplane.envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core | | controlplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| controlplane.image.repository | string | `""` | Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically | +| controlplane.image.repository | string | `""` | Which derivate of the control plane to use. When left empty the deployment will select the correct image automatically | | controlplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | | controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | | controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | @@ -127,7 +127,7 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | controlplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | controlplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | controlplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| controlplane.nodeSelector | object | `{}` | | +| controlplane.nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes | | controlplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | | controlplane.podAnnotations | object | `{}` | additional annotations for the pod | | controlplane.podLabels | object | `{}` | additional labels for the pod | @@ -144,6 +144,10 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | controlplane.replicaCount | int | `1` | | | controlplane.resources | object | `{"limits":{"cpu":1.5,"memory":"512Mi"},"requests":{"cpu":"500m","memory":"512Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| controlplane.resources.limits.cpu | float | `1.5` | Maximum CPU limit | +| controlplane.resources.limits.memory | string | `"512Mi"` | Maximum memory limit | +| controlplane.resources.requests.cpu | string | `"500m"` | Initial CPU request | +| controlplane.resources.requests.memory | string | `"512Mi"` | Initial memory request | | controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | @@ -153,13 +157,13 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | controlplane.service.annotations | object | `{}` | additional annotations for the service | | controlplane.service.labels | object | `{}` | additional labels for the service | | controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| controlplane.tolerations | list | `[]` | | +| controlplane.tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes | | controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | | controlplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | | controlplane.volumes | string | `nil` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | | customCaCerts | object | `{}` | Add custom ca certificates to the truststore | -| customLabels | object | `{}` | To add some custom labels | -| dataplane.affinity | object | `{}` | | +| customLabels | object | `{}` | Add some custom labels | +| dataplane.affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on | | dataplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | | dataplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | | dataplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | @@ -168,24 +172,29 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | dataplane.aws.accessKeyId | string | `""` | | | dataplane.aws.endpointOverride | string | `""` | | | dataplane.aws.secretAccessKey | string | `""` | | -| dataplane.debug.enabled | bool | `false` | | -| dataplane.debug.port | int | `1044` | | -| dataplane.debug.suspendOnStart | bool | `false` | | +| dataplane.debug.enabled | bool | `false` | Enables java debugging mode. | +| dataplane.debug.port | int | `1044` | Port where the debuggee can connect to. | +| dataplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | +| dataplane.endpoints | object | `{"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081},"signaling":{"path":"/api/signaling","port":8083}}` | endpoints of the dataplane | | dataplane.endpoints.control.path | string | `"/api/control"` | | | dataplane.endpoints.control.port | int | `8084` | | -| dataplane.endpoints.default.path | string | `"/api"` | | -| dataplane.endpoints.default.port | int | `8080` | | -| dataplane.endpoints.metrics.path | string | `"/metrics"` | | -| dataplane.endpoints.metrics.port | int | `9090` | | -| dataplane.endpoints.proxy.authKey | string | `"password"` | | -| dataplane.endpoints.proxy.path | string | `"/proxy"` | | -| dataplane.endpoints.proxy.port | int | `8186` | | -| dataplane.endpoints.public.path | string | `"/api/public"` | | -| dataplane.endpoints.public.port | int | `8081` | | -| dataplane.env | object | `{}` | | -| dataplane.envConfigMapNames | list | `[]` | | -| dataplane.envSecretNames | list | `[]` | | -| dataplane.envValueFrom | object | `{}` | | +| dataplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | +| dataplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | +| dataplane.endpoints.default.port | int | `8080` | port for incoming api calls | +| dataplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | +| dataplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | +| dataplane.endpoints.metrics.port | int | `9090` | port for incoming api calls | +| dataplane.endpoints.proxy | object | `{"authKey":"password","path":"/proxy","port":8186}` | proxy API | +| dataplane.endpoints.proxy.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | +| dataplane.endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls | +| dataplane.endpoints.proxy.port | int | `8186` | port for incoming api calls | +| dataplane.endpoints.public | object | `{"path":"/api/public","port":8081}` | public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. | +| dataplane.endpoints.public.path | string | `"/api/public"` | path for incoming api calls | +| dataplane.endpoints.public.port | int | `8081` | port for incoming api calls | +| dataplane.env | object | `{}` | Extra environment variables that will be pass onto deployment pods | +| dataplane.envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from | +| dataplane.envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from | +| dataplane.envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core | | dataplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | | dataplane.image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | | dataplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | @@ -207,7 +216,7 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | dataplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | dataplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | dataplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| dataplane.nodeSelector | object | `{}` | | +| dataplane.nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes | | dataplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | | dataplane.podAnnotations | object | `{}` | additional annotations for the pod | | dataplane.podLabels | object | `{}` | additional labels for the pod | @@ -224,6 +233,11 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | dataplane.replicaCount | int | `1` | | | dataplane.resources | object | `{"limits":{"cpu":1.5,"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"1024Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| dataplane.resources.limits.cpu | float | `1.5` | Maximum CPU limit | +| dataplane.resources.limits.memory | string | `"1024Mi"` | Maximum memory limit | +| dataplane.resources.requests.cpu | string | `"500m"` | Initial CPU request | +| dataplane.resources.requests.memory | string | `"1024Mi"` | Initial memory request | +| dataplane.