build(2.1.0): merge release into main

CHANGELOG.md

@@ -19,6 +19,10 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
   * assigned the role "configure_partner_registration" from the Cl2-CX-Portal client to the composite role "Registration External" of the client technical_roles_management
   * assigned the role "view_managed_idp" from the Cl2-CX-Portal client to the composite role "CX Admin" of the client Cl2-CX-Portal
 * added (docker.io) container registry to images
+* seeding job for upgrade (centralidp):
+  * set resource requests
+  * changed to imagePullPolicy "IfNotPresent"
+  * enabled unique resource name
 
 ### Bugfix
 
@@ -48,15 +52,20 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
     * view_use_case_participation
     * view_certificates
   * removed username mapper from CX-Operator identity provider
+* seeding job for upgrade (centralidp): fixed Keyclaok service name not being found in the case of nameOverride or fullnameOverride
 
 ### Technical Support
 
 * build of init containers
+  * TRG-7.05: added legal documentation
   * enabled build of images for arm64, in addition to amd64
   * added additional image tags of type semver
 * updated base image versions for init container in README
 * updated generic-security documentation
 * adjusted source url in license files for static content
+* introduceed CodeQL scan
+* changed portal-cd references to portal due to repository renaming
+* updated documentation
 
 ### Known Knowns
 

README.md

@@ -27,12 +27,13 @@ For further information please refer to the chart specific README files, availab
 
 ## Notice for Docker images
 
-This application provides container images (init containers only) for demonstration purposes.
+This application provides container images for demonstration purposes.
 
 See Docker notice files for more information:
 
 * [portal-iam](./docker/notice-iam.md)
 * [portal-iam-consortia](./docker/notice-iam-consortia.md)
+* [portal-iam-seeding](https://github.com/eclipse-tractusx/portal-backend/blob/main/docker/notice-iam-seeding.md)
 
 ## License
 

charts/centralidp/Chart.yaml

@@ -20,7 +20,7 @@
 apiVersion: v2
 name: centralidp
 type: application
-version: 2.1.0-RC1
+version: 2.1.0
 appVersion: 22.0.3
 description: Helm chart for Catena-X Central Keycloak Instance
 home: https://github.com/eclipse-tractusx/portal-iam

charts/centralidp/README.md

@@ -1,6 +1,6 @@
 # Helm chart for Catena-X Central Keycloak Instance
 
-![Version: 2.1.0-RC1](https://img.shields.io/badge/Version-2.1.0--RC1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 22.0.3](https://img.shields.io/badge/AppVersion-22.0.3-informational?style=flat-square)
+![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 22.0.3](https://img.shields.io/badge/AppVersion-22.0.3-informational?style=flat-square)
 
 This helm chart installs the Helm chart for Catena-X Central Keycloak Instance.
 
