From b334a256d9c2d1cb9d88b498d516c53dd88bb9ee Mon Sep 17 00:00:00 2001 From: andrea bertagnolli Date: Tue, 3 Dec 2024 11:40:56 +0100 Subject: [PATCH] refactor: remove already deprecated azure-vault distributions (#1698) --- .github/workflows/deployment-test.yaml | 14 - .github/workflows/trigger-docker-publish.yaml | 2 - .github/workflows/trivy.yml | 2 - DEPENDENCIES | 4 - README.md | 9 +- .../tractusx-connector-azure-vault/Chart.yaml | 64 -- charts/tractusx-connector-azure-vault/LICENSE | 201 ------ .../tractusx-connector-azure-vault/README.md | 310 --------- .../README.md.gotmpl | 64 -- .../templates/NOTES.txt | 45 -- .../templates/_helpers.tpl | 183 ----- .../templates/configmap-controlplane.yaml | 35 - .../templates/configmap-dataplane.yaml | 31 - .../templates/deployment-controlplane.yaml | 370 ---------- .../templates/deployment-dataplane.yaml | 347 ---------- .../templates/hpa-controlplane.yaml | 49 -- .../templates/hpa-dataplane.yaml | 48 -- .../templates/ingress-controlplane.yaml | 82 --- .../templates/ingress-dataplane.yaml | 82 --- .../templates/networkpolicy.yaml | 46 -- .../templates/service-controlplane.yaml | 63 -- .../templates/service-dataplane.yaml | 60 -- .../templates/serviceaccount.yaml | 37 - .../templates/tests/test-controlplane.yaml | 56 -- .../tests/test-dataplane-readiness.yaml | 43 -- .../values.yaml | 638 ------------------ docs/README.md | 6 - edc-controlplane/build.gradle.kts | 1 - .../README.md | 30 - .../build.gradle.kts | 51 -- .../notice.md | 32 - edc-dataplane/build.gradle.kts | 1 - .../edc-dataplane-azure-vault/README.md | 30 - .../build.gradle.kts | 52 -- .../edc-dataplane-azure-vault/notice.md | 32 - .../tractusx-connector-azure-vault-test.yaml | 90 --- gradle/libs.versions.toml | 3 - settings.gradle.kts | 2 - 38 files changed, 2 insertions(+), 3213 deletions(-) delete mode 100644 charts/tractusx-connector-azure-vault/Chart.yaml delete mode 100644 charts/tractusx-connector-azure-vault/LICENSE delete mode 100644 charts/tractusx-connector-azure-vault/README.md delete mode 100644 charts/tractusx-connector-azure-vault/README.md.gotmpl delete mode 100644 charts/tractusx-connector-azure-vault/templates/NOTES.txt delete mode 100644 charts/tractusx-connector-azure-vault/templates/_helpers.tpl delete mode 100644 charts/tractusx-connector-azure-vault/templates/configmap-controlplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/configmap-dataplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/hpa-controlplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/hpa-dataplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/ingress-controlplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/ingress-dataplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/serviceaccount.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/tests/test-controlplane.yaml delete mode 100644 charts/tractusx-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml delete mode 100644 charts/tractusx-connector-azure-vault/values.yaml delete mode 100644 edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md delete mode 100644 edc-controlplane/edc-controlplane-postgresql-azure-vault/build.gradle.kts delete mode 100644 edc-controlplane/edc-controlplane-postgresql-azure-vault/notice.md delete mode 100644 edc-dataplane/edc-dataplane-azure-vault/README.md delete mode 100644 edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts delete mode 100644 edc-dataplane/edc-dataplane-azure-vault/notice.md delete mode 100644 edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml diff --git a/.github/workflows/deployment-test.yaml b/.github/workflows/deployment-test.yaml index c04548ca0..b2647bacb 100644 --- a/.github/workflows/deployment-test.yaml +++ b/.github/workflows/deployment-test.yaml @@ -27,20 +27,6 @@ on: workflow_dispatch: jobs: - secret-presence: - runs-on: ubuntu-latest - outputs: - AZURE_KV_CREDS: ${{ steps.secret-presence.outputs.AZURE_KV_CREDS }} - steps: - - name: Check whether secrets exist - id: secret-presence - run: | - [ ! -z "${{ secrets.AZURE_TENANT_ID }}" ] && - [ ! -z "${{ secrets.AZURE_CLIENT_ID }}" ] && - [ ! -z "${{ secrets.AZURE_CLIENT_SECRET }}" ] && - [ ! -z "${{ secrets.AZURE_VAULT_NAME }}" ] && - echo "AZURE_KV_CREDS=true" >> $GITHUB_OUTPUT - exit 0 test-prepare: runs-on: ubuntu-latest diff --git a/.github/workflows/trigger-docker-publish.yaml b/.github/workflows/trigger-docker-publish.yaml index 0413d8c1d..7a2828e03 100644 --- a/.github/workflows/trigger-docker-publish.yaml +++ b/.github/workflows/trigger-docker-publish.yaml @@ -55,8 +55,6 @@ jobs: matrix: variant: [ { dir: edc-controlplane, img: edc-runtime-memory }, { dir: edc-controlplane, img: edc-controlplane-postgresql-hashicorp-vault }, - { dir: edc-controlplane, img: edc-controlplane-postgresql-azure-vault }, - { dir: edc-dataplane, img: edc-dataplane-azure-vault }, { dir: edc-dataplane, img: edc-dataplane-hashicorp-vault }, { dir: edc-tests/runtime, img: mock-connector }] permissions: diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 8f692d271..8488d66f7 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -85,9 +85,7 @@ jobs: matrix: image: - edc-runtime-memory - - edc-controlplane-postgresql-azure-vault - edc-controlplane-postgresql-hashicorp-vault - - edc-dataplane-azure-vault - edc-dataplane-hashicorp-vault steps: - uses: actions/checkout@v4 diff --git a/DEPENDENCIES b/DEPENDENCIES index 73dcc188d..64728ef1e 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -6,15 +6,12 @@ maven/mavencentral/com.apicatalog/iron-verifiable-credentials/0.14.0, Apache-2.0 maven/mavencentral/com.apicatalog/titanium-json-ld/1.0.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.apicatalog/titanium-json-ld/1.4.0, Apache-2.0, approved, #15200 maven/mavencentral/com.apicatalog/titanium-json-ld/1.4.1, Apache-2.0, approved, #15200 -maven/mavencentral/com.azure/azure-core-http-netty/1.15.5, MIT AND Apache-2.0, approved, #16697 maven/mavencentral/com.azure/azure-core-http-netty/1.15.6, MIT AND Apache-2.0, approved, #16697 maven/mavencentral/com.azure/azure-core-http-netty/1.15.7, MIT AND Apache-2.0, approved, #16697 -maven/mavencentral/com.azure/azure-core/1.53.0, MIT, approved, clearlydefined maven/mavencentral/com.azure/azure-core/1.54.0, MIT, approved, clearlydefined maven/mavencentral/com.azure/azure-core/1.54.1, MIT, approved, clearlydefined maven/mavencentral/com.azure/azure-identity/1.14.2, MIT, approved, #16714 maven/mavencentral/com.azure/azure-json/1.3.0, MIT, approved, clearlydefined -maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.9.0, MIT, approved, #16850 maven/mavencentral/com.azure/azure-storage-blob/12.29.0, MIT, approved, #17273 maven/mavencentral/com.azure/azure-storage-common/12.28.0, MIT, approved, #17275 maven/mavencentral/com.azure/azure-storage-internal-avro/12.14.0, MIT, approved, #17274 @@ -326,7 +323,6 @@ maven/mavencentral/org.eclipse.edc.aws/validator-data-address-s3/0.11.0-20241127 maven/mavencentral/org.eclipse.edc.azure/azure-blob-core/0.11.0-20241127-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc.azure/data-plane-azure-storage/0.11.0-20241127-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc.azure/provision-blob/0.11.0-20241127-SNAPSHOT, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc.azure/vault-azure/0.11.0-20241127-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/accesstoken-lib/0.11.0-20241127-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/accesstokendata-store-sql/0.11.0-20241127-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/api-core/0.11.0-20241127-SNAPSHOT, Apache-2.0, approved, technology.edc diff --git a/README.md b/README.md index 08664b5a8..867cb3edd 100644 --- a/README.md +++ b/README.md @@ -28,20 +28,15 @@ The eclipse data space connector is split up into Control-Plane and Data-Plane, administration layer and has responsibility of resource management, contract negotiation and administer data transfer. The Data-Plane does the heavy lifting of transferring and receiving data streams. -Depending on your environment there are different derivatives of the control-plane prepared: +Control-Plane distribution: -- [edc-controlplane-postgresql-azure-vault](edc-controlplane/edc-controlplane-postgresql-azure-vault) with dependency onto - - [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview) - - [PostgreSQL 8.2 or newer](https://www.postgresql.org/) - [edc-controlplane-postgresql-hashicorp-vault](edc-controlplane/edc-controlplane-postgresql-hashicorp-vault) with dependency onto - [Hashicorp Vault](https://www.vaultproject.io/) - [PostgreSQL 8.2 or newer](https://www.postgresql.org/) -Derivatives of the Data-Plane can be found here +Data-Plane distribution: -- [edc-dataplane-azure-vault](edc-dataplane/edc-dataplane-azure-vault) with dependency onto - - [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview) - [edc-dataplane-hashicorp-vault](edc-dataplane/edc-dataplane-hashicorp-vault) with dependency onto - [Hashicorp Vault](https://www.vaultproject.io/) diff --git a/charts/tractusx-connector-azure-vault/Chart.yaml b/charts/tractusx-connector-azure-vault/Chart.yaml deleted file mode 100644 index a2b42e56f..000000000 --- a/charts/tractusx-connector-azure-vault/Chart.yaml +++ /dev/null @@ -1,64 +0,0 @@ -################################################################################# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - - ---- -apiVersion: v2 -name: tractusx-connector-azure-vault -deprecated: true -description: | - DEPRECATED: this chart will be no more available after version 0.8.0 - - A Helm chart for Tractus-X Eclipse Data Space Connector. The connector deployment consists of two runtime consists of a - Control Plane and a Data Plane. Note that _no_ external dependencies such as a PostgreSQL database and Azure KeyVault are included. - - This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ Azure KeyVault. -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) - -version: 0.8.0 -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. - -appVersion: "0.8.0" -home: https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector -sources: - - https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector -dependencies: - # PostgreSQL - - name: postgresql - alias: postgresql - version: "15.2.1" - repository: https://charts.bitnami.com/bitnami - condition: install.postgresql diff --git a/charts/tractusx-connector-azure-vault/LICENSE b/charts/tractusx-connector-azure-vault/LICENSE deleted file mode 100644 index c815b0d05..000000000 --- a/charts/tractusx-connector-azure-vault/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2022 Catena-X - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md deleted file mode 100644 index 434088f43..000000000 --- a/charts/tractusx-connector-azure-vault/README.md +++ /dev/null @@ -1,310 +0,0 @@ -# tractusx-connector-azure-vault - -> **:exclamation: This Helm Chart is deprecated!** - -![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.0](https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square) - -DEPRECATED: this chart will be no more available after version 0.8.0 - -A Helm chart for Tractus-X Eclipse Data Space Connector. The connector deployment consists of two runtime consists of a -Control Plane and a Data Plane. Note that _no_ external dependencies such as a PostgreSQL database and Azure KeyVault are included. - -This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ Azure KeyVault. - -**Homepage:** - -## Setting up IATP - -### Preconditions - -- You'll need an account with DIM, the wallet for VerifiableCredentials -- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the - Portal during participant onboarding -- the client ID and client secret corresponding to that account must be known - -### Preparatory work - -- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and - is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured - using the `iatp.sts.oauth.client.secret_alias` Helm value. - -### Configure the chart - -Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `iatp.sts.oauth.token_url`: the token endpoint of DIM -- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM -- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault -- `iatp.sts.dim.url`: the base URL for DIM - -In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which -must be configured: -- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS") - -### Launching the application - -As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml) -to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually. -Combined, run this shell command to start the in-memory Tractus-X EDC runtime: - -```shell -helm repo add tractusx-edc https://eclipse-tractusx.github.io/charts/dev -helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0.8.0 \ - -f /tractusx-connector-azure-vault-test.yaml \ - --set vault.azure.name=$AZURE_VAULT_NAME \ - --set vault.azure.client=$AZURE_CLIENT_ID \ - --set vault.azure.secret=$AZURE_CLIENT_SECRET \ - --set vault.azure.tenant=$AZURE_TENANT_ID -``` - -## Source Code - -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 15.2.1 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| controlplane.affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on | -| controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | -| controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | -| controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | -| controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| controlplane.bdrs.cache_validity_seconds | int | `600` | Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) | -| controlplane.bdrs.server.url | string | `nil` | URL of the BPN/DID Resolution Service | -| controlplane.catalog | object | `{"crawler":{"initialDelay":null,"num":null,"period":null,"targetsFile":null},"enabled":false}` | configuration for the built-in federated catalog crawler | -| controlplane.catalog.crawler.initialDelay | string | `nil` | Initial delay for the crawling to start. Leave blank for a random delay | -| controlplane.catalog.crawler.num | string | `nil` | Number of desired crawlers. Final number might be different, based on number of crawl targets | -| controlplane.catalog.crawler.period | string | `nil` | Period between two crawl runs in seconds. Default is 60 seconds. | -| controlplane.catalog.crawler.targetsFile | string | `nil` | File path to a JSON file containing TargetNode entries | -| controlplane.catalog.enabled | bool | `false` | Flag to globally enable/disable the FC feature | -| controlplane.debug.enabled | bool | `false` | Enables java debugging mode. | -| controlplane.debug.port | int | `1044` | Port where the debuggee can connect to. | -| controlplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | -| controlplane.endpoints | object | `{"catalog":{"authKey":"password","path":"/catalog","port":8085},"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","jwksUrl":null,"path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane | -| controlplane.endpoints.catalog.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | -| controlplane.endpoints.catalog.path | string | `"/catalog"` | path for incoming catalog cache query requests | -| controlplane.endpoints.catalog.port | int | `8085` | port for incoming catalog cache query requests | -| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | -| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | -| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls | -| controlplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | -| controlplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | -| controlplane.endpoints.default.port | int | `8080` | port for incoming api calls | -| controlplane.endpoints.management | object | `{"authKey":"password","jwksUrl":null,"path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | -| controlplane.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | -| controlplane.endpoints.management.jwksUrl | string | `nil` | if the JWKS url is set, the DelegatedAuth service will be engaged | -| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | -| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | -| controlplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | -| controlplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | -| controlplane.endpoints.metrics.port | int | `9090` | port for incoming api calls | -| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | -| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | -| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls | -| controlplane.env | object | `{}` | | -| controlplane.envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from | -| controlplane.envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from | -| controlplane.envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core | -| controlplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| controlplane.image.repository | string | `""` | Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically | -| controlplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[0].enabled | bool | `false` | | -| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[1].enabled | bool | `false` | | -| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.initContainers | list | `[]` | | -| controlplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| controlplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| controlplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | -| controlplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| controlplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| controlplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| controlplane.logs.level | string | `"DEBUG"` | Defines the log granularity of the default Console Monitor. | -| controlplane.nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes | -| controlplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | -| controlplane.podAnnotations | object | `{}` | additional annotations for the pod | -| controlplane.podLabels | object | `{}` | additional labels for the pod | -| controlplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| controlplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| controlplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| controlplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| controlplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| controlplane.policy | object | `{"validation":{"enabled":true}}` | configuration for policy engine | -| controlplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| controlplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| controlplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | -| controlplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a readiness check every 10 seconds | -| controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| controlplane.replicaCount | int | `1` | | -| controlplane.resources | object | `{"limits":{"cpu":1.5,"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"1024Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | -| controlplane.resources.limits.cpu | float | `1.5` | Maximum CPU limit | -| controlplane.resources.limits.memory | string | `"1024Mi"` | Maximum memory limit | -| controlplane.resources.requests.cpu | string | `"500m"` | Initial CPU request | -| controlplane.resources.requests.memory | string | `"1024Mi"` | Initial memory request | -| controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| controlplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| controlplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| controlplane.service.annotations | object | `{}` | additional annotations for the service | -| controlplane.service.labels | object | `{}` | additional labels for the service | -| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| controlplane.tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes | -| controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | -| controlplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | -| controlplane.volumes | string | `nil` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| customCaCerts | object | `{}` | Add custom ca certificates to the truststore | -| customLabels | object | `{}` | Add some custom labels | -| dataplane.affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on | -| dataplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| dataplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | -| dataplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | -| dataplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | -| dataplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| dataplane.aws.accessKeyId | string | `""` | | -| dataplane.aws.endpointOverride | string | `""` | | -| dataplane.aws.secretAccessKey | string | `""` | | -| dataplane.debug.enabled | bool | `false` | Enables java debugging mode. | -| dataplane.debug.port | int | `1044` | Port where the debuggee can connect to. | -| dataplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | -| dataplane.endpoints | object | `{"control":{"path":"/control","port":8084},"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081}}` | endpoints of the dataplane | -| dataplane.endpoints.control | object | `{"path":"/control","port":8084}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | -| dataplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | -| dataplane.endpoints.control.port | int | `8084` | port for incoming api calls | -| dataplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | -| dataplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | -| dataplane.endpoints.default.port | int | `8080` | port for incoming api calls | -| dataplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | -| dataplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | -| dataplane.endpoints.metrics.port | int | `9090` | port for incoming api calls | -| dataplane.endpoints.proxy.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | -| dataplane.endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls | -| dataplane.endpoints.proxy.port | int | `8186` | port for incoming api calls | -| dataplane.endpoints.public | object | `{"path":"/api/public","port":8081}` | public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. | -| dataplane.endpoints.public.path | string | `"/api/public"` | path for incoming api calls | -| dataplane.endpoints.public.port | int | `8081` | port for incoming api calls | -| dataplane.env | object | `{}` | Extra environment variables that will be pass onto deployment pods | -| dataplane.envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from | -| dataplane.envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from | -| dataplane.envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core | -| dataplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| dataplane.image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | -| dataplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| dataplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | -| dataplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| dataplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| dataplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| dataplane.ingresses[0].enabled | bool | `false` | | -| dataplane.ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource | -| dataplane.ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| dataplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| dataplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| dataplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| dataplane.initContainers | list | `[]` | | -| dataplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| dataplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| dataplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | -| dataplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| dataplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| dataplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| dataplane.logs.level | string | `"DEBUG"` | Defines the log granularity of the default Console Monitor. | -| dataplane.nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes | -| dataplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | -| dataplane.podAnnotations | object | `{}` | additional annotations for the pod | -| dataplane.podLabels | object | `{}` | additional labels for the pod | -| dataplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| dataplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| dataplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| dataplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| dataplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| dataplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| dataplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| dataplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | -| dataplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| dataplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| dataplane.replicaCount | int | `1` | | -| dataplane.resources | object | `{"limits":{"cpu":1.5,"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"1024Mi"}}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | -| dataplane.resources.limits.cpu | float | `1.5` | Maximum CPU limit | -| dataplane.resources.limits.memory | string | `"1024Mi"` | Maximum memory limit | -| dataplane.resources.requests.cpu | string | `"500m"` | Initial CPU request | -| dataplane.resources.requests.memory | string | `"1024Mi"` | Initial memory request | -| dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| dataplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| dataplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| dataplane.service.annotations | object | `{}` | additional annotations for the service | -| dataplane.service.labels | object | `{}` | additional labels for the service | -| dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| dataplane.token.refresh.expiry_seconds | int | `300` | TTL in seconds for access tokens (also known as EDR token) | -| dataplane.token.refresh.expiry_tolerance_seconds | int | `10` | Tolerance for token expiry in seconds | -| dataplane.token.refresh.refresh_endpoint | string | `nil` | Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` | -| dataplane.token.signer.privatekey_alias | string | `nil` | Alias under which the private key (JWK or PEM format) is stored in the vault | -| dataplane.token.verifier.publickey_alias | string | `nil` | Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` | -| dataplane.tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes | -| dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | -| dataplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | -| dataplane.volumes | string | `nil` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| fullnameOverride | string | `""` | | -| iatp.id | string | `"did:web:changeme"` | Decentralized IDentifier (DID) of the connector | -| iatp.sts.dim.url | string | `nil` | URL where connectors can request SI tokens | -| iatp.sts.oauth.client.id | string | `nil` | Client ID for requesting OAuth2 access token for DIM access | -| iatp.sts.oauth.client.secret_alias | string | `nil` | Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access | -| iatp.sts.oauth.token_url | string | `nil` | URL where connectors can request OAuth2 access tokens for DIM access | -| iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime | -| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| install.postgresql | bool | `true` | Deploying a PostgreSQL instance | -| nameOverride | string | `""` | | -| networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component | -| networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) | -| networkPolicy.dataplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the dataplane component | -| networkPolicy.dataplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) | -| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane | -| participant.id | string | `"BPNLCHANGEME"` | BPN Number | -| postgresql.auth.database | string | `"edc"` | | -| postgresql.auth.password | string | `"password"` | | -| postgresql.auth.username | string | `"user"` | | -| postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` | | -| postgresql.primary.persistence.enabled | bool | `false` | | -| postgresql.readReplicas.persistence.enabled | bool | `false` | | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | -| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | -| vault.azure.certificate | string | `nil` | | -| vault.azure.client | string | `nil` | | -| vault.azure.name | string | `""` | | -| vault.azure.secret | string | `nil` | | -| vault.azure.tenant | string | `nil` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) diff --git a/charts/tractusx-connector-azure-vault/README.md.gotmpl b/charts/tractusx-connector-azure-vault/README.md.gotmpl deleted file mode 100644 index 352cd8f13..000000000 --- a/charts/tractusx-connector-azure-vault/README.md.gotmpl +++ /dev/null @@ -1,64 +0,0 @@ -{{ template "chart.header" . }} - -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.badgesSection" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -## Setting up IATP - -### Preconditions - -- You'll need an account with DIM, the wallet for VerifiableCredentials -- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the - Portal during participant onboarding -- the client ID and client secret corresponding to that account must be known - -### Preparatory work - -- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and - is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured - using the `iatp.sts.oauth.client.secret_alias` Helm value. - - -### Configure the chart - -Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `iatp.sts.oauth.token_url`: the token endpoint of DIM -- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM -- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault -- `iatp.sts.dim.url`: the base URL for DIM - -In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which -must be configured: -- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS") - -### Launching the application - -As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml) -to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually. -Combined, run this shell command to start the in-memory Tractus-X EDC runtime: - -```shell -helm repo add tractusx-edc https://eclipse-tractusx.github.io/charts/dev -helm install my-release tractusx-edc/tractusx-connector-azure-vault --version {{ .Version }} \ - -f /tractusx-connector-azure-vault-test.yaml \ - --set vault.azure.name=$AZURE_VAULT_NAME \ - --set vault.azure.client=$AZURE_CLIENT_ID \ - --set vault.azure.secret=$AZURE_CLIENT_SECRET \ - --set vault.azure.tenant=$AZURE_TENANT_ID -``` - -{{ template "chart.maintainersSection" . }} - -{{ template "chart.sourcesSection" . }} - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.valuesSection" . }} - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) diff --git a/charts/tractusx-connector-azure-vault/templates/NOTES.txt b/charts/tractusx-connector-azure-vault/templates/NOTES.txt deleted file mode 100644 index 66a2337b5..000000000 --- a/charts/tractusx-connector-azure-vault/templates/NOTES.txt +++ /dev/null @@ -1,45 +0,0 @@ -1. Get the control plane URL by running these commands: -{{ with index .Values.controlplane.ingresses 0}} -{{- if .enabled }} -{{- range .paths }} - http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} -{{- end }} -{{- else if contains "NodePort" $.Values.controlplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-controlplane) - export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" $.Values.controlplane.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "txdc.fullname" . }}-controlplane' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" . }}-controlplane --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ $.Values.controlplane.service.port }} -{{- else if contains "ClusterIP" $.Values.controlplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-controlplane,app.kubernetes.io/instance={{ $.Release.Name }}-controlplane" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT - echo "Visit http://127.0.0.1:8080 to use your application" -{{- end }} -{{- end }} - -2. Get the data plane URL by running these commands: -{{ with index .Values.controlplane.ingresses 0}} -{{- if .enabled }} -{{- range .paths }} - http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} -{{- end }} -{{- else if contains "NodePort" $.Values.dataplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-dataplane) - export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" $.Values.dataplane.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txdc.fullname" $ }}-dataplane' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" $ }}-dataplane --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" $.Values.dataplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-dataplane,app.kubernetes.io/instance={{ $.Release.Name }}-dataplane" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT - echo "Visit http://127.0.0.1:8080 to use your application" -{{- end }} -{{- end }} diff --git a/charts/tractusx-connector-azure-vault/templates/_helpers.tpl b/charts/tractusx-connector-azure-vault/templates/_helpers.tpl deleted file mode 100644 index fdc58cce1..000000000 --- a/charts/tractusx-connector-azure-vault/templates/_helpers.tpl +++ /dev/null @@ -1,183 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "txdc.name" -}} -{{- default .Chart.Name .Values.nameOverride | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "txdc.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "txdc.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Control Common labels -*/}} -{{- define "txdc.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Control Common labels -*/}} -{{- define "txdc.controlplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{ include "txdc.controlplane.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: edc-controlplane -app.kubernetes.io/part-of: edc -{{- end }} - -{{/* -Data Common labels -*/}} -{{- define "txdc.dataplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{ include "txdc.dataplane.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: edc-dataplane -app.kubernetes.io/part-of: edc -{{- end }} - -{{/* -Control Selector labels -*/}} -{{- define "txdc.controlplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" . }}-controlplane -app.kubernetes.io/instance: {{ .Release.Name }}-controlplane -{{- end }} - -{{/* -Data Selector labels -*/}} -{{- define "txdc.dataplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" . }}-dataplane -app.kubernetes.io/instance: {{ .Release.Name }}-dataplane -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.controlplane.serviceaccount.name" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.dataplane.serviceaccount.name" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Control DSP URL -*/}} -{{- define "txdc.controlplane.url.protocol" -}} -{{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}} -{{- .Values.controlplane.url.protocol }} -{{- else }}{{/* else when dsp api url has not been specified explicitly */}} -{{- with (index .Values.controlplane.ingresses 0) }} -{{- if .enabled }}{{/* if ingress enabled */}} -{{- if .tls.enabled }}{{/* if TLS enabled */}} -{{- printf "https://%s" .hostname -}} -{{- else }}{{/* else when TLS not enabled */}} -{{- printf "http://%s" .hostname -}} -{{- end }}{{/* end if tls */}} -{{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-controlplane:%v" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}} -{{- end }}{{/* end if ingress */}} -{{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .Values.controlplane.url.protocol */}} -{{- end }} - -{{/* -Validation URL -*/}} -{{- define "txdc.controlplane.url.validation" -}} -{{- printf "http://%s-controlplane:%v%s/token" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.control.port $.Values.controlplane.endpoints.control.path -}} -{{- end }} - -{{/* -Control Plane Control URL -*/}} -{{- define "txdc.controlplane.url.control" -}} -{{- printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.control.port $.Values.controlplane.endpoints.control.path -}} -{{- end }} - -{{/* -Data Plane Control URL -*/}} -{{- define "txdc.dataplane.url.control" -}} -{{- printf "http://%s-dataplane:%v%s" ( include "txdc.fullname" $ ) $.Values.dataplane.endpoints.control.port $.Values.dataplane.endpoints.control.path -}} -{{- end }} - -{{/* -Data Public URL -*/}} -{{- define "txdc.dataplane.url.public" -}} -{{- if .Values.dataplane.url.public }}{{/* if public api url has been specified explicitly */}} -{{- .Values.dataplane.url.public }} -{{- else }}{{/* else when public api url has not been specified explicitly */}} -{{- with (index .Values.dataplane.ingresses 0) }} -{{- if .enabled }}{{/* if ingress enabled */}} -{{- if .tls.enabled }}{{/* if TLS enabled */}} -{{- printf "https://%s%s" .hostname $.Values.dataplane.endpoints.public.path -}} -{{- else }}{{/* else when TLS not enabled */}} -{{- printf "http://%s%s" .hostname $.Values.dataplane.endpoints.public.path -}} -{{- end }}{{/* end if tls */}} -{{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" $ ) $.Values.dataplane.endpoints.public.port $.Values.dataplane.endpoints.public.path -}} -{{- end }}{{/* end if ingress */}} -{{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .Values.dataplane.url.public */}} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/tractusx-connector-azure-vault/templates/configmap-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/configmap-controlplane.yaml deleted file mode 100644 index 644bb1d49..000000000 --- a/charts/tractusx-connector-azure-vault/templates/configmap-controlplane.yaml +++ /dev/null @@ -1,35 +0,0 @@ -################################################################################# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -data: - opentelemetry.properties: |- - {{- .Values.controlplane.opentelemetry | nindent 4 }} - diff --git a/charts/tractusx-connector-azure-vault/templates/configmap-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/configmap-dataplane.yaml deleted file mode 100644 index a262f08bc..000000000 --- a/charts/tractusx-connector-azure-vault/templates/configmap-dataplane.