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"add":[],"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10001}` | The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod | | dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | @@ -233,25 +247,25 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | dataplane.service.annotations | object | `{}` | additional annotations for the service | | dataplane.service.labels | object | `{}` | additional labels for the service | | dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| dataplane.token.refresh.expiry_seconds | int | `300` | | -| dataplane.token.refresh.expiry_tolerance_seconds | int | `10` | | -| dataplane.token.refresh.refresh_endpoint | string | `nil` | | -| dataplane.token.signer.privatekey_alias | string | `nil` | | -| dataplane.token.verifier.publickey_alias | string | `nil` | | -| dataplane.tolerations | list | `[]` | | +| dataplane.token.refresh.expiry_seconds | int | `300` | TTL in seconds for access tokens (also known as EDR token) | +| dataplane.token.refresh.expiry_tolerance_seconds | int | `10` | Tolerance for token expiry in seconds | +| dataplane.token.refresh.refresh_endpoint | string | `nil` | Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` | +| dataplane.token.signer.privatekey_alias | string | `nil` | Alias under which the private key (JWK or PEM format) is stored in the vault | +| dataplane.token.verifier.publickey_alias | string | `nil` | Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` | +| dataplane.tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes | | dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | | dataplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | | dataplane.volumes | string | `nil` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | | fullnameOverride | string | `""` | | -| iatp.id | string | `"did:web:changeme"` | | -| iatp.sts.dim.url | string | `nil` | | -| iatp.sts.oauth.client.id | string | `nil` | | -| iatp.sts.oauth.client.secret_alias | string | `nil` | | -| iatp.sts.oauth.token_url | string | `nil` | | +| iatp.id | string | `"did:web:changeme"` | Decentralized IDentifier (DID) of the connector | +| iatp.sts.dim.url | string | `nil` | URL where connectors can request SI tokens | +| iatp.sts.oauth.client.id | string | `nil` | Client ID for requesting OAuth2 access token for DIM access | +| iatp.sts.oauth.client.secret_alias | string | `nil` | Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access | +| iatp.sts.oauth.token_url | string | `nil` | URL where connectors can request OAuth2 access tokens for DIM access | | iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime | | imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| install.postgresql | bool | `true` | | -| install.vault | bool | `true` | | +| install.postgresql | bool | `true` | Deploying a PostgreSQL instance | +| install.vault | bool | `true` | Deploying a HashiCorp Vault instance | | nameOverride | string | `""` | | | networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component | | networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) | @@ -265,10 +279,10 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` | | | postgresql.primary.persistence.enabled | bool | `false` | | | postgresql.readReplicas.persistence.enabled | bool | `false` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| serviceAccount.name | string | `""` | | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | | vault.hashicorp.healthCheck.enabled | bool | `true` | | diff --git a/charts/tractusx-connector/values.yaml b/charts/tractusx-connector/values.yaml index 169686ec2..9e9f4051f 100644 --- a/charts/tractusx-connector/values.yaml +++ b/charts/tractusx-connector/values.yaml @@ -1,8 +1,8 @@ ################################################################################# -# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023,2024 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -26,38 +26,47 @@ # Declare variables to be passed into your templates. install: + # -- Deploying a PostgreSQL instance postgresql: true + # -- Deploying a HashiCorp Vault instance vault: true + fullnameOverride: "" nameOverride: "" + # -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) imagePullSecrets: [] -# -- To add some custom labels +# -- Add some custom labels customLabels: {} participant: # -- BPN Number id: "BPNLCHANGEME" - iatp: - # Decentralized IDentifier + # -- Decentralized IDentifier (DID) of the connector id: "did:web:changeme" # -- Configures the trusted issuers for this runtime trustedIssuers: [] sts: dim: + # -- URL where connectors can request SI tokens url: oauth: + # -- URL where connectors can request OAuth2 access tokens for DIM access token_url: client: + # -- Client ID for requesting OAuth2 access token for DIM access id: + # -- Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access secret_alias: +# -- Add custom ca certificates to the truststore +customCaCerts: {} controlplane: image: - # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically + # -- Which derivate of the control plane to use. When left empty the deployment will select the correct image automatically repository: "" # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use pullPolicy: IfNotPresent @@ -65,9 +74,13 @@ controlplane: tag: "" initContainers: [] debug: + # -- Enables java debugging mode. enabled: false + # -- Port where the debuggee can connect to. port: 1044 + # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port. suspendOnStart: false + livenessProbe: # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) enabled: true @@ -94,6 +107,7 @@ controlplane: failureThreshold: 6 # -- number of consecutive successes for the probe to be considered successful after having failed successThreshold: 1 + # -- endpoints of the control plane endpoints: # -- default api for health checks, should not be added to any ingress @@ -108,7 +122,7 @@ controlplane: port: 8081 # -- path for incoming api calls path: /management - # -- authentication key, must be attached to each 'X-Api-Key' request header + # -- authentication key, must be attached to each request as `X-Api-Key` header authKey: "password" # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not control: @@ -134,10 +148,10 @@ controlplane: agreementValidation: true bdrs: - # time that a cached BPN/DID resolution map is valid in seconds, default is 10 min + # -- Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) cache_validity_seconds: 600 server: - # URL of the BPN/DID Resolution Service - required: + # -- URL of the BPN/DID Resolution Service url: service: @@ -179,11 +193,12 @@ controlplane: runAsNonRoot: true # -- The container's process will run with the specified uid runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods + + # -- Extra environment variables that will be pass onto deployment pods env: {} # ENV_NAME: value - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. + # -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core envValueFrom: {} # ENV_NAME: @@ -194,12 +209,12 @@ controlplane: # name: secret-name # key: value_key - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from + # -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from envSecretNames: [] # - first-secret # - second-secret - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from + # -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from envConfigMapNames: [] # - first-config-map # - second-config-map @@ -253,19 +268,27 @@ controlplane: issuer: "" # -- If preset enables certificate generation via cert-manager cluster-wide issuer clusterIssuer: "" + # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container volumeMounts: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: + # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container resources: limits: + # -- Maximum CPU limit cpu: 1.5 + # -- Maximum memory limit memory: 512Mi requests: + # -- Initial CPU request cpu: 500m + # -- Initial memory request memory: 512Mi + replicaCount: 1 + autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) enabled: false @@ -277,6 +300,7 @@ controlplane: targetCPUUtilizationPercentage: 80 # -- targetAverageUtilization of memory provided to a pod targetMemoryUtilizationPercentage: 80 + # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics opentelemetry: |- otel.javaagent.enabled=false @@ -289,19 +313,18 @@ controlplane: java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter java.util.logging.ConsoleHandler.level=ALL java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes + + # -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes + # -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on + # -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on affinity: {} + url: # -- Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) protocol: "" -# -- Add custom ca certificates to the truststore -customCaCerts: {} - dataplane: image: # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically @@ -312,9 +335,13 @@ dataplane: tag: "" initContainers: [] debug: + # -- Enables java debugging mode. enabled: false + # -- Port where the debuggee can connect to. port: 1044 + # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port. suspendOnStart: false + livenessProbe: # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) enabled: true @@ -341,6 +368,7 @@ dataplane: failureThreshold: 6 # -- number of consecutive successes for the probe to be considered successful after having failed successThreshold: 1 + service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. type: ClusterIP @@ -349,41 +377,57 @@ dataplane: # -- additional annotations for the service annotations: {} + # -- endpoints of the dataplane endpoints: + # -- default api for health checks, should not be added to any ingress default: + # -- port for incoming api calls port: 8080 + # -- path for incoming api calls path: /api + # -- public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. public: + # -- port for incoming api calls port: 8081 + # -- path for incoming api calls path: /api/public control: port: 8084 path: /api/control proxy: + # -- port for incoming api calls port: 8186 + # -- path for incoming api calls path: /proxy + # -- authentication key, must be attached to each request as `X-Api-Key` header authKey: "password" + # -- metrics api, used for application metrics, must not be internet facing metrics: + # -- port for incoming api calls port: 9090 + # -- path for incoming api calls path: /metrics token: refresh: + # -- TTL in seconds for access tokens (also known as EDR token) expiry_seconds: 300 + # -- Tolerance for token expiry in seconds expiry_tolerance_seconds: 10 - # optional URL that can be provided where clients go to refresh tokens. + # -- Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` refresh_endpoint: signer: - # alias under which the private key is stored in the vault (JWK or PEM format) + # -- Alias under which the private key (JWK or PEM format) is stored in the vault privatekey_alias: verifier: - # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + # -- Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` publickey_alias: aws: endpointOverride: "" accessKeyId: "" secretAccessKey: "" + # -- additional labels for the pod podLabels: {} # -- additional annotations for the pod @@ -399,7 +443,7 @@ dataplane: runAsGroup: 10001 # -- The owner for volumes and any files created within volumes will belong to this guid fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod + # -- The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod securityContext: capabilities: # -- Specifies which capabilities to drop to reduce syscall attack surface @@ -415,11 +459,12 @@ dataplane: runAsNonRoot: true # -- The container's process will run with the specified uid runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods + + # -- Extra environment variables that will be pass onto deployment pods env: {} # ENV_NAME: value - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. + # -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core envValueFrom: {} # ENV_NAME: @@ -430,12 +475,12 @@ dataplane: # name: secret-name # key: value_key - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from + # -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from envSecretNames: [] # - first-secret # - second-secret - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from + # -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from envConfigMapNames: [] # - first-config-map # - second-config-map @@ -465,19 +510,27 @@ dataplane: issuer: "" # -- If preset enables certificate generation via cert-manager cluster-wide issuer clusterIssuer: "" + # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container volumeMounts: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: + # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container resources: limits: + # -- Maximum CPU limit cpu: 1.5 + # -- Maximum memory limit memory: 1024Mi requests: + # -- Initial CPU request cpu: 500m + # -- Initial memory request memory: 1024Mi + replicaCount: 1 + autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) enabled: false @@ -489,6 +542,7 @@ dataplane: targetCPUUtilizationPercentage: 80 # -- targetAverageUtilization of memory provided to a pod targetMemoryUtilizationPercentage: 80 + # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics opentelemetry: |- otel.javaagent.enabled=false @@ -501,15 +555,17 @@ dataplane: java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter java.util.logging.ConsoleHandler.level=ALL java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes + + # -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes + # -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on + # -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on affinity: {} url: # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) public: "" + postgresql: jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" primary: @@ -522,6 +578,7 @@ postgresql: database: "edc" username: "user" password: "password" + vault: injector: enabled: false @@ -556,11 +613,11 @@ networkPolicy: - namespaceSelector: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) From 341bd6a04d3518c63825bfceb841dce78dd2c8c3 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 12:17:50 +0200 Subject: [PATCH 06/20] Remove value `businessPartnerValidation.log.agreementValidation` --- charts/tractusx-connector-azure-vault/README.md | 1 - charts/tractusx-connector-azure-vault/values.yaml | 4 ---- charts/tractusx-connector-memory/README.md | 1 - charts/tractusx-connector-memory/values.yaml | 3 --- charts/tractusx-connector/README.md | 1 - charts/tractusx-connector/values.yaml | 4 ---- 6 files changed, 14 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index 5e145edcd..dc4adfdd7 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -74,7 +74,6 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | | controlplane.bdrs.cache_validity_seconds | int | `600` | Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) | | controlplane.bdrs.server.url | string | `nil` | URL of the BPN/DID Resolution Service | -| controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` | | | controlplane.debug.enabled | bool | `false` | Enables java debugging mode. | | controlplane.debug.port | int | `1044` | Port where the debuggee can connect to. | | controlplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | diff --git a/charts/tractusx-connector-azure-vault/values.yaml b/charts/tractusx-connector-azure-vault/values.yaml index f7cd0e6c9..ce1dd8962 100644 --- a/charts/tractusx-connector-azure-vault/values.yaml +++ b/charts/tractusx-connector-azure-vault/values.yaml @@ -141,10 +141,6 @@ controlplane: # -- path for incoming api calls path: /metrics - businessPartnerValidation: - log: - agreementValidation: true - bdrs: # -- Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) cache_validity_seconds: 600 diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index fbdda8ef2..9066ba48d 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -75,7 +75,6 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | | runtime.bdrs.cache_validity_seconds | int | `600` | Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) | | runtime.bdrs.server.url | string | `nil` | URL of the BPN/DID Resolution Service | -| runtime.businessPartnerValidation.log.agreementValidation | bool | `true` | | | runtime.debug.enabled | bool | `false` | Enables java debugging mode. | | runtime.debug.port | int | `1044` | Port where the debuggee can connect to. | | runtime.