diff --git a/CHANGELOG.md b/CHANGELOG.md index 337293616..cdbc9da15 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,13 @@ The changelog format is based on [Keep a Changelog](https://keepachangelog.com/e ## [Unreleased] +## Added +- Substituted the old data-service that was pointing to the Catena-X NG at Home repo to the new tx umbrella simple data service + +## Deleted +- Removed all the catena-x ng references from the documentation + + ## [released] ## [v4.0.1] - 24-07-2024 diff --git a/INSTALL.md b/INSTALL.md index edd74a492..e0dbeb7b6 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -210,7 +210,7 @@ The following environment variables must be set in [build and deploy](./dpp-fron ../buildAndDeploy.sh consumer-frontend ``` -You can run the application in docker container with existing image `ghcr.io/catenax-ng/tx-digital-product-pass/digital-product-pass-frontend:latest` from GitHub packages. You need to update the [build and deploy](./buildAndDeploy.sh) script. +You can run the application in docker container with existing image `docker.io/tractusx/digital-product-pass-frontend:latest` from GitHub packages. You need to update the [build and deploy](./buildAndDeploy.sh) script. The consumer frontend is available in browser at [http://localhost:8080](http://localhost:8080) diff --git a/charts/digital-product-pass/Chart.yaml b/charts/digital-product-pass/Chart.yaml index 681a1fca2..eed5d0e3c 100644 --- a/charts/digital-product-pass/Chart.yaml +++ b/charts/digital-product-pass/Chart.yaml @@ -43,7 +43,7 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.0.1 +version: 4.0.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/digital-product-pass/values.yaml b/charts/digital-product-pass/values.yaml index 2305f612f..eec3669bf 100644 --- a/charts/digital-product-pass/values.yaml +++ b/charts/digital-product-pass/values.yaml @@ -388,7 +388,6 @@ oauth: header: "X-Api-Key" secret: "" -# Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits resources: limits: diff --git a/deployment/infrastructure/data-provider/data-service/Chart.yaml b/deployment/infrastructure/data-provider/data-service/Chart.yaml index 294900fdf..4146d451d 100644 --- a/deployment/infrastructure/data-provider/data-service/Chart.yaml +++ b/deployment/infrastructure/data-provider/data-service/Chart.yaml @@ -24,9 +24,8 @@ ################################################################################# --- apiVersion: v2 -name: data-service -description: >- - The Eclipse Dataspace Connector requires the Backend Application to transfer data using the HTTP-TransferMethod. +name: simple-data-backend +description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. # @@ -41,10 +40,18 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.1 +version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "0.0.1" + + +dependencies: + - name: "simple-data-backend" + repository: https://eclipse-tractusx.github.io/charts/dev + alias: simple-data-backend + version: 0.1.0 + condition: enabled \ No newline at end of file diff --git a/deployment/infrastructure/data-provider/data-service/README.md b/deployment/infrastructure/data-provider/data-service/README.md index b27dc16ce..f06a35868 100644 --- a/deployment/infrastructure/data-provider/data-service/README.md +++ b/deployment/infrastructure/data-provider/data-service/README.md @@ -1,74 +1,58 @@ - - -# data-service - -![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) - -The Eclipse Dataspace Connector requires the Backend Application to transfer data using the HTTP-TransferMethod. +| Repository | Name | Version | +|------------|------|---------| +| https://eclipse-tractusx.github.io/charts/dev | simple-data-backend(simple-data-backend) | 0.1.0 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | | -| container.port | int | `80` | | -| fullnameOverride | string | `"data-service"` | Overrides the releases full name | -| image.command | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| image.repository | string | `"ghcr.io/catenax-ng/catenax-at-home/provider-backend-service"` | Which container image to use | -| image.tag | string | `"0.0.1"` | Overrides the image tag whose default is the chart appVersion | -| imagePullSecrets | list | `[]` | | -| ingress.annotations."nginx.ingress.kubernetes.io/backend-protocol" | string | `"HTTP"` | | -| ingress.annotations."nginx.ingress.kubernetes.io/force-ssl-redirect" | string | `"true"` | | -| ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | | -| ingress.annotations."nginx.ingress.kubernetes.io/ssl-passthrough" | string | `"false"` | | -| ingress.className | string | `"nginx"` | | -| ingress.enabled | bool | `true` | | -| ingress.hosts[0].host | string | `"materialpass.int.demo.catena-x.net"` | | -| ingress.hosts[0].paths[0].path | string | `"/provider_backend(/|$)(.