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# - # Copyright (c) 2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "txdc.fullname" . }}-dataplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.dataplane.labels" . | nindent 4 }} -data: - opentelemetry.properties: |- - {{- .Values.dataplane.opentelemetry | nindent 4 }} - diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml deleted file mode 100644 index d910efedf..000000000 --- a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml +++ /dev/null @@ -1,370 +0,0 @@ -# - # Copyright (c) 2023 ZF Friedrichshafen AG - # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH - # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - # Copyright (c) 2021,2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - {{- if not .Values.controlplane.autoscaling.enabled }} - replicas: {{ .Values.controlplane.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "txdc.controlplane.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.controlplane.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "txdc.controlplane.selectorLabels" . | nindent 8 }} - {{- with .Values.controlplane.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }} - {{- if or .Values.controlplane.initContainers .Values.customCaCerts }} - initContainers: - {{- if .Values.controlplane.initContainers }} - {{- toYaml .Values.controlplane.initContainers | nindent 8 }} - {{- end }} - {{- if .Values.customCaCerts }} - - name: custom-cacerts - # either use the specified image, or use the default one - {{- if .Values.controlplane.image.repository }} - image: "{{ .Values.controlplane.image.repository }}:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else }} - image: "tractusx/edc-controlplane-postgresql-azure-vault:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- end }} - imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }} - command: - - /bin/sh - - -c - - | - cp /opt/java/openjdk/lib/security/cacerts /workdir/ - find /cacerts -type f \( -iname \*.crt -o -iname \*.pem \) -exec echo "{}" \; | while read PEM_FILE_PATH; do - PEM_FILE=${PEM_FILE_PATH##*/} - ALIAS=${PEM_FILE%.*} - echo "adding ${PEM_FILE} with alias ${ALIAS} to cacerts ..." - keytool -import -noprompt -trustcacerts -alias ${ALIAS} -file ${PEM_FILE_PATH} -keystore /workdir/cacerts -storepass changeit - done - securityContext: - {{- toYaml .Values.controlplane.securityContext | nindent 12 }} - volumeMounts: - - name: custom-cacertificates - mountPath: /cacerts - - name: custom-cacerts - mountPath: /workdir - {{- end }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.controlplane.securityContext | nindent 12 }} - - # either use the specified image, or use the default one - {{- if .Values.controlplane.image.repository }} - image: "{{ .Values.controlplane.image.repository }}:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- else }} - image: "tractusx/edc-controlplane-postgresql-azure-vault:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}" - {{- end }} - imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }} - args: [ --log-level={{ .Values.controlplane.logs.level | required ".Values.controlplane.logs.level is required" }} ] - ports: - {{- range $key,$value := .Values.controlplane.endpoints }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: TCP - {{- end }} - {{- if .Values.controlplane.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.controlplane.endpoints.default.path }}/check/liveness - port: {{ .Values.controlplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.controlplane.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controlplane.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controlplane.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.controlplane.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.controlplane.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.controlplane.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.controlplane.endpoints.default.path }}/check/readiness - port: {{ .Values.controlplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.controlplane.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controlplane.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controlplane.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.controlplane.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.controlplane.readinessProbe.successThreshold }} - {{- end }} - resources: - {{- toYaml .Values.controlplane.resources | nindent 12 }} - env: - {{- if .Values.controlplane.debug.enabled }} - - name: "JAVA_TOOL_OPTIONS" - {{- if .Values.controlplane.debug.suspendOnStart }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.controlplane.debug.port }} - {{- else }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.controlplane.debug.port }} - {{- end }} - {{- end }} - - ######################## - ## ID CONFIGURATION ## - ######################## - - name: EDC_PARTICIPANT_ID - value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} - - name: "EDC_IAM_ISSUER_ID" - value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} - - ####### - # API # - ####### - {{- if .Values.controlplane.endpoints.management.jwksUrl }} - - name: "EDC_API_AUTH_DAC_KEY_URL" - value: {{ .Values.controlplane.endpoints.management.jwksUrl | quote}} - {{- else }} - - name: "EDC_API_AUTH_KEY" - value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.management.authKey is required" | quote }} - {{- end }} - - - name: "WEB_HTTP_DEFAULT_PORT" - value: {{ .Values.controlplane.endpoints.default.port | quote }} - - name: "WEB_HTTP_DEFAULT_PATH" - value: {{ .Values.controlplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_MANAGEMENT_PORT" - value: {{ .Values.controlplane.endpoints.management.port | quote }} - - name: "WEB_HTTP_MANAGEMENT_PATH" - value: {{ .Values.controlplane.endpoints.management.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ .Values.controlplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ .Values.controlplane.endpoints.control.path | quote }} - - name: "WEB_HTTP_PROTOCOL_PORT" - value: {{ .Values.controlplane.endpoints.protocol.port | quote }} - - name: "WEB_HTTP_PROTOCOL_PATH" - value: {{ .Values.controlplane.endpoints.protocol.path | quote }} - - name: "EDC_CONTROL_ENDPOINT" - value: {{ include "txdc.controlplane.url.control" .}} - - name: "WEB_HTTP_CATALOG_PORT" - value: {{ .Values.controlplane.endpoints.catalog.port | quote }} - - name: "WEB_HTTP_CATALOG_PATH" - value: {{ .Values.controlplane.endpoints.catalog.path | quote }} - - name: "WEB_HTTP_CATALOG_AUTH_TYPE" - value: "tokenbased" - - name: "WEB_HTTP_CATALOG_AUTH_KEY" - value: {{ .Values.controlplane.endpoints.catalog.authKey | required ".Values.controlplane.endpoints.catalog.authKey is required" | quote }} - - - ######### - ## DSP ## - ######### - - - name: "EDC_DSP_CALLBACK_ADDRESS" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }} - - name: "EDC_OAUTH_PROVIDER_AUDIENCE" - value: "idsc:IDS_CONNECTORS_ALL" - - name: "EDC_OAUTH_ENDPOINT_AUDIENCE" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" . ) .Values.controlplane.endpoints.protocol.path | quote }} - - ################ - ## POSTGRESQL ## - ################ - - # default datasource - - name: "EDC_DATASOURCE_DEFAULT_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_DEFAULT_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_DEFAULT_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - ############################# - ## IATP / STS / DIM CONFIG ## - ############################# - - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" - value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}} - - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" - value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} - - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" - value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} - {{- if .Values.iatp.sts.dim.url }} - - name: "TX_EDC_IAM_STS_DIM_URL" - value: {{ .Values.iatp.sts.dim.url | quote}} - {{- end}} - - {{- range $index, $issuer := .Values.iatp.trustedIssuers }} - - name: "EDC_IAM_TRUSTED-ISSUER_{{$index}}-ISSUER_ID" - value: {{ $issuer | quote }} - {{- end }} - - ################# - ## BDRS CLIENT ## - ################# - - - name: "TX_IAM_IATP_BDRS_SERVER_URL" - value: {{ .Values.controlplane.bdrs.server.url | required ".Values.controlplane.bdrs.server.url is required" | quote }} - {{- if .Values.controlplane.bdrs.cache_validity_seconds }} - - name: "TX_IAM_IATP_BDRS_CACHE_VALIDITY" - value: {{ .Values.controlplane.bdrs.cache_validity_seconds | quote}} - {{- end}} - - ########### - ## VAULT ## - ########### - - - name: "EDC_VAULT_NAME" - value: {{ .Values.vault.azure.name | required ".Values.vault.azure.name is required" | quote }} - # only set the env vars if config value not null - {{- if .Values.vault.azure.client }} - - name: "AZURE_CLIENT_ID" - value: {{ .Values.vault.azure.client | quote }} - {{- end }} - {{- if .Values.vault.azure.tenant }} - - name: "AZURE_TENANT_ID" - value: {{ .Values.vault.azure.tenant | quote }} - {{- end }} - {{- if .Values.vault.azure.secret }} - - name: "AZURE_CLIENT_SECRET" - value: {{ .Values.vault.azure.secret | quote }} - {{- end }} - {{- if .Values.vault.azure.certificate }} - - name: "AZURE_CLIENT_CERTIFICATE_PATH" - value: {{ .Values.vault.azure.certificate | quote }} - {{- end }} - - ############################### - ## FEDERATED CATALOG CRAWLER ## - ############################### - {{- if .Values.controlplane.catalog.crawler.period }} - - name: "EDC_CATALOG_CACHE_EXECUTION_PERIOD_SECONDS" - value: {{ .Values.controlplane.catalog.crawler.period | quote}} - {{- end }} - - {{- if .Values.controlplane.catalog.crawler.initialDelay }} - - name: "EDC_CATALOG_CACHE_EXECUTION_DELAY_SECONDS" - value: {{ .Values.controlplane.catalog.crawler.initialDelay | quote }} - {{- end }} - - {{- if .Values.controlplane.catalog.crawler.num }} - - name: "EDC_CATALOG_CACHE_PARTITION_NUM_CRAWLERS" - value: {{ .Values.controlplane.catalog.crawler.num }} - {{- end }} - - - name: "EDC_CATALOG_CACHE_EXECUTION_ENABLED" - value: {{ .Values.controlplane.catalog.enabled | quote }} - - - name: "TX_EDC_CATALOG_NODE_LIST_FILE" - value: {{ .Values.controlplane.catalog.crawler.targetsFile }} - - ################### - ## POLICY ENGINE ## - ################### - - name: "EDC_POLICY_VALIDATION_ENABLED" - value: {{ .Values.controlplane.policy.validation.enabled | quote }} - - ###################################### - ## Additional environment variables ## - ###################################### - - name: "EDC_RUNTIME_ID" - value: {{ include "txdc.fullname" .}}-controlplane - {{- range $key, $value := .Values.controlplane.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 16 }} - {{- end }} - {{- range $key, $value := .Values.controlplane.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if and (or .Values.controlplane.envSecretNames .Values.controlplane.envConfigMapNames) (or (gt (len .Values.controlplane.envSecretNames) 0) (gt (len .Values.controlplane.envConfigMapNames) 0)) }} - envFrom: - {{- range $value := .Values.controlplane.envSecretNames }} - - secretRef: - name: {{ $value | quote }} - {{- end }} - {{- range $value := .Values.controlplane.envConfigMapNames }} - - configMapRef: - name: {{ $value | quote }} - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.controlplane.volumeMounts }} - {{- toYaml .Values.controlplane.volumeMounts | nindent 12 }} - {{- end}} - - name: "configuration" - mountPath: "/app/opentelemetry.properties" - subPath: "opentelemetry.properties" - {{- if .Values.customCaCerts }} - - name: custom-cacerts - mountPath: /opt/java/openjdk/lib/security/cacerts - subPath: cacerts - {{- end }} - - name: "tmp" - mountPath: "/tmp" - volumes: - {{- if .Values.controlplane.volumeMounts }} - {{- toYaml .Values.controlplane.volumes | nindent 8 }} - {{- end}} - - name: "configuration" - configMap: - name: {{ include "txdc.fullname" . }}-controlplane - items: - - key: "opentelemetry.properties" - path: "opentelemetry.properties" - {{- if .Values.customCaCerts }} - - name: custom-cacertificates - configMap: - name: {{ include "txdc.fullname" . }}-custom-cacerts - defaultMode: 0400 - - name: custom-cacerts - emptyDir: - sizeLimit: 1Mi - {{- end }} - - name: "tmp" - emptyDir: { } - {{- with .Values.controlplane.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml deleted file mode 100644 index 7a892d9a2..000000000 --- a/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml +++ /dev/null @@ -1,347 +0,0 @@ -################################################################################# - # Copyright (c) 2023 ZF Friedrichshafen AG - # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH - # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - # Copyright (c) 2021,2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0. - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - ################################################################################# - - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "txdc.fullname" . }}-dataplane - labels: - {{- include "txdc.dataplane.labels" . | nindent 4 }} -spec: - {{- if not .Values.dataplane.autoscaling.enabled }} - replicas: {{ .Values.dataplane.