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | diff --git a/charts/tractusx-connector-memory/values.yaml b/charts/tractusx-connector-memory/values.yaml index d66e88761..4d173d98b 100644 --- a/charts/tractusx-connector-memory/values.yaml +++ b/charts/tractusx-connector-memory/values.yaml @@ -144,9 +144,6 @@ runtime: # -- authentication key, must be attached to each request as `X-Api-Key` header authKey: "password" - businessPartnerValidation: - log: - agreementValidation: true token: refresh: # -- TTL in seconds for access tokens (also known as EDR token) diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index a551da2d0..15d12b2db 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -71,7 +71,6 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | | controlplane.bdrs.cache_validity_seconds | int | `600` | Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) | | controlplane.bdrs.server.url | string | `nil` | URL of the BPN/DID Resolution Service | -| controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` | | | controlplane.debug.enabled | bool | `false` | Enables java debugging mode. | | controlplane.debug.port | int | `1044` | Port where the debuggee can connect to. | | controlplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | diff --git a/charts/tractusx-connector/values.yaml b/charts/tractusx-connector/values.yaml index 9e9f4051f..f1b47bdcd 100644 --- a/charts/tractusx-connector/values.yaml +++ b/charts/tractusx-connector/values.yaml @@ -143,10 +143,6 @@ controlplane: # -- path for incoming api calls path: /metrics - businessPartnerValidation: - log: - agreementValidation: true - bdrs: # -- Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) cache_validity_seconds: 600 From 3a9ce8dfaef004293f947b5a3164276316fcdd00 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 12:19:03 +0200 Subject: [PATCH 07/20] Remove helm-docs version from README.md footer Removing this avoids changing README.md files if someone uses a different version. --- charts/tractusx-connector-azure-vault/README.md | 2 +- charts/tractusx-connector-azure-vault/README.md.gotmpl | 3 ++- charts/tractusx-connector-memory/README.md | 2 +- charts/tractusx-connector-memory/README.md.gotmpl | 3 ++- charts/tractusx-connector/README.md | 2 +- charts/tractusx-connector/README.md.gotmpl | 3 ++- 6 files changed, 9 insertions(+), 6 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index dc4adfdd7..1336f7a5a 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -288,4 +288,4 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | vault.azure.tenant | string | `""` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) \ No newline at end of file diff --git a/charts/tractusx-connector-azure-vault/README.md.gotmpl b/charts/tractusx-connector-azure-vault/README.md.gotmpl index cb5cc10e6..635b1dd43 100644 --- a/charts/tractusx-connector-azure-vault/README.md.gotmpl +++ b/charts/tractusx-connector-azure-vault/README.md.gotmpl @@ -60,4 +60,5 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version {{ {{ template "chart.valuesSection" . }} -{{ template "helm-docs.versionFooter" . }} +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) \ No newline at end of file diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index 9066ba48d..0450267b2 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -183,4 +183,4 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | vault.server.postStart | string | `""` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) \ No newline at end of file diff --git a/charts/tractusx-connector-memory/README.md.gotmpl b/charts/tractusx-connector-memory/README.md.gotmpl index fd4b05c2c..72a72b292 100644 --- a/charts/tractusx-connector-memory/README.md.gotmpl +++ b/charts/tractusx-connector-memory/README.md.gotmpl @@ -57,4 +57,5 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version {{ .Ver {{ template "chart.valuesSection" . }} -{{ template "helm-docs.versionFooter" . }} +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) \ No newline at end of file diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index 15d12b2db..884cfdb1a 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -297,4 +297,4 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | vault.server.postStart | string | `nil` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) diff --git a/charts/tractusx-connector/README.md.gotmpl b/charts/tractusx-connector/README.md.gotmpl index 05b0f0f93..de3ef9149 100644 --- a/charts/tractusx-connector/README.md.gotmpl +++ b/charts/tractusx-connector/README.md.gotmpl @@ -56,4 +56,5 @@ helm install my-release tractusx-edc/tractusx-connector --version {{ .Version }} {{ template "chart.valuesSection" . }} -{{ template "helm-docs.versionFooter" . }} +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) From 3bbf6ed152410fdde3216f041a0ec8ddf5f921a5 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 12:19:37 +0200 Subject: [PATCH 08/20] Remove unnecessary values from memory chart --- charts/tractusx-connector-memory/README.md | 2 -- charts/tractusx-connector-memory/values.yaml | 6 ++---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index 0450267b2..565553971 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -54,7 +54,6 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | Key | Type | Default | Description | |-----|------|---------|-------------| -| backendService.httpProxyTokenReceiverUrl | string | `"https://example.com"` | Specifies a backend service which will receive the EDR | | customCaCerts | object | `{}` | Add custom ca certificates to the truststore | | customLabels | object | `{}` | Add some custom labels | | fullnameOverride | string | `""` | | @@ -170,7 +169,6 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes | | runtime.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | | runtime.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | -| runtime.url.readiness | string | `""` | | | runtime.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | | runtime.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | diff --git a/charts/tractusx-connector-memory/values.yaml b/charts/tractusx-connector-memory/values.yaml index 4d173d98b..abbb3f651 100644 --- a/charts/tractusx-connector-memory/values.yaml +++ b/charts/tractusx-connector-memory/values.yaml @@ -335,15 +335,13 @@ runtime: protocol: "" # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) public: "" - readiness: "" + vault: # secrets can be seeded by supplying them in a semicolon separated list key1:secret2;key2:secret2 secrets: "" server: postStart: |- -backendService: - # -- Specifies a backend service which will receive the EDR - httpProxyTokenReceiverUrl: "https://example.com" + serviceAccount: # -- Specifies whether a service account should be created create: true From 6efa437bfa88f3b1e3e2675ecb09d6fca64d3a6e Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 12:40:10 +0200 Subject: [PATCH 09/20] fix merge conflict left overs --- charts/tractusx-connector-azure-vault/README.md | 7 ++----- charts/tractusx-connector-memory/README.md | 5 +++-- charts/tractusx-connector/README.md | 5 +---- 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index 1336f7a5a..5d0f776cc 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -173,16 +173,13 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.debug.enabled | bool | `false` | Enables java debugging mode. | | dataplane.debug.port | int | `1044` | Port where the debuggee can connect to. | | dataplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | -| dataplane.endpoints | object | `{"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081},"signaling":{"path":"/api/signaling","port":8083}}` | endpoints of the dataplane | -| dataplane.endpoints.control.path | string | `"/api/control"` | | -| dataplane.endpoints.control.port | int | `8084` | | +| dataplane.endpoints | object | `{"control":{"path":"/api/control","port":8084},"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081}}` | endpoints of the dataplane | | dataplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | | dataplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | | dataplane.endpoints.default.port | int | `8080` | port for incoming api calls | | dataplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | | dataplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | | dataplane.endpoints.metrics.port | int | `9090` | port for incoming api calls | -| dataplane.endpoints.proxy | object | `{"authKey":"password","path":"/proxy","port":8186}` | proxy API | | dataplane.endpoints.proxy.