@@ -29,7 +29,7 @@ To use the helm chart as a dependency:
 dependencies:
   - name: centralidp
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 2.1.0-RC1
+    version: 2.1.0
 ```
 
 ## Requirements
@@ -59,7 +59,7 @@ dependencies:
 | keycloak.extraVolumeMounts[1].name | string | `"realms"` |  |
 | keycloak.extraVolumeMounts[1].mountPath | string | `"/realms"` |  |
 | keycloak.initContainers[0].name | string | `"import"` |  |
-| keycloak.initContainers[0].image | string | `"tractusx/portal-iam:v2.1.0-RC1"` |  |
+| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v2.1.0"` |  |
 | keycloak.initContainers[0].imagePullPolicy | string | `"Always"` |  |
 | keycloak.initContainers[0].command[0] | string | `"sh"` |  |
 | keycloak.initContainers[0].args[0] | string | `"-c"` |  |
@@ -87,7 +87,7 @@ dependencies:
 | keycloak.rbac.rules[0].resources[0] | string | `"pods"` |  |
 | keycloak.rbac.rules[0].verbs[0] | string | `"get"` |  |
 | keycloak.rbac.rules[0].verbs[1] | string | `"list"` |  |
-| keycloak.postgresql.enabled | bool | `true` | PostgreSQL chart configuration; default configurations: host: "centralidp-postgresql-primary", port: 5432; Switch to enable or disable the PostgreSQL helm chart. |
+| keycloak.postgresql.enabled | bool | `true` | PostgreSQL chart configuration (recommended for demonstration purposes only); default configurations: host: "centralidp-postgresql-primary", port: 5432; Switch to enable or disable the PostgreSQL helm chart. |
 | keycloak.postgresql.auth.username | string | `"kccentral"` | Non-root username. |
 | keycloak.postgresql.auth.database | string | `"iamcentralidp"` | Database name. |
 | keycloak.postgresql.auth.existingSecret | string | `"centralidp-postgres"` | Secret containing the passwords for root usernames postgres and non-root username kccentral. |
@@ -104,23 +104,23 @@ dependencies:
 | secrets.postgresql.auth.existingSecret.password | string | `""` | Password for the non-root username 'kccentral'. Secret-key 'password'. |
 | secrets.postgresql.auth.existingSecret.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. |
 | seeding.enabled | bool | `false` | Seeding job to upgrade CX_Central realm: enable to upgrade the configuration of the CX-Central realm from previous version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job |
-| seeding.name | string | `"cx-central-realm-upgrade"` |  |
-| seeding.image | string | `"tractusx/portal-iam-seeding:v2.1.0-iam-RC1"` |  |
+| seeding.image | string | `"docker.io/tractusx/portal-iam-seeding:v2.1.0-iam"` |  |
+| seeding.imagePullPolicy | string | `"IfNotPresent"` |  |
 | seeding.portContainer | int | `8080` |  |
 | seeding.authRealm | string | `"master"` |  |
 | seeding.useAuthTrail | string | `"true"` |  |
 | seeding.dataPaths.dataPath0 | string | `"realms/CX-Central-realm.json"` |  |
 | seeding.instanceName | string | `"central"` |  |
 | seeding.excludedUserAttributes.attribute0 | string | `"bpn"` |  |
 | seeding.excludedUserAttributes.attribute1 | string | `"organisation"` |  |
-| seeding.resources | object | `{}` | We recommend not to specify default resources and to leave this as a conscious choice for the user. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. |
+| seeding.resources | object | `{"requests":{"cpu":"15m","memory":"105M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. |
 | seeding.extraVolumes[0].name | string | `"realms"` |  |
 | seeding.extraVolumes[0].emptyDir | object | `{}` |  |
 | seeding.extraVolumeMounts[0].name | string | `"realms"` |  |
 | seeding.extraVolumeMounts[0].mountPath | string | `"app/realms"` |  |
 | seeding.initContainers[0].name | string | `"init-cx-central"` |  |
-| seeding.initContainers[0].image | string | `"tractusx/portal-iam:v2.1.0-RC1"` |  |
-| seeding.initContainers[0].imagePullPolicy | string | `"Always"` |  |
+| seeding.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v2.1.0"` |  |
+| seeding.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` |  |
 | seeding.initContainers[0].command[0] | string | `"sh"` |  |
 | seeding.initContainers[0].args[0] | string | `"-c"` |  |
 | seeding.initContainers[0].args[1] | string | `"echo \"Copying CX Central realm...\"\ncp -R /import/catenax-central/realms/* /app/realms\n"` |  |
@@ -146,6 +146,10 @@ This is done by setting the 'example.org' placeholder in the CX-Operator' Identi
 
 Please see notes at [Values.seeding](values.yaml#L146) for upgrading the configuration of the CX-Central realm.
 
+### To 2.1.0
+
+No specific upgrade notes.
+
 ### To 2.0.0
 
 This major changes from Keycloak version 16.1.1 to version 22.0.3.
@@ -276,3 +280,7 @@ As part of an optional housekeeping, the following clients are obsolete in versi
 * Cl6-CX-DAPS (was already obsolete with v1.2.0)
 * Cl20-CX-IRS
 * Cl16-CX-BPDMGate-Portal
+
+### Upgrading from version 2.0.0 to 2.1.0
+
+By enabling the seeding (Values.seeding.enabled), the CX-Central realm is upgraded by a job defined as a post-upgrade hook.

charts/centralidp/README.md.gotmpl

@@ -55,6 +55,10 @@ This is done by setting the 'example.org' placeholder in the CX-Operator' Identi
 
 Please see notes at [Values.seeding](values.yaml#L146) for upgrading the configuration of the CX-Central realm.
 
+### To 2.1.0
+
+No specific upgrade notes.
+
 ### To 2.0.0
 
 This major changes from Keycloak version 16.1.1 to version 22.0.3.
@@ -185,3 +189,7 @@ As part of an optional housekeeping, the following clients are obsolete in versi
 * Cl6-CX-DAPS (was already obsolete with v1.2.0) 
 * Cl20-CX-IRS
 * Cl16-CX-BPDMGate-Portal
+
+### Upgrading from version 2.0.0 to 2.1.0
+
+By enabling the seeding (Values.seeding.enabled), the CX-Central realm is upgraded by a job defined as a post-upgrade hook.

charts/centralidp/values.yaml

@@ -48,7 +48,7 @@ keycloak:
       mountPath: "/realms"
   initContainers:
     - name: import
-      image: docker.io/tractusx/portal-iam:v2.1.0-RC1
+      image: docker.io/tractusx/portal-iam:v2.1.0
       imagePullPolicy: Always
       command:
         - sh
@@ -149,7 +149,7 @@ seeding:
 # Please also refer to the 'Post-Upgrade Configuration' section in the README.md
 # for configuration possibly not covered by the seeding job
   enabled: false
-  image: "docker.io/tractusx/portal-iam-seeding:v2.1.0-iam-RC1"
+  image: "docker.io/tractusx/portal-iam-seeding:v2.1.0-iam"
   imagePullPolicy: "IfNotPresent"
   portContainer: 8080
   authRealm: "master"
@@ -177,7 +177,7 @@ seeding:
       mountPath: "app/realms"
   initContainers:
     - name: init-cx-central
-      image: docker.io/tractusx/portal-iam:v2.1.0-RC1
+      image: docker.io/tractusx/portal-iam:v2.1.0
       imagePullPolicy: IfNotPresent
       command:
         - sh

charts/sharedidp/Chart.yaml

@@ -20,7 +20,7 @@
 apiVersion: v2
 name: sharedidp
 type: application
-version: 2.1.0-RC1
+version: 2.1.0
 appVersion: 22.0.3
 description: Helm chart for Catena-X Shared Keycloak Instance
 home: https://github.com/eclipse-tractusx/portal-iam

charts/sharedidp/README.md

@@ -1,6 +1,6 @@
 # Helm chart for Catena-X Shared Keycloak Instance
 
-![Version: 2.1.0-RC1](https://img.shields.io/badge/Version-2.1.0--RC1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 22.0.3](https://img.shields.io/badge/AppVersion-22.0.3-informational?style=flat-square)
+![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 22.0.3](https://img.shields.io/badge/AppVersion-22.0.3-informational?style=flat-square)
 
 This helm chart installs the Helm chart for Catena-X Shared Keycloak Instance.
 
@@ -29,7 +29,7 @@ To use the helm chart as a dependency:
 dependencies:
   - name: sharedidp
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 2.1.0-RC1
+    version: 2.1.0
 ```
 