*)"` | | -| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | -| ingress.tls[0].hosts[0] | string | `"materialpass.int.demo.catena-x.net"` | | -| ingress.tls[0].secretName | string | `"tls-secret"` | | -| livenessProbe | object | `{}` | | -| nameOverride | string | `""` | Overrides the charts name | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | additional annotations for the pod | -| podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| readinessProbe | object | `{}` | | -| replicaCount | int | `1` | | -| securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| service.port | int | `8080` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service) to expose the running application on a set of Pods as a network service. | -| service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| tolerations | list | `[]` | | +| simple-data-backend.affinity | object | `{}` | | +| simple-data-backend.autoscaling.enabled | bool | `false` | | +| simple-data-backend.autoscaling.maxReplicas | int | `100` | | +| simple-data-backend.autoscaling.minReplicas | int | `1` | | +| simple-data-backend.autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| simple-data-backend.fullnameOverride | string | `"simple-data-backend"` | | +| simple-data-backend.image.pullPolicy | string | `"IfNotPresent"` | | +| simple-data-backend.image.repository | string | `"tractusx/simple-data-backend"` | | +| simple-data-backend.image.tag | string | `"latest"` | | +| simple-data-backend.imagePullSecrets | list | `[]` | | +| simple-data-backend.ingress.annotations."nginx.ingress.kubernetes.io/backend-protocol" | string | `"HTTP"` | | +| simple-data-backend.ingress.annotations."nginx.ingress.kubernetes.io/force-ssl-redirect" | string | `"true"` | | +| simple-data-backend.ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | | +| simple-data-backend.ingress.annotations."nginx.ingress.kubernetes.io/ssl-passthrough" | string | `"false"` | | +| simple-data-backend.ingress.className | string | `"nginx"` | | +| simple-data-backend.ingress.enabled | bool | `true` | | +| simple-data-backend.ingress.hosts[0].host | string | `"tx-dpp.int.catena-x.net"` | | +| simple-data-backend.ingress.hosts[0].paths[0].path | string | `"/data-service(/|$)(.*)"` | | +| simple-data-backend.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | +| simple-data-backend.ingress.tls[0].hosts[0] | string | `"tx-dpp.int.catena-x.net"` | | +| simple-data-backend.ingress.tls[0].secretName | string | `"tls-secret"` | | +| simple-data-backend.livenessProbe | object | `{}` | | +| simple-data-backend.nameOverride | string | `"simple-data-backend"` | | +| simple-data-backend.nodeSelector | object | `{}` | | +| simple-data-backend.podAnnotations | object | `{}` | | +| simple-data-backend.podSecurityContext | object | `{}` | | +| simple-data-backend.readinessProbe | object | `{}` | | +| simple-data-backend.replicaCount | int | `1` | | +| simple-data-backend.resources.limits.cpu | string | `"250m"` | | +| simple-data-backend.resources.limits.memory | string | `"512Mi"` | | +| simple-data-backend.resources.requests.cpu | string | `"50m"` | | +| simple-data-backend.resources.requests.memory | string | `"512Mi"` | | +| simple-data-backend.securityContext.allowPrivilegeEscalation | bool | `false` | | +| simple-data-backend.securityContext.runAsGroup | int | `3000` | | +| simple-data-backend.securityContext.runAsNonRoot | bool | `true` | | +| simple-data-backend.securityContext.runAsUser | int | `1000` | | +| simple-data-backend.service.port | int | `8080` | | +| simple-data-backend.service.type | string | `"ClusterIP"` | | +| simple-data-backend.tolerations | list | `[]` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/deployment/infrastructure/data-provider/data-service/templates/_helpers.tpl b/deployment/infrastructure/data-provider/data-service/templates/_helpers.tpl deleted file mode 100644 index 2479a5a63..000000000 --- a/deployment/infrastructure/data-provider/data-service/templates/_helpers.tpl +++ /dev/null @@ -1,87 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Pass Application -# -# Copyright (c) 2022, 2024 BMW AG -# Copyright (c) 2022, 2024 Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -{{/* -Expand the name of the chart. -*/}} -{{- define "data-service.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "data-service.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "data-service.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "data-service.labels" -}} -helm.sh/chart: {{ include "data-service.chart" . }} -{{ include "data-service.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "data-service.selectorLabels" -}} -app.kubernetes.io/name: {{ include "data-service.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "data-service.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "data-service.