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "txdc.dataplane.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.dataplane.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "txdc.dataplane.selectorLabels" . | nindent 8 }} - {{- with .Values.dataplane.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.dataplane.podSecurityContext | nindent 8 }} - {{- if or .Values.dataplane.initContainers .Values.customCaCerts }} - initContainers: - {{- if .Values.dataplane.initContainers }} - {{- toYaml .Values.dataplane.initContainers | nindent 8 }} - {{- end }} - {{- if .Values.customCaCerts }} - - name: custom-cacerts - # either use the specified image, or use the default one - {{- if .Values.dataplane.image.repository }} - image: "{{ .Values.dataplane.image.repository }}:{{ .Values.dataplane.image.tag | default .Chart.AppVersion }}" - {{- else }} - image: "tractusx/edc-dataplane-azure-vault:{{ .Values.dataplane.image.tag | default .Chart.AppVersion }}" - {{- end }} - imagePullPolicy: {{ .Values.dataplane.image.pullPolicy }} - command: - - /bin/sh - - -c - - | - cp /opt/java/openjdk/lib/security/cacerts /workdir/ - find /cacerts -type f \( -iname \*.crt -o -iname \*.pem \) -exec echo "{}" \; | while read PEM_FILE_PATH; do - PEM_FILE=${PEM_FILE_PATH##*/} - ALIAS=${PEM_FILE%.*} - echo "adding ${PEM_FILE} with alias ${ALIAS} to cacerts ..." - keytool -import -noprompt -trustcacerts -alias ${ALIAS} -file ${PEM_FILE_PATH} -keystore /workdir/cacerts -storepass changeit - done - securityContext: - {{- toYaml .Values.dataplane.securityContext | nindent 12 }} - volumeMounts: - - name: custom-cacertificates - mountPath: /cacerts - - name: custom-cacerts - mountPath: /workdir - {{- end }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.dataplane.securityContext | nindent 12 }} - {{- if .Values.dataplane.image.repository }} - image: "{{ .Values.dataplane.image.repository }}:{{ .Values.dataplane.image.tag | default .Chart.AppVersion }}" - {{- else }} - image: "tractusx/edc-dataplane-azure-vault:{{ .Values.dataplane.image.tag | default .Chart.AppVersion }}" - {{- end }} - imagePullPolicy: {{ .Values.dataplane.image.pullPolicy }} - args: [ --log-level={{ .Values.dataplane.logs.level | required ".Values.dataplane.logs.level is required" }} ] - ports: - {{- range $key,$value := .Values.dataplane.endpoints }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: TCP - {{- end }} - {{- if .Values.dataplane.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.dataplane.endpoints.default.path }}/check/liveness - port: {{ .Values.dataplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.dataplane.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplane.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplane.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplane.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplane.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.dataplane.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.dataplane.endpoints.default.path }}/check/readiness - port: {{ .Values.dataplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.dataplane.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplane.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplane.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplane.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplane.readinessProbe.successThreshold }} - {{- end }} - resources: - {{- toYaml .Values.dataplane.resources | nindent 12 }} - env: - {{- if .Values.dataplane.debug.enabled }} - - name: "JAVA_TOOL_OPTIONS" - {{- if .Values.dataplane.debug.suspendOnStart }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.dataplane.debug.port }} - {{- else }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.dataplane.debug.port }} - {{- end }} - {{- end }} - - ######################## - ## ID CONFIGURATION ## - ######################## - - name: EDC_PARTICIPANT_ID - value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} - - name: "EDC_IAM_ISSUER_ID" - value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} - - ####### - # API # - ####### - - name: "TX_EDC_DPF_CONSUMER_PROXY_AUTH_APIKEY" - value: {{ .Values.dataplane.endpoints.proxy.authKey | required ".Values.dataplane.endpoints.proxy.authKey is required" | quote }} - - name: "WEB_HTTP_DEFAULT_PORT" - value: {{ .Values.dataplane.endpoints.default.port | quote }} - - name: "WEB_HTTP_DEFAULT_PATH" - value: {{ .Values.dataplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ .Values.dataplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ .Values.dataplane.endpoints.control.path | quote }} - - name: "WEB_HTTP_PUBLIC_PORT" - value: {{ .Values.dataplane.endpoints.public.port | quote }} - - name: "WEB_HTTP_PUBLIC_PATH" - value: {{ .Values.dataplane.endpoints.public.path | quote }} - - name: "EDC_CONTROL_ENDPOINT" - value: {{ include "txdc.dataplane.url.control" . }} - - name: "EDC_DPF_SELECTOR_URL" - value: {{ include "txdc.controlplane.url.control" . }}/v1/dataplanes - - ####### - # AWS # - ####### - {{- if .Values.dataplane.aws.endpointOverride }} - - name: "EDC_AWS_ENDPOINT_OVERRIDE" - value: {{ .Values.dataplane.aws.endpointOverride | quote }} - {{- end }} - {{- if .Values.dataplane.aws.secretAccessKey }} - - name: "AWS_SECRET_ACCESS_KEY" - value: {{ .Values.dataplane.aws.secretAccessKey | quote }} - {{- end }} - {{- if .Values.dataplane.aws.accessKeyId }} - - name: "AWS_ACCESS_KEY_ID" - value: {{ .Values.dataplane.aws.accessKeyId | quote }} - {{- end }} - - ########### - ## VAULT ## - ########### - - - name: "EDC_VAULT_NAME" - value: {{ .Values.vault.azure.name | required ".Values.vault.azure.name is required" | quote }} - # only set the env vars if config value not null - {{- if .Values.vault.azure.client }} - - name: "AZURE_CLIENT_ID" - value: {{ .Values.vault.azure.client | quote }} - {{- end }} - {{- if .Values.vault.azure.tenant }} - - name: "AZURE_TENANT_ID" - value: {{ .Values.vault.azure.tenant | quote }} - {{- end }} - {{- if .Values.vault.azure.secret }} - - name: "AZURE_CLIENT_SECRET" - value: {{ .Values.vault.azure.secret | quote }} - {{- end }} - {{- if .Values.vault.azure.certificate }} - - name: "AZURE_CLIENT_CERTIFICATE_PATH" - value: {{ .Values.vault.azure.certificate | quote }} - {{- end }} - - ############################# - ## IATP / STS / DIM CONFIG ## - ############################# - - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" - value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}} - - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" - value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} - - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" - value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} - - {{- if .Values.iatp.sts.dim.url }} - - name: "TX_EDC_IAM_STS_DIM_URL" - value: {{ .Values.iatp.sts.dim.url | quote}} - {{- end}} - - ################ - ## POSTGRESQL ## - ################ - - # default datasource - - name: "EDC_DATASOURCE_DEFAULT_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_DEFAULT_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_DEFAULT_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - ######################### - ## DATA PLANE PUBLIC API - ######################## - - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" - value: {{ include "txdc.dataplane.url.public" . }} - - - ################## - ## TOKEN REFRESH - ################## - {{- if .Values.dataplane.token.refresh.expiry_seconds }} - - name: "TX_EDC_DATAPLANE_TOKEN_EXPIRY" - value: {{ .Values.dataplane.token.refresh.expiry_seconds | quote}} - {{- end}} - - {{- if .Values.dataplane.token.refresh.expiry_tolerance_seconds }} - - name: "TX_EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE" - value: {{ .Values.dataplane.token.refresh.expiry_tolerance_seconds | quote }} - {{- end}} - - {{- if .Values.dataplane.token.refresh.refresh_endpoint }} - - name: "TX_EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" - value: {{ .Values.dataplane.token.refresh.refresh_endpoint }} - {{- else}} - - name: "TX_EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" - value: {{ include "txdc.dataplane.url.public" . }}/token - {{- end}} - - - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" - value: {{ .Values.dataplane.token.signer.privatekey_alias | required ".Values.dataplane.token.signer.privatekey_alias is required" | quote}} - - - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" - value: {{ .Values.dataplane.token.verifier.publickey_alias | required ".Values.dataplane.token.verifier.publickey_alias" | quote }} - - - ###################################### - ## Additional environment variables ## - ###################################### - - name: "EDC_RUNTIME_ID" - value: {{ include "txdc.fullname" .}}-dataplane - {{- range $key, $value := .Values.dataplane.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 16 }} - {{- end }} - {{- range $key, $value := .Values.dataplane.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if and (or .Values.dataplane.envSecretNames .Values.dataplane.envConfigMapNames) (or (gt (len .Values.dataplane.envSecretNames) 0) (gt (len .Values.dataplane.envConfigMapNames) 0)) }} - envFrom: - {{- range $value := .Values.dataplane.envSecretNames }} - - secretRef: - name: {{ $value | quote }} - {{- end }} - {{- range $value := .Values.dataplane.envConfigMapNames }} - - configMapRef: - name: {{ $value | quote }} - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.dataplane.volumeMounts }} - {{- toYaml .Values.dataplane.volumeMounts | nindent 12 }} - {{- end}} - - name: "configuration" - mountPath: "/app/opentelemetry.properties" - subPath: "opentelemetry.properties" - {{- if .Values.customCaCerts }} - - name: custom-cacerts - mountPath: /opt/java/openjdk/lib/security/cacerts - subPath: cacerts - {{- end }} - - name: "tmp" - mountPath: "/tmp" - volumes: - {{- if .Values.dataplane.volumes }} - {{- toYaml .Values.dataplane.volumes | nindent 8 }} - {{- end}} - - name: "configuration" - configMap: - name: {{ include "txdc.fullname" . }}-dataplane - items: - - key: "opentelemetry.properties" - path: "opentelemetry.properties" - {{- if .Values.customCaCerts }} - - name: custom-cacertificates - configMap: - name: {{ include "txdc.fullname" . }}-custom-cacerts - defaultMode: 0400 - - name: custom-cacerts - emptyDir: - sizeLimit: 1Mi - {{- end }} - - name: "tmp" - emptyDir: { } - {{- with .Values.dataplane.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.dataplane.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.dataplane.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/tractusx-connector-azure-vault/templates/hpa-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/hpa-controlplane.yaml deleted file mode 100644 index 0c7d95272..000000000 --- a/charts/tractusx-connector-azure-vault/templates/hpa-controlplane.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# - # Copyright (c) 2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # - - -{{- if .Values.controlplane.autoscaling.enabled }} ---- -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "txdc.fullname" . }}-controlplane - minReplicas: {{ .Values.controlplane.autoscaling.minReplicas }} - maxReplicas: {{ .Values.controlplane.autoscaling.maxReplicas }} - metrics: - {{- if .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/tractusx-connector-azure-vault/templates/hpa-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/hpa-dataplane.yaml deleted file mode 100644 index ddbee3823..000000000 --- a/charts/tractusx-connector-azure-vault/templates/hpa-dataplane.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# - # Copyright (c) 2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # - -{{- if .Values.controlplane.autoscaling.enabled }} ---- -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "txdc.fullname" . }}-dataplane - labels: - {{- include "txdc.dataplane.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "txdc.fullname" . }}-dataplane - minReplicas: {{ .Values.dataplane.autoscaling.minReplicas }} - maxReplicas: {{ .Values.dataplane.autoscaling.maxReplicas }} - metrics: - {{- if .Values.dataplane.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.dataplane.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.dataplane.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.dataplane.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/tractusx-connector-azure-vault/templates/ingress-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/ingress-controlplane.yaml deleted file mode 100644 index 8957cbf4c..000000000 --- a/charts/tractusx-connector-azure-vault/templates/ingress-controlplane.