 ## Requirements
@@ -63,7 +63,7 @@ dependencies:
 | keycloak.extraVolumeMounts[2].name | string | `"realms"` |  |
 | keycloak.extraVolumeMounts[2].mountPath | string | `"/realms"` |  |
 | keycloak.initContainers[0].name | string | `"import"` |  |
-| keycloak.initContainers[0].image | string | `"tractusx/portal-iam:v2.1.0-RC1"` |  |
+| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v2.1.0"` |  |
 | keycloak.initContainers[0].imagePullPolicy | string | `"Always"` |  |
 | keycloak.initContainers[0].command[0] | string | `"sh"` |  |
 | keycloak.initContainers[0].args[0] | string | `"-c"` |  |
@@ -93,7 +93,7 @@ dependencies:
 | keycloak.rbac.rules[0].resources[0] | string | `"pods"` |  |
 | keycloak.rbac.rules[0].verbs[0] | string | `"get"` |  |
 | keycloak.rbac.rules[0].verbs[1] | string | `"list"` |  |
-| keycloak.postgresql.enabled | bool | `true` | PostgreSQL chart configuration; default configurations: host: "sharedidp-postgresql-primary", port: 5432; Switch to enable or disable the PostgreSQL helm chart. |
+| keycloak.postgresql.enabled | bool | `true` | PostgreSQL chart configuration (recommended for demonstration purposes only); default configurations: host: "sharedidp-postgresql-primary", port: 5432; Switch to enable or disable the PostgreSQL helm chart. |
 | keycloak.postgresql.auth.username | string | `"kcshared"` | Non-root username. |
 | keycloak.postgresql.auth.database | string | `"iamsharedidp"` | Database name. |
 | keycloak.postgresql.auth.existingSecret | string | `"sharedidp-postgres"` | Secret containing the passwords for root usernames postgres and non-root username kcshared. |
@@ -136,6 +136,10 @@ Generate client-secrets for the service account with access type 'confidential'.
 