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/deployment/infrastructure/data-provider/data-service/templates/deployment.yaml b/deployment/infrastructure/data-provider/data-service/templates/deployment.yaml index fc3656a63..1fc496fff 100644 --- a/deployment/infrastructure/data-provider/data-service/templates/deployment.yaml +++ b/deployment/infrastructure/data-provider/data-service/templates/deployment.yaml @@ -26,13 +26,16 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "data-service.fullname" . }} + name: {{ include "simple-data-backend.fullname" . }} labels: - {{- include "data-service.labels" . | nindent 4 }} + {{- include "simple-data-backend.labels" . | nindent 4 }} spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} selector: matchLabels: - {{- include "data-service.selectorLabels" . | nindent 6 }} + {{- include "simple-data-backend.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} @@ -40,12 +43,14 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "data-service.selectorLabels" . | nindent 8 }} + {{- include "simple-data-backend.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + # @url: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + automountServiceAccountToken: false securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: @@ -54,28 +59,15 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - {{ if .Values.image.command -}} - command: - {{ toYaml .Values.image.command | nindent 12 }} - {{ end -}} - {{ if .Values.livenessProbe -}} - livenessProbe: - {{ toYaml .Values.livenessProbe | nindent 12 }} - {{ end -}} - {{ if .Values.readinessProbe -}} - readinessProbe: - {{ toYaml .Values.readinessProbe | nindent 12 }} - {{ end -}} ports: - - containerPort: {{ .Values.container.port }} + - name: default + containerPort: {{ .Values.service.port }} protocol: TCP - name: http - volumeMounts: - - mountPath: /tmp - name: tmp - volumes: - - emptyDir: {} - name: tmp + # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-setting-up-health-checks-with-readiness-and-liveness-probes + livenessProbe: {} + readinessProbe: {} + resources: + {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -87,4 +79,4 @@ spec: {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/deployment/infrastructure/data-provider/data-service/templates/ingress.yaml b/deployment/infrastructure/data-provider/data-service/templates/ingress.yaml deleted file mode 100644 index e350267d0..000000000 --- a/deployment/infrastructure/data-provider/data-service/templates/ingress.yaml +++ /dev/null @@ -1,82 +0,0 @@ -################################################################################# - # Tractus-X - Digital Product Pass Application - # - # Copyright (c) 2022, 2024 BMW AG - # Copyright (c) 2022, 2024 Henkel AG & Co. KGaA - # Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG - # Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0. - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, - # either express or implied. See the - # License for the specific language govern in permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - ################################################################################# - -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "data-service.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Values.namespace }} - labels: - {{- include "data-service.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: 8080 - {{- else }} - serviceName: {{ $fullName }} - servicePort: 8080 - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/deployment/infrastructure/data-provider/data-service/templates/service.yaml b/deployment/infrastructure/data-provider/data-service/templates/service.yaml deleted file mode 100644 index e95c1fdfd..000000000 --- a/deployment/infrastructure/data-provider/data-service/templates/service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -################################################################################# -# Tractus-X - Digital Product Pass Application -# -# Copyright (c) 2022, 2024 BMW AG -# Copyright (c) 2022, 2024 Henkel AG & Co. KGaA -# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG -# Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -# either express or implied. See the -# License for the specific language govern in permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "data-service.fullname" . }} - labels: - {{- include "data-service.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 8080 - protocol: TCP - name: http - selector: - {{- include "data-service.selectorLabels" . | nindent 4 }} diff --git a/deployment/infrastructure/data-provider/data-service/values.yaml b/deployment/infrastructure/data-provider/data-service/values.yaml index 33bb68c03..b3c4413e8 100644 --- a/deployment/infrastructure/data-provider/data-service/values.yaml +++ b/deployment/infrastructure/data-provider/data-service/values.yaml @@ -23,97 +23,83 @@ # SPDX-License-Identifier: Apache-2.0 ################################################################################# ---- -# Default values for backend. + +# Default values for simple-data-backend. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -replicaCount: 1 - -image: - # -- Which container image to use - repository: ghcr.io/catenax-ng/catenax-at-home/provider-backend-service - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "0.0.1" - command: "" - # -- Image pull secret to create to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) -imagePullSecrets: [] - -# -- Overrides the charts name -nameOverride: "" - -# -- Overrides the releases full name -fullnameOverride: "data-service" - -service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service) to expose the running application on a set of Pods as a network service. - port: 8080 - -container: - port: 80 - -livenessProbe: {} - -readinessProbe: {} - -# -- additional annotations for the pod -podAnnotations: {} - -podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 -# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod -securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - -ingress: - enabled: true - className: "nginx" - annotations: - #kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/ssl-passthrough: "false" - nginx.ingress.kubernetes.io/rewrite-target: /$2 - nginx.ingress.kubernetes.io/backend-protocol: "HTTP" - hosts: - - host: materialpass.int.demo.catena-x.net - paths: - - path: /provider_backend(/|$)(.*) - pathType: Prefix - tls: - - secretName: tls-secret - hosts: - - materialpass.int.demo.catena-x.net - - - -nodeSelector: {} -# [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes -tolerations: [] -# [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on -affinity: {} +simple-data-backend: + replicaCount: 1 + + nameOverride: "simple-data-backend" + fullnameOverride: "simple-data-backend" + + image: + repository: tractusx/simple-data-backend + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + + imagePullSecrets: [] + + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + # @url: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 3000 + + service: + type: ClusterIP + port: 8080 + + ingress: + enabled: true + className: "nginx" + annotations: + #kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + hosts: + - host: tx-dpp.int.catena-x.net + paths: + - path: /data-service(/|$)(.*) + pathType: Prefix + tls: + - secretName: tls-secret + hosts: + - tx-dpp.int.catena-x.net + + # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits + resources: + limits: + cpu: 250m + memory: 512Mi + requests: + cpu: 50m + memory: 512Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + # @url: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + livenessProbe: {} + readinessProbe: {} \ No newline at end of file diff --git a/deployment/local/postman/README.md b/deployment/local/postman/README.md index 9ec021b2f..bdbd25a0b 100644 --- a/deployment/local/postman/README.md +++ b/deployment/local/postman/README.md @@ -69,4 +69,3 @@ This technical guide depicts the digital product pass end-to-end API calls throu - ***bpn*** -For more technical documentation, please refer to the [catenax-at-home-getting-started-guide](https://catenax-ng.github.io/docs/guides/catenax-at-home) diff --git a/docs/GETTING-STARTED.md b/docs/GETTING-STARTED.md index d85ed47e8..e394a83c9 100644 --- a/docs/GETTING-STARTED.md +++ b/docs/GETTING-STARTED.md @@ -263,7 +263,6 @@ __Note:__ Adjust the URLs according to the _local_ (`http://localhost:port/`) or _integration_ (`https://dpp.int.demo.catena-x.net/`) environments. - [Documentation of EDC Data Transfer](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/docs/usage/management-api-walkthrough/06_transferprocesses.md) -- [End-to-End Use Case](https://catenax-ng.github.io/docs/guides/catenax-at-home#end-to-end-use-case) ## NOTICE diff --git a/docs/security/secrets-management/SecretsManagement.md b/docs/security/secrets-management/SecretsManagement.md index a7c387a48..a626eef59 100644 --- a/docs/security/secrets-management/SecretsManagement.md +++ b/docs/security/secrets-management/SecretsManagement.md @@ -57,7 +57,6 @@ Some examples below: **Note:** ***/data/*** path is always be placed after ***material-pass***, though it is not defined in a vault directory structure. AVP uses this data path itself internally. -To use a vault and create new secret, please look here: [how to-use vault create a secret](https://catenax-ng.github.io/docs/guides/how-to-use-vault#create-a-secret) ## Local Run @@ -96,8 +95,6 @@ If dpp frontend is run using docker, the following environment variables must be The required variables must be set in values-*.yaml file manually. -Further info about vault plugin for helm charts: [argocd-vault-plugin-helm](https://catenax-ng.github.io/docs/guides/ArgoCD/howto-use-vault-secrets-with-argocd#argocd-vault-plugin-helm) - ## Secrets Scanning