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# - # Copyright (c) 2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # - -{{- $fullName := include "txdc.fullname" . }} -{{- $controlLabels := include "txdc.controlplane.labels" . }} -{{- $controlEdcEndpoints := .Values.controlplane.endpoints }} -{{- $namespace := .Release.Namespace }} - -{{- range .Values.controlplane.ingresses }} -{{- if and .enabled .endpoints }} -{{- $controlIngressName := printf "%s-controlplane-%s" $fullName .hostname }} -{{- $annotations := .annotations | default dict }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $controlIngressName }} - namespace: {{ $namespace | default "default" | quote }} - labels: - {{- $controlLabels | nindent 4 }} - annotations: - {{- if .certManager }} - {{- if .certManager.issuer }} - {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}} - {{- end }} - {{- if .certManager.clusterIssuer }} - {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} - {{- end }} - {{- end }} - {{- with $annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .className }} - ingressClassName: {{ .className }} - {{- end }} - {{- if .hostname }} - {{- if .tls.enabled }} - tls: - - hosts: - - {{ .hostname }} - {{- if .tls.secretName }} - secretName: {{ .tls.secretName }} - {{- else }} - secretName: {{ $controlIngressName }}-tls - {{- end }} - {{- end }} - rules: - - host: {{ .hostname }} - http: - paths: - {{- $ingressEdcEndpoints := .endpoints }} - {{- range $name, $mapping := $controlEdcEndpoints }} - {{- if (has $name $ingressEdcEndpoints) }} - - path: {{ $mapping.path }} - pathType: Prefix - backend: - service: - name: {{ $fullName }}-controlplane - port: - number: {{ $mapping.port }} - {{- end }} - {{- end }} - {{- end }} -{{- end }}{{- /* end: if .enabled */}} -{{- end }}{{- /* end: range .Values.ingresses */}} diff --git a/charts/tractusx-connector-azure-vault/templates/ingress-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/ingress-dataplane.yaml deleted file mode 100644 index b46c30285..000000000 --- a/charts/tractusx-connector-azure-vault/templates/ingress-dataplane.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# - # Copyright (c) 2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # - -{{- $fullName := include "txdc.fullname" . }} -{{- $dataLabels := include "txdc.dataplane.labels" . }} -{{- $dataEdcEndpoints := .Values.dataplane.endpoints }} -{{- $namespace := .Release.Namespace }} - -{{- range .Values.dataplane.ingresses }} -{{- if and .enabled .endpoints }} -{{- $dataIngressName := printf "%s-dataplane-%s" $fullName .hostname }} -{{- $annotations := .annotations | default dict }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $dataIngressName }} - namespace: {{ $namespace | default "default" | quote }} - labels: - {{- $dataLabels | nindent 4 }} - annotations: - {{- if .certManager }} - {{- if .certManager.issuer }} - {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}} - {{- end }} - {{- if .certManager.clusterIssuer }} - {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} - {{- end }} - {{- end }} - {{- with $annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .className }} - ingressClassName: {{ .className }} - {{- end }} - {{- if .hostname }} - {{- if .tls.enabled }} - tls: - - hosts: - - {{ .hostname }} - {{- if .tls.secretName }} - secretName: {{ .tls.secretName }} - {{- else }} - secretName: {{ $dataIngressName }}-tls - {{- end }} - {{- end }} - rules: - - host: {{ .hostname }} - http: - paths: - {{- $ingressEdcEndpoints := .endpoints }} - {{- range $name, $mapping := $dataEdcEndpoints }} - {{- if (has $name $ingressEdcEndpoints) }} - - path: {{ $mapping.path }} - pathType: Prefix - backend: - service: - name: {{ $fullName }}-dataplane - port: - number: {{ $mapping.port }} - {{- end }} - {{- end }} - {{- end }} -{{- end }}{{- /* end: if .enabled */}} -{{- end }}{{- /* end: range .Values.ingresses */}} diff --git a/charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml b/charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml deleted file mode 100644 index 183af9b48..000000000 --- a/charts/tractusx-connector-azure-vault/templates/networkpolicy.yaml +++ /dev/null @@ -1,46 +0,0 @@ -################################################################################# -# Copyright (c) 2024 ZF Friedrichshafen AG -# Copyright (c) 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - -{{- if eq (.Values.networkPolicy.enabled | toString) "true" }} -{{- range tuple "controlplane" "dataplane" }} -{{- $name := . }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "txdc.fullname" $ }}-{{ $name }} - labels: - {{- include (printf "txdc.%s.labels" $name) $ | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include (printf "txdc.%s.selectorLabels" $name) $ | nindent 6 }} - ingress: - - from: - {{- toYaml (index $.Values.networkPolicy $name "from") | nindent 6 }} - ports: - {{- range $key,$value := (index $.Values $name "endpoints") }} - - port: {{ $value.port }} - protocol: TCP - {{- end }} - policyTypes: - - Ingress ---- -{{- end }} -{{- end }} diff --git a/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml deleted file mode 100644 index bf0a83cea..000000000 --- a/charts/tractusx-connector-azure-vault/templates/service-controlplane.yaml +++ /dev/null @@ -1,63 +0,0 @@ -################################################################################# -# Copyright (c) 2023,2024 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - - ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace }} - {{- with .Values.controlplane.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} - {{- with .Values.controlplane.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.controlplane.service.type }} - ports: - - port: {{ .Values.controlplane.endpoints.default.port }} - targetPort: default - protocol: TCP - name: default - - port: {{ .Values.controlplane.endpoints.control.port }} - targetPort: control - protocol: TCP - name: control - - port: {{ .Values.controlplane.endpoints.management.port }} - targetPort: management - protocol: TCP - name: management - - port: {{ .Values.controlplane.endpoints.protocol.port }} - targetPort: protocol - protocol: TCP - name: protocol - - port: {{ .Values.controlplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: - {{- include "txdc.controlplane.selectorLabels" . | nindent 4 }} diff --git a/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml deleted file mode 100644 index 6700191a8..000000000 --- a/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml +++ /dev/null @@ -1,60 +0,0 @@ -################################################################################# -# Copyright (c) 2024 ZF Friedrichshafen AG -# Copyright (c) 2023,2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "txdc.fullname" . }}-dataplane - namespace: {{ .Release.Namespace }} - {{- with .Values.dataplane.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "txdc.dataplane.labels" . | nindent 4 }} - {{- with .Values.dataplane.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.dataplane.service.type }} - ports: - - port: {{ .Values.dataplane.endpoints.default.port }} - targetPort: default - protocol: TCP - name: default - - port: {{ .Values.dataplane.endpoints.control.port }} - targetPort: control - protocol: TCP - name: control - - port: {{ .Values.dataplane.endpoints.public.port }} - targetPort: public - protocol: TCP - name: public - - port: {{ .Values.dataplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - - port: {{ .Values.dataplane.endpoints.proxy.port }} - targetPort: proxy - protocol: TCP - name: proxy - selector: - {{- include "txdc.dataplane.selectorLabels" . | nindent 4 }} diff --git a/charts/tractusx-connector-azure-vault/templates/serviceaccount.yaml b/charts/tractusx-connector-azure-vault/templates/serviceaccount.yaml deleted file mode 100644 index 4ac3334f8..000000000 --- a/charts/tractusx-connector-azure-vault/templates/serviceaccount.yaml +++ /dev/null @@ -1,37 +0,0 @@ -################################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - - -{{- if .Values.serviceAccount.create -}} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "txdc.serviceAccountName" . }} - labels: - {{- include "txdc.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- with .Values.serviceAccount.imagePullSecrets }} -imagePullSecrets: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} diff --git a/charts/tractusx-connector-azure-vault/templates/tests/test-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/tests/test-controlplane.yaml deleted file mode 100644 index 93bcf2a6c..000000000 --- a/charts/tractusx-connector-azure-vault/templates/tests/test-controlplane.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# - # Copyright (c) 2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # - ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{include "txdc.fullname" .}}-test-controlplane" - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} -spec: - containers: - {{/* Poke the pod's management API */}} - - name: readiness - image: curlimages/curl - command: [ 'curl', '--fail' ] - args: [ '{{- printf "http://%s-controlplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.default.port $.Values.controlplane.endpoints.default.path -}}' ] - - {{/* Try adding a BPN Group to the store via the management API */}} - - name: mgmt-api-bpn-store - image: curlimages/curl - command: [ 'curl', '-X', 'POST', '--fail','-H','Content-Type: application/json', '-H', '{{- printf "x-api-key: %s" $.Values.controlplane.endpoints.management.authKey }}', '-d', '{ - "@context": { - "tx": "https://w3id.org/tractusx/v0.0.1/ns/" - }, - "@id": "tx:BPN000001234", - "tx:groups": ["group1", "group2", "group3"] - }' ] - args: [ '{{- printf "http://%s-controlplane:%v%s/v3/business-partner-groups" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.management.port $.Values.controlplane.endpoints.management.path -}}' ] - restartPolicy: Never - securityContext: - fsGroup: 101 # curl_group - runAsGroup: 101 # curl_group - runAsNonRoot: true - runAsUser: 100 # curl_user - seccompProfile: - type: RuntimeDefault diff --git a/charts/tractusx-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml b/charts/tractusx-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml deleted file mode 100644 index fa58c7da7..000000000 --- a/charts/tractusx-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# - # Copyright (c) 2023 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # - ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{include "txdc.fullname" .}}test-dataplane-readiness" - labels: - {{- include "txdc.dataplane.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} -spec: - containers: - - name: wget - image: curlimages/curl - command: [ 'curl', '--fail' ] - args: [ '{{- printf "http://%s-dataplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.dataplane.endpoints.default.port $.Values.dataplane.endpoints.default.path -}}' ] - restartPolicy: Never - securityContext: - fsGroup: 101 # curl_group - runAsGroup: 101 # curl_group - runAsNonRoot: true - runAsUser: 100 # curl_user - seccompProfile: - type: RuntimeDefault diff --git a/charts/tractusx-connector-azure-vault/values.yaml b/charts/tractusx-connector-azure-vault/values.yaml deleted file mode 100644 index 082fb1a7b..000000000 --- a/charts/tractusx-connector-azure-vault/values.yaml +++ /dev/null @@ -1,638 +0,0 @@ -################################################################################# -# Copyright (c) 2023,2024 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - ---- -# Default values for eclipse-dataspace-connector. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -install: - # -- Deploying a PostgreSQL instance - postgresql: true - -fullnameOverride: "" -nameOverride: "" - -# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) -imagePullSecrets: [] -# -- Add some custom labels -customLabels: {} - -participant: - # -- BPN Number - id: "BPNLCHANGEME" - -iatp: - # -- Decentralized IDentifier (DID) of the connector - id: "did:web:changeme" - # -- Configures the trusted issuers for this runtime - trustedIssuers: [] - sts: - dim: - # -- URL where connectors can request SI tokens - url: - oauth: - # -- URL where connectors can request OAuth2 access tokens for DIM access - token_url: - client: - # -- Client ID for requesting OAuth2 access token for DIM access - id: - # -- Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access - secret_alias: - -# -- Add custom ca certificates to the truststore -customCaCerts: {} - -controlplane: - image: - # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically - repository: "" - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - initContainers: [] - debug: - # -- Enables java debugging mode. - enabled: false - # -- Port where the debuggee can connect to. - port: 1044 - # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port. - suspendOnStart: false - - logs: - # -- Defines the log granularity of the default Console Monitor. - level: DEBUG - - livenessProbe: - # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first liveness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - readinessProbe: - # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first readiness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a readiness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - - # -- endpoints of the control plane - endpoints: - # -- default api for health checks, should not be added to any ingress - default: - # -- port for incoming api calls - port: 8080 - # -- path for incoming api calls - path: /api - # -- data management api, used by internal users, can be added to an ingress and must not be internet facing - management: - # -- port for incoming api calls - port: 8081 - # -- path for incoming api calls - path: /management - # -- authentication key, must be attached to each request as `X-Api-Key` header - authKey: "password" - # -- if the JWKS url is set, the DelegatedAuth service will be engaged - jwksUrl: - # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not - control: - # -- port for incoming api calls - port: 8083 - # -- path for incoming api calls - path: /control - # -- dsp api, used for inter connector communication and must be internet facing - protocol: - # -- port for incoming api calls - port: 8084 - # -- path for incoming api calls - path: /api/v1/dsp - # -- metrics api, used for application metrics, must not be internet facing - metrics: - # -- port for incoming api calls - port: 9090 - # -- path for incoming api calls - path: /metrics - - catalog: - # -- port for incoming catalog cache query requests - port: 8085 - # -- path for incoming catalog cache query requests - path: /catalog - # -- authentication key, must be attached to each request as `X-Api-Key` header - authKey: "password" - - bdrs: - # -- Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min) - cache_validity_seconds: 600 - server: - # -- URL of the BPN/DID Resolution Service - url: - - # -- configuration for the built-in federated catalog crawler - catalog: - # -- Flag to globally enable/disable the FC feature - enabled: false - crawler: - # -- Number of desired crawlers. Final number might be different, based on number of crawl targets - num: - # -- Period between two crawl runs in seconds. Default is 60 seconds. - period: - # -- Initial delay for the crawling to start. Leave blank for a random delay - initialDelay: - # -- File path to a JSON file containing TargetNode entries - targetsFile: - # -- configuration for policy engine - policy: - validation: - enabled: true - - service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - # -- additional labels for the service - labels: {} - # -- additional annotations for the service - annotations: {} - - # -- additional labels for the pod - podLabels: {} - # -- additional annotations for the pod - podAnnotations: {} - # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment - podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod - securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - - # Extra environment variables that will be pass onto deployment pods - env: {} - # ENV_NAME: value - - # -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # secretKeyRef: - # name: secret-name - # key: value_key - - # -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from - envSecretNames: [] - # - first-secret - # - second-secret - - # -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from - envConfigMapNames: [] - # - first-config-map - # - second-config-map - - ## Ingress declaration to expose the network service. - ingresses: - ## Public / Internet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-control.local" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - protocol - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - ## Private / Intranet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-control.intranet" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - management - - control - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - - # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container - volumeMounts: - # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories - volumes: - - # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: - limits: - # -- Maximum CPU limit - cpu: 1.5 - # -- Maximum memory limit - memory: 1024Mi - requests: - # -- Initial CPU request - cpu: 500m - # -- Initial memory request - memory: 1024Mi - - replicaCount: 1 - - autoscaling: - # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) - enabled: false - # -- Minimal replicas if resource consumption falls below resource threshholds - minReplicas: 1 - # -- Maximum replicas if resource consumption exceeds resource threshholds - maxReplicas: 100 - # -- targetAverageUtilization of cpu provided to a pod - targetCPUUtilizationPercentage: 80 - # -- targetAverageUtilization of memory provided to a pod - targetMemoryUtilizationPercentage: 80 - - # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics - opentelemetry: |- - otel.javaagent.enabled=false - otel.javaagent.debug=false - - - # -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes - nodeSelector: {} - # -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes - tolerations: [] - # -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on - affinity: {} - - url: - # -- Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) - protocol: "" - -dataplane: - image: - # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically - repository: "" - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - initContainers: [] - debug: - # -- Enables java debugging mode. - enabled: false - # -- Port where the debuggee can connect to. - port: 1044 - # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port. - suspendOnStart: false - - logs: - # -- Defines the log granularity of the default Console Monitor. - level: DEBUG - - livenessProbe: - # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first liveness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - readinessProbe: - # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first readiness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - - service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - # -- additional labels for the service - labels: {} - # -- additional annotations for the service - annotations: {} - - # -- endpoints of the dataplane - endpoints: - # -- default api for health checks, should not be added to any ingress - default: - # -- port for incoming api calls - port: 8080 - # -- path for incoming api calls - path: /api - # -- public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. - public: - # -- port for incoming api calls - port: 8081 - # -- path for incoming api calls - path: /api/public - # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not - control: - # -- port for incoming api calls - port: 8084 - # -- path for incoming api calls - path: /control - proxy: - # -- port for incoming api calls - port: 8186 - # -- path for incoming api calls - path: /proxy - # -- authentication key, must be attached to each request as `X-Api-Key` header - authKey: "password" - # -- metrics api, used for application metrics, must not be internet facing - metrics: - # -- port for incoming api calls - port: 9090 - # -- path for incoming api calls - path: /metrics - - token: - refresh: - # -- TTL in seconds for access tokens (also known as EDR token) - expiry_seconds: 300 - # -- Tolerance for token expiry in seconds - expiry_tolerance_seconds: 10 - # -- Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` - refresh_endpoint: - signer: - # -- Alias under which the private key (JWK or PEM format) is stored in the vault - privatekey_alias: - verifier: - # -- Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` - publickey_alias: - - aws: - endpointOverride: "" - accessKeyId: "" - secretAccessKey: "" - - # -- additional labels for the pod - podLabels: {} - # -- additional annotations for the pod - podAnnotations: {} - # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment - podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod - securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - - # -- Extra environment variables that will be pass onto deployment pods - env: {} - # ENV_NAME: value - - # -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # secretKeyRef: - # name: secret-name - # key: value_key - - # -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from - envSecretNames: [] - # - first-secret - # - second-secret - - # -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from - envConfigMapNames: [] - # - first-config-map - # - second-config-map - - ## Ingress declaration to expose the network service. - ingresses: - ## Public / Internet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-data.local" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - public - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - - # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container - volumeMounts: - # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories - volumes: - - # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: - limits: - # -- Maximum CPU limit - cpu: 1.5 - # -- Maximum memory limit - memory: 1024Mi - requests: - # -- Initial CPU request - cpu: 500m - # -- Initial memory request - memory: 1024Mi - - replicaCount: 1 - - autoscaling: - # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) - enabled: false - # -- Minimal replicas if resource consumption falls below resource threshholds - minReplicas: 1 - # -- Maximum replicas if resource consumption exceeds resource threshholds - maxReplicas: 100 - # -- targetAverageUtilization of cpu provided to a pod - targetCPUUtilizationPercentage: 80 - # -- targetAverageUtilization of memory provided to a pod - targetMemoryUtilizationPercentage: 80 - - # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics - opentelemetry: |- - otel.javaagent.enabled=false - otel.javaagent.debug=false - - - # -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes - nodeSelector: {} - # -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes - tolerations: [] - # -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on - affinity: {} - - url: - # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) - public: "" - -postgresql: - jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" - primary: - persistence: - enabled: false - readReplicas: - persistence: - enabled: false - auth: - database: "edc" - username: "user" - password: "password" - -vault: - azure: - name: "" - client: - tenant: - secret: - certificate: - -networkPolicy: - # -- If `true` network policy will be created to restrict access to control- and dataplane - enabled: false - # -- Configuration of the controlplane component - controlplane: - # -- Specify from rule network policy for cp (defaults to all namespaces) - from: - - namespaceSelector: {} - # -- Configuration of the dataplane component - dataplane: - # -- Specify from rule network policy for dp (defaults to all namespaces) - from: - - namespaceSelector: {} - -serviceAccount: - # -- Specifies whether a service account should be created - create: true - # -- Annotations to add to the service account - annotations: {} - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) - imagePullSecrets: [] - -# -- Configurations for Helm tests -tests: - # -- Configure the hook-delete-policy for Helm tests - hookDeletePolicy: before-hook-creation,hook-succeeded diff --git a/docs/README.md b/docs/README.md index 560e39e5f..d986731f4 100644 --- a/docs/README.md +++ b/docs/README.md @@ -26,12 +26,6 @@ The three supported setups are. - Planes: - [Control Plane](../edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/README.md) - [Data Plane](../edc-dataplane/edc-dataplane-hashicorp-vault/README.md) -- Setup 3: PostgreSQL & Azure Vault - - PostgreSQL persistence - - Azure Key Vault - - Planes: - - [Control Plane](../edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md) - - [Data Plane](../edc-dataplane/edc-dataplane-azure-vault/README.md) ## Recommended Documentation diff --git a/edc-controlplane/build.gradle.kts b/edc-controlplane/build.gradle.kts index 9e901172f..454e2c508 100644 --- a/edc-controlplane/build.gradle.kts +++ b/edc-controlplane/build.gradle.kts @@ -24,6 +24,5 @@ plugins { dependencies { implementation(project(":edc-controlplane:edc-controlplane-base")) implementation(project(":edc-controlplane:edc-runtime-memory")) - implementation(project(":edc-controlplane:edc-controlplane-postgresql-azure-vault")) implementation(project(":edc-controlplane:edc-controlplane-postgresql-hashicorp-vault")) } diff --git a/edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md b/edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md deleted file mode 100644 index 3a05873c4..000000000 --- a/edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md +++ /dev/null @@ -1,30 +0,0 @@ -# EDC Control-Plane PostgreSQL & Azure Key Vault - -DEPRECATED: this module won't be available anymore after version 0.8.0 - -This version of the EDC Control-Plane is backed by [PostgreSQL](https://www.postgresql.org/) and [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview). - -## Building - -```shell -./gradlew :edc-controlplane:edc-controlplane-postgresql-azure-vault:dockerize -``` - -## Configuration - -Details regarding each configuration property can be found in the [docs for the chart](../../charts/tractusx-connector-azure-vault/README.md). - -Please note that the properties list may not be complete as the tractusx-edc may elect to fall back to the default behavior of an -extension. When in doubt, check the extensions' README that will likely be in [this repo's](../../edc-extensions) or in the [eclipse-edc's](https://github.com/eclipse-edc/Connector/tree/main/extensions) -`extensions` folder. - -## Running - -```shell -docker run \ - -p 8080:8080 -p 8181:8181 -p 8282:8282 -p 9090:9090 -p 9999:9999 \ - -v ${CONFIGURATION_PROPERTIES_FILE:-/dev/null}:/app/configuration.properties \ - -v ${LOGGING_PROPERTIES_FILE:-/dev/null}:/app/logging.properties \ - -v ${OPENTELEMETRY_PROPERTIES_FILE:-/dev/null}:/app/opentelemetry.properties \ - -i edc-controlplane-postgresql-azure-vault:latest -``` diff --git a/edc-controlplane/edc-controlplane-postgresql-azure-vault/build.gradle.kts b/edc-controlplane/edc-controlplane-postgresql-azure-vault/build.gradle.kts deleted file mode 100644 index efbed872d..000000000 --- a/edc-controlplane/edc-controlplane-postgresql-azure-vault/build.gradle.kts +++ /dev/null @@ -1,51 +0,0 @@ -/******************************************************************************** - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0. - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - * - * SPDX-License-Identifier: Apache-2.0 - ********************************************************************************/ - -import com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar - -plugins { - `java-library` - id("application") - id("com.github.johnrengelman.shadow") version "8.1.1" -} - -dependencies { - runtimeOnly(project(":edc-controlplane:edc-controlplane-base")) - runtimeOnly(project(":edc-extensions:migrations::control-plane-migration")) - runtimeOnly(project(":edc-extensions:bpn-validation:business-partner-store-sql")) - runtimeOnly(project(":edc-extensions:agreements:retirement-evaluation-store-sql")) - runtimeOnly(libs.edc.azure.vault) - runtimeOnly(libs.bundles.edc.sqlstores) - runtimeOnly(libs.edc.transaction.local) - runtimeOnly(libs.edc.sql.pool) - runtimeOnly(libs.edc.core.controlplane) - runtimeOnly(libs.postgres) -} - - -tasks.withType { - mergeServiceFiles() - archiveFileName.set("${project.name}.jar") -} - - -application { - mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime") -} diff --git a/edc-controlplane/edc-controlplane-postgresql-azure-vault/notice.md b/edc-controlplane/edc-controlplane-postgresql-azure-vault/notice.md deleted file mode 100644 index b6594926f..000000000 --- a/edc-controlplane/edc-controlplane-postgresql-azure-vault/notice.md +++ /dev/null @@ -1,32 +0,0 @@ -# Notice for Docker image - -An EDC Control Plane using PostgreSQL as persistence backend, and Azure KeyVault as secret store. - -DockerHub: - -Eclipse Tractus-X product(s) installed within the image: - -## Tractus-X EDC Control Plane - -- GitHub: -- Project home: -- Dockerfile: -- Project license: [Apache License, Version 2.0](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/LICENSE) - -## Used base image - -- [eclipse-temurin:21.0.2_13-jre-alpine](https://github.com/adoptium/containers) -- Official Eclipse Temurin DockerHub page: -- Eclipse Temurin Project: -- Additional information about the Eclipse Temurin - images: - -## Third-Party Software - -- OpenTelemetry Agent v1.32.0: - -As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc -from the base distribution, along with any direct or indirect dependencies of the primary software being contained). - -As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies -with any relevant licenses for all software contained within. diff --git a/edc-dataplane/build.gradle.kts b/edc-dataplane/build.gradle.kts index 4389a99cf..61d93b99e 100644 --- a/edc-dataplane/build.gradle.kts +++ b/edc-dataplane/build.gradle.kts @@ -23,6 +23,5 @@ plugins { dependencies { implementation(project(":edc-dataplane:edc-dataplane-base")) - implementation(project(":edc-dataplane:edc-dataplane-azure-vault")) implementation(project(":edc-dataplane:edc-dataplane-hashicorp-vault")) } diff --git a/edc-dataplane/edc-dataplane-azure-vault/README.md b/edc-dataplane/edc-dataplane-azure-vault/README.md deleted file mode 100644 index 71382abe5..000000000 --- a/edc-dataplane/edc-dataplane-azure-vault/README.md +++ /dev/null @@ -1,30 +0,0 @@ -# EDC Data-Plane with Azure Key Vault - -DEPRECATED: this module won't be available anymore after version 0.8.0 - -This build of the EDC Data-Plane utilizes [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview) for secret storage. - -## Building - -```shell -./gradlew :edc-dataplane:edc-dataplane-azure-vault:dockerize -``` - -## Configuration - -Details regarding each configuration property can be found in the [docs for the chart](../../charts/tractusx-connector-azure-vault/README.md). - -Please note that the properties list may not be complete as the tractusx-edc may elect to fall back to the default behavior of an -extension. When in doubt, check the extensions' README that will likely be in [this repo's](../../edc-extensions) or in the [eclipse-edc's](https://github.com/eclipse-edc/Connector/tree/main/extensions) -`extensions` folder. - -## Running - -```shell -docker run \ - -p 8080:8080 -p 8185:8185 -p 9999:9999 -p 9090:9090 \ - -v ${CONFIGURATION_PROPERTIES_FILE:-/dev/null}:/app/configuration.properties \ - -v ${LOGGING_PROPERTIES_FILE:-/dev/null}:/app/logging.properties \ - -v ${OPENTELEMETRY_PROPERTIES_FILE:-/dev/null}:/app/opentelemetry.properties \ - -i edc-dataplane-azure-vault:latest -``` diff --git a/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts b/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts deleted file mode 100644 index 50d660eb1..000000000 --- a/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts +++ /dev/null @@ -1,52 +0,0 @@ -/******************************************************************************** - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0. - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - * - * SPDX-License-Identifier: Apache-2.0 - ********************************************************************************/ - -plugins { - `java-library` - id("application") - id("com.github.johnrengelman.shadow") version "8.1.1" -} - -dependencies { - implementation(project(":edc-dataplane:edc-dataplane-base")) - runtimeOnly(project(":edc-extensions:migrations::data-plane-migration")) - implementation(libs.edc.azure.vault) - constraints { - implementation("net.minidev:json-smart:2.5.1") { - because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.") - } - } - implementation(libs.edc.azure.identity) - implementation("com.azure:azure-security-keyvault-secrets:4.9.0") - runtimeOnly(libs.edc.transaction.local) - runtimeOnly(libs.edc.sql.pool) - runtimeOnly(libs.edc.sql.accesstokendata) - runtimeOnly(libs.edc.sql.edrindex) - runtimeOnly(libs.edc.sql.dataplane) - runtimeOnly(libs.postgres) -} - -tasks.withType { - mergeServiceFiles() - archiveFileName.set("${project.name}.jar") -} - -application { - mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime") -} diff --git a/edc-dataplane/edc-dataplane-azure-vault/notice.md b/edc-dataplane/edc-dataplane-azure-vault/notice.md deleted file mode 100644 index 4ef1034ea..000000000 --- a/edc-dataplane/edc-dataplane-azure-vault/notice.md +++ /dev/null @@ -1,32 +0,0 @@ -# Notice for Docker image - -An EDC Data Plane using the Azure KeyVault. - -DockerHub: - -Eclipse Tractus-X product(s) installed within the image: - -## Tractus-X EDC Data Plane - -- GitHub: -- Project home: -- Dockerfile: -- Project license: [Apache License, Version 2.0](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/LICENSE) - -## Used base image - -- [eclipse-temurin:21.0.2_13-jre-alpine](https://github.com/adoptium/containers) -- Official Eclipse Temurin DockerHub page: -- Eclipse Temurin Project: -- Additional information about the Eclipse Temurin - images: - -## Third-Party Software - -- OpenTelemetry Agent v1.32.0: - -As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc -from the base distribution, along with any direct or indirect dependencies of the primary software being contained). - -As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies -with any relevant licenses for all software contained within. diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml deleted file mode 100644 index deed97dce..000000000 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml +++ /dev/null @@ -1,90 +0,0 @@ -################################################################################# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# - - - -fullnameOverride: tx-prod -################################ -# EDC ControlPlane + DataPlane # -################################ -participant: - id: "test-participant" -iatp: - # Decentralized IDentifier - id: "did:web:changeme" - sts: - dim: - url: "https://somewhere.dim.org" - oauth: - token_url: "https://changeme.org" - client: - id: "test-client-id" - secret_alias: "test-alias" -controlplane: - service: - type: NodePort - endpoints: - management: - authKey: password - image: - pullPolicy: Never - tag: "latest" - repository: "edc-controlplane-postgresql-azure-vault" - securityContext: - # avoids some errors in the log: cannot write temp files of large multipart requests when R/O - readOnlyRootFilesystem: false - bdrs: - server: - url: "https://bdrs.test.org" -dataplane: - endpoints: - proxy: - authKey: password - image: - pullPolicy: Never - tag: "latest" - repository: "edc-dataplane-azure-vault" - securityContext: - # avoids some errors in the log: cannot write temp files of large multipart requests when R/O - readOnlyRootFilesystem: false - aws: - endpointOverride: http://minio:9000 - secretAccessKey: qwerty123 - accessKeyId: qwerty123 - token: - signer: - privatekey_alias: "key-1" - verifier: - publickey_alias: "key-1" -postgresql: - jdbcUrl: jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc - auth: - username: user - password: password -vault: - azure: - name: '' - client: '' - tenant: '' - secret: - certificate: - server: - postStart: -tests: - hookDeletePolicy: before-hook-creation diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index c45c08071..65a83f4cb 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -6,7 +6,6 @@ edc = "0.11.0-20241127-SNAPSHOT" assertj = "3.26.3" awaitility = "4.2.2" aws = "2.29.24" -azure-identity = "1.14.2" azure-storage-blob = "12.29.0" bouncyCastle-jdk18on = "1.79" flyway = "11.0.0" @@ -108,9 +107,7 @@ edc-sql-accesstokendata = { module = "org.eclipse.edc:accesstokendata-store-sql" edc-sql-dataplane = { module = "org.eclipse.edc:data-plane-store-sql", version.ref = "edc" } # azure stuff -edc-azure-vault = { module = "org.eclipse.edc.azure:vault-azure", version.ref = "edc" } azure-storage-blob = { module = "com.azure:azure-storage-blob", version.ref = "azure-storage-blob" } -edc-azure-identity = { module = "com.azure:azure-identity", version.ref = "azure-identity" } edc-dpf-azblob = { module = "org.eclipse.edc.azure:data-plane-azure-storage", version.ref = "edc" } edc-azure-blob-provision = { module = "org.eclipse.edc.azure:provision-blob", version.ref = "edc" } diff --git a/settings.gradle.kts b/settings.gradle.kts index 9408bbb4b..008bbefb3 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -91,12 +91,10 @@ include(":edc-tests:edc-end2end:end2end-transfer-cloud") include(":edc-controlplane") include(":edc-controlplane:edc-controlplane-base") include(":edc-controlplane:edc-runtime-memory") -include(":edc-controlplane:edc-controlplane-postgresql-azure-vault") include(":edc-controlplane:edc-controlplane-postgresql-hashicorp-vault") // modules for dataplane artifacts include(":edc-dataplane") -include(":edc-dataplane:edc-dataplane-azure-vault") include(":edc-dataplane:edc-dataplane-base") include(":edc-dataplane:edc-dataplane-hashicorp-vault")