 ## Upgrade
 
+### To 2.1.0
+
+No specific upgrade notes.
+
 ### To 2.0.0
 
 This major changes from Keycloak version 16.1.1 to version 22.0.3.

charts/sharedidp/README.md.gotmpl

@@ -61,6 +61,10 @@ Generate client-secrets for the service account with access type 'confidential'.
 
 ## Upgrade
 
+### To 2.1.0
+
+No specific upgrade notes.
+
 ### To 2.0.0
 
 This major changes from Keycloak version 16.1.1 to version 22.0.3.

charts/sharedidp/values.yaml

@@ -52,7 +52,7 @@ keycloak:
       mountPath: "/realms"
   initContainers:
     - name: import
-      image: docker.io/tractusx/portal-iam:v2.1.0-RC1
+      image: docker.io/tractusx/portal-iam:v2.1.0
       imagePullPolicy: Always
       command:
         - sh

consortia/argocd-app-templates/centralidp/appsetup-beta.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-pen.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-rc.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-stable.yaml

@@ -29,15 +29,15 @@ spec:
   source:
     path: ''
     repoURL: 'https://eclipse-tractusx.github.io/charts/dev'
-    targetRevision: 2.1.0-RC1
+    targetRevision: 2.1.0
     plugin:
       env:
         - name: HELM_VALUES
           value: |
             keycloak:
               initContainers:
                 - name: import
-                  image: docker.io/tractusx/portal-iam-consortia:v2.1.0-RC1
+                  image: docker.io/tractusx/portal-iam-consortia:v2.1.0
                   imagePullPolicy: Always
                   command:
                     - sh
@@ -83,7 +83,7 @@ spec:
               enabled: true
               initContainers:
                 - name: init-cx-central
-                  image: docker.io/tractusx/portal-iam-consortia:v2.1.0-RC1
+                  image: docker.io/tractusx/portal-iam-consortia:v2.1.0
                   imagePullPolicy: Always
                   command:
                     - sh

consortia/argocd-app-templates/centralidp/appsetup-templateconsortia.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-templategeneric.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-upgrade.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/sharedidp/appsetup-beta.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/sharedidp/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/sharedidp/appsetup-pen.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/sharedidp/appsetup-rc.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v2.1.0-RC1
+    targetRevision: v2.1.0
     plugin:
       env:
         - name: AVP_SECRET