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | | dataplane.endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls | | dataplane.endpoints.proxy.port | int | `8186` | port for incoming api calls | @@ -285,7 +282,7 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | vault.azure.client | string | `nil` | | | vault.azure.name | string | `""` | | | vault.azure.secret | string | `nil` | | -| vault.azure.tenant | string | `""` | | +| vault.azure.tenant | string | `nil` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) \ No newline at end of file diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index 565553971..39f134aca 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -77,7 +77,7 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.debug.enabled | bool | `false` | Enables java debugging mode. | | runtime.debug.port | int | `1044` | Port where the debuggee can connect to. | | runtime.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | -| runtime.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084},"proxy":{"path":"/proxy","port":8186},"public":{"path":"/api/public","port":8086},"signaling":{"path":"/api/signaling","port":8087}}` | endpoints of the controlplane | +| runtime.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8086}}` | endpoints of the controlplane | | runtime.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | | runtime.endpoints.control.path | string | `"/control"` | path for incoming api calls | | runtime.endpoints.control.port | int | `8083` | port for incoming api calls | @@ -91,7 +91,8 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | | runtime.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | | runtime.endpoints.protocol.port | int | `8084` | port for incoming api calls | -| runtime.endpoints.proxy | object | `{"path":"/proxy","port":8186}` | proxy API | +| runtime.endpoints.proxy | object | `{"authKey":"password","path":"/proxy","port":8186}` | proxy API | +| runtime.endpoints.proxy.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | | runtime.endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls | | runtime.endpoints.proxy.port | int | `8186` | port for incoming api calls | | runtime.endpoints.public | object | `{"path":"/api/public","port":8086}` | public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. | diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index 884cfdb1a..7c7697e99 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -174,16 +174,13 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | dataplane.debug.enabled | bool | `false` | Enables java debugging mode. | | dataplane.debug.port | int | `1044` | Port where the debuggee can connect to. | | dataplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | -| dataplane.endpoints | object | `{"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081},"signaling":{"path":"/api/signaling","port":8083}}` | endpoints of the dataplane | -| dataplane.endpoints.control.path | string | `"/api/control"` | | -| dataplane.endpoints.control.port | int | `8084` | | +| dataplane.endpoints | object | `{"control":{"path":"/api/control","port":8084},"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081}}` | endpoints of the dataplane | | dataplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | | dataplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | | dataplane.endpoints.default.port | int | `8080` | port for incoming api calls | | dataplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | | dataplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | | dataplane.endpoints.metrics.port | int | `9090` | port for incoming api calls | -| dataplane.endpoints.proxy | object | `{"authKey":"password","path":"/proxy","port":8186}` | proxy API | | dataplane.endpoints.proxy.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | | dataplane.endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls | | dataplane.endpoints.proxy.port | int | `8186` | port for incoming api calls | From f3dd294517b7513bf83313f39406326a7604e8d4 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 12:58:22 +0200 Subject: [PATCH 10/20] fix broken indentations --- charts/tractusx-connector-azure-vault/README.md | 11 +++++++++-- .../templates/service-controlplane.yaml | 6 +++--- .../templates/service-dataplane.yaml | 6 +++--- charts/tractusx-connector-azure-vault/values.yaml | 9 ++++++++- .../templates/service-dataplane.yaml | 6 +++--- 5 files changed, 26 insertions(+), 12 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index 5d0f776cc..2439cb153 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -146,6 +146,10 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | controlplane.replicaCount | int | `1` | | | controlplane.resources | object | `{"limits":{"cpu":1.5,"memory":"512Mi"},"requests":{"cpu":"500m","memory":"512Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| controlplane.resources.limits.cpu | float | `1.5` | Maximum CPU limit | +| controlplane.resources.limits.memory | string | `"512Mi"` | Maximum memory limit | +| controlplane.resources.requests.cpu | string | `"500m"` | Initial CPU request | +| controlplane.resources.requests.memory | string | `"512Mi"` | Initial memory request | | controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | @@ -173,7 +177,10 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.debug.enabled | bool | `false` | Enables java debugging mode. | | dataplane.debug.port | int | `1044` | Port where the debuggee can connect to. | | dataplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | -| dataplane.endpoints | object | `{"control":{"path":"/api/control","port":8084},"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081}}` | endpoints of the dataplane | +| dataplane.endpoints | object | `{"control":{"path":"/control","port":8084},"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081}}` | endpoints of the dataplane | +| dataplane.endpoints.control | object | `{"path":"/control","port":8084}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | +| dataplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | +| dataplane.endpoints.control.port | int | `8084` | port for incoming api calls | | dataplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | | dataplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | | dataplane.endpoints.default.port | int | `8080` | port for incoming api calls | @@ -285,4 +292,4 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | vault.azure.tenant | string | `nil` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) \ No newline at end of file +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) diff --git a/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml index 5a5203f90..bf0a83cea 100644 --- a/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml @@ -33,9 +33,9 @@ metadata: {{- end }} labels: {{- include "txdc.controlplane.labels" . | nindent 4 }} - {{- with .Values.controlplane.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} + {{- with .Values.controlplane.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.controlplane.service.type }} ports: diff --git a/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml index 4733613b8..6700191a8 100644 --- a/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml @@ -30,9 +30,9 @@ metadata: {{- end }} labels: {{- include "txdc.dataplane.labels" . | nindent 4 }} - {{- with .Values.dataplane.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} + {{- with .Values.dataplane.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.dataplane.service.type }} ports: diff --git a/charts/tractusx-connector-azure-vault/values.yaml b/charts/tractusx-connector-azure-vault/values.yaml index ce1dd8962..ec472d3be 100644 --- a/charts/tractusx-connector-azure-vault/values.yaml +++ b/charts/tractusx-connector-azure-vault/values.yaml @@ -271,10 +271,14 @@ controlplane: # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container resources: limits: + # -- Maximum CPU limit cpu: 1.5 + # -- Maximum memory limit memory: 512Mi requests: + # -- Initial CPU request cpu: 500m + # -- Initial memory request memory: 512Mi replicaCount: 1 @@ -381,9 +385,12 @@ dataplane: port: 8081 # -- path for incoming api calls path: /api/public + # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not control: + # -- port for incoming api calls port: 8084 - path: /api/control + # -- path for incoming api calls + path: /control proxy: # -- port for incoming api calls port: 8186 diff --git a/charts/tractusx-connector/templates/service-dataplane.yaml b/charts/tractusx-connector/templates/service-dataplane.yaml index dcd198497..6b6e35a70 100644 --- a/charts/tractusx-connector/templates/service-dataplane.yaml +++ b/charts/tractusx-connector/templates/service-dataplane.yaml @@ -33,9 +33,9 @@ metadata: {{- end }} labels: {{- include "txdc.dataplane.labels" . | nindent 4 }} - {{- with .Values.dataplane.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} + {{- with .Values.dataplane.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.dataplane.service.type }} ports: From fe88bbb1e523e99cb1ad78469617253bba8bb5b9 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 12:59:10 +0200 Subject: [PATCH 11/20] add documentation about control api --- charts/tractusx-connector/README.md | 3 +++ charts/tractusx-connector/values.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index 7c7697e99..d030c7396 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -175,6 +175,9 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | dataplane.debug.port | int | `1044` | Port where the debuggee can connect to. | | dataplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | | dataplane.endpoints | object | `{"control":{"path":"/api/control","port":8084},"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081}}` | endpoints of the dataplane | +| dataplane.endpoints.control | object | `{"path":"/api/control","port":8084}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | +| dataplane.endpoints.control.path | string | `"/api/control"` | path for incoming api calls | +| dataplane.endpoints.control.port | int | `8084` | port for incoming api calls | | dataplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | | dataplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | | dataplane.endpoints.default.port | int | `8080` | port for incoming api calls | diff --git a/charts/tractusx-connector/values.yaml b/charts/tractusx-connector/values.yaml index f1b47bdcd..81476863f 100644 --- a/charts/tractusx-connector/values.yaml +++ b/charts/tractusx-connector/values.yaml @@ -387,8 +387,11 @@ dataplane: port: 8081 # -- path for incoming api calls path: /api/public + # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not control: + # -- port for incoming api calls port: 8084 + # -- path for incoming api calls path: /api/control proxy: # -- port for incoming api calls From f5708cd66ae8056d70f18a516cee80d2f0f8b842 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 13:00:07 +0200 Subject: [PATCH 12/20] fix missing empty line at EOF --- charts/tractusx-connector-azure-vault/README.md.gotmpl | 2 +- charts/tractusx-connector-memory/README.md | 2 +- charts/tractusx-connector-memory/README.md.gotmpl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/README.md.gotmpl b/charts/tractusx-connector-azure-vault/README.md.gotmpl index 635b1dd43..352cd8f13 100644 --- a/charts/tractusx-connector-azure-vault/README.md.gotmpl +++ b/charts/tractusx-connector-azure-vault/README.md.gotmpl @@ -61,4 +61,4 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version {{ {{ template "chart.valuesSection" . }} ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) \ No newline at end of file +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index 39f134aca..6aead99c2 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -182,4 +182,4 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | vault.server.postStart | string | `""` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) \ No newline at end of file +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) diff --git a/charts/tractusx-connector-memory/README.md.gotmpl b/charts/tractusx-connector-memory/README.md.gotmpl index 72a72b292..3484c4f84 100644 --- a/charts/tractusx-connector-memory/README.md.gotmpl +++ b/charts/tractusx-connector-memory/README.md.gotmpl @@ -58,4 +58,4 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version {{ .Ver {{ template "chart.valuesSection" . }} ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) \ No newline at end of file +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) From 24ab797682b24435860fc4afc6bd8c29c9e7585f Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 13:01:31 +0200 Subject: [PATCH 13/20] update copyright --- .../templates/networkpolicy.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml b/charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml index 890414678..183af9b48 100644 --- a/charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml +++ b/charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml @@ -1,5 +1,6 @@ ################################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2024 ZF Friedrichshafen AG +# Copyright (c) 2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -17,7 +18,6 @@ # SPDX-License-Identifier: Apache-2.0 ################################################################################# - {{- if eq (.Values.networkPolicy.enabled | toString) "true" }} {{- range tuple "controlplane" "dataplane" }} {{- $name := . }} From 93f6fe7a5610a2893f93144cb2f3386068e928a8 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 13:02:55 +0200 Subject: [PATCH 14/20] update test deployment values --- .../helm/tractusx-connector-azure-vault-test.yaml | 2 -- .../resources/helm/tractusx-connector-memory-test.yaml | 2 -- .../src/main/resources/helm/tractusx-connector-test.yaml | 9 --------- 3 files changed, 13 deletions(-) diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml index 8b4bc3153..deed97dce 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml @@ -86,7 +86,5 @@ vault: certificate: server: postStart: -backendService: - httpProxyTokenReceiverUrl: "http://backend:8080" tests: hookDeletePolicy: before-hook-creation diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml index 78d4145d5..2953caf29 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml @@ -55,7 +55,5 @@ runtime: privatekey_alias: "key-1" verifier: publickey_alias: "key-1" -backendService: - httpProxyTokenReceiverUrl: "http://backend:8080" tests: hookDeletePolicy: before-hook-creation diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml index dcca56781..410a656f4 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml @@ -36,15 +36,6 @@ iatp: id: "test-client-id" secret_alias: "test-alias" controlplane: - # the ssi object is still needed for the upgradeability test - # todo: remove this after 0.7.0 is released - ssi: - miw: - url: "http://localhost:8080" - authorityId: "authorityId" - oauth: - client: - secretAlias: "client-secret" service: type: NodePort endpoints: From e127e8779d231e21e8c22e9d1b68daf5cbea811c Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 13:10:26 +0200 Subject: [PATCH 15/20] remove usage of `businessPartnerValidation.log.agreementValidation` --- .../templates/deployment-controlplane.yaml | 8 -------- .../templates/deployment-runtime.yaml | 6 ------ .../templates/deployment-controlplane.yaml | 6 ------ 3 files changed, 20 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml index e11a13042..235873db8 100644 --- a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml @@ -322,14 +322,6 @@ spec: value: {{ .Values.vault.azure.certificate | quote }} {{- end }} - - - ########################### - ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ## - ########################### - - name: "TRACTUSX_BUSINESSPARTNERVALIDATION_LOG_AGREEMENT_VALIDATION" - value: {{ .Values.controlplane.businessPartnerValidation.log.agreementValidation | quote }} - ###################################### ## Additional environment variables ## ###################################### diff --git a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml index 91dfb5993..9aeb8bc8c 100644 --- a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml +++ b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml @@ -280,12 +280,6 @@ spec: - name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT" value: "0" - ########################### - ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ## - ########################### - - name: "TRACTUSX_BUSINESSPARTNERVALIDATION_LOG_AGREEMENT_VALIDATION" - value: {{ .Values.runtime.businessPartnerValidation.log.agreementValidation | quote }} - ###################################### ## Additional environment variables ## ###################################### diff --git a/charts/tractusx-connector/templates/deployment-controlplane.yaml b/charts/tractusx-connector/templates/deployment-controlplane.yaml index fb7450841..1ad865f77 100644 --- a/charts/tractusx-connector/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector/templates/deployment-controlplane.yaml @@ -319,12 +319,6 @@ spec: - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" value: {{ .Values.vault.hashicorp.paths.health | quote }} - ########################### - ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ## - ########################### - - name: "TRACTUSX_BUSINESSPARTNERVALIDATION_LOG_AGREEMENT_VALIDATION" - value: {{ .Values.controlplane.businessPartnerValidation.log.agreementValidation | quote }} - ###################################### ## Additional environment variables ## ###################################### From f15fcab3e3fe42dbbeefaf05fbcb227907837901 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 13:15:16 +0200 Subject: [PATCH 16/20] update dependency file --- DEPENDENCIES | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 2f32d9cbc..6fc4710ef 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -108,6 +108,7 @@ maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.28, Apache-2.0, approved, clea maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.30.2, Apache-2.0, approved, clearlydefined maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701 maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.39.1, Apache-2.0, approved, #14830 +maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.39.3, Apache-2.0, approved, #14830 maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/10.7.1, Apache-2.0, approved, clearlydefined maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/11.9.1, Apache-2.0, approved, #12667 maven/mavencentral/com.puppycrawl.tools/checkstyle/10.17.0, , restricted, clearlydefined @@ -546,7 +547,7 @@ maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.21, EPL-2.0 OR Apache-2.0, maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.flywaydb/flyway-core/10.13.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.flywaydb/flyway-database-postgresql/10.13.0, , restricted, clearlydefined +maven/mavencentral/org.flywaydb/flyway-database-postgresql/10.13.0, NOASSERTION, restricted, clearlydefined maven/mavencentral/org.glassfish.hk2.external/aopalliance-repackaged/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish maven/mavencentral/org.glassfish.hk2/hk2-api/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish maven/mavencentral/org.glassfish.hk2/hk2-locator/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish From cb529eaa9a5686a318bcc856631fc5aa8cbe2eac Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Fri, 31 May 2024 15:26:32 +0200 Subject: [PATCH 17/20] fix wrong require --- .../templates/deployment-controlplane.yaml | 2 +- .../templates/deployment-dataplane.yaml | 2 +- .../tractusx-connector-memory/templates/deployment-runtime.yaml | 2 +- .../tractusx-connector/templates/deployment-controlplane.yaml | 2 +- charts/tractusx-connector/templates/deployment-dataplane.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml index 235873db8..5063014ba 100644 --- a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml @@ -272,7 +272,7 @@ spec: ## IATP / STS / DIM CONFIG ## ############################# - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" - value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}} + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml index 6e56595cb..298d66c0e 100644 --- a/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml @@ -214,7 +214,7 @@ spec: ## IATP / STS / DIM CONFIG ## ############################# - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" - value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}} + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" diff --git a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml index 9aeb8bc8c..0b56902dc 100644 --- a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml +++ b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml @@ -203,7 +203,7 @@ spec: ## IATP / STS / DIM CONFIG ## ############################# - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" - value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}} + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" diff --git a/charts/tractusx-connector/templates/deployment-controlplane.yaml b/charts/tractusx-connector/templates/deployment-controlplane.yaml index 1ad865f77..07e555239 100644 --- a/charts/tractusx-connector/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector/templates/deployment-controlplane.yaml @@ -273,7 +273,7 @@ spec: ## IATP / STS / DIM CONFIG ## ############################# - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" - value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}} + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" diff --git a/charts/tractusx-connector/templates/deployment-dataplane.yaml b/charts/tractusx-connector/templates/deployment-dataplane.yaml index 48dbb24b7..d84c9fc83 100644 --- a/charts/tractusx-connector/templates/deployment-dataplane.yaml +++ b/charts/tractusx-connector/templates/deployment-dataplane.yaml @@ -210,7 +210,7 @@ spec: ## IATP / STS / DIM CONFIG ## ############################# - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" - value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}} + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" From 371c3f6aee9d43314287a5692134cea2b0c38e10 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Mon, 10 Jun 2024 05:47:31 +0200 Subject: [PATCH 18/20] Remove unnecessary if statement for required value --- .../templates/deployment-controlplane.yaml | 2 -- .../tractusx-connector-memory/templates/deployment-runtime.yaml | 2 -- .../tractusx-connector/templates/deployment-controlplane.yaml | 2 -- 3 files changed, 6 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml index 5063014ba..17d3dbdec 100644 --- a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml @@ -289,10 +289,8 @@ spec: ## BDRS CLIENT ## ################# - {{- if .Values.controlplane.bdrs.server.url }} - name: "TX_IAM_IATP_BDRS_SERVER_URL" value: {{ .Values.controlplane.bdrs.server.url | required ".Values.controlplane.bdrs.server.url is required" | quote }} - {{- end }} {{- if .Values.controlplane.bdrs.cache_validity_seconds }} - name: "TX_IAM_IATP_BDRS_CACHE_VALIDITY" value: {{ .Values.controlplane.bdrs.cache_validity_seconds | quote}} diff --git a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml index 0b56902dc..b63a6ff80 100644 --- a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml +++ b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml @@ -220,10 +220,8 @@ spec: ## BDRS CLIENT ## ################# - {{- if .Values.runtime.bdrs.server.url }} - name: "TX_IAM_IATP_BDRS_SERVER_URL" value: {{ .Values.runtime.bdrs.server.url | required ".Values.runtime.bdrs.server.url is required" | quote }} - {{- end }} {{- if .Values.runtime.bdrs.cache_validity_seconds }} - name: "TX_IAM_IATP_BDRS_CACHE_VALIDITY" value: {{ .Values.runtime.bdrs.cache_validity_seconds | quote}} diff --git a/charts/tractusx-connector/templates/deployment-controlplane.yaml b/charts/tractusx-connector/templates/deployment-controlplane.yaml index 07e555239..9cf9e6c4b 100644 --- a/charts/tractusx-connector/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector/templates/deployment-controlplane.yaml @@ -290,10 +290,8 @@ spec: ## BDRS CLIENT ## ################# - {{- if .Values.controlplane.bdrs.server.url }} - name: "TX_IAM_IATP_BDRS_SERVER_URL" value: {{ .Values.controlplane.bdrs.server.url | required ".Values.controlplane.bdrs.server.url is required" | quote }} - {{- end }} {{- if .Values.controlplane.bdrs.cache_validity_seconds }} - name: "TX_IAM_IATP_BDRS_CACHE_VALIDITY" value: {{ .Values.controlplane.bdrs.cache_validity_seconds | quote}} From e093a742792ca227c404a433dd82b673ac72ef1d Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Tue, 11 Jun 2024 15:53:24 +0200 Subject: [PATCH 19/20] Use similar memory values for control and dataplane --- charts/tractusx-connector-azure-vault/values.yaml | 4 ++-- charts/tractusx-connector-memory/values.yaml | 4 ++-- charts/tractusx-connector/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/values.yaml b/charts/tractusx-connector-azure-vault/values.yaml index ec472d3be..702d448e7 100644 --- a/charts/tractusx-connector-azure-vault/values.yaml +++ b/charts/tractusx-connector-azure-vault/values.yaml @@ -274,12 +274,12 @@ controlplane: # -- Maximum CPU limit cpu: 1.5 # -- Maximum memory limit - memory: 512Mi + memory: 1024Mi requests: # -- Initial CPU request cpu: 500m # -- Initial memory request - memory: 512Mi + memory: 1024Mi replicaCount: 1 diff --git a/charts/tractusx-connector-memory/values.yaml b/charts/tractusx-connector-memory/values.yaml index abbb3f651..c7c4ad63b 100644 --- a/charts/tractusx-connector-memory/values.yaml +++ b/charts/tractusx-connector-memory/values.yaml @@ -293,12 +293,12 @@ runtime: # -- Maximum CPU limit cpu: 1.5 # -- Maximum memory limit - memory: 512Mi + memory: 1024Mi requests: # -- Initial CPU request cpu: 500m # -- Initial memory request - memory: 512Mi + memory: 1024Mi replicaCount: 1 diff --git a/charts/tractusx-connector/values.yaml b/charts/tractusx-connector/values.yaml index 81476863f..48e32fda8 100644 --- a/charts/tractusx-connector/values.yaml +++ b/charts/tractusx-connector/values.yaml @@ -276,12 +276,12 @@ controlplane: # -- Maximum CPU limit cpu: 1.5 # -- Maximum memory limit - memory: 512Mi + memory: 1024Mi requests: # -- Initial CPU request cpu: 500m # -- Initial memory request - memory: 512Mi + memory: 1024Mi replicaCount: 1 From 174e6ef3b59543a1284cdca50ccc28f8b24968a2 Mon Sep 17 00:00:00 2001 From: "Florian Rusch (ZF Friedrichshafen AG)" Date: Tue, 11 Jun 2024 16:02:31 +0200 Subject: [PATCH 20/20] Regenerate README.md's --- charts/tractusx-connector-azure-vault/README.md | 6 +++--- charts/tractusx-connector-memory/README.md | 6 +++--- charts/tractusx-connector/README.md | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index 2439cb153..4f108db82 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -145,11 +145,11 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | controlplane.replicaCount | int | `1` | | -| controlplane.resources | object | `{"limits":{"cpu":1.5,"memory":"512Mi"},"requests":{"cpu":"500m","memory":"512Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| controlplane.resources | object | `{"limits":{"cpu":1.5,"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"1024Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | | controlplane.resources.limits.cpu | float | `1.5` | Maximum CPU limit | -| controlplane.resources.limits.memory | string | `"512Mi"` | Maximum memory limit | +| controlplane.resources.limits.memory | string | `"1024Mi"` | Maximum memory limit | | controlplane.resources.requests.cpu | string | `"500m"` | Initial CPU request | -| controlplane.resources.requests.memory | string | `"512Mi"` | Initial memory request | +| controlplane.resources.requests.memory | string | `"1024Mi"` | Initial memory request | | controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index 6aead99c2..9bfd36508 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -148,11 +148,11 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.7.2 \ | runtime.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | runtime.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | runtime.replicaCount | int | `1` | | -| runtime.resources | object | `{"limits":{"cpu":1.5,"memory":"512Mi"},"requests":{"cpu":"500m","memory":"512Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| runtime.resources | object | `{"limits":{"cpu":1.5,"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"1024Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | | runtime.resources.limits.cpu | float | `1.5` | Maximum CPU limit | -| runtime.resources.limits.memory | string | `"512Mi"` | Maximum memory limit | +| runtime.resources.limits.memory | string | `"1024Mi"` | Maximum memory limit | | runtime.resources.requests.cpu | string | `"500m"` | Initial CPU request | -| runtime.resources.requests.memory | string | `"512Mi"` | Initial memory request | +| runtime.resources.requests.memory | string | `"1024Mi"` | Initial memory request | | runtime.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | runtime.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | runtime.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index d030c7396..25582a3b3 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -142,11 +142,11 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.7.2 \ | controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | controlplane.replicaCount | int | `1` | | -| controlplane.resources | object | `{"limits":{"cpu":1.5,"memory":"512Mi"},"requests":{"cpu":"500m","memory":"512Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| controlplane.resources | object | `{"limits":{"cpu":1.5,"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"1024Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | | controlplane.resources.limits.cpu | float | `1.5` | Maximum CPU limit | -| controlplane.resources.limits.memory | string | `"512Mi"` | Maximum memory limit | +| controlplane.resources.limits.memory | string | `"1024Mi"` | Maximum memory limit | | controlplane.resources.requests.cpu | string | `"500m"` | Initial CPU request | -| controlplane.resources.requests.memory | string | `"512Mi"` | Initial memory request | +| controlplane.resources.requests.memory | string | `"1024Mi"` | Initial memory request | | controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |